- Linux-stable-mirror - lists.linaro.org

Re: Patch "Input: ims-pcu - fix calling interruptible mutex" has been added to the 6.11-stable tree

by Dmitry Torokhov

On Mon, Sep 30, 2024 at 07:24:28PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Input: ims-pcu - fix calling interruptible mutex > > to the 6.11-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > input-ims-pcu-fix-calling-interruptible-mutex.patch > and it can be found in the queue-6.11 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Did you manage to pick up 703f12672e1f ("Input: ims-pcu - switch to using cleanup functions") for stable? I would love to see the justification for that... > > > commit c137195362a652adfbc6a538b78a40b043de6eb0 > Author: David Lechner <dlechner(a)baylibre.com> > Date: Tue Sep 10 16:58:47 2024 -0500 > > Input: ims-pcu - fix calling interruptible mutex > > [ Upstream commit 82abef590eb31d373e632743262ee7c42f49c289 ] > > Fix calling scoped_cond_guard() with mutex instead of mutex_intr. > > scoped_cond_guard(mutex, ...) will call mutex_lock() instead of > mutex_lock_interruptible(). > > Fixes: 703f12672e1f ("Input: ims-pcu - switch to using cleanup functions") > Signed-off-by: David Lechner <dlechner(a)baylibre.com> > Link: https://lore.kernel.org/r/20240910-input-misc-ims-pcu-fix-mutex-intr-v1-1-b… > Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/input/misc/ims-pcu.c b/drivers/input/misc/ims-pcu.c > index c086dadb45e3a..058f3470b7ae2 100644 > --- a/drivers/input/misc/ims-pcu.c > +++ b/drivers/input/misc/ims-pcu.c > @@ -1067,7 +1067,7 @@ static ssize_t ims_pcu_attribute_store(struct device *dev, > if (data_len > attr->field_length) > return -EINVAL; > > - scoped_cond_guard(mutex, return -EINTR, &pcu->cmd_mutex) { > + scoped_cond_guard(mutex_intr, return -EINTR, &pcu->cmd_mutex) { > memset(field, 0, attr->field_length); > memcpy(field, buf, data_len); > -- Dmitry

7 months

2
2
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100159-chatty-uncombed-a25a@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100158-tameness-clump-aaf7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100157-empathy-petroleum-f579@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100156-oxidizing-fade-b2df@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100154-submitter-handlebar-e3e9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100153-reputable-astronaut-ef90@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100144-jolt-purge-3b6b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100142-acetone-monetize-3702@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100141-plywood-reach-9935@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100140-snowman-almost-ea5d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100138-delicate-customize-7812@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100137-jockey-undergo-9125@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 947cc4ecc06c ("serial: qcom-geni: fix soft lockup on sw flow control and suspend") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100118-deodorize-treble-799b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100117-bundle-qualified-91c8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-upriver-dispersed-2277@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-prowess-happily-84bd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-gorged-snare-6a95@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix false console tx restart" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100114-ample-drowsily-e38d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") f8fef2fa419f ("tty: msm_serial: use dmaengine_prep_slave_sg()") 9054605ab846 ("tty: 8250_omap: use dmaengine_prep_slave_sg()") 8192fabb0db2 ("tty: 8250_dma: use dmaengine_prep_slave_sg()") 3bcb0bf65c2b ("Merge tag 'tty-6.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f97cdbbf187fefcf1fe19689cd9fdca11fe9c3eb Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:30 +0200 Subject: [PATCH] serial: qcom-geni: fix false console tx restart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") addressed an issue with stalled tx after the console code interrupted the last bytes of a tx command by reenabling the watermark interrupt if there is data in write buffer. This can however break software flow control by re-enabling tx after the user has stopped it. Address the original issue by not clearing the CMD_DONE flag after polling for command completion. This allows the interrupt handler to start another transfer when the CMD_DONE interrupt has not been disabled due to flow control. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: 663abb1a7a7f ("tty: serial: qcom_geni_serial: Fix UART hang") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-3-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 309c0bddf26a..b88435c0ea50 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -306,18 +306,16 @@ static void qcom_geni_serial_setup_tx(struct uart_port *uport, u32 xmit_size) static void qcom_geni_serial_poll_tx_done(struct uart_port *uport) { int done; - u32 irq_clear = M_CMD_DONE_EN; done = qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_DONE_EN, true); if (!done) { writel(M_GENI_CMD_ABORT, uport->membase + SE_GENI_M_CMD_CTRL_REG); - irq_clear |= M_CMD_ABORT_EN; qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_ABORT_EN, true); + writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } - writel(irq_clear, uport->membase + SE_GENI_M_IRQ_CLEAR); } static void qcom_geni_serial_abort_rx(struct uart_port *uport) @@ -378,6 +376,7 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_TX_FIFO_WATERMARK_EN, true)); @@ -422,6 +421,7 @@ __qcom_geni_serial_console_write(struct uart_port *uport, const char *s, } writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, bytes_to_send); for (i = 0; i < count; ) { size_t chars_to_write = 0; @@ -463,7 +463,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, bool locked = true; unsigned long flags; u32 geni_status; - u32 irq_en; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -495,12 +494,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, * has been sent, in which case we need to look for done first. */ qcom_geni_serial_poll_tx_done(uport); - - if (!kfifo_is_empty(&uport->state->port.xmit_fifo)) { - irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); - writel(irq_en | M_TX_FIFO_WATERMARK_EN, - uport->membase + SE_GENI_M_IRQ_EN); - } } __qcom_geni_serial_console_write(uport, s, count);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix fifo polling timeout" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100158-stoke-upfront-79a9@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c80ee36ac8f9 ("serial: qcom-geni: fix fifo polling timeout") 8ece7b754bc3 ("serial: qcom-geni: fix opp vote on shutdown") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:29 +0200 Subject: [PATCH] serial: qcom-geni: fix fifo polling timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix fifo polling timeout" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100157-playhouse-snipping-6cd2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c80ee36ac8f9 ("serial: qcom-geni: fix fifo polling timeout") 8ece7b754bc3 ("serial: qcom-geni: fix opp vote on shutdown") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") d6efb3ac3e6c ("Merge tag 'tty-5.9-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:29 +0200 Subject: [PATCH] serial: qcom-geni: fix fifo polling timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix fifo polling timeout" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100156-hacksaw-elephant-82f1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: c80ee36ac8f9 ("serial: qcom-geni: fix fifo polling timeout") 8ece7b754bc3 ("serial: qcom-geni: fix opp vote on shutdown") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:29 +0200 Subject: [PATCH] serial: qcom-geni: fix fifo polling timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix fifo polling timeout" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100155-shaking-flight-b258@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c80ee36ac8f9 ("serial: qcom-geni: fix fifo polling timeout") 8ece7b754bc3 ("serial: qcom-geni: fix opp vote on shutdown") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") 654a8d6c93e7 ("tty: serial: qcom-geni-serial: Implement start_rx callback") c2194bc999d4 ("tty: serial: qcom-geni-serial: Remove uart frequency table. Instead, find suitable frequency with call to clk_round_rate.") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:29 +0200 Subject: [PATCH] serial: qcom-geni: fix fifo polling timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix fifo polling timeout" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100154-unhook-enquirer-8f9e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c80ee36ac8f9 ("serial: qcom-geni: fix fifo polling timeout") 8ece7b754bc3 ("serial: qcom-geni: fix opp vote on shutdown") 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") 40ec6d41c841 ("tty: serial: qcom-geni-serial: use of_device_id data") 0626afe57b1f ("tty: serial: qcom-geni-serial: drop the return value from handle_rx") bd7955840cbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_send_chunk_fifo()") d420fb491cbc ("tty: serial: qcom-geni-serial: split out the FIFO tx code") fe6a00e8fcbe ("tty: serial: qcom-geni-serial: refactor qcom_geni_serial_isr()") 00ce7c6e86b5 ("tty: serial: qcom-geni-serial: improve the to_dev_port() macro") 6cde11dbf4b6 ("tty: serial: qcom-geni-serial: align #define values") 68c6bd92c86c ("tty: serial: qcom-geni-serial: remove unused symbols") d0fabb0dc1a6 ("tty: serial: qcom-geni-serial: drop unneeded forward definitions") 35781d8356a2 ("tty: serial: qcom-geni-serial: Add support for Hibernation feature") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c80ee36ac8f9e9c27d8e097a2eaaf198e7534c83 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:29 +0200 Subject: [PATCH] serial: qcom-geni: fix fifo polling timeout MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The qcom_geni_serial_poll_bit() can be used to wait for events like command completion and is supposed to wait for the time it takes to clear a full fifo before timing out. As noted by Doug, the current implementation does not account for start, stop and parity bits when determining the timeout. The helper also does not currently account for the shift register and the two-word intermediate transfer register. A too short timeout can specifically lead to lost characters when waiting for a transfer to complete as the transfer is cancelled on timeout. Instead of determining the poll timeout on every call, store the fifo timeout when updating it in set_termios() and make sure to take the shift and intermediate registers into account. Note that serial core has already added a 20 ms margin to the fifo timeout. Also note that the current uart_fifo_timeout() interface does unnecessary calculations on every call and did not exist in earlier kernels so only store its result once. This facilitates backports too as earlier kernels can derive the timeout from uport->timeout, which has since been removed. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reported-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 69a632fefc41..309c0bddf26a 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -124,7 +124,7 @@ struct qcom_geni_serial_port { dma_addr_t tx_dma_addr; dma_addr_t rx_dma_addr; bool setup; - unsigned int baud; + unsigned long poll_timeout_us; unsigned long clk_rate; void *rx_buf; u32 loopback; @@ -270,22 +270,13 @@ static bool qcom_geni_serial_poll_bit(struct uart_port *uport, { u32 reg; struct qcom_geni_serial_port *port; - unsigned int baud; - unsigned int fifo_bits; unsigned long timeout_us = 20000; struct qcom_geni_private_data *private_data = uport->private_data; if (private_data->drv) { port = to_dev_port(uport); - baud = port->baud; - if (!baud) - baud = 115200; - fifo_bits = port->tx_fifo_depth * port->tx_fifo_width; - /* - * Total polling iterations based on FIFO worth of bytes to be - * sent at current baud. Add a little fluff to the wait. - */ - timeout_us = ((fifo_bits * USEC_PER_SEC) / baud) + 500; + if (port->poll_timeout_us) + timeout_us = port->poll_timeout_us; } /* @@ -1244,11 +1235,11 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, unsigned long clk_rate; u32 ver, sampling_rate; unsigned int avg_bw_core; + unsigned long timeout; qcom_geni_serial_stop_rx(uport); /* baud rate */ baud = uart_get_baud_rate(uport, termios, old, 300, 4000000); - port->baud = baud; sampling_rate = UART_OVERSAMPLING; /* Sampling rate is halved for IP versions >= 2.5 */ @@ -1326,9 +1317,21 @@ static void qcom_geni_serial_set_termios(struct uart_port *uport, else tx_trans_cfg |= UART_CTS_MASK; - if (baud) + if (baud) { uart_update_timeout(uport, termios->c_cflag, baud); + /* + * Make sure that qcom_geni_serial_poll_bitfield() waits for + * the FIFO, two-word intermediate transfer register and shift + * register to clear. + * + * Note that uart_fifo_timeout() also adds a 20 ms margin. + */ + timeout = jiffies_to_usecs(uart_fifo_timeout(uport)); + timeout += 3 * timeout / port->tx_fifo_depth; + WRITE_ONCE(port->poll_timeout_us, timeout); + } + if (!uart_console(uport)) writel(port->loopback, uport->membase + SE_UART_LOOPBACK_CFG);

7 months

1
0
0 0

FAILED: patch "[PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x f81dfa3b57c624c56f2bff171c431bc7f5b558f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-city-recycling-1576@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: f81dfa3b57c6 ("xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.") 884c27440829 ("usb: renesas-xhci: Remove renesas_xhci_pci_exit()") 78ef1b1ea193 ("usb: xhci: make symbols static") a66d21d7dba8 ("usb: xhci: Add support for Renesas controller with memory") 8bd5741e3145 ("usb: renesas-xhci: Add the renesas xhci driver") ff4c65ca48f0 ("usb: hci: add hc_driver as argument for usb_hcd_pci_probe") a7d57abcc8a5 ("xhci: workaround CSS timeout on AMD SNPS 3.0 xHC") 11644a765952 ("xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc") 2815ef7fe4d4 ("xhci-pci: allow host runtime PM as default for Intel Alpine and Titan Ridge") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f81dfa3b57c624c56f2bff171c431bc7f5b558f2 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 5 Sep 2024 17:32:59 +0300 Subject: [PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. PCI xHC host should be stopped and xhci driver memory freed before putting host to PCI D3 state during PCI remove callback. Hosts with XHCI_SPURIOUS_WAKEUP quirk did this the wrong way around and set the host to D3 before calling usb_hcd_pci_remove(dev), which will access the host to stop it, and then free xhci. Fixes: f1f6d9a8b540 ("xhci: don't dereference a xhci member after removing xhci") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20240905143300.1959279-12-mathias.nyman@linux.int… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 526739af2070..de50f5ba60df 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -657,8 +657,10 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id) void xhci_pci_remove(struct pci_dev *dev) { struct xhci_hcd *xhci; + bool set_power_d3; xhci = hcd_to_xhci(pci_get_drvdata(dev)); + set_power_d3 = xhci->quirks & XHCI_SPURIOUS_WAKEUP; xhci->xhc_state |= XHCI_STATE_REMOVING; @@ -671,11 +673,11 @@ void xhci_pci_remove(struct pci_dev *dev) xhci->shared_hcd = NULL; } - /* Workaround for spurious wakeups at shutdown with HSW */ - if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - pci_set_power_state(dev, PCI_D3hot); - usb_hcd_pci_remove(dev); + + /* Workaround for spurious wakeups at shutdown with HSW */ + if (set_power_d3) + pci_set_power_state(dev, PCI_D3hot); } EXPORT_SYMBOL_NS_GPL(xhci_pci_remove, xhci);

7 months

1
0
0 0

FAILED: patch "[PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f81dfa3b57c624c56f2bff171c431bc7f5b558f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-footbath-camper-be92@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: f81dfa3b57c6 ("xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.") 884c27440829 ("usb: renesas-xhci: Remove renesas_xhci_pci_exit()") 78ef1b1ea193 ("usb: xhci: make symbols static") a66d21d7dba8 ("usb: xhci: Add support for Renesas controller with memory") 8bd5741e3145 ("usb: renesas-xhci: Add the renesas xhci driver") ff4c65ca48f0 ("usb: hci: add hc_driver as argument for usb_hcd_pci_probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f81dfa3b57c624c56f2bff171c431bc7f5b558f2 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 5 Sep 2024 17:32:59 +0300 Subject: [PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. PCI xHC host should be stopped and xhci driver memory freed before putting host to PCI D3 state during PCI remove callback. Hosts with XHCI_SPURIOUS_WAKEUP quirk did this the wrong way around and set the host to D3 before calling usb_hcd_pci_remove(dev), which will access the host to stop it, and then free xhci. Fixes: f1f6d9a8b540 ("xhci: don't dereference a xhci member after removing xhci") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20240905143300.1959279-12-mathias.nyman@linux.int… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 526739af2070..de50f5ba60df 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -657,8 +657,10 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id) void xhci_pci_remove(struct pci_dev *dev) { struct xhci_hcd *xhci; + bool set_power_d3; xhci = hcd_to_xhci(pci_get_drvdata(dev)); + set_power_d3 = xhci->quirks & XHCI_SPURIOUS_WAKEUP; xhci->xhc_state |= XHCI_STATE_REMOVING; @@ -671,11 +673,11 @@ void xhci_pci_remove(struct pci_dev *dev) xhci->shared_hcd = NULL; } - /* Workaround for spurious wakeups at shutdown with HSW */ - if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - pci_set_power_state(dev, PCI_D3hot); - usb_hcd_pci_remove(dev); + + /* Workaround for spurious wakeups at shutdown with HSW */ + if (set_power_d3) + pci_set_power_state(dev, PCI_D3hot); } EXPORT_SYMBOL_NS_GPL(xhci_pci_remove, xhci);

7 months

1
0
0 0

FAILED: patch "[PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f81dfa3b57c624c56f2bff171c431bc7f5b558f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100129-user-germicide-1db7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: f81dfa3b57c6 ("xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them.") 884c27440829 ("usb: renesas-xhci: Remove renesas_xhci_pci_exit()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f81dfa3b57c624c56f2bff171c431bc7f5b558f2 Mon Sep 17 00:00:00 2001 From: Mathias Nyman <mathias.nyman(a)linux.intel.com> Date: Thu, 5 Sep 2024 17:32:59 +0300 Subject: [PATCH] xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. PCI xHC host should be stopped and xhci driver memory freed before putting host to PCI D3 state during PCI remove callback. Hosts with XHCI_SPURIOUS_WAKEUP quirk did this the wrong way around and set the host to D3 before calling usb_hcd_pci_remove(dev), which will access the host to stop it, and then free xhci. Fixes: f1f6d9a8b540 ("xhci: don't dereference a xhci member after removing xhci") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Link: https://lore.kernel.org/r/20240905143300.1959279-12-mathias.nyman@linux.int… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 526739af2070..de50f5ba60df 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -657,8 +657,10 @@ static int xhci_pci_probe(struct pci_dev *dev, const struct pci_device_id *id) void xhci_pci_remove(struct pci_dev *dev) { struct xhci_hcd *xhci; + bool set_power_d3; xhci = hcd_to_xhci(pci_get_drvdata(dev)); + set_power_d3 = xhci->quirks & XHCI_SPURIOUS_WAKEUP; xhci->xhc_state |= XHCI_STATE_REMOVING; @@ -671,11 +673,11 @@ void xhci_pci_remove(struct pci_dev *dev) xhci->shared_hcd = NULL; } - /* Workaround for spurious wakeups at shutdown with HSW */ - if (xhci->quirks & XHCI_SPURIOUS_WAKEUP) - pci_set_power_state(dev, PCI_D3hot); - usb_hcd_pci_remove(dev); + + /* Workaround for spurious wakeups at shutdown with HSW */ + if (set_power_d3) + pci_set_power_state(dev, PCI_D3hot); } EXPORT_SYMBOL_NS_GPL(xhci_pci_remove, xhci);

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: don't use uninitialized value in uart_poll_init()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d0009a32c9e4e083358092f3c97e3c6e803a8930 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100108-attention-muppet-0778@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d0009a32c9e4 ("serial: don't use uninitialized value in uart_poll_init()") 788aeef392d2 ("tty: serial: kgdboc: Fix 8250_* kgdb over serial") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d0009a32c9e4e083358092f3c97e3c6e803a8930 Mon Sep 17 00:00:00 2001 From: "Jiri Slaby (SUSE)" <jirislaby(a)kernel.org> Date: Mon, 5 Aug 2024 12:20:36 +0200 Subject: [PATCH] serial: don't use uninitialized value in uart_poll_init() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity reports (as CID 1536978) that uart_poll_init() passes uninitialized pm_state to uart_change_pm(). It is in case the first 'if' takes the true branch (does "goto out;"). Fix this and simplify the function by simple guard(mutex). The code needs no labels after this at all. And it is pretty clear that the code has not fiddled with pm_state at that point. Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> Fixes: 5e227ef2aa38 (serial: uart_poll_init() should power on the UART) Cc: stable(a)vger.kernel.org Cc: Douglas Anderson <dianders(a)chromium.org> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Link: https://lore.kernel.org/r/20240805102046.307511-4-jirislaby@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c index 83c5bccc5086..e0aac155dca2 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c @@ -2690,14 +2690,13 @@ static int uart_poll_init(struct tty_driver *driver, int line, char *options) int ret = 0; tport = &state->port; - mutex_lock(&tport->mutex); + + guard(mutex)(&tport->mutex); port = uart_port_check(state); if (!port || port->type == PORT_UNKNOWN || - !(port->ops->poll_get_char && port->ops->poll_put_char)) { - ret = -1; - goto out; - } + !(port->ops->poll_get_char && port->ops->poll_put_char)) + return -1; pm_state = state->pm_state; uart_change_pm(state, UART_PM_STATE_ON); @@ -2717,10 +2716,10 @@ static int uart_poll_init(struct tty_driver *driver, int line, char *options) ret = uart_set_options(port, NULL, baud, parity, bits, flow); console_list_unlock(); } -out: + if (ret) uart_change_pm(state, pm_state); - mutex_unlock(&tport->mutex); + return ret; }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100156-boasting-salute-2f1f@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100155-blame-emptiness-db5f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100154-joyride-humiliate-22ff@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100153-doorbell-resilient-9d93@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100153-escapable-tank-00f9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] pps: add an error check in parport_attach" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 62c5a01a5711c8e4be8ae7b6f0db663094615d48 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100152-eskimo-equipment-ad44@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 62c5a01a5711 ("pps: add an error check in parport_attach") 55dbc5b5174d ("pps: remove usage of the deprecated ida_simple_xx() API") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 62c5a01a5711c8e4be8ae7b6f0db663094615d48 Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Wed, 28 Aug 2024 21:18:14 +0800 Subject: [PATCH] pps: add an error check in parport_attach In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Acked-by: Rodolfo Giometti <giometti(a)enneenne.com> Link: https://lore.kernel.org/r/20240828131814.3034338-1-make24@iscas.ac.cn Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); }

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100133-preteen-skipper-f95d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7fa6b25dfb43 ("usb: typec: ucsi: Fix busy loop on ASUS VivoBooks") 4f322657ade1 ("usb: typec: ucsi: Call CANCEL from single location") 65ba8cef0416 ("usb: typec: ucsi: Fix a deadlock in ucsi_send_command_common()") 584e8df58942 ("usb: typec: ucsi: extract common code for command handling") e1870c17e550 ("usb: typec: ucsi: inline ucsi_read_message_in") 5e9c1662a89b ("usb: typec: ucsi: rework command execution functions") 467399d989d7 ("usb: typec: ucsi: split read operation") 13f2ec3115c8 ("usb: typec: ucsi: simplify command sending API") a7d2fa776976 ("usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error()") f7697db8b1b3 ("Merge 6.10-rc6 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 Mon Sep 17 00:00:00 2001 From: "Christian A. Ehrhardt" <lk(a)c--e.de> Date: Thu, 12 Sep 2024 09:41:32 +0200 Subject: [PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks If the busy indicator is set, all other fields in CCI should be clear according to the spec. However, some UCSI implementations do not follow this rule and report bogus data in CCI along with the busy indicator. Ignore the contents of CCI if the busy indicator is set. If a command timeout is hit it is possible that the EVENT_PENDING bit is cleared while connector work is still scheduled which can cause the EVENT_PENDING bit to go out of sync with scheduled connector work. Check and set the EVENT_PENDING bit on entry to ucsi_handle_connector_change() to fix this. Finally, check UCSI_CCI_BUSY before the return code of ->sync_control. This ensures that the command is cancelled even if ->sync_control returns an error (most likely -ETIMEDOUT). Reported-by: Anurag Bijea <icaliberdev(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219108 Bisected-by: Christian Heusel <christian(a)heusel.eu> Tested-by: Anurag Bijea <icaliberdev(a)gmail.com> Fixes: de52aca4d9d5 ("usb: typec: ucsi: Never send a lone connector change ack") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240912074132.722855-1-lk@c--e.de Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 35dce4057c25..e0f3925e401b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -38,6 +38,10 @@ void ucsi_notify_common(struct ucsi *ucsi, u32 cci) { + /* Ignore bogus data in CCI if busy indicator is set. */ + if (cci & UCSI_CCI_BUSY) + return; + if (UCSI_CCI_CONNECTOR(cci)) ucsi_connector_change(ucsi, UCSI_CCI_CONNECTOR(cci)); @@ -103,15 +107,13 @@ static int ucsi_run_command(struct ucsi *ucsi, u64 command, u32 *cci, return -EINVAL; ret = ucsi->ops->sync_control(ucsi, command); - if (ret) - return ret; - - ret = ucsi->ops->read_cci(ucsi, cci); - if (ret) - return ret; + if (ucsi->ops->read_cci(ucsi, cci)) + return -EIO; if (*cci & UCSI_CCI_BUSY) return ucsi_run_command(ucsi, UCSI_CANCEL, cci, NULL, 0, false) ?: -EBUSY; + if (ret) + return ret; if (!(*cci & UCSI_CCI_COMMAND_COMPLETE)) return -EIO; @@ -1197,6 +1199,10 @@ static void ucsi_handle_connector_change(struct work_struct *work) mutex_lock(&con->lock); + if (!test_and_set_bit(EVENT_PENDING, &ucsi->flags)) + dev_err_once(ucsi->dev, "%s entered without EVENT_PENDING\n", + __func__); + command = UCSI_GET_CONNECTOR_STATUS | UCSI_CONNECTOR_NUMBER(con->num); ret = ucsi_send_command_common(ucsi, command, &con->status,

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100132-cake-dribble-27a5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7fa6b25dfb43 ("usb: typec: ucsi: Fix busy loop on ASUS VivoBooks") 4f322657ade1 ("usb: typec: ucsi: Call CANCEL from single location") 65ba8cef0416 ("usb: typec: ucsi: Fix a deadlock in ucsi_send_command_common()") 584e8df58942 ("usb: typec: ucsi: extract common code for command handling") e1870c17e550 ("usb: typec: ucsi: inline ucsi_read_message_in") 5e9c1662a89b ("usb: typec: ucsi: rework command execution functions") 467399d989d7 ("usb: typec: ucsi: split read operation") 13f2ec3115c8 ("usb: typec: ucsi: simplify command sending API") a7d2fa776976 ("usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error()") f7697db8b1b3 ("Merge 6.10-rc6 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 Mon Sep 17 00:00:00 2001 From: "Christian A. Ehrhardt" <lk(a)c--e.de> Date: Thu, 12 Sep 2024 09:41:32 +0200 Subject: [PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks If the busy indicator is set, all other fields in CCI should be clear according to the spec. However, some UCSI implementations do not follow this rule and report bogus data in CCI along with the busy indicator. Ignore the contents of CCI if the busy indicator is set. If a command timeout is hit it is possible that the EVENT_PENDING bit is cleared while connector work is still scheduled which can cause the EVENT_PENDING bit to go out of sync with scheduled connector work. Check and set the EVENT_PENDING bit on entry to ucsi_handle_connector_change() to fix this. Finally, check UCSI_CCI_BUSY before the return code of ->sync_control. This ensures that the command is cancelled even if ->sync_control returns an error (most likely -ETIMEDOUT). Reported-by: Anurag Bijea <icaliberdev(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219108 Bisected-by: Christian Heusel <christian(a)heusel.eu> Tested-by: Anurag Bijea <icaliberdev(a)gmail.com> Fixes: de52aca4d9d5 ("usb: typec: ucsi: Never send a lone connector change ack") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240912074132.722855-1-lk@c--e.de Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 35dce4057c25..e0f3925e401b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -38,6 +38,10 @@ void ucsi_notify_common(struct ucsi *ucsi, u32 cci) { + /* Ignore bogus data in CCI if busy indicator is set. */ + if (cci & UCSI_CCI_BUSY) + return; + if (UCSI_CCI_CONNECTOR(cci)) ucsi_connector_change(ucsi, UCSI_CCI_CONNECTOR(cci)); @@ -103,15 +107,13 @@ static int ucsi_run_command(struct ucsi *ucsi, u64 command, u32 *cci, return -EINVAL; ret = ucsi->ops->sync_control(ucsi, command); - if (ret) - return ret; - - ret = ucsi->ops->read_cci(ucsi, cci); - if (ret) - return ret; + if (ucsi->ops->read_cci(ucsi, cci)) + return -EIO; if (*cci & UCSI_CCI_BUSY) return ucsi_run_command(ucsi, UCSI_CANCEL, cci, NULL, 0, false) ?: -EBUSY; + if (ret) + return ret; if (!(*cci & UCSI_CCI_COMMAND_COMPLETE)) return -EIO; @@ -1197,6 +1199,10 @@ static void ucsi_handle_connector_change(struct work_struct *work) mutex_lock(&con->lock); + if (!test_and_set_bit(EVENT_PENDING, &ucsi->flags)) + dev_err_once(ucsi->dev, "%s entered without EVENT_PENDING\n", + __func__); + command = UCSI_GET_CONNECTOR_STATUS | UCSI_CONNECTOR_NUMBER(con->num); ret = ucsi_send_command_common(ucsi, command, &con->status,

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-prankster-karma-b617@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 7fa6b25dfb43 ("usb: typec: ucsi: Fix busy loop on ASUS VivoBooks") 4f322657ade1 ("usb: typec: ucsi: Call CANCEL from single location") 65ba8cef0416 ("usb: typec: ucsi: Fix a deadlock in ucsi_send_command_common()") 584e8df58942 ("usb: typec: ucsi: extract common code for command handling") e1870c17e550 ("usb: typec: ucsi: inline ucsi_read_message_in") 5e9c1662a89b ("usb: typec: ucsi: rework command execution functions") 467399d989d7 ("usb: typec: ucsi: split read operation") 13f2ec3115c8 ("usb: typec: ucsi: simplify command sending API") a7d2fa776976 ("usb: typec: ucsi: move ucsi_acknowledge() from ucsi_read_error()") f7697db8b1b3 ("Merge 6.10-rc6 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 Mon Sep 17 00:00:00 2001 From: "Christian A. Ehrhardt" <lk(a)c--e.de> Date: Thu, 12 Sep 2024 09:41:32 +0200 Subject: [PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks If the busy indicator is set, all other fields in CCI should be clear according to the spec. However, some UCSI implementations do not follow this rule and report bogus data in CCI along with the busy indicator. Ignore the contents of CCI if the busy indicator is set. If a command timeout is hit it is possible that the EVENT_PENDING bit is cleared while connector work is still scheduled which can cause the EVENT_PENDING bit to go out of sync with scheduled connector work. Check and set the EVENT_PENDING bit on entry to ucsi_handle_connector_change() to fix this. Finally, check UCSI_CCI_BUSY before the return code of ->sync_control. This ensures that the command is cancelled even if ->sync_control returns an error (most likely -ETIMEDOUT). Reported-by: Anurag Bijea <icaliberdev(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219108 Bisected-by: Christian Heusel <christian(a)heusel.eu> Tested-by: Anurag Bijea <icaliberdev(a)gmail.com> Fixes: de52aca4d9d5 ("usb: typec: ucsi: Never send a lone connector change ack") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240912074132.722855-1-lk@c--e.de Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 35dce4057c25..e0f3925e401b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -38,6 +38,10 @@ void ucsi_notify_common(struct ucsi *ucsi, u32 cci) { + /* Ignore bogus data in CCI if busy indicator is set. */ + if (cci & UCSI_CCI_BUSY) + return; + if (UCSI_CCI_CONNECTOR(cci)) ucsi_connector_change(ucsi, UCSI_CCI_CONNECTOR(cci)); @@ -103,15 +107,13 @@ static int ucsi_run_command(struct ucsi *ucsi, u64 command, u32 *cci, return -EINVAL; ret = ucsi->ops->sync_control(ucsi, command); - if (ret) - return ret; - - ret = ucsi->ops->read_cci(ucsi, cci); - if (ret) - return ret; + if (ucsi->ops->read_cci(ucsi, cci)) + return -EIO; if (*cci & UCSI_CCI_BUSY) return ucsi_run_command(ucsi, UCSI_CANCEL, cci, NULL, 0, false) ?: -EBUSY; + if (ret) + return ret; if (!(*cci & UCSI_CCI_COMMAND_COMPLETE)) return -EIO; @@ -1197,6 +1199,10 @@ static void ucsi_handle_connector_change(struct work_struct *work) mutex_lock(&con->lock); + if (!test_and_set_bit(EVENT_PENDING, &ucsi->flags)) + dev_err_once(ucsi->dev, "%s entered without EVENT_PENDING\n", + __func__); + command = UCSI_GET_CONNECTOR_STATUS | UCSI_CONNECTOR_NUMBER(con->num); ret = ucsi_send_command_common(ucsi, command, &con->status,

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-skinhead-glandular-2ffc@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 7fa6b25dfb43 ("usb: typec: ucsi: Fix busy loop on ASUS VivoBooks") 4f322657ade1 ("usb: typec: ucsi: Call CANCEL from single location") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa6b25dfb43dafc0e16510e2fcfd63634fc95c2 Mon Sep 17 00:00:00 2001 From: "Christian A. Ehrhardt" <lk(a)c--e.de> Date: Thu, 12 Sep 2024 09:41:32 +0200 Subject: [PATCH] usb: typec: ucsi: Fix busy loop on ASUS VivoBooks If the busy indicator is set, all other fields in CCI should be clear according to the spec. However, some UCSI implementations do not follow this rule and report bogus data in CCI along with the busy indicator. Ignore the contents of CCI if the busy indicator is set. If a command timeout is hit it is possible that the EVENT_PENDING bit is cleared while connector work is still scheduled which can cause the EVENT_PENDING bit to go out of sync with scheduled connector work. Check and set the EVENT_PENDING bit on entry to ucsi_handle_connector_change() to fix this. Finally, check UCSI_CCI_BUSY before the return code of ->sync_control. This ensures that the command is cancelled even if ->sync_control returns an error (most likely -ETIMEDOUT). Reported-by: Anurag Bijea <icaliberdev(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219108 Bisected-by: Christian Heusel <christian(a)heusel.eu> Tested-by: Anurag Bijea <icaliberdev(a)gmail.com> Fixes: de52aca4d9d5 ("usb: typec: ucsi: Never send a lone connector change ack") Cc: stable(a)vger.kernel.org Signed-off-by: Christian A. Ehrhardt <lk(a)c--e.de> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240912074132.722855-1-lk@c--e.de Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index 35dce4057c25..e0f3925e401b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -38,6 +38,10 @@ void ucsi_notify_common(struct ucsi *ucsi, u32 cci) { + /* Ignore bogus data in CCI if busy indicator is set. */ + if (cci & UCSI_CCI_BUSY) + return; + if (UCSI_CCI_CONNECTOR(cci)) ucsi_connector_change(ucsi, UCSI_CCI_CONNECTOR(cci)); @@ -103,15 +107,13 @@ static int ucsi_run_command(struct ucsi *ucsi, u64 command, u32 *cci, return -EINVAL; ret = ucsi->ops->sync_control(ucsi, command); - if (ret) - return ret; - - ret = ucsi->ops->read_cci(ucsi, cci); - if (ret) - return ret; + if (ucsi->ops->read_cci(ucsi, cci)) + return -EIO; if (*cci & UCSI_CCI_BUSY) return ucsi_run_command(ucsi, UCSI_CANCEL, cci, NULL, 0, false) ?: -EBUSY; + if (ret) + return ret; if (!(*cci & UCSI_CCI_COMMAND_COMPLETE)) return -EIO; @@ -1197,6 +1199,10 @@ static void ucsi_handle_connector_change(struct work_struct *work) mutex_lock(&con->lock); + if (!test_and_set_bit(EVENT_PENDING, &ucsi->flags)) + dev_err_once(ucsi->dev, "%s entered without EVENT_PENDING\n", + __func__); + command = UCSI_GET_CONNECTOR_STATUS | UCSI_CONNECTOR_NUMBER(con->num); ret = ucsi_send_command_common(ucsi, command, &con->status,

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: fix loss of data on Cadence xHC" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e5fa8db0be3e8757e8641600c518425a4589b85c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100117-bobsled-freely-5b2c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e5fa8db0be3e ("usb: xhci: fix loss of data on Cadence xHC") bc162403e33e ("xhci: Add a quirk for writing ERST in high-low order") 18a6be674306 ("usb: cdnsp: blocked some cdns3 specific code") cf97c5e0f7dd ("xhci: Preserve RsvdP bits in ERSTBA register correctly") d9b0328d0b8b ("xhci: Show ZHAOXIN xHCI root hub speed correctly") 2a865a652299 ("xhci: Fix TRB prefetch issue of ZHAOXIN hosts") f927728186f0 ("xhci: Fix resume issue of some ZHAOXIN hosts") b17a57f89f69 ("xhci: Refactor interrupter code for initial multi interrupter support.") 54f9927dfe22 ("xhci: remove xhci_test_trb_in_td_math early development check") 8c1cbec9db1a ("xhci: fix event ring segment table related masks and variables in header") a611bf473d1f ("xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices") 34cd2db408d5 ("xhci: Add quirk to reset host back to default state at shutdown") a956f91247da ("Merge 6.0-rc4 into usb-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e5fa8db0be3e8757e8641600c518425a4589b85c Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Thu, 5 Sep 2024 07:03:28 +0000 Subject: [PATCH] usb: xhci: fix loss of data on Cadence xHC Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB95386A40146E3EC64086F409DD9D2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 8a5df569221a..91dccd25a551 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -81,6 +81,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -474,6 +477,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index a4383735b16c..4d664ba53fe9 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1399,6 +1399,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 1e50ebbe9514..620502de971a 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1623,6 +1623,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps;

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: fix loss of data on Cadence xHC" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e5fa8db0be3e8757e8641600c518425a4589b85c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-trombone-xerox-7d8b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e5fa8db0be3e ("usb: xhci: fix loss of data on Cadence xHC") bc162403e33e ("xhci: Add a quirk for writing ERST in high-low order") 18a6be674306 ("usb: cdnsp: blocked some cdns3 specific code") cf97c5e0f7dd ("xhci: Preserve RsvdP bits in ERSTBA register correctly") d9b0328d0b8b ("xhci: Show ZHAOXIN xHCI root hub speed correctly") 2a865a652299 ("xhci: Fix TRB prefetch issue of ZHAOXIN hosts") f927728186f0 ("xhci: Fix resume issue of some ZHAOXIN hosts") b17a57f89f69 ("xhci: Refactor interrupter code for initial multi interrupter support.") 54f9927dfe22 ("xhci: remove xhci_test_trb_in_td_math early development check") 8c1cbec9db1a ("xhci: fix event ring segment table related masks and variables in header") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e5fa8db0be3e8757e8641600c518425a4589b85c Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Thu, 5 Sep 2024 07:03:28 +0000 Subject: [PATCH] usb: xhci: fix loss of data on Cadence xHC Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB95386A40146E3EC64086F409DD9D2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 8a5df569221a..91dccd25a551 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -81,6 +81,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -474,6 +477,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index a4383735b16c..4d664ba53fe9 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1399,6 +1399,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 1e50ebbe9514..620502de971a 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1623,6 +1623,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps;

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: fix loss of data on Cadence xHC" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e5fa8db0be3e8757e8641600c518425a4589b85c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-hurled-related-db8b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e5fa8db0be3e ("usb: xhci: fix loss of data on Cadence xHC") bc162403e33e ("xhci: Add a quirk for writing ERST in high-low order") 18a6be674306 ("usb: cdnsp: blocked some cdns3 specific code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e5fa8db0be3e8757e8641600c518425a4589b85c Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Thu, 5 Sep 2024 07:03:28 +0000 Subject: [PATCH] usb: xhci: fix loss of data on Cadence xHC Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB95386A40146E3EC64086F409DD9D2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 8a5df569221a..91dccd25a551 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -81,6 +81,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -474,6 +477,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index a4383735b16c..4d664ba53fe9 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1399,6 +1399,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 1e50ebbe9514..620502de971a 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1623,6 +1623,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps;

7 months

1
0
0 0

FAILED: patch "[PATCH] usb: xhci: fix loss of data on Cadence xHC" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x e5fa8db0be3e8757e8641600c518425a4589b85c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100114-catatonic-nag-ec5c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: e5fa8db0be3e ("usb: xhci: fix loss of data on Cadence xHC") bc162403e33e ("xhci: Add a quirk for writing ERST in high-low order") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e5fa8db0be3e8757e8641600c518425a4589b85c Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Thu, 5 Sep 2024 07:03:28 +0000 Subject: [PATCH] usb: xhci: fix loss of data on Cadence xHC Streams should flush their TRB cache, re-read TRBs, and start executing TRBs from the beginning of the new dequeue pointer after a 'Set TR Dequeue Pointer' command. Cadence controllers may fail to start from the beginning of the dequeue TRB as it doesn't clear the Opaque 'RsvdO' field of the stream context during 'Set TR Dequeue' command. This stream context area is where xHC stores information about the last partially executed TD when a stream is stopped. xHC uses this information to resume the transfer where it left mid TD, when the stream is restarted. Patch fixes this by clearing out all RsvdO fields before initializing new Stream transfer using a 'Set TR Dequeue Pointer' command. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB95386A40146E3EC64086F409DD9D2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/host.c b/drivers/usb/cdns3/host.c index ceca4d839dfd..7ba760ee62e3 100644 --- a/drivers/usb/cdns3/host.c +++ b/drivers/usb/cdns3/host.c @@ -62,7 +62,9 @@ static const struct xhci_plat_priv xhci_plat_cdns3_xhci = { .resume_quirk = xhci_cdns3_resume_quirk, }; -static const struct xhci_plat_priv xhci_plat_cdnsp_xhci; +static const struct xhci_plat_priv xhci_plat_cdnsp_xhci = { + .quirks = XHCI_CDNS_SCTX_QUIRK, +}; static int __cdns_host_init(struct cdns *cdns) { diff --git a/drivers/usb/host/xhci-pci.c b/drivers/usb/host/xhci-pci.c index 8a5df569221a..91dccd25a551 100644 --- a/drivers/usb/host/xhci-pci.c +++ b/drivers/usb/host/xhci-pci.c @@ -81,6 +81,9 @@ #define PCI_DEVICE_ID_ASMEDIA_2142_XHCI 0x2142 #define PCI_DEVICE_ID_ASMEDIA_3242_XHCI 0x3242 +#define PCI_DEVICE_ID_CADENCE 0x17CD +#define PCI_DEVICE_ID_CADENCE_SSP 0x0200 + static const char hcd_name[] = "xhci_hcd"; static struct hc_driver __read_mostly xhci_pci_hc_driver; @@ -474,6 +477,10 @@ static void xhci_pci_quirks(struct device *dev, struct xhci_hcd *xhci) xhci->quirks |= XHCI_ZHAOXIN_TRB_FETCH; } + if (pdev->vendor == PCI_DEVICE_ID_CADENCE && + pdev->device == PCI_DEVICE_ID_CADENCE_SSP) + xhci->quirks |= XHCI_CDNS_SCTX_QUIRK; + /* xHC spec requires PCI devices to support D3hot and D3cold */ if (xhci->hci_version >= 0x120) xhci->quirks |= XHCI_DEFAULT_PM_RUNTIME_ALLOW; diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index a4383735b16c..4d664ba53fe9 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1399,6 +1399,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + + /* + * Cadence xHCI controllers store some endpoint state + * information within Rsvd0 fields of Stream Endpoint + * context. This field is not cleared during Set TR + * Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream + * pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + if (xhci->quirks & XHCI_CDNS_SCTX_QUIRK) { + ctx->reserved[0] = 0; + ctx->reserved[1] = 0; + } } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 1e50ebbe9514..620502de971a 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1623,6 +1623,7 @@ struct xhci_hcd { #define XHCI_ZHAOXIN_TRB_FETCH BIT_ULL(45) #define XHCI_ZHAOXIN_HOST BIT_ULL(46) #define XHCI_WRITE_64_HI_LO BIT_ULL(47) +#define XHCI_CDNS_SCTX_QUIRK BIT_ULL(48) unsigned int num_active_eps; unsigned int limit_active_eps;

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100159-vista-remold-8a09@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100158-doorstop-atom-5aa4@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100157-mushiness-overhaul-1335@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100157-unsocial-jogger-5114@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100156-armchair-enrich-27e4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] USB: misc: yurex: fix race between read and write" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 93907620b308609c72ba4b95b09a6aa2658bb553 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100155-recite-disarray-345c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 93907620b308 ("USB: misc: yurex: fix race between read and write") 86b20af11e84 ("usb: yurex: Replace snprintf() with the safer scnprintf() variant") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 93907620b308609c72ba4b95b09a6aa2658bb553 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 12 Sep 2024 15:21:22 +0200 Subject: [PATCH] USB: misc: yurex: fix race between read and write The write code path touches the bbu member in a non atomic manner without taking the spinlock. Fix it. The bug is as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> CC: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240912132126.1034743-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/misc/yurex.c b/drivers/usb/misc/yurex.c index 4745a320eae4..4a9859e03f6b 100644 --- a/drivers/usb/misc/yurex.c +++ b/drivers/usb/misc/yurex.c @@ -404,7 +404,6 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, struct usb_yurex *dev; int len = 0; char in_buffer[MAX_S64_STRLEN]; - unsigned long flags; dev = file->private_data; @@ -419,9 +418,9 @@ static ssize_t yurex_read(struct file *file, char __user *buffer, size_t count, return -EIO; } - spin_lock_irqsave(&dev->lock, flags); + spin_lock_irq(&dev->lock); scnprintf(in_buffer, MAX_S64_STRLEN, "%lld\n", dev->bbu); - spin_unlock_irqrestore(&dev->lock, flags); + spin_unlock_irq(&dev->lock); mutex_unlock(&dev->io_mutex); return simple_read_from_buffer(buffer, count, ppos, in_buffer, len); @@ -511,8 +510,11 @@ static ssize_t yurex_write(struct file *file, const char __user *user_buffer, __func__, retval); goto error; } - if (set && timeout) + if (set && timeout) { + spin_lock_irq(&dev->lock); dev->bbu = c2; + spin_unlock_irq(&dev->lock); + } return timeout ? count : -EIO; error:

7 months

1
0
0 0

FAILED: patch "[PATCH] usbnet: fix cyclical race on disconnect with work queue" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 04e906839a053f092ef53f4fb2d610983412b904 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100138-unkempt-varying-9971@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 04e906839a05 ("usbnet: fix cyclical race on disconnect with work queue") a69e617e533e ("usbnet: Fix linkwatch use-after-free on disconnect") 478890682ff7 ("usbnet: add usbnet_event_names[] for kevent") 956baa99571b ("usbnet: add method for reporting speed without MII") 77651900cede ("usbnet: add _mii suffix to usbnet_set/get_link_ksettings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04e906839a053f092ef53f4fb2d610983412b904 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 19 Sep 2024 14:33:42 +0200 Subject: [PATCH] usbnet: fix cyclical race on disconnect with work queue The work can submit URBs and the URBs can schedule the work. This cycle needs to be broken, when a device is to be stopped. Use a flag to do so. This is a design issue as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") CC: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240919123525.688065-1-oneukum@suse.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 18eb5ba436df..2506aa8c603e 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb, void usbnet_defer_kevent (struct usbnet *dev, int work) { set_bit (work, &dev->flags); - if (!schedule_work (&dev->kevent)) - netdev_dbg(dev->net, "kevent %s may have been dropped\n", usbnet_event_names[work]); - else - netdev_dbg(dev->net, "kevent %s scheduled\n", usbnet_event_names[work]); + if (!usbnet_going_away(dev)) { + if (!schedule_work(&dev->kevent)) + netdev_dbg(dev->net, + "kevent %s may have been dropped\n", + usbnet_event_names[work]); + else + netdev_dbg(dev->net, + "kevent %s scheduled\n", usbnet_event_names[work]); + } } EXPORT_SYMBOL_GPL(usbnet_defer_kevent); @@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) tasklet_schedule (&dev->bh); break; case 0: - __usbnet_queue_skb(&dev->rxq, skb, rx_start); + if (!usbnet_going_away(dev)) + __usbnet_queue_skb(&dev->rxq, skb, rx_start); } } else { netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); @@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net) /* deferred work (timer, softirq, task) must also stop */ dev->flags = 0; - del_timer_sync (&dev->delay); - tasklet_kill (&dev->bh); + del_timer_sync(&dev->delay); + tasklet_kill(&dev->bh); cancel_work_sync(&dev->kevent); + + /* We have cyclic dependencies. Those calls are needed + * to break a cycle. We cannot fall into the gaps because + * we have a flag + */ + tasklet_kill(&dev->bh); + del_timer_sync(&dev->delay); + cancel_work_sync(&dev->kevent); + if (!pm) usb_autopm_put_interface(dev->intf); @@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work) status); } else { clear_bit (EVENT_RX_HALT, &dev->flags); - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work) usb_autopm_put_interface(dev->intf); fail_lowmem: if (resched) - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t) } else if (netif_running (dev->net) && netif_device_present (dev->net) && netif_carrier_ok(dev->net) && + !usbnet_going_away(dev) && !timer_pending(&dev->delay) && !test_bit(EVENT_RX_PAUSED, &dev->flags) && !test_bit(EVENT_RX_HALT, &dev->flags)) { @@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf) usb_set_intfdata(intf, NULL); if (!dev) return; + usbnet_mark_going_away(dev); xdev = interface_to_usbdev (intf); diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h index 9f08a584d707..0b9f1e598e3a 100644 --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h @@ -76,8 +76,23 @@ struct usbnet { # define EVENT_LINK_CHANGE 11 # define EVENT_SET_RX_MODE 12 # define EVENT_NO_IP_ALIGN 13 +/* This one is special, as it indicates that the device is going away + * there are cyclic dependencies between tasklet, timer and bh + * that must be broken + */ +# define EVENT_UNPLUG 31 }; +static inline bool usbnet_going_away(struct usbnet *ubn) +{ + return test_bit(EVENT_UNPLUG, &ubn->flags); +} + +static inline void usbnet_mark_going_away(struct usbnet *ubn) +{ + set_bit(EVENT_UNPLUG, &ubn->flags); +} + static inline struct usb_driver *driver_of(struct usb_interface *intf) { return to_usb_driver(intf->dev.driver);

7 months

1
0
0 0

FAILED: patch "[PATCH] usbnet: fix cyclical race on disconnect with work queue" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 04e906839a053f092ef53f4fb2d610983412b904 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100138-ramp-unnatural-4b06@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 04e906839a05 ("usbnet: fix cyclical race on disconnect with work queue") a69e617e533e ("usbnet: Fix linkwatch use-after-free on disconnect") 478890682ff7 ("usbnet: add usbnet_event_names[] for kevent") 956baa99571b ("usbnet: add method for reporting speed without MII") 77651900cede ("usbnet: add _mii suffix to usbnet_set/get_link_ksettings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04e906839a053f092ef53f4fb2d610983412b904 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 19 Sep 2024 14:33:42 +0200 Subject: [PATCH] usbnet: fix cyclical race on disconnect with work queue The work can submit URBs and the URBs can schedule the work. This cycle needs to be broken, when a device is to be stopped. Use a flag to do so. This is a design issue as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") CC: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240919123525.688065-1-oneukum@suse.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 18eb5ba436df..2506aa8c603e 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb, void usbnet_defer_kevent (struct usbnet *dev, int work) { set_bit (work, &dev->flags); - if (!schedule_work (&dev->kevent)) - netdev_dbg(dev->net, "kevent %s may have been dropped\n", usbnet_event_names[work]); - else - netdev_dbg(dev->net, "kevent %s scheduled\n", usbnet_event_names[work]); + if (!usbnet_going_away(dev)) { + if (!schedule_work(&dev->kevent)) + netdev_dbg(dev->net, + "kevent %s may have been dropped\n", + usbnet_event_names[work]); + else + netdev_dbg(dev->net, + "kevent %s scheduled\n", usbnet_event_names[work]); + } } EXPORT_SYMBOL_GPL(usbnet_defer_kevent); @@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) tasklet_schedule (&dev->bh); break; case 0: - __usbnet_queue_skb(&dev->rxq, skb, rx_start); + if (!usbnet_going_away(dev)) + __usbnet_queue_skb(&dev->rxq, skb, rx_start); } } else { netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); @@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net) /* deferred work (timer, softirq, task) must also stop */ dev->flags = 0; - del_timer_sync (&dev->delay); - tasklet_kill (&dev->bh); + del_timer_sync(&dev->delay); + tasklet_kill(&dev->bh); cancel_work_sync(&dev->kevent); + + /* We have cyclic dependencies. Those calls are needed + * to break a cycle. We cannot fall into the gaps because + * we have a flag + */ + tasklet_kill(&dev->bh); + del_timer_sync(&dev->delay); + cancel_work_sync(&dev->kevent); + if (!pm) usb_autopm_put_interface(dev->intf); @@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work) status); } else { clear_bit (EVENT_RX_HALT, &dev->flags); - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work) usb_autopm_put_interface(dev->intf); fail_lowmem: if (resched) - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t) } else if (netif_running (dev->net) && netif_device_present (dev->net) && netif_carrier_ok(dev->net) && + !usbnet_going_away(dev) && !timer_pending(&dev->delay) && !test_bit(EVENT_RX_PAUSED, &dev->flags) && !test_bit(EVENT_RX_HALT, &dev->flags)) { @@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf) usb_set_intfdata(intf, NULL); if (!dev) return; + usbnet_mark_going_away(dev); xdev = interface_to_usbdev (intf); diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h index 9f08a584d707..0b9f1e598e3a 100644 --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h @@ -76,8 +76,23 @@ struct usbnet { # define EVENT_LINK_CHANGE 11 # define EVENT_SET_RX_MODE 12 # define EVENT_NO_IP_ALIGN 13 +/* This one is special, as it indicates that the device is going away + * there are cyclic dependencies between tasklet, timer and bh + * that must be broken + */ +# define EVENT_UNPLUG 31 }; +static inline bool usbnet_going_away(struct usbnet *ubn) +{ + return test_bit(EVENT_UNPLUG, &ubn->flags); +} + +static inline void usbnet_mark_going_away(struct usbnet *ubn) +{ + set_bit(EVENT_UNPLUG, &ubn->flags); +} + static inline struct usb_driver *driver_of(struct usb_interface *intf) { return to_usb_driver(intf->dev.driver);

7 months

1
0
0 0

FAILED: patch "[PATCH] usbnet: fix cyclical race on disconnect with work queue" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 04e906839a053f092ef53f4fb2d610983412b904 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100137-tiara-corned-9da8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 04e906839a05 ("usbnet: fix cyclical race on disconnect with work queue") a69e617e533e ("usbnet: Fix linkwatch use-after-free on disconnect") 478890682ff7 ("usbnet: add usbnet_event_names[] for kevent") 956baa99571b ("usbnet: add method for reporting speed without MII") 77651900cede ("usbnet: add _mii suffix to usbnet_set/get_link_ksettings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 04e906839a053f092ef53f4fb2d610983412b904 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 19 Sep 2024 14:33:42 +0200 Subject: [PATCH] usbnet: fix cyclical race on disconnect with work queue The work can submit URBs and the URBs can schedule the work. This cycle needs to be broken, when a device is to be stopped. Use a flag to do so. This is a design issue as old as the driver. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") CC: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240919123525.688065-1-oneukum@suse.com Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c index 18eb5ba436df..2506aa8c603e 100644 --- a/drivers/net/usb/usbnet.c +++ b/drivers/net/usb/usbnet.c @@ -464,10 +464,15 @@ static enum skb_state defer_bh(struct usbnet *dev, struct sk_buff *skb, void usbnet_defer_kevent (struct usbnet *dev, int work) { set_bit (work, &dev->flags); - if (!schedule_work (&dev->kevent)) - netdev_dbg(dev->net, "kevent %s may have been dropped\n", usbnet_event_names[work]); - else - netdev_dbg(dev->net, "kevent %s scheduled\n", usbnet_event_names[work]); + if (!usbnet_going_away(dev)) { + if (!schedule_work(&dev->kevent)) + netdev_dbg(dev->net, + "kevent %s may have been dropped\n", + usbnet_event_names[work]); + else + netdev_dbg(dev->net, + "kevent %s scheduled\n", usbnet_event_names[work]); + } } EXPORT_SYMBOL_GPL(usbnet_defer_kevent); @@ -535,7 +540,8 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) tasklet_schedule (&dev->bh); break; case 0: - __usbnet_queue_skb(&dev->rxq, skb, rx_start); + if (!usbnet_going_away(dev)) + __usbnet_queue_skb(&dev->rxq, skb, rx_start); } } else { netif_dbg(dev, ifdown, dev->net, "rx: stopped\n"); @@ -843,9 +849,18 @@ int usbnet_stop (struct net_device *net) /* deferred work (timer, softirq, task) must also stop */ dev->flags = 0; - del_timer_sync (&dev->delay); - tasklet_kill (&dev->bh); + del_timer_sync(&dev->delay); + tasklet_kill(&dev->bh); cancel_work_sync(&dev->kevent); + + /* We have cyclic dependencies. Those calls are needed + * to break a cycle. We cannot fall into the gaps because + * we have a flag + */ + tasklet_kill(&dev->bh); + del_timer_sync(&dev->delay); + cancel_work_sync(&dev->kevent); + if (!pm) usb_autopm_put_interface(dev->intf); @@ -1171,7 +1186,8 @@ usbnet_deferred_kevent (struct work_struct *work) status); } else { clear_bit (EVENT_RX_HALT, &dev->flags); - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1196,7 +1212,8 @@ usbnet_deferred_kevent (struct work_struct *work) usb_autopm_put_interface(dev->intf); fail_lowmem: if (resched) - tasklet_schedule (&dev->bh); + if (!usbnet_going_away(dev)) + tasklet_schedule(&dev->bh); } } @@ -1559,6 +1576,7 @@ static void usbnet_bh (struct timer_list *t) } else if (netif_running (dev->net) && netif_device_present (dev->net) && netif_carrier_ok(dev->net) && + !usbnet_going_away(dev) && !timer_pending(&dev->delay) && !test_bit(EVENT_RX_PAUSED, &dev->flags) && !test_bit(EVENT_RX_HALT, &dev->flags)) { @@ -1606,6 +1624,7 @@ void usbnet_disconnect (struct usb_interface *intf) usb_set_intfdata(intf, NULL); if (!dev) return; + usbnet_mark_going_away(dev); xdev = interface_to_usbdev (intf); diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h index 9f08a584d707..0b9f1e598e3a 100644 --- a/include/linux/usb/usbnet.h +++ b/include/linux/usb/usbnet.h @@ -76,8 +76,23 @@ struct usbnet { # define EVENT_LINK_CHANGE 11 # define EVENT_SET_RX_MODE 12 # define EVENT_NO_IP_ALIGN 13 +/* This one is special, as it indicates that the device is going away + * there are cyclic dependencies between tasklet, timer and bh + * that must be broken + */ +# define EVENT_UNPLUG 31 }; +static inline bool usbnet_going_away(struct usbnet *ubn) +{ + return test_bit(EVENT_UNPLUG, &ubn->flags); +} + +static inline void usbnet_mark_going_away(struct usbnet *ubn) +{ + set_bit(EVENT_UNPLUG, &ubn->flags); +} + static inline struct usb_driver *driver_of(struct usb_interface *intf) { return to_usb_driver(intf->dev.driver);

7 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: handle caseless file creation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c5a709f08d40b1a082e44ffcde1aea4d2822ddd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100147-stipend-vitality-f6cb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c5a709f08d40 ("ksmbd: handle caseless file creation") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 6fe55c2799bc ("ksmbd: call putname after using the last component") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 211db0ac9e3d ("ksmbd: remove internal.h include") 4d7ca4090184 ("fs: port vfs{g,u}id helpers to mnt_idmap") c14329d39f2d ("fs: port fs{g,u}id helpers to mnt_idmap") e67fe63341b8 ("fs: port i_{g,u}id_into_vfs{g,u}id() to mnt_idmap") 0dbe12f2e49c ("fs: port i_{g,u}id_{needs_}update() to mnt_idmap") 9452e93e6dae ("fs: port privilege checking helpers to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5a709f08d40b1a082e44ffcde1aea4d2822ddd5 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Sun, 8 Sep 2024 15:23:48 +0900 Subject: [PATCH] ksmbd: handle caseless file creation Ray Zhang reported ksmbd can not create file if parent filename is caseless. Y:\>mkdir A Y:\>echo 123 >a\b.txt The system cannot find the path specified. Y:\>echo 123 >A\b.txt This patch convert name obtained by caseless lookup to parent name. Cc: stable(a)vger.kernel.org # v5.15+ Reported-by: Ray Zhang <zhanglei002(a)gmail.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 13dad48d950c..7cbd580120d1 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -1167,7 +1167,7 @@ static bool __caseless_lookup(struct dir_context *ctx, const char *name, if (cmp < 0) cmp = strncasecmp((char *)buf->private, name, namlen); if (!cmp) { - memcpy((char *)buf->private, name, namlen); + memcpy((char *)buf->private, name, buf->used); buf->dirent_count = 1; return false; } @@ -1235,10 +1235,7 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, char *filepath; size_t path_len, remain_len; - filepath = kstrdup(name, GFP_KERNEL); - if (!filepath) - return -ENOMEM; - + filepath = name; path_len = strlen(filepath); remain_len = path_len; @@ -1281,10 +1278,9 @@ int ksmbd_vfs_kern_path_locked(struct ksmbd_work *work, char *name, err = -EINVAL; out2: path_put(parent_path); -out1: - kfree(filepath); } +out1: if (!err) { err = mnt_want_write(parent_path->mnt); if (err) {

7 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: allow write with FILE_APPEND_DATA" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2fb9b5dc80cabcee636a6ccd020740dd925b4580 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100133-crablike-static-40ed@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 2fb9b5dc80ca ("ksmbd: allow write with FILE_APPEND_DATA") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") abdb1742a312 ("cifs: get rid of mount options string parsing") 9fd29a5bae6e ("cifs: use fs_context for automounts") 369c1634cc7a ("ksmbd: don't open-code %pD") 5dd8ce24667a ("cifs: missing directory in MAINTAINERS file") 332019e23a51 ("Merge tag '5.20-rc-smb3-client-fixes-part2' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2fb9b5dc80cabcee636a6ccd020740dd925b4580 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 3 Sep 2024 20:26:33 +0900 Subject: [PATCH] ksmbd: allow write with FILE_APPEND_DATA Windows client write with FILE_APPEND_DATA when using git. ksmbd should allow write it with this flags. Z:\test>git commit -m "test" fatal: cannot update the ref 'HEAD': unable to append to '.git/logs/HEAD': Bad file descriptor Fixes: 0626e6641f6b ("cifsd: add server handler for central processing and tranport layers") Cc: stable(a)vger.kernel.org # v5.15+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c index 9e859ba010cf..19900625d5d2 100644 --- a/fs/smb/server/vfs.c +++ b/fs/smb/server/vfs.c @@ -496,7 +496,7 @@ int ksmbd_vfs_write(struct ksmbd_work *work, struct ksmbd_file *fp, int err = 0; if (work->conn->connection_type) { - if (!(fp->daccess & FILE_WRITE_DATA_LE)) { + if (!(fp->daccess & (FILE_WRITE_DATA_LE | FILE_APPEND_DATA_LE))) { pr_err("no right to write(%pD)\n", fp->filp); err = -EACCES; goto out;

7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 39190ac7cff1fd15135fa8e658030d9646fdb5f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100112-tint-catchy-da0c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 39190ac7cff1 ("powerpc/atomic: Use YZ constraints for DS-form instructions") dc5dac748af9 ("powerpc/64: Add support to build with prefixed instructions") 5017b4594672 ("powerpc/64: Option to build big-endian with ELFv2 ABI") 4b2a9315f20d ("powerpc/64s: POWER10 CPU Kconfig build option") ff27d9200a98 ("powerpc/405: Fix build failure with GCC 12 (unrecognized opcode: `wrteei')") 446cda1b21d9 ("powerpc/32: Don't always pass -mcpu=powerpc to the compiler") 661aa880398a ("powerpc: Add CONFIG_PPC64_ELF_ABI_V1 and CONFIG_PPC64_ELF_ABI_V2") dede19be5163 ("powerpc: Remove CONFIG_PPC_HAVE_KUAP and CONFIG_PPC_HAVE_KUEP") fcf9bb6d32f8 ("powerpc/kuap: Wire-up KUAP on 40x") 25ae981fafaa ("powerpc/nohash: Move setup_kuap out of 8xx.c") 6754862249d3 ("powerpc/kuep: Remove 'nosmep' boot time parameter except for book3s/64") 70428da94c7a ("powerpc/32s: Save content of sr0 to avoid 'mfsr'") 526d4a4c77ae ("powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly") df415cd75826 ("powerpc/32s: Remove capability to disable KUEP at boottime") dc3a0e5b83a8 ("powerpc/book3e: Activate KUEP at all time") ee2631603fdb ("powerpc/44x: Activate KUEP at all time") 13dac4e31e75 ("powerpc/8xx: Activate KUEP at all time") 6c1fa60d368e ("Revert "powerpc: Inline setup_kup()"") c28573744b74 ("powerpc/64s: Make hash MMU support configurable") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39190ac7cff1fd15135fa8e658030d9646fdb5f2 Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 16 Sep 2024 22:05:10 +1000 Subject: [PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions The 'ld' and 'std' instructions require a 4-byte aligned displacement because they are DS-form instructions. But the "m" asm constraint doesn't enforce that. That can lead to build errors if the compiler chooses a non-aligned displacement, as seen with GCC 14: /tmp/ccuSzwiR.s: Assembler messages: /tmp/ccuSzwiR.s:2579: Error: operand out of domain (39 is not a multiple of 4) make[5]: *** [scripts/Makefile.build:229: net/core/page_pool.o] Error 1 Dumping the generated assembler shows: ld 8,39(8) # MEM[(const struct atomic64_t *)_29].counter, t Use the YZ constraints to tell the compiler either to generate a DS-form displacement, or use an X-form instruction, either of which prevents the build error. See commit 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") for more details on the constraint letters. Fixes: 9f0cbea0d8cc ("[POWERPC] Implement atomic{, 64}_{read, write}() without volatile") Cc: stable(a)vger.kernel.org # v2.6.24+ Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Closes: https://lore.kernel.org/all/20240913125302.0a06b4c7@canb.auug.org.au Tested-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Segher Boessenkool <segher(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240916120510.2017749-1-mpe@ellerman.id.au diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h index b0b209c1df50..f48e644900a2 100644 --- a/arch/powerpc/include/asm/asm-compat.h +++ b/arch/powerpc/include/asm/asm-compat.h @@ -37,6 +37,12 @@ #define STDX_BE stringify_in_c(stdbrx) #endif +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #else /* 32-bit */ /* operations for longs and pointers */ diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index 5bf6a4d49268..d1ea554c33ed 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -11,6 +11,7 @@ #include <asm/cmpxchg.h> #include <asm/barrier.h> #include <asm/asm-const.h> +#include <asm/asm-compat.h> /* * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with @@ -197,7 +198,7 @@ static __inline__ s64 arch_atomic64_read(const atomic64_t *v) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("ld %0,0(%1)" : "=r"(t) : "b"(&v->counter)); else - __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m<>"(v->counter)); + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : DS_FORM_CONSTRAINT (v->counter)); return t; } @@ -208,7 +209,7 @@ static __inline__ void arch_atomic64_set(atomic64_t *v, s64 i) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("std %1,0(%2)" : "=m"(v->counter) : "r"(i), "b"(&v->counter)); else - __asm__ __volatile__("std%U0%X0 %1,%0" : "=m<>"(v->counter) : "r"(i)); + __asm__ __volatile__("std%U0%X0 %1,%0" : "=" DS_FORM_CONSTRAINT (v->counter) : "r"(i)); } #define ATOMIC64_OP(op, asm_op) \ diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index fd594bf6c6a9..4f5a46a77fa2 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -6,6 +6,7 @@ #include <asm/page.h> #include <asm/extable.h> #include <asm/kup.h> +#include <asm/asm-compat.h> #ifdef __powerpc64__ /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ @@ -92,12 +93,6 @@ __pu_failed: \ : label) #endif -#ifdef CONFIG_CC_IS_CLANG -#define DS_FORM_CONSTRAINT "Z<>" -#else -#define DS_FORM_CONSTRAINT "YZ<>" -#endif - #ifdef __powerpc64__ #ifdef CONFIG_PPC_KERNEL_PREFIXED #define __put_user_asm2_goto(x, ptr, label) \

7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 39190ac7cff1fd15135fa8e658030d9646fdb5f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100111-reflector-gatherer-1ee5@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 39190ac7cff1 ("powerpc/atomic: Use YZ constraints for DS-form instructions") dc5dac748af9 ("powerpc/64: Add support to build with prefixed instructions") 5017b4594672 ("powerpc/64: Option to build big-endian with ELFv2 ABI") 4b2a9315f20d ("powerpc/64s: POWER10 CPU Kconfig build option") ff27d9200a98 ("powerpc/405: Fix build failure with GCC 12 (unrecognized opcode: `wrteei')") 446cda1b21d9 ("powerpc/32: Don't always pass -mcpu=powerpc to the compiler") 661aa880398a ("powerpc: Add CONFIG_PPC64_ELF_ABI_V1 and CONFIG_PPC64_ELF_ABI_V2") dede19be5163 ("powerpc: Remove CONFIG_PPC_HAVE_KUAP and CONFIG_PPC_HAVE_KUEP") fcf9bb6d32f8 ("powerpc/kuap: Wire-up KUAP on 40x") 25ae981fafaa ("powerpc/nohash: Move setup_kuap out of 8xx.c") 6754862249d3 ("powerpc/kuep: Remove 'nosmep' boot time parameter except for book3s/64") 70428da94c7a ("powerpc/32s: Save content of sr0 to avoid 'mfsr'") 526d4a4c77ae ("powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly") df415cd75826 ("powerpc/32s: Remove capability to disable KUEP at boottime") dc3a0e5b83a8 ("powerpc/book3e: Activate KUEP at all time") ee2631603fdb ("powerpc/44x: Activate KUEP at all time") 13dac4e31e75 ("powerpc/8xx: Activate KUEP at all time") 6c1fa60d368e ("Revert "powerpc: Inline setup_kup()"") c28573744b74 ("powerpc/64s: Make hash MMU support configurable") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39190ac7cff1fd15135fa8e658030d9646fdb5f2 Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 16 Sep 2024 22:05:10 +1000 Subject: [PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions The 'ld' and 'std' instructions require a 4-byte aligned displacement because they are DS-form instructions. But the "m" asm constraint doesn't enforce that. That can lead to build errors if the compiler chooses a non-aligned displacement, as seen with GCC 14: /tmp/ccuSzwiR.s: Assembler messages: /tmp/ccuSzwiR.s:2579: Error: operand out of domain (39 is not a multiple of 4) make[5]: *** [scripts/Makefile.build:229: net/core/page_pool.o] Error 1 Dumping the generated assembler shows: ld 8,39(8) # MEM[(const struct atomic64_t *)_29].counter, t Use the YZ constraints to tell the compiler either to generate a DS-form displacement, or use an X-form instruction, either of which prevents the build error. See commit 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") for more details on the constraint letters. Fixes: 9f0cbea0d8cc ("[POWERPC] Implement atomic{, 64}_{read, write}() without volatile") Cc: stable(a)vger.kernel.org # v2.6.24+ Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Closes: https://lore.kernel.org/all/20240913125302.0a06b4c7@canb.auug.org.au Tested-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Segher Boessenkool <segher(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240916120510.2017749-1-mpe@ellerman.id.au diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h index b0b209c1df50..f48e644900a2 100644 --- a/arch/powerpc/include/asm/asm-compat.h +++ b/arch/powerpc/include/asm/asm-compat.h @@ -37,6 +37,12 @@ #define STDX_BE stringify_in_c(stdbrx) #endif +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #else /* 32-bit */ /* operations for longs and pointers */ diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index 5bf6a4d49268..d1ea554c33ed 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -11,6 +11,7 @@ #include <asm/cmpxchg.h> #include <asm/barrier.h> #include <asm/asm-const.h> +#include <asm/asm-compat.h> /* * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with @@ -197,7 +198,7 @@ static __inline__ s64 arch_atomic64_read(const atomic64_t *v) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("ld %0,0(%1)" : "=r"(t) : "b"(&v->counter)); else - __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m<>"(v->counter)); + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : DS_FORM_CONSTRAINT (v->counter)); return t; } @@ -208,7 +209,7 @@ static __inline__ void arch_atomic64_set(atomic64_t *v, s64 i) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("std %1,0(%2)" : "=m"(v->counter) : "r"(i), "b"(&v->counter)); else - __asm__ __volatile__("std%U0%X0 %1,%0" : "=m<>"(v->counter) : "r"(i)); + __asm__ __volatile__("std%U0%X0 %1,%0" : "=" DS_FORM_CONSTRAINT (v->counter) : "r"(i)); } #define ATOMIC64_OP(op, asm_op) \ diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index fd594bf6c6a9..4f5a46a77fa2 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -6,6 +6,7 @@ #include <asm/page.h> #include <asm/extable.h> #include <asm/kup.h> +#include <asm/asm-compat.h> #ifdef __powerpc64__ /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ @@ -92,12 +93,6 @@ __pu_failed: \ : label) #endif -#ifdef CONFIG_CC_IS_CLANG -#define DS_FORM_CONSTRAINT "Z<>" -#else -#define DS_FORM_CONSTRAINT "YZ<>" -#endif - #ifdef __powerpc64__ #ifdef CONFIG_PPC_KERNEL_PREFIXED #define __put_user_asm2_goto(x, ptr, label) \

7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 39190ac7cff1fd15135fa8e658030d9646fdb5f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100110-reselect-handpick-cfd6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 39190ac7cff1 ("powerpc/atomic: Use YZ constraints for DS-form instructions") dc5dac748af9 ("powerpc/64: Add support to build with prefixed instructions") 5017b4594672 ("powerpc/64: Option to build big-endian with ELFv2 ABI") 4b2a9315f20d ("powerpc/64s: POWER10 CPU Kconfig build option") ff27d9200a98 ("powerpc/405: Fix build failure with GCC 12 (unrecognized opcode: `wrteei')") 446cda1b21d9 ("powerpc/32: Don't always pass -mcpu=powerpc to the compiler") 661aa880398a ("powerpc: Add CONFIG_PPC64_ELF_ABI_V1 and CONFIG_PPC64_ELF_ABI_V2") dede19be5163 ("powerpc: Remove CONFIG_PPC_HAVE_KUAP and CONFIG_PPC_HAVE_KUEP") fcf9bb6d32f8 ("powerpc/kuap: Wire-up KUAP on 40x") 25ae981fafaa ("powerpc/nohash: Move setup_kuap out of 8xx.c") 6754862249d3 ("powerpc/kuep: Remove 'nosmep' boot time parameter except for book3s/64") 70428da94c7a ("powerpc/32s: Save content of sr0 to avoid 'mfsr'") 526d4a4c77ae ("powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly") df415cd75826 ("powerpc/32s: Remove capability to disable KUEP at boottime") dc3a0e5b83a8 ("powerpc/book3e: Activate KUEP at all time") ee2631603fdb ("powerpc/44x: Activate KUEP at all time") 13dac4e31e75 ("powerpc/8xx: Activate KUEP at all time") 6c1fa60d368e ("Revert "powerpc: Inline setup_kup()"") c28573744b74 ("powerpc/64s: Make hash MMU support configurable") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39190ac7cff1fd15135fa8e658030d9646fdb5f2 Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 16 Sep 2024 22:05:10 +1000 Subject: [PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions The 'ld' and 'std' instructions require a 4-byte aligned displacement because they are DS-form instructions. But the "m" asm constraint doesn't enforce that. That can lead to build errors if the compiler chooses a non-aligned displacement, as seen with GCC 14: /tmp/ccuSzwiR.s: Assembler messages: /tmp/ccuSzwiR.s:2579: Error: operand out of domain (39 is not a multiple of 4) make[5]: *** [scripts/Makefile.build:229: net/core/page_pool.o] Error 1 Dumping the generated assembler shows: ld 8,39(8) # MEM[(const struct atomic64_t *)_29].counter, t Use the YZ constraints to tell the compiler either to generate a DS-form displacement, or use an X-form instruction, either of which prevents the build error. See commit 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") for more details on the constraint letters. Fixes: 9f0cbea0d8cc ("[POWERPC] Implement atomic{, 64}_{read, write}() without volatile") Cc: stable(a)vger.kernel.org # v2.6.24+ Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Closes: https://lore.kernel.org/all/20240913125302.0a06b4c7@canb.auug.org.au Tested-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Segher Boessenkool <segher(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240916120510.2017749-1-mpe@ellerman.id.au diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h index b0b209c1df50..f48e644900a2 100644 --- a/arch/powerpc/include/asm/asm-compat.h +++ b/arch/powerpc/include/asm/asm-compat.h @@ -37,6 +37,12 @@ #define STDX_BE stringify_in_c(stdbrx) #endif +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #else /* 32-bit */ /* operations for longs and pointers */ diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index 5bf6a4d49268..d1ea554c33ed 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -11,6 +11,7 @@ #include <asm/cmpxchg.h> #include <asm/barrier.h> #include <asm/asm-const.h> +#include <asm/asm-compat.h> /* * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with @@ -197,7 +198,7 @@ static __inline__ s64 arch_atomic64_read(const atomic64_t *v) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("ld %0,0(%1)" : "=r"(t) : "b"(&v->counter)); else - __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m<>"(v->counter)); + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : DS_FORM_CONSTRAINT (v->counter)); return t; } @@ -208,7 +209,7 @@ static __inline__ void arch_atomic64_set(atomic64_t *v, s64 i) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("std %1,0(%2)" : "=m"(v->counter) : "r"(i), "b"(&v->counter)); else - __asm__ __volatile__("std%U0%X0 %1,%0" : "=m<>"(v->counter) : "r"(i)); + __asm__ __volatile__("std%U0%X0 %1,%0" : "=" DS_FORM_CONSTRAINT (v->counter) : "r"(i)); } #define ATOMIC64_OP(op, asm_op) \ diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index fd594bf6c6a9..4f5a46a77fa2 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -6,6 +6,7 @@ #include <asm/page.h> #include <asm/extable.h> #include <asm/kup.h> +#include <asm/asm-compat.h> #ifdef __powerpc64__ /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ @@ -92,12 +93,6 @@ __pu_failed: \ : label) #endif -#ifdef CONFIG_CC_IS_CLANG -#define DS_FORM_CONSTRAINT "Z<>" -#else -#define DS_FORM_CONSTRAINT "YZ<>" -#endif - #ifdef __powerpc64__ #ifdef CONFIG_PPC_KERNEL_PREFIXED #define __put_user_asm2_goto(x, ptr, label) \

7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 39190ac7cff1fd15135fa8e658030d9646fdb5f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100109-reference-stillness-ee9e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 39190ac7cff1 ("powerpc/atomic: Use YZ constraints for DS-form instructions") dc5dac748af9 ("powerpc/64: Add support to build with prefixed instructions") 5017b4594672 ("powerpc/64: Option to build big-endian with ELFv2 ABI") 4b2a9315f20d ("powerpc/64s: POWER10 CPU Kconfig build option") ff27d9200a98 ("powerpc/405: Fix build failure with GCC 12 (unrecognized opcode: `wrteei')") 446cda1b21d9 ("powerpc/32: Don't always pass -mcpu=powerpc to the compiler") 661aa880398a ("powerpc: Add CONFIG_PPC64_ELF_ABI_V1 and CONFIG_PPC64_ELF_ABI_V2") dede19be5163 ("powerpc: Remove CONFIG_PPC_HAVE_KUAP and CONFIG_PPC_HAVE_KUEP") fcf9bb6d32f8 ("powerpc/kuap: Wire-up KUAP on 40x") 25ae981fafaa ("powerpc/nohash: Move setup_kuap out of 8xx.c") 6754862249d3 ("powerpc/kuep: Remove 'nosmep' boot time parameter except for book3s/64") 70428da94c7a ("powerpc/32s: Save content of sr0 to avoid 'mfsr'") 526d4a4c77ae ("powerpc/32s: Do kuep_lock() and kuep_unlock() in assembly") df415cd75826 ("powerpc/32s: Remove capability to disable KUEP at boottime") dc3a0e5b83a8 ("powerpc/book3e: Activate KUEP at all time") ee2631603fdb ("powerpc/44x: Activate KUEP at all time") 13dac4e31e75 ("powerpc/8xx: Activate KUEP at all time") 6c1fa60d368e ("Revert "powerpc: Inline setup_kup()"") c28573744b74 ("powerpc/64s: Make hash MMU support configurable") 7ebc49031d04 ("powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39190ac7cff1fd15135fa8e658030d9646fdb5f2 Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 16 Sep 2024 22:05:10 +1000 Subject: [PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions The 'ld' and 'std' instructions require a 4-byte aligned displacement because they are DS-form instructions. But the "m" asm constraint doesn't enforce that. That can lead to build errors if the compiler chooses a non-aligned displacement, as seen with GCC 14: /tmp/ccuSzwiR.s: Assembler messages: /tmp/ccuSzwiR.s:2579: Error: operand out of domain (39 is not a multiple of 4) make[5]: *** [scripts/Makefile.build:229: net/core/page_pool.o] Error 1 Dumping the generated assembler shows: ld 8,39(8) # MEM[(const struct atomic64_t *)_29].counter, t Use the YZ constraints to tell the compiler either to generate a DS-form displacement, or use an X-form instruction, either of which prevents the build error. See commit 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") for more details on the constraint letters. Fixes: 9f0cbea0d8cc ("[POWERPC] Implement atomic{, 64}_{read, write}() without volatile") Cc: stable(a)vger.kernel.org # v2.6.24+ Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Closes: https://lore.kernel.org/all/20240913125302.0a06b4c7@canb.auug.org.au Tested-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Segher Boessenkool <segher(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240916120510.2017749-1-mpe@ellerman.id.au diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h index b0b209c1df50..f48e644900a2 100644 --- a/arch/powerpc/include/asm/asm-compat.h +++ b/arch/powerpc/include/asm/asm-compat.h @@ -37,6 +37,12 @@ #define STDX_BE stringify_in_c(stdbrx) #endif +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #else /* 32-bit */ /* operations for longs and pointers */ diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index 5bf6a4d49268..d1ea554c33ed 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -11,6 +11,7 @@ #include <asm/cmpxchg.h> #include <asm/barrier.h> #include <asm/asm-const.h> +#include <asm/asm-compat.h> /* * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with @@ -197,7 +198,7 @@ static __inline__ s64 arch_atomic64_read(const atomic64_t *v) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("ld %0,0(%1)" : "=r"(t) : "b"(&v->counter)); else - __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m<>"(v->counter)); + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : DS_FORM_CONSTRAINT (v->counter)); return t; } @@ -208,7 +209,7 @@ static __inline__ void arch_atomic64_set(atomic64_t *v, s64 i) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("std %1,0(%2)" : "=m"(v->counter) : "r"(i), "b"(&v->counter)); else - __asm__ __volatile__("std%U0%X0 %1,%0" : "=m<>"(v->counter) : "r"(i)); + __asm__ __volatile__("std%U0%X0 %1,%0" : "=" DS_FORM_CONSTRAINT (v->counter) : "r"(i)); } #define ATOMIC64_OP(op, asm_op) \ diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index fd594bf6c6a9..4f5a46a77fa2 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -6,6 +6,7 @@ #include <asm/page.h> #include <asm/extable.h> #include <asm/kup.h> +#include <asm/asm-compat.h> #ifdef __powerpc64__ /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ @@ -92,12 +93,6 @@ __pu_failed: \ : label) #endif -#ifdef CONFIG_CC_IS_CLANG -#define DS_FORM_CONSTRAINT "Z<>" -#else -#define DS_FORM_CONSTRAINT "YZ<>" -#endif - #ifdef __powerpc64__ #ifdef CONFIG_PPC_KERNEL_PREFIXED #define __put_user_asm2_goto(x, ptr, label) \

7 months

1
0
0 0

FAILED: patch "[PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 39190ac7cff1fd15135fa8e658030d9646fdb5f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100108-entail-slicing-6f85@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 39190ac7cff1 ("powerpc/atomic: Use YZ constraints for DS-form instructions") dc5dac748af9 ("powerpc/64: Add support to build with prefixed instructions") 5017b4594672 ("powerpc/64: Option to build big-endian with ELFv2 ABI") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 39190ac7cff1fd15135fa8e658030d9646fdb5f2 Mon Sep 17 00:00:00 2001 From: Michael Ellerman <mpe(a)ellerman.id.au> Date: Mon, 16 Sep 2024 22:05:10 +1000 Subject: [PATCH] powerpc/atomic: Use YZ constraints for DS-form instructions The 'ld' and 'std' instructions require a 4-byte aligned displacement because they are DS-form instructions. But the "m" asm constraint doesn't enforce that. That can lead to build errors if the compiler chooses a non-aligned displacement, as seen with GCC 14: /tmp/ccuSzwiR.s: Assembler messages: /tmp/ccuSzwiR.s:2579: Error: operand out of domain (39 is not a multiple of 4) make[5]: *** [scripts/Makefile.build:229: net/core/page_pool.o] Error 1 Dumping the generated assembler shows: ld 8,39(8) # MEM[(const struct atomic64_t *)_29].counter, t Use the YZ constraints to tell the compiler either to generate a DS-form displacement, or use an X-form instruction, either of which prevents the build error. See commit 2d43cc701b96 ("powerpc/uaccess: Fix build errors seen with GCC 13/14") for more details on the constraint letters. Fixes: 9f0cbea0d8cc ("[POWERPC] Implement atomic{, 64}_{read, write}() without volatile") Cc: stable(a)vger.kernel.org # v2.6.24+ Reported-by: Stephen Rothwell <sfr(a)canb.auug.org.au> Closes: https://lore.kernel.org/all/20240913125302.0a06b4c7@canb.auug.org.au Tested-by: Mina Almasry <almasrymina(a)google.com> Reviewed-by: Segher Boessenkool <segher(a)kernel.crashing.org> Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Link: https://msgid.link/20240916120510.2017749-1-mpe@ellerman.id.au diff --git a/arch/powerpc/include/asm/asm-compat.h b/arch/powerpc/include/asm/asm-compat.h index b0b209c1df50..f48e644900a2 100644 --- a/arch/powerpc/include/asm/asm-compat.h +++ b/arch/powerpc/include/asm/asm-compat.h @@ -37,6 +37,12 @@ #define STDX_BE stringify_in_c(stdbrx) #endif +#ifdef CONFIG_CC_IS_CLANG +#define DS_FORM_CONSTRAINT "Z<>" +#else +#define DS_FORM_CONSTRAINT "YZ<>" +#endif + #else /* 32-bit */ /* operations for longs and pointers */ diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h index 5bf6a4d49268..d1ea554c33ed 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h @@ -11,6 +11,7 @@ #include <asm/cmpxchg.h> #include <asm/barrier.h> #include <asm/asm-const.h> +#include <asm/asm-compat.h> /* * Since *_return_relaxed and {cmp}xchg_relaxed are implemented with @@ -197,7 +198,7 @@ static __inline__ s64 arch_atomic64_read(const atomic64_t *v) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("ld %0,0(%1)" : "=r"(t) : "b"(&v->counter)); else - __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : "m<>"(v->counter)); + __asm__ __volatile__("ld%U1%X1 %0,%1" : "=r"(t) : DS_FORM_CONSTRAINT (v->counter)); return t; } @@ -208,7 +209,7 @@ static __inline__ void arch_atomic64_set(atomic64_t *v, s64 i) if (IS_ENABLED(CONFIG_PPC_KERNEL_PREFIXED)) __asm__ __volatile__("std %1,0(%2)" : "=m"(v->counter) : "r"(i), "b"(&v->counter)); else - __asm__ __volatile__("std%U0%X0 %1,%0" : "=m<>"(v->counter) : "r"(i)); + __asm__ __volatile__("std%U0%X0 %1,%0" : "=" DS_FORM_CONSTRAINT (v->counter) : "r"(i)); } #define ATOMIC64_OP(op, asm_op) \ diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index fd594bf6c6a9..4f5a46a77fa2 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -6,6 +6,7 @@ #include <asm/page.h> #include <asm/extable.h> #include <asm/kup.h> +#include <asm/asm-compat.h> #ifdef __powerpc64__ /* We use TASK_SIZE_USER64 as TASK_SIZE is not constant */ @@ -92,12 +93,6 @@ __pu_failed: \ : label) #endif -#ifdef CONFIG_CC_IS_CLANG -#define DS_FORM_CONSTRAINT "Z<>" -#else -#define DS_FORM_CONSTRAINT "YZ<>" -#endif - #ifdef __powerpc64__ #ifdef CONFIG_PPC_KERNEL_PREFIXED #define __put_user_asm2_goto(x, ptr, label) \

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/tdx: Fix "in-kernel MMIO" check" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x d4fc4d01471528da8a9797a065982e05090e1d81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100156-dumping-crib-574c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: d4fc4d014715 ("x86/tdx: Fix "in-kernel MMIO" check") 859e63b789d6 ("x86/tdx: Convert shared memory back to private on kexec") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4fc4d01471528da8a9797a065982e05090e1d81 Mon Sep 17 00:00:00 2001 From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> Date: Fri, 13 Sep 2024 19:05:56 +0200 Subject: [PATCH] x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/565a804b80387970460a4ebc67c88d1380f61ad1.172623… diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index da8b66dce0da..327c45c5013f 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -16,6 +16,7 @@ #include <asm/insn-eval.h> #include <asm/pgtable.h> #include <asm/set_memory.h> +#include <asm/traps.h> /* MMIO direction */ #define EPT_READ 0 @@ -433,6 +434,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!fault_in_kernel_space(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. *

7 months

1
0
0 0

stable-rc/linux-6.10.y: error: no member named 'st' in 'struct kvm_vcpu_arch'

by Miguel Ojeda

Hi Sasha, LoongArch, In a stable-rc/linux-6.10.y build-test today, I got: arch/loongarch/kvm/vcpu.c:575:15: error: no member named 'st' in 'struct kvm_vcpu_arch' 575 | vcpu->arch.st.guest_addr = 0; which I guess is triggered by missing prerequisites for commit 56f7eeae40de ("LoongArch: KVM: Invalidate guest steal time address on vCPU reset"). HTH! Cheers, Miguel

7 months

4
6
0 0

FAILED: patch "[PATCH] drm/amd/display: Use SDR white level to calculate matrix" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c2ed7002c0614c5eab6c8f62a7a76be5df5805cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100128-finalize-exceeding-5c9e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c2ed7002c061 ("drm/amd/display: Use SDR white level to calculate matrix coefficients") 8a060e9c17d0 ("drm/amd/display: disable sharpness if HDR Multiplier is too large") 1b0ce903fe74 ("drm/amd/display: add improvements for text display and HDR DWM and MPO") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") bd051aa2fcfb ("drm/amd/display: Find max flickerless instant vtotal delta") bc19b490c00f ("drm/amd/display: Fix spelling various spelling mistakes") 01d6606beca0 ("drm/amd/display: re-indent dpp401_dscl_program_isharp()") dc2be9c68ffb ("drm/amd/display: Block FPO According to Luminance Delta") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") 70839da63605 ("drm/amd/display: Add new DCN401 sources") ef319dff5475 ("drm/amd/display: add support for chroma offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2ed7002c0614c5eab6c8f62a7a76be5df5805cf Mon Sep 17 00:00:00 2001 From: Samson Tam <Samson.Tam(a)amd.com> Date: Fri, 23 Aug 2024 16:57:33 -0400 Subject: [PATCH] drm/amd/display: Use SDR white level to calculate matrix coefficients [WHY] Certain profiles have higher HDR multiplier than SDR white level max which is not currently supported. [HOW] Use SDR white level when calculating matrix coefficients for HDR RGB MPO path instead of HDR multiplier. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Signed-off-by: Samson Tam <Samson.Tam(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ae788154896c..243928b0a39f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2596,6 +2596,12 @@ static enum surface_update_type det_surface_update(const struct dc *dc, elevate_update_type(&overall_type, UPDATE_TYPE_MED); } + if (u->sdr_white_level_nits) + if (u->sdr_white_level_nits != u->surface->sdr_white_level_nits) { + update_flags->bits.sdr_white_level_nits = 1; + elevate_update_type(&overall_type, UPDATE_TYPE_FULL); + } + if (u->cm2_params) { if ((u->cm2_params->component_settings.shaper_3dlut_setting != u->surface->mcm_shaper_3dlut_setting) @@ -2876,6 +2882,10 @@ static void copy_surface_update_to_plane( surface->hdr_mult = srf_update->hdr_mult; + if (srf_update->sdr_white_level_nits) + surface->sdr_white_level_nits = + srf_update->sdr_white_level_nits; + if (srf_update->blend_tf) memcpy(&surface->blend_tf, srf_update->blend_tf, sizeof(surface->blend_tf)); @@ -4679,6 +4689,8 @@ static bool full_update_required(struct dc *dc, srf_updates[i].scaling_info || (srf_updates[i].hdr_mult.value && srf_updates[i].hdr_mult.value != srf_updates->surface->hdr_mult.value) || + (srf_updates[i].sdr_white_level_nits && + srf_updates[i].sdr_white_level_nits != srf_updates->surface->sdr_white_level_nits) || srf_updates[i].in_transfer_func || srf_updates[i].func_shaper || srf_updates[i].lut3d_func || diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 4c94dd38be4b..dcf8a90e961d 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1269,6 +1269,7 @@ union surface_update_flags { uint32_t tmz_changed:1; uint32_t mcm_transfer_function_enable_change:1; /* disable or enable MCM transfer func */ uint32_t full_update:1; + uint32_t sdr_white_level_nits:1; } bits; uint32_t raw; @@ -1351,6 +1352,7 @@ struct dc_plane_state { bool adaptive_sharpness_en; int sharpness_level; enum linear_light_scaling linear_light_scaling; + unsigned int sdr_white_level_nits; }; struct dc_plane_info { @@ -1508,6 +1510,7 @@ struct dc_surface_update { */ struct dc_cm2_parameters *cm2_params; const struct dc_csc_transform *cursor_csc_color_matrix; + unsigned int sdr_white_level_nits; }; /* diff --git a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c index cd6de93eb91c..f711fc2e3e65 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c +++ b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c @@ -191,14 +191,7 @@ void translate_SPL_in_params_from_pipe_ctx(struct pipe_ctx *pipe_ctx, struct spl */ spl_in->is_fullscreen = dm_helpers_is_fullscreen(pipe_ctx->stream->ctx, pipe_ctx->stream); spl_in->is_hdr_on = dm_helpers_is_hdr_on(pipe_ctx->stream->ctx, pipe_ctx->stream); - spl_in->hdr_multx100 = 0; - if (spl_in->is_hdr_on) { - spl_in->hdr_multx100 = (uint32_t)dc_fixpt_floor(dc_fixpt_mul(plane_state->hdr_mult, - dc_fixpt_from_int(100))); - /* Disable sharpness for HDR Mult > 6.0 */ - if (spl_in->hdr_multx100 > 600) - spl_in->adaptive_sharpness.enable = false; - } + spl_in->sdr_white_level_nits = plane_state->sdr_white_level_nits; } /// @brief Translate SPL output parameters to pipe context diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c index 15f7eda903e6..a59aa6b59687 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c @@ -1155,14 +1155,19 @@ static void spl_set_dscl_prog_data(struct spl_in *spl_in, struct spl_scratch *sp } /* Calculate C0-C3 coefficients based on HDR_mult */ -static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t hdr_multx100) +static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t sdr_white_level_nits) { struct spl_fixed31_32 hdr_mult, c0_mult, c1_mult, c2_mult; struct spl_fixed31_32 c0_calc, c1_calc, c2_calc; struct spl_custom_float_format fmt; + uint32_t hdr_multx100_int; - SPL_ASSERT(hdr_multx100); - hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100, 100LL); + if ((sdr_white_level_nits >= 80) && (sdr_white_level_nits <= 480)) + hdr_multx100_int = sdr_white_level_nits * 100 / 80; + else + hdr_multx100_int = 100; /* default for 80 nits otherwise */ + + hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100_int, 100LL); c0_mult = spl_fixpt_from_fraction(2126LL, 10000LL); c1_mult = spl_fixpt_from_fraction(7152LL, 10000LL); c2_mult = spl_fixpt_from_fraction(722LL, 10000LL); @@ -1191,7 +1196,7 @@ static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint3 static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *spl_out, bool enable_easf_v, bool enable_easf_h, enum linear_light_scaling lls_pref, enum spl_pixel_format format, enum system_setup setup, - uint32_t hdr_multx100) + uint32_t sdr_white_level_nits) { struct dscl_prog_data *dscl_prog_data = spl_out->dscl_prog_data; if (enable_easf_v) { @@ -1499,7 +1504,7 @@ static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *s dscl_prog_data->easf_ltonl_en = 1; // Linear input if ((setup == HDR_L) && (spl_is_rgb8(format))) { /* Calculate C0-C3 coefficients based on HDR multiplier */ - spl_calculate_c0_c3_hdr(dscl_prog_data, hdr_multx100); + spl_calculate_c0_c3_hdr(dscl_prog_data, sdr_white_level_nits); } else { // HDR_L ( DWM ) and SDR_L dscl_prog_data->easf_matrix_c0 = 0x4EF7; // fp1.5.10, C0 coefficient (LN_rec709: 0.2126 * (2^14)/125 = 27.86590720) @@ -1750,7 +1755,7 @@ bool spl_calculate_scaler_params(struct spl_in *spl_in, struct spl_out *spl_out) // Set EASF spl_set_easf_data(&spl_scratch, spl_out, enable_easf_v, enable_easf_h, spl_in->lls_pref, - spl_in->basic_in.format, setup, spl_in->hdr_multx100); + spl_in->basic_in.format, setup, spl_in->sdr_white_level_nits); // Set iSHARP vratio = spl_fixpt_ceil(spl_scratch.scl_data.ratios.vert); diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h index 85b19ebe2c57..74f2a8c42f4f 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h @@ -518,7 +518,7 @@ struct spl_in { bool is_hdr_on; int h_active; int v_active; - int hdr_multx100; + int sdr_white_level_nits; }; // end of SPL inputs

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use SDR white level to calculate matrix" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c2ed7002c0614c5eab6c8f62a7a76be5df5805cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100127-props-escalator-4772@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c2ed7002c061 ("drm/amd/display: Use SDR white level to calculate matrix coefficients") 8a060e9c17d0 ("drm/amd/display: disable sharpness if HDR Multiplier is too large") 1b0ce903fe74 ("drm/amd/display: add improvements for text display and HDR DWM and MPO") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") bd051aa2fcfb ("drm/amd/display: Find max flickerless instant vtotal delta") bc19b490c00f ("drm/amd/display: Fix spelling various spelling mistakes") 01d6606beca0 ("drm/amd/display: re-indent dpp401_dscl_program_isharp()") dc2be9c68ffb ("drm/amd/display: Block FPO According to Luminance Delta") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") 70839da63605 ("drm/amd/display: Add new DCN401 sources") ef319dff5475 ("drm/amd/display: add support for chroma offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2ed7002c0614c5eab6c8f62a7a76be5df5805cf Mon Sep 17 00:00:00 2001 From: Samson Tam <Samson.Tam(a)amd.com> Date: Fri, 23 Aug 2024 16:57:33 -0400 Subject: [PATCH] drm/amd/display: Use SDR white level to calculate matrix coefficients [WHY] Certain profiles have higher HDR multiplier than SDR white level max which is not currently supported. [HOW] Use SDR white level when calculating matrix coefficients for HDR RGB MPO path instead of HDR multiplier. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Signed-off-by: Samson Tam <Samson.Tam(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ae788154896c..243928b0a39f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2596,6 +2596,12 @@ static enum surface_update_type det_surface_update(const struct dc *dc, elevate_update_type(&overall_type, UPDATE_TYPE_MED); } + if (u->sdr_white_level_nits) + if (u->sdr_white_level_nits != u->surface->sdr_white_level_nits) { + update_flags->bits.sdr_white_level_nits = 1; + elevate_update_type(&overall_type, UPDATE_TYPE_FULL); + } + if (u->cm2_params) { if ((u->cm2_params->component_settings.shaper_3dlut_setting != u->surface->mcm_shaper_3dlut_setting) @@ -2876,6 +2882,10 @@ static void copy_surface_update_to_plane( surface->hdr_mult = srf_update->hdr_mult; + if (srf_update->sdr_white_level_nits) + surface->sdr_white_level_nits = + srf_update->sdr_white_level_nits; + if (srf_update->blend_tf) memcpy(&surface->blend_tf, srf_update->blend_tf, sizeof(surface->blend_tf)); @@ -4679,6 +4689,8 @@ static bool full_update_required(struct dc *dc, srf_updates[i].scaling_info || (srf_updates[i].hdr_mult.value && srf_updates[i].hdr_mult.value != srf_updates->surface->hdr_mult.value) || + (srf_updates[i].sdr_white_level_nits && + srf_updates[i].sdr_white_level_nits != srf_updates->surface->sdr_white_level_nits) || srf_updates[i].in_transfer_func || srf_updates[i].func_shaper || srf_updates[i].lut3d_func || diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 4c94dd38be4b..dcf8a90e961d 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1269,6 +1269,7 @@ union surface_update_flags { uint32_t tmz_changed:1; uint32_t mcm_transfer_function_enable_change:1; /* disable or enable MCM transfer func */ uint32_t full_update:1; + uint32_t sdr_white_level_nits:1; } bits; uint32_t raw; @@ -1351,6 +1352,7 @@ struct dc_plane_state { bool adaptive_sharpness_en; int sharpness_level; enum linear_light_scaling linear_light_scaling; + unsigned int sdr_white_level_nits; }; struct dc_plane_info { @@ -1508,6 +1510,7 @@ struct dc_surface_update { */ struct dc_cm2_parameters *cm2_params; const struct dc_csc_transform *cursor_csc_color_matrix; + unsigned int sdr_white_level_nits; }; /* diff --git a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c index cd6de93eb91c..f711fc2e3e65 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c +++ b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c @@ -191,14 +191,7 @@ void translate_SPL_in_params_from_pipe_ctx(struct pipe_ctx *pipe_ctx, struct spl */ spl_in->is_fullscreen = dm_helpers_is_fullscreen(pipe_ctx->stream->ctx, pipe_ctx->stream); spl_in->is_hdr_on = dm_helpers_is_hdr_on(pipe_ctx->stream->ctx, pipe_ctx->stream); - spl_in->hdr_multx100 = 0; - if (spl_in->is_hdr_on) { - spl_in->hdr_multx100 = (uint32_t)dc_fixpt_floor(dc_fixpt_mul(plane_state->hdr_mult, - dc_fixpt_from_int(100))); - /* Disable sharpness for HDR Mult > 6.0 */ - if (spl_in->hdr_multx100 > 600) - spl_in->adaptive_sharpness.enable = false; - } + spl_in->sdr_white_level_nits = plane_state->sdr_white_level_nits; } /// @brief Translate SPL output parameters to pipe context diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c index 15f7eda903e6..a59aa6b59687 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c @@ -1155,14 +1155,19 @@ static void spl_set_dscl_prog_data(struct spl_in *spl_in, struct spl_scratch *sp } /* Calculate C0-C3 coefficients based on HDR_mult */ -static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t hdr_multx100) +static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t sdr_white_level_nits) { struct spl_fixed31_32 hdr_mult, c0_mult, c1_mult, c2_mult; struct spl_fixed31_32 c0_calc, c1_calc, c2_calc; struct spl_custom_float_format fmt; + uint32_t hdr_multx100_int; - SPL_ASSERT(hdr_multx100); - hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100, 100LL); + if ((sdr_white_level_nits >= 80) && (sdr_white_level_nits <= 480)) + hdr_multx100_int = sdr_white_level_nits * 100 / 80; + else + hdr_multx100_int = 100; /* default for 80 nits otherwise */ + + hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100_int, 100LL); c0_mult = spl_fixpt_from_fraction(2126LL, 10000LL); c1_mult = spl_fixpt_from_fraction(7152LL, 10000LL); c2_mult = spl_fixpt_from_fraction(722LL, 10000LL); @@ -1191,7 +1196,7 @@ static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint3 static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *spl_out, bool enable_easf_v, bool enable_easf_h, enum linear_light_scaling lls_pref, enum spl_pixel_format format, enum system_setup setup, - uint32_t hdr_multx100) + uint32_t sdr_white_level_nits) { struct dscl_prog_data *dscl_prog_data = spl_out->dscl_prog_data; if (enable_easf_v) { @@ -1499,7 +1504,7 @@ static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *s dscl_prog_data->easf_ltonl_en = 1; // Linear input if ((setup == HDR_L) && (spl_is_rgb8(format))) { /* Calculate C0-C3 coefficients based on HDR multiplier */ - spl_calculate_c0_c3_hdr(dscl_prog_data, hdr_multx100); + spl_calculate_c0_c3_hdr(dscl_prog_data, sdr_white_level_nits); } else { // HDR_L ( DWM ) and SDR_L dscl_prog_data->easf_matrix_c0 = 0x4EF7; // fp1.5.10, C0 coefficient (LN_rec709: 0.2126 * (2^14)/125 = 27.86590720) @@ -1750,7 +1755,7 @@ bool spl_calculate_scaler_params(struct spl_in *spl_in, struct spl_out *spl_out) // Set EASF spl_set_easf_data(&spl_scratch, spl_out, enable_easf_v, enable_easf_h, spl_in->lls_pref, - spl_in->basic_in.format, setup, spl_in->hdr_multx100); + spl_in->basic_in.format, setup, spl_in->sdr_white_level_nits); // Set iSHARP vratio = spl_fixpt_ceil(spl_scratch.scl_data.ratios.vert); diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h index 85b19ebe2c57..74f2a8c42f4f 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h @@ -518,7 +518,7 @@ struct spl_in { bool is_hdr_on; int h_active; int v_active; - int hdr_multx100; + int sdr_white_level_nits; }; // end of SPL inputs

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use SDR white level to calculate matrix" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x c2ed7002c0614c5eab6c8f62a7a76be5df5805cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100126-uncloak-exception-4276@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: c2ed7002c061 ("drm/amd/display: Use SDR white level to calculate matrix coefficients") 8a060e9c17d0 ("drm/amd/display: disable sharpness if HDR Multiplier is too large") 1b0ce903fe74 ("drm/amd/display: add improvements for text display and HDR DWM and MPO") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") bd051aa2fcfb ("drm/amd/display: Find max flickerless instant vtotal delta") bc19b490c00f ("drm/amd/display: Fix spelling various spelling mistakes") 01d6606beca0 ("drm/amd/display: re-indent dpp401_dscl_program_isharp()") dc2be9c68ffb ("drm/amd/display: Block FPO According to Luminance Delta") 00c391102abc ("drm/amd/display: Add misc DC changes for DCN401") da87132f641e ("drm/amd/display: Add some DCN401 reg name to macro definitions") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2ed7002c0614c5eab6c8f62a7a76be5df5805cf Mon Sep 17 00:00:00 2001 From: Samson Tam <Samson.Tam(a)amd.com> Date: Fri, 23 Aug 2024 16:57:33 -0400 Subject: [PATCH] drm/amd/display: Use SDR white level to calculate matrix coefficients [WHY] Certain profiles have higher HDR multiplier than SDR white level max which is not currently supported. [HOW] Use SDR white level when calculating matrix coefficients for HDR RGB MPO path instead of HDR multiplier. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Signed-off-by: Samson Tam <Samson.Tam(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ae788154896c..243928b0a39f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2596,6 +2596,12 @@ static enum surface_update_type det_surface_update(const struct dc *dc, elevate_update_type(&overall_type, UPDATE_TYPE_MED); } + if (u->sdr_white_level_nits) + if (u->sdr_white_level_nits != u->surface->sdr_white_level_nits) { + update_flags->bits.sdr_white_level_nits = 1; + elevate_update_type(&overall_type, UPDATE_TYPE_FULL); + } + if (u->cm2_params) { if ((u->cm2_params->component_settings.shaper_3dlut_setting != u->surface->mcm_shaper_3dlut_setting) @@ -2876,6 +2882,10 @@ static void copy_surface_update_to_plane( surface->hdr_mult = srf_update->hdr_mult; + if (srf_update->sdr_white_level_nits) + surface->sdr_white_level_nits = + srf_update->sdr_white_level_nits; + if (srf_update->blend_tf) memcpy(&surface->blend_tf, srf_update->blend_tf, sizeof(surface->blend_tf)); @@ -4679,6 +4689,8 @@ static bool full_update_required(struct dc *dc, srf_updates[i].scaling_info || (srf_updates[i].hdr_mult.value && srf_updates[i].hdr_mult.value != srf_updates->surface->hdr_mult.value) || + (srf_updates[i].sdr_white_level_nits && + srf_updates[i].sdr_white_level_nits != srf_updates->surface->sdr_white_level_nits) || srf_updates[i].in_transfer_func || srf_updates[i].func_shaper || srf_updates[i].lut3d_func || diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 4c94dd38be4b..dcf8a90e961d 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1269,6 +1269,7 @@ union surface_update_flags { uint32_t tmz_changed:1; uint32_t mcm_transfer_function_enable_change:1; /* disable or enable MCM transfer func */ uint32_t full_update:1; + uint32_t sdr_white_level_nits:1; } bits; uint32_t raw; @@ -1351,6 +1352,7 @@ struct dc_plane_state { bool adaptive_sharpness_en; int sharpness_level; enum linear_light_scaling linear_light_scaling; + unsigned int sdr_white_level_nits; }; struct dc_plane_info { @@ -1508,6 +1510,7 @@ struct dc_surface_update { */ struct dc_cm2_parameters *cm2_params; const struct dc_csc_transform *cursor_csc_color_matrix; + unsigned int sdr_white_level_nits; }; /* diff --git a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c index cd6de93eb91c..f711fc2e3e65 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c +++ b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c @@ -191,14 +191,7 @@ void translate_SPL_in_params_from_pipe_ctx(struct pipe_ctx *pipe_ctx, struct spl */ spl_in->is_fullscreen = dm_helpers_is_fullscreen(pipe_ctx->stream->ctx, pipe_ctx->stream); spl_in->is_hdr_on = dm_helpers_is_hdr_on(pipe_ctx->stream->ctx, pipe_ctx->stream); - spl_in->hdr_multx100 = 0; - if (spl_in->is_hdr_on) { - spl_in->hdr_multx100 = (uint32_t)dc_fixpt_floor(dc_fixpt_mul(plane_state->hdr_mult, - dc_fixpt_from_int(100))); - /* Disable sharpness for HDR Mult > 6.0 */ - if (spl_in->hdr_multx100 > 600) - spl_in->adaptive_sharpness.enable = false; - } + spl_in->sdr_white_level_nits = plane_state->sdr_white_level_nits; } /// @brief Translate SPL output parameters to pipe context diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c index 15f7eda903e6..a59aa6b59687 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c @@ -1155,14 +1155,19 @@ static void spl_set_dscl_prog_data(struct spl_in *spl_in, struct spl_scratch *sp } /* Calculate C0-C3 coefficients based on HDR_mult */ -static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t hdr_multx100) +static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t sdr_white_level_nits) { struct spl_fixed31_32 hdr_mult, c0_mult, c1_mult, c2_mult; struct spl_fixed31_32 c0_calc, c1_calc, c2_calc; struct spl_custom_float_format fmt; + uint32_t hdr_multx100_int; - SPL_ASSERT(hdr_multx100); - hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100, 100LL); + if ((sdr_white_level_nits >= 80) && (sdr_white_level_nits <= 480)) + hdr_multx100_int = sdr_white_level_nits * 100 / 80; + else + hdr_multx100_int = 100; /* default for 80 nits otherwise */ + + hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100_int, 100LL); c0_mult = spl_fixpt_from_fraction(2126LL, 10000LL); c1_mult = spl_fixpt_from_fraction(7152LL, 10000LL); c2_mult = spl_fixpt_from_fraction(722LL, 10000LL); @@ -1191,7 +1196,7 @@ static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint3 static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *spl_out, bool enable_easf_v, bool enable_easf_h, enum linear_light_scaling lls_pref, enum spl_pixel_format format, enum system_setup setup, - uint32_t hdr_multx100) + uint32_t sdr_white_level_nits) { struct dscl_prog_data *dscl_prog_data = spl_out->dscl_prog_data; if (enable_easf_v) { @@ -1499,7 +1504,7 @@ static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *s dscl_prog_data->easf_ltonl_en = 1; // Linear input if ((setup == HDR_L) && (spl_is_rgb8(format))) { /* Calculate C0-C3 coefficients based on HDR multiplier */ - spl_calculate_c0_c3_hdr(dscl_prog_data, hdr_multx100); + spl_calculate_c0_c3_hdr(dscl_prog_data, sdr_white_level_nits); } else { // HDR_L ( DWM ) and SDR_L dscl_prog_data->easf_matrix_c0 = 0x4EF7; // fp1.5.10, C0 coefficient (LN_rec709: 0.2126 * (2^14)/125 = 27.86590720) @@ -1750,7 +1755,7 @@ bool spl_calculate_scaler_params(struct spl_in *spl_in, struct spl_out *spl_out) // Set EASF spl_set_easf_data(&spl_scratch, spl_out, enable_easf_v, enable_easf_h, spl_in->lls_pref, - spl_in->basic_in.format, setup, spl_in->hdr_multx100); + spl_in->basic_in.format, setup, spl_in->sdr_white_level_nits); // Set iSHARP vratio = spl_fixpt_ceil(spl_scratch.scl_data.ratios.vert); diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h index 85b19ebe2c57..74f2a8c42f4f 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h @@ -518,7 +518,7 @@ struct spl_in { bool is_hdr_on; int h_active; int v_active; - int hdr_multx100; + int sdr_white_level_nits; }; // end of SPL inputs

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use SDR white level to calculate matrix" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x c2ed7002c0614c5eab6c8f62a7a76be5df5805cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100126-launch-rigor-dc9d@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: c2ed7002c061 ("drm/amd/display: Use SDR white level to calculate matrix coefficients") 8a060e9c17d0 ("drm/amd/display: disable sharpness if HDR Multiplier is too large") 1b0ce903fe74 ("drm/amd/display: add improvements for text display and HDR DWM and MPO") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2ed7002c0614c5eab6c8f62a7a76be5df5805cf Mon Sep 17 00:00:00 2001 From: Samson Tam <Samson.Tam(a)amd.com> Date: Fri, 23 Aug 2024 16:57:33 -0400 Subject: [PATCH] drm/amd/display: Use SDR white level to calculate matrix coefficients [WHY] Certain profiles have higher HDR multiplier than SDR white level max which is not currently supported. [HOW] Use SDR white level when calculating matrix coefficients for HDR RGB MPO path instead of HDR multiplier. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Jun Lei <jun.lei(a)amd.com> Signed-off-by: Samson Tam <Samson.Tam(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ae788154896c..243928b0a39f 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2596,6 +2596,12 @@ static enum surface_update_type det_surface_update(const struct dc *dc, elevate_update_type(&overall_type, UPDATE_TYPE_MED); } + if (u->sdr_white_level_nits) + if (u->sdr_white_level_nits != u->surface->sdr_white_level_nits) { + update_flags->bits.sdr_white_level_nits = 1; + elevate_update_type(&overall_type, UPDATE_TYPE_FULL); + } + if (u->cm2_params) { if ((u->cm2_params->component_settings.shaper_3dlut_setting != u->surface->mcm_shaper_3dlut_setting) @@ -2876,6 +2882,10 @@ static void copy_surface_update_to_plane( surface->hdr_mult = srf_update->hdr_mult; + if (srf_update->sdr_white_level_nits) + surface->sdr_white_level_nits = + srf_update->sdr_white_level_nits; + if (srf_update->blend_tf) memcpy(&surface->blend_tf, srf_update->blend_tf, sizeof(surface->blend_tf)); @@ -4679,6 +4689,8 @@ static bool full_update_required(struct dc *dc, srf_updates[i].scaling_info || (srf_updates[i].hdr_mult.value && srf_updates[i].hdr_mult.value != srf_updates->surface->hdr_mult.value) || + (srf_updates[i].sdr_white_level_nits && + srf_updates[i].sdr_white_level_nits != srf_updates->surface->sdr_white_level_nits) || srf_updates[i].in_transfer_func || srf_updates[i].func_shaper || srf_updates[i].lut3d_func || diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 4c94dd38be4b..dcf8a90e961d 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1269,6 +1269,7 @@ union surface_update_flags { uint32_t tmz_changed:1; uint32_t mcm_transfer_function_enable_change:1; /* disable or enable MCM transfer func */ uint32_t full_update:1; + uint32_t sdr_white_level_nits:1; } bits; uint32_t raw; @@ -1351,6 +1352,7 @@ struct dc_plane_state { bool adaptive_sharpness_en; int sharpness_level; enum linear_light_scaling linear_light_scaling; + unsigned int sdr_white_level_nits; }; struct dc_plane_info { @@ -1508,6 +1510,7 @@ struct dc_surface_update { */ struct dc_cm2_parameters *cm2_params; const struct dc_csc_transform *cursor_csc_color_matrix; + unsigned int sdr_white_level_nits; }; /* diff --git a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c index cd6de93eb91c..f711fc2e3e65 100644 --- a/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c +++ b/drivers/gpu/drm/amd/display/dc/dc_spl_translate.c @@ -191,14 +191,7 @@ void translate_SPL_in_params_from_pipe_ctx(struct pipe_ctx *pipe_ctx, struct spl */ spl_in->is_fullscreen = dm_helpers_is_fullscreen(pipe_ctx->stream->ctx, pipe_ctx->stream); spl_in->is_hdr_on = dm_helpers_is_hdr_on(pipe_ctx->stream->ctx, pipe_ctx->stream); - spl_in->hdr_multx100 = 0; - if (spl_in->is_hdr_on) { - spl_in->hdr_multx100 = (uint32_t)dc_fixpt_floor(dc_fixpt_mul(plane_state->hdr_mult, - dc_fixpt_from_int(100))); - /* Disable sharpness for HDR Mult > 6.0 */ - if (spl_in->hdr_multx100 > 600) - spl_in->adaptive_sharpness.enable = false; - } + spl_in->sdr_white_level_nits = plane_state->sdr_white_level_nits; } /// @brief Translate SPL output parameters to pipe context diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c index 15f7eda903e6..a59aa6b59687 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl.c @@ -1155,14 +1155,19 @@ static void spl_set_dscl_prog_data(struct spl_in *spl_in, struct spl_scratch *sp } /* Calculate C0-C3 coefficients based on HDR_mult */ -static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t hdr_multx100) +static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint32_t sdr_white_level_nits) { struct spl_fixed31_32 hdr_mult, c0_mult, c1_mult, c2_mult; struct spl_fixed31_32 c0_calc, c1_calc, c2_calc; struct spl_custom_float_format fmt; + uint32_t hdr_multx100_int; - SPL_ASSERT(hdr_multx100); - hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100, 100LL); + if ((sdr_white_level_nits >= 80) && (sdr_white_level_nits <= 480)) + hdr_multx100_int = sdr_white_level_nits * 100 / 80; + else + hdr_multx100_int = 100; /* default for 80 nits otherwise */ + + hdr_mult = spl_fixpt_from_fraction((long long)hdr_multx100_int, 100LL); c0_mult = spl_fixpt_from_fraction(2126LL, 10000LL); c1_mult = spl_fixpt_from_fraction(7152LL, 10000LL); c2_mult = spl_fixpt_from_fraction(722LL, 10000LL); @@ -1191,7 +1196,7 @@ static void spl_calculate_c0_c3_hdr(struct dscl_prog_data *dscl_prog_data, uint3 static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *spl_out, bool enable_easf_v, bool enable_easf_h, enum linear_light_scaling lls_pref, enum spl_pixel_format format, enum system_setup setup, - uint32_t hdr_multx100) + uint32_t sdr_white_level_nits) { struct dscl_prog_data *dscl_prog_data = spl_out->dscl_prog_data; if (enable_easf_v) { @@ -1499,7 +1504,7 @@ static void spl_set_easf_data(struct spl_scratch *spl_scratch, struct spl_out *s dscl_prog_data->easf_ltonl_en = 1; // Linear input if ((setup == HDR_L) && (spl_is_rgb8(format))) { /* Calculate C0-C3 coefficients based on HDR multiplier */ - spl_calculate_c0_c3_hdr(dscl_prog_data, hdr_multx100); + spl_calculate_c0_c3_hdr(dscl_prog_data, sdr_white_level_nits); } else { // HDR_L ( DWM ) and SDR_L dscl_prog_data->easf_matrix_c0 = 0x4EF7; // fp1.5.10, C0 coefficient (LN_rec709: 0.2126 * (2^14)/125 = 27.86590720) @@ -1750,7 +1755,7 @@ bool spl_calculate_scaler_params(struct spl_in *spl_in, struct spl_out *spl_out) // Set EASF spl_set_easf_data(&spl_scratch, spl_out, enable_easf_v, enable_easf_h, spl_in->lls_pref, - spl_in->basic_in.format, setup, spl_in->hdr_multx100); + spl_in->basic_in.format, setup, spl_in->sdr_white_level_nits); // Set iSHARP vratio = spl_fixpt_ceil(spl_scratch.scl_data.ratios.vert); diff --git a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h index 85b19ebe2c57..74f2a8c42f4f 100644 --- a/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h +++ b/drivers/gpu/drm/amd/display/dc/spl/dc_spl_types.h @@ -518,7 +518,7 @@ struct spl_in { bool is_hdr_on; int h_active; int v_active; - int hdr_multx100; + int sdr_white_level_nits; }; // end of SPL inputs

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use full update for swizzle mode change" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b74571a83fd3e50f804f090aae60c864d458187c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100122-pleat-ambiguous-d015@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b74571a83fd3 ("drm/amd/display: Use full update for swizzle mode change") 09cb922c4e14 ("drm/amd/display: Add debug options to change sharpen policies") efaf15752d11 ("drm/amd/display: Add sharpness control interface") 469a486541b6 ("drm/amd/display: add sharpness support for windowed YUV420 video") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") 748b3c4ca0bf ("drm/amd/display: Add visual confirm for Idle State") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") c18fa08e6fd8 ("drm/amd/display: Disable subvp based on HW cursor requirement") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") 0057b36ac2be ("drm/amd/display: Send message to notify the DPIA host router bandwidth") 6b6d38c5086f ("Revert "drm/amd/display: workaround for oled eDP not lighting up on DCN401"") 6184bd5750a8 ("drm/amd/display: Enable DCN401 idle optimizations by default") e902dd7f3e3b ("drm/amd/display: workaround for oled eDP not lighting up on DCN401") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 9716bae1eaaf ("drm/amd/display: Disable DCN401 idle optimizations") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b74571a83fd3e50f804f090aae60c864d458187c Mon Sep 17 00:00:00 2001 From: Charlene Liu <Charlene.Liu(a)amd.com> Date: Wed, 4 Sep 2024 15:58:25 -0400 Subject: [PATCH] drm/amd/display: Use full update for swizzle mode change [WHY & HOW] 1) We did linear/non linear transition properly long ago 2) We used that path to handle SystemDisplayEnable 3) We fixed a SystemDisplayEnable inability to fallback to passive by impacting the transition flow generically 4) AFMF later relied on the generic transition behavior Separating the two flows to make (3) non-generic is the best immediate coarse of action. DC can discern SSAMPO3 very easily from SDE. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 67812fbbb006..a1652130e4be 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2376,7 +2376,7 @@ static bool is_surface_in_context( return false; } -static enum surface_update_type get_plane_info_update_type(const struct dc_surface_update *u) +static enum surface_update_type get_plane_info_update_type(const struct dc *dc, const struct dc_surface_update *u) { union surface_update_flags *update_flags = &u->surface->update_flags; enum surface_update_type update_type = UPDATE_TYPE_FAST; @@ -2455,7 +2455,7 @@ static enum surface_update_type get_plane_info_update_type(const struct dc_surfa /* todo: below are HW dependent, we should add a hook to * DCE/N resource and validated there. */ - if (u->plane_info->tiling_info.gfx9.swizzle != DC_SW_LINEAR) { + if (!dc->debug.skip_full_updated_if_possible) { /* swizzled mode requires RQ to be setup properly, * thus need to run DML to calculate RQ settings */ @@ -2547,7 +2547,7 @@ static enum surface_update_type det_surface_update(const struct dc *dc, update_flags->raw = 0; // Reset all flags - type = get_plane_info_update_type(u); + type = get_plane_info_update_type(dc, u); elevate_update_type(&overall_type, type); type = get_scaling_info_update_type(dc, u); diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index e659f4fed19f..78ebe636389e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1060,6 +1060,7 @@ struct dc_debug_options { bool enable_ips_visual_confirm; unsigned int sharpen_policy; unsigned int scale_to_sharpness_policy; + bool skip_full_updated_if_possible; };

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use full update for swizzle mode change" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b74571a83fd3e50f804f090aae60c864d458187c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-frighten-mutilator-8a04@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b74571a83fd3 ("drm/amd/display: Use full update for swizzle mode change") 09cb922c4e14 ("drm/amd/display: Add debug options to change sharpen policies") efaf15752d11 ("drm/amd/display: Add sharpness control interface") 469a486541b6 ("drm/amd/display: add sharpness support for windowed YUV420 video") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") 748b3c4ca0bf ("drm/amd/display: Add visual confirm for Idle State") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") c18fa08e6fd8 ("drm/amd/display: Disable subvp based on HW cursor requirement") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") 0057b36ac2be ("drm/amd/display: Send message to notify the DPIA host router bandwidth") 6b6d38c5086f ("Revert "drm/amd/display: workaround for oled eDP not lighting up on DCN401"") 6184bd5750a8 ("drm/amd/display: Enable DCN401 idle optimizations by default") e902dd7f3e3b ("drm/amd/display: workaround for oled eDP not lighting up on DCN401") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 9716bae1eaaf ("drm/amd/display: Disable DCN401 idle optimizations") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b74571a83fd3e50f804f090aae60c864d458187c Mon Sep 17 00:00:00 2001 From: Charlene Liu <Charlene.Liu(a)amd.com> Date: Wed, 4 Sep 2024 15:58:25 -0400 Subject: [PATCH] drm/amd/display: Use full update for swizzle mode change [WHY & HOW] 1) We did linear/non linear transition properly long ago 2) We used that path to handle SystemDisplayEnable 3) We fixed a SystemDisplayEnable inability to fallback to passive by impacting the transition flow generically 4) AFMF later relied on the generic transition behavior Separating the two flows to make (3) non-generic is the best immediate coarse of action. DC can discern SSAMPO3 very easily from SDE. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 67812fbbb006..a1652130e4be 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2376,7 +2376,7 @@ static bool is_surface_in_context( return false; } -static enum surface_update_type get_plane_info_update_type(const struct dc_surface_update *u) +static enum surface_update_type get_plane_info_update_type(const struct dc *dc, const struct dc_surface_update *u) { union surface_update_flags *update_flags = &u->surface->update_flags; enum surface_update_type update_type = UPDATE_TYPE_FAST; @@ -2455,7 +2455,7 @@ static enum surface_update_type get_plane_info_update_type(const struct dc_surfa /* todo: below are HW dependent, we should add a hook to * DCE/N resource and validated there. */ - if (u->plane_info->tiling_info.gfx9.swizzle != DC_SW_LINEAR) { + if (!dc->debug.skip_full_updated_if_possible) { /* swizzled mode requires RQ to be setup properly, * thus need to run DML to calculate RQ settings */ @@ -2547,7 +2547,7 @@ static enum surface_update_type det_surface_update(const struct dc *dc, update_flags->raw = 0; // Reset all flags - type = get_plane_info_update_type(u); + type = get_plane_info_update_type(dc, u); elevate_update_type(&overall_type, type); type = get_scaling_info_update_type(dc, u); diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index e659f4fed19f..78ebe636389e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1060,6 +1060,7 @@ struct dc_debug_options { bool enable_ips_visual_confirm; unsigned int sharpen_policy; unsigned int scale_to_sharpness_policy; + bool skip_full_updated_if_possible; };

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use full update for swizzle mode change" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x b74571a83fd3e50f804f090aae60c864d458187c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-dazzling-daunting-ed53@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: b74571a83fd3 ("drm/amd/display: Use full update for swizzle mode change") 09cb922c4e14 ("drm/amd/display: Add debug options to change sharpen policies") efaf15752d11 ("drm/amd/display: Add sharpness control interface") 469a486541b6 ("drm/amd/display: add sharpness support for windowed YUV420 video") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") 748b3c4ca0bf ("drm/amd/display: Add visual confirm for Idle State") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") c18fa08e6fd8 ("drm/amd/display: Disable subvp based on HW cursor requirement") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") bbd0d1c942cb ("drm/amd/display: Fix possible overflow in integer multiplication") 0057b36ac2be ("drm/amd/display: Send message to notify the DPIA host router bandwidth") 6b6d38c5086f ("Revert "drm/amd/display: workaround for oled eDP not lighting up on DCN401"") 6184bd5750a8 ("drm/amd/display: Enable DCN401 idle optimizations by default") e902dd7f3e3b ("drm/amd/display: workaround for oled eDP not lighting up on DCN401") a00e85713c37 ("drm/amd/display: Update DML2.1 generated code") 2998bccfa419 ("drm/amd/display: Enable ISHARP support for DCN401") 9716bae1eaaf ("drm/amd/display: Disable DCN401 idle optimizations") 7a1dd866c5ac ("drm/amd/display: enable EASF support for DCN40") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b74571a83fd3e50f804f090aae60c864d458187c Mon Sep 17 00:00:00 2001 From: Charlene Liu <Charlene.Liu(a)amd.com> Date: Wed, 4 Sep 2024 15:58:25 -0400 Subject: [PATCH] drm/amd/display: Use full update for swizzle mode change [WHY & HOW] 1) We did linear/non linear transition properly long ago 2) We used that path to handle SystemDisplayEnable 3) We fixed a SystemDisplayEnable inability to fallback to passive by impacting the transition flow generically 4) AFMF later relied on the generic transition behavior Separating the two flows to make (3) non-generic is the best immediate coarse of action. DC can discern SSAMPO3 very easily from SDE. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 67812fbbb006..a1652130e4be 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2376,7 +2376,7 @@ static bool is_surface_in_context( return false; } -static enum surface_update_type get_plane_info_update_type(const struct dc_surface_update *u) +static enum surface_update_type get_plane_info_update_type(const struct dc *dc, const struct dc_surface_update *u) { union surface_update_flags *update_flags = &u->surface->update_flags; enum surface_update_type update_type = UPDATE_TYPE_FAST; @@ -2455,7 +2455,7 @@ static enum surface_update_type get_plane_info_update_type(const struct dc_surfa /* todo: below are HW dependent, we should add a hook to * DCE/N resource and validated there. */ - if (u->plane_info->tiling_info.gfx9.swizzle != DC_SW_LINEAR) { + if (!dc->debug.skip_full_updated_if_possible) { /* swizzled mode requires RQ to be setup properly, * thus need to run DML to calculate RQ settings */ @@ -2547,7 +2547,7 @@ static enum surface_update_type det_surface_update(const struct dc *dc, update_flags->raw = 0; // Reset all flags - type = get_plane_info_update_type(u); + type = get_plane_info_update_type(dc, u); elevate_update_type(&overall_type, type); type = get_scaling_info_update_type(dc, u); diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index e659f4fed19f..78ebe636389e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1060,6 +1060,7 @@ struct dc_debug_options { bool enable_ips_visual_confirm; unsigned int sharpen_policy; unsigned int scale_to_sharpness_policy; + bool skip_full_updated_if_possible; };

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Use full update for swizzle mode change" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x b74571a83fd3e50f804f090aae60c864d458187c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-happier-embassy-9583@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: b74571a83fd3 ("drm/amd/display: Use full update for swizzle mode change") 09cb922c4e14 ("drm/amd/display: Add debug options to change sharpen policies") efaf15752d11 ("drm/amd/display: Add sharpness control interface") 469a486541b6 ("drm/amd/display: add sharpness support for windowed YUV420 video") 6efc0ab3b05d ("drm/amd/display: add back quality EASF and ISHARP and dc dependency changes") 85ecfdda063b ("drm/amd/display: Re-order enum in a header file") f9e675988886 ("drm/amd/display: roll back quality EASF and ISHARP and dc dependency changes") 748b3c4ca0bf ("drm/amd/display: Add visual confirm for Idle State") f82200703434 ("drm/amd/display: remove dc dependencies from SPL library") c18fa08e6fd8 ("drm/amd/display: Disable subvp based on HW cursor requirement") 5f30ee493044 ("drm/amd/display: quality improvements for EASF and ISHARP") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b74571a83fd3e50f804f090aae60c864d458187c Mon Sep 17 00:00:00 2001 From: Charlene Liu <Charlene.Liu(a)amd.com> Date: Wed, 4 Sep 2024 15:58:25 -0400 Subject: [PATCH] drm/amd/display: Use full update for swizzle mode change [WHY & HOW] 1) We did linear/non linear transition properly long ago 2) We used that path to handle SystemDisplayEnable 3) We fixed a SystemDisplayEnable inability to fallback to passive by impacting the transition flow generically 4) AFMF later relied on the generic transition behavior Separating the two flows to make (3) non-generic is the best immediate coarse of action. DC can discern SSAMPO3 very easily from SDE. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chris Park <chris.park(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Alex Hung <alex.hung(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 67812fbbb006..a1652130e4be 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -2376,7 +2376,7 @@ static bool is_surface_in_context( return false; } -static enum surface_update_type get_plane_info_update_type(const struct dc_surface_update *u) +static enum surface_update_type get_plane_info_update_type(const struct dc *dc, const struct dc_surface_update *u) { union surface_update_flags *update_flags = &u->surface->update_flags; enum surface_update_type update_type = UPDATE_TYPE_FAST; @@ -2455,7 +2455,7 @@ static enum surface_update_type get_plane_info_update_type(const struct dc_surfa /* todo: below are HW dependent, we should add a hook to * DCE/N resource and validated there. */ - if (u->plane_info->tiling_info.gfx9.swizzle != DC_SW_LINEAR) { + if (!dc->debug.skip_full_updated_if_possible) { /* swizzled mode requires RQ to be setup properly, * thus need to run DML to calculate RQ settings */ @@ -2547,7 +2547,7 @@ static enum surface_update_type det_surface_update(const struct dc *dc, update_flags->raw = 0; // Reset all flags - type = get_plane_info_update_type(u); + type = get_plane_info_update_type(dc, u); elevate_update_type(&overall_type, type); type = get_scaling_info_update_type(dc, u); diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index e659f4fed19f..78ebe636389e 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1060,6 +1060,7 @@ struct dc_debug_options { bool enable_ips_visual_confirm; unsigned int sharpen_policy; unsigned int scale_to_sharpness_policy; + bool skip_full_updated_if_possible; };

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100158-tipping-racoon-cfd3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100121-object-drudge-0113@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-account-shelving-ea60@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-headlamp-copper-3088@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100129-hankie-animator-1715@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100128-conceded-stowaway-a8a3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4d60f6d4b8fa ("PCI: dra7xx: Fix error handling when IRQ request fails in probe") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4d60f6d4b8fa4d7bad4aeb2b3ee5c10425bc60a4 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Tue, 27 Aug 2024 17:54:22 +0530 Subject: [PATCH] PCI: dra7xx: Fix error handling when IRQ request fails in probe MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") moved the IRQ request for "dra7xx-pcie-main" towards the end of dra7xx_pcie_probe(). However, the error handling does not take into account the initialization performed by either dra7xx_add_pcie_port() or dra7xx_add_pcie_ep(), depending on the mode of operation. Fix the error handling to address this. Fixes: d4c7d1a089d6 ("PCI: dwc: dra7xx: Push request_irq() call to the bottom of probe") Link: https://lore.kernel.org/linux-pci/20240827122422.985547-3-s-vadapalli@ti.com Tested-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> [kwilczynski: commit log] Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Kevin Hilman <khilman(a)baylibre.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 20fb50741f3d..5c62e1a3ba52 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -854,11 +854,17 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) "dra7xx-pcie-main", dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); - goto err_gpio; + goto err_deinit; } return 0; +err_deinit: + if (dra7xx->mode == DW_PCIE_RC_TYPE) + dw_pcie_host_deinit(&dra7xx->pci->pp); + else + dw_pcie_ep_deinit(&dra7xx->pci->ep); + err_gpio: err_get_sync: pm_runtime_put(dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 73b42dc69be8564d4951a14d00f827929fe5ef79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100124-partly-overact-759b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 73b42dc69be8 ("KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)") d33234342f8b ("KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()") 71bf395a276f ("KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits") 4b7c3f6d04bd ("KVM: x86: Make x2APIC ID 100% readonly") c7d4c5f01961 ("KVM: x86: Drop unused check_apicv_inhibit_reasons() callback definition") 5f18c642ff7e ("KVM: VMX: Move out vmx_x86_ops to 'main.c' to dispatch VMX and TDX") 0ec3d6d1f169 ("KVM: x86: Fully defer to vendor code to decide how to force immediate exit") bf1a49436ea3 ("KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers") 11776aa0cfa7 ("KVM: VMX: Handle forced exit due to preemption timer in fastpath") e6b5d16bbd2d ("KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits") 9c9025ea003a ("KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint") 8ecb10bcbfa3 ("Merge tag 'kvm-x86-lam-6.8' of https://github.com/kvm-x86/linux into HEAD") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73b42dc69be8564d4951a14d00f827929fe5ef79 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 19 Jul 2024 16:51:00 -0700 Subject: [PATCH] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Re-introduce the "split" x2APIC ICR storage that KVM used prior to Intel's IPI virtualization support, but only for AMD. While not stated anywhere in the APM, despite stating the ICR is a single 64-bit register, AMD CPUs store the 64-bit ICR as two separate 32-bit values in ICR and ICR2. When IPI virtualization (IPIv on Intel, all AVIC flavors on AMD) is enabled, KVM needs to match CPU behavior as some ICR ICR writes will be handled by the CPU, not by KVM. Add a kvm_x86_ops knob to control the underlying format used by the CPU to store the x2APIC ICR, and tune it to AMD vs. Intel regardless of whether or not x2AVIC is enabled. If KVM is handling all ICR writes, the storage format for x2APIC mode doesn't matter, and having the behavior follow AMD versus Intel will provide better test coverage and ease debugging. Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Cc: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> Link: https://lore.kernel.org/r/20240719235107.3023592-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 95396e4cb3da..f9dfb2d62053 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1727,6 +1727,8 @@ struct kvm_x86_ops { void (*enable_nmi_window)(struct kvm_vcpu *vcpu); void (*enable_irq_window)(struct kvm_vcpu *vcpu); void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr); + + const bool x2apic_icr_is_split; const unsigned long required_apicv_inhibits; bool allow_apicv_in_x2apic_without_x2apic_virtualization; void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 63be07d7c782..c7180cb5f464 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2471,11 +2471,25 @@ int kvm_x2apic_icr_write(struct kvm_lapic *apic, u64 data) data &= ~APIC_ICR_BUSY; kvm_apic_send_ipi(apic, (u32)data, (u32)(data >> 32)); - kvm_lapic_set_reg64(apic, APIC_ICR, data); + if (kvm_x86_ops.x2apic_icr_is_split) { + kvm_lapic_set_reg(apic, APIC_ICR, data); + kvm_lapic_set_reg(apic, APIC_ICR2, data >> 32); + } else { + kvm_lapic_set_reg64(apic, APIC_ICR, data); + } trace_kvm_apic_write(APIC_ICR, data); return 0; } +static u64 kvm_x2apic_icr_read(struct kvm_lapic *apic) +{ + if (kvm_x86_ops.x2apic_icr_is_split) + return (u64)kvm_lapic_get_reg(apic, APIC_ICR) | + (u64)kvm_lapic_get_reg(apic, APIC_ICR2) << 32; + + return kvm_lapic_get_reg64(apic, APIC_ICR); +} + /* emulate APIC access in a trap manner */ void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset) { @@ -2493,7 +2507,7 @@ void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset) * maybe-unecessary write, and both are in the noise anyways. */ if (apic_x2apic_mode(apic) && offset == APIC_ICR) - WARN_ON_ONCE(kvm_x2apic_icr_write(apic, kvm_lapic_get_reg64(apic, APIC_ICR))); + WARN_ON_ONCE(kvm_x2apic_icr_write(apic, kvm_x2apic_icr_read(apic))); else kvm_lapic_reg_write(apic, offset, kvm_lapic_get_reg(apic, offset)); } @@ -3013,18 +3027,22 @@ static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, /* * In x2APIC mode, the LDR is fixed and based on the id. And - * ICR is internally a single 64-bit register, but needs to be - * split to ICR+ICR2 in userspace for backwards compatibility. + * if the ICR is _not_ split, ICR is internally a single 64-bit + * register, but needs to be split to ICR+ICR2 in userspace for + * backwards compatibility. */ - if (set) { + if (set) *ldr = kvm_apic_calc_x2apic_ldr(x2apic_id); - icr = __kvm_lapic_get_reg(s->regs, APIC_ICR) | - (u64)__kvm_lapic_get_reg(s->regs, APIC_ICR2) << 32; - __kvm_lapic_set_reg64(s->regs, APIC_ICR, icr); - } else { - icr = __kvm_lapic_get_reg64(s->regs, APIC_ICR); - __kvm_lapic_set_reg(s->regs, APIC_ICR2, icr >> 32); + if (!kvm_x86_ops.x2apic_icr_is_split) { + if (set) { + icr = __kvm_lapic_get_reg(s->regs, APIC_ICR) | + (u64)__kvm_lapic_get_reg(s->regs, APIC_ICR2) << 32; + __kvm_lapic_set_reg64(s->regs, APIC_ICR, icr); + } else { + icr = __kvm_lapic_get_reg64(s->regs, APIC_ICR); + __kvm_lapic_set_reg(s->regs, APIC_ICR2, icr >> 32); + } } } @@ -3222,7 +3240,7 @@ static int kvm_lapic_msr_read(struct kvm_lapic *apic, u32 reg, u64 *data) u32 low; if (reg == APIC_ICR) { - *data = kvm_lapic_get_reg64(apic, APIC_ICR); + *data = kvm_x2apic_icr_read(apic); return 0; } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d8cfe8f23327..eb3de01602b9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5053,6 +5053,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .enable_nmi_window = svm_enable_nmi_window, .enable_irq_window = svm_enable_irq_window, .update_cr8_intercept = svm_update_cr8_intercept, + + .x2apic_icr_is_split = true, .set_virtual_apic_mode = avic_refresh_virtual_apic_mode, .refresh_apicv_exec_ctrl = avic_refresh_apicv_exec_ctrl, .apicv_post_state_restore = avic_apicv_post_state_restore, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 4f6023a0deb3..0a094ebad4b1 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -89,6 +89,8 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .enable_nmi_window = vmx_enable_nmi_window, .enable_irq_window = vmx_enable_irq_window, .update_cr8_intercept = vmx_update_cr8_intercept, + + .x2apic_icr_is_split = false, .set_virtual_apic_mode = vmx_set_virtual_apic_mode, .set_apic_access_page_addr = vmx_set_apic_access_page_addr, .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl,

7 months

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 73b42dc69be8564d4951a14d00f827929fe5ef79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100122-prologue-parakeet-0748@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 73b42dc69be8 ("KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)") d33234342f8b ("KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode()") 71bf395a276f ("KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits") 4b7c3f6d04bd ("KVM: x86: Make x2APIC ID 100% readonly") c7d4c5f01961 ("KVM: x86: Drop unused check_apicv_inhibit_reasons() callback definition") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73b42dc69be8564d4951a14d00f827929fe5ef79 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 19 Jul 2024 16:51:00 -0700 Subject: [PATCH] KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Re-introduce the "split" x2APIC ICR storage that KVM used prior to Intel's IPI virtualization support, but only for AMD. While not stated anywhere in the APM, despite stating the ICR is a single 64-bit register, AMD CPUs store the 64-bit ICR as two separate 32-bit values in ICR and ICR2. When IPI virtualization (IPIv on Intel, all AVIC flavors on AMD) is enabled, KVM needs to match CPU behavior as some ICR ICR writes will be handled by the CPU, not by KVM. Add a kvm_x86_ops knob to control the underlying format used by the CPU to store the x2APIC ICR, and tune it to AMD vs. Intel regardless of whether or not x2AVIC is enabled. If KVM is handling all ICR writes, the storage format for x2APIC mode doesn't matter, and having the behavior follow AMD versus Intel will provide better test coverage and ease debugging. Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Cc: Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> Link: https://lore.kernel.org/r/20240719235107.3023592-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 95396e4cb3da..f9dfb2d62053 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1727,6 +1727,8 @@ struct kvm_x86_ops { void (*enable_nmi_window)(struct kvm_vcpu *vcpu); void (*enable_irq_window)(struct kvm_vcpu *vcpu); void (*update_cr8_intercept)(struct kvm_vcpu *vcpu, int tpr, int irr); + + const bool x2apic_icr_is_split; const unsigned long required_apicv_inhibits; bool allow_apicv_in_x2apic_without_x2apic_virtualization; void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c index 63be07d7c782..c7180cb5f464 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -2471,11 +2471,25 @@ int kvm_x2apic_icr_write(struct kvm_lapic *apic, u64 data) data &= ~APIC_ICR_BUSY; kvm_apic_send_ipi(apic, (u32)data, (u32)(data >> 32)); - kvm_lapic_set_reg64(apic, APIC_ICR, data); + if (kvm_x86_ops.x2apic_icr_is_split) { + kvm_lapic_set_reg(apic, APIC_ICR, data); + kvm_lapic_set_reg(apic, APIC_ICR2, data >> 32); + } else { + kvm_lapic_set_reg64(apic, APIC_ICR, data); + } trace_kvm_apic_write(APIC_ICR, data); return 0; } +static u64 kvm_x2apic_icr_read(struct kvm_lapic *apic) +{ + if (kvm_x86_ops.x2apic_icr_is_split) + return (u64)kvm_lapic_get_reg(apic, APIC_ICR) | + (u64)kvm_lapic_get_reg(apic, APIC_ICR2) << 32; + + return kvm_lapic_get_reg64(apic, APIC_ICR); +} + /* emulate APIC access in a trap manner */ void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset) { @@ -2493,7 +2507,7 @@ void kvm_apic_write_nodecode(struct kvm_vcpu *vcpu, u32 offset) * maybe-unecessary write, and both are in the noise anyways. */ if (apic_x2apic_mode(apic) && offset == APIC_ICR) - WARN_ON_ONCE(kvm_x2apic_icr_write(apic, kvm_lapic_get_reg64(apic, APIC_ICR))); + WARN_ON_ONCE(kvm_x2apic_icr_write(apic, kvm_x2apic_icr_read(apic))); else kvm_lapic_reg_write(apic, offset, kvm_lapic_get_reg(apic, offset)); } @@ -3013,18 +3027,22 @@ static int kvm_apic_state_fixup(struct kvm_vcpu *vcpu, /* * In x2APIC mode, the LDR is fixed and based on the id. And - * ICR is internally a single 64-bit register, but needs to be - * split to ICR+ICR2 in userspace for backwards compatibility. + * if the ICR is _not_ split, ICR is internally a single 64-bit + * register, but needs to be split to ICR+ICR2 in userspace for + * backwards compatibility. */ - if (set) { + if (set) *ldr = kvm_apic_calc_x2apic_ldr(x2apic_id); - icr = __kvm_lapic_get_reg(s->regs, APIC_ICR) | - (u64)__kvm_lapic_get_reg(s->regs, APIC_ICR2) << 32; - __kvm_lapic_set_reg64(s->regs, APIC_ICR, icr); - } else { - icr = __kvm_lapic_get_reg64(s->regs, APIC_ICR); - __kvm_lapic_set_reg(s->regs, APIC_ICR2, icr >> 32); + if (!kvm_x86_ops.x2apic_icr_is_split) { + if (set) { + icr = __kvm_lapic_get_reg(s->regs, APIC_ICR) | + (u64)__kvm_lapic_get_reg(s->regs, APIC_ICR2) << 32; + __kvm_lapic_set_reg64(s->regs, APIC_ICR, icr); + } else { + icr = __kvm_lapic_get_reg64(s->regs, APIC_ICR); + __kvm_lapic_set_reg(s->regs, APIC_ICR2, icr >> 32); + } } } @@ -3222,7 +3240,7 @@ static int kvm_lapic_msr_read(struct kvm_lapic *apic, u32 reg, u64 *data) u32 low; if (reg == APIC_ICR) { - *data = kvm_lapic_get_reg64(apic, APIC_ICR); + *data = kvm_x2apic_icr_read(apic); return 0; } diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d8cfe8f23327..eb3de01602b9 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5053,6 +5053,8 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .enable_nmi_window = svm_enable_nmi_window, .enable_irq_window = svm_enable_irq_window, .update_cr8_intercept = svm_update_cr8_intercept, + + .x2apic_icr_is_split = true, .set_virtual_apic_mode = avic_refresh_virtual_apic_mode, .refresh_apicv_exec_ctrl = avic_refresh_apicv_exec_ctrl, .apicv_post_state_restore = avic_apicv_post_state_restore, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 4f6023a0deb3..0a094ebad4b1 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -89,6 +89,8 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .enable_nmi_window = vmx_enable_nmi_window, .enable_irq_window = vmx_enable_irq_window, .update_cr8_intercept = vmx_update_cr8_intercept, + + .x2apic_icr_is_split = false, .set_virtual_apic_mode = vmx_set_virtual_apic_mode, .set_apic_access_page_addr = vmx_set_apic_access_page_addr, .refresh_apicv_exec_ctrl = vmx_refresh_apicv_exec_ctrl,

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100120-reappoint-harpist-1c61@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100119-lather-concept-f5c2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100118-slam-chaperone-3d02@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100118-polo-glimmer-a034@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100117-railroad-ripening-d584@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-polio-dribble-821d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100116-cost-tadpole-d4de@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] soc: versatile: realview: fix soc_dev leak during device" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x c774f2564c0086c23f5269fd4691f233756bf075 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-dose-process-0db6@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: c774f2564c00 ("soc: versatile: realview: fix soc_dev leak during device remove") 1c4f26a41f9d ("soc: versatile: realview: fix memory leak during device remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c774f2564c0086c23f5269fd4691f233756bf075 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sun, 25 Aug 2024 20:05:24 +0200 Subject: [PATCH] soc: versatile: realview: fix soc_dev leak during device remove If device is unbound, the soc_dev should be unregistered to prevent memory leak. Fixes: a2974c9c1f83 ("soc: add driver for the ARM RealView") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/20240825-soc-dev-fixes-v1-3-ff4b35abed83@linaro.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> diff --git a/drivers/soc/versatile/soc-realview.c b/drivers/soc/versatile/soc-realview.c index d304ee69287a..cf91abe07d38 100644 --- a/drivers/soc/versatile/soc-realview.c +++ b/drivers/soc/versatile/soc-realview.c @@ -4,6 +4,7 @@ * * Author: Linus Walleij <linus.walleij(a)linaro.org> */ +#include <linux/device.h> #include <linux/init.h> #include <linux/io.h> #include <linux/slab.h> @@ -81,6 +82,13 @@ static struct attribute *realview_attrs[] = { ATTRIBUTE_GROUPS(realview); +static void realview_soc_socdev_release(void *data) +{ + struct soc_device *soc_dev = data; + + soc_device_unregister(soc_dev); +} + static int realview_soc_probe(struct platform_device *pdev) { struct regmap *syscon_regmap; @@ -109,6 +117,11 @@ static int realview_soc_probe(struct platform_device *pdev) if (IS_ERR(soc_dev)) return -ENODEV; + ret = devm_add_action_or_reset(&pdev->dev, realview_soc_socdev_release, + soc_dev); + if (ret) + return ret; + ret = regmap_read(syscon_regmap, REALVIEW_SYS_ID_OFFSET, &realview_coreid); if (ret)

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0199d2f2bd8cd97b310f7ed82a067247d7456029 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100101-neatness-unmapped-e049@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0199d2f2bd8c ("PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler") e56427068a8d ("PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0199d2f2bd8cd97b310f7ed82a067247d7456029 Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 31 May 2024 12:13:32 -0400 Subject: [PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX IRQs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This bug would cause INTx interrupts not to be delivered, as enabling INTB would actually enable INTA, and enabling INTA wouldn't enable anything at all. It is likely that this got overlooked for so long since most PCIe hardware uses MSIs. This fixes the following UBSAN error: UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 shift exponent 18446744073709551615 is too large for 32-bit type 'int' CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 Hardware name: xlnx,zynqmp (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:235) show_stack (arch/arm64/kernel/stacktrace.c:242) dump_stack_lvl (lib/dump_stack.c:107) dump_stack (lib/dump_stack.c:114) __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) irq_startup (kernel/irq/chip.c:270) __setup_irq (kernel/irq/manage.c:1800) request_threaded_irq (kernel/irq/manage.c:2206) pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Link: https://lore.kernel.org/r/20240531161337.864994-3-sean.anderson@linux.dev Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK);

7 months

1
0
0 0

FAILED: patch "[PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0199d2f2bd8cd97b310f7ed82a067247d7456029 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100159-tweet-embezzle-c6e6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0199d2f2bd8c ("PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler") e56427068a8d ("PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0199d2f2bd8cd97b310f7ed82a067247d7456029 Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 31 May 2024 12:13:32 -0400 Subject: [PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX IRQs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This bug would cause INTx interrupts not to be delivered, as enabling INTB would actually enable INTA, and enabling INTA wouldn't enable anything at all. It is likely that this got overlooked for so long since most PCIe hardware uses MSIs. This fixes the following UBSAN error: UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 shift exponent 18446744073709551615 is too large for 32-bit type 'int' CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 Hardware name: xlnx,zynqmp (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:235) show_stack (arch/arm64/kernel/stacktrace.c:242) dump_stack_lvl (lib/dump_stack.c:107) dump_stack (lib/dump_stack.c:114) __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) irq_startup (kernel/irq/chip.c:270) __setup_irq (kernel/irq/manage.c:1800) request_threaded_irq (kernel/irq/manage.c:2206) pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Link: https://lore.kernel.org/r/20240531161337.864994-3-sean.anderson@linux.dev Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK);

7 months

1
0
0 0

[PATCH v10 1/2] ufs: core: fix the issue of ICU failure

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When setting the ICU bit without using read-modify-write, SQRTCy will restart SQ again and receive an RTC return error code 2 (Failure - SQ not stopped). Additionally, the error log has been modified so that this type of error can be observed. Fixes: ab248643d3d6 ("scsi: ufs: core: Add error handling for MCQ mode") Cc: stable(a)vger.kernel.org Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> Reviewed-by: Bao D. Nguyen <quic_nguyenb(a)quicinc.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- drivers/ufs/core/ufs-mcq.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/drivers/ufs/core/ufs-mcq.c b/drivers/ufs/core/ufs-mcq.c index 5891cdacd0b3..3903947dbed1 100644 --- a/drivers/ufs/core/ufs-mcq.c +++ b/drivers/ufs/core/ufs-mcq.c @@ -539,7 +539,7 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) struct scsi_cmnd *cmd = lrbp->cmd; struct ufs_hw_queue *hwq; void __iomem *reg, *opr_sqd_base; - u32 nexus, id, val; + u32 nexus, id, val, rtc; int err; if (hba->quirks & UFSHCD_QUIRK_MCQ_BROKEN_RTC) @@ -569,17 +569,18 @@ int ufshcd_mcq_sq_cleanup(struct ufs_hba *hba, int task_tag) opr_sqd_base = mcq_opr_base(hba, OPR_SQD, id); writel(nexus, opr_sqd_base + REG_SQCTI); - /* SQRTCy.ICU = 1 */ - writel(SQ_ICU, opr_sqd_base + REG_SQRTC); + /* Initiate Cleanup */ + writel(readl(opr_sqd_base + REG_SQRTC) | SQ_ICU, + opr_sqd_base + REG_SQRTC); /* Poll SQRTSy.CUS = 1. Return result from SQRTSy.RTC */ reg = opr_sqd_base + REG_SQRTS; err = read_poll_timeout(readl, val, val & SQ_CUS, 20, MCQ_POLL_US, false, reg); - if (err) - dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%ld\n", - __func__, id, task_tag, - FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg))); + rtc = FIELD_GET(SQ_ICU_ERR_CODE_MASK, readl(reg)); + if (err || rtc) + dev_err(hba->dev, "%s: failed. hwq=%d, tag=%d err=%d RTC=%d\n", + __func__, id, task_tag, err, rtc); if (ufshcd_mcq_sq_start(hba, hwq)) err = -ETIMEDOUT; -- 2.45.2

7 months

1
0
0 0

[PATCH net] net: pcs: xpcs: fix the wrong register that was written back

by Jiawen Wu

The value is read from the register TXGBE_RX_GEN_CTL3, and it should be written back to TXGBE_RX_GEN_CTL3 when it changes some fields. Cc: stable(a)vger.kernel.org Fixes: f629acc6f210 ("net: pcs: xpcs: support to switch mode for Wangxun NICs") Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/pcs/pcs-xpcs-wx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/pcs/pcs-xpcs-wx.c b/drivers/net/pcs/pcs-xpcs-wx.c index 19c75886f070..5f5cd3596cb8 100644 --- a/drivers/net/pcs/pcs-xpcs-wx.c +++ b/drivers/net/pcs/pcs-xpcs-wx.c @@ -109,7 +109,7 @@ static void txgbe_pma_config_1g(struct dw_xpcs *xpcs) txgbe_write_pma(xpcs, TXGBE_DFE_TAP_CTL0, 0); val = txgbe_read_pma(xpcs, TXGBE_RX_GEN_CTL3); val = u16_replace_bits(val, 0x4, TXGBE_RX_GEN_CTL3_LOS_TRSHLD0); - txgbe_write_pma(xpcs, TXGBE_RX_EQ_ATTN_CTL, val); + txgbe_write_pma(xpcs, TXGBE_RX_GEN_CTL3, val); txgbe_write_pma(xpcs, TXGBE_MPLLA_CTL0, 0x20); txgbe_write_pma(xpcs, TXGBE_MPLLA_CTL3, 0x46); -- 2.27.0

7 months

3
2
0 0

Re: Patch "usb: dwc2: Skip clock gating on Broadcom SoCs" has been added to the 6.11-stable tree

by Stefan Wahren

Hi Sasha, Am 01.10.24 um 01:26 schrieb Sasha Levin: > This is a note to let you know that I've just added the patch titled > > usb: dwc2: Skip clock gating on Broadcom SoCs > > to the 6.11-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-dwc2-skip-clock-gating-on-broadcom-socs.patch > and it can be found in the queue-6.11 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. please do not apply this patch to any stable branch yet. Recently i discovered a critical issue [1] which is revealed by this change. This needs to be investigated and fixed before this patch can be applied. Regards Stefan [1] - https://lore.kernel.org/linux-usb/a4cb3fe4-3d0f-4bf9-a2b1-7f422ba277c8@gmx.… > > > commit f2e9c654eb420e15992ef1e6f5e0ceaca92aacbb > Author: Stefan Wahren <wahrenst(a)gmx.net> > Date: Sun Jul 28 15:00:26 2024 +0200 > > usb: dwc2: Skip clock gating on Broadcom SoCs > > [ Upstream commit d483f034f03261c8c8450d106aa243837122b5f0 ] > > On resume of the Raspberry Pi the dwc2 driver fails to enable > HCD_FLAG_HW_ACCESSIBLE before re-enabling the interrupts. > This causes a situation where both handler ignore a incoming port > interrupt and force the upper layers to disable the dwc2 interrupt line. > This leaves the USB interface in a unusable state: > > irq 66: nobody cared (try booting with the "irqpoll" option) > CPU: 0 PID: 0 Comm: swapper/0 Tainted: G W 6.10.0-rc3 > Hardware name: BCM2835 > Call trace: > unwind_backtrace from show_stack+0x10/0x14 > show_stack from dump_stack_lvl+0x50/0x64 > dump_stack_lvl from __report_bad_irq+0x38/0xc0 > __report_bad_irq from note_interrupt+0x2ac/0x2f4 > note_interrupt from handle_irq_event+0x88/0x8c > handle_irq_event from handle_level_irq+0xb4/0x1ac > handle_level_irq from generic_handle_domain_irq+0x24/0x34 > generic_handle_domain_irq from bcm2836_chained_handle_irq+0x24/0x28 > bcm2836_chained_handle_irq from generic_handle_domain_irq+0x24/0x34 > generic_handle_domain_irq from generic_handle_arch_irq+0x34/0x44 > generic_handle_arch_irq from __irq_svc+0x88/0xb0 > Exception stack(0xc1b01f20 to 0xc1b01f68) > 1f20: 0005c0d4 00000001 00000000 00000000 c1b09780 c1d6b32c c1b04e54 c1a5eae8 > 1f40: c1b04e90 00000000 00000000 00000000 c1d6a8a0 c1b01f70 c11d2da8 c11d4160 > 1f60: 60000013 ffffffff > __irq_svc from default_idle_call+0x1c/0xb0 > default_idle_call from do_idle+0x21c/0x284 > do_idle from cpu_startup_entry+0x28/0x2c > cpu_startup_entry from kernel_init+0x0/0x12c > handlers: > [<f539e0f4>] dwc2_handle_common_intr > [<75cd278b>] usb_hcd_irq > Disabling IRQ #66 > > Disabling clock gating workaround this issue. > > Fixes: 0112b7ce68ea ("usb: dwc2: Update dwc2_handle_usb_suspend_intr function.") > Link: https://lore.kernel.org/linux-usb/3fd0c2fb-4752-45b3-94eb-42352703e1fd@gmx.… > Link: https://lore.kernel.org/all/5e8cbce0-3260-2971-484f-fc73a3b2bd28@synopsys.c… > Signed-off-by: Stefan Wahren <wahrenst(a)gmx.net> > Acked-by: Minas Harutyunyan <hminas(a)synopsys.com> > Link: https://lore.kernel.org/r/20240728130029.78279-5-wahrenst@gmx.net > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/usb/dwc2/params.c b/drivers/usb/dwc2/params.c > index a937eadbc9b3e..214dca7044163 100644 > --- a/drivers/usb/dwc2/params.c > +++ b/drivers/usb/dwc2/params.c > @@ -23,6 +23,7 @@ static void dwc2_set_bcm_params(struct dwc2_hsotg *hsotg) > p->max_transfer_size = 65535; > p->max_packet_count = 511; > p->ahbcfg = 0x10; > + p->no_clock_gating = true; > } > > static void dwc2_set_his_params(struct dwc2_hsotg *hsotg)

7 months

2
1
0 0

Re: Patch "xen: tolerate ACPI NVS memory overlapping with Xen allocated memory" has been added to the 6.11-stable tree

by Jürgen Groß

On 01.10.24 01:15, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > xen: tolerate ACPI NVS memory overlapping with Xen allocated memory > > to the 6.11-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > xen-tolerate-acpi-nvs-memory-overlapping-with-xen-al.patch > and it can be found in the queue-6.11 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 8302ac200e3fb2e8b669b96d7c36cdc266e47138 > Author: Juergen Gross <jgross(a)suse.com> > Date: Fri Aug 2 20:14:22 2024 +0200 > > xen: tolerate ACPI NVS memory overlapping with Xen allocated memory > > [ Upstream commit be35d91c8880650404f3bf813573222dfb106935 ] For this patch to have the desired effect there are the following prerequisite patches missing: c4498ae316da ("xen: move checks for e820 conflicts further up") 9221222c717d ("xen: allow mapping ACPI data using a different physical address") Please add those to the stable trees, too. Juergen

7 months

2
1
0 0

[PATCH 5.10.y] mptcp: fix sometimes-uninitialized warning

by Matthieu Baerts (NGI0)

Nathan reported this issue: $ make -skj"$(nproc)" ARCH=x86_64 LLVM=1 LLVM_IAS=1 mrproper allmodconfig net/mptcp/subflow.o net/mptcp/subflow.c:877:6: warning: variable 'incr' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] 877 | if (WARN_ON_ONCE(offset > skb->len)) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ include/asm-generic/bug.h:101:33: note: expanded from macro 'WARN_ON_ONCE' 101 | #define WARN_ON_ONCE(condition) ({ \ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 102 | int __ret_warn_on = !!(condition); \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 103 | if (unlikely(__ret_warn_on)) \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 104 | __WARN_FLAGS(BUGFLAG_ONCE | \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 105 | BUGFLAG_TAINT(TAINT_WARN)); \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 106 | unlikely(__ret_warn_on); \ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 107 | }) | ~~ net/mptcp/subflow.c:893:6: note: uninitialized use occurs here 893 | if (incr) | ^~~~ net/mptcp/subflow.c:877:2: note: remove the 'if' if its condition is always false 877 | if (WARN_ON_ONCE(offset > skb->len)) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 878 | goto out; | ~~~~~~~~ net/mptcp/subflow.c:874:18: note: initialize the variable 'incr' to silence this warning 874 | u32 offset, incr, avail_len; | ^ | = 0 1 warning generated. As mentioned by Nathan, this issue is present because 5.10 does not include commit ea4ca586b16f ("mptcp: refine MPTCP-level ack scheduling"), which removed the use of 'incr' in the error path added by this change. This other commit does not really look suitable for stable, hence this dedicated patch for 5.10. Fixes: e93fa44f0714 ("mptcp: fix duplicate data handling") Reported-by: Nathan Chancellor <nathan(a)kernel.org> Closes: https://lore.kernel.org/20240928175524.GA1713144@thelio-3990X Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/subflow.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c index 8a0ef50c307c..843c61ebd421 100644 --- a/net/mptcp/subflow.c +++ b/net/mptcp/subflow.c @@ -871,7 +871,7 @@ static void mptcp_subflow_discard_data(struct sock *ssk, struct sk_buff *skb, struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); bool fin = TCP_SKB_CB(skb)->tcp_flags & TCPHDR_FIN; struct tcp_sock *tp = tcp_sk(ssk); - u32 offset, incr, avail_len; + u32 offset, incr = 0, avail_len; offset = tp->copied_seq - TCP_SKB_CB(skb)->seq; if (WARN_ON_ONCE(offset > skb->len)) -- 2.45.2

7 months

2
1
0 0

[PATCH 5.10 v2 0/3] Re-adapt "bpf: Fix DEVMAP_HASH overflow check on 32-bit arches"

by Pu Lehui

Commit 70294d8bc31f ("bpf: Eliminate rlimit-based memory accounting for devmap maps") relies on the v5.11+ basic mechanism of memcg-based memory accounting [0]. The commit cannot be independently backported to the 5.10 stable branch, otherwise the related memory when creating devmap will be unrestricted and the associated bpf selftest map_ptr will fail. Let's roll back to rlimit-based memory accounting mode for devmap and re-adapt the commit 225da02acdc9 ("bpf: Fix DEVMAP_HASH overflow check on 32-bit arches") to the 5.10 stable branch. Link: https://lore.kernel.org/bpf/20201201215900.3569844-1-guro@fb.com [0] Pu Lehui (2): Revert "bpf: Fix DEVMAP_HASH overflow check on 32-bit arches" Revert "bpf: Eliminate rlimit-based memory accounting for devmap maps" Toke Høiland-Jørgensen (1): bpf: Fix DEVMAP_HASH overflow check on 32-bit arches kernel/bpf/devmap.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) -- 2.34.1

7 months

2
4
0 0

[PATCH 5.10.y 0/3] x86: Complete backports for x86_match_cpu()

by Ricardo Neri

Hi, Upstream commit 93022482b294 ("x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL") introduced a flags member to struct x86_cpu_id. Bit 0 of x86_cpu.id.flags must be set to 1 for x86_match_cpu() to work correctly. This upstream commit has been backported to 5.10.y. Callers that use the X86_MATCH_*() family of macros to compose the argument of x86_match_cpu() function correctly. Callers that use their own custom mechanisms may not work if they fail to set x86_cpu_id.flags correctly. There are three remaining callers in 5.10.y that use their own mechanisms: a) setup_pcid(), b) rapl_msr_probe(), and c) goodix_add_acpi_gpio_ mappings(). a) caused a regression that Thomas Lindroth reported in [1]. b) works by luck but it still populates its x86_cpu_id[] array incorrectly. I am not aware of any reports on c), but inspecting the code reveals that it will fail to identify INTEL_FAM6_ATOM_SILVERMONT for the reason described above. I backported three patches that fix these bugs in mainline. Hopefully the authors and/or maintainers can ack the backports? I tested patches 2/3 and 3/3 on Tiger Lake, Alder Lake, and Meteor Lake systems as the two involved callers behave differently on these systems. I wrote the testing details in each patch separately. I could not test patch 1/3 because I do not have access to Bay Trail hardware. Thanks and BR, Ricardo [1]. https://lore.kernel.org/all/eb709d67-2a8d-412f-905d-f3777d897bfa@gmail.com/ Hans de Goede (1): Input: goodix - use the new soc_intel_is_byt() helper Sumeet Pawnikar (1): powercap: RAPL: fix invalid initialization for pl4_supported field Tony Luck (1): x86/mm: Switch to new Intel CPU model defines arch/x86/mm/init.c | 16 ++++++---------- drivers/input/touchscreen/goodix.c | 18 ++---------------- drivers/powercap/intel_rapl_msr.c | 2 +- 3 files changed, 9 insertions(+), 27 deletions(-) -- 2.34.1

7 months

2
4
0 0

Fix regression from "drm/amd/display: Fix MST BW calculation Regression"

by Mario Limonciello

Hello, The commit 338567d17627 ("drm/amd/display: Fix MST BW calculation Regression") caused a regression with some MST displays due to a mistake. For 6.11.y here is the series of commits that fixes it: commit 4599aef0c97b ("drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination") commit ecc4038ec1de ("drm/amd/display: Add DSC Debug Log") commit b2b4afb9cf07 ("drm/amdgpu/display: Fix a mistake in revert commit") Can you please bring them back to 6.11.y? Thanks!

7 months

2
3
0 0

FAILED: patch "[PATCH] mm: call the security_mmap_file() LSM hook in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100103-banish-batboy-00df@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") 592b5fad1677 ("mm: Re-introduce vm_flags to do_mmap()") 183654ce26a5 ("mmap: change do_mas_munmap and do_mas_aligned_munmap() to use vma iterator") 0378c0a0e9e4 ("mm/mmap: remove preallocation from do_mas_align_munmap()") 92fed82047d7 ("mm/mmap: convert brk to use vma iterator") baabcfc93d3b ("mm/mmap: fix typo in comment") c5d5546ea065 ("maple_tree: remove the parameter entry of mas_preallocate") 675eaca1f441 ("mm/mmap: properly unaccount memory on mas_preallocate() failure") 6c28ca6485dd ("mmap: fix do_brk_flags() modifying obviously incorrect VMAs") f5ad5083404b ("mm: do not BUG_ON missing brk mapping, because userspace can unmap it") cc674ab3c018 ("mm/mmap: fix memory leak in mmap_region()") 120b116208a0 ("maple_tree: reorganize testing to restore module testing") a57b70519d1f ("mm/mmap: fix MAP_FIXED address return on VMA merge") 5789151e48ac ("mm/mmap: undo ->mmap() when mas_preallocate() fails") deb0f6562884 ("mm/mmap: undo ->mmap() when arch_validate_flags() fails") 28c5609fb236 ("mm/mmap: preallocate maple nodes for brk vma expansion") 763ecb035029 ("mm: remove the vma linked list") 8220543df148 ("nommu: remove uses of VMA linked list") 67e7c16764c3 ("mm/mmap: change do_brk_munmap() to use do_mas_align_munmap()") 11f9a21ab655 ("mm/mmap: reorganize munmap to use maple states") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 From: Shu Han <ebpqwerty472123(a)gmail.com> Date: Tue, 17 Sep 2024 17:41:04 +0800 Subject: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/mm/mmap.c b/mm/mmap.c index d0dfc85b209b..18fddcce03b8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm: call the security_mmap_file() LSM hook in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100157-unpeeled-surprise-8138@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") 592b5fad1677 ("mm: Re-introduce vm_flags to do_mmap()") 183654ce26a5 ("mmap: change do_mas_munmap and do_mas_aligned_munmap() to use vma iterator") 0378c0a0e9e4 ("mm/mmap: remove preallocation from do_mas_align_munmap()") 92fed82047d7 ("mm/mmap: convert brk to use vma iterator") baabcfc93d3b ("mm/mmap: fix typo in comment") c5d5546ea065 ("maple_tree: remove the parameter entry of mas_preallocate") 675eaca1f441 ("mm/mmap: properly unaccount memory on mas_preallocate() failure") 6c28ca6485dd ("mmap: fix do_brk_flags() modifying obviously incorrect VMAs") f5ad5083404b ("mm: do not BUG_ON missing brk mapping, because userspace can unmap it") cc674ab3c018 ("mm/mmap: fix memory leak in mmap_region()") 120b116208a0 ("maple_tree: reorganize testing to restore module testing") a57b70519d1f ("mm/mmap: fix MAP_FIXED address return on VMA merge") 5789151e48ac ("mm/mmap: undo ->mmap() when mas_preallocate() fails") deb0f6562884 ("mm/mmap: undo ->mmap() when arch_validate_flags() fails") 28c5609fb236 ("mm/mmap: preallocate maple nodes for brk vma expansion") 763ecb035029 ("mm: remove the vma linked list") 8220543df148 ("nommu: remove uses of VMA linked list") 67e7c16764c3 ("mm/mmap: change do_brk_munmap() to use do_mas_align_munmap()") 11f9a21ab655 ("mm/mmap: reorganize munmap to use maple states") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 From: Shu Han <ebpqwerty472123(a)gmail.com> Date: Tue, 17 Sep 2024 17:41:04 +0800 Subject: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/mm/mmap.c b/mm/mmap.c index d0dfc85b209b..18fddcce03b8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm: call the security_mmap_file() LSM hook in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100151-evolution-apache-87b3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") 592b5fad1677 ("mm: Re-introduce vm_flags to do_mmap()") 183654ce26a5 ("mmap: change do_mas_munmap and do_mas_aligned_munmap() to use vma iterator") 0378c0a0e9e4 ("mm/mmap: remove preallocation from do_mas_align_munmap()") 92fed82047d7 ("mm/mmap: convert brk to use vma iterator") baabcfc93d3b ("mm/mmap: fix typo in comment") c5d5546ea065 ("maple_tree: remove the parameter entry of mas_preallocate") 675eaca1f441 ("mm/mmap: properly unaccount memory on mas_preallocate() failure") 6c28ca6485dd ("mmap: fix do_brk_flags() modifying obviously incorrect VMAs") f5ad5083404b ("mm: do not BUG_ON missing brk mapping, because userspace can unmap it") cc674ab3c018 ("mm/mmap: fix memory leak in mmap_region()") 120b116208a0 ("maple_tree: reorganize testing to restore module testing") a57b70519d1f ("mm/mmap: fix MAP_FIXED address return on VMA merge") 5789151e48ac ("mm/mmap: undo ->mmap() when mas_preallocate() fails") deb0f6562884 ("mm/mmap: undo ->mmap() when arch_validate_flags() fails") 28c5609fb236 ("mm/mmap: preallocate maple nodes for brk vma expansion") 763ecb035029 ("mm: remove the vma linked list") 8220543df148 ("nommu: remove uses of VMA linked list") 67e7c16764c3 ("mm/mmap: change do_brk_munmap() to use do_mas_align_munmap()") 11f9a21ab655 ("mm/mmap: reorganize munmap to use maple states") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 From: Shu Han <ebpqwerty472123(a)gmail.com> Date: Tue, 17 Sep 2024 17:41:04 +0800 Subject: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/mm/mmap.c b/mm/mmap.c index d0dfc85b209b..18fddcce03b8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm: call the security_mmap_file() LSM hook in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100145-gristle-unknotted-af80@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") 592b5fad1677 ("mm: Re-introduce vm_flags to do_mmap()") 183654ce26a5 ("mmap: change do_mas_munmap and do_mas_aligned_munmap() to use vma iterator") 0378c0a0e9e4 ("mm/mmap: remove preallocation from do_mas_align_munmap()") 92fed82047d7 ("mm/mmap: convert brk to use vma iterator") baabcfc93d3b ("mm/mmap: fix typo in comment") c5d5546ea065 ("maple_tree: remove the parameter entry of mas_preallocate") 675eaca1f441 ("mm/mmap: properly unaccount memory on mas_preallocate() failure") 6c28ca6485dd ("mmap: fix do_brk_flags() modifying obviously incorrect VMAs") f5ad5083404b ("mm: do not BUG_ON missing brk mapping, because userspace can unmap it") cc674ab3c018 ("mm/mmap: fix memory leak in mmap_region()") 120b116208a0 ("maple_tree: reorganize testing to restore module testing") a57b70519d1f ("mm/mmap: fix MAP_FIXED address return on VMA merge") 5789151e48ac ("mm/mmap: undo ->mmap() when mas_preallocate() fails") deb0f6562884 ("mm/mmap: undo ->mmap() when arch_validate_flags() fails") 28c5609fb236 ("mm/mmap: preallocate maple nodes for brk vma expansion") 763ecb035029 ("mm: remove the vma linked list") 8220543df148 ("nommu: remove uses of VMA linked list") 67e7c16764c3 ("mm/mmap: change do_brk_munmap() to use do_mas_align_munmap()") 11f9a21ab655 ("mm/mmap: reorganize munmap to use maple states") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 From: Shu Han <ebpqwerty472123(a)gmail.com> Date: Tue, 17 Sep 2024 17:41:04 +0800 Subject: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/mm/mmap.c b/mm/mmap.c index d0dfc85b209b..18fddcce03b8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm: call the security_mmap_file() LSM hook in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100139-mousiness-agreeable-1242@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ea7e2d5e49c0 ("mm: call the security_mmap_file() LSM hook in remap_file_pages()") 592b5fad1677 ("mm: Re-introduce vm_flags to do_mmap()") 183654ce26a5 ("mmap: change do_mas_munmap and do_mas_aligned_munmap() to use vma iterator") 0378c0a0e9e4 ("mm/mmap: remove preallocation from do_mas_align_munmap()") 92fed82047d7 ("mm/mmap: convert brk to use vma iterator") baabcfc93d3b ("mm/mmap: fix typo in comment") c5d5546ea065 ("maple_tree: remove the parameter entry of mas_preallocate") 675eaca1f441 ("mm/mmap: properly unaccount memory on mas_preallocate() failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 Mon Sep 17 00:00:00 2001 From: Shu Han <ebpqwerty472123(a)gmail.com> Date: Tue, 17 Sep 2024 17:41:04 +0800 Subject: [PATCH] mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook in the remap_file_pages syscall handler before do_mmap() is called. Otherwise, it potentially permits an attacker to bypass a W^X policy enforced by SELinux. The bypass is similar to CVE-2016-10044, which bypass the same thing via AIO and can be found in [1]. The PoC: $ cat > test.c int main(void) { size_t pagesz = sysconf(_SC_PAGE_SIZE); int mfd = syscall(SYS_memfd_create, "test", 0); const char *buf = mmap(NULL, 4 * pagesz, PROT_READ | PROT_WRITE, MAP_SHARED, mfd, 0); unsigned int old = syscall(SYS_personality, 0xffffffff); syscall(SYS_personality, READ_IMPLIES_EXEC | old); syscall(SYS_remap_file_pages, buf, pagesz, 0, 2, 0); syscall(SYS_personality, old); // show the RWX page exists even if W^X policy is enforced int fd = open("/proc/self/maps", O_RDONLY); unsigned char buf2[1024]; while (1) { int ret = read(fd, buf2, 1024); if (ret <= 0) break; write(1, buf2, ret); } close(fd); } $ gcc test.c -o test $ ./test | grep rwx 7f1836c34000-7f1836c35000 rwxs 00002000 00:01 2050 /memfd:test (deleted) Link: https://project-zero.issues.chromium.org/issues/42452389 [1] Cc: stable(a)vger.kernel.org Signed-off-by: Shu Han <ebpqwerty472123(a)gmail.com> Acked-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> [PM: subject line tweaks] Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/mm/mmap.c b/mm/mmap.c index d0dfc85b209b..18fddcce03b8 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -3198,8 +3198,12 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); + ret = security_mmap_file(vma->vm_file, prot, flags); + if (ret) + goto out_fput; ret = do_mmap(vma->vm_file, start, size, prot, flags, 0, pgoff, &populate, NULL); +out_fput: fput(file); out: mmap_write_unlock(mm);

7 months

1
0
0 0

[PATCH 1/2] drm/xe/ct: prevent UAF in send_recv()

by Matthew Auld

Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also we have some dependent loads and stores for which we need the correct ordering, and we lack the needed barriers. Fix this by grabbing the ct->lock after the wait, which is also held by the completion side. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Badal Nilawar <badal.nilawar(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_guc_ct.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 4b95f75b1546..232eb69bd8e4 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -903,16 +903,26 @@ static int guc_ct_send_recv(struct xe_guc_ct *ct, const u32 *action, u32 len, } ret = wait_event_timeout(ct->g2h_fence_wq, g2h_fence.done, HZ); + + /* + * Ensure we serialize with completion side to prevent UAF with fence going out of scope on + * the stack, since we have no clue if it will fire after the timeout before we can erase + * from the xa. Also we have some dependent loads and stores below for which we need the + * correct ordering, and we lack the needed barriers. + */ + mutex_lock(&ct->lock); if (!ret) { xe_gt_err(gt, "Timed out wait for G2H, fence %u, action %04x", g2h_fence.seqno, action[0]); xa_erase_irq(&ct->fence_lookup, g2h_fence.seqno); + mutex_unlock(&ct->lock); return -ETIME; } if (g2h_fence.retry) { xe_gt_dbg(gt, "H2G action %#x retrying: reason %#x\n", action[0], g2h_fence.reason); + mutex_unlock(&ct->lock); goto retry; } if (g2h_fence.fail) { @@ -921,7 +931,12 @@ static int guc_ct_send_recv(struct xe_guc_ct *ct, const u32 *action, u32 len, ret = -EIO; } - return ret > 0 ? response_buffer ? g2h_fence.response_len : g2h_fence.response_data : ret; + if (ret > 0) + ret = response_buffer ? g2h_fence.response_len : g2h_fence.response_data; + + mutex_unlock(&ct->lock); + + return ret; } /** -- 2.46.2

7 months

2
2
0 0

[PATCH net 03/10] ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count()

by Tony Nguyen

From: Gui-Dong Han <hanguidong02(a)outlook.com> This patch addresses an issue with improper reference count handling in the ice_sriov_set_msix_vec_count() function. First, the function calls ice_get_vf_by_id(), which increments the reference count of the vf pointer. If the subsequent call to ice_get_vf_vsi() fails, the function currently returns an error without decrementing the reference count of the vf pointer, leading to a reference count leak. The correct behavior, as implemented in this patch, is to decrement the reference count using ice_put_vf(vf) before returning an error when vsi is NULL. Second, the function calls ice_sriov_get_irqs(), which sets vf->first_vector_idx. If this call returns a negative value, indicating an error, the function returns an error without decrementing the reference count of the vf pointer, resulting in another reference count leak. The patch addresses this by adding a call to ice_put_vf(vf) before returning an error when vf->first_vector_idx < 0. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and identifying potential mismanagement of reference counts. In this case, the tool flagged the missing decrement operation as a potential issue, leading to this patch. Fixes: 4035c72dc1ba ("ice: reconfig host after changing MSI-X on VF") Fixes: 4d38cb44bd32 ("ice: manage VFs MSI-X using resource tracking") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)outlook.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Tested-by: Rafal Romanowski <rafal.romanowski(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/ice/ice_sriov.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_sriov.c b/drivers/net/ethernet/intel/ice/ice_sriov.c index e34fe2516ccc..c2d6b2a144e9 100644 --- a/drivers/net/ethernet/intel/ice/ice_sriov.c +++ b/drivers/net/ethernet/intel/ice/ice_sriov.c @@ -1096,8 +1096,10 @@ int ice_sriov_set_msix_vec_count(struct pci_dev *vf_dev, int msix_vec_count) return -ENOENT; vsi = ice_get_vf_vsi(vf); - if (!vsi) + if (!vsi) { + ice_put_vf(vf); return -ENOENT; + } prev_msix = vf->num_msix; prev_queues = vf->num_vf_qs; @@ -1142,8 +1144,10 @@ int ice_sriov_set_msix_vec_count(struct pci_dev *vf_dev, int msix_vec_count) vf->num_msix = prev_msix; vf->num_vf_qs = prev_queues; vf->first_vector_idx = ice_sriov_get_irqs(pf, vf->num_msix); - if (vf->first_vector_idx < 0) + if (vf->first_vector_idx < 0) { + ice_put_vf(vf); return -EINVAL; + } if (needs_rebuild) { ice_vf_reconfig_vsi(vf); -- 2.42.0

7 months

2
1
0 0

[PATCH net 09/10] idpf: use actual mbx receive payload length

by Tony Nguyen

From: Joshua Hay <joshua.a.hay(a)intel.com> When a mailbox message is received, the driver is checking for a non 0 datalen in the controlq descriptor. If it is valid, the payload is attached to the ctlq message to give to the upper layer. However, the payload response size given to the upper layer was taken from the buffer metadata which is _always_ the max buffer size. This meant the API was returning 4K as the payload size for all messages. This went unnoticed since the virtchnl exchange response logic was checking for a response size less than 0 (error), not less than exact size, or not greater than or equal to the max mailbox buffer size (4K). All of these checks will pass in the success case since the size provided is always 4K. However, this breaks anyone that wants to validate the exact response size. Fetch the actual payload length from the value provided in the descriptor data_len field (instead of the buffer metadata). Unfortunately, this means we lose some extra error parsing for variable sized virtchnl responses such as create vport and get ptypes. However, the original checks weren't really helping anyways since the size was _always_ 4K. Fixes: 34c21fa894a1 ("idpf: implement virtchnl transaction manager") Cc: stable(a)vger.kernel.org # 6.9+ Signed-off-by: Joshua Hay <joshua.a.hay(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Tested-by: Krishneil Singh <krishneil.k.singh(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/net/ethernet/intel/idpf/idpf_virtchnl.c b/drivers/net/ethernet/intel/idpf/idpf_virtchnl.c index 70986e12da28..3c0f97650d72 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_virtchnl.c +++ b/drivers/net/ethernet/intel/idpf/idpf_virtchnl.c @@ -666,7 +666,7 @@ idpf_vc_xn_forward_reply(struct idpf_adapter *adapter, if (ctlq_msg->data_len) { payload = ctlq_msg->ctx.indirect.payload->va; - payload_size = ctlq_msg->ctx.indirect.payload->size; + payload_size = ctlq_msg->data_len; } xn->reply_sz = payload_size; @@ -1295,10 +1295,6 @@ int idpf_send_create_vport_msg(struct idpf_adapter *adapter, err = reply_sz; goto free_vport_params; } - if (reply_sz < IDPF_CTLQ_MAX_BUF_LEN) { - err = -EIO; - goto free_vport_params; - } return 0; @@ -2602,9 +2598,6 @@ int idpf_send_get_rx_ptype_msg(struct idpf_vport *vport) if (reply_sz < 0) return reply_sz; - if (reply_sz < IDPF_CTLQ_MAX_BUF_LEN) - return -EIO; - ptypes_recvd += le16_to_cpu(ptype_info->num_ptypes); if (ptypes_recvd > max_ptype) return -EINVAL; -- 2.42.0

7 months

1
0
0 0

[PATCH 1/4] ACPI: resource: Remove duplicate Asus E1504GAB IRQ override

by Hans de Goede

Commit d2aaf1996504 ("ACPI: resource: Add DMI quirks for ASUS Vivobook E1504GA and E1504GAB") does exactly what the subject says, adding DMI matches for both the E1504GA and E1504GAB. But DMI_MATCH() does a substring match, so checking for E1504GA will also match E1504GAB. Drop the unnecessary E1504GAB entry since that is covered already by the E1504GA entry. Fixes: d2aaf1996504 ("ACPI: resource: Add DMI quirks for ASUS Vivobook E1504GA and E1504GAB") Cc: Ben Mayo <benny1091(a)gmail.com> Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/acpi/resource.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index 8a4726e2eb69..1ff251fd1901 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -511,19 +511,12 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { }, }, { - /* Asus Vivobook E1504GA */ + /* Asus Vivobook E1504GA* */ .matches = { DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), DMI_MATCH(DMI_BOARD_NAME, "E1504GA"), }, }, - { - /* Asus Vivobook E1504GAB */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "E1504GAB"), - }, - }, { /* Asus Vivobook Pro N6506MV */ .matches = { -- 2.46.0

7 months

3
8
0 0

[PATCH] pidfs: check for valid pid namespace

by Christian Brauner

When we access a no-current task's pid namespace we need check that the task hasn't been reaped in the meantime and it's pid namespace isn't accessible anymore. The user namespace is fine because it is only released when the last reference to struct task_struct is put and exit_creds() is called. Fixes: 5b08bd408534 ("pidfs: allow retrieval of namespace file descriptors") CC: stable(a)vger.kernel.org # v6.11 Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- fs/pidfs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/pidfs.c b/fs/pidfs.c index 7ffdc88dfb52..80675b6bf884 100644 --- a/fs/pidfs.c +++ b/fs/pidfs.c @@ -120,6 +120,7 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg) struct nsproxy *nsp __free(put_nsproxy) = NULL; struct pid *pid = pidfd_pid(file); struct ns_common *ns_common = NULL; + struct pid_namespace *pid_ns; if (arg) return -EINVAL; @@ -202,7 +203,9 @@ static long pidfd_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case PIDFD_GET_PID_NAMESPACE: if (IS_ENABLED(CONFIG_PID_NS)) { rcu_read_lock(); - ns_common = to_ns_common( get_pid_ns(task_active_pid_ns(task))); + pid_ns = task_active_pid_ns(task); + if (pid_ns) + ns_common = to_ns_common(get_pid_ns(pid_ns)); rcu_read_unlock(); } break; -- 2.45.2

7 months

2
1
0 0

[PATCH] scsi: fnic: move flush_work initialization out of if block

by Martin Wilck

After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a work queue"), it can happen that a work item is sent to an uninitialized work queue. This may has the effect that the item being queued is never actually queued, and any further actions depending on it will not proceed. The following warning is observed while the fnic driver is loaded: kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410 kernel: <IRQ> kernel: queue_work_on+0x3a/0x50 kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: __handle_irq_event_percpu+0x36/0x1a0 kernel: handle_irq_event_percpu+0x30/0x70 kernel: handle_irq_event+0x34/0x60 kernel: handle_edge_irq+0x7e/0x1a0 kernel: __common_interrupt+0x3b/0xb0 kernel: common_interrupt+0x58/0xa0 kernel: </IRQ> It has been observed that this may break the rediscovery of fibre channel devices after a temporary fabric failure. This patch fixes it by moving the work queue initialization out of an if block in fnic_probe(). Signed-off-by: Martin Wilck <mwilck(a)suse.com> Fixes: 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a work queue") Cc: stable(a)vger.kernel.org --- drivers/scsi/fnic/fnic_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fnic/fnic_main.c b/drivers/scsi/fnic/fnic_main.c index 0044717d4486..adec0df24bc4 100644 --- a/drivers/scsi/fnic/fnic_main.c +++ b/drivers/scsi/fnic/fnic_main.c @@ -830,7 +830,6 @@ static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent) spin_lock_init(&fnic->vlans_lock); INIT_WORK(&fnic->fip_frame_work, fnic_handle_fip_frame); INIT_WORK(&fnic->event_work, fnic_handle_event); - INIT_WORK(&fnic->flush_work, fnic_flush_tx); skb_queue_head_init(&fnic->fip_frame_queue); INIT_LIST_HEAD(&fnic->evlist); INIT_LIST_HEAD(&fnic->vlans); @@ -948,6 +947,7 @@ static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent) INIT_WORK(&fnic->link_work, fnic_handle_link); INIT_WORK(&fnic->frame_work, fnic_handle_frame); + INIT_WORK(&fnic->flush_work, fnic_flush_tx); skb_queue_head_init(&fnic->frame_queue); skb_queue_head_init(&fnic->tx_queue); -- 2.46.1

7 months

3
3
0 0

[PATCH 5.10 000/352] 5.10.224-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.224 release. There are 352 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 17 Aug 2024 13:18:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.224-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.224-rc1 Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Eric Dumazet <edumazet(a)google.com> wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values Jason Wang <jasowang(a)redhat.com> vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler Cai Huoqing <caihuoqing(a)baidu.com> vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage Yunke Cao <yunkec(a)google.com> media: uvcvideo: Use entity get_cur in uvc_ctrl_set Amit Daniel Kachhap <amit.kachhap(a)arm.com> arm64: cpufeature: Fix the visibility of compat hwcaps Mahesh Salgaonkar <mahesh(a)linux.ibm.com> powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: prefer nft_chain_validate Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: allow clone callbacks to sleep Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use timestamp to check for set element timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: set element extended ACK reporting support Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Jari Ruusu <jariruusu(a)protonmail.com> Fix gcc 4.9 build issue in 5.10.y Linus Torvalds <torvalds(a)linux-foundation.org> Add gitignore file for samples/fanotify/ subdirectory Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Make fs-monitor depend on libc and headers Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Add fs error monitoring example Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: fix backup support in signal endpoints Geliang Tang <geliang.tang(a)suse.com> mptcp: export local_address Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: mib: count MPJ with backup flag Paolo Abeni <pabeni(a)redhat.com> mptcp: fix NL PM announced address accounting Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: distinguish rcv vs sent backup flag in requests Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sched: check both directions for backup Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Set DDC timeout in milliseconds Lucas Stach <l.stach(a)pengutronix.de> drm/bridge: analogix_dp: properly handle zero sized AUX transactions Andi Kleen <ak(a)linux.intel.com> x86/mtrr: Check if fixed MTRRs exist before saving them Waiman Long <longman(a)redhat.com> padata: Fix possible divide-by-0 panic in padata_mt_helper() Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> tracing: Fix overflow in get_free_elt() Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Round constant_charge_voltage writes down Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix constant_charge_voltage writes Shay Drory <shayd(a)nvidia.com> genirq/irqdesc: Honor caller provided affinity in alloc_desc() Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> irqchip/xilinx: Fix shift out of bounds George Kennedy <george.kennedy(a)oracle.com> serial: core: check uartclk for zero to avoid divide by zero Arseniy Krasnov <avkrasnov(a)salutedevices.com> irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' Qianggui Song <qianggui.song(a)amlogic.com> irqchip/meson-gpio: support more than 8 channels gpio irq Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> scsi: mpt3sas: Remove scsi_dma_map() error messages Justin Stitt <justinstitt(a)google.com> ntp: Safeguard against time_constant overflow Dan Williams <dan.j.williams(a)intel.com> driver core: Fix uevent_show() vs driver detach race Justin Stitt <justinstitt(a)google.com> ntp: Clamp maxerror and esterror to operating range Thomas Gleixner <tglx(a)linutronix.de> tick/broadcast: Move per CPU pointer access into the atomic section Vamshi Gajjela <vamshigajjela(a)google.com> scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: u_serial: Set start_delayed during suspend Chris Wulff <crwulff(a)gmail.com> usb: gadget: core: Check for unset descriptor Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> USB: serial: debug: do not echo input by default Oliver Neukum <oneukum(a)suse.com> usb: vhci-hcd: Do not drop references before new references are gained Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 Steven 'Steve' Kendall <skend(a)chromium.org> ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Fix racy access to midibuf Ma Ke <make24(a)iscas.ac.cn> drm/client: fix null pointer dereference in drm_client_modeset_probe Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Re-add ScratchAmp quirk entries Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix scldiv calculation Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Fix to check symbol prefixes correctly Menglong Dong <menglong8.dong(a)gmail.com> bpf: kprobe: remove unused declaring of bpf_kprobe_override Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Send alert notifications to all devices if source not found Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa881x: Correct Soundwire ports mask Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Improve handling of stuck alerts Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround (again) Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A725 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X1C definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Unify speculative SSBS errata logic Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X925 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A720 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X3 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Add workaround for Arm errata 3194386 and 3312417 Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Neoverse-V3 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X4 definitions Besar Wicaksono <bwicaksono(a)nvidia.com> arm64: Add Neoverse-V2 part James Morse <james.morse(a)arm.com> arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: fix wrong unit use in ext4_mb_find_by_goal Zheng Zucheng <zhengzucheng(a)huawei.com> sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fix a race to wake a sync task Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Prevent release of buffer in I/O Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: avoid memleak in jbd2_journal_write_metadata_buffer Michal Pecio <michal.pecio(a)gmail.com> media: uvcvideo: Fix the bandwdith quirk on USB 3.x Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Ignore empty TS packets Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the null pointer dereference to ras_manager Filipe Manana <fdmanana(a)suse.com> btrfs: fix bitmap leak when loading free space cache on duplicate entry Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't give key data to userspace Roman Smirnov <r.smirnov(a)omp.ru> udf: prevent integer overflow in udf_bitmap_free_blocks() FUJITA Tomonori <fujita.tomonori(a)gmail.com> PCI: Add Edimax Vendor ID to pci_ids.h Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT Thomas Weißschuh <linux(a)weissschuh.net> ACPI: SBS: manage alarm sysfs attribute through psy core Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: create alarm sysfs attribute atomically Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> clocksource/drivers/sh_cmt: Address race condition for clock events Yu Kuai <yukuai3(a)huawei.com> md/raid5: avoid BUG_ON() while continue reshape after reassembling Li Nan <linan122(a)huawei.com> md: do not delete safemode_timer in mddev_suspend Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_fwd_cb_cr() data race Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Stop PPS on driver remove James Chapman <jchapman(a)katalix.com> l2tp: fix lockdep splat Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() Eric Dumazet <edumazet(a)google.com> net: linkwatch: use system_unbound_wq Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: fix memory leak for not ip packets Kuniyuki Iwashima <kuniyu(a)amazon.com> sctp: Fix null-ptr-deref in reuseport_add_sock(). Xin Long <lucien.xin(a)gmail.com> sctp: move hlist_node and hashent out of sctp_ep_common Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_entry_text() for i386 Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_pgtable() alignment assumption Yipeng Zou <zouyipeng(a)huawei.com> irqchip/mbigen: Fix mbigen node address layout Marc Zyngier <maz(a)kernel.org> genirq: Allow irq_chip registration functions to take a const irq_chip Alexander Maltsev <keltar.gw(a)gmail.com> netfilter: ipset: Add list flush to cancel_gc Paolo Abeni <pabeni(a)redhat.com> mptcp: fix duplicate data handling Heiner Kallweit <hkallweit1(a)gmail.com> r8169: don't increment tx_dropped in case of NETDEV_TX_BUSY Ma Ke <make24(a)iscas.ac.cn> net: usb: sr9700: fix uninitialized variable use in sr_mdio_read Mavroudis Chatzilazaridis <mavchatz(a)protonmail.com> ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Correct surround channels in UAC1 channel map Al Viro <viro(a)zeniv.linux.org.uk> protect the fetch of ->fd[fd] in do_dup2() from mispredictions Tatsunosuke Tobita <tatsunosuke.tobita(a)wacom.com> HID: wacom: Modify pen IDs Patryk Duda <patrykd(a)google.com> platform/chrome: cros_ec_proto: Lock device when updating MKBP version Zhe Qiao <qiaozhe(a)iscas.ac.cn> riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Maciej Żenczykowski <maze(a)google.com> ipv6: fix ndisc_is_useropt() handling for PIO Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys Alexandra Winter <wintera(a)linux.ibm.com> net/iucv: fix use after free in iucv_sock_close() Eric Dumazet <edumazet(a)google.com> sched: act_ct: take care of padding in struct zones_ht_key Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix overlay when using Screen Targets Danilo Krummrich <dakr(a)kernel.org> drm/nouveau: prime: fix refcount underflow Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Dong Aisheng <aisheng.dong(a)nxp.com> remoteproc: imx_rproc: Fix ignoring mapping vdev regions Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: ignore mapping vdev regions Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Lucas Stach <l.stach(a)pengutronix.de> irqchip/imx-irqsteer: Add runtime PM support Lucas Stach <l.stach(a)pengutronix.de> irqchip/imx-irqsteer: Constify irq_chip struct Marc Zyngier <maz(a)kernel.org> genirq: Allow the PM device to originate from irq domain Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> driver core: Cast to (void *) with __force for __percpu pointer Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Michael Tretter <m.tretter(a)pengutronix.de> soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver Zhang Yi <yi.zhang(a)huawei.com> ext4: check the extent status again before inserting delalloc block Zhang Yi <yi.zhang(a)huawei.com> ext4: factor out a common helper to query extent map Thomas Weißschuh <linux(a)weissschuh.net> sysctl: always initialize i_uid/i_gid Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Miklos Szeredi <mszeredi(a)redhat.com> fuse: name fs_context consistently Esben Haabendal <esben(a)geanix.com> powerpc/configs: Update defconfig with now user-visible CONFIG_FSL_IFC Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Jens Axboe <axboe(a)kernel.dk> nvme: split command copy into a helper Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() Thomas Gleixner <tglx(a)linutronix.de> s390/pci: Rework MSI descriptor walk Thomas Gleixner <tglx(a)linutronix.de> s390/pci: Do not mask MSI[-X] entries on teardown ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro Alex Shi <alex.shi(a)linux.alibaba.com> fs/nilfs2: remove some unused macros to tame gcc David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Drop if block with always false condition Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Rename frwr_release_mr() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Allow entity-defined get_info and get_cur Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert gmap_make_secure to use a folio Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert make_page_secure to use a folio Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: fix race in gmap_make_secure() Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: add export before import Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: properly handle page flags for protected guests Claudio Imbrenda <imbrenda(a)linux.ibm.com> KVM: s390: pv: avoid stalls when making pages secure Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close fd in error path in drop_on_reuseport Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Shai Malin <smalin(a)marvell.com> qed: Improve the stack space of filter_config() Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Csókás Bence <csokas.bence(a)prolan.hu> net: fec: Refactor: #define magic constants Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Carl Huang <cjhuang(a)codeaurora.org> ath11k: dp: stop rx pktlog before suspend Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Amit Cohen <amcohen(a)nvidia.com> mlxsw: spectrum_acl_bloom_filter: Make mlxsw_sp_acl_bf_key_encode() more flexible Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Stefan Raspl <raspl(a)linux.ibm.com> net/smc: Allow SMC-D 1MB DMB allocations Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix prog numbers in test_sockmap Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Arnd Bergmann <arnd(a)arndb.de> ARM: pxa: spitz: use gpio descriptors for audio Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Marco Felsch <m.felsch(a)pengutronix.de> ARM: dts: imx6qdl-kontron-samx6i: move phy reset into phy-node Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Add new ADXL components for 2-level memory ------------- Diffstat: Documentation/arm64/cpu-feature-registers.rst | 38 ++++- Documentation/arm64/silicon-errata.rst | 36 +++++ .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Makefile | 4 +- arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 --- arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 26 +++- arch/arm/mach-pxa/spitz.c | 39 +++-- arch/arm/mach-pxa/{include/mach => }/spitz.h | 2 +- arch/arm/mach-pxa/spitz_pm.c | 2 +- arch/arm64/Kconfig | 38 +++++ arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 +- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/include/asm/cpucaps.h | 3 +- arch/arm64/include/asm/cputype.h | 16 ++ arch/arm64/kernel/cpu_errata.c | 31 ++++ arch/arm64/kernel/cpufeature.c | 94 +++++++++--- arch/arm64/kernel/proton-pack.c | 12 ++ arch/m68k/amiga/config.c | 9 ++ arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/powerpc/configs/85xx-hw.config | 2 + arch/powerpc/include/asm/percpu.h | 10 ++ arch/powerpc/kernel/mce.c | 14 +- arch/powerpc/kernel/setup_64.c | 2 + arch/powerpc/kernel/traps.c | 8 +- arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/xmon/ppc-dis.c | 33 ++--- arch/riscv/mm/fault.c | 17 ++- arch/s390/include/asm/pgtable.h | 9 +- arch/s390/include/asm/uv.h | 10 +- arch/s390/kernel/uv.c | 163 +++++++++++++++------ arch/s390/kvm/intercept.c | 5 + arch/s390/mm/gmap.c | 4 +- arch/s390/pci/pci_irq.c | 120 +++++++++------ arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/kernel/time.c | 4 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/mm/pti.c | 8 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/xen/p2m.c | 4 +- drivers/acpi/battery.c | 16 +- drivers/acpi/sbs.c | 23 +-- drivers/android/binder.c | 4 +- drivers/base/core.c | 13 +- drivers/base/devres.c | 13 +- drivers/base/module.c | 4 + drivers/block/rbd.c | 35 ++--- drivers/bluetooth/btusb.c | 4 + drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clocksource/sh_cmt.c | 13 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 88 +++++++++-- drivers/edac/skx_common.h | 15 +- drivers/firmware/turris-mox-rwtm.c | 18 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +- drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 7 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 7 +- drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 5 +- drivers/gpu/drm/drm_client_modeset.c | 5 + drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_mman.c | 53 ++++++- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- drivers/gpu/drm/nouveau/nouveau_prime.c | 3 +- drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 +- drivers/hid/wacom_wac.c | 3 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/i2c/i2c-smbus.c | 64 +++++++- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 4 + drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/irqchip/irq-imx-irqsteer.c | 40 ++++- drivers/irqchip/irq-mbigen.c | 20 ++- drivers/irqchip/irq-meson-gpio.c | 35 +++-- drivers/irqchip/irq-xilinx-intc.c | 2 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 2 +- drivers/leds/leds-ss4200.c | 7 +- drivers/macintosh/therm_windtunnel.c | 2 +- drivers/md/md.c | 1 - drivers/md/raid5.c | 20 ++- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- drivers/media/platform/qcom/venus/vdec.c | 3 +- drivers/media/platform/vsp1/vsp1_histo.c | 20 +-- drivers/media/platform/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/vsp1/vsp1_rpf.c | 8 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 ++++- drivers/media/usb/uvc/uvc_ctrl.c | 90 ++++++++---- drivers/media/usb/uvc/uvc_video.c | 37 ++++- drivers/media/usb/uvc/uvcvideo.h | 5 + drivers/memory/Kconfig | 2 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/tests/Makefile | 34 ++--- drivers/mtd/tests/mtd_test.c | 9 ++ drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/bcm_sf2.c | 4 +- drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 52 +++++-- drivers/net/ethernet/freescale/fec_ptp.c | 3 + .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 7 +- .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +-- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 38 +++-- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 -- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/qlogic/qed/qed_l2.c | 23 +-- drivers/net/ethernet/qlogic/qede/qede_filter.c | 47 +++--- drivers/net/ethernet/realtek/r8169_main.c | 8 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/usb/sr9700.c | 11 +- drivers/net/wireless/ath/ath11k/dp.h | 1 + drivers/net/wireless/ath/ath11k/dp_rx.c | 51 ++++++- drivers/net/wireless/ath/ath11k/dp_rx.h | 6 + drivers/net/wireless/ath/ath11k/mac.c | 19 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +-- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/virt_wifi.c | 20 ++- drivers/nvme/host/pci.c | 36 +++-- drivers/parport/procfs.c | 24 +-- drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/msi.c | 4 +- drivers/pci/pci.c | 19 ++- drivers/pci/setup-bus.c | 6 +- drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +-- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/chrome/cros_ec_proto.c | 2 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/power/supply/axp288_charger.c | 24 +-- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 5 + drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/s390/char/sclp_sd.c | 10 +- drivers/scsi/mpt3sas/mpt3sas_base.c | 38 ++--- drivers/scsi/qla2xxx/qla_bsg.c | 2 +- drivers/scsi/qla2xxx/qla_gs.c | 2 +- drivers/scsi/qla2xxx/qla_init.c | 63 ++++++-- drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 7 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++++++++----- drivers/scsi/ufs/ufshcd.c | 11 +- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/xilinx/zynqmp_pm_domains.c | 16 ++ drivers/soc/xilinx/zynqmp_power.c | 5 +- drivers/spi/spi-fsl-lpspi.c | 6 +- drivers/tty/serial/serial_core.c | 8 + drivers/usb/gadget/function/u_serial.c | 1 + drivers/usb/gadget/udc/core.c | 10 +- drivers/usb/serial/usb_debug.c | 7 + drivers/usb/usbip/vhci_hcd.c | 9 +- drivers/vhost/vdpa.c | 30 ++-- fs/btrfs/free-space-cache.c | 1 + fs/ceph/super.c | 3 +- fs/exec.c | 8 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/inode.c | 78 ++++++---- fs/ext4/mballoc.c | 3 +- fs/ext4/namei.c | 73 +++++++-- fs/ext4/xattr.c | 6 + fs/f2fs/inode.c | 3 + fs/f2fs/segment.h | 3 +- fs/file.c | 1 + fs/fuse/control.c | 10 +- fs/fuse/inode.c | 80 ++++++---- fs/fuse/virtio_fs.c | 12 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 +++ fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 6 + fs/jfs/jfs_imap.c | 5 +- fs/nilfs2/btnode.c | 25 +++- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 7 +- fs/proc/proc_sysctl.c | 6 +- fs/proc/task_mmu.c | 2 + fs/super.c | 11 ++ fs/udf/balloc.c | 51 +++---- fs/udf/super.c | 3 +- include/linux/compiler_attributes.h | 1 + include/linux/irq.h | 7 +- include/linux/irqdomain.h | 10 ++ include/linux/jbd2.h | 5 - include/linux/msi.h | 2 - include/linux/objagg.h | 1 - include/linux/pci_ids.h | 2 + include/linux/qed/qed_eth_if.h | 21 +-- include/linux/sched/signal.h | 6 + include/linux/task_work.h | 3 +- include/linux/trace_events.h | 1 - include/net/netfilter/nf_tables.h | 25 +++- include/net/sctp/sctp.h | 4 +- include/net/sctp/structs.h | 8 +- include/trace/events/rpcgss.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + io_uring/io-wq.c | 10 +- kernel/bpf/btf.c | 10 +- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 2 + kernel/events/internal.h | 2 +- kernel/irq/chip.c | 32 ++-- kernel/irq/irqdesc.c | 1 + kernel/irq/manage.c | 2 +- kernel/kprobes.c | 4 +- kernel/padata.c | 7 + kernel/rcu/rcutorture.c | 2 +- kernel/sched/core.c | 23 ++- kernel/sched/cputime.c | 6 + kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 ++++- kernel/time/ntp.c | 9 +- kernel/time/tick-broadcast.c | 24 +++ kernel/trace/tracing_map.c | 6 +- kernel/watchdog_hld.c | 11 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 ++- lib/objagg.c | 18 +-- net/bluetooth/l2cap_core.c | 1 + net/core/filter.c | 15 +- net/core/link_watch.c | 4 +- net/core/xdp.c | 4 +- net/ipv4/esp4.c | 3 +- net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 2 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/ndisc.c | 34 +++-- net/iucv/af_iucv.c | 4 +- net/l2tp/l2tp_core.c | 15 +- net/mptcp/mib.c | 2 + net/mptcp/mib.h | 2 + net/mptcp/options.c | 2 +- net/mptcp/pm.c | 9 ++ net/mptcp/pm_netlink.c | 30 +++- net/mptcp/protocol.c | 10 +- net/mptcp/protocol.h | 6 +- net/mptcp/subflow.c | 24 ++- net/netfilter/ipset/ip_set_list_set.c | 3 + net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nf_tables_api.c | 149 ++++--------------- net/netfilter/nft_connlimit.c | 2 +- net/netfilter/nft_counter.c | 4 +- net/netfilter/nft_dynset.c | 2 +- net/netfilter/nft_set_hash.c | 8 +- net/netfilter/nft_set_pipapo.c | 18 ++- net/netfilter/nft_set_pipapo_avx2.c | 12 +- net/netfilter/nft_set_rbtree.c | 6 +- net/packet/af_packet.c | 86 ++++++++++- net/sched/act_ct.c | 4 +- net/sctp/input.c | 48 +++--- net/sctp/proc.c | 10 +- net/sctp/socket.c | 6 +- net/smc/smc_core.c | 32 ++-- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/sched.c | 4 +- net/sunrpc/xprtrdma/frwr_ops.c | 9 +- net/sunrpc/xprtrdma/verbs.c | 20 ++- net/sunrpc/xprtrdma/xprt_rdma.h | 2 +- net/tipc/udp_media.c | 5 +- net/wireless/nl80211.c | 16 +- net/wireless/util.c | 8 +- samples/Kconfig | 8 + samples/Makefile | 1 + samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 + samples/fanotify/fs-monitor.c | 142 ++++++++++++++++++ scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + security/keys/keyctl.c | 2 +- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/codecs/max98088.c | 10 +- sound/soc/codecs/wsa881x.c | 2 +- sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/pxa/spitz.c | 58 +++----- sound/usb/line6/driver.c | 5 + sound/usb/quirks-table.h | 4 + sound/usb/stream.c | 4 +- tools/lib/bpf/btf_dump.c | 8 +- tools/memory-model/lock.cat | 20 +-- tools/perf/util/sort.c | 2 +- .../testing/selftests/bpf/prog_tests/send_signal.c | 3 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 ++++++- .../selftests/net/forwarding/devlink_lib.sh | 2 + .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 360 files changed, 3135 insertions(+), 1499 deletions(-)

7 months

7
358
0 0

+ fs-proc-kcorec-allow-translation-of-physical-memory-addresses.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/kcore.c: allow translation of physical memory addresses has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-kcorec-allow-translation-of-physical-memory-addresses.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: fs/proc/kcore.c: allow translation of physical memory addresses Date: Mon, 30 Sep 2024 14:21:19 +0200 When /proc/kcore is read an attempt to read the first two pages results in HW-specific page swap on s390 and another (so called prefix) pages are accessed instead. That leads to a wrong read. Allow architecture-specific translation of memory addresses using kc_xlate_dev_mem_ptr() and kc_unxlate_dev_mem_ptr() callbacks similarily to /dev/mem xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() callbacks. That way an architecture can deal with specific physical memory ranges. Re-use the existing /dev/mem callback implementation on s390, which handles the described prefix pages swapping correctly. For other architectures the default callback is basically NOP. It is expected the condition (vaddr == __va(__pa(vaddr))) always holds true for KCORE_RAM memory type. Link: https://lkml.kernel.org/r/20240930122119.1651546-1-agordeev@linux.ibm.com Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Suggested-by: Heiko Carstens <hca(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/include/asm/io.h | 2 + fs/proc/kcore.c | 36 +++++++++++++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) --- a/arch/s390/include/asm/io.h~fs-proc-kcorec-allow-translation-of-physical-memory-addresses +++ a/arch/s390/include/asm/io.h @@ -16,8 +16,10 @@ #include <asm/pci_io.h> #define xlate_dev_mem_ptr xlate_dev_mem_ptr +#define kc_xlate_dev_mem_ptr xlate_dev_mem_ptr void *xlate_dev_mem_ptr(phys_addr_t phys); #define unxlate_dev_mem_ptr unxlate_dev_mem_ptr +#define kc_unxlate_dev_mem_ptr unxlate_dev_mem_ptr void unxlate_dev_mem_ptr(phys_addr_t phys, void *addr); #define IO_SPACE_LIMIT 0 --- a/fs/proc/kcore.c~fs-proc-kcorec-allow-translation-of-physical-memory-addresses +++ a/fs/proc/kcore.c @@ -50,6 +50,20 @@ static struct proc_dir_entry *proc_root_ #define kc_offset_to_vaddr(o) ((o) + PAGE_OFFSET) #endif +#ifndef kc_xlate_dev_mem_ptr +#define kc_xlate_dev_mem_ptr kc_xlate_dev_mem_ptr +static inline void *kc_xlate_dev_mem_ptr(phys_addr_t phys) +{ + return __va(phys); +} +#endif +#ifndef kc_unxlate_dev_mem_ptr +#define kc_unxlate_dev_mem_ptr kc_unxlate_dev_mem_ptr +static inline void kc_unxlate_dev_mem_ptr(phys_addr_t phys, void *virt) +{ +} +#endif + static LIST_HEAD(kclist_head); static DECLARE_RWSEM(kclist_lock); static int kcore_need_update = 1; @@ -471,6 +485,8 @@ static ssize_t read_kcore_iter(struct ki while (buflen) { struct page *page; unsigned long pfn; + phys_addr_t phys; + void *__start; /* * If this is the first iteration or the address is not within @@ -537,7 +553,8 @@ static ssize_t read_kcore_iter(struct ki } break; case KCORE_RAM: - pfn = __pa(start) >> PAGE_SHIFT; + phys = __pa(start); + pfn = phys >> PAGE_SHIFT; page = pfn_to_online_page(pfn); /* @@ -557,13 +574,28 @@ static ssize_t read_kcore_iter(struct ki fallthrough; case KCORE_VMEMMAP: case KCORE_TEXT: + if (m->type == KCORE_RAM) { + __start = kc_xlate_dev_mem_ptr(phys); + if (!__start) { + ret = -ENOMEM; + if (iov_iter_zero(tsz, iter) != tsz) + ret = -EFAULT; + goto out; + } + } else { + __start = (void *)start; + } + /* * Sadly we must use a bounce buffer here to be able to * make use of copy_from_kernel_nofault(), as these * memory regions might not always be mapped on all * architectures. */ - if (copy_from_kernel_nofault(buf, (void *)start, tsz)) { + ret = copy_from_kernel_nofault(buf, __start, tsz); + if (m->type == KCORE_RAM) + kc_unxlate_dev_mem_ptr(phys, __start); + if (ret) { if (iov_iter_zero(tsz, iter) != tsz) { ret = -EFAULT; goto out; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are fs-proc-kcorec-allow-translation-of-physical-memory-addresses.patch

7 months

1
0
0 0

[PATCH 1/3] perf/x86/intel: Fix ARCH_PERFMON_NUM_COUNTER_LEAF

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> The EAX of the CPUID Leaf 023H enumerates the mask of valid sub-leaves. To tell the availability of the sub-leaf 1 (enumerate the counter mask), perf should check the bit 1 (0x2) of EAS, rather than bit 0 (0x1). The error is not user-visible on bare metal. Because the sub-leaf 0 and the sub-leaf 1 are always available. However, it may bring issues in a virtualization environment when a VMM only enumerates the sub-leaf 0. Fixes: eb467aaac21e ("perf/x86/intel: Support Architectural PerfMon Extension leaf") Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 4 ++-- arch/x86/include/asm/perf_event.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 342f8b1a2f93..123ed1d60118 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4900,8 +4900,8 @@ static void update_pmu_cap(struct x86_hybrid_pmu *pmu) if (ebx & ARCH_PERFMON_EXT_EQ) pmu->config_mask |= ARCH_PERFMON_EVENTSEL_EQ; - if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) { - cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF, + if (sub_bitmaps & ARCH_PERFMON_NUM_COUNTER_LEAF) { + cpuid_count(ARCH_PERFMON_EXT_LEAF, ARCH_PERFMON_NUM_COUNTER_LEAF_BIT, &eax, &ebx, &ecx, &edx); pmu->cntr_mask64 = eax; pmu->fixed_cntr_mask64 = ebx; diff --git a/arch/x86/include/asm/perf_event.h b/arch/x86/include/asm/perf_event.h index e3b5e8e96fb3..1d4ce655aece 100644 --- a/arch/x86/include/asm/perf_event.h +++ b/arch/x86/include/asm/perf_event.h @@ -191,7 +191,7 @@ union cpuid10_edx { #define ARCH_PERFMON_EXT_UMASK2 0x1 #define ARCH_PERFMON_EXT_EQ 0x2 #define ARCH_PERFMON_NUM_COUNTER_LEAF_BIT 0x1 -#define ARCH_PERFMON_NUM_COUNTER_LEAF 0x1 +#define ARCH_PERFMON_NUM_COUNTER_LEAF BIT(ARCH_PERFMON_NUM_COUNTER_LEAF_BIT) /* * Intel Architectural LBR CPUID detection/enumeration details: -- 2.38.1

7 months

1
0
0 0

Batimat Expo 2024

by Clara Skylar

Hey, Would you be interested in acquiring an visitors list of Batimat Expo 2024? We have 95,000 verified contact list. List Contains: Contact Name, Title, Phone Number, Fax Number, Physical address, Company Name, Company URL, Employee Size, Revenue Size, Industry, and more… Interested? I will share you more details and pricing for the same. Kind Regards, Clara Skylar Senior Marketing Executive If you do not wish to receive our emails, please reply with "Not Interested."

7 months

1
0
0 0

[PATCH v2 1/6] drm/i915/gem: fix bitwise and logical AND mixup

by Jani Nikula

CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND is an int, defaulting to 250. When the wakeref is non-zero, it's either -1 or a dynamically allocated pointer, depending on CONFIG_DRM_I915_DEBUG_RUNTIME_PM. It's likely that the code works by coincidence with the bitwise AND, but with CONFIG_DRM_I915_DEBUG_RUNTIME_PM=y, there's the off chance that the condition evaluates to false, and intel_wakeref_auto() doesn't get called. Switch to the intended logical AND. v2: Use != to avoid clang -Wconstant-logical-operand (Nathan) Fixes: ad74457a6b5a ("drm/i915/dgfx: Release mmap on rpm suspend") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: Anshuman Gupta <anshuman.gupta(a)intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Nathan Chancellor <nathan(a)kernel.org> Cc: <stable(a)vger.kernel.org> # v6.1+ Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> # v1 Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> # v1 Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c index 5c72462d1f57..b22e2019768f 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_ttm.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_ttm.c @@ -1131,7 +1131,7 @@ static vm_fault_t vm_fault_ttm(struct vm_fault *vmf) GEM_WARN_ON(!i915_ttm_cpu_maps_iomem(bo->resource)); } - if (wakeref & CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND) + if (wakeref && CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND != 0) intel_wakeref_auto(&to_i915(obj->base.dev)->runtime_pm.userfault_wakeref, msecs_to_jiffies_timeout(CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND)); -- 2.39.2

7 months

3
5
0 0

Linux 6.11.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.1 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 drivers/accel/drm_accel.c | 110 ++-------------------------------- drivers/bluetooth/btintel_pcie.c | 2 drivers/cpufreq/amd-pstate.c | 5 + drivers/gpu/drm/drm_drv.c | 97 ++++++++++++++--------------- drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_internal.h | 4 - drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 18 ++--- drivers/powercap/intel_rapl_common.c | 35 +++++++++- drivers/usb/class/usbtmc.c | 2 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 + include/drm/drm_accel.h | 18 ----- include/drm/drm_file.h | 5 + net/netfilter/nft_socket.c | 4 - sound/soc/amd/acp/acp-legacy-common.c | 5 + sound/soc/amd/acp/amd.h | 2 18 files changed, 128 insertions(+), 193 deletions(-) Dan Carpenter (2): netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() powercap: intel_rapl: Change an error pointer to NULL Dhananjay Ugwekar (3): powercap/intel_rapl: Add support for AMD family 1Ah powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() Edward Adam Davis (1): USB: usbtmc: prevent kernel-usb-infoleak Greg Kroah-Hartman (1): Linux 6.11.1 Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Keith Busch (1): nvme-pci: qdepth 1 quirk Kiran K (1): Bluetooth: btintel_pcie: Allocate memory for driver private data Michał Winiarski (3): drm: Use XArray instead of IDR for minors accel: Use XArray instead of IDR for minors drm: Expand max DRM device number to full MINORBITS Vijendar Mukunda (1): ASoC: amd: acp: add ZSC control register programming sequence

7 months

1
1
0 0

Linux 6.10.12

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.12 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/include/asm/hw_irq.h | 2 arch/loongarch/include/asm/kvm_vcpu.h | 1 arch/loongarch/kernel/irq.c | 3 arch/loongarch/kvm/timer.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/microblaze/mm/init.c | 5 arch/x86/kernel/cpu/mshyperv.c | 1 drivers/accel/drm_accel.c | 110 --------------- drivers/bluetooth/btintel_pcie.c | 2 drivers/clk/qcom/gcc-sm8650.c | 56 +++---- drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 3 drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 - drivers/gpu/drm/drm_drv.c | 97 ++++++------- drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_internal.h | 4 drivers/hwmon/asus-ec-sensors.c | 2 drivers/net/can/m_can/m_can.c | 16 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 + drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 26 ++- drivers/net/ethernet/intel/ice/ice_lib.c | 4 drivers/net/ethernet/intel/ice/ice_main.c | 4 drivers/net/ethernet/intel/ice/ice_xsk.c | 6 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 31 ++-- drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 18 +- drivers/pinctrl/pinctrl-at91.c | 5 drivers/platform/x86/amd/pmf/pmf-quirks.c | 2 drivers/platform/x86/asus-nb-wmi.c | 20 ++ drivers/platform/x86/asus-wmi.h | 1 drivers/platform/x86/x86-android-tablets/dmi.c | 1 drivers/powercap/intel_rapl_common.c | 35 ++++ drivers/scsi/lpfc/lpfc_bsg.c | 2 drivers/spi/spi-bcm63xx.c | 1 drivers/spi/spidev.c | 2 drivers/usb/class/usbtmc.c | 2 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 fs/ocfs2/xattr.c | 27 ++- fs/smb/client/connect.c | 14 + include/drm/drm_accel.h | 18 -- include/drm/drm_file.h | 5 net/mac80211/tx.c | 4 net/netfilter/nft_socket.c | 41 +++++ sound/pci/hda/patch_hdmi.c | 1 sound/pci/hda/patch_realtek.c | 76 ++++++---- sound/soc/amd/acp/acp-sof-mach.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/au1x/db1200.c | 1 sound/soc/codecs/chv3-codec.c | 1 sound/soc/codecs/tda7419.c | 1 sound/soc/google/chv3-i2s.c | 1 sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 sound/soc/intel/keembay/kmb_platform.c | 1 sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 1 sound/soc/mediatek/mt8188/mt8188-mt6359.c | 17 +- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 tools/hv/Makefile | 2 69 files changed, 449 insertions(+), 358 deletions(-) Albert Jakieła (1): ASoC: SOF: mediatek: Add missing board compatible Benjamin Berg (1): wifi: iwlwifi: lower message level for FW buffer destination Bibo Mao (1): LoongArch: KVM: Invalidate guest steal time address on vCPU reset Dan Carpenter (2): netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() powercap: intel_rapl: Change an error pointer to NULL Daniel Gabay (2): wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Dhananjay Ugwekar (2): powercap/intel_rapl: Add support for AMD family 1Ah powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs Dmitry Antipov (1): wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Edward Adam Davis (1): USB: usbtmc: prevent kernel-usb-infoleak Emmanuel Grumbach (3): wifi: iwlwifi: mvm: pause TCM when the firmware is stopped wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: clear trans->state earlier upon error Fabio Estevam (1): spi: spidev: Add an entry for elgin,jg10309-01 Ferry Meng (2): ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Florian Westphal (1): netfilter: nft_socket: make cgroupsv2 matching work with namespaces Geert Uytterhoeven (1): spi: spidev: Add missing spi_device_id for jg10309-01 Greg Kroah-Hartman (1): Linux 6.10.12 Hans de Goede (2): platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Hongbo Li (2): ASoC: allow module autoloading for table db1200_pids ASoC: allow module autoloading for table board_ids Huacai Chen (1): LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou (1): net: ftgmac100: Ensure tx descriptor updates are visible Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Kai Vehmanen (1): ALSA: hda: add HDMI codec ID for Intel PTL Kailang Yang (2): ALSA: hda/realtek - Fixed ALC256 headphone no sound ALSA: hda/realtek - FIxed ALC285 headphone no sound Keith Busch (1): nvme-pci: qdepth 1 quirk Kenneth Feng (1): drm/amd/pm: fix the pp_dpm_pcie issue on smu v14.0.2/3 Kiran K (1): Bluetooth: btintel_pcie: Allocate memory for driver private data Larysa Zaremba (1): ice: check for XDP rings instead of bpf program when unconfiguring Liao Chen (5): ASoC: intel: fix module autoloading ASoC: google: fix module autoloading ASoC: tda7419: fix module autoloading ASoC: fix module autoloading spi: bcm63xx: Enable module autoloading Luke D. Jones (1): platform/x86/amd: pmf: Make ASUS GA403 quirk generic Marc Kleine-Budde (3): can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration can: mcp251xfd: properly indent labels can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Markus Schneider-Pargmann (1): can: m_can: Limit coalescing to peripheral instances Markuss Broks (1): ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) Mathieu Fenniak (1): platform/x86: asus-wmi: Fix spurious rfkill on UX8406MA Michael Kelley (1): x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Michał Winiarski (3): drm: Use XArray instead of IDR for minors accel: Use XArray instead of IDR for minors drm: Expand max DRM device number to full MINORBITS Mike Rapoport (1): microblaze: don't treat zero reserved memory regions as error Neil Armstrong (1): clk: qcom: gcc-sm8650: Don't use shared clk_ops for QUPs Paulo Alcantara (1): smb: client: fix hang in wait_for_response() for negproto Ross Brown (1): hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Sherry Yang (1): scsi: lpfc: Fix overflow build issue Thomas Blocher (1): pinctrl: at91: make it work with current gpiolib YR Yang (1): ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile Zhang Yi (1): ASoC: mediatek: mt8188-mt6359: Modify key hongchi.peng (1): drm: komeda: Fix an issue related to normalized zpos zhang jiao (1): tools: hv: rm .*.cmd when make clean

7 months

1
1
0 0

Linux 6.6.53

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.53 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/include/asm/hw_irq.h | 2 arch/loongarch/kernel/irq.c | 3 arch/microblaze/mm/init.c | 5 arch/x86/kernel/cpu/mshyperv.c | 1 arch/x86/mm/init.c | 16 -- block/blk-core.c | 10 + block/blk-mq.c | 10 - drivers/accel/drm_accel.c | 110 --------------- drivers/gpio/gpiolib-cdev.c | 12 - drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 - drivers/gpu/drm/drm_drv.c | 97 ++++++------- drivers/gpu/drm/drm_file.c | 2 drivers/gpu/drm/drm_internal.h | 4 drivers/hwmon/asus-ec-sensors.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 + drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 26 ++- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 + drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 31 ++-- drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 drivers/nvme/host/nvme.h | 5 drivers/nvme/host/pci.c | 18 +- drivers/pinctrl/pinctrl-at91.c | 5 drivers/platform/x86/x86-android-tablets/dmi.c | 1 drivers/powercap/intel_rapl_common.c | 1 drivers/scsi/lpfc/lpfc_bsg.c | 2 drivers/spi/spi-bcm63xx.c | 1 drivers/spi/spidev.c | 2 drivers/usb/class/usbtmc.c | 2 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 fs/ocfs2/xattr.c | 27 ++- fs/smb/client/connect.c | 14 + include/drm/drm_accel.h | 18 -- include/drm/drm_file.h | 5 include/net/netfilter/nf_tables.h | 13 + net/mac80211/tx.c | 4 net/netfilter/nf_tables_api.c | 5 net/netfilter/nft_lookup.c | 1 net/netfilter/nft_set_pipapo.c | 6 net/netfilter/nft_socket.c | 41 +++++ net/wireless/core.h | 8 - sound/pci/hda/patch_hdmi.c | 1 sound/pci/hda/patch_realtek.c | 76 ++++++---- sound/soc/amd/acp/acp-sof-mach.c | 2 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/au1x/db1200.c | 1 sound/soc/codecs/chv3-codec.c | 1 sound/soc/codecs/tda7419.c | 1 sound/soc/google/chv3-i2s.c | 1 sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 sound/soc/intel/keembay/kmb_platform.c | 1 sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 1 sound/soc/sof/mediatek/mt8195/mt8195.c | 3 tools/hv/Makefile | 2 64 files changed, 383 insertions(+), 330 deletions(-) Albert Jakieła (1): ASoC: SOF: mediatek: Add missing board compatible Benjamin Berg (1): wifi: iwlwifi: lower message level for FW buffer destination Dan Carpenter (1): netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Daniel Gabay (2): wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Dhananjay Ugwekar (1): powercap/intel_rapl: Add support for AMD family 1Ah Dmitry Antipov (1): wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Edward Adam Davis (1): USB: usbtmc: prevent kernel-usb-infoleak Emmanuel Grumbach (3): wifi: iwlwifi: mvm: pause TCM when the firmware is stopped wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: clear trans->state earlier upon error Fabio Estevam (1): spi: spidev: Add an entry for elgin,jg10309-01 Ferry Meng (2): ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Florian Westphal (1): netfilter: nft_socket: make cgroupsv2 matching work with namespaces Geert Uytterhoeven (1): spi: spidev: Add missing spi_device_id for jg10309-01 Greg Kroah-Hartman (1): Linux 6.6.53 Hans de Goede (2): platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Hongbo Li (2): ASoC: allow module autoloading for table db1200_pids ASoC: allow module autoloading for table board_ids Hongyu Jin (1): block: Fix where bio IO priority gets set Huacai Chen (1): LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou (1): net: ftgmac100: Ensure tx descriptor updates are visible Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Kai Vehmanen (1): ALSA: hda: add HDMI codec ID for Intel PTL Kailang Yang (2): ALSA: hda/realtek - Fixed ALC256 headphone no sound ALSA: hda/realtek - FIxed ALC285 headphone no sound Keith Busch (1): nvme-pci: qdepth 1 quirk Kent Gibson (1): gpiolib: cdev: Ignore reconfiguration without direction Liao Chen (5): ASoC: intel: fix module autoloading ASoC: google: fix module autoloading ASoC: tda7419: fix module autoloading ASoC: fix module autoloading spi: bcm63xx: Enable module autoloading Marc Kleine-Budde (3): can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration can: mcp251xfd: properly indent labels can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Markuss Broks (1): ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) Michael Kelley (1): x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Michał Winiarski (3): drm: Use XArray instead of IDR for minors accel: Use XArray instead of IDR for minors drm: Expand max DRM device number to full MINORBITS Mike Rapoport (1): microblaze: don't treat zero reserved memory regions as error Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: nf_tables: missing iterator type in lookup walk Paulo Alcantara (1): smb: client: fix hang in wait_for_response() for negproto Ping-Ke Shih (1): Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" Ross Brown (1): hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Sherry Yang (1): scsi: lpfc: Fix overflow build issue Thomas Blocher (1): pinctrl: at91: make it work with current gpiolib Tony Luck (1): x86/mm: Switch to new Intel CPU model defines YR Yang (1): ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile hongchi.peng (1): drm: komeda: Fix an issue related to normalized zpos zhang jiao (1): tools: hv: rm .*.cmd when make clean

7 months

1
1
0 0

Linux 6.1.112

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.112 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/include/asm/hw_irq.h | 2 arch/loongarch/kernel/irq.c | 3 arch/microblaze/mm/init.c | 5 arch/x86/kernel/cpu/mshyperv.c | 1 arch/x86/mm/init.c | 16 block/blk-core.c | 10 block/blk-mq.c | 10 drivers/gpio/gpiolib-cdev.c | 12 drivers/gpio/gpiolib.c | 3 drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 drivers/hwmon/asus-ec-sensors.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 drivers/net/ethernet/faraday/ftgmac100.c | 26 + drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 23 - drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 drivers/pinctrl/pinctrl-at91.c | 5 drivers/powercap/intel_rapl_msr.c | 12 drivers/scsi/lpfc/lpfc_bsg.c | 2 drivers/spi/spi-bcm63xx.c | 1 drivers/spi/spidev.c | 2 drivers/usb/class/usbtmc.c | 2 drivers/usb/serial/pl2303.c | 1 drivers/usb/serial/pl2303.h | 4 fs/btrfs/block-rsv.c | 14 fs/btrfs/block-rsv.h | 12 fs/btrfs/delayed-ref.h | 21 + fs/ocfs2/xattr.c | 27 + fs/smb/client/connect.c | 14 fs/xfs/libxfs/xfs_ag.c | 19 - fs/xfs/libxfs/xfs_alloc.c | 69 +++ fs/xfs/libxfs/xfs_bmap.c | 16 fs/xfs/libxfs/xfs_bmap.h | 2 fs/xfs/libxfs/xfs_bmap_btree.c | 19 - fs/xfs/libxfs/xfs_btree.c | 18 - fs/xfs/libxfs/xfs_fs.h | 2 fs/xfs/libxfs/xfs_ialloc.c | 17 fs/xfs/libxfs/xfs_log_format.h | 9 fs/xfs/libxfs/xfs_sb.c | 56 +++ fs/xfs/libxfs/xfs_trans_inode.c | 113 ------ fs/xfs/xfs_attr_inactive.c | 1 fs/xfs/xfs_bmap_util.c | 18 - fs/xfs/xfs_buf_item.c | 88 +++-- fs/xfs/xfs_dquot.c | 1 fs/xfs/xfs_export.c | 14 fs/xfs/xfs_extent_busy.c | 1 fs/xfs/xfs_fsmap.c | 1 fs/xfs/xfs_fsops.c | 13 fs/xfs/xfs_icache.c | 58 ++- fs/xfs/xfs_icache.h | 4 fs/xfs/xfs_inode.c | 260 +++++++++++++-- fs/xfs/xfs_inode.h | 36 +- fs/xfs/xfs_inode_item.c | 149 ++++++++ fs/xfs/xfs_inode_item.h | 1 fs/xfs/xfs_itable.c | 11 fs/xfs/xfs_log.c | 47 -- fs/xfs/xfs_log_recover.c | 19 - fs/xfs/xfs_mount.h | 11 fs/xfs/xfs_notify_failure.c | 15 fs/xfs/xfs_qm.c | 72 +++- fs/xfs/xfs_super.c | 1 fs/xfs/xfs_trace.h | 46 ++ fs/xfs/xfs_trans.c | 9 include/net/netfilter/nf_tables.h | 13 net/mac80211/tx.c | 4 net/netfilter/nf_tables_api.c | 5 net/netfilter/nft_lookup.c | 1 net/netfilter/nft_set_pipapo.c | 6 net/netfilter/nft_socket.c | 41 ++ net/wireless/core.h | 8 sound/pci/hda/patch_realtek.c | 76 ++-- sound/soc/amd/acp/acp-sof-mach.c | 2 sound/soc/au1x/db1200.c | 1 sound/soc/codecs/tda7419.c | 1 sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 sound/soc/intel/keembay/kmb_platform.c | 1 sound/soc/sof/mediatek/mt8195/mt8195.c | 3 tools/hv/Makefile | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 89 files changed, 1254 insertions(+), 461 deletions(-) Albert Jakieła (1): ASoC: SOF: mediatek: Add missing board compatible Benjamin Berg (1): wifi: iwlwifi: lower message level for FW buffer destination Dan Carpenter (1): netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Daniel Gabay (1): wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation Darrick J. Wong (8): xfs: fix uninitialized variable access xfs: load uncached unlinked inodes into memory on demand xfs: fix negative array access in xfs_getbmap xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list xfs: reload entire unlinked bucket lists xfs: make inode unlinked bucket recovery work with quotacheck xfs: fix reloading entire unlinked bucket lists xfs: set bnobt/cntbt numrecs correctly when formatting new AGs Dave Chinner (13): xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING xfs: don't use BMBT btree split workers for IO completion xfs: fix low space alloc deadlock xfs: prefer free inodes at ENOSPC over chunk allocation xfs: block reservation too large for minleft allocation xfs: quotacheck failure can race with background inode inactivation xfs: buffer pins need to hold a buffer reference xfs: defered work could create precommits xfs: fix AGF vs inode cluster buffer deadlock xfs: collect errors from inodegc for unlinked inode recovery xfs: remove WARN when dquot cache insertion fails xfs: fix unlink vs cluster buffer instantiation race xfs: journal geometry is not properly bounds checked Dmitry Antipov (1): wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Edward Adam Davis (1): USB: usbtmc: prevent kernel-usb-infoleak Emmanuel Grumbach (3): wifi: iwlwifi: mvm: pause TCM when the firmware is stopped wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: clear trans->state earlier upon error Fabio Estevam (1): spi: spidev: Add an entry for elgin,jg10309-01 Ferry Meng (2): ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Filipe Manana (1): btrfs: calculate the right space for delayed refs when updating global reserve Florian Westphal (1): netfilter: nft_socket: make cgroupsv2 matching work with namespaces Geert Uytterhoeven (1): spi: spidev: Add missing spi_device_id for jg10309-01 Greg Kroah-Hartman (1): Linux 6.1.112 Hagar Hemdan (1): gpio: prevent potential speculation leaks in gpio_device_get_desc() Hans de Goede (1): ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Hongbo Li (2): ASoC: allow module autoloading for table db1200_pids ASoC: allow module autoloading for table board_ids Hongyu Jin (1): block: Fix where bio IO priority gets set Huacai Chen (1): LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou (1): net: ftgmac100: Ensure tx descriptor updates are visible Junhao Xie (1): USB: serial: pl2303: add device id for Macrosilicon MS3020 Kailang Yang (2): ALSA: hda/realtek - Fixed ALC256 headphone no sound ALSA: hda/realtek - FIxed ALC285 headphone no sound Kent Gibson (1): gpiolib: cdev: Ignore reconfiguration without direction Liao Chen (3): ASoC: intel: fix module autoloading ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading Long Li (1): xfs: fix ag count overflow during growfs Marc Kleine-Budde (3): can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration can: mcp251xfd: properly indent labels can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Matthieu Baerts (NGI0) (1): selftests: mptcp: join: restrict fullmesh endp on 1st sf Michael Kelley (1): x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Mike Rapoport (1): microblaze: don't treat zero reserved memory regions as error Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: nf_tables: missing iterator type in lookup walk Paulo Alcantara (1): smb: client: fix hang in wait_for_response() for negproto Ping-Ke Shih (1): Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" Ross Brown (1): hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Sherry Yang (1): scsi: lpfc: Fix overflow build issue Shiyang Ruan (2): xfs: fix the calculation for "end" and "length" xfs: correct calculation for agend and blockcount Sumeet Pawnikar (1): powercap: RAPL: fix invalid initialization for pl4_supported field Thomas Blocher (1): pinctrl: at91: make it work with current gpiolib Tony Luck (1): x86/mm: Switch to new Intel CPU model defines Wengang Wang (1): xfs: fix extent busy updating Wu Guanghao (1): xfs: Fix deadlock on xfs_inodegc_worker Ye Bin (1): xfs: fix BUG_ON in xfs_getbmap() hongchi.peng (1): drm: komeda: Fix an issue related to normalized zpos zhang jiao (1): tools: hv: rm .*.cmd when make clean

7 months

1
1
0 0

[PATCH] KVM: PPC: Book3S HV: Reset LPCR_MER before running a vCPU to avoid spurious interrupts

by Gautam Menghani

Reset LPCR_MER bit before running a vCPU to ensure that it is not set if there are no pending interrupts. Running a vCPU with LPCR_MER bit set and no pending interrupts results in L2 vCPU getting an infinite flood of spurious interrupts. The 'if check' in kvmhv_run_single_vcpu() sets the LPCR_MER bit if there are pending interrupts. The spurious flood problem can be observed in 2 cases: 1. Crashing the guest while interrupt heavy workload is running a. Start a L2 guest and run an interrupt heavy workload (eg: ipistorm) b. While the workload is running, crash the guest (make sure kdump is configured) c. Any one of the vCPUs of the guest will start getting an infinite flood of spurious interrupts. 2. Running LTP stress tests in multiple guests at the same time a. Start 4 L2 guests. b. Start running LTP stress tests on all 4 guests at same time. c. In some time, any one/more of the vCPUs of any of the guests will start getting an infinite flood of spurious interrupts. The root cause of both the above issues is the same: 1. A NMI is sent to a running vCPU that had LPCR_MER bit set. 2. In the NMI path, all registers are refreshed, i.e, H_GUEST_GET_STATE is called for all the registers. 3. When H_GUEST_GET_STATE is called for lpcr, the vcpu->arch.vcore->lpcr of that vCPU at L1 level gets updated with LPCR_MER set to 1, and this new value is always used whenever that vCPU runs, regardless of whether there was a pending interrupt. 4. Since LPCR_MER is set, the vCPU in L2 always jumps to the external interrupt handler, and this cycle never ends. Fix the spurious flood by making sure LPCR_MER is always reset before running a vCPU. Fixes: ec0f6639fa88 ("KVM: PPC: Book3S HV nestedv2: Ensure LPCR_MER bit is passed to the L0") Cc: stable(a)vger.kernel.org # v6.8+ Signed-off-by: Gautam Menghani <gautam(a)linux.ibm.com> --- arch/powerpc/kvm/book3s_hv.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/arch/powerpc/kvm/book3s_hv.c b/arch/powerpc/kvm/book3s_hv.c index 8f7d7e37bc8c..3cc2f1691001 100644 --- a/arch/powerpc/kvm/book3s_hv.c +++ b/arch/powerpc/kvm/book3s_hv.c @@ -98,6 +98,13 @@ /* Used to indicate that a guest passthrough interrupt needs to be handled */ #define RESUME_PASSTHROUGH (RESUME_GUEST | RESUME_FLAG_ARCH2) +/* Clear LPCR_MER bit - If we run a L2 vCPU with LPCR_MER bit set but no pending external + * interrupts, we end up getting a flood of spurious interrupts in L2 KVM guests. To avoid + * that, reset LPCR_MER and let the 'if check' for pending interrupts in kvmhv_run_single_vcpu() + * set LPCR_MER if there are pending interrupts. + */ +#define kvmppc_reset_lpcr_mer(vcpu) (vcpu->arch.vcore->lpcr &= ~LPCR_MER) + /* Used as a "null" value for timebase values */ #define TB_NIL (~(u64)0) @@ -5091,7 +5098,7 @@ static int kvmppc_vcpu_run_hv(struct kvm_vcpu *vcpu) accumulate_time(vcpu, &vcpu->arch.guest_entry); if (cpu_has_feature(CPU_FTR_ARCH_300)) r = kvmhv_run_single_vcpu(vcpu, ~(u64)0, - vcpu->arch.vcore->lpcr); + kvmppc_reset_lpcr_mer(vcpu)); else r = kvmppc_run_vcpu(vcpu); -- 2.46.0

7 months

1
0
0 0

[PATCH v1] bpf: Prevent infinite loops with bpf_redirect_peer

by Jordan Rife

It is possible to create cycles using bpf_redirect_peer which lead to an an infinite loop inside __netif_receive_skb_core. The simplest way to illustrate this is by attaching a TC program to the ingress hook on both sides of a veth or netkit device pair which redirects to its own peer, although other cycles are possible. This patch places an upper limit on the number of iterations allowed inside __netif_receive_skb_core to prevent this. Signed-off-by: Jordan Rife <jrife(a)google.com> Fixes: 9aa1206e8f48 ("bpf: Add redirect_peer helper") Cc: stable(a)vger.kernel.org --- net/core/dev.c | 11 +++- net/core/dev.h | 1 + .../selftests/bpf/prog_tests/tc_redirect.c | 51 +++++++++++++++++++ .../selftests/bpf/progs/test_tc_peer.c | 13 +++++ 4 files changed, 75 insertions(+), 1 deletion(-) diff --git a/net/core/dev.c b/net/core/dev.c index cd479f5f22f6..753f8d27f47c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -5455,6 +5455,7 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, struct net_device *orig_dev; bool deliver_exact = false; int ret = NET_RX_DROP; + int loops = 0; __be16 type; net_timestamp_check(!READ_ONCE(net_hotdata.tstamp_prequeue), skb); @@ -5521,8 +5522,16 @@ static int __netif_receive_skb_core(struct sk_buff **pskb, bool pfmemalloc, nf_skip_egress(skb, true); skb = sch_handle_ingress(skb, &pt_prev, &ret, orig_dev, &another); - if (another) + if (another) { + loops++; + if (unlikely(loops == RX_LOOP_LIMIT)) { + ret = NET_RX_DROP; + net_crit_ratelimited("bpf: loop limit reached on datapath, buggy bpf program?\n"); + goto out; + } + goto another_round; + } if (!skb) goto out; diff --git a/net/core/dev.h b/net/core/dev.h index 5654325c5b71..28d1cf2f9069 100644 --- a/net/core/dev.h +++ b/net/core/dev.h @@ -150,6 +150,7 @@ struct napi_struct *napi_by_id(unsigned int napi_id); void kick_defer_list_purge(struct softnet_data *sd, unsigned int cpu); #define XMIT_RECURSION_LIMIT 8 +#define RX_LOOP_LIMIT 8 #ifndef CONFIG_PREEMPT_RT static inline bool dev_xmit_recursion(void) diff --git a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c index c85798966aec..db1b36090d6c 100644 --- a/tools/testing/selftests/bpf/prog_tests/tc_redirect.c +++ b/tools/testing/selftests/bpf/prog_tests/tc_redirect.c @@ -1081,6 +1081,55 @@ static void test_tc_redirect_peer(struct netns_setup_result *setup_result) close_netns(nstoken); } +static void test_tc_redirect_peer_loop(struct netns_setup_result *setup_result) +{ + LIBBPF_OPTS(bpf_tc_hook, qdisc_src_fwd); + LIBBPF_OPTS(bpf_tc_hook, qdisc_src); + struct test_tc_peer *skel; + struct nstoken *nstoken; + int err; + + /* Set up an infinite redirect loop using bpf_redirect_peer with ingress + * hooks on either side of a veth/netkit pair redirecting to its own + * peer. This should not lock up the kernel. + */ + nstoken = open_netns(NS_SRC); + if (!ASSERT_OK_PTR(nstoken, "setns src")) + return; + + skel = test_tc_peer__open(); + if (!ASSERT_OK_PTR(skel, "test_tc_peer__open")) + goto done; + + skel->rodata->IFINDEX_SRC = setup_result->ifindex_src; + skel->rodata->IFINDEX_SRC_FWD = setup_result->ifindex_src_fwd; + + err = test_tc_peer__load(skel); + if (!ASSERT_OK(err, "test_tc_peer__load")) + goto done; + + QDISC_CLSACT_CREATE(&qdisc_src, setup_result->ifindex_src); + XGRESS_FILTER_ADD(&qdisc_src, BPF_TC_INGRESS, skel->progs.tc_src_self, 0); + close_netns(nstoken); + + nstoken = open_netns(NS_FWD); + if (!ASSERT_OK_PTR(nstoken, "setns fwd")) + return; + QDISC_CLSACT_CREATE(&qdisc_src_fwd, setup_result->ifindex_src_fwd); + XGRESS_FILTER_ADD(&qdisc_src_fwd, BPF_TC_INGRESS, skel->progs.tc_src_fwd_self, 0); + + if (!ASSERT_OK(set_forwarding(false), "disable forwarding")) + goto done; + + SYS_NOFAIL("ip netns exec " NS_SRC " %s -c 1 -W 1 -q %s > /dev/null", + ping_command(AF_INET), IP4_DST); +fail: +done: + if (skel) + test_tc_peer__destroy(skel); + close_netns(nstoken); +} + static int tun_open(char *name) { struct ifreq ifr; @@ -1280,6 +1329,8 @@ static void *test_tc_redirect_run_tests(void *arg) RUN_TEST(tc_redirect_peer, MODE_VETH); RUN_TEST(tc_redirect_peer, MODE_NETKIT); RUN_TEST(tc_redirect_peer_l3, MODE_VETH); + RUN_TEST(tc_redirect_peer_loop, MODE_VETH); + RUN_TEST(tc_redirect_peer_loop, MODE_NETKIT); RUN_TEST(tc_redirect_peer_l3, MODE_NETKIT); RUN_TEST(tc_redirect_neigh, MODE_VETH); RUN_TEST(tc_redirect_neigh_fib, MODE_VETH); diff --git a/tools/testing/selftests/bpf/progs/test_tc_peer.c b/tools/testing/selftests/bpf/progs/test_tc_peer.c index 365eacb5dc34..9b8a00ccad42 100644 --- a/tools/testing/selftests/bpf/progs/test_tc_peer.c +++ b/tools/testing/selftests/bpf/progs/test_tc_peer.c @@ -10,6 +10,7 @@ #include <bpf/bpf_helpers.h> +volatile const __u32 IFINDEX_SRC_FWD; volatile const __u32 IFINDEX_SRC; volatile const __u32 IFINDEX_DST; @@ -34,6 +35,18 @@ int tc_src(struct __sk_buff *skb) return bpf_redirect_peer(IFINDEX_DST, 0); } +SEC("tc") +int tc_src_self(struct __sk_buff *skb) +{ + return bpf_redirect_peer(IFINDEX_SRC, 0); +} + +SEC("tc") +int tc_src_fwd_self(struct __sk_buff *skb) +{ + return bpf_redirect_peer(IFINDEX_SRC_FWD, 0); +} + SEC("tc") int tc_dst_l3(struct __sk_buff *skb) { -- 2.46.1.824.gd892dcdcdd-goog

7 months

3
3
0 0

[PATCH] staging: Fix atomicity violation in get_serial_info()

by Qiu-ji Chen

Atomicity violation occurs during consecutive reads of the members of gb_tty. Consider a scenario where, because the consecutive reads of gb_tty members are not protected by a lock, the value of gb_tty may still be changing during the read process. gb_tty->port.close_delay and gb_tty->port.closing_wait are updated together, such as in the set_serial_info() function. If during the read process, gb_tty->port.close_delay and gb_tty->port.closing_wait are still being updated, it is possible that gb_tty->port.close_delay is updated while gb_tty->port.closing_wait is not. In this case, the code first reads gb_tty->port.close_delay and then gb_tty->port.closing_wait. A new gb_tty->port.close_delay and an old gb_tty->port.closing_wait could be read. Such values, whether before or after the update, should not coexist as they represent an intermediate state. This could result in a mismatch of the values read for gb_tty->minor, gb_tty->port.close_delay, and gb_tty->port.closing_wait, which in turn could cause ss->close_delay and ss->closing_wait to be mismatched. To address this issue, we have enclosed all sequential read operations of the gb_tty variable within a lock. This ensures that the value of gb_tty remains unchanged throughout the process, guaranteeing its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: b71e571adaa5 ("staging: greybus: uart: fix TIOCSSERIAL jiffies conversions") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/staging/greybus/uart.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/staging/greybus/uart.c b/drivers/staging/greybus/uart.c index cdf4ebb93b10..8cc18590d97b 100644 --- a/drivers/staging/greybus/uart.c +++ b/drivers/staging/greybus/uart.c @@ -595,12 +595,14 @@ static int get_serial_info(struct tty_struct *tty, { struct gb_tty *gb_tty = tty->driver_data; + mutex_lock(&gb_tty->port.mutex); ss->line = gb_tty->minor; ss->close_delay = jiffies_to_msecs(gb_tty->port.close_delay) / 10; ss->closing_wait = gb_tty->port.closing_wait == ASYNC_CLOSING_WAIT_NONE ? ASYNC_CLOSING_WAIT_NONE : jiffies_to_msecs(gb_tty->port.closing_wait) / 10; + mutex_unlock(&gb_tty->port.mutex); return 0; } -- 2.34.1

7 months

3
2
0 0

[PATCH 3/8] drm/sched: Always increment correct scheduler score

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Entities run queue can change during drm_sched_entity_push_job() so make sure to update the score consistently. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: d41a39dda140 ("drm/scheduler: improve job distribution with multiple queues") Cc: Nirmoy Das <nirmoy.das(a)amd.com> Cc: Christian König <christian.koenig(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: David Airlie <airlied(a)gmail.com> Cc: Daniel Vetter <daniel(a)ffwll.ch> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.9+ Reviewed-by: Christian König <christian.koenig(a)amd.com> Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> --- drivers/gpu/drm/scheduler/sched_entity.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 76e422548d40..6645a8524699 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -586,7 +586,6 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) ktime_t submit_ts; trace_drm_sched_job(sched_job, entity); - atomic_inc(entity->rq->sched->score); WRITE_ONCE(entity->last_user, current->group_leader); /* @@ -614,6 +613,7 @@ void drm_sched_entity_push_job(struct drm_sched_job *sched_job) rq = entity->rq; sched = rq->sched; + atomic_inc(sched->score); drm_sched_rq_add_entity(rq, entity); spin_unlock(&entity->rq_lock); -- 2.46.0

7 months

3
4
0 0

[PATCH 6.1] drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

by Denis Arefev

From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> [ Upstream commit 2a3cfb9a24a28da9cc13d2c525a76548865e182c ] Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy(). Clean up by combining them all under one 'if'. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 81927e2808be ("drm/amd/display: Support for DMUB AUX") Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 393e32259a77..4850aed54604 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -1876,14 +1876,14 @@ static void amdgpu_dm_fini(struct amdgpu_device *adev) dc_deinit_callbacks(adev->dm.dc); #endif - if (adev->dm.dc) + if (adev->dm.dc) { dc_dmub_srv_destroy(&adev->dm.dc->ctx->dmub_srv); - - if (dc_enable_dmub_notifications(adev->dm.dc)) { - kfree(adev->dm.dmub_notify); - adev->dm.dmub_notify = NULL; - destroy_workqueue(adev->dm.delayed_hpd_wq); - adev->dm.delayed_hpd_wq = NULL; + if (dc_enable_dmub_notifications(adev->dm.dc)) { + kfree(adev->dm.dmub_notify); + adev->dm.dmub_notify = NULL; + destroy_workqueue(adev->dm.delayed_hpd_wq); + adev->dm.delayed_hpd_wq = NULL; + } } if (adev->dm.dmub_bo) -- 2.25.1

7 months

1
0
0 0

[PATCH] gpio: davinci: fix lazy disable

by Parth Pancholi

From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> On a few platforms such as TI's AM69 device, disable_irq() fails to keep track of the interrupts that happen between disable_irq() and enable_irq() and those interrupts are missed. Use the ->irq_unmask() and ->irq_mask() methods instead of ->irq_enable() and ->irq_disable() to correctly keep track of edges when disable_irq is called. This solves the issue of disable_irq() not working as expected on such platforms. Fixes: 23265442b02b ("ARM: davinci: irq_data conversion.") Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Signed-off-by: Parth Pancholi <parth.pancholi(a)toradex.com> Cc: stable(a)vger.kernel.org --- drivers/gpio/gpio-davinci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/gpio/gpio-davinci.c b/drivers/gpio/gpio-davinci.c index 1d0175d6350b..0ecfa7de5ce2 100644 --- a/drivers/gpio/gpio-davinci.c +++ b/drivers/gpio/gpio-davinci.c @@ -289,7 +289,7 @@ static int davinci_gpio_probe(struct platform_device *pdev) * serve as EDMA event triggers. */ -static void gpio_irq_disable(struct irq_data *d) +static void gpio_irq_mask(struct irq_data *d) { struct davinci_gpio_regs __iomem *g = irq2regs(d); uintptr_t mask = (uintptr_t)irq_data_get_irq_handler_data(d); @@ -298,7 +298,7 @@ static void gpio_irq_disable(struct irq_data *d) writel_relaxed(mask, &g->clr_rising); } -static void gpio_irq_enable(struct irq_data *d) +static void gpio_irq_unmask(struct irq_data *d) { struct davinci_gpio_regs __iomem *g = irq2regs(d); uintptr_t mask = (uintptr_t)irq_data_get_irq_handler_data(d); @@ -324,8 +324,8 @@ static int gpio_irq_type(struct irq_data *d, unsigned trigger) static struct irq_chip gpio_irqchip = { .name = "GPIO", - .irq_enable = gpio_irq_enable, - .irq_disable = gpio_irq_disable, + .irq_unmask = gpio_irq_unmask, + .irq_mask = gpio_irq_mask, .irq_set_type = gpio_irq_type, .flags = IRQCHIP_SET_TYPE_MASKED | IRQCHIP_SKIP_SET_WAKE, }; -- 2.34.1

7 months

4
4
0 0

[PATCH 0/2] pinctrl: intel: platform: fix error path in device_for_each_child_node()

by Javier Carrasco

This series fixes an error path where the reference of a child node is not decremented upon early return. When at it, a trivial comma/semicolon substitution I found by chance has been added to improve code clarity. Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Javier Carrasco (2): pinctrl: intel: platform: fix error path in device_for_each_child_node() pinctrl: intel: platform: use semicolon instead of comma in ncommunities assignment drivers/pinctrl/intel/pinctrl-intel-platform.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- base-commit: 92fc9636d1471b7f68bfee70c776f7f77e747b97 change-id: 20240926-intel-pinctrl-platform-scoped-68d000ba3c1d Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

7 months

3
3
0 0

[PATCH v3 03/10] media: qcom: camss: Fix potential crash if domain attach fails

by Vikram Sharma

Fix a potential crash in camss by ensuring detach is skipped if attach is unsuccessful. Fixes: d89751c61279 ("media: qcom: camss: Add support for named power-domains") CC: stable(a)vger.kernel.org Signed-off-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> --- drivers/media/platform/qcom/camss/camss.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/media/platform/qcom/camss/camss.c b/drivers/media/platform/qcom/camss/camss.c index d64985ca6e88..b6658df37709 100644 --- a/drivers/media/platform/qcom/camss/camss.c +++ b/drivers/media/platform/qcom/camss/camss.c @@ -2131,8 +2131,7 @@ static int camss_configure_pd(struct camss *camss) camss->genpd = dev_pm_domain_attach_by_name(camss->dev, camss->res->pd_name); if (IS_ERR(camss->genpd)) { - ret = PTR_ERR(camss->genpd); - goto fail_pm; + return PTR_ERR(camss->genpd); } } @@ -2149,7 +2148,7 @@ static int camss_configure_pd(struct camss *camss) ret = -ENODEV; else ret = PTR_ERR(camss->genpd); - goto fail_pm; + return ret; } camss->genpd_link = device_link_add(camss->dev, camss->genpd, DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME | -- 2.25.1

7 months

1
0
0 0

[PATCH] PM / devfreq: Fix atomicity violation in devfreq_update_interval()

by Qiu-ji Chen

The atomicity violation occurs when the variables cur_delay and new_delay are defined. Imagine a scenario where, while defining cur_delay and new_delay, the values stored in devfreq->profile->polling_ms and the delay variable change. After acquiring the mutex_lock and entering the critical section, due to possible concurrent modifications, cur_delay and new_delay may no longer represent the correct values. Subsequent usage, such as if (cur_delay > new_delay), could cause the program to run incorrectly, resulting in inconsistencies. To address this issue, it is recommended to acquire a lock in advance, ensuring that devfreq->profile->polling_ms and delay are protected by the lock when being read. This will help ensure the consistency of the program. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 7e6fdd4bad03 ("PM / devfreq: Core updates to support devices which can idle") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/devfreq/devfreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c index 98657d3b9435..9634739fc9cb 100644 --- a/drivers/devfreq/devfreq.c +++ b/drivers/devfreq/devfreq.c @@ -616,10 +616,10 @@ EXPORT_SYMBOL(devfreq_monitor_resume); */ void devfreq_update_interval(struct devfreq *devfreq, unsigned int *delay) { + mutex_lock(&devfreq->lock); unsigned int cur_delay = devfreq->profile->polling_ms; unsigned int new_delay = *delay; - mutex_lock(&devfreq->lock); devfreq->profile->polling_ms = new_delay; if (IS_SUPPORTED_FLAG(devfreq->governor->flags, IRQ_DRIVEN)) -- 2.34.1

7 months

1
1
0 0

[PATCH] Input: adp5588-keys - Added checking of key and key_val variables

by Denis Arefev

If the adp5588_read function returns 0, then there will be an overflow of the kpad->keycode buffer. If the adp5588_read function returns a negative value, then the logic is broken - the wrong value is used as an index of the kpad->keycode array. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: stable(a)vger.kernel.org # v5.10+ Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- drivers/input/keyboard/adp5588-keys.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c index 1b0279393df4..d05387f9c11f 100644 --- a/drivers/input/keyboard/adp5588-keys.c +++ b/drivers/input/keyboard/adp5588-keys.c @@ -526,14 +526,17 @@ static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt) int i; for (i = 0; i < ev_cnt; i++) { - int key = adp5588_read(kpad->client, KEY_EVENTA + i); - int key_val = key & KEY_EV_MASK; - int key_press = key & KEY_EV_PRESSED; + int key, key_val, key_press; + key = adp5588_read(kpad->client, KEY_EVENTA + i); + if (key < 0) + continue; + key_val = key & KEY_EV_MASK; + key_press = key & KEY_EV_PRESSED; if (key_val >= GPI_PIN_BASE && key_val <= GPI_PIN_END) { /* gpio line used as IRQ source */ adp5588_gpio_irq_handle(kpad, key_val, key_press); - } else { + } else if (key_val > 0) { int row = (key_val - 1) / ADP5588_COLS_MAX; int col = (key_val - 1) % ADP5588_COLS_MAX; int code = MATRIX_SCAN_CODE(row, col, kpad->row_shift); -- 2.25.1

7 months

2
1
0 0

[PATCH v3 1/3] Drivers: hv: vmbus: Disable Suspend-to-Idle for VMBus

by Erni Sri Satya Vennela

This change is specific to Hyper-V based VMs. If the Virtual Machine Connection window is focused, a Hyper-V VM user can unintentionally touch the keyboard/mouse when the VM is hibernating or resuming, and consequently the hibernation or resume operation can be aborted unexpectedly. Fix the issue by no longer registering the keyboard/mouse as wakeup devices (see the other two patches for the changes to drivers/input/serio/hyperv-keyboard.c and drivers/hid/hid-hyperv.c). The keyboard/mouse were registered as wakeup devices because the VM needs to be woken up from the Suspend-to-Idle state after a user runs "echo freeze > /sys/power/state". It seems like the Suspend-to-Idle feature has no real users in practice, so let's no longer support that by returning -EOPNOTSUPP if a user tries to use that. $echo freeze > /sys/power/state > bash: echo: write error: Operation not supported Fixes: 1a06d017fb3f ("Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Erni Sri Satya Vennela <ernis(a)linux.microsoft.com> --- Changes in v2: * Add "#define vmbus_freeze NULL" when CONFIG_PM_SLEEP is not enabled. * Change commit message to clarify that this change is specifc to Hyper-V based VMs. Changes in v3: * Add 'Cc: stable(a)vger.kernel.org' in sign-off area. --- drivers/hv/vmbus_drv.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 965d2a4efb7e..8f445c849512 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -900,6 +900,19 @@ static void vmbus_shutdown(struct device *child_device) } #ifdef CONFIG_PM_SLEEP +/* + * vmbus_freeze - Suspend-to-Idle + */ +static int vmbus_freeze(struct device *child_device) +{ +/* + * Do not support Suspend-to-Idle ("echo freeze > /sys/power/state") as + * that would require registering the Hyper-V synthetic mouse/keyboard + * devices as wakeup devices, which can abort hibernation/resume unexpectedly. + */ + return -EOPNOTSUPP; +} + /* * vmbus_suspend - Suspend a vmbus device */ @@ -938,6 +951,7 @@ static int vmbus_resume(struct device *child_device) return drv->resume(dev); } #else +#define vmbus_freeze NULL #define vmbus_suspend NULL #define vmbus_resume NULL #endif /* CONFIG_PM_SLEEP */ @@ -969,7 +983,7 @@ static void vmbus_device_release(struct device *device) */ static const struct dev_pm_ops vmbus_pm = { - .suspend_noirq = NULL, + .suspend_noirq = vmbus_freeze, .resume_noirq = NULL, .freeze_noirq = vmbus_suspend, .thaw_noirq = vmbus_resume, -- 2.34.1

7 months

1
0
0 0

[PATCH 6.1 00/73] 6.1.112-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.112 release. There are 73 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 Sep 2024 12:17:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.112-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.112-rc1 Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Tony Luck <tony.luck(a)intel.com> x86/mm: Switch to new Intel CPU model defines Sumeet Pawnikar <sumeet.r.pawnikar(a)intel.com> powercap: RAPL: fix invalid initialization for pl4_supported field Filipe Manana <fdmanana(a)suse.com> btrfs: calculate the right space for delayed refs when updating global reserve Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: restrict fullmesh endp on 1st sf Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: properly indent labels Hagar Hemdan <hagarhem(a)amazon.com> gpio: prevent potential speculation leaks in gpio_device_get_desc() Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Ignore reconfiguration without direction Ping-Ke Shih <pkshih(a)realtek.com> Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing iterator type in lookup walk Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: walk over current view on netlink dump Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: make cgroupsv2 matching work with namespaces Dave Chinner <dchinner(a)redhat.com> xfs: journal geometry is not properly bounds checked Darrick J. Wong <djwong(a)kernel.org> xfs: set bnobt/cntbt numrecs correctly when formatting new AGs Darrick J. Wong <djwong(a)kernel.org> xfs: fix reloading entire unlinked bucket lists Darrick J. Wong <djwong(a)kernel.org> xfs: make inode unlinked bucket recovery work with quotacheck Darrick J. Wong <djwong(a)kernel.org> xfs: reload entire unlinked bucket lists Darrick J. Wong <djwong(a)kernel.org> xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list Shiyang Ruan <ruansy.fnst(a)fujitsu.com> xfs: correct calculation for agend and blockcount Dave Chinner <dchinner(a)redhat.com> xfs: fix unlink vs cluster buffer instantiation race Darrick J. Wong <djwong(a)kernel.org> xfs: fix negative array access in xfs_getbmap Darrick J. Wong <djwong(a)kernel.org> xfs: load uncached unlinked inodes into memory on demand Shiyang Ruan <ruansy.fnst(a)fujitsu.com> xfs: fix the calculation for "end" and "length" Dave Chinner <dchinner(a)redhat.com> xfs: remove WARN when dquot cache insertion fails Long Li <leo.lilong(a)huaweicloud.com> xfs: fix ag count overflow during growfs Dave Chinner <dchinner(a)redhat.com> xfs: collect errors from inodegc for unlinked inode recovery Dave Chinner <dchinner(a)redhat.com> xfs: fix AGF vs inode cluster buffer deadlock Dave Chinner <dchinner(a)redhat.com> xfs: defered work could create precommits Dave Chinner <dchinner(a)redhat.com> xfs: buffer pins need to hold a buffer reference Ye Bin <yebin10(a)huawei.com> xfs: fix BUG_ON in xfs_getbmap() Dave Chinner <dchinner(a)redhat.com> xfs: quotacheck failure can race with background inode inactivation Darrick J. Wong <djwong(a)kernel.org> xfs: fix uninitialized variable access Dave Chinner <dchinner(a)redhat.com> xfs: block reservation too large for minleft allocation Dave Chinner <dchinner(a)redhat.com> xfs: prefer free inodes at ENOSPC over chunk allocation Dave Chinner <dchinner(a)redhat.com> xfs: fix low space alloc deadlock Dave Chinner <dchinner(a)redhat.com> xfs: don't use BMBT btree split workers for IO completion Wengang Wang <wen.gang.wang(a)oracle.com> xfs: fix extent busy updating Wu Guanghao <wuguanghao3(a)huawei.com> xfs: Fix deadlock on xfs_inodegc_worker Dave Chinner <dchinner(a)redhat.com> xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: add bounds checking to ocfs2_xattr_find_entry() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for jg10309-01 Hongyu Jin <hongyu.jin(a)unisoc.com> block: Fix where bio IO priority gets set zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools: hv: rm .*.cmd when make clean Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Paulo Alcantara <pc(a)manguebit.com> smb: client: fix hang in wait_for_response() for negproto Liao Chen <liaochen4(a)huawei.com> spi: bcm63xx: Enable module autoloading hongchi.peng <hongchi.peng(a)siengine.com> drm: komeda: Fix an issue related to normalized zpos Fabio Estevam <festevam(a)gmail.com> spi: spidev: Add an entry for elgin,jg10309-01 Liao Chen <liaochen4(a)huawei.com> ASoC: tda7419: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: intel: fix module autoloading Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: clear trans->state earlier upon error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: lower message level for FW buffer destination Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Ensure tx descriptor updates are visible Mike Rapoport <rppt(a)kernel.org> microblaze: don't treat zero reserved memory regions as error Ross Brown <true.robot.ross(a)gmail.com> hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Thomas Blocher <thomas.blocher(a)ek-dev.de> pinctrl: at91: make it work with current gpiolib Sherry Yang <sherry.yang(a)oracle.com> scsi: lpfc: Fix overflow build issue Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - FIxed ALC285 headphone no sound Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ALC256 headphone no sound Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table board_ids Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table db1200_pids Albert Jakieła <jakiela(a)google.com> ASoC: SOF: mediatek: Add missing board compatible ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/asm/hw_irq.h | 2 + arch/loongarch/kernel/irq.c | 3 - arch/microblaze/mm/init.c | 5 - arch/x86/kernel/cpu/mshyperv.c | 1 + arch/x86/mm/init.c | 16 +- block/blk-core.c | 10 + block/blk-mq.c | 10 - drivers/gpio/gpiolib-cdev.c | 12 +- drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 +- drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 ++-- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 + drivers/net/ethernet/faraday/ftgmac100.c | 26 ++- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 23 +- .../wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 +- drivers/pinctrl/pinctrl-at91.c | 5 +- drivers/powercap/intel_rapl_msr.c | 12 +- drivers/scsi/lpfc/lpfc_bsg.c | 2 +- drivers/spi/spi-bcm63xx.c | 1 + drivers/spi/spidev.c | 2 + drivers/usb/class/usbtmc.c | 2 +- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 + fs/btrfs/block-rsv.c | 14 +- fs/btrfs/block-rsv.h | 12 + fs/btrfs/delayed-ref.h | 21 ++ fs/ocfs2/xattr.c | 27 ++- fs/smb/client/connect.c | 14 +- fs/xfs/libxfs/xfs_ag.c | 19 +- fs/xfs/libxfs/xfs_alloc.c | 69 +++++- fs/xfs/libxfs/xfs_bmap.c | 16 +- fs/xfs/libxfs/xfs_bmap.h | 2 + fs/xfs/libxfs/xfs_bmap_btree.c | 19 +- fs/xfs/libxfs/xfs_btree.c | 18 +- fs/xfs/libxfs/xfs_fs.h | 2 + fs/xfs/libxfs/xfs_ialloc.c | 17 ++ fs/xfs/libxfs/xfs_log_format.h | 9 +- fs/xfs/libxfs/xfs_sb.c | 56 ++++- fs/xfs/libxfs/xfs_trans_inode.c | 113 +-------- fs/xfs/xfs_attr_inactive.c | 1 - fs/xfs/xfs_bmap_util.c | 18 +- fs/xfs/xfs_buf_item.c | 88 +++++-- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_export.c | 14 ++ fs/xfs/xfs_extent_busy.c | 1 + fs/xfs/xfs_fsmap.c | 1 + fs/xfs/xfs_fsops.c | 13 +- fs/xfs/xfs_icache.c | 58 ++++- fs/xfs/xfs_icache.h | 4 +- fs/xfs/xfs_inode.c | 260 ++++++++++++++++++--- fs/xfs/xfs_inode.h | 36 ++- fs/xfs/xfs_inode_item.c | 149 ++++++++++++ fs/xfs/xfs_inode_item.h | 1 + fs/xfs/xfs_itable.c | 11 + fs/xfs/xfs_log.c | 47 ++-- fs/xfs/xfs_log_recover.c | 19 +- fs/xfs/xfs_mount.h | 11 +- fs/xfs/xfs_notify_failure.c | 15 +- fs/xfs/xfs_qm.c | 72 ++++-- fs/xfs/xfs_super.c | 1 + fs/xfs/xfs_trace.h | 46 ++++ fs/xfs/xfs_trans.c | 9 +- include/net/netfilter/nf_tables.h | 13 ++ net/mac80211/tx.c | 4 +- net/netfilter/nf_tables_api.c | 5 + net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_pipapo.c | 6 +- net/netfilter/nft_socket.c | 41 +++- net/wireless/core.h | 8 +- sound/pci/hda/patch_realtek.c | 76 ++++-- sound/soc/amd/acp/acp-sof-mach.c | 2 + sound/soc/au1x/db1200.c | 1 + sound/soc/codecs/tda7419.c | 1 + sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 - sound/soc/intel/keembay/kmb_platform.c | 1 + sound/soc/sof/mediatek/mt8195/mt8195.c | 3 + tools/hv/Makefile | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +- 89 files changed, 1255 insertions(+), 462 deletions(-)

7 months

10
82
0 0

[PATCH v2 1/3] Drivers: hv: vmbus: Disable Suspend-to-Idle for VMBus

by Erni Sri Satya Vennela

This change is specific to Hyper-V based VMs. If the Virtual Machine Connection window is focused, a Hyper-V VM user can unintentionally touch the keyboard/mouse when the VM is hibernating or resuming, and consequently the hibernation or resume operation can be aborted unexpectedly. Fix the issue by no longer registering the keyboard/mouse as wakeup devices (see the other two patches for the changes to drivers/input/serio/hyperv-keyboard.c and drivers/hid/hid-hyperv.c). The keyboard/mouse were registered as wakeup devices because the VM needs to be woken up from the Suspend-to-Idle state after a user runs "echo freeze > /sys/power/state". It seems like the Suspend-to-Idle feature has no real users in practice, so let's no longer support that by returning -EOPNOTSUPP if a user tries to use that. $echo freeze > /sys/power/state > bash: echo: write error: Operation not supported Fixes: 1a06d017fb3f ("Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM") Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> Signed-off-by: Erni Sri Satya Vennela <ernis(a)linux.microsoft.com> --- Changes in v2: * Add "#define vmbus_freeze NULL" when CONFIG_PM_SLEEP is not enabled. * Change commit message to clarify that this change is specifc to Hyper-V based VMs. --- drivers/hv/vmbus_drv.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c index 965d2a4efb7e..8f445c849512 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -900,6 +900,19 @@ static void vmbus_shutdown(struct device *child_device) } #ifdef CONFIG_PM_SLEEP +/* + * vmbus_freeze - Suspend-to-Idle + */ +static int vmbus_freeze(struct device *child_device) +{ +/* + * Do not support Suspend-to-Idle ("echo freeze > /sys/power/state") as + * that would require registering the Hyper-V synthetic mouse/keyboard + * devices as wakeup devices, which can abort hibernation/resume unexpectedly. + */ + return -EOPNOTSUPP; +} + /* * vmbus_suspend - Suspend a vmbus device */ @@ -938,6 +951,7 @@ static int vmbus_resume(struct device *child_device) return drv->resume(dev); } #else +#define vmbus_freeze NULL #define vmbus_suspend NULL #define vmbus_resume NULL #endif /* CONFIG_PM_SLEEP */ @@ -969,7 +983,7 @@ static void vmbus_device_release(struct device *device) */ static const struct dev_pm_ops vmbus_pm = { - .suspend_noirq = NULL, + .suspend_noirq = vmbus_freeze, .resume_noirq = NULL, .freeze_noirq = vmbus_suspend, .thaw_noirq = vmbus_resume, -- 2.34.1

7 months

2
1
0 0

[PATCH net] Revert "net: libwx: fix alloc msix vectors failed"

by Duanqiang Wen

This reverts commit 69197dfc64007b5292cc960581548f41ccd44828. commit 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") changed NIC misc irq from most significant bit to least significant bit, the former condition is not required to apply this patch, because we only need to set irq affinity for NIC queue irq vectors. this patch is required after commit 937d46ecc5f9 ("net: wangxun: add ethtool_ops for channel number") was applied, so this is only relevant to 6.6.y branch. Signed-off-by: Duanqiang Wen <duanqiangwen(a)net-swift.com> --- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_lib.c b/drivers/net/ethernet/wangxun/libwx/wx_lib.c index 2b3d6586f44a..fb1caa40da6b 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_lib.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_lib.c @@ -1620,7 +1620,7 @@ static void wx_set_num_queues(struct wx *wx) */ static int wx_acquire_msix_vectors(struct wx *wx) { - struct irq_affinity affd = { .pre_vectors = 1 }; + struct irq_affinity affd = {0, }; int nvecs, i; /* We start by asking for one vector per queue pair */ -- 2.27.0

7 months

1
0
0 0

[PATCH 6.11 00/12] 6.11.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.1 release. There are 12 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 Sep 2024 12:17:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.1-rc1 Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Keith Busch <kbusch(a)kernel.org> nvme-pci: qdepth 1 quirk Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ASoC: amd: acp: add ZSC control register programming sequence Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Allocate memory for driver private data Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Add support for AMD family 1Ah Michał Winiarski <michal.winiarski(a)intel.com> drm: Expand max DRM device number to full MINORBITS Michał Winiarski <michal.winiarski(a)intel.com> accel: Use XArray instead of IDR for minors Michał Winiarski <michal.winiarski(a)intel.com> drm: Use XArray instead of IDR for minors ------------- Diffstat: Makefile | 4 +- drivers/accel/drm_accel.c | 110 +++------------------------------- drivers/bluetooth/btintel_pcie.c | 2 +- drivers/cpufreq/amd-pstate.c | 5 +- drivers/gpu/drm/drm_drv.c | 97 +++++++++++++++--------------- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_internal.h | 4 -- drivers/nvme/host/nvme.h | 5 ++ drivers/nvme/host/pci.c | 18 +++--- drivers/powercap/intel_rapl_common.c | 35 +++++++++-- drivers/usb/class/usbtmc.c | 2 +- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 ++ include/drm/drm_accel.h | 18 +----- include/drm/drm_file.h | 5 ++ net/netfilter/nft_socket.c | 4 +- sound/soc/amd/acp/acp-legacy-common.c | 5 ++ sound/soc/amd/acp/amd.h | 2 + 18 files changed, 129 insertions(+), 194 deletions(-)

7 months

12
23
0 0

[PATCH 6.6 00/54] 6.6.53-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.53 release. There are 54 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 Sep 2024 12:17:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.53-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.53-rc1 Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: properly indent labels Tony Luck <tony.luck(a)intel.com> x86/mm: Switch to new Intel CPU model defines Keith Busch <kbusch(a)kernel.org> nvme-pci: qdepth 1 quirk Kent Gibson <warthog618(a)gmail.com> gpiolib: cdev: Ignore reconfiguration without direction Ping-Ke Shih <pkshih(a)realtek.com> Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing iterator type in lookup walk Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_set_pipapo: walk over current view on netlink dump Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: make cgroupsv2 matching work with namespaces Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Add support for AMD family 1Ah Michał Winiarski <michal.winiarski(a)intel.com> drm: Expand max DRM device number to full MINORBITS Michał Winiarski <michal.winiarski(a)intel.com> accel: Use XArray instead of IDR for minors Michał Winiarski <michal.winiarski(a)intel.com> drm: Use XArray instead of IDR for minors Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: add bounds checking to ocfs2_xattr_find_entry() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for jg10309-01 Hongyu Jin <hongyu.jin(a)unisoc.com> block: Fix where bio IO priority gets set zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools: hv: rm .*.cmd when make clean Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Paulo Alcantara <pc(a)manguebit.com> smb: client: fix hang in wait_for_response() for negproto Liao Chen <liaochen4(a)huawei.com> spi: bcm63xx: Enable module autoloading hongchi.peng <hongchi.peng(a)siengine.com> drm: komeda: Fix an issue related to normalized zpos Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda: add HDMI codec ID for Intel PTL Markuss Broks <markuss.broks(a)gmail.com> ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) Fabio Estevam <festevam(a)gmail.com> spi: spidev: Add an entry for elgin,jg10309-01 Liao Chen <liaochen4(a)huawei.com> ASoC: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: tda7419: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: google: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: intel: fix module autoloading Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: clear trans->state earlier upon error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: lower message level for FW buffer destination Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Ensure tx descriptor updates are visible Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict Mike Rapoport <rppt(a)kernel.org> microblaze: don't treat zero reserved memory regions as error Ross Brown <true.robot.ross(a)gmail.com> hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Thomas Blocher <thomas.blocher(a)ek-dev.de> pinctrl: at91: make it work with current gpiolib Sherry Yang <sherry.yang(a)oracle.com> scsi: lpfc: Fix overflow build issue Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - FIxed ALC285 headphone no sound Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ALC256 headphone no sound Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table board_ids Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table db1200_pids YR Yang <yr.yang(a)mediatek.com> ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile Albert Jakieła <jakiela(a)google.com> ASoC: SOF: mediatek: Add missing board compatible ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/asm/hw_irq.h | 2 + arch/loongarch/kernel/irq.c | 3 - arch/microblaze/mm/init.c | 5 - arch/x86/kernel/cpu/mshyperv.c | 1 + arch/x86/mm/init.c | 16 ++- block/blk-core.c | 10 ++ block/blk-mq.c | 10 -- drivers/accel/drm_accel.c | 110 ++------------------- drivers/gpio/gpiolib-cdev.c | 12 ++- drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 +- drivers/gpu/drm/drm_drv.c | 97 +++++++++--------- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_internal.h | 4 - drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 ++++---- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 ++- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 + drivers/net/ethernet/faraday/ftgmac100.c | 26 +++-- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 31 +++--- .../wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 18 ++-- drivers/pinctrl/pinctrl-at91.c | 5 +- drivers/platform/x86/x86-android-tablets/dmi.c | 1 - drivers/powercap/intel_rapl_common.c | 1 + drivers/scsi/lpfc/lpfc_bsg.c | 2 +- drivers/spi/spi-bcm63xx.c | 1 + drivers/spi/spidev.c | 2 + drivers/usb/class/usbtmc.c | 2 +- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 + fs/ocfs2/xattr.c | 27 +++-- fs/smb/client/connect.c | 14 ++- include/drm/drm_accel.h | 18 +--- include/drm/drm_file.h | 5 + include/net/netfilter/nf_tables.h | 13 +++ net/mac80211/tx.c | 4 +- net/netfilter/nf_tables_api.c | 5 + net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_pipapo.c | 6 +- net/netfilter/nft_socket.c | 41 +++++++- net/wireless/core.h | 8 +- sound/pci/hda/patch_hdmi.c | 1 + sound/pci/hda/patch_realtek.c | 76 +++++++++----- sound/soc/amd/acp/acp-sof-mach.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/au1x/db1200.c | 1 + sound/soc/codecs/chv3-codec.c | 1 + sound/soc/codecs/tda7419.c | 1 + sound/soc/google/chv3-i2s.c | 1 + sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 - sound/soc/intel/keembay/kmb_platform.c | 1 + sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 1 + sound/soc/sof/mediatek/mt8195/mt8195.c | 3 + tools/hv/Makefile | 2 +- 64 files changed, 384 insertions(+), 331 deletions(-)

7 months

11
64
0 0

[PATCH] x86/apic: Stop the TSC Deadline timer during lapic timer shutdown

by Zhang Rui

According to Intel SDM, for the local APIC timer, 1. "The initial-count register is a read-write register. A write of 0 to the initial-count register effectively stops the local APIC timer, in both one-shot and periodic mode." 2. "In TSC deadline mode, writes to the initial-count register are ignored; and current-count register always reads 0. Instead, timer behavior is controlled using the IA32_TSC_DEADLINE MSR." "In TSC-deadline mode, writing 0 to the IA32_TSC_DEADLINE MSR disarms the local-APIC timer." Current code in lapic_timer_shutdown() writes 0 to the initial-count register. This stops the local APIC timer for one-shot and periodic mode only. In TSC deadline mode, the timer is not properly stopped. Some CPUs are affected by this and they are woke up by the armed timer in s2idle in TSC deadline mode. Stop the TSC deadline timer in lapic_timer_shutdown() by writing 0 to MSR_IA32_TSC_DEADLINE. Cc: stable(a)vger.kernel.org Fixes: 279f1461432c ("x86: apic: Use tsc deadline for oneshot when available") Signed-off-by: Zhang Rui <rui.zhang(a)intel.com> --- arch/x86/kernel/apic/apic.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c index 6513c53c9459..d1006531729a 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -441,6 +441,10 @@ static int lapic_timer_shutdown(struct clock_event_device *evt) v |= (APIC_LVT_MASKED | LOCAL_TIMER_VECTOR); apic_write(APIC_LVTT, v); apic_write(APIC_TMICT, 0); + + if (boot_cpu_has(X86_FEATURE_TSC_DEADLINE_TIMER)) + wrmsrl(MSR_IA32_TSC_DEADLINE, 0); + return 0; } -- 2.34.1

7 months, 1 week

1
0
0 0

[PATCH net 0/3] net: enetc: fix some issues of XDP

by Wei Fang

We found some bugs when testing the XDP function of enetc driver, and these bugs are easy to reproduce. This is not only causes XDP to not work, but also the network cannot be restored after exiting the XDP program. So the patch set is mainly to fix these bugs. For details, please see the commit message of each patch. Wei Fang (3): net: enetc: remove xdp_drops statistic from enetc_xdp_drop() net: enetc: fix the issues of XDP_REDIRECT feature net: enetc: reset xdp_tx_in_flight when updating bpf program drivers/net/ethernet/freescale/enetc/enetc.c | 46 +++++++++++++++----- drivers/net/ethernet/freescale/enetc/enetc.h | 1 + 2 files changed, 37 insertions(+), 10 deletions(-) -- 2.34.1

7 months, 1 week

5
23
0 0

[REGRESSION] Corruption on cifs / smb write on ARM, kernels 6.3-6.9

by James Young

I was benchmarking some compressors, piping to and from a network share on a NAS, and some consistently wrote corrupted data. First, apologies in advance: * if I'm not in the right place. I tried to follow the directions from the Regressions guide - https://www.kernel.org/doc/html/latest/admin-guide/reporting-regressions.ht… * I know there's a ton of context I don't know * I’m trying a different mail app, because the first one looked concussed with plain text. This might be worse. The detailed description: I was benchmarking some compressors on Debian on a Raspberry Pi, piping to and from a network share on a NAS, and found that some consistently had issues writing to my NAS. Specifically: * lzop * pigz - parallel gzip * pbzip2 - parallel bzip2 This is dependent on kernel version. I've done a survey, below. While I tripped over the issue on a Debian port (Debian 12, bookworm, kernel v6.6), I compiled my own vanilla / mainline kernels for testing and reporting this. Even more details: The Pi and the Synology NAS are directly connected by Gigabit Ethernet. Both sides are using self-assigned IP addresses. I'll note that at boot, getting the Pi to see the NAS requires some nudging of avahi-autoipd; while I think it's stable before testing, I'm not positive, and reconnection issues might be in play. The files in question are tars of sparse file systems, about 270 gig, compressing down to 10-30 gig. Compression seems to work, without complaint; decompression crashes the process, usually within the first gig of the compressed file. The output of the stream doesn't match what ends up written to disk. Trying decompression during compression gets further along than it does after compression finishes; this might point toward something with writes and caches. A previous attempt involved rpi-update, which: * good: let me install kernels without building myself * bad: updated the bootloader and firmware, to bleeding edge, with possible regressions; it definitely muddied the results of my tests I started over with a fresh install, and no results involving rpi-update are included in this email. A survey of major branches: * 5.15.167, LTS - good * 6.1.109, LTS - good * 6.2.16 - good * 6.3.13 - bad * 6.4.16 - bad * 6.5.13 - bad * 6.6.50, LTS - bad * 6.7.12 - bad * 6.8.12 - bad * 6.9.12 - bad * 6.10.9 - good * 6.11.0 - good I tried, but couldn't fully build 4.19.322 or 6.0.19, due to issues with modules. Important commits: It looked like both the breakage and the fix came in during rc1 releases. Breakage, v6.3-rc1: I manually bisected commits in fs/smb* and fs/cifs. 3d78fe73fa12 cifs: Build the RDMA SGE list directly from an iterator > lzop and pigz worked. last working. test in progress: pbzip2 607aea3cc2a8 cifs: Remove unused code > lzop didn't work. first broken Fix, v6.10-rc1: I manually bisected commits in fs/smb. 69c3c023af25 cifs: Implement netfslib hooks > lzop didn't work. last broken one 3ee1a1fc3981 cifs: Cut over to using netfslib > lzop, pigz, pbzip2, all worked. first fixed one To test / reproduce: It looks like this, on a mounted network share, with extra pv for progress meters: cat 1tb-rust-ext4.img.tar.gz | \ gzip -d | \ lzop -1 > \ 1tb-rust-ext4.img.tar.lzop # wait 40 minutes cat 1tb-rust-ext4.img.tar.lzop | \ lzop -d | \ sha1sum # either it works, and shows the right checksum # or it crashes early, due to a corrupt file, and shows an incorrect checksum As I re-read this, I realize it might look like the compressor behaves differently. I added a "tee $output | sha1sum; sha1sum $output" and ran it on a broken version. The checksums from the pipe and for the file on disk are different. Assorted info: This is a Raspberry Pi 4, with 4 GiB RAM, running Debian 12, bookworm, or a port. mount.cifs version: 7.0 # cat /proc/sys/kernel/tainted 1024 # cat /proc/version Linux version 6.2.0-3d78fe73f-v8-pronoiac+ (pronoiac@bisect) (gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #21 SMP PREEMPT Thu Sep 19 16:51:22 PDT 2024 DebugData: /proc/fs/cifs/DebugData Display Internal CIFS Data Structures for Debugging --------------------------------------------------- CIFS Version 2.41 Features: DFS,FSCACHE,STATS2,DEBUG,ALLOW_INSECURE_LEGACY,CIFS_POSIX,UPCALL(SPNEGO),XATTR,ACL CIFSMaxBufSize: 16384 Active VFS Requests: 1 Servers: 1) ConnectionId: 0x1 Hostname: drums.local Number of credits: 8062 Dialect 0x300 TCP status: 1 Instance: 1 Local Users To Server: 1 SecMode: 0x1 Req On Wire: 2 In Send: 1 In MaxReq Wait: 0 Sessions: 1) Address: 169.254.132.219 Uses: 1 Capability: 0x300047 Session Status: 1 Security type: RawNTLMSSP SessionId: 0x4969841e User: 1000 Cred User: 0 Shares: 0) IPC: \\drums.local\IPC$ Mounts: 1 DevInfo: 0x0 Attributes: 0x0 PathComponentMax: 0 Status: 1 type: 0 Serial Number: 0x0 Share Capabilities: None Share Flags: 0x0 tid: 0xeb093f0b Maximal Access: 0x1f00a9 1) \\drums.local\billions Mounts: 1 DevInfo: 0x20 Attributes: 0x5007f PathComponentMax: 255 Status: 1 type: DISK Serial Number: 0x735a9af5 Share Capabilities: None Aligned, Partition Aligned, Share Flags: 0x0 tid: 0x5e6832e6 Optimal sector size: 0x200 Maximal Access: 0x1f01ff MIDs: State: 2 com: 9 pid: 3117 cbdata: 00000000e003293e mid 962892 State: 2 com: 9 pid: 3117 cbdata: 000000002610602a mid 962956 -- Let me know how I can help. The process of iterating can take hours, and it's not automated, so my resources are limited. #regzbot introduced: 607aea3cc2a8 #regzbot fix: 3ee1a1fc3981 -James

7 months, 1 week

3
4
0 0

[PATCH v2 00/10] iio: light: veml6030: fix issues and add support for veml6035

by Javier Carrasco

This series updates the driver for the veml6030 ALS and adds support for the veml6035, which shares most of its functionality with the former. The most relevant updates for the veml6030 are the resolution correction to meet the datasheet update that took place with Rev 1.7, 28-Nov-2023, a fix to avoid a segmentation fault when reading the in_illuminance_period_available attribute, and the removal of the processed value for the WHITE channel, as it uses the ALS resolution. Vishay does not host the Product Information Notification where the resolution correction was introduced, but it can still be found online[1], and the corrected value is the one listed on the latest version of the datasheet[2] (Rev. 1.7, 28-Nov-2023) and application note[3] (Rev. 17-Jan-2024). Link: https://www.farnell.com/datasheets/4379688.pdf [1] Link: https://www.vishay.com/docs/84366/veml6030.pdf [2] Link: https://www.vishay.com/docs/84367/designingveml6030.pdf [3] Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> --- Changes in v2: - Rebase to iio/testing, dropping applied patches [1/7], [4/7]. - Drop [3/7] (applied to iio/fixes-togreg). - Add patch to use dev_err_probe() in probe error paths. - Add patch to use read_avail() for available attributes. - Add patches to use to support a regulator. - Add patch to ensure that the device is powered off in error paths after powering it on. - Add patch to drop processed values from the WHITE channel. - Use fsleep() instead of usleep_range() in veml6030_als_pwr_on() - Link to v1: https://lore.kernel.org/r/20240913-veml6035-v1-0-0b09c0c90418@gmail.com --- Javier Carrasco (10): iio: light: veml6030: fix ALS sensor resolution iio: light: veml6030: add set up delay after any power on sequence iio: light: veml6030: use dev_err_probe() dt-bindings: iio: light: veml6030: add vdd-supply property iio: light: veml6030: add support for a regulator iio: light: veml6030: use read_avail() for available attributes iio: light: veml6030: drop processed info for white channel iio: light: veml6030: power off device in probe error paths dt-bindings: iio: light: veml6030: add veml6035 iio: light: veml6030: add support for veml6035 .../bindings/iio/light/vishay,veml6030.yaml | 43 +- drivers/iio/light/Kconfig | 4 +- drivers/iio/light/veml6030.c | 453 ++++++++++++++++----- 3 files changed, 391 insertions(+), 109 deletions(-) --- base-commit: 8bea3878a1511bceadc2fbf284b00bcc5a2ef28d change-id: 20240903-veml6035-7a91bc088c6f Best regards, -- Javier Carrasco <javier.carrasco.cruz(a)gmail.com>

7 months, 1 week

2
2
0 0

[PATCH 5.15.y 0/3] x86: Complete backports for x86_match_cpu()

by Ricardo Neri

Hi, Upstream commit 93022482b294 ("x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL") introduced a flags member to struct x86_cpu_id. Bit 0 of x86_cpu.id.flags must be set to 1 for x86_match_cpu() to work correctly. This upstream commit has been backported to 5.15.y. Callers that use the X86_MATCH_*() family of macros to compose the argument of x86_match_cpu() function correctly. Callers that use their own custom mechanisms may not work if they fail to set x86_cpu_id.flags correctly. There are three remaining callers in 5.15.y that use their own mechanisms: a) setup_pcid(), b) rapl_msr_probe(), and c) goodix_add_acpi_gpio_ mappings(). a) caused a regression that Thomas Lindroth reported in [1]. b) works by luck but it still populates its x86_cpu_id[] array incorrectly. I am not aware of any reports on c), but inspecting the code reveals that it will fail to identify INTEL_FAM6_ATOM_SILVERMONT for the reason described above. I backported three patches that fix these bugs in mainline. Hopefully the authors and/or maintainers can ack the backports? I tested patches 2/3 and 3/3 on Alder Lake, and Meteor Lake systems as the two involved callers behave differently on these two systems. I wrote the testing details in each patch separately. I could not test patch 1/3 because I do not have access to Bay Trail hardware. Thanks and BR, Ricardo [1]. https://lore.kernel.org/all/eb709d67-2a8d-412f-905d-f3777d897bfa@gmail.com/ Hans de Goede (1): Input: goodix - use the new soc_intel_is_byt() helper Sumeet Pawnikar (1): powercap: RAPL: fix invalid initialization for pl4_supported field Tony Luck (1): x86/mm: Switch to new Intel CPU model defines arch/x86/mm/init.c | 16 ++++++---------- drivers/input/touchscreen/goodix.c | 18 ++---------------- drivers/powercap/intel_rapl_msr.c | 6 +++--- 3 files changed, 11 insertions(+), 29 deletions(-) -- 2.34.1

7 months, 1 week

1
3
0 0

[PATCH v6.1] drm/vmwgfx: Prevent unmapping active read buffers

by Shivani Agarwal

From: Zack Rusin <zack.rusin(a)broadcom.com> commit aba07b9a0587f50e5d3346eaa19019cf3f86c0ea upstream. The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0. Fixes: 485d98d472d5 ("drm/vmwgfx: Add support for CursorMob and CursorBypass 4") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.19+ Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240816183332.31961-2-zack.r… Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Shivani: Modified to apply on v6.1.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 12 +++++++++++- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 3 +++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index c46f380d9149..733b0013eda1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -348,6 +348,8 @@ void *vmw_bo_map_and_cache(struct vmw_buffer_object *vbo) void *virtual; int ret; + atomic_inc(&vbo->map_count); + virtual = ttm_kmap_obj_virtual(&vbo->map, &not_used); if (virtual) return virtual; @@ -370,10 +372,17 @@ void *vmw_bo_map_and_cache(struct vmw_buffer_object *vbo) */ void vmw_bo_unmap(struct vmw_buffer_object *vbo) { + int map_count; + if (vbo->map.bo == NULL) return; - ttm_bo_kunmap(&vbo->map); + map_count = atomic_dec_return(&vbo->map_count); + + if (!map_count) { + ttm_bo_kunmap(&vbo->map); + vbo->map.bo = NULL; + } } @@ -510,6 +519,7 @@ int vmw_bo_init(struct vmw_private *dev_priv, BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3); vmw_bo->base.priority = 3; vmw_bo->res_tree = RB_ROOT; + atomic_set(&vmw_bo->map_count, 0); size = ALIGN(size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->base.base, size); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index b0c23559511a..bca10214e0bf 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -116,6 +116,8 @@ struct vmwgfx_hash_item { * @base: The TTM buffer object * @res_tree: RB tree of resources using this buffer object as a backing MOB * @base_mapped_count: ttm BO mapping count; used by KMS atomic helpers. + * @map_count: The number of currently active maps. Will differ from the + * cpu_writers because it includes kernel maps. * @cpu_writers: Number of synccpu write grabs. Protected by reservation when * increased. May be decreased without reservation. * @dx_query_ctx: DX context if this buffer object is used as a DX query MOB @@ -129,6 +131,7 @@ struct vmw_buffer_object { /* For KMS atomic helpers: ttm bo mapping count */ atomic_t base_mapped_count; + atomic_t map_count; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; -- 2.39.4

7 months, 1 week

1
0
0 0

[PATCH v6.6] drm/vmwgfx: Prevent unmapping active read buffers

by Shivani Agarwal

From: Zack Rusin <zack.rusin(a)broadcom.com> commit aba07b9a0587f50e5d3346eaa19019cf3f86c0ea upstream. The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0. Fixes: 485d98d472d5 ("drm/vmwgfx: Add support for CursorMob and CursorBypass 4") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.19+ Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240816183332.31961-2-zack.r… Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Shivani: Modified to apply on v6.6.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 +++++++++++-- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 +++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index ae796e0c64aa..fdc34283eeb9 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -331,6 +331,8 @@ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) void *virtual; int ret; + atomic_inc(&vbo->map_count); + virtual = ttm_kmap_obj_virtual(&vbo->map, &not_used); if (virtual) return virtual; @@ -353,11 +355,17 @@ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) */ void vmw_bo_unmap(struct vmw_bo *vbo) { + int map_count; + if (vbo->map.bo == NULL) return; - ttm_bo_kunmap(&vbo->map); - vbo->map.bo = NULL; + map_count = atomic_dec_return(&vbo->map_count); + + if (!map_count) { + ttm_bo_kunmap(&vbo->map); + vbo->map.bo = NULL; + } } @@ -390,6 +398,7 @@ static int vmw_bo_init(struct vmw_private *dev_priv, BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3); vmw_bo->tbo.priority = 3; vmw_bo->res_tree = RB_ROOT; + atomic_set(&vmw_bo->map_count, 0); params->size = ALIGN(params->size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->tbo.base, params->size); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index f349642e6190..156ea612fc2a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -68,6 +68,8 @@ struct vmw_bo_params { * @map: Kmap object for semi-persistent mappings * @res_tree: RB tree of resources using this buffer object as a backing MOB * @res_prios: Eviction priority counts for attached resources + * @map_count: The number of currently active maps. Will differ from the + * cpu_writers because it includes kernel maps. * @cpu_writers: Number of synccpu write grabs. Protected by reservation when * increased. May be decreased without reservation. * @dx_query_ctx: DX context if this buffer object is used as a DX query MOB @@ -86,6 +88,7 @@ struct vmw_bo { struct rb_root res_tree; u32 res_prios[TTM_MAX_BO_PRIORITY]; + atomic_t map_count; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; -- 2.39.4

7 months, 1 week

1
0
0 0

[PATCH v5.15-v6.1] selinux,smack: don't bypass permissions check in inode_setsecctx hook

by Shivani Agarwal

From: Scott Mayhew <smayhew(a)redhat.com> commit 76a0e79bc84f466999fa501fce5bf7a07641b8a7 upstream. Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. Cc: stable(a)kernel.org Reported-by: Marek Gresko <marek.gresko(a)protonmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 Signed-off-by: Scott Mayhew <smayhew(a)redhat.com> Tested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Acked-by: Casey Schaufler <casey(a)schaufler-ca.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Shivani: Modified to apply on v5.15.y-v6.1.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- security/selinux/hooks.c | 4 ++-- security/smack/smack_lsm.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 78f3da39b031..626d397c2f86 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6631,8 +6631,8 @@ static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen */ static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { - return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SELINUX, - ctx, ctxlen, 0); + return __vfs_setxattr_locked(&init_user_ns, dentry, XATTR_NAME_SELINUX, + ctx, ctxlen, 0, NULL); } static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index c18366dbbfed..25995df15e82 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4714,8 +4714,8 @@ static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { - return __vfs_setxattr_noperm(&init_user_ns, dentry, XATTR_NAME_SMACK, - ctx, ctxlen, 0); + return __vfs_setxattr_locked(&init_user_ns, dentry, XATTR_NAME_SMACK, + ctx, ctxlen, 0, NULL); } static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) -- 2.39.4

7 months, 1 week

1
0
0 0

[PATCH v5.10] selinux,smack: don't bypass permissions check in inode_setsecctx hook

by Shivani Agarwal

From: Scott Mayhew <smayhew(a)redhat.com> commit 76a0e79bc84f466999fa501fce5bf7a07641b8a7 upstream. Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the appropriate * permission checks. nfsd_setattr() does do permissions checking via fh_verify() and nfsd_permission(), but those don't do all the same permissions checks that are done by security_inode_setxattr() and its related LSM hooks do. Since nfsd_setattr() is the only consumer of security_inode_setsecctx(), simplest solution appears to be to replace the call to __vfs_setxattr_noperm() with a call to __vfs_setxattr_locked(). This fixes the above issue and has the added benefit of causing nfsd to recall conflicting delegations on a file when a client tries to change its security label. Cc: stable(a)kernel.org Reported-by: Marek Gresko <marek.gresko(a)protonmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=218809 Signed-off-by: Scott Mayhew <smayhew(a)redhat.com> Tested-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Reviewed-by: Stephen Smalley <stephen.smalley.work(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Acked-by: Casey Schaufler <casey(a)schaufler-ca.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Shivani: Modified to apply on v5.10.y] Signed-off-by: Shivani Agarwal <shivani.agarwal(a)broadcom.com> --- security/selinux/hooks.c | 3 ++- security/smack/smack_lsm.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 46c00a68bb4b..90935ed3d8d8 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6570,7 +6570,8 @@ static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen */ static int selinux_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { - return __vfs_setxattr_noperm(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0); + return __vfs_setxattr_locked(dentry, XATTR_NAME_SELINUX, ctx, ctxlen, 0, + NULL); } static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 92bc6c9d793d..cb4801fcf9a8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -4651,7 +4651,8 @@ static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen) static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen) { - return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0); + return __vfs_setxattr_locked(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0, + NULL); } static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) -- 2.39.4

7 months, 1 week

1
0
0 0

[PATCH v3] zram: don't free statically defined names

by Andrey Skvortsov

When CONFIG_ZRAM_MULTI_COMP isn't set ZRAM_SECONDARY_COMP can hold default_compressor, because it's the same offset as ZRAM_PRIMARY_COMP, so we need to make sure that we don't attempt to kfree() the statically defined compressor name. This is detected by KASAN. ================================================================== Call trace: kfree+0x60/0x3a0 zram_destroy_comps+0x98/0x198 [zram] zram_reset_device+0x22c/0x4a8 [zram] reset_store+0x1bc/0x2d8 [zram] dev_attr_store+0x44/0x80 sysfs_kf_write+0xfc/0x188 kernfs_fop_write_iter+0x28c/0x428 vfs_write+0x4dc/0x9b8 ksys_write+0x100/0x1f8 __arm64_sys_write+0x74/0xb8 invoke_syscall+0xd8/0x260 el0_svc_common.constprop.0+0xb4/0x240 do_el0_svc+0x48/0x68 el0_svc+0x40/0xc8 el0t_64_sync_handler+0x120/0x130 el0t_64_sync+0x190/0x198 ================================================================== Signed-off-by: Andrey Skvortsov <andrej.skvortzov(a)gmail.com> Fixes: 684826f8271a ("zram: free secondary algorithms names") Cc: <stable(a)vger.kernel.org> --- Changes in v2: - removed comment from source code about freeing statically defined compression - removed part of KASAN report from commit description - added information about CONFIG_ZRAM_MULTI_COMP into commit description Changes in v3: - modified commit description based on Sergey's comment - changed start for-loop to ZRAM_PRIMARY_COMP drivers/block/zram/zram_drv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c index c3d245617083d..ad9c9bc3ccfc5 100644 --- a/drivers/block/zram/zram_drv.c +++ b/drivers/block/zram/zram_drv.c @@ -2115,8 +2115,10 @@ static void zram_destroy_comps(struct zram *zram) zram->num_active_comps--; } - for (prio = ZRAM_SECONDARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { - kfree(zram->comp_algs[prio]); + for (prio = ZRAM_PRIMARY_COMP; prio < ZRAM_MAX_COMPS; prio++) { + /* Do not free statically defined compression algorithms */ + if (zram->comp_algs[prio] != default_compressor) + kfree(zram->comp_algs[prio]); zram->comp_algs[prio] = NULL; } -- 2.45.2

7 months, 1 week

5
17
0 0

[regression] frozen usb mouse pointer at boot

by Linux regression tracking (Thorsten Leemhuis)

Hi, Thorsten here, the Linux kernel's regression tracker. I noticed a report about a linux-6.6.y regression in bugzilla.kernel.org that appears to be caused by this commit from Dan applied by Greg: 15fffc6a5624b1 ("driver core: Fix uevent_show() vs driver detach race") [v6.11-rc3, v6.10.5, v6.6.46, v6.1.105, v5.15.165, v5.10.224, v5.4.282, v4.19.320] The reporter did not check yet if mainline is affected; decided to forward the report by mail nevertheless, as the maintainer for the subsystem is also the maintainer for the stable tree. ;-) To quote from https://bugzilla.kernel.org/show_bug.cgi?id=219244 : > The symptoms of this bug are as follows: > > - After booting (to the graphical login screen) the mouse pointer > would frozen and only after unplugging and plugging-in again the usb > plug of the mouse would the mouse be working as expected. > - If one would log in without fixing the mouse issue, the mouse > pointer would still be frozen after login. > - The usb keyboard usually is not affected even though plugged into > the same usb-hub - thus logging in is possible. > - The mouse pointer is also frozen if the usb connector is plugged > into a different usb-port (different from the usb-hub) > - The pointer is moveable via the inbuilt synaptics trackpad > > > The kernel log shows almost the same messages (not sure if the > differences mean anything in regards to this bug) for the initial > recognizing the mouse (frozen mouse pointer) and the re-plugged-in mouse > (and subsequently moveable mouse pointer): > > [kernel] [ 8.763158] usb 1-2.2.1.2: new low-speed USB device number 10 using xhci_hcd > [kernel] [ 8.956028] usb 1-2.2.1.2: New USB device found, idVendor=045e, idProduct=00cb, bcdDevice= 1.04 > [kernel] [ 8.956036] usb 1-2.2.1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 > [kernel] [ 8.956039] usb 1-2.2.1.2: Product: Microsoft Basic Optical Mouse v2.0 > [kernel] [ 8.956041] usb 1-2.2.1.2: Manufacturer: Microsoft > [kernel] [ 8.963554] input: Microsoft Microsoft Basic Optical Mouse v2.0 as /devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.2/1-2.2.1/1-2.2.1.2/1-2.2.1.2:1.0/0003:045E:00CB.0002/input/input18 > [kernel] [ 8.964417] hid-generic 0003:045E:00CB.0002: input,hidraw1: USB HID v1.11 Mouse [Microsoft Microsoft Basic Optical Mouse v2.0 ] on usb-0000:00:14.0-2.2.1.2/input0 > > [kernel] [ 31.258381] usb 1-2.2.1.2: USB disconnect, device number 10 > [kernel] [ 31.595051] usb 1-2.2.1.2: new low-speed USB device number 16 using xhci_hcd > [kernel] [ 31.804002] usb 1-2.2.1.2: New USB device found, idVendor=045e, idProduct=00cb, bcdDevice= 1.04 > [kernel] [ 31.804010] usb 1-2.2.1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0 > [kernel] [ 31.804013] usb 1-2.2.1.2: Product: Microsoft Basic Optical Mouse v2.0 > [kernel] [ 31.804016] usb 1-2.2.1.2: Manufacturer: Microsoft > [kernel] [ 31.812933] input: Microsoft Microsoft Basic Optical Mouse v2.0 as /devices/pci0000:00/0000:00:14.0/usb1/1-2/1-2.2/1-2.2.1/1-2.2.1.2/1-2.2.1.2:1.0/0003:045E:00CB.0004/input/input20 > [kernel] [ 31.814028] hid-generic 0003:045E:00CB.0004: input,hidraw1: USB HID v1.11 Mouse [Microsoft Microsoft Basic Optical Mouse v2.0 ] on usb-0000:00:14.0-2.2.1.2/input0 > > Differences: > > ../0003:045E:00CB.0002/input/input18 vs ../0003:045E:00CB.0004/input/input20 > > and > > hid-generic 0003:045E:00CB.0002 vs hid-generic 0003:045E:00CB.0004 > > > The connector / usb-port was not changed in this case! > > > The symptoms of this bug have been present at one point in the > recent > past, but with kernel v6.6.45 (or maybe even some version before that) > it was fine. But with 6.6.45 it seems to be definitely fine. > > But with v6.6.46 the symptoms returned. That's the reason I > suspected > the kernel to be the cause of this issue. So I did some bisecting - > which wasn't easy because that bug would often times not appear if the > system was simply rebooted into the test kernel. > As the bug would definitely appear on the affected kernels (v6.6.46 > ff) after shutting down the system for the night and booting the next > day, I resorted to simulating the over-night powering-off by shutting > the system down, unplugging the power and pressing the power button to > get rid of residual voltage. But even then a few times the bug would > only appear if I repeated this procedure before booting the system again > with the respective kernel. > > This is on a Thinkpad with Kaby Lake and integrated Intel graphics. > Even though it is a laptop, it is used as a desktop device, and the > internal battery is disconnected, the removable battery is removed as > the system is plugged-in via the power cord at all times (when in use)! > Also, the system has no power (except for the bios battery, of > course) > over night as the power outlet is switched off if the device is not in use. > > Not sure if this affects the issue - or how it does. But for > successful bisecting I had to resort to the above procedure. > > Bisecting the issue (between the release commits of v6.6.45 and > v6.6.46) resulted in this commit [1] being the probable culprit. > > I then tested kernel v6.6.49. It still produced the bug for me. So I > reverted the changes of the assumed "bad commit" and re-compiled kernel > v6.6.49. With this modified kernel the bug seems to be gone. > > Now, I assume the commit has a reason for being introduced, but > maybe > needs some adjusting in order to avoid this bug I'm experiencing on my > system. > Also, I can't say why the issue appeared in the past even without > this > commit being present, as I haven't bisected any kernel version before > v6.6.45. > > > [1]: > > 4d035c743c3e391728a6f81cbf0f7f9ca700cf62 is the first bad commit > commit 4d035c743c3e391728a6f81cbf0f7f9ca700cf62 > Author: Dan Williams <dan.j.williams(a)intel.com> > Date: Fri Jul 12 12:42:09 2024 -0700 > > driver core: Fix uevent_show() vs driver detach race > > commit 15fffc6a5624b13b428bb1c6e9088e32a55eb82c upstream. > > uevent_show() wants to de-reference dev->driver->name. There is no clean See the ticket for more details. Note, you have to use bugzilla to reach the reporter, as I sadly[1] can not CCed them in mails like this. Ciao, Thorsten (wearing his 'the Linux kernel's regression tracker' hat) -- Everything you wanna know about Linux kernel regression tracking: https://linux-regtracking.leemhuis.info/about/#tldr If I did something stupid, please tell me, as explained on that page. [1] because bugzilla.kernel.org tells users upon registration their "email address will never be displayed to logged out users" P.S.: let me use this mail to also add the report to the list of tracked regressions to ensure it's doesn't fall through the cracks: #regzbot introduced: 4d035c743c3e391728a6f81cbf0f7f9ca700cf62 #regzbot from: brmails+k #regzbot duplicate: https://bugzilla.kernel.org/show_bug.cgi?id=219244 #regzbot title: driver core: frozen usb mouse pointer at boot #regzbot ignore-activity

7 months, 1 week

3
5
0 0

+ mm-avoid-unconditional-one-tick-sleep-when-swapcache_prepare-fails.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: avoid unconditional one-tick sleep when swapcache_prepare fails has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-avoid-unconditional-one-tick-sleep-when-swapcache_prepare-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Barry Song <v-songbaohua(a)oppo.com> Subject: mm: avoid unconditional one-tick sleep when swapcache_prepare fails Date: Fri, 27 Sep 2024 09:19:36 +1200 Commit 13ddaf26be32 ("mm/swap: fix race when skipping swapcache") introduced an unconditional one-tick sleep when `swapcache_prepare()` fails, which has led to reports of UI stuttering on latency-sensitive Android devices. To address this, we can use a waitqueue to wake up tasks that fail `swapcache_prepare()` sooner, instead of always sleeping for a full tick. While tasks may occasionally be woken by an unrelated `do_swap_page()`, this method is preferable to two scenarios: rapid re-entry into page faults, which can cause livelocks, and multiple millisecond sleeps, which visibly degrade user experience. Oven's testing shows that a single waitqueue resolves the UI stuttering issue. If a 'thundering herd' problem becomes apparent later, a waitqueue hash similar to `folio_wait_table[PAGE_WAIT_TABLE_SIZE]` for page bit locks can be introduced. Link: https://lkml.kernel.org/r/20240926211936.75373-1-21cnbao@gmail.com Fixes: 13ddaf26be32 ("mm/swap: fix race when skipping swapcache") Signed-off-by: Barry Song <v-songbaohua(a)oppo.com> Reported-by: Oven Liyang <liyangouwen1(a)oppo.com> Tested-by: Oven Liyang <liyangouwen1(a)oppo.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: SeongJae Park <sj(a)kernel.org> Cc: Kalesh Singh <kaleshsingh(a)google.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/mm/memory.c~mm-avoid-unconditional-one-tick-sleep-when-swapcache_prepare-fails +++ a/mm/memory.c @@ -4192,6 +4192,8 @@ static struct folio *alloc_swap_folio(st } #endif /* CONFIG_TRANSPARENT_HUGEPAGE */ +static DECLARE_WAIT_QUEUE_HEAD(swapcache_wq); + /* * We enter with non-exclusive mmap_lock (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. @@ -4204,6 +4206,7 @@ vm_fault_t do_swap_page(struct vm_fault { struct vm_area_struct *vma = vmf->vma; struct folio *swapcache, *folio = NULL; + DECLARE_WAITQUEUE(wait, current); struct page *page; struct swap_info_struct *si = NULL; rmap_t rmap_flags = RMAP_NONE; @@ -4302,7 +4305,9 @@ vm_fault_t do_swap_page(struct vm_fault * Relax a bit to prevent rapid * repeated page faults. */ + add_wait_queue(&swapcache_wq, &wait); schedule_timeout_uninterruptible(1); + remove_wait_queue(&swapcache_wq, &wait); goto out_page; } need_clear_cache = true; @@ -4609,8 +4614,10 @@ unlock: pte_unmap_unlock(vmf->pte, vmf->ptl); out: /* Clear the swap cache pin for direct swapin after PTL unlock */ - if (need_clear_cache) + if (need_clear_cache) { swapcache_clear(si, entry, nr_pages); + wake_up(&swapcache_wq); + } if (si) put_swap_device(si); return ret; @@ -4625,8 +4632,10 @@ out_release: folio_unlock(swapcache); folio_put(swapcache); } - if (need_clear_cache) + if (need_clear_cache) { swapcache_clear(si, entry, nr_pages); + wake_up(&swapcache_wq); + } if (si) put_swap_device(si); return ret; _ Patches currently in -mm which might be from v-songbaohua(a)oppo.com are mm-avoid-unconditional-one-tick-sleep-when-swapcache_prepare-fails.patch

7 months, 1 week

1
0
0 0

+ selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Donet Tom <donettom(a)linux.ibm.com> Subject: selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Date: Fri, 27 Sep 2024 00:07:52 -0500 The hmm2 double_map test was failing due to an incorrect buffer->mirror size. The buffer->mirror size was 6, while buffer->ptr size was 6 * PAGE_SIZE. The test failed because the kernel's copy_to_user function was attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror. Since the size of buffer->mirror was incorrect, copy_to_user failed. This patch corrects the buffer->mirror size to 6 * PAGE_SIZE. Test Result without this patch ============================== # RUN hmm2.hmm2_device_private.double_map ... # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0) # double_map: Test terminated by assertion # FAIL hmm2.hmm2_device_private.double_map not ok 53 hmm2.hmm2_device_private.double_map Test Result with this patch =========================== # RUN hmm2.hmm2_device_private.double_map ... # OK hmm2.hmm2_device_private.double_map ok 53 hmm2.hmm2_device_private.double_map Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com Fixes: fee9f6d1b8df ("mm/hmm/test: add selftests for HMM") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: J��r��me Glisse <jglisse(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hmm-tests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/hmm-tests.c~selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test +++ a/tools/testing/selftests/mm/hmm-tests.c @@ -1657,7 +1657,7 @@ TEST_F(hmm2, double_map) buffer->fd = -1; buffer->size = size; - buffer->mirror = malloc(npages); + buffer->mirror = malloc(size); ASSERT_NE(buffer->mirror, NULL); /* Reserve a range of addresses. */ _ Patches currently in -mm which might be from donettom(a)linux.ibm.com are selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test.patch

7 months, 1 week

1
0
0 0

+ device-dax-correct-pgoff-align-in-dax_set_mapping.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: device-dax: correct pgoff align in dax_set_mapping() has been added to the -mm mm-hotfixes-unstable branch. Its filename is device-dax-correct-pgoff-align-in-dax_set_mapping.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Kun(llfl)" <llfl(a)linux.alibaba.com> Subject: device-dax: correct pgoff align in dax_set_mapping() Date: Fri, 27 Sep 2024 15:45:09 +0800 pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise, vmf->address not aligned to fault_size will be aligned to the next alignment, that can result in memory failure getting the wrong address. Link: https://lkml.kernel.org/r/23c02a03e8d666fef11bbe13e85c69c8b4ca0624.17274216… Fixes: b9b5777f09be ("device-dax: use ALIGN() for determining pgoff") Signed-off-by: Kun(llfl) <llfl(a)linux.alibaba.com> Tested-by: JianXiong Zhao <zhaojianxiong.zjx(a)alibaba-inc.com> Cc: Joao Martins <joao.m.martins(a)oracle.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/dax/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dax/device.c~device-dax-correct-pgoff-align-in-dax_set_mapping +++ a/drivers/dax/device.c @@ -86,7 +86,7 @@ static void dax_set_mapping(struct vm_fa nr_pages = 1; pgoff = linear_page_index(vmf->vma, - ALIGN(vmf->address, fault_size)); + ALIGN_DOWN(vmf->address, fault_size)); for (i = 0; i < nr_pages; i++) { struct page *page = pfn_to_page(pfn_t_to_pfn(pfn) + i); _ Patches currently in -mm which might be from llfl(a)linux.alibaba.com are device-dax-correct-pgoff-align-in-dax_set_mapping.patch

7 months, 1 week

1
0
0 0

[PATCH 5.15.y] vfio/pci: fix potential memory leak in vfio_intx_enable()

by Oleksandr Tymoshenko

From: Ye Bin <yebin10(a)huawei.com> [ Upstream commit 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 ] If kzalloc() failed will lead to 'name' memory leak. Fixes: 18c198c96a81 ("vfio/pci: Create persistent INTx handler") Signed-off-by: Ye Bin <yebin10(a)huawei.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Acked-by: Reinette Chatre <reinette.chatre(a)intel.com> Link: https://lore.kernel.org/r/20240415015029.3699844-1-yebin10@huawei.com Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- drivers/vfio/pci/vfio_pci_intrs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c index cb55f96b4f03..f20512c413f7 100644 --- a/drivers/vfio/pci/vfio_pci_intrs.c +++ b/drivers/vfio/pci/vfio_pci_intrs.c @@ -181,8 +181,10 @@ static int vfio_intx_enable(struct vfio_pci_core_device *vdev, return -ENOMEM; vdev->ctx = kzalloc(sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL); - if (!vdev->ctx) + if (!vdev->ctx) { + kfree(name); return -ENOMEM; + } vdev->num_ctx = 1; -- 2.46.1.824.gd892dcdcdd-goog

7 months, 1 week

1
0
0 0

[PATCH] tools/nolibc: s390: include std.h

by Thomas Weißschuh

arch-s390.h uses types from std.h, but does not include it. Depending on the inclusion order the compilation can fail. Include std.h explicitly to avoid these errors. Fixes: 404fa87c0eaf ("tools/nolibc: s390: provide custom implementation for sys_fork") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> --- tools/include/nolibc/arch-s390.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/include/nolibc/arch-s390.h b/tools/include/nolibc/arch-s390.h index 2ec13d8b9a2db80efa8d6cbbbd01bfa3d0059de2..f9ab83a219b8a2d5e53b0b303d8bf0bf78280d5f 100644 --- a/tools/include/nolibc/arch-s390.h +++ b/tools/include/nolibc/arch-s390.h @@ -10,6 +10,7 @@ #include "compiler.h" #include "crt.h" +#include "std.h" /* Syscalls for s390: * - registers are 64-bit --- base-commit: e477dba5442c0af7acb9e8bbbbde1108a37ed39c change-id: 20240927-nolibc-s390-std-h-cbb13f70fa73 Best regards, -- Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>

7 months, 1 week

1
0
0 0

[PATCH 6.1.y] vfio/pci: fix potential memory leak in vfio_intx_enable()

by Oleksandr Tymoshenko

From: Ye Bin <yebin10(a)huawei.com> [ Upstream commit 82b951e6fbd31d85ae7f4feb5f00ddd4c5d256e2 ] If kzalloc() failed will lead to 'name' memory leak. Fixes: 18c198c96a81 ("vfio/pci: Create persistent INTx handler") Signed-off-by: Ye Bin <yebin10(a)huawei.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Acked-by: Reinette Chatre <reinette.chatre(a)intel.com> Link: https://lore.kernel.org/r/20240415015029.3699844-1-yebin10@huawei.com Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- drivers/vfio/pci/vfio_pci_intrs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c index 03246a59b553..5cbcde32ff79 100644 --- a/drivers/vfio/pci/vfio_pci_intrs.c +++ b/drivers/vfio/pci/vfio_pci_intrs.c @@ -215,8 +215,10 @@ static int vfio_intx_enable(struct vfio_pci_core_device *vdev, return -ENOMEM; vdev->ctx = kzalloc(sizeof(struct vfio_pci_irq_ctx), GFP_KERNEL_ACCOUNT); - if (!vdev->ctx) + if (!vdev->ctx) { + kfree(name); return -ENOMEM; + } vdev->num_ctx = 1; -- 2.46.1.824.gd892dcdcdd-goog

7 months, 1 week

1
0
0 0

[PATCH v5.4-v4.19] crypto: aead,cipher - zeroize key buffer after use

by hsimeliere.opensource＠witekio.com

From: Hailey Mothershead <hailmo(a)amazon.com> commit 23e4099bdc3c8381992f9eb975c79196d6755210 upstream. I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <hailmo(a)amazon.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- crypto/aead.c | 3 +-- crypto/cipher.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/aead.c b/crypto/aead.c index 9688ada13981..f8b2cd0567f1 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -45,8 +45,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = crypto_aead_alg(tfm)->setkey(tfm, alignbuffer, keylen); - memset(alignbuffer, 0, keylen); - kfree(buffer); + kzfree(buffer); return ret; } diff --git a/crypto/cipher.c b/crypto/cipher.c index 57836c30a49a..3d3fa8d0d533 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -38,8 +38,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, alignbuffer = (u8 *)ALIGN((unsigned long)buffer, alignmask + 1); memcpy(alignbuffer, key, keylen); ret = cia->cia_setkey(tfm, alignbuffer, keylen); - memset(alignbuffer, 0, keylen); - kfree(buffer); + kzfree(buffer); return ret; } -- 2.43.0

7 months, 1 week

1
0
0 0

self-debug using ptrace bad behavior?

by Sim Brahmi

Hello, I am unsure if this is the 'correct' behavior for ptrace. If you run ptrace_traceme followed by ptrace_attach, then the process attaches its own parent to itself and cannot be attached by another thing. The attach call errors out, but GDB does report something attached to it. I am unsure if Bash does this itself perhaps. It's a bit hard for me to reason about because my debugging skills are bad and trying 'strace' with bash -c ./thing, or just on the thing itself gives -1 on both ptrace calls as strace attaches to it. similarly with GDB. Unsure how to debug this. https://gist.github.com/x64-elf-sh42/83393e319ad8280b8704fbe3f499e381 to compile simply: gcc test.c -o thingy This code works on my machine which is: Linux 6.1.0-25-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.106-3 (2024-08-26) x86_64 GNU/Linux GDB -p on the pid reports that another pid is attached and the operation is illegal. That other pid is the bash shell that i spawned this binary from (code in gist). it's useful for anti-debugging, but it seems odd it will attach it's parent to the process since that's not actually doing the attach call. If anything i'd expect the pid attached to itself, rather than the parent getting attached. The first call to ptrace (traceme) gets return value 0. The second call (attach) gets return value -1. That does seem correct, but yet there is something 'attached' when i try to use GDB. If I only do the traceme call, it does not get attached by Bash, so it looks totally like the 'attach' call has a side effect of attaching the parent, rather than just only failing. Kind regards, ~sh42

7 months, 1 week

1
0
0 0

How do we track regressions affecting multiple (stable) trees?

by Christian Heusel

Hello everyone, I wondered a few times in the last months how we could properly track regressions for the stable series, as I'm always a bit unsure how proper use of regzbot would look for these cases. For issues that affect mainline usually just the commit itself is specified with the relevant "#regzbot introduced: ..." invocation, but how would one do this if the stable trees are also affected? Do we need to specify "#regzbot introduced" for each backported version of the upstream commit?! IMO this is especially interesting because sometimes getting a patchset to fix the older trees can take quite some time since possibly backport dependencies have to be found or even custom patches need to be written, as it i.e. was the case [here][0]. This led to fixes for the linux-6.1.y branch landing a bit later which would be good to track with regzbot so it does not fall through the cracks. Maybe there already is a regzbot facility to do this that I have just missed, but I thought if there is people on the lists will know :) Cheers, Chris P.S.: I hope everybody had a great time at the conferences! I hope to also make it next year .. [0]: https://lore.kernel.org/all/66bcb6f68172f_adbf529471@willemb.c.googlers.com…

7 months, 1 week

2
1
0 0

Re: [PATCH 6.11 00/12] 6.11.1-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

7 months, 1 week

1
0
0 0

[PATCH 1/1] USB: serial: option: add Telit FN920C04 MBIM compositions

by Daniele Palmas

Add the following Telit FN920C04 compositions: 0x10a2: MBIM + tty (AT/NMEA) + tty (AT) + tty (diag) T: Bus=03 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 17 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10a2 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FN920 S: SerialNumber=92c4c4d8 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x10a7: MBIM + tty (AT) + tty (AT) + tty (diag) T: Bus=03 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 18 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10a7 Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FN920 S: SerialNumber=92c4c4d8 C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms 0x10aa: MBIM + tty (AT) + tty (diag) + DPL (data packet logging) + adb T: Bus=03 Lev=01 Prnt=03 Port=06 Cnt=01 Dev#= 15 Spd=480 MxCh= 0 D: Ver= 2.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=1bc7 ProdID=10aa Rev=05.15 S: Manufacturer=Telit Cinterion S: Product=FN920 S: SerialNumber=92c4c4d8 C: #Ifs= 6 Cfg#= 1 Atr=e0 MxPwr=500mA I: If#= 0 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=32ms I: If#= 1 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=84(I) Atr=03(Int.) MxPS= 10 Ivl=32ms I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 4 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=80 Driver=(none) E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms Signed-off-by: Daniele Palmas <dnlplm(a)gmail.com> --- drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c index 176f38750ad5..6dcb73586e0b 100644 --- a/drivers/usb/serial/option.c +++ b/drivers/usb/serial/option.c @@ -1380,10 +1380,16 @@ static const struct usb_device_id option_ids[] = { .driver_info = NCTRL(0) | RSVD(1) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a0, 0xff), /* Telit FN20C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(3) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a2, 0xff), /* Telit FN920C04 (MBIM) */ + .driver_info = NCTRL(4) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a4, 0xff), /* Telit FN20C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(3) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a7, 0xff), /* Telit FN920C04 (MBIM) */ + .driver_info = NCTRL(4) }, { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10a9, 0xff), /* Telit FN20C04 (rmnet) */ .driver_info = RSVD(0) | NCTRL(2) | RSVD(3) | RSVD(4) }, + { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x10aa, 0xff), /* Telit FN920C04 (MBIM) */ + .driver_info = NCTRL(3) | RSVD(4) | RSVD(5) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910), .driver_info = NCTRL(0) | RSVD(1) | RSVD(3) }, { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_ME910_DUAL_MODEM), -- 2.37.1

7 months, 1 week

2
1
0 0

[PATCH] ext4: fix off by one issue in alloc_flex_gd()

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> Wesley reported an issue: ================================================================== EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks ------------[ cut here ]------------ kernel BUG at fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Call Trace: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== While reviewing the patch, Honza found that when adjusting resize_bg in alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than flexbg_size. The reproduction of the problem requires the following: o_group = flexbg_size * 2 * n; o_size = (o_group + 1) * group_size; n_group: [o_group + flexbg_size, o_group + flexbg_size * 2) o_size = (n_group + 1) * group_size; Take n=0,flexbg_size=16 as an example: last:15 |o---------------|--------------n-| o_group:0 resize to n_group:30 The corresponding reproducer is: img=test.img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE() to prevent the issue from happening again. Reported-by: Wesley Hershberger <wesley.hershberger(a)canonical.com> Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2081231 Reported-by: Stéphane Graber <stgraber(a)stgraber.org> Closes: https://lore.kernel.org/all/20240925143325.518508-1-aleksandr.mikhalitsyn@c… Tested-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> Tested-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 665d3e0af4d3 ("ext4: reduce unnecessary memory allocation in alloc_flex_gd()") Cc: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/ext4/resize.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index e04eb08b9060..397970121d43 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -253,9 +253,9 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned int flexbg_size, /* Avoid allocating large 'groups' array if not needed */ last_group = o_group | (flex_gd->resize_bg - 1); if (n_group <= last_group) - flex_gd->resize_bg = 1 << fls(n_group - o_group + 1); + flex_gd->resize_bg = 1 << fls(n_group - o_group); else if (n_group - last_group < flex_gd->resize_bg) - flex_gd->resize_bg = 1 << max(fls(last_group - o_group + 1), + flex_gd->resize_bg = 1 << max(fls(last_group - o_group), fls(n_group - last_group)); flex_gd->groups = kmalloc_array(flex_gd->resize_bg, -- 2.46.0

7 months, 1 week

4
4
0 0

[PATCH 0/2 v5.10] Fix CVE-2024-38588

by Shivani Agarwal

From: Shivani Agarwal <shivania2(a)vmware.com> Hi, To Fix CVE-2024-38588 e60b613df8b6 is required, but it has a dependency on aebfd12521d9. Therefore backported both patches for v5.10. Thanks, Shivani Shivani Agarwal (2): x86/ibt,ftrace: Search for __fentry__ location ftrace: Fix possible use-after-free issue in ftrace_location() arch/x86/kernel/kprobes/core.c | 11 +----- kernel/bpf/trampoline.c | 20 ++-------- kernel/kprobes.c | 8 +--- kernel/trace/ftrace.c | 71 ++++++++++++++++++++++++++-------- 4 files changed, 63 insertions(+), 47 deletions(-) -- 2.39.4

7 months, 1 week

2
3
0 0

[PATCH 5.10] drm/vmwgfx: Remove rcu locks from user resources

by Huang Xiaojia

[ Upstream commit a309c7194e8a2f8bd4539b9449917913f6c2cd50 ] User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command buffers from two different threads. Because the lookups never show up in performance profiles replace them with a regular spin lock which fixes the races in accesses to those shared resources. Fixes kernel oops'es in IGT's vmwgfx execution_buffer stress test and seen crashes with apps using shared resources. Fixes: e14c02e6b699 ("drm/vmwgfx: Look up objects without taking a reference") Signed-off-by: Huang Xiaojia <huangxiaojia2(a)huawei.com> --- drivers/gpu/drm/drm_hashtab.c | 5 +- drivers/gpu/drm/vmwgfx/ttm_object.c | 55 +++---- drivers/gpu/drm/vmwgfx/ttm_object.h | 14 -- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 42 ------ drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 27 +--- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 176 +++++++++++------------ drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 35 ----- include/drm/drm_hashtab.h | 2 + 8 files changed, 105 insertions(+), 251 deletions(-) diff --git a/drivers/gpu/drm/drm_hashtab.c b/drivers/gpu/drm/drm_hashtab.c index c50fa6f0709f..a61642835542 100644 --- a/drivers/gpu/drm/drm_hashtab.c +++ b/drivers/gpu/drm/drm_hashtab.c @@ -74,8 +74,8 @@ void drm_ht_verbose_list(struct drm_open_hash *ht, unsigned long key) DRM_DEBUG("count %d, key: 0x%08lx\n", count++, entry->key); } -static struct hlist_node *drm_ht_find_key(struct drm_open_hash *ht, - unsigned long key) +struct hlist_node *drm_ht_find_key(struct drm_open_hash *ht, + unsigned long key) { struct drm_hash_item *entry; struct hlist_head *h_list; @@ -91,6 +91,7 @@ static struct hlist_node *drm_ht_find_key(struct drm_open_hash *ht, } return NULL; } +EXPORT_SYMBOL(drm_ht_find_key); static struct hlist_node *drm_ht_find_key_rcu(struct drm_open_hash *ht, unsigned long key) diff --git a/drivers/gpu/drm/vmwgfx/ttm_object.c b/drivers/gpu/drm/vmwgfx/ttm_object.c index 16077785ad47..72a4aaeba0c7 100644 --- a/drivers/gpu/drm/vmwgfx/ttm_object.c +++ b/drivers/gpu/drm/vmwgfx/ttm_object.c @@ -137,6 +137,20 @@ ttm_object_file_ref(struct ttm_object_file *tfile) return tfile; } +static int ttm_tfile_find_ref(struct drm_open_hash *ht, + uint32_t key, + struct drm_hash_item **item) +{ + struct hlist_node *h_node; + + h_node = drm_ht_find_key(ht, key); + if (!h_node) + return -EINVAL; + + *item = hlist_entry(h_node, struct drm_hash_item, head); + return 0; +} + static void ttm_object_file_destroy(struct kref *kref) { struct ttm_object_file *tfile = @@ -225,41 +239,6 @@ void ttm_base_object_unref(struct ttm_base_object **p_base) kref_put(&base->refcount, ttm_release_base); } -/** - * ttm_base_object_noref_lookup - look up a base object without reference - * @tfile: The struct ttm_object_file the object is registered with. - * @key: The object handle. - * - * This function looks up a ttm base object and returns a pointer to it - * without refcounting the pointer. The returned pointer is only valid - * until ttm_base_object_noref_release() is called, and the object - * pointed to by the returned pointer may be doomed. Any persistent usage - * of the object requires a refcount to be taken using kref_get_unless_zero(). - * Iff this function returns successfully it needs to be paired with - * ttm_base_object_noref_release() and no sleeping- or scheduling functions - * may be called inbetween these function callse. - * - * Return: A pointer to the object if successful or NULL otherwise. - */ -struct ttm_base_object * -ttm_base_object_noref_lookup(struct ttm_object_file *tfile, uint32_t key) -{ - struct drm_hash_item *hash; - struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE]; - int ret; - - rcu_read_lock(); - ret = drm_ht_find_item_rcu(ht, key, &hash); - if (ret) { - rcu_read_unlock(); - return NULL; - } - - __release(RCU); - return drm_hash_entry(hash, struct ttm_ref_object, hash)->obj; -} -EXPORT_SYMBOL(ttm_base_object_noref_lookup); - struct ttm_base_object *ttm_base_object_lookup(struct ttm_object_file *tfile, uint32_t key) { @@ -268,15 +247,15 @@ struct ttm_base_object *ttm_base_object_lookup(struct ttm_object_file *tfile, struct drm_open_hash *ht = &tfile->ref_hash[TTM_REF_USAGE]; int ret; - rcu_read_lock(); - ret = drm_ht_find_item_rcu(ht, key, &hash); + spin_lock(&tfile->lock); + ret = ttm_tfile_find_ref(ht, key, &hash); if (likely(ret == 0)) { base = drm_hash_entry(hash, struct ttm_ref_object, hash)->obj; if (!kref_get_unless_zero(&base->refcount)) base = NULL; } - rcu_read_unlock(); + spin_unlock(&tfile->lock); return base; } diff --git a/drivers/gpu/drm/vmwgfx/ttm_object.h b/drivers/gpu/drm/vmwgfx/ttm_object.h index ede26df87c93..d16334e5d509 100644 --- a/drivers/gpu/drm/vmwgfx/ttm_object.h +++ b/drivers/gpu/drm/vmwgfx/ttm_object.h @@ -359,18 +359,4 @@ extern int ttm_prime_handle_to_fd(struct ttm_object_file *tfile, */ #define TTM_OBJ_EXTRA_SIZE 128 -struct ttm_base_object * -ttm_base_object_noref_lookup(struct ttm_object_file *tfile, uint32_t key); - -/** - * ttm_base_object_noref_release - release a base object pointer looked up - * without reference - * - * Releases a base object pointer looked up with ttm_base_object_noref_lookup(). - */ -static inline void ttm_base_object_noref_release(void) -{ - __acquire(RCU); - rcu_read_unlock(); -} #endif diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 9a66ba254326..eb76cca4b29c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -976,48 +976,6 @@ int vmw_user_bo_lookup(struct ttm_object_file *tfile, return 0; } -/** - * vmw_user_bo_noref_lookup - Look up a vmw user buffer object without reference - * @tfile: The TTM object file the handle is registered with. - * @handle: The user buffer object handle. - * - * This function looks up a struct vmw_user_bo and returns a pointer to the - * struct vmw_buffer_object it derives from without refcounting the pointer. - * The returned pointer is only valid until vmw_user_bo_noref_release() is - * called, and the object pointed to by the returned pointer may be doomed. - * Any persistent usage of the object requires a refcount to be taken using - * ttm_bo_reference_unless_doomed(). Iff this function returns successfully it - * needs to be paired with vmw_user_bo_noref_release() and no sleeping- - * or scheduling functions may be called inbetween these function calls. - * - * Return: A struct vmw_buffer_object pointer if successful or negative - * error pointer on failure. - */ -struct vmw_buffer_object * -vmw_user_bo_noref_lookup(struct ttm_object_file *tfile, u32 handle) -{ - struct vmw_user_buffer_object *vmw_user_bo; - struct ttm_base_object *base; - - base = ttm_base_object_noref_lookup(tfile, handle); - if (!base) { - DRM_ERROR("Invalid buffer object handle 0x%08lx.\n", - (unsigned long)handle); - return ERR_PTR(-ESRCH); - } - - if (unlikely(ttm_base_object_type(base) != ttm_buffer_type)) { - ttm_base_object_noref_release(); - DRM_ERROR("Invalid buffer object handle 0x%08lx.\n", - (unsigned long)handle); - return ERR_PTR(-EINVAL); - } - - vmw_user_bo = container_of(base, struct vmw_user_buffer_object, - prime.base); - return &vmw_user_bo->vbo; -} - /** * vmw_user_bo_reference - Open a handle to a vmw user buffer object. * diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index fa285c20d6da..0f7a0f9169f8 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -768,12 +768,7 @@ extern int vmw_user_resource_lookup_handle( uint32_t handle, const struct vmw_user_resource_conv *converter, struct vmw_resource **p_res); -extern struct vmw_resource * -vmw_user_resource_noref_lookup_handle(struct vmw_private *dev_priv, - struct ttm_object_file *tfile, - uint32_t handle, - const struct vmw_user_resource_conv * - converter); + extern int vmw_stream_claim_ioctl(struct drm_device *dev, void *data, struct drm_file *file_priv); extern int vmw_stream_unref_ioctl(struct drm_device *dev, void *data, @@ -811,15 +806,6 @@ static inline bool vmw_resource_mob_attached(const struct vmw_resource *res) return !RB_EMPTY_NODE(&res->mob_node); } -/** - * vmw_user_resource_noref_release - release a user resource pointer looked up - * without reference - */ -static inline void vmw_user_resource_noref_release(void) -{ - ttm_base_object_noref_release(); -} - /** * Buffer object helper functions - vmwgfx_bo.c */ @@ -880,17 +866,6 @@ extern void vmw_bo_unmap(struct vmw_buffer_object *vbo); extern void vmw_bo_move_notify(struct ttm_buffer_object *bo, struct ttm_resource *mem); extern void vmw_bo_swap_notify(struct ttm_buffer_object *bo); -extern struct vmw_buffer_object * -vmw_user_bo_noref_lookup(struct ttm_object_file *tfile, u32 handle); - -/** - * vmw_user_bo_noref_release - release a buffer object pointer looked up - * without reference - */ -static inline void vmw_user_bo_noref_release(void) -{ - ttm_base_object_noref_release(); -} /** * vmw_bo_adjust_prio - Adjust the buffer object eviction priority diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c index 616f6cb62278..c1aab5ee2a35 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c @@ -285,20 +285,26 @@ static void vmw_execbuf_rcache_update(struct vmw_res_cache_entry *rcache, rcache->valid_handle = 0; } +enum vmw_val_add_flags { + vmw_val_add_flag_none = 0, + vmw_val_add_flag_noctx = 1 << 0, +}; + /** - * vmw_execbuf_res_noref_val_add - Add a resource described by an unreferenced - * rcu-protected pointer to the validation list. + * vmw_execbuf_res_val_add - Add a resource to the validation list. * * @sw_context: Pointer to the software context. * @res: Unreferenced rcu-protected pointer to the resource. * @dirty: Whether to change dirty status. + * @flags: specifies whether to use the context or not * * Returns: 0 on success. Negative error code on failure. Typical error codes * are %-EINVAL on inconsistency and %-ESRCH if the resource was doomed. */ -static int vmw_execbuf_res_noref_val_add(struct vmw_sw_context *sw_context, - struct vmw_resource *res, - u32 dirty) +static int vmw_execbuf_res_val_add(struct vmw_sw_context *sw_context, + struct vmw_resource *res, + u32 dirty, + u32 flags) { struct vmw_private *dev_priv = res->dev_priv; int ret; @@ -313,24 +319,30 @@ static int vmw_execbuf_res_noref_val_add(struct vmw_sw_context *sw_context, if (dirty) vmw_validation_res_set_dirty(sw_context->ctx, rcache->private, dirty); - vmw_user_resource_noref_release(); return 0; } - priv_size = vmw_execbuf_res_size(dev_priv, res_type); - ret = vmw_validation_add_resource(sw_context->ctx, res, priv_size, - dirty, (void **)&ctx_info, - &first_usage); - vmw_user_resource_noref_release(); - if (ret) - return ret; + if ((flags & vmw_val_add_flag_noctx) != 0) { + ret = vmw_validation_add_resource(sw_context->ctx, res, 0, dirty, + (void **)&ctx_info, NULL); + if (ret) + return ret; - if (priv_size && first_usage) { - ret = vmw_cmd_ctx_first_setup(dev_priv, sw_context, res, - ctx_info); - if (ret) { - VMW_DEBUG_USER("Failed first usage context setup.\n"); + } else { + priv_size = vmw_execbuf_res_size(dev_priv, res_type); + ret = vmw_validation_add_resource(sw_context->ctx, res, priv_size, + dirty, (void **)&ctx_info, + &first_usage); + if (ret) return ret; + + if (priv_size && first_usage) { + ret = vmw_cmd_ctx_first_setup(dev_priv, sw_context, res, + ctx_info); + if (ret) { + VMW_DEBUG_USER("Failed first usage context setup.\n"); + return ret; + } } } @@ -338,43 +350,6 @@ static int vmw_execbuf_res_noref_val_add(struct vmw_sw_context *sw_context, return 0; } -/** - * vmw_execbuf_res_noctx_val_add - Add a non-context resource to the resource - * validation list if it's not already on it - * - * @sw_context: Pointer to the software context. - * @res: Pointer to the resource. - * @dirty: Whether to change dirty status. - * - * Returns: Zero on success. Negative error code on failure. - */ -static int vmw_execbuf_res_noctx_val_add(struct vmw_sw_context *sw_context, - struct vmw_resource *res, - u32 dirty) -{ - struct vmw_res_cache_entry *rcache; - enum vmw_res_type res_type = vmw_res_type(res); - void *ptr; - int ret; - - rcache = &sw_context->res_cache[res_type]; - if (likely(rcache->valid && rcache->res == res)) { - if (dirty) - vmw_validation_res_set_dirty(sw_context->ctx, - rcache->private, dirty); - return 0; - } - - ret = vmw_validation_add_resource(sw_context->ctx, res, 0, dirty, - &ptr, NULL); - if (ret) - return ret; - - vmw_execbuf_rcache_update(rcache, res, ptr); - - return 0; -} - /** * vmw_view_res_val_add - Add a view and the surface it's pointing to to the * validation list @@ -393,13 +368,13 @@ static int vmw_view_res_val_add(struct vmw_sw_context *sw_context, * First add the resource the view is pointing to, otherwise it may be * swapped out when the view is validated. */ - ret = vmw_execbuf_res_noctx_val_add(sw_context, vmw_view_srf(view), - vmw_view_dirtying(view)); + ret = vmw_execbuf_res_val_add(sw_context, vmw_view_srf(view), + vmw_view_dirtying(view), vmw_val_add_flag_noctx); if (ret) return ret; - return vmw_execbuf_res_noctx_val_add(sw_context, view, - VMW_RES_DIRTY_NONE); + return vmw_execbuf_res_val_add(sw_context, view, VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); } /** @@ -470,8 +445,9 @@ static int vmw_resource_context_res_add(struct vmw_private *dev_priv, if (IS_ERR_OR_NULL(res)) continue; - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_SET); + ret = vmw_execbuf_res_val_add(sw_context, res, + VMW_RES_DIRTY_SET, + vmw_val_add_flag_noctx); if (unlikely(ret != 0)) return ret; } @@ -485,9 +461,9 @@ static int vmw_resource_context_res_add(struct vmw_private *dev_priv, if (vmw_res_type(entry->res) == vmw_res_view) ret = vmw_view_res_val_add(sw_context, entry->res); else - ret = vmw_execbuf_res_noctx_val_add - (sw_context, entry->res, - vmw_binding_dirtying(entry->bt)); + ret = vmw_execbuf_res_val_add(sw_context, entry->res, + vmw_binding_dirtying(entry->bt), + vmw_val_add_flag_noctx); if (unlikely(ret != 0)) break; } @@ -653,7 +629,8 @@ vmw_cmd_res_check(struct vmw_private *dev_priv, { struct vmw_res_cache_entry *rcache = &sw_context->res_cache[res_type]; struct vmw_resource *res; - int ret; + int ret = 0; + bool needs_unref = false; if (p_res) *p_res = NULL; @@ -678,17 +655,18 @@ vmw_cmd_res_check(struct vmw_private *dev_priv, if (ret) return ret; - res = vmw_user_resource_noref_lookup_handle - (dev_priv, sw_context->fp->tfile, *id_loc, converter); - if (IS_ERR(res)) { + ret = vmw_user_resource_lookup_handle + (dev_priv, sw_context->fp->tfile, *id_loc, converter, &res); + if (ret != 0) { VMW_DEBUG_USER("Could not find/use resource 0x%08x.\n", (unsigned int) *id_loc); - return PTR_ERR(res); + return ret; } + needs_unref = true; - ret = vmw_execbuf_res_noref_val_add(sw_context, res, dirty); + ret = vmw_execbuf_res_val_add(sw_context, res, dirty, vmw_val_add_flag_none); if (unlikely(ret != 0)) - return ret; + goto res_check_done; if (rcache->valid && rcache->res == res) { rcache->valid_handle = true; @@ -703,7 +681,11 @@ vmw_cmd_res_check(struct vmw_private *dev_priv, if (p_res) *p_res = res; - return 0; +res_check_done: + if (needs_unref) + vmw_resource_unreference(&res); + + return ret; } /** @@ -1166,14 +1148,14 @@ static int vmw_translate_mob_ptr(struct vmw_private *dev_priv, int ret; vmw_validation_preload_bo(sw_context->ctx); - vmw_bo = vmw_user_bo_noref_lookup(sw_context->fp->tfile, handle); - if (IS_ERR(vmw_bo)) { + ret = vmw_user_bo_lookup(sw_context->fp->tfile, handle, &vmw_bo, NULL); + if (ret != 0) { VMW_DEBUG_USER("Could not find or use MOB buffer.\n"); return PTR_ERR(vmw_bo); } ret = vmw_validation_add_bo(sw_context->ctx, vmw_bo, true, false); - vmw_user_bo_noref_release(); + ttm_bo_put(&vmw_bo->base); if (unlikely(ret != 0)) return ret; @@ -1221,14 +1203,14 @@ static int vmw_translate_guest_ptr(struct vmw_private *dev_priv, int ret; vmw_validation_preload_bo(sw_context->ctx); - vmw_bo = vmw_user_bo_noref_lookup(sw_context->fp->tfile, handle); - if (IS_ERR(vmw_bo)) { + ret = vmw_user_bo_lookup(sw_context->fp->tfile, handle, &vmw_bo, NULL); + if (ret != 0) { VMW_DEBUG_USER("Could not find or use GMR region.\n"); return PTR_ERR(vmw_bo); } ret = vmw_validation_add_bo(sw_context->ctx, vmw_bo, false, false); - vmw_user_bo_noref_release(); + ttm_bo_put(&vmw_bo->base); if (unlikely(ret != 0)) return ret; @@ -2024,8 +2006,9 @@ static int vmw_cmd_set_shader(struct vmw_private *dev_priv, res = vmw_shader_lookup(vmw_context_res_man(ctx), cmd->body.shid, cmd->body.type); if (!IS_ERR(res)) { - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_NONE); + ret = vmw_execbuf_res_val_add(sw_context, res, + VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); if (unlikely(ret != 0)) return ret; @@ -2227,8 +2210,9 @@ static int vmw_cmd_dx_set_shader(struct vmw_private *dev_priv, return PTR_ERR(res); } - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_NONE); + ret = vmw_execbuf_res_val_add(sw_context, res, + VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); if (ret) return ret; } @@ -2735,8 +2719,8 @@ static int vmw_cmd_dx_bind_shader(struct vmw_private *dev_priv, return PTR_ERR(res); } - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_NONE); + ret = vmw_execbuf_res_val_add(sw_context, res, VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); if (ret) { VMW_DEBUG_USER("Error creating resource validation node.\n"); return ret; @@ -3058,8 +3042,8 @@ static int vmw_cmd_dx_bind_streamoutput(struct vmw_private *dev_priv, vmw_dx_streamoutput_set_size(res, cmd->body.sizeInBytes); - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_NONE); + ret = vmw_execbuf_res_val_add(sw_context, res, VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); if (ret) { DRM_ERROR("Error creating resource validation node.\n"); return ret; @@ -3108,8 +3092,8 @@ static int vmw_cmd_dx_set_streamoutput(struct vmw_private *dev_priv, return 0; } - ret = vmw_execbuf_res_noctx_val_add(sw_context, res, - VMW_RES_DIRTY_NONE); + ret = vmw_execbuf_res_val_add(sw_context, res, VMW_RES_DIRTY_NONE, + vmw_val_add_flag_noctx); if (ret) { DRM_ERROR("Error creating resource validation node.\n"); return ret; @@ -4008,22 +3992,26 @@ static int vmw_execbuf_tie_context(struct vmw_private *dev_priv, if (ret) return ret; - res = vmw_user_resource_noref_lookup_handle + ret = vmw_user_resource_lookup_handle (dev_priv, sw_context->fp->tfile, handle, - user_context_converter); - if (IS_ERR(res)) { + user_context_converter, &res); + if (ret != 0) { VMW_DEBUG_USER("Could not find or user DX context 0x%08x.\n", (unsigned int) handle); - return PTR_ERR(res); + return ret; } - ret = vmw_execbuf_res_noref_val_add(sw_context, res, VMW_RES_DIRTY_SET); - if (unlikely(ret != 0)) + ret = vmw_execbuf_res_val_add(sw_context, res, VMW_RES_DIRTY_SET, + vmw_val_add_flag_none); + if (unlikely(ret != 0)) { + vmw_resource_unreference(&res); return ret; + } sw_context->dx_ctx_node = vmw_execbuf_info_from_res(sw_context, res); sw_context->man = vmw_context_res_man(res); + vmw_resource_unreference(&res); return 0; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c index 26f88d64879f..64f9f407752b 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c @@ -282,41 +282,6 @@ int vmw_user_resource_lookup_handle(struct vmw_private *dev_priv, return ret; } -/** - * vmw_user_resource_lookup_handle - lookup a struct resource from a - * TTM user-space handle and perform basic type checks - * - * @dev_priv: Pointer to a device private struct - * @tfile: Pointer to a struct ttm_object_file identifying the caller - * @handle: The TTM user-space handle - * @converter: Pointer to an object describing the resource type - * @p_res: On successful return the location pointed to will contain - * a pointer to a refcounted struct vmw_resource. - * - * If the handle can't be found or is associated with an incorrect resource - * type, -EINVAL will be returned. - */ -struct vmw_resource * -vmw_user_resource_noref_lookup_handle(struct vmw_private *dev_priv, - struct ttm_object_file *tfile, - uint32_t handle, - const struct vmw_user_resource_conv - *converter) -{ - struct ttm_base_object *base; - - base = ttm_base_object_noref_lookup(tfile, handle); - if (!base) - return ERR_PTR(-ESRCH); - - if (unlikely(ttm_base_object_type(base) != converter->object_type)) { - ttm_base_object_noref_release(); - return ERR_PTR(-EINVAL); - } - - return converter->base_obj_to_res(base); -} - /** * Helper function that looks either a surface or bo. * diff --git a/include/drm/drm_hashtab.h b/include/drm/drm_hashtab.h index bb95ff011baf..fe5ad4793a15 100644 --- a/include/drm/drm_hashtab.h +++ b/include/drm/drm_hashtab.h @@ -49,6 +49,8 @@ struct drm_open_hash { u8 order; }; +struct hlist_node *drm_ht_find_key(struct drm_open_hash *ht, unsigned long key); + int drm_ht_create(struct drm_open_hash *ht, unsigned int order); int drm_ht_insert_item(struct drm_open_hash *ht, struct drm_hash_item *item); int drm_ht_just_insert_please(struct drm_open_hash *ht, struct drm_hash_item *item, -- 2.34.1

7 months, 1 week

2
1
0 0

[PATCH v2] Revert "vrf: Remove unnecessary RCU-bh critical section"

by greearb＠candelatech.com

From: Ben Greear <greearb(a)candelatech.com> This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit needs to run with bh locking, otherwise it conflicts with packets coming in from a nic in softirq context and packets being transmitted from user context. ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 napi_complete_done+0x1c0/0x7c0 igb_poll+0x1dbb/0x57e0 [igb] __napi_poll.constprop.0+0x99/0x430 net_rx_action+0x8e7/0xe10 handle_softirqs+0x1b7/0x800 __irq_exit_rcu+0x91/0xc0 irq_exit_rcu+0x5/0x10 [snip] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AF_PACKET); <Interrupt> lock(rlock-AF_PACKET); *** DEADLOCK *** Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0 [snip] Fixes: 504fc6f4f7f6 ("vrf: Remove unnecessary RCU-bh critical section") Link: https://lore.kernel.org/netdev/05765015-f727-2f30-58da-2ad6fa7ea99f@candela… Signed-off-by: Ben Greear <greearb(a)candelatech.com> --- v2: Edit patch description. drivers/net/vrf.c | 2 ++ net/core/dev.c | 1 + 2 files changed, 3 insertions(+) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 4d8ccaf9a2b4..4087f72f0d2b 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -608,7 +608,9 @@ static void vrf_finish_direct(struct sk_buff *skb) eth_zero_addr(eth->h_dest); eth->h_proto = skb->protocol; + rcu_read_lock_bh(); dev_queue_xmit_nit(skb, vrf_dev); + rcu_read_unlock_bh(); skb_pull(skb, ETH_HLEN); } diff --git a/net/core/dev.c b/net/core/dev.c index cd479f5f22f6..566e69a38eed 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -2285,6 +2285,7 @@ EXPORT_SYMBOL_GPL(dev_nit_active); /* * Support routine. Sends outgoing frames to any network * taps currently in use. + * BH must be disabled before calling this. */ void dev_queue_xmit_nit(struct sk_buff *skb, struct net_device *dev) -- 2.42.0

7 months, 1 week

4
5
0 0

[PATCH] virtio: console: Fix atomicity violation in fill_readbuf()

by Qiu-ji Chen

The atomicity violation issue is due to the invalidation of the function port_has_data()'s check caused by concurrency. Imagine a scenario where a port that contains data passes the validity check but is simultaneously assigned a value with no data. This could result in an empty port passing the validity check, potentially leading to a null pointer dereference error later in the program, which is inconsistent. To address this issue, we believe there is a problem with the original logic. Since the validity check and the read operation were separated, it could lead to inconsistencies between the data that passes the check and the data being read. Therefore, we moved the main logic of the port_has_data function into this function and placed the read operation within a lock, ensuring that the validity check and read operation are not separated, thus resolving the problem. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: 203baab8ba31 ("virtio: console: Introduce function to hand off data from host to readers") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/char/virtio_console.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c index de7d720d99fa..5aaf07f71a4c 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -656,10 +656,14 @@ static ssize_t fill_readbuf(struct port *port, u8 __user *out_buf, struct port_buffer *buf; unsigned long flags; - if (!out_count || !port_has_data(port)) + if (!out_count) return 0; - buf = port->inbuf; + spin_lock_irqsave(&port->inbuf_lock, flags); + buf = port->inbuf = get_inbuf(port); + spin_unlock_irqrestore(&port->inbuf_lock, flags); + if (!buf) + return 0; out_count = min(out_count, buf->len - buf->offset); if (to_user) { -- 2.34.1

7 months, 1 week

1
0
0 0

[PATCH] drivers:media:radio: Fix atomicity violation in fmc_send_cmd()

by Qiu-ji Chen

Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part of the function, skb = fmdev->resp_skb; when the invalid fmdev->resp_skb passes the check, a null pointer dereference error may occur at line 478, evt_hdr = (void *)skb->data; To address this issue, it is recommended to include the validity check of fmdev->resp_skb within the locked section of the function. This modification ensures that the value of fmdev->resp_skb does not change during the validation process, thereby maintaining its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: e8454ff7b9a4 ("[media] drivers:media:radio: wl128x: FM Driver Common sources") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/media/radio/wl128x/fmdrv_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/radio/wl128x/fmdrv_common.c b/drivers/media/radio/wl128x/fmdrv_common.c index 3d36f323a8f8..4d032436691c 100644 --- a/drivers/media/radio/wl128x/fmdrv_common.c +++ b/drivers/media/radio/wl128x/fmdrv_common.c @@ -466,11 +466,12 @@ int fmc_send_cmd(struct fmdev *fmdev, u8 fm_op, u16 type, void *payload, jiffies_to_msecs(FM_DRV_TX_TIMEOUT) / 1000); return -ETIMEDOUT; } + spin_lock_irqsave(&fmdev->resp_skb_lock, flags); if (!fmdev->resp_skb) { + spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags); fmerr("Response SKB is missing\n"); return -EFAULT; } - spin_lock_irqsave(&fmdev->resp_skb_lock, flags); skb = fmdev->resp_skb; fmdev->resp_skb = NULL; spin_unlock_irqrestore(&fmdev->resp_skb_lock, flags); -- 2.34.1

7 months, 1 week

1
0
0 0

[PATCH 6.1.y] btrfs: calculate the right space for delayed refs when updating global reserve

by Diogo Jahchan Koike

From: Filipe Manana <fdmanana(a)suse.com> commit f8f210dc84709804c9f952297f2bfafa6ea6b4bd upstream. When updating the global block reserve, we account for the 6 items needed by an unlink operation and the 6 delayed references for each one of those items. However the calculation for the delayed references is not correct in case we have the free space tree enabled, as in that case we need to touch the free space tree as well and therefore need twice the number of bytes. So use the btrfs_calc_delayed_ref_bytes() helper to calculate the number of bytes need for the delayed references at btrfs_update_global_block_rsv(). Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> [Diogo: this patch has been cherry-picked from the original commit; conflicts included lack of a define (picked from commit 5630e2bcfe223) and lack of btrfs_calc_delayed_ref_bytes (picked from commit 0e55a54502b97) - changed const struct -> struct for compatibility.] Signed-off-by: Diogo Jahchan Koike <djahchankoike(a)gmail.com> --- Fixes WARNING in btrfs_chunk_alloc (2) [0] [0]: https://syzkaller.appspot.com/bug?extid=57de2b05959bc1e659af --- fs/btrfs/block-rsv.c | 16 +++++++++------- fs/btrfs/block-rsv.h | 12 ++++++++++++ fs/btrfs/delayed-ref.h | 21 +++++++++++++++++++++ 3 files changed, 42 insertions(+), 7 deletions(-) diff --git a/fs/btrfs/block-rsv.c b/fs/btrfs/block-rsv.c index ec96285357e0..f7e3d6c2e302 100644 --- a/fs/btrfs/block-rsv.c +++ b/fs/btrfs/block-rsv.c @@ -378,17 +378,19 @@ void btrfs_update_global_block_rsv(struct btrfs_fs_info *fs_info) /* * But we also want to reserve enough space so we can do the fallback - * global reserve for an unlink, which is an additional 5 items (see the - * comment in __unlink_start_trans for what we're modifying.) + * global reserve for an unlink, which is an additional + * BTRFS_UNLINK_METADATA_UNITS items. * * But we also need space for the delayed ref updates from the unlink, - * so its 10, 5 for the actual operation, and 5 for the delayed ref - * updates. + * so add BTRFS_UNLINK_METADATA_UNITS units for delayed refs, one for + * each unlink metadata item. */ - min_items += 10; - + min_items += BTRFS_UNLINK_METADATA_UNITS; + num_bytes = max_t(u64, num_bytes, - btrfs_calc_insert_metadata_size(fs_info, min_items)); + btrfs_calc_insert_metadata_size(fs_info, min_items) + + btrfs_calc_delayed_ref_bytes(fs_info, + BTRFS_UNLINK_METADATA_UNITS)); spin_lock(&sinfo->lock); spin_lock(&block_rsv->lock); diff --git a/fs/btrfs/block-rsv.h b/fs/btrfs/block-rsv.h index 578c3497a455..662c52b4bd44 100644 --- a/fs/btrfs/block-rsv.h +++ b/fs/btrfs/block-rsv.h @@ -50,6 +50,18 @@ struct btrfs_block_rsv { u64 qgroup_rsv_reserved; }; +/* + * Number of metadata items necessary for an unlink operation: + * + * 1 for the possible orphan item + * 1 for the dir item + * 1 for the dir index + * 1 for the inode ref + * 1 for the inode + * 1 for the parent inode + */ +#define BTRFS_UNLINK_METADATA_UNITS 6 + void btrfs_init_block_rsv(struct btrfs_block_rsv *rsv, enum btrfs_rsv_type type); void btrfs_init_root_block_rsv(struct btrfs_root *root); struct btrfs_block_rsv *btrfs_alloc_block_rsv(struct btrfs_fs_info *fs_info, diff --git a/fs/btrfs/delayed-ref.h b/fs/btrfs/delayed-ref.h index d6304b690ec4..5c6bb23d45a5 100644 --- a/fs/btrfs/delayed-ref.h +++ b/fs/btrfs/delayed-ref.h @@ -253,6 +253,27 @@ extern struct kmem_cache *btrfs_delayed_extent_op_cachep; int __init btrfs_delayed_ref_init(void); void __cold btrfs_delayed_ref_exit(void); +static inline u64 btrfs_calc_delayed_ref_bytes(struct btrfs_fs_info *fs_info, + int num_delayed_refs) +{ + u64 num_bytes; + + num_bytes = btrfs_calc_insert_metadata_size(fs_info, num_delayed_refs); + + /* + * We have to check the mount option here because we could be enabling + * the free space tree for the first time and don't have the compat_ro + * option set yet. + * + * We need extra reservations if we have the free space tree because + * we'll have to modify that tree as well. + */ + if (btrfs_test_opt(fs_info, FREE_SPACE_TREE)) + num_bytes *= 2; + + return num_bytes; +} + static inline void btrfs_init_generic_ref(struct btrfs_ref *generic_ref, int action, u64 bytenr, u64 len, u64 parent) { -- 2.43.0

7 months, 1 week

2
1
0 0

[PATCH 6.1] wifi: mac80211: Avoid address calculations via out of bounds array indexing

by Xiangyu Chen

From: Kenton Groombridge <concord(a)gentoo.org> [ Upstream commit 2663d0462eb32ae7c9b035300ab6b1523886c718 ] req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 Co-authored-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Kenton Groombridge <concord(a)gentoo.org> Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> --- net/mac80211/scan.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 62c22ff329ad..d81b49fb6458 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -357,7 +357,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) struct cfg80211_scan_request *req; struct cfg80211_chan_def chandef; u8 bands_used = 0; - int i, ielen, n_chans; + int i, ielen; + u32 *n_chans; u32 flags = 0; req = rcu_dereference_protected(local->scan_req, @@ -367,34 +368,34 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) return false; if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { + local->hw_scan_req->req.n_channels = req->n_channels; + for (i = 0; i < req->n_channels; i++) { local->hw_scan_req->req.channels[i] = req->channels[i]; bands_used |= BIT(req->channels[i]->band); } - - n_chans = req->n_channels; } else { do { if (local->hw_scan_band == NUM_NL80211_BANDS) return false; - n_chans = 0; + n_chans = &local->hw_scan_req->req.n_channels; + *n_chans = 0; for (i = 0; i < req->n_channels; i++) { if (req->channels[i]->band != local->hw_scan_band) continue; - local->hw_scan_req->req.channels[n_chans] = + local->hw_scan_req->req.channels[(*n_chans)++] = req->channels[i]; - n_chans++; + bands_used |= BIT(req->channels[i]->band); } local->hw_scan_band++; - } while (!n_chans); + } while (!*n_chans); } - local->hw_scan_req->req.n_channels = n_chans; ieee80211_prepare_scan_chandef(&chandef, req->scan_width); if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) -- 2.43.0

7 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] mptcp: pm: Fix uaf in __timer_delete_sync" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b4cd80b0338945a94972ac3ed54f8338d2da2076 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024091330-reps-craftsman-ab67@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: b4cd80b03389 ("mptcp: pm: Fix uaf in __timer_delete_sync") d58300c3185b ("mptcp: validate 'id' when stopping the ADD_ADDR retransmit timer") f7dafee18538 ("mptcp: use mptcp_addr_info in mptcp_options_received") dc87efdb1a5c ("mptcp: add mptcp reset option support") 557963c383e8 ("mptcp: move to next addr when subflow creation fail") d88c476f4a7d ("mptcp: export lookup_anno_list_by_saddr") efd13b71a3fa ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b4cd80b0338945a94972ac3ed54f8338d2da2076 Mon Sep 17 00:00:00 2001 From: Edward Adam Davis <eadavis(a)qq.com> Date: Tue, 10 Sep 2024 17:58:56 +0800 Subject: [PATCH] mptcp: pm: Fix uaf in __timer_delete_sync There are two paths to access mptcp_pm_del_add_timer, result in a race condition: CPU1 CPU2 ==== ==== net_rx_action napi_poll netlink_sendmsg __napi_poll netlink_unicast process_backlog netlink_unicast_kernel __netif_receive_skb genl_rcv __netif_receive_skb_one_core netlink_rcv_skb NF_HOOK genl_rcv_msg ip_local_deliver_finish genl_family_rcv_msg ip_protocol_deliver_rcu genl_family_rcv_msg_doit tcp_v4_rcv mptcp_pm_nl_flush_addrs_doit tcp_v4_do_rcv mptcp_nl_remove_addrs_list tcp_rcv_established mptcp_pm_remove_addrs_and_subflows tcp_data_queue remove_anno_list_by_saddr mptcp_incoming_options mptcp_pm_del_add_timer mptcp_pm_del_add_timer kfree(entry) In remove_anno_list_by_saddr(running on CPU2), after leaving the critical zone protected by "pm.lock", the entry will be released, which leads to the occurrence of uaf in the mptcp_pm_del_add_timer(running on CPU1). Keeping a reference to add_timer inside the lock, and calling sk_stop_timer_sync() with this reference, instead of "entry->add_timer". Move list_del(&entry->list) to mptcp_pm_del_add_timer and inside the pm lock, do not directly access any members of the entry outside the pm lock, which can avoid similar "entry->x" uaf. Fixes: 00cfd77b9063 ("mptcp: retransmit ADD_ADDR when timeout") Cc: stable(a)vger.kernel.org Reported-and-tested-by: syzbot+f3a31fb909db9b2a5c4d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f3a31fb909db9b2a5c4d Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Signed-off-by: Edward Adam Davis <eadavis(a)qq.com> Acked-by: Paolo Abeni <pabeni(a)redhat.com> Link: https://patch.msgid.link/tencent_7142963A37944B4A74EF76CD66EA3C253609@qq.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index f891bc714668..ad935d34c973 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -334,15 +334,21 @@ mptcp_pm_del_add_timer(struct mptcp_sock *msk, { struct mptcp_pm_add_entry *entry; struct sock *sk = (struct sock *)msk; + struct timer_list *add_timer = NULL; spin_lock_bh(&msk->pm.lock); entry = mptcp_lookup_anno_list_by_saddr(msk, addr); - if (entry && (!check_id || entry->addr.id == addr->id)) + if (entry && (!check_id || entry->addr.id == addr->id)) { entry->retrans_times = ADD_ADDR_RETRANS_MAX; + add_timer = &entry->add_timer; + } + if (!check_id && entry) + list_del(&entry->list); spin_unlock_bh(&msk->pm.lock); - if (entry && (!check_id || entry->addr.id == addr->id)) - sk_stop_timer_sync(sk, &entry->add_timer); + /* no lock, because sk_stop_timer_sync() is calling del_timer_sync() */ + if (add_timer) + sk_stop_timer_sync(sk, add_timer); return entry; } @@ -1462,7 +1468,6 @@ static bool remove_anno_list_by_saddr(struct mptcp_sock *msk, entry = mptcp_pm_del_add_timer(msk, addr, false); if (entry) { - list_del(&entry->list); kfree(entry); return true; }

7 months, 1 week

3
5
0 0

[PATCH 6.6.y] bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response

by Samasth Norway Ananda

From: Michael Chan <michael.chan(a)broadcom.com> commit 7d9df38c9c037ab84502ce7eeae9f1e1e7e72603 upstream. Firmware interface 1.10.2.118 has increased the size of HWRM_PORT_PHY_QCFG response beyond the maximum size that can be forwarded. When the VF's link state is not the default auto state, the PF will need to forward the response back to the VF to indicate the forced state. This regression may cause the VF to fail to initialize. Fix it by capping the HWRM_PORT_PHY_QCFG response to the maximum 96 bytes. The SPEEDS2_SUPPORTED flag needs to be cleared because the new speeds2 fields are beyond the legacy structure. Also modify bnxt_hwrm_fwd_resp() to print a warning if the message size exceeds 96 bytes to make this failure more obvious. Fixes: 84a911db8305 ("bnxt_en: Update firmware interface to 1.10.2.118") Reviewed-by: Somnath Kotur <somnath.kotur(a)broadcom.com> Reviewed-by: Pavan Chebbi <pavan.chebbi(a)broadcom.com> Signed-off-by: Michael Chan <michael.chan(a)broadcom.com> Link: https://lore.kernel.org/r/20240612231736.57823-1-michael.chan@broadcom.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Samasth: backport to 6.6.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> --- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 51 +++++++++++++++++++ .../net/ethernet/broadcom/bnxt/bnxt_sriov.c | 12 ++++- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt.h b/drivers/net/ethernet/broadcom/bnxt/bnxt.h index 0116f67593e3a..f323c77aaea0e 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt.h +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt.h @@ -1195,6 +1195,57 @@ struct bnxt_ntuple_filter { #define BNXT_FLTR_UPDATE 1 }; +/* Compat version of hwrm_port_phy_qcfg_output capped at 96 bytes. The + * first 95 bytes are identical to hwrm_port_phy_qcfg_output in bnxt_hsi.h. + * The last valid byte in the compat version is different. + */ +struct hwrm_port_phy_qcfg_output_compat { + __le16 error_code; + __le16 req_type; + __le16 seq_id; + __le16 resp_len; + u8 link; + u8 active_fec_signal_mode; + __le16 link_speed; + u8 duplex_cfg; + u8 pause; + __le16 support_speeds; + __le16 force_link_speed; + u8 auto_mode; + u8 auto_pause; + __le16 auto_link_speed; + __le16 auto_link_speed_mask; + u8 wirespeed; + u8 lpbk; + u8 force_pause; + u8 module_status; + __le32 preemphasis; + u8 phy_maj; + u8 phy_min; + u8 phy_bld; + u8 phy_type; + u8 media_type; + u8 xcvr_pkg_type; + u8 eee_config_phy_addr; + u8 parallel_detect; + __le16 link_partner_adv_speeds; + u8 link_partner_adv_auto_mode; + u8 link_partner_adv_pause; + __le16 adv_eee_link_speed_mask; + __le16 link_partner_adv_eee_link_speed_mask; + __le32 xcvr_identifier_type_tx_lpi_timer; + __le16 fec_cfg; + u8 duplex_state; + u8 option_flags; + char phy_vendor_name[16]; + char phy_vendor_partnumber[16]; + __le16 support_pam4_speeds; + __le16 force_pam4_link_speed; + __le16 auto_pam4_link_speed_mask; + u8 link_partner_pam4_adv_speeds; + u8 valid; +}; + struct bnxt_link_info { u8 phy_type; u8 media_type; diff --git a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c index dde327f2c57ee..ac9a0c039b776 100644 --- a/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c +++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c @@ -942,8 +942,11 @@ static int bnxt_hwrm_fwd_resp(struct bnxt *bp, struct bnxt_vf_info *vf, struct hwrm_fwd_resp_input *req; int rc; - if (BNXT_FWD_RESP_SIZE_ERR(msg_size)) + if (BNXT_FWD_RESP_SIZE_ERR(msg_size)) { + netdev_warn_once(bp->dev, "HWRM fwd response too big (%d bytes)\n", + msg_size); return -EINVAL; + } rc = hwrm_req_init(bp, req, HWRM_FWD_RESP); if (!rc) { @@ -1077,7 +1080,7 @@ static int bnxt_vf_set_link(struct bnxt *bp, struct bnxt_vf_info *vf) rc = bnxt_hwrm_exec_fwd_resp( bp, vf, sizeof(struct hwrm_port_phy_qcfg_input)); } else { - struct hwrm_port_phy_qcfg_output phy_qcfg_resp = {0}; + struct hwrm_port_phy_qcfg_output_compat phy_qcfg_resp = {}; struct hwrm_port_phy_qcfg_input *phy_qcfg_req; phy_qcfg_req = @@ -1088,6 +1091,11 @@ static int bnxt_vf_set_link(struct bnxt *bp, struct bnxt_vf_info *vf) mutex_unlock(&bp->link_lock); phy_qcfg_resp.resp_len = cpu_to_le16(sizeof(phy_qcfg_resp)); phy_qcfg_resp.seq_id = phy_qcfg_req->seq_id; + /* New SPEEDS2 fields are beyond the legacy structure, so + * clear the SPEEDS2_SUPPORTED flag. + */ + phy_qcfg_resp.option_flags &= + ~PORT_PHY_QCAPS_RESP_FLAGS2_SPEEDS2_SUPPORTED; phy_qcfg_resp.valid = 1; if (vf->flags & BNXT_VF_LINK_UP) { -- 2.45.2

7 months, 1 week

2
1
0 0

[PATCH 5.10] bpf: Fix mismatch memory accounting for devmap maps

by Pu Lehui

From: Pu Lehui <pulehui(a)huawei.com> Commit 70294d8bc31f ("bpf: Eliminate rlimit-based memory accounting for devmap maps") relies on the v5.11+ basic mechanism of memcg-based memory accounting [0]. The commit cannot be independently backported to the 5.10 stable branch, otherwise the related memory when creating devmap will be unrestricted and the associated bpf selftest map_ptr will fail. Let's roll back to rlimit-based memory accounting mode for devmap and re-adapt the commit 225da02acdc9 ("bpf: Fix DEVMAP_HASH overflow check on 32-bit arches") to the 5.10 stable branch. Link: https://lore.kernel.org/bpf/20201201215900.3569844-1-guro@fb.com [0] Fixes: 225da02acdc9 ("bpf: Fix DEVMAP_HASH overflow check on 32-bit arches") Fixes: 70294d8bc31f ("bpf: Eliminate rlimit-based memory accounting for devmap maps") Signed-off-by: Pu Lehui <pulehui(a)huawei.com> --- kernel/bpf/devmap.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/devmap.c b/kernel/bpf/devmap.c index 07b5edb2c70f..7eb1282edc8e 100644 --- a/kernel/bpf/devmap.c +++ b/kernel/bpf/devmap.c @@ -109,6 +109,8 @@ static inline struct hlist_head *dev_map_index_hash(struct bpf_dtab *dtab, static int dev_map_init_map(struct bpf_dtab *dtab, union bpf_attr *attr) { u32 valsize = attr->value_size; + u64 cost = 0; + int err; /* check sanity of attributes. 2 value sizes supported: * 4 bytes: ifindex @@ -136,11 +138,21 @@ static int dev_map_init_map(struct bpf_dtab *dtab, union bpf_attr *attr) return -EINVAL; dtab->n_buckets = roundup_pow_of_two(dtab->map.max_entries); + cost += (u64) sizeof(struct hlist_head) * dtab->n_buckets; + } else { + cost += (u64) dtab->map.max_entries * sizeof(struct bpf_dtab_netdev *); + } + /* if map size is larger than memlock limit, reject it */ + err = bpf_map_charge_init(&dtab->map.memory, cost); + if (err) + return -EINVAL; + + if (attr->map_type == BPF_MAP_TYPE_DEVMAP_HASH) { dtab->dev_index_head = dev_map_create_hash(dtab->n_buckets, dtab->map.numa_node); if (!dtab->dev_index_head) - return -ENOMEM; + goto free_charge; spin_lock_init(&dtab->index_lock); } else { @@ -148,10 +160,14 @@ static int dev_map_init_map(struct bpf_dtab *dtab, union bpf_attr *attr) sizeof(struct bpf_dtab_netdev *), dtab->map.numa_node); if (!dtab->netdev_map) - return -ENOMEM; + goto free_charge; } return 0; + +free_charge: + bpf_map_charge_finish(&dtab->map.memory); + return -ENOMEM; } static struct bpf_map *dev_map_alloc(union bpf_attr *attr) -- 2.34.1

7 months, 1 week

4
6
0 0

mcp251xfd: please add to the stable trees

by Marc Kleine-Budde

Hello stable-team, Francesco Dolcini reported a regression on v6.6.52 [1], it turns out since v6.6.51~34 a.k.a. 5ea24ddc26a7 ("can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd") the mcp25xfd driver is broken. Cherry picking the following commits fixes the problem: 51b2a7216122 ("can: mcp251xfd: properly indent labels") a7801540f325 ("can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop()") Please pick these patches for - 6.10.x - 6.6.x - 6.1.x [1] https://lore.kernel.org/all/20240923115310.GA138774@francesco-nb regards, Marc -- Pengutronix e.K. | Marc Kleine-Budde | Embedded Linux | https://www.pengutronix.de | Vertretung Nürnberg | Phone: +49-5121-206917-129 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-9 |

7 months, 1 week

2
1
0 0

[PATCH stable 6.6] Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"

by Ping-Ke Shih

This reverts commit 268f84a827534c4e4c2540a4e29daa73359fc0a5. The reverted commit is based on implementation of wiphy locking that isn't planned to redo on a stable kernel, so revert it to avoid warning: WARNING: CPU: 0 PID: 9 at net/wireless/core.h:231 disconnect_work+0xb8/0x144 [cfg80211] CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.51-00141-ga1649b6f8ed6 #7 Hardware name: Freescale i.MX6 SoloX (Device Tree) Workqueue: events disconnect_work [cfg80211] unwind_backtrace from show_stack+0x10/0x14 show_stack from dump_stack_lvl+0x58/0x70 dump_stack_lvl from __warn+0x70/0x1c0 __warn from warn_slowpath_fmt+0x16c/0x294 warn_slowpath_fmt from disconnect_work+0xb8/0x144 [cfg80211] disconnect_work [cfg80211] from process_one_work+0x204/0x620 process_one_work from worker_thread+0x1b0/0x474 worker_thread from kthread+0x10c/0x12c kthread from ret_from_fork+0x14/0x24 Reported-by: petter(a)technux.se Closes: https://lore.kernel.org/linux-wireless/9e98937d781c990615ef27ee0c858ff9@tec… Cc: Johannes Berg <johannes(a)sipsolutions.net> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> --- net/wireless/core.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/net/wireless/core.h b/net/wireless/core.h index c955be6c6daa..f0a3a2317638 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -228,7 +228,6 @@ void cfg80211_register_wdev(struct cfg80211_registered_device *rdev, static inline void wdev_lock(struct wireless_dev *wdev) __acquires(wdev) { - lockdep_assert_held(&wdev->wiphy->mtx); mutex_lock(&wdev->mtx); __acquire(wdev->mtx); } @@ -236,16 +235,11 @@ static inline void wdev_lock(struct wireless_dev *wdev) static inline void wdev_unlock(struct wireless_dev *wdev) __releases(wdev) { - lockdep_assert_held(&wdev->wiphy->mtx); __release(wdev->mtx); mutex_unlock(&wdev->mtx); } -static inline void ASSERT_WDEV_LOCK(struct wireless_dev *wdev) -{ - lockdep_assert_held(&wdev->wiphy->mtx); - lockdep_assert_held(&wdev->mtx); -} +#define ASSERT_WDEV_LOCK(wdev) lockdep_assert_held(&(wdev)->mtx) static inline bool cfg80211_has_monitors_only(struct cfg80211_registered_device *rdev) { -- 2.25.1

7 months, 1 week

3
2
0 0

[PATCH -stable,5.10 0/2] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport for fixes for 5.10-stable: The following list shows the backported patches, I am using original commit IDs for reference: 1) 29b359cf6d95 ("netfilter: nft_set_pipapo: walk over current view on netlink dump") 2) efefd4f00c96 ("netfilter: nf_tables: missing iterator type in lookup walk") Please, apply, Thanks Pablo Neira Ayuso (2): netfilter: nft_set_pipapo: walk over current view on netlink dump netfilter: nf_tables: missing iterator type in lookup walk include/net/netfilter/nf_tables.h | 13 +++++++++++++ net/netfilter/nf_tables_api.c | 5 +++++ net/netfilter/nft_lookup.c | 1 + net/netfilter/nft_set_pipapo.c | 6 ++++-- 4 files changed, 23 insertions(+), 2 deletions(-) -- 2.30.2

7 months, 1 week

2
3
0 0

Power consumption fix for ACP 7 devices

by Mario Limonciello

Hi, Can you please bring this commit into linux-6.11.y? commit c35fad6f7e0d ("ASoC: amd: acp: add ZSC control register programming sequence") This helps with power consumption on the affected platforms. Thanks,

7 months, 1 week

2
1
0 0

[PATCH 6.6 000/186] 6.6.30-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.30 release. There are 186 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.30-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.30-rc1 Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Rahul Rameshbabu <rrameshbabu(a)nvidia.com> net/mlx5e: Advertise mlx5 ethernet driver updates sk_buff md_dst for MACsec Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst Rahul Rameshbabu <rrameshbabu(a)nvidia.com> macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads Mingzheng Xing <xingmingzheng(a)iscas.ac.cn> Revert "riscv: kdump: fix crashkernel reserving problem on RISC-V" Amir Goldstein <amir73il(a)gmail.com> ovl: fix memory leak in ovl_parse_param() Johan Hovold <johan+linaro(a)kernel.org> phy: qcom: qmp-combo: fix VCO div offset on v5_5nm and v6 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Xuewen Yan <xuewen.yan(a)unisoc.com> sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Fix miscalculation in reweight_entity() when se is not curr Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/eevdf: Always update V if se->on_rq when reweighting Hans de Goede <hdegoede(a)redhat.com> phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix loading 64-bit NOMMU kernels past the start of RAM Samuel Holland <samuel.holland(a)sifive.com> riscv: Fix TASK_SIZE on 64-bit NOMMU Baoquan He <bhe(a)redhat.com> riscv: fix VMALLOC_START definition Fenghua Yu <fenghua.yu(a)intel.com> dmaengine: idxd: Fix oops during rmmod on single-CPU platforms Sean Anderson <sean.anderson(a)linux.dev> dma: xilinx_dpdma: Fix locking Rex Zhang <rex.zhang(a)intel.com> dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue Gabor Juhos <j4g8y7(a)gmail.com> phy: qcom: m31: match requested regulator name with dt schema Sebastian Reichel <sebastian.reichel(a)collabora.com> phy: rockchip: naneng-combphy: Fix mux on rk3588 Sebastian Reichel <sebastian.reichel(a)collabora.com> phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits Michal Tomek <mtdev79b(a)gmail.com> phy: rockchip-snps-pcie3: fix bifurcation on rk3588 Marcel Ziswiler <marcel.ziswiler(a)toradex.com> phy: freescale: imx8m-pcie: fix pcie link-up instability Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix hardcoded array size Mikhail Kobuk <m.kobuk(a)ispras.ru> phy: marvell: a3700-comphy: Fix out of bounds read Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: fix for wake interrupt handling for clockstop mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Akhil R <akhilrajeev(a)nvidia.com> dmaengine: tegra186: Fix residual calculation Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: turn folio_test_hugetlb into a PageType Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Preserve shared bit on mprotect() Stephen Boyd <swboyd(a)chromium.org> phy: qcom: qmp-combo: Fix VCO div offset on v3 Stephen Boyd <swboyd(a)chromium.org> phy: qcom: qmp-combo: Fix register base for QSERDES_DP_PHY_MODE Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Nam Cao <namcao(a)linutronix.de> fbdev: fix incorrect address computation in deferred IO Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Vanshidhar Konda <vanshikonda(a)os.amperecomputing.com> ACPI: CPPC: Fix access width used for PCC registers Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Assign correct bits for SDMA HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Manivannan Sadhasivam <mani(a)kernel.org> arm64: dts: qcom: sm8450: Fix the msi-map entries Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp: add missing PCIe minimum OPP Jiantao Shan <shanjiantao(a)loongson.cn> LoongArch: Fix access error when read fault on a write-only VMA Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix callchain parse error with kernel tracepoint events Sean Christopherson <seanjc(a)google.com> cpu: Re-enable CPU mitigations by default for !X86 architectures Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: scrub: run relocation repair when/only needed Qu Wenruo <wqu(a)suse.com> btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() Sweet Tea Dorminy <sweettea-kernel(a)dorminy.me> btrfs: fallback if compressed IO fails for ENOSPC Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Steve French <stfrench(a)microsoft.com> smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Steve French <stfrench(a)microsoft.com> smb3: missing lock when picking channel Gustavo A. R. Silva <gustavoars(a)kernel.org> smb: client: Fix struct_group() usage in __packed structs Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: support page_mapcount() on page_has_type() pages Matthew Wilcox (Oracle) <willy(a)infradead.org> mm: create FOLIO_FLAG_FALSE and FOLIO_TYPE_OPS macros Mantas Pucka <mantas(a)8devices.com> mmc: sdhci-msm: pervent access to suspended controller Peter Xu <peterx(a)redhat.com> mm/hugetlb: fix missing hugetlb_lock for resv uncharge Christian Marangi <ansuelsmth(a)gmail.com> mtd: rawnand: qcom: Fix broken OP_RESET_DEVICE command in qcom_misc_cmd_type_exec() Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev setup Johan Hovold <johan+linaro(a)kernel.org> Bluetooth: qca: fix NULL-deref on non-serdev suspend WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Aswin Unnikrishnan <aswinunni01(a)gmail.com> rust: remove `params` from `module` macro example Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: force `alloc` extern to allow "empty" Rust files Miguel Ojeda <ojeda(a)kernel.org> kbuild: rust: remove unneeded `@rustc_cfg` to avoid ICE Conor Dooley <conor.dooley(a)microchip.com> rust: make mutually exclusive with CFI_CLANG Laine Taffin Altman <alexanderaltman(a)me.com> rust: init: remove impl Zeroable for Infallible Alice Ryhl <aliceryhl(a)google.com> rust: don't select CONSTRUCTORS David Kaplan <david.kaplan(a)amd.com> x86/cpu: Fix check for RDPKRU in __show_regs() Miaohe Lin <linmiaohe(a)huawei.com> fork: defer linking file vma until vma is fully initialized Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: Handle EINVAL on unshare(CLONE_NEWPID) Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: Change the syscall used in KILL_THREAD test Terry Tritton <terry.tritton(a)linaro.org> selftests/seccomp: user_notification_addfd check nextfd is available Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check the inode number is not the invalid value of zero Jeff Layton <jlayton(a)kernel.org> squashfs: convert to new timestamp accessors Christian König <ckoenig.leichtzumerken(a)gmail.com> drm/ttm: stop pooling cached NUMA pages v2 Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm, treewide: introduce NR_PAGE_ORDERS Christian König <christian.koenig(a)amd.com> drm/amdgpu: fix visible VRAM handling during faults Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add shared fdinfo stats Alex Deucher <alexander.deucher(a)amd.com> drm: add drm_gem_object_is_shared_for_memory_stats() helper David Hildenbrand <david(a)redhat.com> mm/madvise: make MADV_POPULATE_(READ|WRITE) handle VM_FAULT_RETRY properly Lorenzo Stoakes <lstoakes(a)gmail.com> mm/gup: explicitly define and check internal GUP flags, disallow FOLL_TOUCH Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at "RESET" Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Sabrina Dubroca <sd(a)queasysnail.net> tls: fix lockless read of strp->msg_ready in ->poll Jason Reeder <jreeder(a)ti.com> net: ethernet: ti: am65-cpts: Fix PTPv1 message type on TX packets Jacob Keller <jacob.e.keller(a)intel.com> ice: fix LAG and VF lock dependency in ice_reset_vf() Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Erwan Velu <e.velu(a)criteo.com> i40e: Report MFS in decimal base instead of hex Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Dan Carpenter <dan.carpenter(a)linaro.org> net: ti: icssg-prueth: Fix signedness bug in prueth_init_rx_chns() MD Danish Anwar <danishanwar(a)ti.com> net: phy: dp83869: Fix MII mode failure Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: honor table dormant flag from netdev release event path Michael Heimpold <michael.heimpold(a)chargebyte.com> ARM: dts: imx6ull-tarragon: fix USB over-current polarity Jakub Kicinski <kuba(a)kernel.org> eth: bnxt: fix counting packets discarded due to OOM and netpoll Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race in region ID allocation Amit Cohen <amcohen(a)nvidia.com> mlxsw: Use refcount_t for reference counting Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() Chun-Yi Lee <jlee(a)suse.com> Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor Sean Wang <sean.wang(a)mediatek.com> Bluetooth: btusb: mediatek: Fix double free of skb in coredump Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: btusb: Fix triggering coredump implementation for QCA Prathamesh Shete <pshete(a)nvidia.com> gpio: tegra186: Fix tegra186_gpio_is_accessible() check Daniel Golle <daniel(a)makrotopia.org> net: phy: mediatek-ge-soc: follow netdev LED trigger semantics Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Eric Dumazet <edumazet(a)google.com> ipv4: check for NULL idev in ip_route_use_hint() Eric Dumazet <edumazet(a)google.com> net: fix sk_memory_allocated_{add|sub} vs softirqs Adam Li <adamli(a)os.amperecomputing.com> net: make SK_MEMORY_PCPU_RESERV tunable Jakub Kicinski <kuba(a)kernel.org> tools: ynl: don't ignore errors in NLMSG_DONE messages Duoming Zhou <duoming(a)zju.edu.cn> ax25: Fix netdev refcount issue Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Matthias Schiffer <matthias.schiffer(a)ew.tq-group.com> net: dsa: mv88e6xx: fix supported_interfaces setup in mv88e6250_phylink_get_caps() Dan Williams <dan.j.williams(a)intel.com> cxl/core: Fix potential payload size confusion in cxl_mem_get_poison() Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: Fix the PCI-AER routines Vikas Gupta <vikas.gupta(a)broadcom.com> bnxt_en: refactor reset close code Hangbin Liu <liuhangbin(a)gmail.com> bridge/br_netlink.c: no need to return void function Eric Dumazet <edumazet(a)google.com> icmp: prevent possible NULL dereferences from icmp_build_probe() Andrei Simion <andrei.simion(a)microchip.com> ARM: dts: microchip: at91-sama7g5ek: Replace regulator-suspend-voltage with the valid property Ido Schimmel <idosch(a)nvidia.com> mlxsw: core_env: Fix driver initialization with old firmware Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action Justin Chen <justin.chen(a)broadcom.com> net: bcmasp: fix memory leak when bringing down interface David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Duanqiang Wen <duanqiangwen(a)net-swift.com> net: libwx: fix alloc msix vectors failed Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: fix unaligned le16 access Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: remove link before AP Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211_hwsim: init peer measurement result Patrik Jakobsson <patrik.r.jakobsson(a)gmail.com> drm/gma500: Remove lid code Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: remove old PASN station when adding a new one Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: split mesh fast tx cache into local/proxied/forwarded Colin Ian King <colin.i.king(a)intel.com> wifi: mac80211: clean up assignments to pointer cache. Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: tangier: Use correct type for the IRQ chip data Maximilian Luz <luzmaximilian(a)gmail.com> arm64: dts: qcom: sc8180x: Fix ss_phy_irq for secondary USB controller Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> arm64: dts: rockchip: regulator for sd needs to be always on for BPI-R2Pro Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: prefix BPI-R3 cooling maps with "map-" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop invalid thermal block clock Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: reorder nodes Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop "#reset-cells" from Ethernet controller Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: drop invalid properties from ethsys Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7986: reorder properties Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix clock controllers Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Use default min voltage for MT6358 Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Update min voltage constraint for MT6315 Pin-yen Lin <treapking(a)chromium.org> arm64: dts: mediatek: mt8192-asurada: Update min voltage constraint for MT6315 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: cherry: Describe CPU supplies AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: cherry: Add platform thermal configuration Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex1 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to mutex Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8195: Add missing gce-client-reg to vpp/vdosys Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt8192: Add missing gce-client-reg to mutex Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro dts Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 Puma Arınç ÜNAL <arinc.unal(a)arinc9.com> arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f Yaraslau Furman <yaro330(a)gmail.com> HID: logitech-dj: allow mice to use all types of reports Zhang Lixu <lixu.zhang(a)intel.com> HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc Takayuki Nagata <tnagata(a)redhat.com> cifs: reinstate original behavior again for forceuid/forcegid Paulo Alcantara <pc(a)manguebit.com> smb: client: fix rename(2) regression against samba David Howells <dhowells(a)redhat.com> cifs: Fix reacquisition of volume cookie on still-live connection ------------- Diffstat: Documentation/admin-guide/kdump/vmcoreinfo.rst | 6 +- Documentation/admin-guide/sysctl/net.rst | 5 + Makefile | 4 +- arch/Kconfig | 8 + arch/arc/boot/dts/hsdk.dts | 1 - arch/arm/boot/dts/microchip/at91-sama7g5ek.dts | 8 +- .../boot/dts/nxp/imx/imx6ull-tarragon-common.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 8 +- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 34 ++-- .../boot/dts/mediatek/mt7986a-bananapi-bpi-r3.dts | 6 +- arch/arm64/boot/dts/mediatek/mt7986a.dtsi | 215 ++++++++++----------- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 1 - arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8192-asurada.dtsi | 6 +- arch/arm64/boot/dts/mediatek/mt8192.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 141 +++++++++++++- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 5 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8280xp.dtsi | 5 + arch/arm64/boot/dts/qcom/sm8450.dtsi | 16 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 1 - arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 31 ++- arch/arm64/boot/dts/rockchip/rk3568-bpi-r2-pro.dts | 6 +- arch/arm64/kvm/hyp/include/nvhe/gfp.h | 2 +- arch/loongarch/include/asm/perf_event.h | 8 + arch/loongarch/mm/fault.c | 4 +- arch/riscv/include/asm/page.h | 2 +- arch/riscv/include/asm/pgtable.h | 4 +- arch/riscv/kernel/setup.c | 13 ++ arch/riscv/mm/init.c | 2 +- arch/sparc/kernel/traps_64.c | 2 +- arch/x86/Kconfig | 11 +- arch/x86/include/asm/coco.h | 5 +- arch/x86/include/asm/pgtable_types.h | 3 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kvm/pmu.c | 30 ++- arch/x86/kvm/vmx/pmu_intel.c | 16 +- drivers/acpi/cppc_acpi.c | 72 +++++-- drivers/bluetooth/btmtk.c | 7 +- drivers/bluetooth/btusb.c | 11 +- drivers/bluetooth/hci_qca.c | 27 ++- drivers/cxl/core/mbox.c | 38 ++-- drivers/dma/idma64.c | 4 + drivers/dma/idxd/cdev.c | 5 +- drivers/dma/idxd/debugfs.c | 4 +- drivers/dma/idxd/device.c | 8 +- drivers/dma/idxd/idxd.h | 2 +- drivers/dma/idxd/init.c | 2 +- drivers/dma/idxd/irq.c | 4 +- drivers/dma/idxd/perfmon.c | 9 +- drivers/dma/owl-dma.c | 4 +- drivers/dma/tegra186-gpc-dma.c | 3 + drivers/dma/xilinx/xilinx_dpdma.c | 13 +- drivers/gpio/gpio-tangier.c | 9 +- drivers/gpio/gpio-tegra186.c | 20 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fdinfo.c | 4 + drivers/gpu/drm/amd/amdgpu/amdgpu_object.c | 33 ++-- drivers/gpu/drm/amd/amdgpu/amdgpu_object.h | 28 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 73 ++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 + drivers/gpu/drm/amd/amdgpu/sdma_v4_4_2.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 24 ++- drivers/gpu/drm/gma500/Makefile | 1 - drivers/gpu/drm/gma500/psb_device.c | 5 +- drivers/gpu/drm/gma500/psb_drv.h | 9 - drivers/gpu/drm/gma500/psb_lid.c | 80 -------- drivers/gpu/drm/ttm/tests/ttm_device_test.c | 2 +- drivers/gpu/drm/ttm/ttm_pool.c | 54 ++++-- drivers/hid/hid-logitech-dj.c | 4 +- drivers/hid/i2c-hid/i2c-hid-core.c | 9 - drivers/hid/intel-ish-hid/ipc/ipc.c | 2 +- drivers/i2c/i2c-core-base.c | 12 +- drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/mmc/host/sdhci-msm.c | 16 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/mtd/nand/raw/qcom_nandc.c | 7 +- drivers/net/dsa/mv88e6xxx/chip.c | 56 +++++- drivers/net/dsa/mv88e6xxx/port.h | 23 ++- drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c | 21 +- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 80 ++++---- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 ++- drivers/net/ethernet/intel/ice/ice_vf_lib.c | 16 +- .../ethernet/mellanox/mlx5/core/en_accel/macsec.c | 1 + drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../mellanox/mlxsw/core_acl_flex_actions.c | 16 +- .../ethernet/mellanox/mlxsw/core_acl_flex_keys.c | 9 +- drivers/net/ethernet/mellanox/mlxsw/core_env.c | 20 +- drivers/net/ethernet/mellanox/mlxsw/spectrum_acl.c | 11 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 132 ++++++++----- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 5 +- .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 15 +- .../ethernet/mellanox/mlxsw/spectrum_switchdev.c | 8 +- drivers/net/ethernet/ti/am65-cpts.c | 5 + drivers/net/ethernet/ti/icssg/icssg_prueth.c | 8 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/gtp.c | 3 +- drivers/net/macsec.c | 46 ++++- drivers/net/phy/dp83869.c | 3 +- drivers/net/phy/mediatek-ge-soc.c | 43 +++-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan/vxlan_core.c | 4 + .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 3 +- drivers/net/wireless/virtual/mac80211_hwsim.c | 2 +- drivers/nfc/trf7970a.c | 42 ++-- drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 6 +- drivers/phy/marvell/phy-mvebu-a3700-comphy.c | 9 +- drivers/phy/qualcomm/phy-qcom-m31.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-combo.c | 12 +- drivers/phy/qualcomm/phy-qcom-qmp.h | 2 + drivers/phy/rockchip/phy-rockchip-naneng-combphy.c | 36 +++- drivers/phy/rockchip/phy-rockchip-snps-pcie3.c | 31 ++- drivers/phy/ti/phy-tusb1210.c | 23 +-- drivers/soundwire/amd_manager.c | 15 ++ drivers/soundwire/amd_manager.h | 3 +- drivers/video/fbdev/core/fb_defio.c | 2 +- fs/btrfs/backref.c | 12 +- fs/btrfs/extent_map.c | 2 +- fs/btrfs/inode.c | 13 +- fs/btrfs/scrub.c | 18 +- fs/btrfs/tests/extent-map-tests.c | 5 + fs/overlayfs/params.c | 11 +- fs/proc/page.c | 7 +- fs/smb/client/cifsfs.c | 1 + fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 4 +- fs/smb/client/fs_context.c | 12 ++ fs/smb/client/fs_context.h | 2 + fs/smb/client/fscache.c | 13 ++ fs/smb/client/misc.c | 3 + fs/smb/client/smb2pdu.h | 2 +- fs/smb/client/transport.c | 7 +- fs/squashfs/inode.c | 11 +- include/drm/drm_gem.h | 13 ++ include/drm/ttm/ttm_pool.h | 2 +- include/linux/etherdevice.h | 25 +++ include/linux/mm.h | 8 +- include/linux/mmzone.h | 6 +- include/linux/page-flags.h | 146 ++++++++------ include/net/af_unix.h | 3 + include/net/bluetooth/hci_core.h | 4 + include/net/macsec.h | 1 + include/net/sock.h | 41 ++-- include/net/tls.h | 3 +- include/trace/events/mmflags.h | 1 + init/Kconfig | 2 +- kernel/bounds.c | 2 +- kernel/cpu.c | 4 +- kernel/crash_core.c | 7 +- kernel/fork.c | 18 +- kernel/sched/fair.c | 34 ++-- lib/stackdepot.c | 4 +- lib/test_meminit.c | 2 +- mm/compaction.c | 2 +- mm/gup.c | 59 +++--- mm/hugetlb.c | 27 +-- mm/internal.h | 11 +- mm/kmsan/init.c | 2 +- mm/madvise.c | 17 +- mm/page_alloc.c | 13 +- mm/page_reporting.c | 2 +- mm/show_mem.c | 8 +- mm/vmstat.c | 12 +- net/ax25/af_ax25.c | 2 +- net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/mgmt.c | 24 ++- net/bluetooth/sco.c | 7 +- net/bridge/br_netlink.c | 2 +- net/core/sock.c | 1 + net/core/sysctl_net_core.c | 9 + net/ethernet/eth.c | 12 +- net/ipv4/icmp.c | 12 +- net/ipv4/route.c | 3 + net/ipv4/udp.c | 5 +- net/ipv6/udp.c | 5 +- net/mac80211/mesh.c | 8 +- net/mac80211/mesh.h | 36 +++- net/mac80211/mesh_pathtbl.c | 37 ++-- net/mac80211/mlme.c | 9 +- net/mac80211/rx.c | 13 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nft_chain_filter.c | 4 +- net/openvswitch/conntrack.c | 4 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 6 +- net/unix/garbage.c | 2 +- rust/Makefile | 1 - rust/kernel/init.rs | 11 +- rust/macros/lib.rs | 12 -- scripts/Makefile.build | 2 +- tools/net/ynl/lib/ynl.py | 1 + tools/testing/selftests/seccomp/seccomp_bpf.c | 41 +++- 198 files changed, 1787 insertions(+), 1132 deletions(-)

7 months, 1 week

16
206
0 0

[PATCH 0/3] Backport statx(..., NULL, AT_EMPTY_PATH, ...)

by Miao Wang via B4 Relay

Commit 0ef625bba6fb ("vfs: support statx(..., NULL, AT_EMPTY_PATH, ...)") added support for passing in NULL when AT_EMPTY_PATH is given, improving performance when statx is used for fetching stat informantion from a given fd, which is especially important for 32-bit platforms. This commit also improved the performance when an empty string is given by short-circuiting the handling of such paths. This series is based on the commits in the Linus’ tree. Sligth modifications are applied to the context of the patches for cleanly applying. Tested-by: Xi Ruoyao <xry111(a)xry111.site> Signed-off-by: Miao Wang <shankerwangmiao(a)gmail.com> --- Christian Brauner (2): fs: new helper vfs_empty_path() stat: use vfs_empty_path() helper Mateusz Guzik (1): vfs: support statx(..., NULL, AT_EMPTY_PATH, ...) fs/internal.h | 14 ++++++ fs/namespace.c | 13 ------ fs/stat.c | 123 ++++++++++++++++++++++++++++++++++++----------------- include/linux/fs.h | 17 ++++++++ 4 files changed, 116 insertions(+), 51 deletions(-) --- base-commit: 049be94099ea5ba8338526c5a4f4f404b9dcaf54 change-id: 20240918-statx-stable-linux-6-10-y-17c3ec7497c8 Best regards, -- Miao Wang <shankerwangmiao(a)gmail.com>

7 months, 1 week

4
8
0 0

stable request: netfilter: make cgroupsv2 matching work with namespaces

by Florian Westphal

Hello, please consider picking up: 7f3287db6543 ("netfilter: nft_socket: make cgroupsv2 matching work with namespaces") and its followup fix, 7052622fccb1 ("netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level()") It should cherry-pick fine for 6.1 and later. I'm not sure a 5.15 backport is worth it, as its not a crash fix and noone has reported this problem so far with a 5.15 kernel.

7 months, 1 week

3
2
0 0

[PATCH 6.1 00/26] xfs backports to catch 6.1.y up to 6.6

by Leah Rumancik

Hello again, Here is the next set of XFS backports, this set is for 6.1.y and I will be following up with a set for 5.15.y later. There were some good suggestions made at LSF to survey test coverage to cut back on testing but I've been a bit swamped and a backport set was overdue. So for this set, I have run the auto group 3 x 8 configs with no regressions seen. Let me know if you spot any issues. This set has already been ack'd on the XFS list. Thanks, Leah https://lkml.iu.edu/hypermail/linux/kernel/2212.0/04860.html 52f31ed22821 [1/1] xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING https://lore.kernel.org/linux-xfs/ef8a958d-741f-5bfd-7b2f-db65bf6dc3ac@huaw… 4da112513c01 [1/1] xfs: Fix deadlock on xfs_inodegc_worker https://www.spinics.net/lists/linux-xfs/msg68547.html 601a27ea09a3 [1/1] xfs: fix extent busy updating https://www.spinics.net/lists/linux-xfs/msg67254.html c85007e2e394 [1/1] xfs: don't use BMBT btree split workers for IO completion fixes from start of the series https://lore.kernel.org/linux-xfs/20230209221825.3722244-1-david@fromorbit.… [00/42] xfs: per-ag centric allocation alogrithms 1dd0510f6d4b [01/42] xfs: fix low space alloc deadlock f08f984c63e9 [02/42] xfs: prefer free inodes at ENOSPC over chunk allocation d5753847b216 [03/42] xfs: block reservation too large for minleft allocation https://lore.kernel.org/linux-xfs/Y+Z7TZ9o+KgXLcV8@magnolia/ 60b730a40c43 [1/1] xfs: fix uninitialized variable access https://lore.kernel.org/linux-xfs/20230228051250.1238353-1-david@fromorbit.… 0c7273e494dd [1/1] xfs: quotacheck failure can race with background inode inactivation https://lore.kernel.org/linux-xfs/20230412024907.GP360889@frogsfrogsfrogs/ 8ee81ed581ff [1/1] xfs: fix BUG_ON in xfs_getbmap() https://www.spinics.net/lists/linux-xfs/msg71062.html [0/4] xfs: bug fixes for 6.4-rc1 [1/4] xfs: don't unconditionally null args->pag in xfs_bmap_btalloc_at_eof skip, fix for a commit from 6.3 8e698ee72c4e [2/4] xfs: set bnobt/cntbt numrecs correctly when formatting new AGs [3/4] xfs: flush dirty data and drain directios before scrubbing cow fork skip, scrub [4/4] xfs: don't allocate into the data fork for an unshare request skip, more of an optimization than a fix 1bba82fe1afa [5/4] xfs: fix negative array access in xfs_getbmap (fix of 8ee81ed) https://lore.kernel.org/linux-xfs/20230517000449.3997582-1-david@fromorbit.… [0/4] xfs: bug fixes for 6.4-rcX 89a4bf0dc385 [1/4] xfs: buffer pins need to hold a buffer reference [2/4] xfs: restore allocation trylock iteration skip, for issue introduced in 6.3 cb042117488d [3/4] xfs: defered work could create precommits (dependency for patch 4) 82842fee6e59 [4/4] xfs: fix AGF vs inode cluster buffer deadlock https://lore.kernel.org/linux-xfs/20240612225148.3989713-1-david@fromorbit.… 348a1983cf4c (fix for 82842fee6e5) [1/1] xfs: fix unlink vs cluster buffer instantiation race https://lore.kernel.org/linux-xfs/20230530001928.2967218-1-david@fromorbit.… d4d12c02b [1/1] xfs: collect errors from inodegc for unlinked inode recovery https://lore.kernel.org/linux-xfs/20230524121041.GA4128075@ceph-admin/ c3b880acadc9 [1/1] xfs: fix ag count overflow during growfs 4b827b3f305d [1/1] xfs: remove WARN when dquot cache insertion fails requested on list to reduce bot noise https://www.spinics.net/lists/linux-xfs/msg73214.html 5cf32f63b0f4 [1/2] xfs: fix the calculation for "end" and "length" [2/2] introduces new feature, skipping https://lore.kernel.org/linux-xfs/20230913102942.601271-1-ruansy.fnst@fujit… 3c90c01e4934 [1/1] xfs: correct calculation for agend and blockcount (fixes 5cf32) https://lore.kernel.org/all/20230901160020.GT28186@frogsfrogsfrogs/ 68b957f64fca [1/1] xfs: load uncached unlinked inodes into memory on demand https://www.spinics.net/lists/linux-xfs/msg74960.html [0/3] xfs: reload entire iunlink lists f12b96683d69 [1/3] xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list 83771c50e42b [2/3] xfs: reload entire unlinked bucket lists (dependency of 49813a21ed) 49813a21ed57 [3/3] xfs: make inode unlinked bucket recovery work with quotacheck (dependency for 537c013) https://lore.kernel.org/all/169565629026.1982077.12646061547002741492.stgit… 537c013b140d [1/1] xfs: fix reloading entire unlinked bucket lists (fix of 68b957f64fca) Darrick J. Wong (8): xfs: fix uninitialized variable access xfs: load uncached unlinked inodes into memory on demand xfs: fix negative array access in xfs_getbmap xfs: use i_prev_unlinked to distinguish inodes that are not on the unlinked list xfs: reload entire unlinked bucket lists xfs: make inode unlinked bucket recovery work with quotacheck xfs: fix reloading entire unlinked bucket lists xfs: set bnobt/cntbt numrecs correctly when formatting new AGs Dave Chinner (12): xfs: dquot shrinker doesn't check for XFS_DQFLAG_FREEING xfs: don't use BMBT btree split workers for IO completion xfs: fix low space alloc deadlock xfs: prefer free inodes at ENOSPC over chunk allocation xfs: block reservation too large for minleft allocation xfs: quotacheck failure can race with background inode inactivation xfs: buffer pins need to hold a buffer reference xfs: defered work could create precommits xfs: fix AGF vs inode cluster buffer deadlock xfs: collect errors from inodegc for unlinked inode recovery xfs: remove WARN when dquot cache insertion fails xfs: fix unlink vs cluster buffer instantiation race Long Li (1): xfs: fix ag count overflow during growfs Shiyang Ruan (2): xfs: fix the calculation for "end" and "length" xfs: correct calculation for agend and blockcount Wengang Wang (1): xfs: fix extent busy updating Wu Guanghao (1): xfs: Fix deadlock on xfs_inodegc_worker Ye Bin (1): xfs: fix BUG_ON in xfs_getbmap() fs/xfs/libxfs/xfs_ag.c | 19 ++- fs/xfs/libxfs/xfs_alloc.c | 69 +++++++-- fs/xfs/libxfs/xfs_bmap.c | 16 +- fs/xfs/libxfs/xfs_bmap.h | 2 + fs/xfs/libxfs/xfs_bmap_btree.c | 19 ++- fs/xfs/libxfs/xfs_btree.c | 18 ++- fs/xfs/libxfs/xfs_fs.h | 2 + fs/xfs/libxfs/xfs_ialloc.c | 17 +++ fs/xfs/libxfs/xfs_log_format.h | 9 +- fs/xfs/libxfs/xfs_trans_inode.c | 113 +------------- fs/xfs/xfs_attr_inactive.c | 1 - fs/xfs/xfs_bmap_util.c | 18 +-- fs/xfs/xfs_buf_item.c | 88 ++++++++--- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_export.c | 14 ++ fs/xfs/xfs_extent_busy.c | 1 + fs/xfs/xfs_fsmap.c | 1 + fs/xfs/xfs_fsops.c | 13 +- fs/xfs/xfs_icache.c | 58 +++++-- fs/xfs/xfs_icache.h | 4 +- fs/xfs/xfs_inode.c | 260 ++++++++++++++++++++++++++++---- fs/xfs/xfs_inode.h | 36 ++++- fs/xfs/xfs_inode_item.c | 149 ++++++++++++++++++ fs/xfs/xfs_inode_item.h | 1 + fs/xfs/xfs_itable.c | 11 ++ fs/xfs/xfs_log_recover.c | 19 ++- fs/xfs/xfs_mount.h | 11 +- fs/xfs/xfs_notify_failure.c | 15 +- fs/xfs/xfs_qm.c | 72 ++++++--- fs/xfs/xfs_super.c | 1 + fs/xfs/xfs_trace.h | 46 ++++++ fs/xfs/xfs_trans.c | 9 +- 32 files changed, 841 insertions(+), 272 deletions(-) -- 2.46.0.792.g87dc391469-goog

7 months, 1 week

3
29
0 0

Request to apply patches to v6.6 to fix thunderbolt issue

by Wan, Qin (Thin Client RnD)

Hello, There is an issue found on v6.6.16: Plug in thunderbolt G4 dock with monitor connected after system boots up. The monitor shows nothing when wake up from S3 sometimes. The failure rate is above 50%. The kernel reports “UBSAN: shift-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:4416:36”. The call stack is shown at the bottom of this email. This failure is fixed in v6.9-rc1. We request to merge below commit to v6.6. 6b8ac54f31f985d3abb0b4212187838dd8ea4227 thunderbolt: Fix debug log when DisplayPort adapter not available for pairing fe8a0293c922ee8bc1ff0cf9048075afb264004a thunderbolt: Use tb_tunnel_dbg() where possible to make logging more consistent d27bd2c37d4666bce25ec4d9ac8c6b169992f0f0 thunderbolt: Expose tb_tunnel_xxx() log macros to the rest of the driver 8648c6465c025c488e2855c209c0dea1a1a15184 thunderbolt: Create multiple DisplayPort tunnels if there are more DP IN/OUT pairs f73edddfa2a64a185c65a33f100778169c92fc25 thunderbolt: Use constants for path weight and priority 4d24db0c801461adeefd7e0bdc98c79c60ccefb0 thunderbolt: Use weight constants in tb_usb3_consumed_bandwidth() aa673d606078da36ebc379f041c794228ac08cb5 thunderbolt: Make is_gen4_link() available to the rest of the driver 582e70b0d3a412d15389a3c9c07a44791b311715 thunderbolt: Change bandwidth reservations to comply USB4 v2 2bfeca73e94567c1a117ca45d2e8a25d63e5bd2c 　thunderbolt: Introduce tb_port_path_direction_downstream() 　　956c3abe72fb6a651b8cf77c28462f7e5b6a48b1 　thunderbolt: Introduce tb_for_each_upstream_port_on_path() 　　c4ff14436952c3d0dd05769d76cf48e73a253b48 　thunderbolt: Introduce tb_switch_depth() 　　81af2952e60603d12415e1a6fd200f8073a2ad8b 　thunderbolt: Add support for asymmetric link 　　3e36528c1127b20492ffaea53930bcc3df46a718 　thunderbolt: Configure asymmetric link if needed and bandwidth allows 　　b4734507ac55cc7ea1380e20e83f60fcd7031955 　thunderbolt: Improve DisplayPort tunnel setup process to be more robust 　When failure happened, the kernel log reports Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414673] UBSAN: shift-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:4416:36 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414674] shift exponent -1 is negative Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414675] CPU: 0 PID: 145 Comm: kworker/0:2 Tainted: G U 6.6.16 #108 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414677] Hardware name: HP HP Elite t660 Thin Client/8D05, BIOS W44 Ver. 00.14.00 07/19/2024 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414678] Workqueue: events output_poll_execute [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414695] Call Trace: Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414697] <TASK> Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414698] dump_stack_lvl+0x48/0x70 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414703] dump_stack+0x10/0x20 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414705] __ubsan_handle_shift_out_of_bounds+0x156/0x310 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414708] ? krealloc+0x98/0x100 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414711] ? drm_atomic_get_private_obj_state+0x167/0x1a0 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414733] drm_dp_atomic_release_time_slots.cold+0x17/0x3d [drm_display_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414743] intel_dp_mst_atomic_check+0x9a/0x170 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414831] drm_atomic_helper_check_modeset+0x4bb/0xe20 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414842] ? __kmem_cache_alloc_node+0x1b3/0x320 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414845] ? __ww_mutex_lock.constprop.0+0x39/0xa00 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414848] intel_atomic_check+0x113/0x2b50 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414936] drm_atomic_check_only+0x692/0xb80 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414956] drm_atomic_commit+0x57/0xd0 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414972] ? _pfx__drm_printfn_info+0x10/0x10 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414999] drm_client_modeset_commit_atomic+0x1f1/0x230 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415019] drm_client_modeset_commit_locked+0x5b/0x170 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415038] ? mutex_lock+0x13/0x50 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415040] drm_client_modeset_commit+0x27/0x50 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415058] __drm_fb_helper_restore_fbdev_mode_unlocked+0xd2/0x100 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415068] drm_fb_helper_hotplug_event+0x11a/0x140 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415077] intel_fbdev_output_poll_changed+0x6f/0xb0 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415156] output_poll_execute+0x23e/0x290 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415166] ? intelfb_dirty+0x41/0x80 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415236] process_one_work+0x178/0x360 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415238] ? __pfx_worker_thread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415240] worker_thread+0x307/0x430 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415241] ? __pfx_worker_thread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415242] kthread+0xf4/0x130 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415245] ? __pfx_kthread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415247] ret_from_fork+0x43/0x70 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415249] ? __pfx_kthread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415250] ret_from_fork_asm+0x1b/0x30 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415252] </TASK> Thanks, Wanqin 　

7 months, 1 week

3
3
0 0

[PATCH 6.6.y] x86/mm: Switch to new Intel CPU model defines

by Ricardo Neri

From: Tony Luck <tony.luck(a)intel.com> [ Upstream commit 2eda374e883ad297bd9fe575a16c1dc850346075 ] New CPU #defines encode vendor and family as well as model. [ dhansen: vertically align 0's in invlpg_miss_ids[] ] Signed-off-by: Tony Luck <tony.luck(a)intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Link: https://lore.kernel.org/all/20240424181518.41946-1-tony.luck%40intel.com [ Ricardo: I used the old match macro X86_MATCH_INTEL_FAM6_MODEL() instead of X86_MATCH_VFM() as in the upstream commit. ] Signed-off-by: Ricardo Neri <ricardo.neri-calderon(a)linux.intel.com> --- I tested this backport on an Alder Lake system. Now pr_info("Incomplete global flushes, disabling PCID") is back in dmesg. I also tested on a Meteor Lake system, which is not affected by the INVLPG issue. The message in question is not there before and after the backport, as expected. This backport fixes the last remaining caller of x86_match_cpu() that does not use the family of X86_MATCH_*() macros. Thomas Lindroth intially reported the regression in https://lore.kernel.org/all/eb709d67-2a8d-412f-905d-f3777d897bfa@gmail.com/ Maybe Tony and/or the x86 maintainers can ack this backport? --- arch/x86/mm/init.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 679893ea5e68..6215dfa23578 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -261,21 +261,17 @@ static void __init probe_page_size_mask(void) } } -#define INTEL_MATCH(_model) { .vendor = X86_VENDOR_INTEL, \ - .family = 6, \ - .model = _model, \ - } /* * INVLPG may not properly flush Global entries * on these CPUs when PCIDs are enabled. */ static const struct x86_cpu_id invlpg_miss_ids[] = { - INTEL_MATCH(INTEL_FAM6_ALDERLAKE ), - INTEL_MATCH(INTEL_FAM6_ALDERLAKE_L ), - INTEL_MATCH(INTEL_FAM6_ATOM_GRACEMONT ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE ), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_P), - INTEL_MATCH(INTEL_FAM6_RAPTORLAKE_S), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE, 0), + X86_MATCH_INTEL_FAM6_MODEL(ALDERLAKE_L, 0), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_GRACEMONT, 0), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE, 0), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_P, 0), + X86_MATCH_INTEL_FAM6_MODEL(RAPTORLAKE_S, 0), {} }; -- 2.34.1

7 months, 1 week

3
2
0 0

[PATCH 6.1.y 0/2] x86: Complete backports for x86_match_cpu()

by Ricardo Neri

Hi, Upstream commit 93022482b294 ("x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL") introduced a flags member to struct x86_cpu_id. Bit 0 of x86_cpu.id.flags must be set to 1 for x86_match_cpu() to work correctly. This upstream commit has been backported to 6.1.y. Callers that use the X86_MATCH_*() family of macros to compose the argument of x86_match_cpu() function correctly. Callers that use their own custom mechanisms may not work if they fail to set x86_cpu_id.flags correctly. There are two remaining callers in 6.1.y that use their own mechanisms: setup_pcid() and rapl_msr_probe(). The former caused a regression that Thomas Lindroth reported in [1]. The latter works by luck but it still populates its x86_cpu_id[] array incorrectly. I backported two patches that fix these bugs in mainline. Hopefully the authors and/or maintainers can ack the backports? I tested these patches in Alder Lake and Meteor Lake systems as the two involved callers behave differently on these two systems. I wrote the testing details in each patch separately. Thanks and BR, Ricardo [1]. https://lore.kernel.org/all/eb709d67-2a8d-412f-905d-f3777d897bfa@gmail.com/ Sumeet Pawnikar (1): powercap: RAPL: fix invalid initialization for pl4_supported field Tony Luck (1): x86/mm: Switch to new Intel CPU model defines arch/x86/mm/init.c | 16 ++++++---------- drivers/powercap/intel_rapl_msr.c | 12 ++++++------ 2 files changed, 12 insertions(+), 16 deletions(-) -- 2.34.1

7 months, 1 week

2
4
0 0

[PATCH 0/1] ext4: fix crash on BUG_ON in ext4_alloc_group_tables

by Alexander Mikhalitsyn

A long story behind this one, first of all, we (LXD project folks) started to see issues in our tests on GitHub Actions ubuntu22.04 runners after they've got updated from 6.5 to 6.8-based kernel and this was reported on Launchpad tracker [1] by Wesley Hershberger. At the same time, Stéphane Graber from LXC containers project saw the same problem on Incus testsuite (also on Github Actions). Then we had a debugging session together with Stéphane and he found a quite minimalistic reproducer: curl https://pkgs.zabbly.com/get/incus-daily | sudo sh sudo apt-get install lvm2 --yes sudo incus storage create default lvm volume.size=25MiB size=1GiB sudo incus image copy images:alpine/edge local: --alias testimage sudo incus profile device add default root disk pool=default path=/ size=3GiB sudo incus create testimage a1 this thing produces the following output in kernel logs: [ 33.882936] EXT4-fs (dm-5): mounted filesystem 8aaf41b2-6ac0-4fa8-b92b-77d10e1d16ca r/w with ordered data mode. Quota mode: none. [ 33.888365] EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks [ 33.888740] ------------[ cut here ]------------ [ 33.888742] kernel BUG at fs/ext4/resize.c:324! [ 33.889075] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 33.889503] CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 [ 33.890039] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 33.890705] RIP: 0010:ext4_resize_fs+0x1212/0x12d0 [ 33.891063] Code: b8 45 31 c0 4c 89 ff 45 31 c9 31 c9 ba 0e 08 00 00 48 c7 c6 68 75 65 b8 e8 2b 79 01 00 41 b8 ea ff ff ff 41 5f e9 8d f1 ff ff <0f> 0b 48 83 bd 70 ff ff ff 00 75 32 45 31 c0 e9 53 f1 ff ff 41 b8 [ 33.892701] RSP: 0018:ffffa97f413f3cc8 EFLAGS: 00010202 [ 33.893081] RAX: 0000000000000018 RBX: 0000000000000001 RCX: 00000000fffffff0 [ 33.893639] RDX: 0000000000000017 RSI: 0000000000000016 RDI: 00000000e8c2c810 [ 33.894197] RBP: ffffa97f413f3d90 R08: 0000000000000000 R09: 0000000000008000 [ 33.894755] R10: ffffa97f413f3cc8 R11: ffffa2c1845bfc80 R12: 0000000000000000 [ 33.895317] R13: ffffa2c1843d6000 R14: 0000000000008000 R15: ffffa2c199963000 [ 33.895877] FS: 00007f46efd17000(0000) GS:ffffa2c89fc40000(0000) knlGS:0000000000000000 [ 33.896524] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.896954] CR2: 00005630a4a1cc88 CR3: 000000010532c000 CR4: 0000000000350eb0 [ 33.897516] Call Trace: [ 33.897638] <TASK> [ 33.897728] ? show_regs+0x6d/0x80 [ 33.897942] ? die+0x3c/0xa0 [ 33.898106] ? do_trap+0xe5/0x110 [ 33.898311] ? do_error_trap+0x6e/0x90 [ 33.898555] ? ext4_resize_fs+0x1212/0x12d0 [ 33.898844] ? exc_invalid_op+0x57/0x80 [ 33.899101] ? ext4_resize_fs+0x1212/0x12d0 [ 33.899387] ? asm_exc_invalid_op+0x1f/0x30 [ 33.899675] ? ext4_resize_fs+0x1212/0x12d0 [ 33.899961] ? ext4_resize_fs+0x745/0x12d0 [ 33.900239] __ext4_ioctl+0x4e0/0x1800 [ 33.900489] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.900832] ? putname+0x5b/0x70 [ 33.901028] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.901374] ? do_sys_openat2+0x87/0xd0 [ 33.901632] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.901981] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.902324] ? __x64_sys_openat+0x59/0xa0 [ 33.902595] ext4_ioctl+0x12/0x20 [ 33.902802] ? ext4_ioctl+0x12/0x20 [ 33.903031] __x64_sys_ioctl+0x99/0xd0 [ 33.903277] x64_sys_call+0x1206/0x20d0 [ 33.903534] do_syscall_64+0x72/0x110 [ 33.903771] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.904115] ? irqentry_exit+0x3f/0x50 [ 33.904362] ? srso_alias_return_thunk+0x5/0xfbef5 [ 33.904707] ? exc_page_fault+0x1aa/0x7b0 [ 33.904979] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 33.905349] RIP: 0033:0x7f46efe3294f [ 33.905579] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <41> 89 c0 3d 00 f0 ff ff 77 1f 48 8b 44 24 18 64 48 2b 04 25 28 00 [ 33.907321] RSP: 002b:00007ffe9b8833a0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.907926] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f46efe3294f [ 33.908487] RDX: 00007ffe9b8834a0 RSI: 0000000040086610 RDI: 0000000000000004 [ 33.909046] RBP: 00005630a4a0b0e0 R08: 0000000000000000 R09: 00007ffe9b8832d7 [ 33.909605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 33.910165] R13: 00005630a4a0c580 R14: 00005630a4a10400 R15: 0000000000000000 [ 33.910740] </TASK> [ 33.910837] Modules linked in: [ 33.911049] ---[ end trace 0000000000000000 ]--- [ 33.911428] RIP: 0010:ext4_resize_fs+0x1212/0x12d0 [ 33.911810] Code: b8 45 31 c0 4c 89 ff 45 31 c9 31 c9 ba 0e 08 00 00 48 c7 c6 68 75 65 b8 e8 2b 79 01 00 41 b8 ea ff ff ff 41 5f e9 8d f1 ff ff <0f> 0b 48 83 bd 70 ff ff ff 00 75 32 45 31 c0 e9 53 f1 ff ff 41 b8 [ 33.913928] RSP: 0018:ffffa97f413f3cc8 EFLAGS: 00010202 [ 33.914313] RAX: 0000000000000018 RBX: 0000000000000001 RCX: 00000000fffffff0 [ 33.914909] RDX: 0000000000000017 RSI: 0000000000000016 RDI: 00000000e8c2c810 [ 33.915482] RBP: ffffa97f413f3d90 R08: 0000000000000000 R09: 0000000000008000 [ 33.916258] R10: ffffa97f413f3cc8 R11: ffffa2c1845bfc80 R12: 0000000000000000 [ 33.917027] R13: ffffa2c1843d6000 R14: 0000000000008000 R15: ffffa2c199963000 [ 33.917884] FS: 00007f46efd17000(0000) GS:ffffa2c89fc40000(0000) knlGS:0000000000000000 [ 33.918818] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 33.919322] CR2: 00005630a4a1cc88 CR3: 000000010532c000 CR4: 0000000000350eb0 [ 44.072293] ------------[ cut here ]------------ This patch is attempt to fix it and I can confirm that after applying it everything works just fine. At the same time, I'm not knowledgable in ext4 filesystem code so careful review is required here. Kind regards, Alex Cc: stable(a)vger.kernel.org # v6.8+ Fixes: 665d3e0af4d3 ("ext4: reduce unnecessary memory allocation in alloc_flex_gd()") Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2081231 [1] Cc: "Theodore Ts'o" <tytso(a)mit.edu> Cc: Andreas Dilger <adilger.kernel(a)dilger.ca> Cc: Jan Kara <jack(a)suse.cz> Cc: Baokun Li <libaokun1(a)huawei.com> Cc: Stéphane Graber <stgraber(a)stgraber.org> Cc: Christian Brauner <brauner(a)kernel.org> Cc: <linux-kernel(a)vger.kernel.org> Cc: <linux-fsdevel(a)vger.kernel.org> Cc: <linux-ext4(a)vger.kernel.org> Reported-by: Wesley Hershberger <wesley.hershberger(a)canonical.com> Reported-by: Stéphane Graber <stgraber(a)stgraber.org> Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> Alexander Mikhalitsyn (1): ext4: fix BUG at fs/ext4/resize.c fs/ext4/resize.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) -- 2.34.1

7 months, 1 week

5
18
0 0

RTL8852BE wifi no longer working after 6.11 upgrade

by Marcel Weißenbach

Hi there, i upgraded my Archlinux testing setup from 6.10.9 to 6.11 and noticed that my wifi is no longer working. Here is the output from the working 6.10.x Kernel 04:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8852BE PCIe 802.11ax Wireless Network Controller Subsystem: AzureWave Device 5470 Kernel driver in use: rtw89_8852be Kernel modules: rtw89_8852be On 6.11, loading the Kernel Module fails. After veryfing it is not an Archlinux issue by manually building the Kernel from kernel.org manually, i can verify, it happens with an vanilla Kernel too. Here are the relevant parts from dmesg [...] [ 4.687462] rtw89_8852be 0000:04:00.0: [ERR]FWDL path ready [ 4.687472] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x1E0 = 0x23 [ 4.687477] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x83F0 = 0x70000 [ 4.687486] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687501] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687516] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f3b [ 4.687531] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687546] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f3f [ 4.687561] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687576] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f57 [ 4.687591] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687606] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4f [ 4.687621] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687636] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdf [ 4.687651] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687666] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f37 [ 4.687681] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 4.687696] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f53 [ 6.376153] rtw89_8852be 0000:04:00.0: [ERR]FWDL path ready [ 6.376163] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x1E0 = 0x23 [ 6.376168] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x83F0 = 0x70000 [ 6.376178] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4b [ 6.376193] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f43 [ 6.376208] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4b [ 6.376223] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f41 [ 6.376238] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f3f [ 6.376253] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 6.376268] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 6.376283] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f57 [ 6.376298] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f47 [ 6.376313] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 6.376327] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 6.376342] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdf [ 6.376357] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f35 [ 6.376372] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 6.376387] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 7.135332] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control off [ 8.097173] rtw89_8852be 0000:04:00.0: [ERR]FWDL path ready [ 8.097183] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x1E0 = 0x23 [ 8.097188] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x83F0 = 0x70000 [ 8.097197] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f53 [ 8.097212] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4b [ 8.097227] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 8.097242] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f2f [ 8.097257] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4b [ 8.097272] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 8.097287] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 8.097302] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f31 [ 8.097317] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f33 [ 8.097332] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f33 [ 8.097347] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdb [ 8.097362] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f33 [ 8.097377] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 8.097391] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 8.097406] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdb [ 9.817051] rtw89_8852be 0000:04:00.0: [ERR]FWDL path ready [ 9.817059] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x1E0 = 0x23 [ 9.817063] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x83F0 = 0x70000 [ 9.817072] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 9.817087] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 9.817102] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdf [ 9.817117] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccdf [ 9.817133] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccf7 [ 9.817147] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f3d [ 9.817162] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f35 [ 9.817177] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 9.817192] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 9.817207] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 9.817222] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f55 [ 9.817237] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f53 [ 9.817252] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f47 [ 9.817267] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f47 [ 9.817282] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 11.536604] rtw89_8852be 0000:04:00.0: [ERR]FWDL path ready [ 11.536615] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x1E0 = 0x23 [ 11.536621] rtw89_8852be 0000:04:00.0: [ERR]fwdl 0x83F0 = 0x70000 [ 11.536632] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f35 [ 11.536648] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f55 [ 11.536664] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890cce1 [ 11.536680] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f7f [ 11.536697] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 11.536713] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890cce3 [ 11.536730] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f31 [ 11.536746] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 11.536762] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f4b [ 11.536778] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f35 [ 11.536794] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f47 [ 11.536809] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 11.536825] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f47 [ 11.536842] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb8901f57 [ 11.536859] rtw89_8852be 0000:04:00.0: [ERR]fw PC = 0xb890ccd9 [ 11.536874] rtw89_8852be 0000:04:00.0: failed to setup chip information [ 11.537455] rtw89_8852be 0000:04:00.0: probe with driver rtw89_8852be failed with error -110 [...] The whole dmesg can be found here (with an Download button on the top right): https://ignaz.org/nextcloud/index.php/s/gMtZCxS5wjtWSYc Best Regards Marcel #regzbot introduced: v6.10.9..v6.11

7 months, 1 week

2
7
0 0

[PATCH v2] rust: sync: require `T: Sync` for `LockedBy::access`

by Alice Ryhl

The `LockedBy::access` method only requires a shared reference to the owner, so if we have shared access to the `LockedBy` from several threads at once, then two threads could call `access` in parallel and both obtain a shared reference to the inner value. Thus, require that `T: Sync` when calling the `access` method. An alternative is to require `T: Sync` in the `impl Sync for LockedBy`. This patch does not choose that approach as it gives up the ability to use `LockedBy` with `!Sync` types, which is okay as long as you only use `access_mut`. Cc: stable(a)vger.kernel.org Fixes: 7b1f55e3a984 ("rust: sync: introduce `LockedBy`") Signed-off-by: Alice Ryhl <aliceryhl(a)google.com> --- Changes in v2: - Use a `where T: Sync` on `access` instead of changing `impl Sync for LockedBy`. - Link to v1: https://lore.kernel.org/r/20240912-locked-by-sync-fix-v1-1-26433cbccbd2@goo… --- rust/kernel/sync/locked_by.rs | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/rust/kernel/sync/locked_by.rs b/rust/kernel/sync/locked_by.rs index babc731bd5f6..ce2ee8d87865 100644 --- a/rust/kernel/sync/locked_by.rs +++ b/rust/kernel/sync/locked_by.rs @@ -83,8 +83,12 @@ pub struct LockedBy<T: ?Sized, U: ?Sized> { // SAFETY: `LockedBy` can be transferred across thread boundaries iff the data it protects can. unsafe impl<T: ?Sized + Send, U: ?Sized> Send for LockedBy<T, U> {} -// SAFETY: `LockedBy` serialises the interior mutability it provides, so it is `Sync` as long as the -// data it protects is `Send`. +// SAFETY: If `T` is not `Sync`, then parallel shared access to this `LockedBy` allows you to use +// `access_mut` to hand out `&mut T` on one thread at the time. The requirement that `T: Send` is +// sufficient to allow that. +// +// If `T` is `Sync`, then the `access` method also becomes available, which allows you to obtain +// several `&T` from several threads at once. However, this is okay as `T` is `Sync`. unsafe impl<T: ?Sized + Send, U: ?Sized> Sync for LockedBy<T, U> {} impl<T, U> LockedBy<T, U> { @@ -118,7 +122,10 @@ impl<T: ?Sized, U> LockedBy<T, U> { /// /// Panics if `owner` is different from the data protected by the lock used in /// [`new`](LockedBy::new). - pub fn access<'a>(&'a self, owner: &'a U) -> &'a T { + pub fn access<'a>(&'a self, owner: &'a U) -> &'a T + where + T: Sync, + { build_assert!( size_of::<U>() > 0, "`U` cannot be a ZST because `owner` wouldn't be unique" @@ -127,7 +134,10 @@ pub fn access<'a>(&'a self, owner: &'a U) -> &'a T { panic!("mismatched owners"); } - // SAFETY: `owner` is evidence that the owner is locked. + // SAFETY: `owner` is evidence that there are only shared references to the owner for the + // duration of 'a, so it's not possible to use `Self::access_mut` to obtain a mutable + // reference to the inner value that aliases with this shared reference. The type is `Sync` + // so there are no other requirements. unsafe { &*self.data.get() } } --- base-commit: 93dc3be19450447a3a7090bd1dfb9f3daac3e8d2 change-id: 20240912-locked-by-sync-fix-07193df52f98 Best regards, -- Alice Ryhl <aliceryhl(a)google.com>

7 months, 1 week

3
3
0 0

[merged mm-hotfixes-stable] ocfs2-fix-uninit-value-in-ocfs2_get_block.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix uninit-value in ocfs2_get_block() has been removed from the -mm tree. Its filename was ocfs2-fix-uninit-value-in-ocfs2_get_block.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Joseph Qi <joseph.qi(a)linux.alibaba.com> Subject: ocfs2: fix uninit-value in ocfs2_get_block() Date: Wed, 25 Sep 2024 17:06:00 +0800 syzbot reported an uninit-value BUG: BUG: KMSAN: uninit-value in ocfs2_get_block+0xed2/0x2710 fs/ocfs2/aops.c:159 ocfs2_get_block+0xed2/0x2710 fs/ocfs2/aops.c:159 do_mpage_readpage+0xc45/0x2780 fs/mpage.c:225 mpage_readahead+0x43f/0x840 fs/mpage.c:374 ocfs2_readahead+0x269/0x320 fs/ocfs2/aops.c:381 read_pages+0x193/0x1110 mm/readahead.c:160 page_cache_ra_unbounded+0x901/0x9f0 mm/readahead.c:273 do_page_cache_ra mm/readahead.c:303 [inline] force_page_cache_ra+0x3b1/0x4b0 mm/readahead.c:332 force_page_cache_readahead mm/internal.h:347 [inline] generic_fadvise+0x6b0/0xa90 mm/fadvise.c:106 vfs_fadvise mm/fadvise.c:185 [inline] ksys_fadvise64_64 mm/fadvise.c:199 [inline] __do_sys_fadvise64 mm/fadvise.c:214 [inline] __se_sys_fadvise64 mm/fadvise.c:212 [inline] __x64_sys_fadvise64+0x1fb/0x3a0 mm/fadvise.c:212 x64_sys_call+0xe11/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:222 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f This is because when ocfs2_extent_map_get_blocks() fails, p_blkno is uninitialized. So the error log will trigger the above uninit-value access. The error log is out-of-date since get_blocks() was removed long time ago. And the error code will be logged in ocfs2_extent_map_get_blocks() once ocfs2_get_cluster() fails, so fix this by only logging inode and block. Link: https://syzkaller.appspot.com/bug?extid=9709e73bae885b05314b Link: https://lkml.kernel.org/r/20240925090600.3643376-1-joseph.qi@linux.alibaba.… Fixes: ccd979bdbce9 ("[PATCH] OCFS2: The Second Oracle Cluster Filesystem") Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: syzbot+9709e73bae885b05314b(a)syzkaller.appspotmail.com Tested-by: syzbot+9709e73bae885b05314b(a)syzkaller.appspotmail.com Cc: Heming Zhao <heming.zhao(a)suse.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/fs/ocfs2/aops.c~ocfs2-fix-uninit-value-in-ocfs2_get_block +++ a/fs/ocfs2/aops.c @@ -156,9 +156,8 @@ int ocfs2_get_block(struct inode *inode, err = ocfs2_extent_map_get_blocks(inode, iblock, &p_blkno, &count, &ext_flags); if (err) { - mlog(ML_ERROR, "Error %d from get_blocks(0x%p, %llu, 1, " - "%llu, NULL)\n", err, inode, (unsigned long long)iblock, - (unsigned long long)p_blkno); + mlog(ML_ERROR, "get_blocks() failed, inode: 0x%p, " + "block: %llu\n", inode, (unsigned long long)iblock); goto bail; } _ Patches currently in -mm which might be from joseph.qi(a)linux.alibaba.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] kselftests-mm-fix-wrong-__nr_userfaultfd-value.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kselftests: mm: fix wrong __NR_userfaultfd value has been removed from the -mm tree. Its filename was kselftests-mm-fix-wrong-__nr_userfaultfd-value.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Subject: kselftests: mm: fix wrong __NR_userfaultfd value Date: Mon, 23 Sep 2024 10:38:36 +0500 grep -rnIF "#define __NR_userfaultfd" tools/include/uapi/asm-generic/unistd.h:681:#define __NR_userfaultfd 282 arch/x86/include/generated/uapi/asm/unistd_32.h:374:#define __NR_userfaultfd 374 arch/x86/include/generated/uapi/asm/unistd_64.h:327:#define __NR_userfaultfd 323 arch/x86/include/generated/uapi/asm/unistd_x32.h:282:#define __NR_userfaultfd (__X32_SYSCALL_BIT + 323) arch/arm/include/generated/uapi/asm/unistd-eabi.h:347:#define __NR_userfaultfd (__NR_SYSCALL_BASE + 388) arch/arm/include/generated/uapi/asm/unistd-oabi.h:359:#define __NR_userfaultfd (__NR_SYSCALL_BASE + 388) include/uapi/asm-generic/unistd.h:681:#define __NR_userfaultfd 282 The number is dependent on the architecture. The above data shows that: x86 374 x86_64 323 The value of __NR_userfaultfd was changed to 282 when asm-generic/unistd.h was included. It makes the test to fail every time as the correct number of this syscall on x86_64 is 323. Fix the header to asm/unistd.h. Link: https://lkml.kernel.org/r/20240923053836.3270393-1-usama.anjum@collabora.com Fixes: a5c6bc590094 ("selftests/mm: remove local __NR_* definitions") Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Reviewed-by: Shuah Khan <skhan(a)linuxfoundation.org> Reviewed-by: David Hildenbrand <david(a)redhat.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/pagemap_ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/pagemap_ioctl.c~kselftests-mm-fix-wrong-__nr_userfaultfd-value +++ a/tools/testing/selftests/mm/pagemap_ioctl.c @@ -15,7 +15,7 @@ #include <sys/ioctl.h> #include <sys/stat.h> #include <math.h> -#include <asm-generic/unistd.h> +#include <asm/unistd.h> #include <pthread.h> #include <sys/resource.h> #include <assert.h> _ Patches currently in -mm which might be from usama.anjum(a)collabora.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] compilerh-specify-correct-attribute-for-rodatac_jump_table.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: compiler.h: specify correct attribute for .rodata..c_jump_table has been removed from the -mm tree. Its filename was compilerh-specify-correct-attribute-for-rodatac_jump_table.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Tiezhu Yang <yangtiezhu(a)loongson.cn> Subject: compiler.h: specify correct attribute for .rodata..c_jump_table Date: Tue, 24 Sep 2024 14:27:10 +0800 Currently, there is an assembler message when generating kernel/bpf/core.o under CONFIG_OBJTOOL with LoongArch compiler toolchain: Warning: setting incorrect section attributes for .rodata..c_jump_table This is because the section ".rodata..c_jump_table" should be readonly, but there is a "W" (writable) part of the flags: $ readelf -S kernel/bpf/core.o | grep -A 1 "rodata..c" [34] .rodata..c_j[...] PROGBITS 0000000000000000 0000d2e0 0000000000000800 0000000000000000 WA 0 0 8 There is no above issue on x86 due to the generated section flag is only "A" (allocatable). In order to silence the warning on LoongArch, specify the attribute like ".rodata..c_jump_table,\"a\",@progbits #" explicitly, then the section attribute of ".rodata..c_jump_table" must be readonly in the kernel/bpf/core.o file. Before: $ objdump -h kernel/bpf/core.o | grep -A 1 "rodata..c" 21 .rodata..c_jump_table 00000800 0000000000000000 0000000000000000 0000d2e0 2**3 CONTENTS, ALLOC, LOAD, RELOC, DATA After: $ objdump -h kernel/bpf/core.o | grep -A 1 "rodata..c" 21 .rodata..c_jump_table 00000800 0000000000000000 0000000000000000 0000d2e0 2**3 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA By the way, AFAICT, maybe the root cause is related with the different compiler behavior of various archs, so to some extent this change is a workaround for LoongArch, and also there is no effect for x86 which is the only port supported by objtool before LoongArch with this patch. Link: https://lkml.kernel.org/r/20240924062710.1243-1-yangtiezhu@loongson.cn Signed-off-by: Tiezhu Yang <yangtiezhu(a)loongson.cn> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> [6.9+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/compiler.h~compilerh-specify-correct-attribute-for-rodatac_jump_table +++ a/include/linux/compiler.h @@ -133,7 +133,7 @@ void ftrace_likely_update(struct ftrace_ #define annotate_unreachable() __annotate_unreachable(__COUNTER__) /* Annotate a C jump table to allow objtool to follow the code flow */ -#define __annotate_jump_table __section(".rodata..c_jump_table") +#define __annotate_jump_table __section(".rodata..c_jump_table,\"a\",@progbits #") #else /* !CONFIG_OBJTOOL */ #define annotate_reachable() _ Patches currently in -mm which might be from yangtiezhu(a)loongson.cn are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: fix deadlock in ocfs2_get_system_file_inode has been removed from the -mm tree. Its filename was ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Subject: ocfs2: fix deadlock in ocfs2_get_system_file_inode Date: Tue, 24 Sep 2024 09:32:57 +0000 syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) --- a/fs/ocfs2/extent_map.c~ocfs2-fix-deadlock-in-ocfs2_get_system_file_inode +++ a/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); _ Patches currently in -mm which might be from pvmohammedanees2003(a)gmail.com are ocfs2-fix-typo-in-comment.patch

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: ocfs2: reserve space for inline xattr before attaching reflink tree has been removed from the -mm tree. Its filename was ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Subject: ocfs2: reserve space for inline xattr before attaching reflink tree Date: Wed, 18 Sep 2024 06:38:44 +0000 One of our customers reported a crash and a corrupted ocfs2 filesystem. The crash was due to the detection of corruption. Upon troubleshooting, the fsck -fn output showed the below corruption [EXTENT_LIST_FREE] Extent list in owner 33080590 claims 230 as the next free chain record, but fsck believes the largest valid value is 227. Clamp the next record value? n The stat output from the debugfs.ocfs2 showed the following corruption where the "Next Free Rec:" had overshot the "Count:" in the root metadata block. Inode: 33080590 Mode: 0640 Generation: 2619713622 (0x9c25a856) FS Generation: 904309833 (0x35e6ac49) CRC32: 00000000 ECC: 0000 Type: Regular Attr: 0x0 Flags: Valid Dynamic Features: (0x16) HasXattr InlineXattr Refcounted Extended Attributes Block: 0 Extended Attributes Inline Size: 256 User: 0 (root) Group: 0 (root) Size: 281320357888 Links: 1 Clusters: 141738 ctime: 0x66911b56 0x316edcb8 -- Fri Jul 12 06:02:30.829349048 2024 atime: 0x66911d6b 0x7f7a28d -- Fri Jul 12 06:11:23.133669517 2024 mtime: 0x66911b56 0x12ed75d7 -- Fri Jul 12 06:02:30.317552087 2024 dtime: 0x0 -- Wed Dec 31 17:00:00 1969 Refcount Block: 2777346 Last Extblk: 2886943 Orphan Slot: 0 Sub Alloc Slot: 0 Sub Alloc Bit: 14 Tree Depth: 1 Count: 227 Next Free Rec: 230 ## Offset Clusters Block# 0 0 2310 2776351 1 2310 2139 2777375 2 4449 1221 2778399 3 5670 731 2779423 4 6401 566 2780447 ....... .... ....... ....... .... ....... The issue was in the reflink workfow while reserving space for inline xattr. The problematic function is ocfs2_reflink_xattr_inline(). By the time this function is called the reflink tree is already recreated at the destination inode from the source inode. At this point, this function reserves space for inline xattrs at the destination inode without even checking if there is space at the root metadata block. It simply reduces the l_count from 243 to 227 thereby making space of 256 bytes for inline xattr whereas the inode already has extents beyond this index (in this case up to 230), thereby causing corruption. The fix for this is to reserve space for inline metadata at the destination inode before the reflink tree gets recreated. The customer has verified the fix. Link: https://lkml.kernel.org/r/20240918063844.1830332-1-gautham.ananthakrishna@o… Fixes: ef962df057aa ("ocfs2: xattr: fix inlined xattr reflink") Signed-off-by: Gautham Ananthakrishna <gautham.ananthakrishna(a)oracle.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/refcounttree.c | 26 ++++++++++++++++++++++++-- fs/ocfs2/xattr.c | 11 +---------- 2 files changed, 25 insertions(+), 12 deletions(-) --- a/fs/ocfs2/refcounttree.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/refcounttree.c @@ -25,6 +25,7 @@ #include "namei.h" #include "ocfs2_trace.h" #include "file.h" +#include "symlink.h" #include <linux/bio.h> #include <linux/blkdev.h> @@ -4148,8 +4149,9 @@ static int __ocfs2_reflink(struct dentry int ret; struct inode *inode = d_inode(old_dentry); struct buffer_head *new_bh = NULL; + struct ocfs2_inode_info *oi = OCFS2_I(inode); - if (OCFS2_I(inode)->ip_flags & OCFS2_INODE_SYSTEM_FILE) { + if (oi->ip_flags & OCFS2_INODE_SYSTEM_FILE) { ret = -EINVAL; mlog_errno(ret); goto out; @@ -4175,6 +4177,26 @@ static int __ocfs2_reflink(struct dentry goto out_unlock; } + if ((oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) && + (oi->ip_dyn_features & OCFS2_INLINE_XATTR_FL)) { + /* + * Adjust extent record count to reserve space for extended attribute. + * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). + */ + struct ocfs2_inode_info *new_oi = OCFS2_I(new_inode); + + if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && + !(ocfs2_inode_is_fast_symlink(new_inode))) { + struct ocfs2_dinode *new_di = (struct ocfs2_dinode *)new_bh->b_data; + struct ocfs2_dinode *old_di = (struct ocfs2_dinode *)old_bh->b_data; + struct ocfs2_extent_list *el = &new_di->id2.i_list; + int inline_size = le16_to_cpu(old_di->i_xattr_inline_size); + + le16_add_cpu(&el->l_count, -(inline_size / + sizeof(struct ocfs2_extent_rec))); + } + } + ret = ocfs2_create_reflink_node(inode, old_bh, new_inode, new_bh, preserve); if (ret) { @@ -4182,7 +4204,7 @@ static int __ocfs2_reflink(struct dentry goto inode_unlock; } - if (OCFS2_I(inode)->ip_dyn_features & OCFS2_HAS_XATTR_FL) { + if (oi->ip_dyn_features & OCFS2_HAS_XATTR_FL) { ret = ocfs2_reflink_xattrs(inode, old_bh, new_inode, new_bh, preserve); --- a/fs/ocfs2/xattr.c~ocfs2-reserve-space-for-inline-xattr-before-attaching-reflink-tree +++ a/fs/ocfs2/xattr.c @@ -6511,16 +6511,7 @@ static int ocfs2_reflink_xattr_inline(st } new_oi = OCFS2_I(args->new_inode); - /* - * Adjust extent record count to reserve space for extended attribute. - * Inline data count had been adjusted in ocfs2_duplicate_inline_data(). - */ - if (!(new_oi->ip_dyn_features & OCFS2_INLINE_DATA_FL) && - !(ocfs2_inode_is_fast_symlink(args->new_inode))) { - struct ocfs2_extent_list *el = &new_di->id2.i_list; - le16_add_cpu(&el->l_count, -(inline_size / - sizeof(struct ocfs2_extent_rec))); - } + spin_lock(&new_oi->ip_lock); new_oi->ip_dyn_features |= OCFS2_HAS_XATTR_FL | OCFS2_INLINE_XATTR_FL; new_di->i_dyn_features = cpu_to_le16(new_oi->ip_dyn_features); _ Patches currently in -mm which might be from gautham.ananthakrishna(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: migrate: annotate data-race in migrate_folio_unmap() has been removed from the -mm tree. Its filename was mm-migrate-annotate-data-race-in-migrate_folio_unmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: mm: migrate: annotate data-race in migrate_folio_unmap() Date: Tue, 24 Sep 2024 22:00:53 +0900 I found a report from syzbot [1] This report shows that the value can be changed, but in reality, the value of __folio_set_movable() cannot be changed because it holds the folio refcount. Therefore, it is appropriate to add an annotate to make KCSAN ignore that data-race. [1] ================================================================== BUG: KCSAN: data-race in __filemap_remove_folio / migrate_pages_batch write to 0xffffea0004b81dd8 of 8 bytes by task 6348 on cpu 0: page_cache_delete mm/filemap.c:153 [inline] __filemap_remove_folio+0x1ac/0x2c0 mm/filemap.c:233 filemap_remove_folio+0x6b/0x1f0 mm/filemap.c:265 truncate_inode_folio+0x42/0x50 mm/truncate.c:178 shmem_undo_range+0x25b/0xa70 mm/shmem.c:1028 shmem_truncate_range mm/shmem.c:1144 [inline] shmem_evict_inode+0x14d/0x530 mm/shmem.c:1272 evict+0x2f0/0x580 fs/inode.c:731 iput_final fs/inode.c:1883 [inline] iput+0x42a/0x5b0 fs/inode.c:1909 dentry_unlink_inode+0x24f/0x260 fs/dcache.c:412 __dentry_kill+0x18b/0x4c0 fs/dcache.c:615 dput+0x5c/0xd0 fs/dcache.c:857 __fput+0x3fb/0x6d0 fs/file_table.c:439 ____fput+0x1c/0x30 fs/file_table.c:459 task_work_run+0x13a/0x1a0 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0xbe/0x130 kernel/entry/common.c:218 do_syscall_64+0xd6/0x1c0 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f read to 0xffffea0004b81dd8 of 8 bytes by task 6342 on cpu 1: __folio_test_movable include/linux/page-flags.h:699 [inline] migrate_folio_unmap mm/migrate.c:1199 [inline] migrate_pages_batch+0x24c/0x1940 mm/migrate.c:1797 migrate_pages_sync mm/migrate.c:1963 [inline] migrate_pages+0xff1/0x1820 mm/migrate.c:2072 do_mbind mm/mempolicy.c:1390 [inline] kernel_mbind mm/mempolicy.c:1533 [inline] __do_sys_mbind mm/mempolicy.c:1607 [inline] __se_sys_mbind+0xf76/0x1160 mm/mempolicy.c:1603 __x64_sys_mbind+0x78/0x90 mm/mempolicy.c:1603 x64_sys_call+0x2b4d/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:238 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f value changed: 0xffff888127601078 -> 0x0000000000000000 Link: https://lkml.kernel.org/r/20240924130053.107490-1-aha310510@gmail.com Fixes: 7e2a5e5ab217 ("mm: migrate: use __folio_test_movable()") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/migrate.c~mm-migrate-annotate-data-race-in-migrate_folio_unmap +++ a/mm/migrate.c @@ -1196,7 +1196,7 @@ static int migrate_folio_unmap(new_folio int rc = -EAGAIN; int old_page_state = 0; struct anon_vma *anon_vma = NULL; - bool is_lru = !__folio_test_movable(src); + bool is_lru = data_race(!__folio_test_movable(src)); bool locked = false; bool dst_locked = false; _ Patches currently in -mm which might be from aha310510(a)gmail.com are mm-percpu-fix-typo-to-pcpu_alloc_noprof-description.patch mm-shmem-fix-data-race-in-shmem_getattr.patch

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-simplify-refs-in-memfd_alloc_folio.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: simplify refs in memfd_alloc_folio has been removed from the -mm tree. Its filename was mm-hugetlb-simplify-refs-in-memfd_alloc_folio.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/hugetlb: simplify refs in memfd_alloc_folio Date: Wed, 4 Sep 2024 12:41:08 -0700 The folio_try_get in memfd_alloc_folio is not necessary. Delete it, and delete the matching folio_put in memfd_pin_folios. This also avoids leaking a ref if the memfd_alloc_folio call to hugetlb_add_to_page_cache fails. That error path is also broken in a second way -- when its folio_put causes the ref to become 0, it will implicitly call free_huge_folio, but then the path *explicitly* calls free_huge_folio. Delete the latter. This is a continuation of the fix "mm/hugetlb: fix memfd_pin_folios free_huge_pages leak" [steven.sistare(a)oracle.com: remove explicit call to free_huge_folio(), per Matthew] Link: https://lkml.kernel.org/r/Zti-7nPVMcGgpcbi@casper.infradead.org Link: https://lkml.kernel.org/r/1725481920-82506-1-git-send-email-steven.sistare@… Link: https://lkml.kernel.org/r/1725478868-61732-1-git-send-email-steven.sistare@… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Suggested-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 4 +--- mm/memfd.c | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) --- a/mm/gup.c~mm-hugetlb-simplify-refs-in-memfd_alloc_folio +++ a/mm/gup.c @@ -3615,7 +3615,7 @@ long memfd_pin_folios(struct file *memfd pgoff_t start_idx, end_idx, next_idx; struct folio *folio = NULL; struct folio_batch fbatch; - struct hstate *h = NULL; + struct hstate *h; long ret = -EINVAL; if (start < 0 || start > end || !max_folios) @@ -3659,8 +3659,6 @@ long memfd_pin_folios(struct file *memfd &fbatch); if (folio) { folio_put(folio); - if (h) - folio_put(folio); folio = NULL; } --- a/mm/memfd.c~mm-hugetlb-simplify-refs-in-memfd_alloc_folio +++ a/mm/memfd.c @@ -89,13 +89,12 @@ struct folio *memfd_alloc_folio(struct f numa_node_id(), NULL, gfp_mask); - if (folio && folio_try_get(folio)) { + if (folio) { err = hugetlb_add_to_page_cache(folio, memfd->f_mapping, idx); if (err) { folio_put(folio); - free_huge_folio(folio); return ERR_PTR(err); } folio_unlock(folio); _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-fix-memfd_pin_folios-alloc-race-panic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: fix memfd_pin_folios alloc race panic has been removed from the -mm tree. Its filename was mm-gup-fix-memfd_pin_folios-alloc-race-panic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/gup: fix memfd_pin_folios alloc race panic Date: Tue, 3 Sep 2024 07:25:21 -0700 If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; then on the next trip through the "while start_idx" loop we panic here: if (folio) { folio_put(folio); To fix, set the folio to NULL on error. Link: https://lkml.kernel.org/r/1725373521-451395-6-git-send-email-steven.sistare… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Acked-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/gup.c~mm-gup-fix-memfd_pin_folios-alloc-race-panic +++ a/mm/gup.c @@ -3702,6 +3702,7 @@ long memfd_pin_folios(struct file *memfd ret = PTR_ERR(folio); if (ret != -EEXIST) goto err; + folio = NULL; } } } _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-fix-memfd_pin_folios-hugetlb-page-allocation.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: fix memfd_pin_folios hugetlb page allocation has been removed from the -mm tree. Its filename was mm-gup-fix-memfd_pin_folios-hugetlb-page-allocation.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/gup: fix memfd_pin_folios hugetlb page allocation Date: Tue, 3 Sep 2024 07:25:20 -0700 When memfd_pin_folios -> memfd_alloc_folio creates a hugetlb page, the index is wrong. The subsequent call to filemap_get_folios_contig thus cannot find it, and fails, and memfd_pin_folios loops forever. To fix, adjust the index for the huge_page_order. memfd_alloc_folio also forgets to unlock the folio, so the next touch of the page calls hugetlb_fault which blocks forever trying to take the lock. Unlock it. Link: https://lkml.kernel.org/r/1725373521-451395-5-git-send-email-steven.sistare… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Acked-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memfd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/mm/memfd.c~mm-gup-fix-memfd_pin_folios-hugetlb-page-allocation +++ a/mm/memfd.c @@ -79,10 +79,13 @@ struct folio *memfd_alloc_folio(struct f * alloc from. Also, the folio will be pinned for an indefinite * amount of time, so it is not expected to be migrated away. */ - gfp_mask = htlb_alloc_mask(hstate_file(memfd)); + struct hstate *h = hstate_file(memfd); + + gfp_mask = htlb_alloc_mask(h); gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); + idx >>= huge_page_order(h); - folio = alloc_hugetlb_folio_reserve(hstate_file(memfd), + folio = alloc_hugetlb_folio_reserve(h, numa_node_id(), NULL, gfp_mask); @@ -95,6 +98,7 @@ struct folio *memfd_alloc_folio(struct f free_huge_folio(folio); return ERR_PTR(err); } + folio_unlock(folio); return folio; } return ERR_PTR(-ENOMEM); _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-memfd_pin_folios-resv_huge_pages-leak.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak has been removed from the -mm tree. Its filename was mm-hugetlb-fix-memfd_pin_folios-resv_huge_pages-leak.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/hugetlb: fix memfd_pin_folios resv_huge_pages leak Date: Tue, 3 Sep 2024 07:25:19 -0700 memfd_pin_folios followed by unpin_folios leaves resv_huge_pages elevated if the pages were not already faulted in. During a normal page fault, resv_huge_pages is consumed here: hugetlb_fault() alloc_hugetlb_folio() dequeue_hugetlb_folio_vma() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() free_huge_pages-- resv_huge_pages-- During memfd_pin_folios, the page is created by calling alloc_hugetlb_folio_nodemask instead of alloc_hugetlb_folio, and resv_huge_pages is not modified: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() free_huge_pages-- alloc_hugetlb_folio_nodemask has other callers that must not modify resv_huge_pages. Therefore, to fix, define an alternate version of alloc_hugetlb_folio_nodemask for this call site that adjusts resv_huge_pages. Link: https://lkml.kernel.org/r/1725373521-451395-4-git-send-email-steven.sistare… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Acked-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/hugetlb.h | 10 ++++++++++ mm/hugetlb.c | 17 +++++++++++++++++ mm/memfd.c | 9 ++++----- 3 files changed, 31 insertions(+), 5 deletions(-) --- a/include/linux/hugetlb.h~mm-hugetlb-fix-memfd_pin_folios-resv_huge_pages-leak +++ a/include/linux/hugetlb.h @@ -692,6 +692,9 @@ struct folio *alloc_hugetlb_folio(struct struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, nodemask_t *nmask, gfp_t gfp_mask, bool allow_alloc_fallback); +struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask); + int hugetlb_add_to_page_cache(struct folio *folio, struct address_space *mapping, pgoff_t idx); void restore_reserve_on_error(struct hstate *h, struct vm_area_struct *vma, @@ -1058,6 +1061,13 @@ static inline struct folio *alloc_hugetl { return NULL; } + +static inline struct folio * +alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask) +{ + return NULL; +} static inline struct folio * alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, --- a/mm/hugetlb.c~mm-hugetlb-fix-memfd_pin_folios-resv_huge_pages-leak +++ a/mm/hugetlb.c @@ -2390,6 +2390,23 @@ struct folio *alloc_buddy_hugetlb_folio_ return folio; } +struct folio *alloc_hugetlb_folio_reserve(struct hstate *h, int preferred_nid, + nodemask_t *nmask, gfp_t gfp_mask) +{ + struct folio *folio; + + spin_lock_irq(&hugetlb_lock); + folio = dequeue_hugetlb_folio_nodemask(h, gfp_mask, preferred_nid, + nmask); + if (folio) { + VM_BUG_ON(!h->resv_huge_pages); + h->resv_huge_pages--; + } + + spin_unlock_irq(&hugetlb_lock); + return folio; +} + /* folio migration callback function */ struct folio *alloc_hugetlb_folio_nodemask(struct hstate *h, int preferred_nid, nodemask_t *nmask, gfp_t gfp_mask, bool allow_alloc_fallback) --- a/mm/memfd.c~mm-hugetlb-fix-memfd_pin_folios-resv_huge_pages-leak +++ a/mm/memfd.c @@ -82,11 +82,10 @@ struct folio *memfd_alloc_folio(struct f gfp_mask = htlb_alloc_mask(hstate_file(memfd)); gfp_mask &= ~(__GFP_HIGHMEM | __GFP_MOVABLE); - folio = alloc_hugetlb_folio_nodemask(hstate_file(memfd), - numa_node_id(), - NULL, - gfp_mask, - false); + folio = alloc_hugetlb_folio_reserve(hstate_file(memfd), + numa_node_id(), + NULL, + gfp_mask); if (folio && folio_try_get(folio)) { err = hugetlb_add_to_page_cache(folio, memfd->f_mapping, _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-fix-memfd_pin_folios-free_huge_pages-leak.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak has been removed from the -mm tree. Its filename was mm-hugetlb-fix-memfd_pin_folios-free_huge_pages-leak.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/hugetlb: fix memfd_pin_folios free_huge_pages leak Date: Tue, 3 Sep 2024 07:25:18 -0700 memfd_pin_folios followed by unpin_folios fails to restore free_huge_pages if the pages were not already faulted in, because the folio refcount for pages created by memfd_alloc_folio never goes to 0. memfd_pin_folios needs another folio_put to undo the folio_try_get below: memfd_alloc_folio() alloc_hugetlb_folio_nodemask() dequeue_hugetlb_folio_nodemask() dequeue_hugetlb_folio_node_exact() folio_ref_unfreeze(folio, 1); ; adds 1 refcount folio_try_get() ; adds 1 refcount hugetlb_add_to_page_cache() ; adds 512 refcount (on x86) With the fix, after memfd_pin_folios + unpin_folios, the refcount for the (unfaulted) page is 512, which is correct, as the refcount for a faulted unpinned page is 513. Link: https://lkml.kernel.org/r/1725373521-451395-3-git-send-email-steven.sistare… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Acked-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/mm/gup.c~mm-hugetlb-fix-memfd_pin_folios-free_huge_pages-leak +++ a/mm/gup.c @@ -3615,7 +3615,7 @@ long memfd_pin_folios(struct file *memfd pgoff_t start_idx, end_idx, next_idx; struct folio *folio = NULL; struct folio_batch fbatch; - struct hstate *h; + struct hstate *h = NULL; long ret = -EINVAL; if (start < 0 || start > end || !max_folios) @@ -3659,6 +3659,8 @@ long memfd_pin_folios(struct file *memfd &fbatch); if (folio) { folio_put(folio); + if (h) + folio_put(folio); folio = NULL; } _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-filemap-fix-filemap_get_folios_contig-thp-panic.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/filemap: fix filemap_get_folios_contig THP panic has been removed from the -mm tree. Its filename was mm-filemap-fix-filemap_get_folios_contig-thp-panic.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Steve Sistare <steven.sistare(a)oracle.com> Subject: mm/filemap: fix filemap_get_folios_contig THP panic Date: Tue, 3 Sep 2024 07:25:17 -0700 Patch series "memfd-pin huge page fixes". Fix multiple bugs that occur when using memfd_pin_folios with hugetlb pages and THP. The hugetlb bugs only bite when the page is not yet faulted in when memfd_pin_folios is called. The THP bug bites when the starting offset passed to memfd_pin_folios is not huge page aligned. See the commit messages for details. This patch (of 5): memfd_pin_folios on memory backed by THP panics if the requested start offset is not huge page aligned: BUG: kernel NULL pointer dereference, address: 0000000000000036 RIP: 0010:filemap_get_folios_contig+0xdf/0x290 RSP: 0018:ffffc9002092fbe8 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000002 The fault occurs here, because xas_load returns a folio with value 2: filemap_get_folios_contig() for (folio = xas_load(&xas); folio && xas.xa_index <= end; folio = xas_next(&xas)) { ... if (!folio_try_get(folio)) <-- BOOM "2" is an xarray sibling entry. We get it because memfd_pin_folios does not round the indices passed to filemap_get_folios_contig to huge page boundaries for THP, so we load from the middle of a huge page range see a sibling. (It does round for hugetlbfs, at the is_file_hugepages test). To fix, if the folio is a sibling, then return the next index as the starting point for the next call to filemap_get_folios_contig. Link: https://lkml.kernel.org/r/1725373521-451395-1-git-send-email-steven.sistare… Link: https://lkml.kernel.org/r/1725373521-451395-2-git-send-email-steven.sistare… Fixes: 89c1905d9c14 ("mm/gup: introduce memfd_pin_folios() for pinning memfd folios") Signed-off-by: Steve Sistare <steven.sistare(a)oracle.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)nvidia.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Peter Xu <peterx(a)redhat.com> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/filemap.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/filemap.c~mm-filemap-fix-filemap_get_folios_contig-thp-panic +++ a/mm/filemap.c @@ -2196,6 +2196,10 @@ unsigned filemap_get_folios_contig(struc if (xa_is_value(folio)) goto update_start; + /* If we landed in the middle of a THP, continue at its end. */ + if (xa_is_sibling(folio)) + goto update_start; + if (!folio_try_get(folio)) goto retry; _ Patches currently in -mm which might be from steven.sistare(a)oracle.com are

7 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] tools-fix-shared-radix-tree-build.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: tools: fix shared radix-tree build has been removed from the -mm tree. Its filename was tools-fix-shared-radix-tree-build.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Subject: tools: fix shared radix-tree build Date: Tue, 24 Sep 2024 19:07:24 +0100 The shared radix-tree build is not correctly recompiling when lib/maple_tree.c and lib/test_maple_tree.c are modified - fix this by adding these core components to the SHARED_DEPS list. Additionally, add missing header guards to shared header files. Link: https://lkml.kernel.org/r/20240924180724.112169-1-lorenzo.stoakes@oracle.com Fixes: 74579d8dab47 ("tools: separate out shared radix-tree components") Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Tested-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/shared/maple-shared.h | 4 ++++ tools/testing/shared/shared.h | 4 ++++ tools/testing/shared/shared.mk | 4 +++- tools/testing/shared/xarray-shared.h | 4 ++++ 4 files changed, 15 insertions(+), 1 deletion(-) --- a/tools/testing/shared/maple-shared.h~tools-fix-shared-radix-tree-build +++ a/tools/testing/shared/maple-shared.h @@ -1,4 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0+ */ +#ifndef __MAPLE_SHARED_H__ +#define __MAPLE_SHARED_H__ #define CONFIG_DEBUG_MAPLE_TREE #define CONFIG_MAPLE_SEARCH @@ -7,3 +9,5 @@ #include <stdlib.h> #include <time.h> #include "linux/init.h" + +#endif /* __MAPLE_SHARED_H__ */ --- a/tools/testing/shared/shared.h~tools-fix-shared-radix-tree-build +++ a/tools/testing/shared/shared.h @@ -1,4 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 */ +#ifndef __SHARED_H__ +#define __SHARED_H__ #include <linux/types.h> #include <linux/bug.h> @@ -31,3 +33,5 @@ #ifndef dump_stack #define dump_stack() assert(0) #endif + +#endif /* __SHARED_H__ */ --- a/tools/testing/shared/shared.mk~tools-fix-shared-radix-tree-build +++ a/tools/testing/shared/shared.mk @@ -15,7 +15,9 @@ SHARED_DEPS = Makefile ../shared/shared. ../../../include/linux/maple_tree.h \ ../../../include/linux/radix-tree.h \ ../../../lib/radix-tree.h \ - ../../../include/linux/idr.h + ../../../include/linux/idr.h \ + ../../../lib/maple_tree.c \ + ../../../lib/test_maple_tree.c ifndef SHIFT SHIFT=3 --- a/tools/testing/shared/xarray-shared.h~tools-fix-shared-radix-tree-build +++ a/tools/testing/shared/xarray-shared.h @@ -1,4 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0+ */ +#ifndef __XARRAY_SHARED_H__ +#define __XARRAY_SHARED_H__ #define XA_DEBUG #include "shared.h" + +#endif /* __XARRAY_SHARED_H__ */ _ Patches currently in -mm which might be from lorenzo.stoakes(a)oracle.com are selftests-mm-add-pkey_sighandler_xx-hugetlb_dio-to-gitignore.patch mm-refactor-mm_access-to-not-return-null.patch mm-refactor-mm_access-to-not-return-null-fix.patch mm-madvise-unrestrict-process_madvise-for-current-process.patch

7 months, 1 week

1
0
0 0

[PATCH] NFSv4: fix a mount deadlock in NFS v4.1 client

by Oleksandr Tymoshenko

nfs41_init_clientid does not signal a failure condition from nfs4_proc_exchange_id and nfs4_proc_create_session to a client which may lead to mount syscall indefinitely blocked in the following stack trace: nfs_wait_client_init_complete nfs41_discover_server_trunking nfs4_discover_server_trunking nfs4_init_client nfs4_set_client nfs4_create_server nfs4_try_get_tree vfs_get_tree do_new_mount __se_sys_mount and the client stuck in uninitialized state. In addition to this all subsequent mount calls would also get blocked in nfs_match_client waiting for the uninitialized client to finish initialization: nfs_wait_client_init_complete nfs_match_client nfs_get_client nfs4_set_client nfs4_create_server nfs4_try_get_tree vfs_get_tree do_new_mount __se_sys_mount To avoid this situation propagate error condition to the mount thread and let mount syscall fail properly. Signed-off-by: Oleksandr Tymoshenko <ovt(a)google.com> --- fs/nfs/nfs4state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c index 877f682b45f2..54ad3440ad2b 100644 --- a/fs/nfs/nfs4state.c +++ b/fs/nfs/nfs4state.c @@ -335,8 +335,8 @@ int nfs41_init_clientid(struct nfs_client *clp, const struct cred *cred) if (!(clp->cl_exchange_flags & EXCHGID4_FLAG_CONFIRMED_R)) nfs4_state_start_reclaim_reboot(clp); nfs41_finish_session_reset(clp); - nfs_mark_client_ready(clp, NFS_CS_READY); out: + nfs_mark_client_ready(clp, status == 0 ? NFS_CS_READY : status); return status; } --- base-commit: ad618736883b8970f66af799e34007475fe33a68 change-id: 20240906-nfs-mount-deadlock-fix-55c14b38e088 Best regards, -- Oleksandr Tymoshenko <ovt(a)google.com>

7 months, 1 week

4
10
0 0

[tip: x86/urgent] x86/tdx: Fix "in-kernel MMIO" check

by tip-bot2 for Alexey Gladkov (Intel)

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: d4fc4d01471528da8a9797a065982e05090e1d81 Gitweb: https://git.kernel.org/tip/d4fc4d01471528da8a9797a065982e05090e1d81 Author: Alexey Gladkov (Intel) <legion(a)kernel.org> AuthorDate: Fri, 13 Sep 2024 19:05:56 +02:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Thu, 26 Sep 2024 09:45:04 -07:00 x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/565a804b80387970460a4ebc67c88d1380f61ad1.172623… --- arch/x86/coco/tdx/tdx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index da8b66d..327c45c 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -16,6 +16,7 @@ #include <asm/insn-eval.h> #include <asm/pgtable.h> #include <asm/set_memory.h> +#include <asm/traps.h> /* MMIO direction */ #define EPT_READ 0 @@ -433,6 +434,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!fault_in_kernel_space(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. *

7 months, 1 week

1
0
0 0

[PATCH] RISC-V: Fix building rust when using GCC toolchain

by Jason Montleon

Clang does not support '-mno-riscv-attribute' resulting in the error error: unknown argument: '-mno-riscv-attribute' Not setting BINDGEN_TARGET_riscv results in the in the error error: unsupported argument 'medany' to option '-mcmodel=' for target \ 'unknown' error: unknown target triple 'unknown' Signed-off-by: Jason Montleon <jmontleo(a)redhat.com> Cc: stable(a)vger.kernel.org --- rust/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/Makefile b/rust/Makefile index f168d2c98a15..73eceaaae61e 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -228,11 +228,12 @@ bindgen_skip_c_flags := -mno-fp-ret-in-387 -mpreferred-stack-boundary=% \ -fzero-call-used-regs=% -fno-stack-clash-protection \ -fno-inline-functions-called-once -fsanitize=bounds-strict \ -fstrict-flex-arrays=% -fmin-function-alignment=% \ - --param=% --param asan-% + --param=% --param asan-% -mno-riscv-attribute # Derived from `scripts/Makefile.clang`. BINDGEN_TARGET_x86 := x86_64-linux-gnu BINDGEN_TARGET_arm64 := aarch64-linux-gnu +BINDGEN_TARGET_riscv := riscv64-linux-gnu BINDGEN_TARGET := $(BINDGEN_TARGET_$(SRCARCH)) # All warnings are inhibited since GCC builds are very experimental, base-commit: ad060dbbcfcfcba624ef1a75e1d71365a98b86d8 -- 2.46.0

7 months, 1 week

4
9
0 0

[PATCH 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 130 ++++++++++++++++ drivers/media/i2c/ov08x40.c | 172 ++++++++++++++++++--- 2 files changed, 283 insertions(+), 19 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

7 months, 1 week

1
1
0 0

[PATCH v2] btrfs: drop the backref cache during relocation if we commit

by Josef Bacik

Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COW'ed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") Cc: stable(a)vger.kernel.org Reviewed-by: Boris Burkov <boris(a)bur.io> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- fs/btrfs/backref.c | 12 ++++--- fs/btrfs/relocation.c | 75 ++----------------------------------------- 2 files changed, 11 insertions(+), 76 deletions(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..cf1dfeaaf2d8 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,11 +3631,9 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; - } + if (rc->backref_cache.last_trans != trans->transid) + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; ret = find_next_extent(rc, path, &key); if (ret < 0) -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH] btrfs: drop the backref cache during relocation if we commit

by Josef Bacik

Since the inception of relocation we have maintained the backref cache across transaction commits, updating the backref cache with the new bytenr whenever we COW'ed blocks that were in the cache, and then updating their bytenr once we detected a transaction id change. This works as long as we're only ever modifying blocks, not changing the structure of the tree. However relocation does in fact change the structure of the tree. For example, if we are relocating a data extent, we will look up all the leaves that point to this data extent. We will then call do_relocation() on each of these leaves, which will COW down to the leaf and then update the file extent location. But, a key feature of do_relocation is the pending list. This is all the pending nodes that we modified when we updated the file extent item. We will then process all of these blocks via finish_pending_nodes, which calls do_relocation() on all of the nodes that led up to that leaf. The purpose of this is to make sure we don't break sharing unless we absolutely have to. Consider the case that we have 3 snapshots that all point to this leaf through the same nodes, the initial COW would have created a whole new path. If we did this for all 3 snapshots we would end up with 3x the number of nodes we had originally. To avoid this we will cycle through each of the snapshots that point to each of these nodes and update their pointers to point at the new nodes. Once we update the pointer to the new node we will drop the node we removed the link for and all of its children via btrfs_drop_subtree(). This is essentially just btrfs_drop_snapshot(), but for an arbitrary point in the snapshot. The problem with this is that we will never reflect this in the backref cache. If we do this btrfs_drop_snapshot() for a node that is in the backref tree, we will leave the node in the backref tree. This becomes a problem when we change the transid, as now the backref cache has entire subtrees that no longer exist, but exist as if they still are pointed to by the same roots. In the best case scenario you end up with "adding refs to an existing tree ref" errors from insert_inline_extent_backref(), where we attempt to link in nodes on roots that are no longer valid. Worst case you will double free some random block and re-use it when there's still references to the block. This is extremely subtle, and the consequences are quite bad. There isn't a way to make sure our backref cache is consistent between transid's. In order to fix this we need to simply evict the entire backref cache anytime we cross transid's. This reduces performance in that we have to rebuild this backref cache every time we change transid's, but fixes the bug. This has existed since relocation was added, and is a pretty critical bug. There's a lot more cleanup that can be done now that this functionality is going away, but this patch is as small as possible in order to fix the problem and make it easy for us to backport it to all the kernels it needs to be backported to. Followup series will dismantle more of this code and simplify relocation drastically to remove this functionality. We have a reproducer that reproduced the corruption within a few minutes of running. With this patch it survives several iterations/hours of running the reproducer. Fixes: 3fd0a5585eb9 ("Btrfs: Metadata ENOSPC handling for balance") Cc: stable(a)vger.kernel.org Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> --- fs/btrfs/backref.c | 12 ++++--- fs/btrfs/relocation.c | 76 +++---------------------------------------- 2 files changed, 13 insertions(+), 75 deletions(-) diff --git a/fs/btrfs/backref.c b/fs/btrfs/backref.c index e2f478ecd7fd..f8e1d5b2c512 100644 --- a/fs/btrfs/backref.c +++ b/fs/btrfs/backref.c @@ -3179,10 +3179,14 @@ void btrfs_backref_release_cache(struct btrfs_backref_cache *cache) btrfs_backref_cleanup_node(cache, node); } - cache->last_trans = 0; - - for (i = 0; i < BTRFS_MAX_LEVEL; i++) - ASSERT(list_empty(&cache->pending[i])); + for (i = 0; i < BTRFS_MAX_LEVEL; i++) { + while (!list_empty(&cache->pending[i])) { + node = list_first_entry(&cache->pending[i], + struct btrfs_backref_node, + list); + btrfs_backref_cleanup_node(cache, node); + } + } ASSERT(list_empty(&cache->pending_edge)); ASSERT(list_empty(&cache->useless_node)); ASSERT(list_empty(&cache->changed)); diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index ea4ed85919ec..aaa9cac213f1 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -232,70 +232,6 @@ static struct btrfs_backref_node *walk_down_backref( return NULL; } -static void update_backref_node(struct btrfs_backref_cache *cache, - struct btrfs_backref_node *node, u64 bytenr) -{ - struct rb_node *rb_node; - rb_erase(&node->rb_node, &cache->rb_root); - node->bytenr = bytenr; - rb_node = rb_simple_insert(&cache->rb_root, node->bytenr, &node->rb_node); - if (rb_node) - btrfs_backref_panic(cache->fs_info, bytenr, -EEXIST); -} - -/* - * update backref cache after a transaction commit - */ -static int update_backref_cache(struct btrfs_trans_handle *trans, - struct btrfs_backref_cache *cache) -{ - struct btrfs_backref_node *node; - int level = 0; - - if (cache->last_trans == 0) { - cache->last_trans = trans->transid; - return 0; - } - - if (cache->last_trans == trans->transid) - return 0; - - /* - * detached nodes are used to avoid unnecessary backref - * lookup. transaction commit changes the extent tree. - * so the detached nodes are no longer useful. - */ - while (!list_empty(&cache->detached)) { - node = list_entry(cache->detached.next, - struct btrfs_backref_node, list); - btrfs_backref_cleanup_node(cache, node); - } - - while (!list_empty(&cache->changed)) { - node = list_entry(cache->changed.next, - struct btrfs_backref_node, list); - list_del_init(&node->list); - BUG_ON(node->pending); - update_backref_node(cache, node, node->new_bytenr); - } - - /* - * some nodes can be left in the pending list if there were - * errors during processing the pending nodes. - */ - for (level = 0; level < BTRFS_MAX_LEVEL; level++) { - list_for_each_entry(node, &cache->pending[level], list) { - BUG_ON(!node->pending); - if (node->bytenr == node->new_bytenr) - continue; - update_backref_node(cache, node, node->new_bytenr); - } - } - - cache->last_trans = 0; - return 1; -} - static bool reloc_root_is_dead(const struct btrfs_root *root) { /* @@ -551,9 +487,6 @@ static int clone_backref_node(struct btrfs_trans_handle *trans, struct btrfs_backref_edge *new_edge; struct rb_node *rb_node; - if (cache->last_trans > 0) - update_backref_cache(trans, cache); - rb_node = rb_simple_search(&cache->rb_root, src->commit_root->start); if (rb_node) { node = rb_entry(rb_node, struct btrfs_backref_node, rb_node); @@ -3698,10 +3631,11 @@ static noinline_for_stack int relocate_block_group(struct reloc_control *rc) break; } restart: - if (update_backref_cache(trans, &rc->backref_cache)) { - btrfs_end_transaction(trans); - trans = NULL; - continue; + if (rc->backref_cache.last_trans == 0) { + rc->backref_cache.last_trans = trans->transid; + } else if (rc->backref_cache.last_trans != trans->transid) { + btrfs_backref_release_cache(&rc->backref_cache); + rc->backref_cache.last_trans = trans->transid; } ret = find_next_extent(rc, path, &key); -- 2.43.0

7 months, 1 week

2
5
0 0

[PATCH 6.1] mm/memory_hotplug: prevent accessing by index=-1

by Mikhail Lobanov

From: Anastasia Belova <abelova(a)astralinux.ru> commit 5958d35917e1296f46dfc8b8c959732efd6d8d5d upstream. nid may be equal to NUMA_NO_NODE=-1. Prevent accessing node_data array by invalid index with check for nid. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: e83a437faa62 ("mm/memory_hotplug: introduce "auto-movable" online policy") Signed-off-by: Anastasia Belova <abelova(a)astralinux.ru> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Oscar Salvador <osalvador(a)suse.de> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosalinux.ru> --- mm/memory_hotplug.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index dc17618bad8b..90f0cc9a298a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -783,7 +783,6 @@ static bool auto_movable_can_online_movable(int nid, struct memory_group *group, unsigned long kernel_early_pages, movable_pages; struct auto_movable_group_stats group_stats = {}; struct auto_movable_stats stats = {}; - pg_data_t *pgdat = NODE_DATA(nid); struct zone *zone; int i; @@ -794,6 +793,8 @@ static bool auto_movable_can_online_movable(int nid, struct memory_group *group, auto_movable_stats_account_zone(&stats, zone); } else { for (i = 0; i < MAX_NR_ZONES; i++) { + pg_data_t *pgdat = NODE_DATA(nid); + zone = pgdat->node_zones + i; if (populated_zone(zone)) auto_movable_stats_account_zone(&stats, zone); -- 2.43.0

7 months, 1 week

1
0
0 0

[PATCH 0/4] binder: several fixes for frozen notification

by Carlos Llamas

These are all fixes for the frozen notification patch [1], which as of today hasn't landed in mainline yet. As such, this patchset is rebased on top of the char-misc-next branch. [1] https://lore.kernel.org/all/20240709070047.4055369-2-yutingtseng@google.com/ Cc: stable(a)vger.kernel.org Cc: Yu-Ting Tseng <yutingtseng(a)google.com> Cc: Alice Ryhl <aliceryhl(a)google.com> Cc: Todd Kjos <tkjos(a)google.com> Cc: Martijn Coenen <maco(a)google.com> Cc: Arve Hjønnevåg <arve(a)android.com> Cc: Viktor Martensson <vmartensson(a)google.com> Carlos Llamas (4): binder: fix node UAF in binder_add_freeze_work() binder: fix OOB in binder_add_freeze_work() binder: fix freeze UAF in binder_release_work() binder: fix BINDER_WORK_FROZEN_BINDER debug logs drivers/android/binder.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) -- 2.46.0.792.g87dc391469-goog

7 months, 1 week

4
20
0 0

[PATCH v6.6] nvme-pci: qdepth 1 quirk

by Gagniuc, Alexandru

Please consider adding the following commit to v6.6: 83bdfcbdbe5d ("nvme-pci: qdepth 1 quirk") This resolves filesystem corruption and random drive drop-outs on machines with O2micro NVME drives, including a number of HP Thinclients. Alex

7 months, 1 week

1
0
0 0

[PATCH 5.15] Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex"

by Fedor Pchelkin

This reverts commit 89795eeba6d13b5ba432425dd43c34c66f2cebde. The reverted commit is based on implementation of wiphy locking that isn't planned to redo on a stable kernel, so revert it to avoid warnings in different parts of wireless stack where wdev_lock() is held, like: WARNING: CPU: 0 PID: 4296 at net/wireless/core.h:220 cfg80211_is_all_idle net/wireless/sme.c:662 [inline] WARNING: CPU: 0 PID: 4296 at net/wireless/core.h:220 disconnect_work+0x236/0x320 net/wireless/sme.c:676 Modules linked in: CPU: 0 PID: 4296 Comm: kworker/0:4 Not tainted 5.15.166-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: events disconnect_work RIP: 0010:wdev_lock net/wireless/core.h:220 [inline] Call Trace: <TASK> process_one_work+0x8a1/0x10c0 kernel/workqueue.c:2310 worker_thread+0xaca/0x1280 kernel/workqueue.c:2457 kthread+0x3f6/0x4f0 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- net/wireless/core.h | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/net/wireless/core.h b/net/wireless/core.h index be186b5a15f3..1720abf36f92 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -217,7 +217,6 @@ void cfg80211_register_wdev(struct cfg80211_registered_device *rdev, static inline void wdev_lock(struct wireless_dev *wdev) __acquires(wdev) { - lockdep_assert_held(&wdev->wiphy->mtx); mutex_lock(&wdev->mtx); __acquire(wdev->mtx); } @@ -225,16 +224,11 @@ static inline void wdev_lock(struct wireless_dev *wdev) static inline void wdev_unlock(struct wireless_dev *wdev) __releases(wdev) { - lockdep_assert_held(&wdev->wiphy->mtx); __release(wdev->mtx); mutex_unlock(&wdev->mtx); } -static inline void ASSERT_WDEV_LOCK(struct wireless_dev *wdev) -{ - lockdep_assert_held(&wdev->wiphy->mtx); - lockdep_assert_held(&wdev->mtx); -} +#define ASSERT_WDEV_LOCK(wdev) lockdep_assert_held(&(wdev)->mtx) static inline bool cfg80211_has_monitors_only(struct cfg80211_registered_device *rdev) { -- 2.39.5

7 months, 1 week

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror