- Linux-stable-mirror - lists.linaro.org

+ mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: fix potensial buffer overflow in setup_clusters() has been added to the -mm mm-new branch. Its filename is mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: fix potensial buffer overflow in setup_clusters() Date: Thu, 22 May 2025 20:25:53 +0800 In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters() will encounter a buffer overflow when a badpage is >= maxpages. Only call inc_cluster_info_page() for badpage which is < maxpages to fix the issue. Link: https://lkml.kernel.org/r/20250522122554.12209-4-shikemeng@huaweicloud.com Fixes: b843786b0bd01 ("mm: swapfile: fix SSD detection with swapfile on btrfs") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kairui Song <kasong(a)tencent.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) --- a/mm/swapfile.c~mm-swap-fix-potensial-buffer-overflow-in-setup_clusters +++ a/mm/swapfile.c @@ -3208,9 +3208,13 @@ static struct swap_cluster_info *setup_c * and the EOF part of the last cluster. */ inc_cluster_info_page(si, cluster_info, 0); - for (i = 0; i < swap_header->info.nr_badpages; i++) - inc_cluster_info_page(si, cluster_info, - swap_header->info.badpages[i]); + for (i = 0; i < swap_header->info.nr_badpages; i++) { + unsigned int page_nr = swap_header->info.badpages[i]; + + if (page_nr >= maxpages) + continue; + inc_cluster_info_page(si, cluster_info, page_nr); + } for (i = maxpages; i < round_up(maxpages, SWAPFILE_CLUSTER); i++) inc_cluster_info_page(si, cluster_info, i); _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

3 weeks, 5 days

1
0
0 0

+ mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: correctly use maxpages in swapon syscall to avoid potensial deadloop has been added to the -mm mm-new branch. Its filename is mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: correctly use maxpages in swapon syscall to avoid potensial deadloop Date: Thu, 22 May 2025 20:25:52 +0800 We use maxpages from read_swap_header() to initialize swap_info_struct, however the maxpages might be reduced in setup_swap_extents() and the si->max is assigned with the reduced maxpages from the setup_swap_extents(). Obviously, this could lead to memory waste as we allocated memory based on larger maxpages, besides, this could lead to a potensial deadloop as following: 1) When calling setup_clusters() with larger maxpages, unavailable pages within range [si->max, larger maxpages) are not accounted with inc_cluster_info_page(). As a result, these pages are assumed available but can not be allocated. The cluster contains these pages can be moved to frag_clusters list after it's all available pages were allocated. 2) When the cluster mentioned in 1) is the only cluster in frag_clusters list, cluster_alloc_swap_entry() assume order 0 allocation will never failed and will enter a deadloop by keep trying to allocate page from the only cluster in frag_clusters which contains no actually available page. Call setup_swap_extents() to get the final maxpages before swap_info_struct initialization to fix the issue. Link: https://lkml.kernel.org/r/20250522122554.12209-3-shikemeng@huaweicloud.com Fixes: 661383c6111a3 ("mm: swap: relaim the cached parts that got scanned") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: <stable(a)vger.kernel.org> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Kairui Song <kasong(a)tencent.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 47 ++++++++++++++++++++--------------------------- 1 file changed, 20 insertions(+), 27 deletions(-) --- a/mm/swapfile.c~mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop +++ a/mm/swapfile.c @@ -3141,43 +3141,30 @@ static unsigned long read_swap_header(st return maxpages; } -static int setup_swap_map_and_extents(struct swap_info_struct *si, - union swap_header *swap_header, - unsigned char *swap_map, - unsigned long maxpages, - sector_t *span) +static int setup_swap_map(struct swap_info_struct *si, + union swap_header *swap_header, + unsigned char *swap_map, + unsigned long maxpages) { - unsigned int nr_good_pages; unsigned long i; - int nr_extents; - - nr_good_pages = maxpages - 1; /* omit header page */ + swap_map[0] = SWAP_MAP_BAD; /* omit header page */ for (i = 0; i < swap_header->info.nr_badpages; i++) { unsigned int page_nr = swap_header->info.badpages[i]; if (page_nr == 0 || page_nr > swap_header->info.last_page) return -EINVAL; if (page_nr < maxpages) { swap_map[page_nr] = SWAP_MAP_BAD; - nr_good_pages--; + si->pages--; } } - if (nr_good_pages) { - swap_map[0] = SWAP_MAP_BAD; - si->max = maxpages; - si->pages = nr_good_pages; - nr_extents = setup_swap_extents(si, span); - if (nr_extents < 0) - return nr_extents; - nr_good_pages = si->pages; - } - if (!nr_good_pages) { + if (!si->pages) { pr_warn("Empty swap-file\n"); return -EINVAL; } - return nr_extents; + return 0; } #define SWAP_CLUSTER_INFO_COLS \ @@ -3217,7 +3204,7 @@ static struct swap_cluster_info *setup_c * Mark unusable pages as unavailable. The clusters aren't * marked free yet, so no list operations are involved yet. * - * See setup_swap_map_and_extents(): header page, bad pages, + * See setup_swap_map(): header page, bad pages, * and the EOF part of the last cluster. */ inc_cluster_info_page(si, cluster_info, 0); @@ -3354,6 +3341,15 @@ SYSCALL_DEFINE2(swapon, const char __use goto bad_swap_unlock_inode; } + si->max = maxpages; + si->pages = maxpages - 1; + nr_extents = setup_swap_extents(si, &span); + if (nr_extents < 0) { + error = nr_extents; + goto bad_swap_unlock_inode; + } + maxpages = si->max; + /* OK, set up the swap map and apply the bad block list */ swap_map = vzalloc(maxpages); if (!swap_map) { @@ -3365,12 +3361,9 @@ SYSCALL_DEFINE2(swapon, const char __use if (error) goto bad_swap_unlock_inode; - nr_extents = setup_swap_map_and_extents(si, swap_header, swap_map, - maxpages, &span); - if (unlikely(nr_extents < 0)) { - error = nr_extents; + error = setup_swap_map(si, swap_header, swap_map, maxpages); + if (error) goto bad_swap_unlock_inode; - } /* * Use kvmalloc_array instead of bitmap_zalloc as the allocation order might _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

3 weeks, 5 days

1
0
0 0

+ mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc() has been added to the -mm mm-new branch. Its filename is mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kemeng Shi <shikemeng(a)huaweicloud.com> Subject: mm: swap: move nr_swap_pages counter decrement from folio_alloc_swap() to swap_range_alloc() Date: Thu, 22 May 2025 20:25:51 +0800 Patch series "Some randome fixes and cleanups to swapfile". Patch 0-3 are some random fixes. Patch 4 is a cleanup. More details can be found in respective patches. This patch (of 4): When folio_alloc_swap() encounters a failure in either mem_cgroup_try_charge_swap() or add_to_swap_cache(), nr_swap_pages counter is not decremented for allocated entry. However, the following put_swap_folio() will increase nr_swap_pages counter unpairly and lead to an imbalance. Move nr_swap_pages decrement from folio_alloc_swap() to swap_range_alloc() to pair the nr_swap_pages counting. Link: https://lkml.kernel.org/r/20250522122554.12209-1-shikemeng@huaweicloud.com Link: https://lkml.kernel.org/r/20250522122554.12209-2-shikemeng@huaweicloud.com Fixes: 0ff67f990bd45 ("mm, swap: remove swap slot cache") Signed-off-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Reviewed-by: Kairui Song <kasong(a)tencent.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swapfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/swapfile.c~mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc +++ a/mm/swapfile.c @@ -1115,6 +1115,7 @@ static void swap_range_alloc(struct swap if (vm_swap_full()) schedule_work(&si->reclaim_work); } + atomic_long_sub(nr_entries, &nr_swap_pages); } static void swap_range_free(struct swap_info_struct *si, unsigned long offset, @@ -1313,7 +1314,6 @@ int folio_alloc_swap(struct folio *folio if (add_to_swap_cache(folio, entry, gfp | __GFP_NOMEMALLOC, NULL)) goto out_free; - atomic_long_sub(size, &nr_swap_pages); return 0; out_free: _ Patches currently in -mm which might be from shikemeng(a)huaweicloud.com are mm-shmem-avoid-unpaired-folio_unlock-in-shmem_swapin_folio.patch mm-shmem-add-missing-shmem_unacct_size-in-__shmem_file_setup.patch mm-shmem-fix-potential-dead-loop-in-shmem_unuse.patch mm-shmem-only-remove-inode-from-swaplist-when-its-swapped-page-count-is-0.patch mm-shmem-remove-unneeded-xa_is_value-check-in-shmem_unuse_swap_entries.patch mm-swap-move-nr_swap_pages-counter-decrement-from-folio_alloc_swap-to-swap_range_alloc.patch mm-swap-correctly-use-maxpages-in-swapon-syscall-to-avoid-potensial-deadloop.patch mm-swap-fix-potensial-buffer-overflow-in-setup_clusters.patch mm-swap-remove-stale-comment-stale-comment-in-cluster_alloc_swap_entry.patch

3 weeks, 5 days

1
0
0 0

Re: Patch "btrfs: prevent inline data extents read from touching blocks beyond its range" has been added to the 6.14-stable tree

by Qu Wenruo

在 2025/5/23 06:35, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: prevent inline data extents read from touching blocks beyond its range > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-prevent-inline-data-extents-read-from-touching.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch. This is again a preparation patch for larger folios support of btrfs, and the optimization to dirty a block without reading the full page. This patch alone doesn't cause any difference for older kernels and should not be backported. Thanks, Qu > > > > commit 6a2d904623a8d1711b6b5065845d52cb3f2be60a > Author: Qu Wenruo <wqu(a)suse.com> > Date: Fri Nov 15 19:15:34 2024 +1030 > > btrfs: prevent inline data extents read from touching blocks beyond its range > > [ Upstream commit 1a5b5668d711d3d1ef447446beab920826decec3 ] > > Currently reading an inline data extent will zero out the remaining > range in the page. > > This is not yet causing problems even for block size < page size > (subpage) cases because: > > 1) An inline data extent always starts at file offset 0 > Meaning at page read, we always read the inline extent first, before > any other blocks in the page. Then later blocks are properly read out > and re-fill the zeroed out ranges. > > 2) Currently btrfs will read out the whole page if a buffered write is > not page aligned > So a page is either fully uptodate at buffered write time (covers the > whole page), or we will read out the whole page first. > Meaning there is nothing to lose for such an inline extent read. > > But it's still not ideal: > > - We're zeroing out the page twice > Once done by read_inline_extent()/uncompress_inline(), once done by > btrfs_do_readpage() for ranges beyond i_size. > > - We're touching blocks that don't belong to the inline extent > In the incoming patches, we can have a partial uptodate folio, of > which some dirty blocks can exist while the page is not fully uptodate: > > The page size is 16K and block size is 4K: > > 0 4K 8K 12K 16K > | | |/////////| | > > And range [8K, 12K) is dirtied by a buffered write, the remaining > blocks are not uptodate. > > If range [0, 4K) contains an inline data extent, and we try to read > the whole page, the current behavior will overwrite range [8K, 12K) > with zero and cause data loss. > > So to make the behavior more consistent and in preparation for future > changes, limit the inline data extents read to only zero out the range > inside the first block, not the whole page. > > Reviewed-by: Filipe Manana <fdmanana(a)suse.com> > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index 9a648fb130230..a7136311a13c6 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -6779,6 +6779,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > { > int ret; > struct extent_buffer *leaf = path->nodes[0]; > + const u32 blocksize = leaf->fs_info->sectorsize; > char *tmp; > size_t max_size; > unsigned long inline_size; > @@ -6795,7 +6796,7 @@ static noinline int uncompress_inline(struct btrfs_path *path, > > read_extent_buffer(leaf, tmp, ptr, inline_size); > > - max_size = min_t(unsigned long, PAGE_SIZE, max_size); > + max_size = min_t(unsigned long, blocksize, max_size); > ret = btrfs_decompress(compress_type, tmp, folio, 0, inline_size, > max_size); > > @@ -6807,14 +6808,15 @@ static noinline int uncompress_inline(struct btrfs_path *path, > * cover that region here. > */ > > - if (max_size < PAGE_SIZE) > - folio_zero_range(folio, max_size, PAGE_SIZE - max_size); > + if (max_size < blocksize) > + folio_zero_range(folio, max_size, blocksize - max_size); > kfree(tmp); > return ret; > } > > static int read_inline_extent(struct btrfs_path *path, struct folio *folio) > { > + const u32 blocksize = path->nodes[0]->fs_info->sectorsize; > struct btrfs_file_extent_item *fi; > void *kaddr; > size_t copy_size; > @@ -6829,14 +6831,14 @@ static int read_inline_extent(struct btrfs_path *path, struct folio *folio) > if (btrfs_file_extent_compression(path->nodes[0], fi) != BTRFS_COMPRESS_NONE) > return uncompress_inline(path, folio, fi); > > - copy_size = min_t(u64, PAGE_SIZE, > + copy_size = min_t(u64, blocksize, > btrfs_file_extent_ram_bytes(path->nodes[0], fi)); > kaddr = kmap_local_folio(folio, 0); > read_extent_buffer(path->nodes[0], kaddr, > btrfs_file_extent_inline_start(fi), copy_size); > kunmap_local(kaddr); > - if (copy_size < PAGE_SIZE) > - folio_zero_range(folio, copy_size, PAGE_SIZE - copy_size); > + if (copy_size < blocksize) > + folio_zero_range(folio, copy_size, blocksize - copy_size); > return 0; > } >

3 weeks, 5 days

1
0
0 0

Re: Patch "btrfs: properly limit inline data extent according to block size" has been added to the 6.14-stable tree

by Qu Wenruo

在 2025/5/23 06:35, Sasha Levin 写道: > This is a note to let you know that I've just added the patch titled > > btrfs: properly limit inline data extent according to block size > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > btrfs-properly-limit-inline-data-extent-according-to.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this patch. This is mostly for the incoming large folios support for btrfs. For older kernels this patch will not cause any behavior change. Thanks, Qu> > > > commit ec02842137bdccb74ed331a1b0a335ee22eb179c > Author: Qu Wenruo <wqu(a)suse.com> > Date: Tue Feb 25 14:30:44 2025 +1030 > > btrfs: properly limit inline data extent according to block size > > [ Upstream commit 23019d3e6617a8ec99a8d2f5947aa3dd8a74a1b8 ] > > Btrfs utilizes inline data extent for the following cases: > > - Regular small files > - Symlinks > > And "btrfs check" detects any file extents that are too large as an > error. > > It's not a problem for 4K block size, but for the incoming smaller > block sizes (2K), it can cause problems due to bad limits: > > - Non-compressed inline data extents > We do not allow a non-compressed inline data extent to be as large as > block size. > > - Symlinks > Currently the only real limit on symlinks are 4K, which can be larger > than 2K block size. > > These will result btrfs-check to report too large file extents. > > Fix it by adding proper size checks for the above cases. > > Signed-off-by: Qu Wenruo <wqu(a)suse.com> > Reviewed-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: David Sterba <dsterba(a)suse.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c > index a06fca7934d55..9a648fb130230 100644 > --- a/fs/btrfs/inode.c > +++ b/fs/btrfs/inode.c > @@ -583,6 +583,10 @@ static bool can_cow_file_range_inline(struct btrfs_inode *inode, > if (size > fs_info->sectorsize) > return false; > > + /* We do not allow a non-compressed extent to be as large as block size. */ > + if (data_len >= fs_info->sectorsize) > + return false; > + > /* We cannot exceed the maximum inline data size. */ > if (data_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) > return false; > @@ -8671,7 +8675,12 @@ static int btrfs_symlink(struct mnt_idmap *idmap, struct inode *dir, > struct extent_buffer *leaf; > > name_len = strlen(symname); > - if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info)) > + /* > + * Symlinks utilize uncompressed inline extent data, which should not > + * reach block size. > + */ > + if (name_len > BTRFS_MAX_INLINE_DATA_SIZE(fs_info) || > + name_len >= fs_info->sectorsize) > return -ENAMETOOLONG; > > inode = new_inode(dir->i_sb);

3 weeks, 5 days

1
0
0 0

[PATCH v1] Revert "usb: xhci: Implement xhci_handshake_check_state() helper"

by Roy Luo

This reverts commit 6ccb83d6c4972ebe6ae49de5eba051de3638362c. Commit 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") was introduced to workaround watchdog timeout issues on some platforms, allowing xhci_reset() to bail out early without waiting for the reset to complete. Skipping the xhci handshake during a reset is a dangerous move. The xhci specification explicitly states that certain registers cannot be accessed during reset in section 5.4.1 USB Command Register (USBCMD), Host Controller Reset (HCRST) field: "This bit is cleared to '0' by the Host Controller when the reset process is complete. Software cannot terminate the reset process early by writinga '0' to this bit and shall not write any xHC Operational or Runtime registers until while HCRST is '1'." This behavior causes a regression on SNPS DWC3 USB controller with dual-role capability. When the DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then tries to configure its hardware for device mode, the ongoing reset leads to register access issues; specifically, all register reads returns 0. These issues extend beyond the xhci register space (which is expected during a reset) and affect the entire DWC3 IP block, causing the DWC3 device mode to malfunction. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Signed-off-by: Roy Luo <royluo(a)google.com> --- Changes in v1: - Link to previous patchset: https://lore.kernel.org/r/20250515185227.1507363-1-royluo@google.com/ --- drivers/usb/host/xhci-ring.c | 5 ++--- drivers/usb/host/xhci.c | 26 +------------------------- drivers/usb/host/xhci.h | 2 -- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 423bf3649570..b720e04ce7d8 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -518,9 +518,8 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags) * In the future we should distinguish between -ENODEV and -ETIMEDOUT * and try to recover a -ETIMEDOUT with a host controller reset. */ - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->cmd_ring, - CMD_RING_RUNNING, 0, 5 * 1000 * 1000, - XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->cmd_ring, + CMD_RING_RUNNING, 0, 5 * 1000 * 1000); if (ret < 0) { xhci_err(xhci, "Abort failed to stop command ring: %d\n", ret); xhci_halt(xhci); diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..472c4b6ae59e 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -83,29 +83,6 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) return ret; } -/* - * xhci_handshake_check_state - same as xhci_handshake but takes an additional - * exit_state parameter, and bails out with an error immediately when xhc_state - * has exit_state flag set. - */ -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state) -{ - u32 result; - int ret; - - ret = readl_poll_timeout_atomic(ptr, result, - (result & mask) == done || - result == U32_MAX || - xhci->xhc_state & exit_state, - 1, usec); - - if (result == U32_MAX || xhci->xhc_state & exit_state) - return -ENODEV; - - return ret; -} - /* * Disable interrupts and begin the xHCI halting process. */ @@ -226,8 +203,7 @@ int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->command, - CMD_RESET, 0, timeout_us, XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 242ab9fbc8ae..5e698561b96d 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1855,8 +1855,6 @@ void xhci_remove_secondary_interrupter(struct usb_hcd /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); base-commit: 172a9d94339cea832d89630b89d314e41d622bd8 -- 2.49.0.1112.g889b7c5bd8-goog

3 weeks, 5 days

5
8
0 0

[PATCH v1 2/2] Revert "usb: xhci: Implement xhci_handshake_check_state() helper"

by Roy Luo

This reverts commit 6ccb83d6c4972ebe6ae49de5eba051de3638362c. Commit 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") was introduced to workaround watchdog timeout issues on some platforms, allowing xhci_reset() to bail out early without waiting for the reset to complete. Skipping the xhci handshake during a reset is a dangerous move. The xhci specification explicitly states that certain registers cannot be accessed during reset in section 5.4.1 USB Command Register (USBCMD), Host Controller Reset (HCRST) field: "This bit is cleared to '0' by the Host Controller when the reset process is complete. Software cannot terminate the reset process early by writinga '0' to this bit and shall not write any xHC Operational or Runtime registers until while HCRST is '1'." This behavior causes a regression on SNPS DWC3 USB controller with dual-role capability. When the DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then tries to configure its hardware for device mode, the ongoing reset leads to register access issues; specifically, all register reads returns 0. These issues extend beyond the xhci register space (which is expected during a reset) and affect the entire DWC3 IP block, causing the DWC3 device mode to malfunction. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci-ring.c | 5 ++--- drivers/usb/host/xhci.c | 26 +------------------------- drivers/usb/host/xhci.h | 2 -- 3 files changed, 3 insertions(+), 30 deletions(-) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 423bf3649570..b720e04ce7d8 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -518,9 +518,8 @@ static int xhci_abort_cmd_ring(struct xhci_hcd *xhci, unsigned long flags) * In the future we should distinguish between -ENODEV and -ETIMEDOUT * and try to recover a -ETIMEDOUT with a host controller reset. */ - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->cmd_ring, - CMD_RING_RUNNING, 0, 5 * 1000 * 1000, - XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->cmd_ring, + CMD_RING_RUNNING, 0, 5 * 1000 * 1000); if (ret < 0) { xhci_err(xhci, "Abort failed to stop command ring: %d\n", ret); xhci_halt(xhci); diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 244b12eafd95..cb9f35acb1f9 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -83,29 +83,6 @@ int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us) return ret; } -/* - * xhci_handshake_check_state - same as xhci_handshake but takes an additional - * exit_state parameter, and bails out with an error immediately when xhc_state - * has exit_state flag set. - */ -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state) -{ - u32 result; - int ret; - - ret = readl_poll_timeout_atomic(ptr, result, - (result & mask) == done || - result == U32_MAX || - xhci->xhc_state & exit_state, - 1, usec); - - if (result == U32_MAX || xhci->xhc_state & exit_state) - return -ENODEV; - - return ret; -} - /* * Disable interrupts and begin the xHCI halting process. */ @@ -226,8 +203,7 @@ int xhci_reset(struct xhci_hcd *xhci, u64 timeout_us) if (xhci->quirks & XHCI_INTEL_HOST) udelay(1000); - ret = xhci_handshake_check_state(xhci, &xhci->op_regs->command, - CMD_RESET, 0, timeout_us, XHCI_STATE_REMOVING); + ret = xhci_handshake(&xhci->op_regs->command, CMD_RESET, 0, timeout_us); if (ret) return ret; diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h index 242ab9fbc8ae..5e698561b96d 100644 --- a/drivers/usb/host/xhci.h +++ b/drivers/usb/host/xhci.h @@ -1855,8 +1855,6 @@ void xhci_remove_secondary_interrupter(struct usb_hcd /* xHCI host controller glue */ typedef void (*xhci_get_quirks_t)(struct device *, struct xhci_hcd *); int xhci_handshake(void __iomem *ptr, u32 mask, u32 done, u64 timeout_us); -int xhci_handshake_check_state(struct xhci_hcd *xhci, void __iomem *ptr, - u32 mask, u32 done, int usec, unsigned int exit_state); void xhci_quiesce(struct xhci_hcd *xhci); int xhci_halt(struct xhci_hcd *xhci); int xhci_start(struct xhci_hcd *xhci); -- 2.49.0.1204.g71687c7c1d-goog

3 weeks, 5 days

1
0
0 0

[PATCH v3] net/mlx5: Add error handling in mlx5_query_nic_vport_node_guid()

by Wentao Liang

The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Target: net Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v3: Explicitly mention target branch. Change improper code. v2: Remove redundant reassignment. Fix typo error. drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..66e44905c1f0 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int err; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (err) + goto out; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +out: kvfree(out); - return 0; + return err; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid); -- 2.42.0.windows.2

3 weeks, 5 days

3
2
0 0

[PATCH] remoteproc: mediatek: Add SCP watchdog handler in IRQ processing

by Wentao Liang

In mt8195_scp_c1_irq_handler(), only the IPC interrupt bit (MT8192_SCP_IPC_INT_BIT) was checked., but does not handle when this bit is not set. This could lead to unhandled watchdog events. This could lead to unhandled watchdog events. A proper implementation can be found in mt8183_scp_irq_handler(). Add a new branch to handle SCP watchdog events when the IPC interrupt bit is not set. Fixes: 6a1c9aaf04eb ("remoteproc: mediatek: Add MT8195 SCP core 1 operations") Cc: stable(a)vger.kernel.org # v6.7 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/remoteproc/mtk_scp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/remoteproc/mtk_scp.c b/drivers/remoteproc/mtk_scp.c index 0f4a7065d0bd..316e8c98a503 100644 --- a/drivers/remoteproc/mtk_scp.c +++ b/drivers/remoteproc/mtk_scp.c @@ -273,6 +273,8 @@ static void mt8195_scp_c1_irq_handler(struct mtk_scp *scp) if (scp_to_host & MT8192_SCP_IPC_INT_BIT) scp_ipi_handler(scp); + else + scp_wdt_handler(scp, scp_to_host); writel(scp_to_host, scp->cluster->reg_base + MT8195_SSHUB2APMCU_IPC_CLR); } -- 2.42.0.windows.2

3 weeks, 5 days

3
2
0 0

[PATCH v6 6/7] media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

by Mathis Foerst

Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst Fixes: 24d756e914fc ("media: i2c: Add driver for onsemi MT9M114 camera sensor") Cc: stable(a)vger.kernel.org Signed-off-by: Mathis Foerst <mathis.foerst(a)mt.com> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> --- drivers/media/i2c/mt9m114.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/media/i2c/mt9m114.c b/drivers/media/i2c/mt9m114.c index e909c1227e51..9ff46c72dbc1 100644 --- a/drivers/media/i2c/mt9m114.c +++ b/drivers/media/i2c/mt9m114.c @@ -1652,13 +1652,9 @@ static int mt9m114_ifp_get_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - ival->numerator = 1; ival->denominator = sensor->ifp.frame_rate; - mutex_unlock(sensor->ifp.hdl.lock); - return 0; } @@ -1677,8 +1673,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - if (ival->numerator != 0 && ival->denominator != 0) sensor->ifp.frame_rate = min_t(unsigned int, ival->denominator / ival->numerator, @@ -1692,8 +1686,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (sensor->streaming) ret = mt9m114_set_frame_rate(sensor); - mutex_unlock(sensor->ifp.hdl.lock); - return ret; } -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH v5 6/7] media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval

by Mathis Foerst

Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a deadlock, as the subdev state is locked in the [1] but also in the driver itself. In [2] it's described that the caller is responsible to acquire and release the lock in this case. Therefore, acquiring the lock in the driver is wrong. Remove the lock acquisitions/releases from mt9m114_ifp_get_frame_interval() and mt9m114_ifp_set_frame_interval(). [1] drivers/media/v4l2-core/v4l2-subdev.c - line 1129 [2] Documentation/driver-api/media/v4l2-subdev.rst Fixes: 24d756e914fc ("media: i2c: Add driver for onsemi MT9M114 camera sensor") Cc: stable(a)vger.kernel.org Signed-off-by: Mathis Foerst <mathis.foerst(a)mt.com> --- drivers/media/i2c/mt9m114.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/media/i2c/mt9m114.c b/drivers/media/i2c/mt9m114.c index e909c1227e51..9ff46c72dbc1 100644 --- a/drivers/media/i2c/mt9m114.c +++ b/drivers/media/i2c/mt9m114.c @@ -1652,13 +1652,9 @@ static int mt9m114_ifp_get_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - ival->numerator = 1; ival->denominator = sensor->ifp.frame_rate; - mutex_unlock(sensor->ifp.hdl.lock); - return 0; } @@ -1677,8 +1673,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (interval->which != V4L2_SUBDEV_FORMAT_ACTIVE) return -EINVAL; - mutex_lock(sensor->ifp.hdl.lock); - if (ival->numerator != 0 && ival->denominator != 0) sensor->ifp.frame_rate = min_t(unsigned int, ival->denominator / ival->numerator, @@ -1692,8 +1686,6 @@ static int mt9m114_ifp_set_frame_interval(struct v4l2_subdev *sd, if (sensor->streaming) ret = mt9m114_set_frame_rate(sensor); - mutex_unlock(sensor->ifp.hdl.lock); - return ret; } -- 2.34.1

3 weeks, 5 days

1
0
0 0

patch "iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 3c5dfea39a245b2dad869db24e2830aa299b1cf2 Mon Sep 17 00:00:00 2001 From: Arthur-Prince <r2.arthur.prince(a)gmail.com> Date: Wed, 30 Apr 2025 16:07:37 -0300 Subject: iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add dependency to Kconfig’s ti-ads1298 because compiling it as a module failed with an undefined kfifo symbol. Fixes: 00ef7708fa60 ("iio: adc: ti-ads1298: Add driver") Signed-off-by: Arthur-Prince <r2.arthur.prince(a)gmail.com> Co-developed-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Signed-off-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Link: https://patch.msgid.link/20250430191131.120831-1-r2.arthur.prince@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index ad06cf556785..0fe6601e59ed 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1562,6 +1562,7 @@ config TI_ADS1298 tristate "Texas Instruments ADS1298" depends on SPI select IIO_BUFFER + select IIO_KFIFO_BUF help If you say yes here you get support for Texas Instruments ADS1298 medical ADC chips -- 2.49.0

3 weeks, 5 days

1
0
0 0

patch "iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 3c5dfea39a245b2dad869db24e2830aa299b1cf2 Mon Sep 17 00:00:00 2001 From: Arthur-Prince <r2.arthur.prince(a)gmail.com> Date: Wed, 30 Apr 2025 16:07:37 -0300 Subject: iio: adc: ti-ads1298: Kconfig: add kfifo dependency to fix module build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add dependency to Kconfig’s ti-ads1298 because compiling it as a module failed with an undefined kfifo symbol. Fixes: 00ef7708fa60 ("iio: adc: ti-ads1298: Add driver") Signed-off-by: Arthur-Prince <r2.arthur.prince(a)gmail.com> Co-developed-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Signed-off-by: Mariana Valério <mariana.valerio2(a)hotmail.com> Link: https://patch.msgid.link/20250430191131.120831-1-r2.arthur.prince@gmail.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index ad06cf556785..0fe6601e59ed 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -1562,6 +1562,7 @@ config TI_ADS1298 tristate "Texas Instruments ADS1298" depends on SPI select IIO_BUFFER + select IIO_KFIFO_BUF help If you say yes here you get support for Texas Instruments ADS1298 medical ADC chips -- 2.49.0

3 weeks, 5 days

1
0
0 0

Linux 6.14.8

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.8 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/netlink/specs/tc.yaml | 10 MAINTAINERS | 6 Makefile | 3 arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3576-armsom-sige5.dts | 2 arch/arm64/boot/dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 2 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 -- arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/genex.S | 7 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 arch/x86/coco/sev/core.c | 255 +++++++---- arch/x86/include/asm/amd_nb.h | 1 arch/x86/include/asm/amd_node.h | 13 arch/x86/kernel/amd_nb.c | 1 arch/x86/kernel/amd_node.c | 9 block/bio.c | 2 drivers/accel/ivpu/ivpu_drv.c | 39 - drivers/accel/ivpu/ivpu_drv.h | 5 drivers/accel/ivpu/ivpu_hw.c | 5 drivers/accel/ivpu/ivpu_hw.h | 9 drivers/accel/ivpu/ivpu_hw_btrs.c | 3 drivers/accel/ivpu/ivpu_ipc.c | 7 drivers/accel/ivpu/ivpu_ipc.h | 2 drivers/accel/ivpu/ivpu_job.c | 15 drivers/accel/ivpu/ivpu_job.h | 2 drivers/accel/ivpu/ivpu_mmu.c | 109 +++- drivers/accel/ivpu/ivpu_mmu.h | 2 drivers/accel/ivpu/ivpu_mmu_context.c | 13 drivers/accel/ivpu/ivpu_mmu_context.h | 2 drivers/accel/ivpu/ivpu_pm.c | 3 drivers/accel/ivpu/ivpu_pm.h | 2 drivers/acpi/pptt.c | 11 drivers/block/ublk_drv.c | 2 drivers/char/tpm/tpm2-sessions.c | 20 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/gpio/gpio-pca953x.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 6 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 drivers/gpu/drm/xe/xe_gsc.c | 22 drivers/gpu/drm/xe/xe_gsc.h | 1 drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_lrc.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 7 drivers/gpu/drm/xe/xe_uc.c | 8 drivers/gpu/drm/xe/xe_uc.h | 1 drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 drivers/hid/bpf/hid_bpf_dispatch.c | 9 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/i2c/busses/i2c-designware-pcidrv.c | 4 drivers/iio/adc/ad7606.c | 154 +++++- drivers/iio/adc/ad7606.h | 37 + drivers/iio/adc/ad7606_spi.c | 137 ----- drivers/infiniband/core/device.c | 6 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/b53/b53_common.c | 33 + drivers/net/dsa/b53/b53_regs.h | 14 drivers/net/dsa/microchip/ksz_common.c | 135 ++++- drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_main.c | 30 - drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/phy/micrel.c | 7 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 + drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/hsmp/Kconfig | 2 drivers/platform/x86/amd/hsmp/acpi.c | 10 drivers/platform/x86/amd/hsmp/hsmp.c | 1 drivers/platform/x86/amd/hsmp/hsmp.h | 4 drivers/platform/x86/amd/hsmp/plat.c | 42 - drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/amd/pmf/tee-if.c | 23 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/usb/gadget/function/f_midi2.c | 2 fs/binfmt_elf.c | 71 ++- fs/btrfs/discard.c | 17 fs/btrfs/fs.h | 1 fs/btrfs/inode.c | 7 fs/btrfs/super.c | 4 fs/eventpoll.c | 7 fs/nfs/localio.c | 2 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 + include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/micrel_phy.h | 1 include/linux/tpm.h | 21 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 io_uring/fdinfo.c | 48 +- io_uring/memmap.c | 2 io_uring/uring_cmd.c | 5 kernel/cgroup/cpuset.c | 6 kernel/sched/ext.c | 6 kernel/trace/fprobe.c | 3 kernel/trace/ring_buffer.c | 8 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/hugetlb.c | 28 - mm/page_alloc.c | 23 mm/userfaultfd.c | 12 net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 17 net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 scripts/Makefile.extrawarn | 12 sound/core/seq/seq_clientmgr.c | 52 +- sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/pyynl/ethtool.py | 22 tools/perf/arch/loongarch/include/syscall_table.h | 2 tools/testing/selftests/drivers/net/hw/ncdevmem.c | 55 -- tools/testing/vsock/vsock_test.c | 28 - 176 files changed, 1681 insertions(+), 1027 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alexey Makhalov (1): MAINTAINERS: Update Alexey Makhalov's email address Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Ashish Kalra (2): x86/sev: Do not touch VMSA pages during SNP guest memory kdump x86/sev: Make sure pages are not skipped during kdump Barry Song (1): mm: userfaultfd: correct dirty flags set for both present and swap pte Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Boris Burkov (1): btrfs: fix folio leak in submit_one_async_extent() Breno Leitao (1): tracing: fprobe: Fix RCU warning message in list traversal Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Christian Hewitt (1): arm64: dts: amlogic: dreambox: fix missing clkc_audio node Christophe JAILLET (1): i2c: designware: Fix an error handling path in i2c_dw_pci_probe() Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Ratiu (1): tests/ncdevmem: Fix double-free of queue array Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock Daniele Ceraolo Spurio (1): drm/xe/gsc: do not flush the GSC worker from the reset path David Lechner (1): iio: adc: ad7606: check for NULL before calling sw_mode_config() Dragan Simic (1): arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Emanuele Ghidoli (1): gpio: pca953x: fix IRQ storm on system wake up Fabio Estevam (1): drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Filipe Manana (1): btrfs: fix discard worker infinite loop after disabling discard Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (1): tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.14.8 Guillaume Stols (2): iio: adc: ad7606: move the software mode configuration iio: adc: ad7606: move software functions into common file Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (2): octeontx2-pf: Fix ethtool support for SDP representors octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Himanshu Bhavani (1): arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Huacai Chen (3): LoongArch: Move __arch_cpu_idle() to .cpuidle.text section LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Jakub Kicinski (2): netlink: specs: tc: fix a couple of attribute names netlink: specs: tc: all actions are indexed arrays Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jarkko Sakkinen (1): tpm: Mask TPM RC in tpm2_start_auth_session() Jens Axboe (2): io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() io_uring/memmap: don't use page_address() on a highmem page Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonas Gorski (1): net: dsa: b53: prevent standalone from trying to forward to other ports Karol Wachowski (4): accel/ivpu: Dump only first MMU fault from single context accel/ivpu: Move parts of MMU event IRQ handling to thread handler accel/ivpu: Fix missing MMU events from reserved SSID accel/ivpu: Fix missing MMU events if file_priv is unbound Kees Cook (3): binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Konstantin Shkolnyy (1): vsock/test: Fix occasional failure in SIOCOUTQ tests Kyoji Ogasawara (1): btrfs: add back warning for mount option commit values exceeding 300 Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Maciej Falkowski (2): accel/ivpu: Use workqueue for IRQ handling accel/ivpu: Flush pending jobs of device's workqueues Mario Limonciello (3): drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies HID: amd_sfh: Fix SRA sensor when it's the only sensor Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Max Kellermann (1): fs/eventpoll: fix endless busy loop after timeout has expired Melissa Wen (2): drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Ming Lei (1): ublk: fix dead loop when canceling io command Ming Yen Hsieh (1): wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl Nathan Chancellor (2): kbuild: Disable -Wdefault-const-init-unsafe net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Nicolas Frattaroli (1): arm64: dts: rockchip: fix Sige5 RTC interrupt pin Oleksij Rempel (2): net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Philip Yang (1): drm/amdgpu: csa unmap use uninterruptible lock Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Rong Zhang (1): HID: bpf: abort dispatch if device destroyed Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Sam Edwards (1): arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (2): tracing: samples: Initialize trace_array_printk() with the correct function ring-buffer: Fix persistent buffer when commit page is the reader page Subbaraya Sundeep (2): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy octeontx2-pf: Do not reallocate all ntuple filters Suma Hegde (1): platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tejun Heo (1): sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Weißschuh (1): Revert "kbuild, rust: use -fremap-path-prefix to make paths relative" Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (3): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era perf tools: Fix build error for LoongArch Tim Huang (1): drm/amdgpu: fix incorrect MALL size for GFX1151 Tom Vincent (1): arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 Trond Myklebust (2): NFS/localio: Fix a race in nfs_local_open_fh() NFSv4/pnfs: Reset the layout state after a layoutreturn Umesh Nerlige Ramappa (1): drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Wupeng Ma (1): mm: hugetlb: fix incorrect fallback for subpool Yazen Ghannam (1): x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ze Huang (1): riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Zhu Yanjun (2): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem hexue (1): io_uring/uring_cmd: fix hybrid polling initialization issue pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

3 weeks, 5 days

1
1
0 0

Linux 6.6.92

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.92 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/net/bpf_jit_comp.c | 12 arch/loongarch/Makefile | 2 arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/x86/kernel/alternative.c | 17 arch/x86/kvm/smm.c | 1 arch/x86/kvm/svm/svm.c | 19 block/bio.c | 2 drivers/acpi/pptt.c | 11 drivers/bluetooth/btnxpuart.c | 6 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/firmware/arm_scmi/Kconfig | 14 drivers/firmware/arm_scmi/common.h | 35 + drivers/firmware/arm_scmi/driver.c | 89 +++ drivers/firmware/arm_scmi/mailbox.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_hw.h | 2 drivers/net/ethernet/engleder/tsnep_main.c | 131 ++++- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 +- drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/usb/gadget/function/f_midi2.c | 2 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 2 fs/binfmt_elf.c | 273 ++++++------ fs/btrfs/extent-tree.c | 25 - fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 + include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/tpm.h | 2 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 kernel/cgroup/cpuset.c | 6 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/memblock.c | 9 mm/memory_hotplug.c | 6 mm/migrate.c | 16 mm/page_alloc.c | 27 - net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 65 +- net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 sound/core/seq/seq_clientmgr.c | 52 +- sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/ethtool.py | 29 + tools/testing/selftests/exec/Makefile | 19 tools/testing/selftests/exec/load_address.c | 83 ++- tools/testing/selftests/mm/compaction_test.c | 19 118 files changed, 1290 insertions(+), 689 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Cristian Marussi (3): firmware: arm_scmi: Add helper to trace bad messages firmware: arm_scmi: Add message dump traces for bad and unexpected replies firmware: arm_scmi: Fix timeout checks on polling path Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Dumazet (2): mctp: no longer rely on net->dev_index_head[] sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Filipe Manana (1): btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (2): tsnep: Inline small fragments within TX descriptor tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.6.92 Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (1): octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Huacai Chen (3): LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation LoongArch: Explicitly specify code model in Makefile Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (8): binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Leave a gap between .bss and brk selftests/exec: Build both static and non-static load_address tests binfmt_elf: Calculate total_size earlier binfmt_elf: Honor PT_LOAD alignment for static PIE binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Luke Parkin (2): firmware: arm_scmi: Add support for debug metrics at the interface firmware: arm_scmi: Track basic SCMI communication debug metrics Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Ma Wupeng (1): hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend drm/amd: Add Suspend/Hibernate notification callback support Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Mikhail Lobanov (1): KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Muhammad Usama Anjum (1): selftests/exec: load_address: conform test to TAP format output Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix kernel panic during FW release Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pawan Gupta (1): x86/its: Fix build error for its_static_thunk() Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Peter Collingbourne (1): bpf, arm64: Fix address emission with tag-based KASAN enabled Peter Gonda (1): KVM: SVM: Update SEV-ES shutdown intercepts with more metadata Puranjay Mohan (1): bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Rahul Rameshbabu (1): tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get operation Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Subbaraya Sundeep (1): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (2): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era Tom Lendacky (1): memblock: Accept allocated memory before use in memblock_double_array() Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhigang Luo (1): drm/amdgpu: trigger flr_work if reading pf2vf data failed Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Zi Yan (1): mm/migrate: correct nr_failed in migrate_pages_sync() pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

3 weeks, 5 days

1
1
0 0

Linux 6.12.30

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.30 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/netlink/specs/tc.yaml | 10 MAINTAINERS | 6 Makefile | 2 arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 - arch/loongarch/include/asm/ptrace.h | 2 arch/loongarch/include/asm/uprobes.h | 1 arch/loongarch/kernel/genex.S | 7 arch/loongarch/kernel/kfpu.c | 22 arch/loongarch/kernel/time.c | 2 arch/loongarch/kernel/uprobes.c | 11 arch/loongarch/power/hibernate.c | 3 arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 arch/x86/kvm/mmu/mmu.c | 75 +- block/bio.c | 2 drivers/accel/ivpu/ivpu_debugfs.c | 2 drivers/accel/ivpu/ivpu_fw.c | 4 drivers/accel/ivpu/ivpu_fw_log.c | 113 ++- drivers/accel/ivpu/ivpu_fw_log.h | 9 drivers/accel/ivpu/ivpu_pm.c | 1 drivers/acpi/pptt.c | 11 drivers/bluetooth/btnxpuart.c | 6 drivers/char/tpm/tpm2-sessions.c | 20 drivers/char/tpm/tpm_tis_core.h | 2 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 159 +++- drivers/dma/ti/k3-udma.c | 10 drivers/gpio/gpio-pca953x.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 + drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/gpu/drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 drivers/gpu/drm/drm_fbdev_dma.c | 60 + drivers/gpu/drm/tiny/Kconfig | 1 drivers/gpu/drm/tiny/panel-mipi-dbi.c | 7 drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 drivers/gpu/drm/xe/xe_gsc.c | 22 drivers/gpu/drm/xe/xe_gsc.h | 1 drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 drivers/gpu/drm/xe/xe_gt.c | 2 drivers/gpu/drm/xe/xe_lrc.c | 2 drivers/gpu/drm/xe/xe_ring_ops.c | 7 drivers/gpu/drm/xe/xe_uc.c | 8 drivers/gpu/drm/xe/xe_uc.h | 1 drivers/hid/bpf/hid_bpf_dispatch.c | 9 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 - drivers/hv/hyperv_vmbus.h | 6 drivers/hv/vmbus_drv.c | 100 ++ drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/pms7003.c | 5 drivers/iio/chemical/sps30.c | 2 drivers/iio/light/opt3001.c | 5 drivers/iio/pressure/mprls0025pa.h | 17 drivers/infiniband/core/device.c | 6 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/b53/b53_common.c | 33 drivers/net/dsa/b53/b53_regs.h | 14 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/engleder/tsnep_main.c | 30 drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 + drivers/net/hyperv/netvsc_drv.c | 62 - drivers/net/hyperv/rndis_filter.c | 24 drivers/net/virtio_net.c | 5 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb-tegra186.c | 46 - drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 drivers/platform/x86/amd/pmf/tee-if.c | 23 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-loopback-test.c | 2 drivers/spi/spi-tegra114.c | 6 drivers/uio/uio_hv_generic.c | 39 - drivers/usb/gadget/function/f_midi2.c | 2 drivers/usb/host/xhci-dbgcap.c | 21 drivers/usb/host/xhci-dbgcap.h | 3 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/virtio/virtio_ring.c | 6 fs/binfmt_elf.c | 71 + fs/btrfs/discard.c | 17 fs/btrfs/fs.h | 1 fs/btrfs/inode.c | 7 fs/btrfs/super.c | 4 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/cifs_spnego.c | 16 fs/smb/client/cifsfs.c | 25 fs/smb/client/cifsglob.h | 7 fs/smb/client/connect.c | 20 fs/smb/client/fs_context.c | 39 + fs/smb/client/fs_context.h | 10 fs/smb/client/smb2pdu.c | 2 fs/udf/truncate.c | 2 fs/xattr.c | 24 include/drm/drm_fbdev_dma.h | 12 include/linux/bio.h | 1 include/linux/hyperv.h | 13 include/linux/kvm_host.h | 6 include/linux/tpm.h | 21 include/linux/virtio.h | 3 include/net/sch_generic.h | 15 include/sound/ump_msg.h | 4 kernel/cgroup/cpuset.c | 6 kernel/sched/ext.c | 6 kernel/trace/ring_buffer.c | 8 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/page_alloc.c | 23 mm/userfaultfd.c | 12 net/bluetooth/mgmt.c | 9 net/mac80211/main.c | 6 net/mctp/device.c | 65 - net/mctp/route.c | 4 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 scripts/Makefile.extrawarn | 12 sound/core/seq/seq_clientmgr.c | 52 - sound/core/seq/seq_ump_convert.c | 18 sound/core/seq/seq_ump_convert.h | 1 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/net/ynl/ethtool.py | 22 tools/testing/selftests/net/ncdevmem.c | 394 ++++++----- tools/testing/vsock/vsock_test.c | 28 virt/kvm/guest_memfd.c | 2 virt/kvm/kvm_main.c | 14 168 files changed, 1803 insertions(+), 906 deletions(-) Aaron Kling (1): spi: tegra114: Use value to check for invalid delays Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Alexey Makhalov (1): MAINTAINERS: Update Alexey Makhalov's email address Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Barry Song (1): mm: userfaultfd: correct dirty flags set for both present and swap pte Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Boris Burkov (1): btrfs: fix folio leak in submit_one_async_extent() Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Christian Hewitt (1): arm64: dts: amlogic: dreambox: fix missing clkc_audio node Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Ratiu (1): tests/ncdevmem: Fix double-free of queue array Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): phy: tegra: xusb: remove a stray unlock Daniele Ceraolo Spurio (1): drm/xe/gsc: do not flush the GSC worker from the reset path David Lechner (3): iio: chemical: pms7003: use aligned_s64 for timestamp iio: pressure: mprls0025pa: use aligned_s64 for timestamp iio: chemical: sps30: use aligned_s64 for timestamp Dragan Simic (1): arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Emanuele Ghidoli (1): gpio: pca953x: fix IRQ storm on system wake up Eric Dumazet (1): mctp: no longer rely on net->dev_index_head[] Fabio Estevam (1): drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Filipe Manana (1): btrfs: fix discard worker infinite loop after disabling discard Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Gerhard Engleder (1): tsnep: fix timestamping with a stacked DSA driver Greg Kroah-Hartman (1): Linux 6.12.30 Hangbin Liu (1): tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Hariprasad Kelam (1): octeontx2-af: Fix CGX Receive counters Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Himanshu Bhavani (1): arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Huacai Chen (3): LoongArch: Move __arch_cpu_idle() to .cpuidle.text section LoongArch: Save and restore CSR.CNTC for hibernation LoongArch: Fix MAX_REG_OFFSET calculation Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Ido Schimmel (1): mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Isaku Yamahata (1): KVM: Add member to struct kvm_gfn_range to indicate private/shared Jacek Lawrynowicz (3): accel/ivpu: Rename ivpu_log_level to fw_log_level accel/ivpu: Refactor functions in ivpu_fw_log.c accel/ivpu: Fix fw log printing Jakub Kicinski (2): netlink: specs: tc: fix a couple of attribute names netlink: specs: tc: all actions are indexed arrays Jan Kara (1): udf: Make sure i_lenExtents is uptodate on inode eviction Jarkko Sakkinen (1): tpm: Mask TPM RC in tpm2_start_auth_session() Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonas Gorski (1): net: dsa: b53: prevent standalone from trying to forward to other ports Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (3): binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kirill A. Shutemov (1): mm/page_alloc: fix race condition in unaccepted memory handling Koichiro Den (2): virtio_ring: add a func argument 'recycle_done' to virtqueue_reset() virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx Konstantin Shkolnyy (1): vsock/test: Fix occasional failure in SIOCOUTQ tests Kyoji Ogasawara (1): btrfs: add back warning for mount option commit values exceeding 300 Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Luca Ceresoli (1): iio: light: opt3001: fix deadlock due to concurrent flag access Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Mario Limonciello (3): drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies drm/amd: Add Suspend/Hibernate notification callback support Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathias Nyman (2): xhci: dbc: Improve performance by removing delay in transfer event polling. xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Matt Johnston (1): net: mctp: Don't access ifa_index when missing Melissa Wen (1): Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Naman Jain (1): uio_hv_generic: Fix sysfs creation path for ring buffer Nathan Chancellor (2): kbuild: Disable -Wdefault-const-init-unsafe net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Fix kernel panic during FW release Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Philip Yang (1): drm/amdgpu: csa unmap use uninterruptible lock Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Ritvik Budhiraja (1): CIFS: New mount option for cifs.upcall namespace resolution Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Rong Zhang (1): HID: bpf: abort dispatch if device destroyed Runhua He (1): platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Sean Christopherson (1): KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Shuai Xue (9): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Stanislav Fomichev (5): selftests: ncdevmem: Redirect all non-payload output to stderr selftests: ncdevmem: Separate out dmabuf provider selftests: ncdevmem: Unify error handling selftests: ncdevmem: Make client_ip optional selftests: ncdevmem: Switch to AF_INET6 Stephen Smalley (1): fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (2): tracing: samples: Initialize trace_array_printk() with the correct function ring-buffer: Fix persistent buffer when commit page is the reader page Subbaraya Sundeep (2): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy octeontx2-pf: Do not reallocate all ntuple filters Takashi Iwai (2): ALSA: seq: Fix delivery of UMP events to group ports ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Tejun Heo (1): sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Zimmermann (2): drm/fbdev-dma: Support struct drm_driver.fbdev_probe drm/panel-mipi-dbi: Run DRM default client setup Tianyang Zhang (1): LoongArch: Prevent cond_resched() occurring within kernel-fpu Tiezhu Yang (2): LoongArch: uprobes: Remove user_{en,dis}able_single_step() LoongArch: uprobes: Remove redundant code about resume_era Tim Huang (1): drm/amdgpu: fix incorrect MALL size for GFX1151 Tom Vincent (1): arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 Tomasz Rusinowicz (1): accel/ivpu: Reset fw log on cold boot Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Umesh Nerlige Ramappa (1): drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Waiman Long (1): cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Wayne Chang (1): phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ze Huang (1): riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Zhu Yanjun (2): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

3 weeks, 5 days

1
1
0 0

Linux 6.1.140

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.140 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm64/kernel/fpsimd.c | 6 arch/arm64/net/bpf_jit_comp.c | 12 arch/loongarch/Makefile | 2 arch/loongarch/include/asm/ptrace.h | 2 arch/riscv/include/asm/page.h | 1 arch/riscv/include/asm/pgtable.h | 2 arch/riscv/mm/init.c | 17 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/kprobes/core.c | 1 arch/x86/kernel/module.c | 9 block/bio.c | 2 drivers/acpi/pptt.c | 11 drivers/char/tpm/tpm_tis_core.h | 2 drivers/clocksource/i8253.c | 4 drivers/dma-buf/dma-resv.c | 5 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 145 ++++-- drivers/dma/ti/k3-udma.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 drivers/hid/hid-thrustmaster.c | 1 drivers/hid/hid-uclogic-core.c | 7 drivers/hv/channel.c | 65 -- drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 drivers/net/ethernet/qlogic/qede/qede_main.c | 2 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/hyperv/hyperv_net.h | 13 drivers/net/hyperv/netvsc.c | 57 ++ drivers/net/hyperv/netvsc_drv.c | 62 -- drivers/net/hyperv/rndis_filter.c | 24 - drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/nvme/host/pci.c | 4 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 40 - drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/amd/pmc.c | 8 drivers/platform/x86/asus-wmi.c | 3 drivers/regulator/max20086-regulator.c | 7 drivers/scsi/sd_zbc.c | 6 drivers/scsi/storvsc_drv.c | 1 drivers/spi/spi-cadence-quadspi.c | 6 drivers/spi/spi-loopback-test.c | 2 drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 3 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 fs/binfmt_elf.c | 285 ++++++------ fs/binfmt_elf_fdpic.c | 2 fs/btrfs/discard.c | 17 fs/btrfs/extent-tree.c | 25 - fs/exec.c | 2 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 fs/smb/client/smb2pdu.c | 2 include/linux/bio.h | 1 include/linux/hyperv.h | 7 include/linux/tpm.h | 2 include/net/netfilter/nf_tables.h | 3 include/net/sch_generic.h | 15 include/uapi/linux/elf.h | 2 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 mm/memory_hotplug.c | 6 mm/migrate.c | 8 net/ipv4/ip_output.c | 3 net/ipv4/raw.c | 3 net/ipv6/ip6_output.c | 3 net/mctp/route.c | 4 net/netfilter/nf_tables_api.c | 54 +- net/netfilter/nft_immediate.c | 2 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 net/tls/tls_strp.c | 3 samples/ftrace/sample-trace-array.c | 2 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/testing/selftests/exec/Makefile | 19 tools/testing/selftests/exec/load_address.c | 83 ++- tools/testing/selftests/vm/compaction_test.c | 19 106 files changed, 938 insertions(+), 533 deletions(-) Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alex Deucher (2): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Andrew Jeffery (1): net: mctp: Ensure keys maintain only one ref to corresponding dev Byungchul Park (1): mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Carolina Jubran (1): net/mlx5e: Disable MACsec offload for uplink representor profile Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (2): phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Cosmin Tanislav (1): regulator: max20086: fix invalid memory access Dan Carpenter (1): usb: typec: fix potential array underflow in ucsi_ccg_sync_control() David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Eric W. Biederman (1): binfmt_elf: Support segments with 0 filesz and misaligned starts Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Filipe Manana (2): btrfs: fix discard worker infinite loop after disabling discard btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu GONG Ruiqi (1): usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Greg Kroah-Hartman (1): Linux 6.1.140 Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Henry Martin (1): HID: uclogic: Add NULL check in uclogic_input_configured() Huacai Chen (2): LoongArch: Fix MAX_REG_OFFSET calculation LoongArch: Explicitly specify code model in Makefile Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jethro Donaldson (1): smb: client: fix memory leak during error handling for POSIX mkdir Jonathan Cameron (2): iio: adc: ad7266: Fix potential timestamp alignment issue. iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Kees Cook (8): binfmt: Fix whitespace issues binfmt_elf: elf_bss no longer used by load_elf_binary() binfmt_elf: Leave a gap between .bss and brk selftests/exec: Build both static and non-static load_address tests binfmt_elf: Calculate total_size earlier binfmt_elf: Honor PT_LOAD alignment for static PIE binfmt_elf: Move brk for static PIE even if ASLR disabled nvme-pci: make nvme_pci_npages_prp() __always_inline Keith Busch (1): nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Ma Jun (1): drm/amdgpu: Fix the runtime resume failure issue Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Ma Wupeng (1): hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Maciej S. Szmigiero (1): platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Mario Limonciello (2): drm/amd: Stop evicting resources on APUs in suspend drm/amd: Add Suspend/Hibernate notification callback support Mark Brown (1): arm64/sme: Always exit sme_alloc() early with existing storage Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Michael Kelley (5): hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages hv_netvsc: Preserve contiguous PFN grouping in the page buffer array hv_netvsc: Remove rmsg_pgcnt Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michal Suchanek (1): tpm: tis: Double the timeout B to 4s Muhammad Usama Anjum (1): selftests/exec: load_address: conform test to TAP format output Nathan Chancellor (1): net: qede: Initialize qede_ll_ops with designated initializer Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Pengtao He (1): net/tls: fix kernel panic when alloc_page failed Peter Collingbourne (1): bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan (1): bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Qasim Ijaz (1): HID: thrustmaster: fix memory leak in thrustmaster_interrupts() RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Shigeru Yoshida (2): ipv6: Fix potential uninit-value access in __ip6_make_skb() ipv4: Fix uninit-value access in __ip_make_skb() Shravya KN (1): bnxt_en: Fix receive ring space parameters when XDP is active Shuai Xue (8): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals dmaengine: idxd: Add missing cleanups in cleanup internals dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call dmaengine: idxd: fix memory leak in error handling path of idxd_alloc dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Steve Siwinski (1): scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Subbaraya Sundeep (1): octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Théo Lebrun (1): spi: cadence-qspi: fix pointer reference in runtime PM hooks Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Wayne Lin (2): drm/amd/display: Correct the reply value when AUX write incomplete drm/amd/display: Avoid flooding unnecessary info messages Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Xu Lu (1): riscv: mm: Fix the out of bound issue of vmemmap address Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhigang Luo (1): drm/amdgpu: trigger flr_work if reading pf2vf data failed Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

3 weeks, 5 days

1
1
0 0

Linux 5.15.184

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.184 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 156 ++++++ Documentation/admin-guide/kernel-parameters.txt | 15 Makefile | 2 arch/x86/Kconfig | 11 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 57 +- arch/x86/kernel/alternative.c | 243 +++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++ arch/x86/kernel/cpu/common.c | 63 ++ arch/x86/kernel/ftrace.c | 4 arch/x86/kernel/kprobes/core.c | 1 arch/x86/kernel/module.c | 15 arch/x86/kernel/static_call.c | 2 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/net/bpf_jit_comp.c | 8 block/fops.c | 5 drivers/acpi/pptt.c | 11 drivers/base/cpu.c | 8 drivers/clocksource/i8253.c | 6 drivers/dma/dmatest.c | 6 drivers/dma/idxd/init.c | 8 drivers/dma/ti/k3-udma.c | 10 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/chemical/sps30.c | 2 drivers/infiniband/sw/rxe/rxe_cq.c | 5 drivers/net/dsa/sja1105/sja1105_main.c | 6 drivers/net/ethernet/cadence/macb_main.c | 19 drivers/net/ethernet/intel/ice/ice_arfs.c | 9 drivers/net/ethernet/intel/ice/ice_lib.c | 5 drivers/net/ethernet/intel/ice/ice_main.c | 20 drivers/net/ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 drivers/net/wireless/mediatek/mt76/dma.c | 1 drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 drivers/phy/tegra/xusb.c | 8 drivers/platform/x86/asus-wmi.c | 3 drivers/spi/spi-loopback-test.c | 2 drivers/usb/typec/altmodes/displayport.c | 18 drivers/usb/typec/ucsi/displayport.c | 19 drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 3 drivers/usb/typec/ucsi/ucsi_ccg.c | 5 fs/btrfs/discard.c | 17 fs/btrfs/extent-tree.c | 25 - fs/btrfs/extent_io.c | 15 fs/nfs/nfs4proc.c | 9 fs/nfs/pnfs.c | 9 include/linux/cpu.h | 2 include/linux/module.h | 5 include/net/netfilter/nf_tables.h | 2 include/net/sch_generic.h | 15 kernel/trace/trace_dynevent.c | 16 kernel/trace/trace_dynevent.h | 1 kernel/trace/trace_events_trigger.c | 2 kernel/trace/trace_functions.c | 6 kernel/trace/trace_kprobe.c | 2 kernel/trace/trace_probe.c | 9 kernel/trace/trace_uprobe.c | 2 net/netfilter/nf_tables_api.c | 54 +- net/netfilter/nft_immediate.c | 2 net/sched/sch_codel.c | 2 net/sched/sch_fq.c | 2 net/sched/sch_fq_codel.c | 2 net/sched/sch_fq_pie.c | 2 net/sched/sch_hhf.c | 2 net/sched/sch_pie.c | 2 net/sctp/sysctl.c | 4 samples/ftrace/sample-trace-array.c | 2 sound/pci/es1968.c | 6 sound/sh/Kconfig | 2 sound/usb/quirks.c | 4 tools/testing/selftests/vm/compaction_test.c | 19 78 files changed, 1115 insertions(+), 190 deletions(-) Abdun Nihaal (1): qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Alexander Lobakin (1): ice: arfs: fix use-after-free when freeing @rx_cpu_rmap Andrei Kuchynski (1): usb: typec: ucsi: displayport: Fix deadlock Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Christian Heusel (1): ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Claudiu Beznea (1): phy: renesas: rcar-gen3-usb2: Set timing registers only once Cong Wang (1): net_sched: Flush gso_skb list too during ->change() Dan Carpenter (1): usb: typec: fix potential array underflow in ucsi_ccg_sync_control() David Lechner (1): iio: chemical: sps30: use aligned_s64 for timestamp Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Eric Dumazet (1): sctp: add mutual exclusion in proc_sctp_do_udp_port() Fedor Pchelkin (1): wifi: mt76: disable napi on driver removal Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Fengnan Chang (1): block: fix direct io NOWAIT flag not work Filipe Manana (2): btrfs: fix discard worker infinite loop after disabling discard btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu GONG Ruiqi (1): usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Geert Uytterhoeven (2): spi: loopback-test: Do not split 1024-byte hexdumps ALSA: sh: SND_AICA should depend on SH_DMA_API Greg Kroah-Hartman (1): Linux 5.15.184 Hans de Goede (1): platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Jeremy Linton (1): ACPI: PPTT: Fix processor subtable walk Jonathan Cameron (1): iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Josef Bacik (1): btrfs: do not clean up repair bio if submit fails Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Li Lingfeng (1): nfs: handle failure of nfs_get_lock_context in unlock path Ma Ke (1): phy: Fix error handling in tegra_xusb_port_init Masami Hiramatsu (Google) (1): tracing: probes: Fix a possible race in trace_probe_log APIs Mathieu Othacehe (1): net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Nathan Lynch (1): dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Nicolas Chauvet (1): ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal Pawan Gupta (10): x86/speculation: Simplify and make CALL_NOSPEC consistent x86/speculation: Add a conditional CS prefix to CALL_NOSPEC x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Align RETs in BHB clear sequence to avoid thunking Peter Zijlstra (3): x86,nospec: Simplify {JMP,CALL}_NOSPEC x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS RD Babiera (1): usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Ronald Wahl (1): dmaengine: ti: k3-udma: Add missing locking Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Shuai Xue (2): dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Steven Rostedt (1): tracing: samples: Initialize trace_array_printk() with the correct function Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Trond Myklebust (1): NFSv4/pnfs: Reset the layout state after a layoutreturn Vladimir Oltean (1): net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Wentao Liang (1): ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Yemike Abhilash Chandra (1): dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Zhu Yanjun (1): RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug pengdonglin (2): ftrace: Fix preemption accounting for stacktrace trigger command ftrace: Fix preemption accounting for stacktrace filter command

3 weeks, 5 days

1
1
0 0

[PATCH 6.1 0/1] Oopses on module unload seen on 6.1.y

by Fedor Pchelkin

Hi, commit 959cadf09dbae7b304f03e039b8d8e13c529e2dd Author: Peter Zijlstra <peterz(a)infradead.org> Date: Mon Oct 14 10:05:48 2024 -0700 x86/its: Use dynamic thunks for indirect branches commit 872df34d7c51a79523820ea6a14860398c639b87 upstream. was ported at v6.1.139 and leads to kernel crashes there after module unload operations. Example trace: BUG: unable to handle page fault for address: ffff8fcb47dd4000 #PF: supervisor write access in kernel mode #PF: error_code(0x0003) - permissions violation PGD 34801067 P4D 34801067 PUD 100148063 PMD 107dd5063 PTE 8000000107dd4161 Oops: 0003 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 378 Comm: modprobe Not tainted 6.1.139-01446-g753bd4a5f9a9 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:__change_page_attr_set_clr+0x49d/0x1280 Call Trace: <TASK> ? free_unref_page_prepare+0x80/0x4b0 set_direct_map_invalid_noflush+0x6e/0xa0 __vunmap+0x18c/0x3e0 __vfree+0x21/0xb0 vfree+0x2b/0x90 module_memfree+0x1b/0x50 free_module+0x17c/0x250 __do_sys_delete_module+0x337/0x4b0 __x64_sys_delete_module+0x15/0x30 x64_sys_call+0x3f9a/0x43a0 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 RIP: 0033:0x7f70755c0807 </TASK> Modules linked in: dm_multipath scsi_dh_rdac scsi_dh_emc scsi_dh_alua [last unloaded: scsi_debug] As mentioned in the blamed patch comment describing the backport adaptations: [ pawan: CONFIG_EXECMEM and CONFIG_EXECMEM_ROX are not supported on backport kernel, made changes to use module_alloc() and set_memory_*() for dynamic thunks. ] module_alloc/module_memfree in conjunction with memory protection routines were used. The allocated memory is vmalloc-based, and it ends up being ROX upon release inside its_free_mod(). Freeing of special permissioned memory in vmalloc requires its own handling. VM_FLUSH_RESET_PERMS flag was introduced for these purposes. In-kernel users dealing with the stuff had to care about this explicitly before commit 4c4eb3ecc91f ("x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()"). More recent kernels starting from 6.2 have the commit and are not affected. So port it as a followup for ITS mitigation 6.1-series to fix the aforementioned failures. The problem concerns 5.15-series (currently in stable-queue) as well. It needs its own patch to apply cleanly. Will send it shortly, too. Found by Linux Verification Center (linuxtesting.org). Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() arch/x86/kernel/ftrace.c | 2 -- arch/x86/kernel/kprobes/core.c | 1 - arch/x86/kernel/module.c | 9 +++++---- 3 files changed, 5 insertions(+), 7 deletions(-) -- 2.49.0

3 weeks, 5 days

2
2
0 0

[PATCH net 1/4] can: kvaser_pciefd: Force IRQ edge in case of nested IRQ

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Avoid the driver missing IRQs by temporarily masking IRQs in the ISR to enforce an edge even if a different IRQ is signalled before handled IRQs are cleared. Fixes: 48f827d4f48f ("can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR") Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-2-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 83 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index cf0d51805272..9cc9176c2058 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1646,24 +1646,28 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) return res; } -static u32 kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) +static void kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) { + void __iomem *srb_cmd_reg = KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG; u32 irq = ioread32(KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) { + kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, srb_cmd_reg); /* Rearm buffer */ + } + + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) { kvaser_pciefd_read_buffer(pcie, 1); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB1, srb_cmd_reg); /* Rearm buffer */ + } if (unlikely(irq & KVASER_PCIEFD_SRB_IRQ_DOF0 || irq & KVASER_PCIEFD_SRB_IRQ_DOF1 || irq & KVASER_PCIEFD_SRB_IRQ_DUF0 || irq & KVASER_PCIEFD_SRB_IRQ_DUF1)) dev_err(&pcie->pci->dev, "DMA IRQ error 0x%08X\n", irq); - - iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - return irq; } static void kvaser_pciefd_transmit_irq(struct kvaser_pciefd_can *can) @@ -1691,29 +1695,22 @@ static irqreturn_t kvaser_pciefd_irq_handler(int irq, void *dev) struct kvaser_pciefd *pcie = (struct kvaser_pciefd *)dev; const struct kvaser_pciefd_irq_mask *irq_mask = pcie->driver_data->irq_mask; u32 pci_irq = ioread32(KVASER_PCIEFD_PCI_IRQ_ADDR(pcie)); - u32 srb_irq = 0; - u32 srb_release = 0; int i; if (!(pci_irq & irq_mask->all)) return IRQ_NONE; + iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + if (pci_irq & irq_mask->kcan_rx0) - srb_irq = kvaser_pciefd_receive_irq(pcie); + kvaser_pciefd_receive_irq(pcie); for (i = 0; i < pcie->nr_channels; i++) { if (pci_irq & irq_mask->kcan_tx[i]) kvaser_pciefd_transmit_irq(pcie->can[i]); } - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB0; - - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD1) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB1; - - if (srb_release) - iowrite32(srb_release, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); return IRQ_HANDLED; } @@ -1733,13 +1730,22 @@ static void kvaser_pciefd_teardown_can_ctrls(struct kvaser_pciefd *pcie) } } +static void kvaser_pciefd_disable_irq_srcs(struct kvaser_pciefd *pcie) +{ + unsigned int i; + + /* Masking PCI_IRQ is insufficient as running ISR will unmask it */ + iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); + for (i = 0; i < pcie->nr_channels; ++i) + iowrite32(0, pcie->can[i]->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); +} + static int kvaser_pciefd_probe(struct pci_dev *pdev, const struct pci_device_id *id) { int ret; struct kvaser_pciefd *pcie; const struct kvaser_pciefd_irq_mask *irq_mask; - void __iomem *irq_en_base; pcie = devm_kzalloc(&pdev->dev, sizeof(*pcie), GFP_KERNEL); if (!pcie) @@ -1805,8 +1811,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); /* Enable PCI interrupts */ - irq_en_base = KVASER_PCIEFD_PCI_IEN_ADDR(pcie); - iowrite32(irq_mask->all, irq_en_base); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); /* Ready the DMA buffers */ iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); @@ -1820,8 +1825,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return 0; err_free_irq: - /* Disable PCI interrupts */ - iowrite32(0, irq_en_base); + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); err_pci_free_irq_vectors: @@ -1844,35 +1848,26 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return ret; } -static void kvaser_pciefd_remove_all_ctrls(struct kvaser_pciefd *pcie) -{ - int i; - - for (i = 0; i < pcie->nr_channels; i++) { - struct kvaser_pciefd_can *can = pcie->can[i]; - - if (can) { - iowrite32(0, can->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); - unregister_candev(can->can.dev); - timer_delete(&can->bec_poll_timer); - kvaser_pciefd_pwm_stop(can); - free_candev(can->can.dev); - } - } -} - static void kvaser_pciefd_remove(struct pci_dev *pdev) { struct kvaser_pciefd *pcie = pci_get_drvdata(pdev); + unsigned int i; - kvaser_pciefd_remove_all_ctrls(pcie); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; - /* Disable interrupts */ - iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CTRL_REG); - iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + unregister_candev(can->can.dev); + timer_delete(&can->bec_poll_timer); + kvaser_pciefd_pwm_stop(can); + } + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); pci_free_irq_vectors(pcie->pci); + + for (i = 0; i < pcie->nr_channels; ++i) + free_candev(pcie->can[i]->can.dev); + pci_iounmap(pdev, pcie->reg_base); pci_release_regions(pdev); pci_disable_device(pdev); base-commit: 9e89db3d847f2d66d2799c5533d00aebee2be4d1 -- 2.47.2

3 weeks, 5 days

2
1
0 0

[PATCH v2 1/2] drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1

by Ville Syrjala

From: Ville Syrjälä <ville.syrjala(a)linux.intel.com> The intel-media-driver is currently broken on DG1 because it uses EXEC_CAPTURE with recovarable contexts. Relax the check to allow that. I've also submitted a fix for the intel-media-driver: https://github.com/intel/media-driver/pull/1920 Cc: stable(a)vger.kernel.org Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Testcase: igt/gem_exec_capture/capture-invisible Fixes: 71b1669ea9bd ("drm/i915/uapi: tweak error capture on recoverable contexts") Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Signed-off-by: Ville Syrjälä <ville.syrjala(a)linux.intel.com> --- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ca7e9216934a..ea9d5063ce78 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) + GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) return -EINVAL; for_each_batch_create_order(eb, j) { -- 2.49.0

3 weeks, 5 days

4
4
0 0

[PATCH v3] usb: hub: lack of clearing xHC resources

by Pawel Laszczak

The xHC resources allocated for USB devices are not released in correct order after resuming in case when while suspend device was reconnected. This issue has been detected during the fallowing scenario: - connect hub HS to root port - connect LS/FS device to hub port - wait for enumeration to finish - force host to suspend - reconnect hub attached to root port - wake host For this scenario during enumeration of USB LS/FS device the Cadence xHC reports completion error code for xHC commands because the xHC resources used for devices has not been properly released. XHCI specification doesn't mention that device can be reset in any order so, we should not treat this issue as Cadence xHC controller bug. Similar as during disconnecting in this case the device resources should be cleared starting form the last usb device in tree toward the root hub. To fix this issue usbcore driver should call hcd->driver->reset_device for all USB devices connected to hub which was reconnected while suspending. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v3: - Changed patch title - Corrected typo - Moved hub_hc_release_resources above mutex_lock(hcd->address0_mutex) v2: - Replaced disconnection procedure with releasing only the xHC resources drivers/usb/core/hub.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c index a76bb50b6202..dcba4281ea48 100644 --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -6065,6 +6065,36 @@ void usb_hub_cleanup(void) usb_deregister(&hub_driver); } /* usb_hub_cleanup() */ +/** + * hub_hc_release_resources - clear resources used by host controller + * @udev: pointer to device being released + * + * Context: task context, might sleep + * + * Function releases the host controller resources in correct order before + * making any operation on resuming usb device. The host controller resources + * allocated for devices in tree should be released starting from the last + * usb device in tree toward the root hub. This function is used only during + * resuming device when usb device require reinitialization – that is, when + * flag udev->reset_resume is set. + * + * This call is synchronous, and may not be used in an interrupt context. + */ +static void hub_hc_release_resources(struct usb_device *udev) +{ + struct usb_hub *hub = usb_hub_to_struct_hub(udev); + struct usb_hcd *hcd = bus_to_hcd(udev->bus); + int i; + + /* Release up resources for all children before this device */ + for (i = 0; i < udev->maxchild; i++) + if (hub->ports[i]->child) + hub_hc_release_resources(hub->ports[i]->child); + + if (hcd->driver->reset_device) + hcd->driver->reset_device(hcd, udev); +} + /** * usb_reset_and_verify_device - perform a USB port reset to reinitialize a device * @udev: device to reset (not in SUSPENDED or NOTATTACHED state) @@ -6129,6 +6159,9 @@ static int usb_reset_and_verify_device(struct usb_device *udev) bos = udev->bos; udev->bos = NULL; + if (udev->reset_resume) + hub_hc_release_resources(udev); + mutex_lock(hcd->address0_mutex); for (i = 0; i < PORT_INIT_TRIES; ++i) { -- 2.43.0

3 weeks, 5 days

4
5
0 0

[PATCH 3/4 v3] crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.5+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 63 ++++++++++++++----- 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..204a31755710 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,51 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, ARCH_DMA_MINALIGN) + dlen; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +491,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +507,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

3 weeks, 5 days

3
2
0 0

[PATCH 4/4 v4] crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- v3->v4: - Again fixed memory size calculation as per review comment v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 59 ++++++++++++++----- 1 file changed, 44 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index 98de93851ba1..90a031421aac 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -350,22 +350,48 @@ static inline struct otx2_cpt_inst_info * cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - u32 dlen = 0, g_len, sg_len, info_len; - int align = OTX2_CPT_DMA_MINALIGN; + u32 dlen = 0, g_len, s_len, sg_len, info_len; struct otx2_cpt_inst_info *info; - u16 g_sz_bytes, s_sz_bytes; u32 total_mem_len; int i; - g_sz_bytes = ((req->in_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ------------------------------------ + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | --------------------------------| + * | | padding for ARCH_DMA_MINALIGN | + * | | alignment | + * |------------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |---------------------------------- | + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | -------------------------------| + * | | padding for 32B alignment | + * |------------------------------------| + * | Result response memory | + * | Alignment = 32Byte | + * ------------------------------------ + */ + + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + s_len = ((req->out_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + sg_len = g_len + s_len; - g_len = ALIGN(g_sz_bytes, align); - sg_len = ALIGN(g_len + s_sz_bytes, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = sg_len + info_len + sizeof(union otx2_cpt_res_s); + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (ARCH_DMA_MINALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += ALIGN(sg_len, OTX2_CPT_RES_ADDR_ALIGN); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) @@ -375,7 +401,8 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, dlen += req->in[i].size; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + g_len; info->gthr_sz = req->in_cnt; info->sctr_sz = req->out_cnt; @@ -387,7 +414,7 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (sgv2io_components_setup(pdev, req->out, req->out_cnt, - &info->in_buffer[g_len])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -404,8 +431,10 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + sg_len; - info->comp_baddr = info->dptr_baddr + sg_len; + info->completion_addr = PTR_ALIGN((info->in_buffer + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH 3/4 v4] crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ --- v3->v4: - Again fixed memory size calculation as per review comment v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 66 ++++++++++++++----- 1 file changed, 51 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..98de93851ba1 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,54 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ------------------------------------ + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | --------------------------------| + * | | padding for ARCH_DMA_MINALIGN | + * | | alignment | + * |------------------------------------| + * | SG List Header of 8 Byte | + * |------------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |---------------------------------- | + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | -------------------------------| + * | | padding for 32B alignment | + * |------------------------------------| + * | Result response memory | + * | Alignment = 32Byte | + * ------------------------------------ + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (ARCH_DMA_MINALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += ALIGN(dlen, OTX2_CPT_RES_ADDR_ALIGN); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +494,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +510,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH 2/4 v4] crypto: octeontx2: Fix address alignment issue on ucode loading

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Completion address should be 32-Byte alignment when loading microcode. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> # v6.5+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional .../marvell/octeontx2/otx2_cptpf_ucode.c | 35 +++++++++++-------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c index 3a818ac89295..88f0f72a4462 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c @@ -1491,12 +1491,13 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) union otx2_cpt_opcode opcode; union otx2_cpt_res_s *result; union otx2_cpt_inst_s inst; + dma_addr_t result_baddr; dma_addr_t rptr_baddr; struct pci_dev *pdev; - u32 len, compl_rlen; int timeout = 10000; + void *base, *rptr; int ret, etype; - void *rptr; + u32 len; /* * We don't get capabilities if it was already done @@ -1521,22 +1522,28 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) if (ret) goto delete_grps; - compl_rlen = ALIGN(sizeof(union otx2_cpt_res_s), OTX2_CPT_DMA_MINALIGN); - len = compl_rlen + LOADFVC_RLEN; + /* Allocate extra memory for "rptr" and "result" pointer alignment */ + len = LOADFVC_RLEN + ARCH_DMA_MINALIGN + + sizeof(union otx2_cpt_res_s) + OTX2_CPT_RES_ADDR_ALIGN; - result = kzalloc(len, GFP_KERNEL); - if (!result) { + base = kzalloc(len, GFP_KERNEL); + if (!base) { ret = -ENOMEM; goto lf_cleanup; } - rptr_baddr = dma_map_single(&pdev->dev, (void *)result, len, - DMA_BIDIRECTIONAL); + + rptr = PTR_ALIGN(base, ARCH_DMA_MINALIGN); + rptr_baddr = dma_map_single(&pdev->dev, rptr, len, DMA_BIDIRECTIONAL); if (dma_mapping_error(&pdev->dev, rptr_baddr)) { dev_err(&pdev->dev, "DMA mapping failed\n"); ret = -EFAULT; - goto free_result; + goto free_rptr; } - rptr = (u8 *)result + compl_rlen; + + result = (union otx2_cpt_res_s *)PTR_ALIGN(rptr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); + result_baddr = ALIGN(rptr_baddr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); /* Fill in the command */ opcode.s.major = LOADFVC_MAJOR_OP; @@ -1548,14 +1555,14 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) /* 64-bit swap for microcode data reads, not needed for addresses */ cpu_to_be64s(&iq_cmd.cmd.u); iq_cmd.dptr = 0; - iq_cmd.rptr = rptr_baddr + compl_rlen; + iq_cmd.rptr = rptr_baddr; iq_cmd.cptr.u = 0; for (etype = 1; etype < OTX2_CPT_MAX_ENG_TYPES; etype++) { result->s.compcode = OTX2_CPT_COMPLETION_CODE_INIT; iq_cmd.cptr.s.grp = otx2_cpt_get_eng_grp(&cptpf->eng_grps, etype); - otx2_cpt_fill_inst(&inst, &iq_cmd, rptr_baddr); + otx2_cpt_fill_inst(&inst, &iq_cmd, result_baddr); lfs->ops->send_cmd(&inst, 1, &cptpf->lfs.lf[0]); timeout = 10000; @@ -1578,8 +1585,8 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) error_no_response: dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); -free_result: - kfree(result); +free_rptr: + kfree(base); lf_cleanup: otx2_cptlf_shutdown(lfs); delete_grps: -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH] objtool/rust: relax slice condition to cover more `noreturn` Rust functions

by Miguel Ojeda

Developers are indeed hitting other of the `noreturn` slice symbols in Nova [1], thus relax the last check in the list so that we catch all of them, i.e. *_4core5slice5index22slice_index_order_fail *_4core5slice5index24slice_end_index_len_fail *_4core5slice5index26slice_start_index_len_fail *_4core5slice5index29slice_end_index_overflow_fail *_4core5slice5index31slice_start_index_overflow_fail These all exist since at least Rust 1.78.0, thus backport it too. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later. Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Timur Tabi <ttabi(a)nvidia.com> Cc: Kane York <kanepyork(a)gmail.com> Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Reported-by: Joel Fernandes <joelagnelf(a)nvidia.com> Link: https://lore.kernel.org/rust-for-linux/20250513180757.GA1295002@joelnvbox/ [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- I tested it with the Timur's `alex` branch, but a Tested-by is appreciated. Thanks! tools/objtool/check.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index b21b12ec88d9..f23bdda737aa 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -230,7 +230,8 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_7___rustc17rust_begin_unwind") || strstr(func->name, "_4core9panicking13assert_failed") || strstr(func->name, "_4core9panicking11panic_const24panic_const_") || - (strstr(func->name, "_4core5slice5index24slice_") && + (strstr(func->name, "_4core5slice5index") && + strstr(func->name, "slice_") && str_ends_with(func->name, "_fail")); } base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21 -- 2.49.0

3 weeks, 5 days

3
2
0 0

[PATCH 5.10.y/5.15.y] ELF: fix kernel.randomize_va_space double read

by Feng Liu

From: Alexey Dobriyan <adobriyan(a)gmail.com> [ Upstream commit 2a97388a807b6ab5538aa8f8537b2463c6988bd2 ] ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Signed-off-by: Alexey Dobriyan <adobriyan(a)gmail.com> Link: https://lore.kernel.org/r/3329905c-7eb8-400a-8f0a-d87cff979b5b@p183 Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- fs/binfmt_elf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 11dc833ca2c4..a1f0dff2f818 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -1008,7 +1008,8 @@ static int load_elf_binary(struct linux_binprm *bprm) if (elf_read_implies_exec(*elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; - if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) + const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); + if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space) current->flags |= PF_RANDOMIZE; setup_new_exec(bprm); @@ -1278,7 +1279,7 @@ static int load_elf_binary(struct linux_binprm *bprm) mm->end_data = end_data; mm->start_stack = bprm->p; - if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { + if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) { /* * For architectures with ELF randomization, when executing * a loader directly (i.e. no interpreter listed in ELF -- 2.34.1

3 weeks, 5 days

4
7
0 0

[PATCH] iio: common: st_sensors: Fix use of uninitialize device structs

by Maud Spierings via B4 Relay

From: Maud Spierings <maudspierings(a)gocontroll.com> Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable when the call to devm_regulator_bulk_get_enable() fails and then calls dev_err_probe() with the uninitialized device. This seems to only cause a panic with dev_err_probe(), dev_err, dev_warn and dev_info don't seem to cause a panic, but are fixed as well. --- When I search for general &indio_dev->dev usage, I see quite a lot more hits, but I am not sure if there are issues with those too. This issue has existed for a long time it seems and therefore it is nearly impossible to find a proper fixes tag. I would love to see it at least backported to 6.12 as that is where I encountered it, and I believe the patch should apply without conflicts. The investigation into this issue can be found in this thread [1] [1]: https://lore.kernel.org/all/AM7P189MB100986A83D2F28AF3FFAF976E39EA@AM7P189M… Signed-off-by: Maud Spierings <maudspierings(a)gocontroll.com> --- drivers/iio/accel/st_accel_core.c | 10 +++---- drivers/iio/common/st_sensors/st_sensors_core.c | 35 +++++++++++----------- drivers/iio/common/st_sensors/st_sensors_trigger.c | 18 +++++------ 3 files changed, 31 insertions(+), 32 deletions(-) diff --git a/drivers/iio/accel/st_accel_core.c b/drivers/iio/accel/st_accel_core.c index 99cb661fabb2d9cc1943fa8d0a6f3becb71126e6..a7961c610ed203d039bbf298c8883031a578fb0b 100644 --- a/drivers/iio/accel/st_accel_core.c +++ b/drivers/iio/accel/st_accel_core.c @@ -1353,6 +1353,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) union acpi_object *ont; union acpi_object *elements; acpi_status status; + struct device *parent = indio_dev->dev.parent; int ret = -EINVAL; unsigned int val; int i, j; @@ -1371,7 +1372,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) }; - adev = ACPI_COMPANION(indio_dev->dev.parent); + adev = ACPI_COMPANION(parent); if (!adev) return -ENXIO; @@ -1380,8 +1381,7 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) if (status == AE_NOT_FOUND) { return -ENXIO; } else if (ACPI_FAILURE(status)) { - dev_warn(&indio_dev->dev, "failed to execute _ONT: %d\n", - status); + dev_warn(parent, "failed to execute _ONT: %d\n", status); return status; } @@ -1457,12 +1457,12 @@ static int apply_acpi_orientation(struct iio_dev *indio_dev) } ret = 0; - dev_info(&indio_dev->dev, "computed mount matrix from ACPI\n"); + dev_info(parent, "computed mount matrix from ACPI\n"); out: kfree(buffer.pointer); if (ret) - dev_dbg(&indio_dev->dev, + dev_dbg(parent, "failed to apply ACPI orientation data: %d\n", ret); return ret; diff --git a/drivers/iio/common/st_sensors/st_sensors_core.c b/drivers/iio/common/st_sensors/st_sensors_core.c index 8ce1dccfea4f5aaff45d3d40f6542323dd1f0b09..11cbf561b16d41f429745abb516c137cfbb302bb 100644 --- a/drivers/iio/common/st_sensors/st_sensors_core.c +++ b/drivers/iio/common/st_sensors/st_sensors_core.c @@ -154,7 +154,7 @@ static int st_sensors_set_fullscale(struct iio_dev *indio_dev, unsigned int fs) return err; st_accel_set_fullscale_error: - dev_err(&indio_dev->dev, "failed to set new fullscale.\n"); + dev_err(indio_dev->dev.parent, "failed to set new fullscale.\n"); return err; } @@ -231,7 +231,7 @@ int st_sensors_power_enable(struct iio_dev *indio_dev) ARRAY_SIZE(regulator_names), regulator_names); if (err) - return dev_err_probe(&indio_dev->dev, err, + return dev_err_probe(parent, err, "unable to enable supplies\n"); return 0; @@ -241,13 +241,14 @@ EXPORT_SYMBOL_NS(st_sensors_power_enable, "IIO_ST_SENSORS"); static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); /* Sensor does not support interrupts */ if (!sdata->sensor_settings->drdy_irq.int1.addr && !sdata->sensor_settings->drdy_irq.int2.addr) { if (pdata->drdy_int_pin) - dev_info(&indio_dev->dev, + dev_info(parent, "DRDY on pin INT%d specified, but sensor does not support interrupts\n", pdata->drdy_int_pin); return 0; @@ -256,29 +257,27 @@ static int st_sensors_set_drdy_int_pin(struct iio_dev *indio_dev, switch (pdata->drdy_int_pin) { case 1: if (!sdata->sensor_settings->drdy_irq.int1.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT1 not available.\n"); + dev_err(parent, "DRDY on INT1 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 1; break; case 2: if (!sdata->sensor_settings->drdy_irq.int2.mask) { - dev_err(&indio_dev->dev, - "DRDY on INT2 not available.\n"); + dev_err(parent, "DRDY on INT2 not available.\n"); return -EINVAL; } sdata->drdy_int_pin = 2; break; default: - dev_err(&indio_dev->dev, "DRDY on pdata not valid.\n"); + dev_err(parent, "DRDY on pdata not valid.\n"); return -EINVAL; } if (pdata->open_drain) { if (!sdata->sensor_settings->drdy_irq.int1.addr_od && !sdata->sensor_settings->drdy_irq.int2.addr_od) - dev_err(&indio_dev->dev, + dev_err(parent, "open drain requested but unsupported.\n"); else sdata->int_pin_open_drain = true; @@ -336,6 +335,7 @@ EXPORT_SYMBOL_NS(st_sensors_dev_name_probe, "IIO_ST_SENSORS"); int st_sensors_init_sensor(struct iio_dev *indio_dev, struct st_sensors_platform_data *pdata) { + struct device *parent = indio_dev->dev.parent; struct st_sensor_data *sdata = iio_priv(indio_dev); struct st_sensors_platform_data *of_pdata; int err = 0; @@ -343,7 +343,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mutex_init(&sdata->odr_lock); /* If OF/DT pdata exists, it will take precedence of anything else */ - of_pdata = st_sensors_dev_probe(indio_dev->dev.parent, pdata); + of_pdata = st_sensors_dev_probe(parent, pdata); if (IS_ERR(of_pdata)) return PTR_ERR(of_pdata); if (of_pdata) @@ -370,7 +370,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, if (err < 0) return err; } else - dev_info(&indio_dev->dev, "Full-scale not possible\n"); + dev_info(parent, "Full-scale not possible\n"); err = st_sensors_set_odr(indio_dev, sdata->odr); if (err < 0) @@ -405,7 +405,7 @@ int st_sensors_init_sensor(struct iio_dev *indio_dev, mask = sdata->sensor_settings->drdy_irq.int2.mask_od; } - dev_info(&indio_dev->dev, + dev_info(parent, "set interrupt line to open drain mode on pin %d\n", sdata->drdy_int_pin); err = st_sensors_write_data_with_mask(indio_dev, addr, @@ -593,21 +593,20 @@ EXPORT_SYMBOL_NS(st_sensors_get_settings_index, "IIO_ST_SENSORS"); int st_sensors_verify_id(struct iio_dev *indio_dev) { struct st_sensor_data *sdata = iio_priv(indio_dev); + struct device *parent = indio_dev->dev.parent; int wai, err; if (sdata->sensor_settings->wai_addr) { err = regmap_read(sdata->regmap, sdata->sensor_settings->wai_addr, &wai); if (err < 0) { - dev_err(&indio_dev->dev, - "failed to read Who-Am-I register.\n"); - return err; + return dev_err_probe(parent, err, + "failed to read Who-Am-I register.\n"); } if (sdata->sensor_settings->wai != wai) { - dev_warn(&indio_dev->dev, - "%s: WhoAmI mismatch (0x%x).\n", - indio_dev->name, wai); + dev_warn(parent, "%s: WhoAmI mismatch (0x%x).\n", + indio_dev->name, wai); } } diff --git a/drivers/iio/common/st_sensors/st_sensors_trigger.c b/drivers/iio/common/st_sensors/st_sensors_trigger.c index 9d4bf822a15dfcdd6c2835f6b9d7698cd3cb0b08..32c3278968089699dff5329e943d92b151b55fdf 100644 --- a/drivers/iio/common/st_sensors/st_sensors_trigger.c +++ b/drivers/iio/common/st_sensors/st_sensors_trigger.c @@ -127,7 +127,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig = devm_iio_trigger_alloc(parent, "%s-trigger", indio_dev->name); if (sdata->trig == NULL) { - dev_err(&indio_dev->dev, "failed to allocate iio trigger.\n"); + dev_err(parent, "failed to allocate iio trigger.\n"); return -ENOMEM; } @@ -143,7 +143,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, case IRQF_TRIGGER_FALLING: case IRQF_TRIGGER_LOW: if (!sdata->sensor_settings->drdy_irq.addr_ihl) { - dev_err(&indio_dev->dev, + dev_err(parent, "falling/low specified for IRQ but hardware supports only rising/high: will request rising/high\n"); if (irq_trig == IRQF_TRIGGER_FALLING) irq_trig = IRQF_TRIGGER_RISING; @@ -156,21 +156,21 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->sensor_settings->drdy_irq.mask_ihl, 1); if (err < 0) return err; - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the falling edge or active low level\n"); } break; case IRQF_TRIGGER_RISING: - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts on the rising edge\n"); break; case IRQF_TRIGGER_HIGH: - dev_info(&indio_dev->dev, + dev_info(parent, "interrupts active high level\n"); break; default: /* This is the most preferred mode, if possible */ - dev_err(&indio_dev->dev, + dev_err(parent, "unsupported IRQ trigger specified (%lx), enforce rising edge\n", irq_trig); irq_trig = IRQF_TRIGGER_RISING; } @@ -179,7 +179,7 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, if (irq_trig == IRQF_TRIGGER_FALLING || irq_trig == IRQF_TRIGGER_RISING) { if (!sdata->sensor_settings->drdy_irq.stat_drdy.addr) { - dev_err(&indio_dev->dev, + dev_err(parent, "edge IRQ not supported w/o stat register.\n"); return -EOPNOTSUPP; } @@ -214,13 +214,13 @@ int st_sensors_allocate_trigger(struct iio_dev *indio_dev, sdata->trig->name, sdata->trig); if (err) { - dev_err(&indio_dev->dev, "failed to request trigger IRQ.\n"); + dev_err(parent, "failed to request trigger IRQ.\n"); return err; } err = devm_iio_trigger_register(parent, sdata->trig); if (err < 0) { - dev_err(&indio_dev->dev, "failed to register iio trigger.\n"); + dev_err(parent, "failed to register iio trigger.\n"); return err; } indio_dev->trig = iio_trigger_get(sdata->trig); --- base-commit: 7bac2c97af4078d7a627500c9bcdd5b033f97718 change-id: 20250522-st_iio_fix-1c58fdd4d420 Best regards, -- Maud Spierings <maudspierings(a)gocontroll.com>

3 weeks, 5 days

2
1
0 0

[PATCH 5.15 1/1] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Dmitriy Privalov

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream. syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.34.1

3 weeks, 5 days

1
0
0 0

[PATCH] extcon: fsa9480: Avoid buffer overflow in fsa9480_handle_change()

by Vladimir Moskovkin

Bit 7 of the 'Device Type 2' (0Bh) register is reserved in the FSA9480 device, but is used by the FSA880 and TSU6111 devices. From FSA9480 datasheet, Table 18. Device Type 2: Reset Value: x0000000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Reserved | 1 | NA From FSA880 datasheet, Table 13. Device Type 2: Reset Value: 0xxx0000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Unknown | 1 | 1: Any accessory detected as unknown | Accessory | | or an accessory that cannot be | | | detected as being valid even | | | though ID_CON is not floating | | | 0: Unknown accessory not detected From TSU6111 datasheet, Device Type 2: Reset Value:x0000000 =========================================================================== Bit # | Name | Size (Bits) | Description --------------------------------------------------------------------------- 7 | Audio Type 3 | 1 | Audio device type 3 So the value obtained from the FSA9480_REG_DEV_T2 register in the fsa9480_detect_dev() function may have the 7th bit set. In this case, the 'dev' parameter in the fsa9480_handle_change() function will be 15. And this will cause the 'cable_types' array to overflow when accessed at this index. Extend the 'cable_types' array with a new value 'DEV_RESERVED' as specified in the FSA9480 datasheet. Do not use it as it serves for various purposes in the listed devices. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: bad5b5e707a5 ("extcon: Add fsa9480 extcon driver") Cc: stable(a)vger.kernel.org Signed-off-by: Vladimir Moskovkin <Vladimir.Moskovkin(a)kaspersky.com> --- drivers/extcon/extcon-fsa9480.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/extcon/extcon-fsa9480.c b/drivers/extcon/extcon-fsa9480.c index b11b43171063..30972a7214f7 100644 --- a/drivers/extcon/extcon-fsa9480.c +++ b/drivers/extcon/extcon-fsa9480.c @@ -68,6 +68,7 @@ #define DEV_T1_CHARGER_MASK (DEV_DEDICATED_CHG | DEV_USB_CHG) /* Device Type 2 */ +#define DEV_RESERVED 15 #define DEV_AV 14 #define DEV_TTY 13 #define DEV_PPD 12 @@ -133,6 +134,7 @@ static const u64 cable_types[] = { [DEV_USB] = BIT_ULL(EXTCON_USB) | BIT_ULL(EXTCON_CHG_USB_SDP), [DEV_AUDIO_2] = BIT_ULL(EXTCON_JACK_LINE_OUT), [DEV_AUDIO_1] = BIT_ULL(EXTCON_JACK_LINE_OUT), + [DEV_RESERVED] = 0, [DEV_AV] = BIT_ULL(EXTCON_JACK_LINE_OUT) | BIT_ULL(EXTCON_JACK_VIDEO_OUT), [DEV_TTY] = BIT_ULL(EXTCON_JIG), @@ -228,7 +230,7 @@ static void fsa9480_detect_dev(struct fsa9480_usbsw *usbsw) dev_err(usbsw->dev, "%s: failed to read registers", __func__); return; } - val = val2 << 8 | val1; + val = val2 << 8 | (val1 & 0xFF); dev_info(usbsw->dev, "dev1: 0x%x, dev2: 0x%x\n", val1, val2); -- 2.25.1

3 weeks, 5 days

1
0
0 0

[PATCH v3] drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks for both runtime PM and system sleep. This causes the DSI clocks to be disabled twice: once during runtime suspend and again during system suspend, resulting in a WARN message from the clock framework when attempting to disable already-disabled clocks. [ 84.384540] clk:231:5 already disabled [ 84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac ... [ 84.579183] Call trace: [ 84.581624] clk_core_disable+0xa4/0xac [ 84.585457] clk_disable+0x30/0x4c [ 84.588857] cdns_dsi_suspend+0x20/0x58 [cdns_dsi] [ 84.593651] pm_generic_suspend+0x2c/0x44 [ 84.597661] ti_sci_pd_suspend+0xbc/0x15c [ 84.601670] dpm_run_callback+0x8c/0x14c [ 84.605588] __device_suspend+0x1a0/0x56c [ 84.609594] dpm_suspend+0x17c/0x21c [ 84.613165] dpm_suspend_start+0xa0/0xa8 [ 84.617083] suspend_devices_and_enter+0x12c/0x634 [ 84.621872] pm_suspend+0x1fc/0x368 To address this issue, replace UNIVERSAL_DEV_PM_OPS() with SET_RUNTIME_PM_OPS(), enabling suspend/resume handling through the _enable()/_disable() hooks managed by the DRM framework for both runtime and system-wide PM. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- v2 -> v3 - Fix warning: 'cdns_dsi_suspend' defined but not used [-Wunused-function] - Fix warning: 'cdns_dsi_resume' defined but not used [-Wunused-function] v1 -> v2 - Rely only on SET_RUNTIME_PM_OPS() for the PM. drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b022dd6e6b6e..6429d541889c 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -1258,7 +1258,7 @@ static const struct mipi_dsi_host_ops cdns_dsi_ops = { .transfer = cdns_dsi_transfer, }; -static int __maybe_unused cdns_dsi_resume(struct device *dev) +static int cdns_dsi_resume(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1269,7 +1269,7 @@ static int __maybe_unused cdns_dsi_resume(struct device *dev) return 0; } -static int __maybe_unused cdns_dsi_suspend(struct device *dev) +static int cdns_dsi_suspend(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1279,8 +1279,9 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) return 0; } -static UNIVERSAL_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, cdns_dsi_resume, - NULL); +static const struct dev_pm_ops cdns_dsi_pm_ops = { + RUNTIME_PM_OPS(cdns_dsi_suspend, cdns_dsi_resume, NULL) +}; static int cdns_dsi_drm_probe(struct platform_device *pdev) { @@ -1427,7 +1428,7 @@ static struct platform_driver cdns_dsi_platform_driver = { .driver = { .name = "cdns-dsi", .of_match_table = cdns_dsi_of_match, - .pm = &cdns_dsi_pm_ops, + .pm = pm_ptr(&cdns_dsi_pm_ops), }, }; module_platform_driver(cdns_dsi_platform_driver); -- 2.34.1

3 weeks, 5 days

2
1
0 0

[PATCH] ASoC: qcom: sdm845: Add error handling in sdm845_slim_snd_hw_params()

by Wentao Liang

The function sdm845_slim_snd_hw_params() calls the functuion snd_soc_dai_set_channel_map() but does not check its return value. A proper implementation can be found in msm_snd_hw_params(). Add error handling for snd_soc_dai_set_channel_map(). If the function fails and it is not a unsupported error, return the error code immediately. Fixes: 5caf64c633a3 ("ASoC: qcom: sdm845: add support to DB845c and Lenovo Yoga") Cc: stable(a)vger.kernel.org # v5.6 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- sound/soc/qcom/sdm845.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sound/soc/qcom/sdm845.c b/sound/soc/qcom/sdm845.c index a479d7e5b7fb..314ff68506d9 100644 --- a/sound/soc/qcom/sdm845.c +++ b/sound/soc/qcom/sdm845.c @@ -91,6 +91,10 @@ static int sdm845_slim_snd_hw_params(struct snd_pcm_substream *substream, else ret = snd_soc_dai_set_channel_map(cpu_dai, tx_ch_cnt, tx_ch, 0, NULL); + if (ret != 0 && ret != -ENOTSUPP) { + dev_err(rtd->dev, "failed to set cpu chan map, err:%d\n", ret); + return ret; + } } return 0; -- 2.42.0.windows.2

3 weeks, 6 days

3
2
0 0

Re: Panic with a lis2dw12 accelerometer

by Maud Spierings

On 5/21/25 11:48, Maud Spierings wrote: > On 5/21/25 11:29, Christian Heusel wrote: >> On 25/05/21 10:53AM, Maud Spierings wrote: >>> I've just experienced an Issue that I think may be a regression. >>> >>> I'm enabling a device which incorporates a lis2dw12 accelerometer, >>> currently >>> I am running 6.12 lts, so 6.12.29 as of typing this message. >> >> Could you check whether the latest mainline release (at the time this is >> v6.15-rc7) is also affected? If that's not the case the bug might >> already be fixed ^_^ > > Unfortunately doesn't seem to be the case, still gets the panic. I also > tried 6.12(.0), but that also has the panic, so it is definitely older > than this lts. > >> Also as you said that this is a regression, what is the last revision >> that the accelerometer worked with? > > Thats a difficult one to pin down, I'm moving from the nxp vendor kernel > to mainline, the last working one that I know sure is 5.10.72 of that > vendor kernel. I did some more digging and the latest lts it seems to work with is 6.1.139, 6.6.91 also crashes. So it seems to be a very old regression. >>> This is where my ability to fix thing fizzles out and so here I am >>> asking >>> for assistance. >>> >>> Kind regards, >>> Maud >> >> Cheers, >> Chris >

3 weeks, 6 days

3
4
0 0

RE: [PATCH v6] virtio_blk: Fix disk deletion hang on device surprise removal

by Parav Pandit

> From: Parav Pandit <parav(a)nvidia.com> > Sent: Thursday, May 22, 2025 1:19 PM > To: Max Gurtovoy <mgurtovoy(a)nvidia.com>; Israel Rukshin > <israelr(a)nvidia.com> > Cc: Parav Pandit <parav(a)nvidia.com>; stable(a)vger.kernel.org; NBU-Contact- > Li Rongqing (EXTERNAL) <lirongqing(a)baidu.com> > Subject: [PATCH v6] virtio_blk: Fix disk deletion hang on device surprise > removal > > When the PCI device is surprise removed, requests may not complete the > device as the VQ is marked as broken. Due to this, the disk deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however when the driver > knows about unresponsive block device, swiftly clearing them enables users > and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in virtio > used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: Li RongQing <lirongqing(a)baidu.com> > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > This is an internal patch, which got CCed to stable by mistake. Please ignore this patch for stable kernels. It is still under internal review. I am sorry for the noise. > --- > v1->v2: (internal v5->v6): > - Addressed comments from Stephan > - fixed spelling to 'waiting' > v1->v2: (internal v4->v5): > - Addressed comments from MST > - removed the vq broken check in queue_rq(s) > --- > drivers/block/virtio_blk.c | 85 > ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 85 insertions(+) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c index > 7cffea01d868..04f24ec20405 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -1554,6 +1554,89 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_request_cancel(struct request *rq, void *data) { > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + struct virtio_blk *vblk = data; > + struct virtio_blk_vq *vq; > + unsigned long flags; > + > + vq = &vblk->vqs[rq->mq_hctx->queue_num]; > + > + spin_lock_irqsave(&vq->lock, flags); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + spin_unlock_irqrestore(&vq->lock, flags); > + return true; > +} > + > +static void virtblk_broken_device_cleanup(struct virtio_blk *vblk) { > + struct request_queue *q = vblk->disk->queue; > + > + return; > + > + if (!virtqueue_is_broken(vblk->vqs[0].vq)) > + return; > + > + /* Start freezing the queue, so that new requests keeps waiting at the > + * door of bio_queue_enter(). We cannot fully freeze the queue > because > + * freezed queue is an empty queue and there are pending requests, > so > + * only start freezing it. > + */ > + blk_freeze_queue_start(q); > + > + /* When quiescing completes, all ongoing dispatches have completed > + * and no new dispatch will happen towards the driver. > + * This ensures that later when cancel is attempted, then are not > + * getting processed by the queue_rq() or queue_rqs() handlers. > + */ > + blk_mq_quiesce_queue(q); > + > + /* > + * Synchronize with any ongoing VQ callbacks, effectively quiescing > + * the device and preventing it from completing further requests > + * to the block layer. Any outstanding, incomplete requests will be > + * completed by virtblk_request_cancel(). > + */ > + virtio_synchronize_cbs(vblk->vdev); > + > + /* At this point, no new requests can enter the queue_rq() and > + * completion routine will not complete any new requests either for > the > + * broken vq. Hence, it is safe to cancel all requests which are > + * started. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_request_cancel, > vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* All pending requests are cleaned up. Time to resume so that disk > + * deletion can be smooth. Start the HW queues so that when queue is > + * unquiesced requests can again enter the driver. > + */ > + blk_mq_start_stopped_hw_queues(q, true); > + > + /* Unquiescing will trigger dispatching any pending requests to the > + * driver which has crossed bio_queue_enter() to the driver. > + */ > + blk_mq_unquiesce_queue(q); > + > + /* Wait for all pending dispatches to terminate which may have been > + * initiated after unquiescing. > + */ > + blk_mq_freeze_queue_wait(q); > + > + /* Mark the disk dead so that once queue unfreeze, the requests > + * waiting at the door of bio_queue_enter() can be aborted right away. > + */ > + blk_mark_disk_dead(vblk->disk); > + > + /* Unfreeze the queue so that any waiting requests will be aborted. */ > + blk_mq_unfreeze_queue_nomemrestore(q); > +} > + > static void virtblk_remove(struct virtio_device *vdev) { > struct virtio_blk *vblk = vdev->priv; > @@ -1561,6 +1644,8 @@ static void virtblk_remove(struct virtio_device > *vdev) > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > > + virtblk_broken_device_cleanup(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); > > -- > 2.34.1

3 weeks, 6 days

1
0
0 0

[PATCH net 4/4] can: slcan: allow reception of short error messages

by Marc Kleine-Budde

From: Carlos Sanchez <carlossanchez(a)geotab.com> Allows slcan to receive short messages (typically errors) from the serial interface. When error support was added to slcan protocol in b32ff4668544e1333b694fcc7812b2d7397b4d6a ("can: slcan: extend the protocol with error info") the minimum valid message size changed from 5 (minimum standard can frame tIII0) to 3 ("e1a" is a valid protocol message, it is one of the examples given in the comments for slcan_bump_err() ), but the check for minimum message length prodicating all decoding was not adjusted. This makes short error messages discarded and error frames not being generated. This patch changes the minimum length to the new minimum (3 characters, excluding terminator, is now a valid message). Signed-off-by: Carlos Sanchez <carlossanchez(a)geotab.com> Fixes: b32ff4668544 ("can: slcan: extend the protocol with error info") Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250520102305.1097494-1-carlossanchez@geotab.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/slcan/slcan-core.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/net/can/slcan/slcan-core.c b/drivers/net/can/slcan/slcan-core.c index 24c6622d36bd..58ff2ec1d975 100644 --- a/drivers/net/can/slcan/slcan-core.c +++ b/drivers/net/can/slcan/slcan-core.c @@ -71,12 +71,21 @@ MODULE_AUTHOR("Dario Binacchi <dario.binacchi(a)amarulasolutions.com>"); #define SLCAN_CMD_LEN 1 #define SLCAN_SFF_ID_LEN 3 #define SLCAN_EFF_ID_LEN 8 +#define SLCAN_DATA_LENGTH_LEN 1 +#define SLCAN_ERROR_LEN 1 #define SLCAN_STATE_LEN 1 #define SLCAN_STATE_BE_RXCNT_LEN 3 #define SLCAN_STATE_BE_TXCNT_LEN 3 -#define SLCAN_STATE_FRAME_LEN (1 + SLCAN_CMD_LEN + \ - SLCAN_STATE_BE_RXCNT_LEN + \ - SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_STATE_MSG_LEN (SLCAN_CMD_LEN + \ + SLCAN_STATE_LEN + \ + SLCAN_STATE_BE_RXCNT_LEN + \ + SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_ERROR_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_ERROR_LEN + \ + SLCAN_DATA_LENGTH_LEN) +#define SLCAN_FRAME_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_SFF_ID_LEN + \ + SLCAN_DATA_LENGTH_LEN) struct slcan { struct can_priv can; @@ -176,6 +185,9 @@ static void slcan_bump_frame(struct slcan *sl) u32 tmpid; char *cmd = sl->rbuff; + if (sl->rcount < SLCAN_FRAME_MSG_LEN_MIN) + return; + skb = alloc_can_skb(sl->dev, &cf); if (unlikely(!skb)) { sl->dev->stats.rx_dropped++; @@ -281,7 +293,7 @@ static void slcan_bump_state(struct slcan *sl) return; } - if (state == sl->can.state || sl->rcount < SLCAN_STATE_FRAME_LEN) + if (state == sl->can.state || sl->rcount != SLCAN_STATE_MSG_LEN) return; cmd += SLCAN_STATE_BE_RXCNT_LEN + SLCAN_CMD_LEN + 1; @@ -328,6 +340,9 @@ static void slcan_bump_err(struct slcan *sl) bool rx_errors = false, tx_errors = false, rx_over_errors = false; int i, len; + if (sl->rcount < SLCAN_ERROR_MSG_LEN_MIN) + return; + /* get len from sanitized ASCII value */ len = cmd[1]; if (len >= '0' && len < '9') @@ -456,8 +471,7 @@ static void slcan_bump(struct slcan *sl) static void slcan_unesc(struct slcan *sl, unsigned char s) { if ((s == '\r') || (s == '\a')) { /* CR or BEL ends the pdu */ - if (!test_and_clear_bit(SLF_ERROR, &sl->flags) && - sl->rcount > 4) + if (!test_and_clear_bit(SLF_ERROR, &sl->flags)) slcan_bump(sl); sl->rcount = 0; -- 2.47.2

3 weeks, 6 days

1
0
0 0

[PATCH net 3/4] can: kvaser_pciefd: Continue parsing DMA buf after dropped RX

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Going bus-off on a channel doing RX could result in dropped packets. As netif_running() gets cleared before the channel abort procedure, the handling of any last RDATA packets would see netif_rx() return non-zero to signal a dropped packet. kvaser_pciefd_read_buffer() dealt with this "error" by breaking out of processing the remaining DMA RX buffer. Only return an error from kvaser_pciefd_read_buffer() due to packet corruption, otherwise handle it internally. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-4-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index a61cbade96d9..f6921368cd14 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1209,7 +1209,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_canfd_skb(priv->dev, &cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } cf->len = can_fd_dlc2len(dlc); @@ -1221,7 +1221,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_can_skb(priv->dev, (struct can_frame **)&cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } can_frame_set_cc_len((struct can_frame *)cf, dlc, priv->ctrlmode); } @@ -1239,7 +1239,9 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, priv->dev->stats.rx_packets++; kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - return netif_rx(skb); + netif_rx(skb); + + return 0; } static void kvaser_pciefd_change_state(struct kvaser_pciefd_can *can, -- 2.47.2

3 weeks, 6 days

1
0
0 0

[PATCH net 2/4] can: kvaser_pciefd: Fix echo_skb race

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> The functions kvaser_pciefd_start_xmit() and kvaser_pciefd_handle_ack_packet() raced to stop/wake TX queues and get/put echo skbs, as kvaser_pciefd_can->echo_lock was only ever taken when transmitting and KCAN_TX_NR_PACKETS_CURRENT gets decremented prior to handling of ACKs. E.g., this caused the following error: can_put_echo_skb: BUG! echo_skb 5 is occupied! Instead, use the synchronization helpers in netdev_queues.h. As those piggyback on BQL barriers, start updating in-flight packets and bytes counts as well. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-3-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 93 +++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index 9cc9176c2058..a61cbade96d9 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -16,6 +16,7 @@ #include <linux/netdevice.h> #include <linux/pci.h> #include <linux/timer.h> +#include <net/netdev_queues.h> MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Kvaser AB <support(a)kvaser.com>"); @@ -410,10 +411,13 @@ struct kvaser_pciefd_can { void __iomem *reg_base; struct can_berr_counter bec; u8 cmd_seq; + u8 tx_max_count; + u8 tx_idx; + u8 ack_idx; int err_rep_cnt; - int echo_idx; + unsigned int completed_tx_pkts; + unsigned int completed_tx_bytes; spinlock_t lock; /* Locks sensitive registers (e.g. MODE) */ - spinlock_t echo_lock; /* Locks the message echo buffer */ struct timer_list bec_poll_timer; struct completion start_comp, flush_comp; }; @@ -714,6 +718,9 @@ static int kvaser_pciefd_open(struct net_device *netdev) int ret; struct kvaser_pciefd_can *can = netdev_priv(netdev); + can->tx_idx = 0; + can->ack_idx = 0; + ret = open_candev(netdev); if (ret) return ret; @@ -745,21 +752,26 @@ static int kvaser_pciefd_stop(struct net_device *netdev) timer_delete(&can->bec_poll_timer); } can->can.state = CAN_STATE_STOPPED; + netdev_reset_queue(netdev); close_candev(netdev); return ret; } +static unsigned int kvaser_pciefd_tx_avail(const struct kvaser_pciefd_can *can) +{ + return can->tx_max_count - (READ_ONCE(can->tx_idx) - READ_ONCE(can->ack_idx)); +} + static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, - struct kvaser_pciefd_can *can, + struct can_priv *can, u8 seq, struct sk_buff *skb) { struct canfd_frame *cf = (struct canfd_frame *)skb->data; int packet_size; - int seq = can->echo_idx; memset(p, 0, sizeof(*p)); - if (can->can.ctrlmode & CAN_CTRLMODE_ONE_SHOT) + if (can->ctrlmode & CAN_CTRLMODE_ONE_SHOT) p->header[1] |= KVASER_PCIEFD_TPACKET_SMS; if (cf->can_id & CAN_RTR_FLAG) @@ -782,7 +794,7 @@ static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, } else { p->header[1] |= FIELD_PREP(KVASER_PCIEFD_RPACKET_DLC_MASK, - can_get_cc_dlc((struct can_frame *)cf, can->can.ctrlmode)); + can_get_cc_dlc((struct can_frame *)cf, can->ctrlmode)); } p->header[1] |= FIELD_PREP(KVASER_PCIEFD_PACKET_SEQ_MASK, seq); @@ -797,22 +809,24 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct kvaser_pciefd_can *can = netdev_priv(netdev); - unsigned long irq_flags; struct kvaser_pciefd_tx_packet packet; + unsigned int seq = can->tx_idx & (can->can.echo_skb_max - 1); + unsigned int frame_len; int nr_words; - u8 count; if (can_dev_dropped_skb(netdev, skb)) return NETDEV_TX_OK; + if (!netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1)) + return NETDEV_TX_BUSY; - nr_words = kvaser_pciefd_prepare_tx_packet(&packet, can, skb); + nr_words = kvaser_pciefd_prepare_tx_packet(&packet, &can->can, seq, skb); - spin_lock_irqsave(&can->echo_lock, irq_flags); /* Prepare and save echo skb in internal slot */ - can_put_echo_skb(skb, netdev, can->echo_idx, 0); - - /* Move echo index to the next slot */ - can->echo_idx = (can->echo_idx + 1) % can->can.echo_skb_max; + WRITE_ONCE(can->can.echo_skb[seq], NULL); + frame_len = can_skb_get_frame_len(skb); + can_put_echo_skb(skb, netdev, seq, frame_len); + netdev_sent_queue(netdev, frame_len); + WRITE_ONCE(can->tx_idx, can->tx_idx + 1); /* Write header to fifo */ iowrite32(packet.header[0], @@ -836,14 +850,7 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, KVASER_PCIEFD_KCAN_FIFO_LAST_REG); } - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); - /* No room for a new message, stop the queue until at least one - * successful transmit - */ - if (count >= can->can.echo_skb_max || can->can.echo_skb[can->echo_idx]) - netif_stop_queue(netdev); - spin_unlock_irqrestore(&can->echo_lock, irq_flags); + netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1); return NETDEV_TX_OK; } @@ -970,6 +977,8 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->kv_pcie = pcie; can->cmd_seq = 0; can->err_rep_cnt = 0; + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; can->bec.txerr = 0; can->bec.rxerr = 0; @@ -983,11 +992,10 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) tx_nr_packets_max = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_MAX_MASK, ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + can->tx_max_count = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); can->can.clock.freq = pcie->freq; - can->can.echo_skb_max = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); - can->echo_idx = 0; - spin_lock_init(&can->echo_lock); + can->can.echo_skb_max = roundup_pow_of_two(can->tx_max_count); spin_lock_init(&can->lock); can->can.bittiming_const = &kvaser_pciefd_bittiming_const; @@ -1510,19 +1518,21 @@ static int kvaser_pciefd_handle_ack_packet(struct kvaser_pciefd *pcie, netdev_dbg(can->can.dev, "Packet was flushed\n"); } else { int echo_idx = FIELD_GET(KVASER_PCIEFD_PACKET_SEQ_MASK, p->header[0]); - int len; - u8 count; + unsigned int len, frame_len = 0; struct sk_buff *skb; + if (echo_idx != (can->ack_idx & (can->can.echo_skb_max - 1))) + return 0; skb = can->can.echo_skb[echo_idx]; - if (skb) - kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - len = can_get_echo_skb(can->can.dev, echo_idx, NULL); - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + if (!skb) + return 0; + kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); + len = can_get_echo_skb(can->can.dev, echo_idx, &frame_len); - if (count < can->can.echo_skb_max && netif_queue_stopped(can->can.dev)) - netif_wake_queue(can->can.dev); + /* Pairs with barrier in kvaser_pciefd_start_xmit() */ + smp_store_release(&can->ack_idx, can->ack_idx + 1); + can->completed_tx_pkts++; + can->completed_tx_bytes += frame_len; if (!one_shot_fail) { can->can.dev->stats.tx_bytes += len; @@ -1638,11 +1648,26 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) { int pos = 0; int res = 0; + unsigned int i; do { res = kvaser_pciefd_read_packet(pcie, &pos, dma_buf); } while (!res && pos > 0 && pos < KVASER_PCIEFD_DMA_SIZE); + /* Report ACKs in this buffer to BQL en masse for correct periods */ + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; + + if (!can->completed_tx_pkts) + continue; + netif_subqueue_completed_wake(can->can.dev, 0, + can->completed_tx_pkts, + can->completed_tx_bytes, + kvaser_pciefd_tx_avail(can), 1); + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; + } + return res; } -- 2.47.2

3 weeks, 6 days

1
0
0 0

[PATCH 5.10 1/1] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Dmitriy Privalov

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream. syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.34.1

3 weeks, 6 days

1
0
0 0

[PATCH 1/2] drm/amdgpu/vcn4.0.5: split code along instances

by Eric Naim

From: Alex Deucher <alexander.deucher(a)amd.com> commit ecc9ab4e924b7eb9e2c4a668162aaa1d9d60d08c upstream Split the code on a per instance basis. This will allow us to use the per instance functions in the future to handle more things per instance. v2: squash in fix for stop() from Boyuan Reviewed-by: Boyuan Zhang <Boyuan.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Tested-by: Eric Naim <dnaim(a)cachyos.org> Signed-off-by: Eric Naim <dnaim(a)cachyos.org> --- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 444 ++++++++++++------------ 1 file changed, 220 insertions(+), 224 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index d2dfdb141b24..9f9a9bf8dab9 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -991,183 +991,178 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_device *adev, int inst_idx, b * vcn_v4_0_5_start - VCN start * * @adev: amdgpu_device pointer + * @i: instance to start * * Start VCN block */ -static int vcn_v4_0_5_start(struct amdgpu_device *adev) +static int vcn_v4_0_5_start(struct amdgpu_device *adev, int i) { volatile struct amdgpu_vcn4_fw_shared *fw_shared; struct amdgpu_ring *ring; uint32_t tmp; - int i, j, k, r; + int j, k, r; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->pm.dpm_enabled) - amdgpu_dpm_enable_vcn(adev, true, i); - } + if (adev->vcn.harvest_config & (1 << i)) + return 0; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->vcn.harvest_config & (1 << i)) - continue; + if (adev->pm.dpm_enabled) + amdgpu_dpm_enable_vcn(adev, true, i); - fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; + fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; - if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { - r = vcn_v4_0_5_start_dpg_mode(adev, i, adev->vcn.indirect_sram); - continue; - } + if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) + return vcn_v4_0_5_start_dpg_mode(adev, i, adev->vcn.indirect_sram); - /* disable VCN power gating */ - vcn_v4_0_5_disable_static_power_gating(adev, i); - - /* set VCN status busy */ - tmp = RREG32_SOC15(VCN, i, regUVD_STATUS) | UVD_STATUS__UVD_BUSY; - WREG32_SOC15(VCN, i, regUVD_STATUS, tmp); - - /*SW clock gating */ - vcn_v4_0_5_disable_clock_gating(adev, i); - - /* enable VCPU clock */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__CLK_EN_MASK, ~UVD_VCPU_CNTL__CLK_EN_MASK); - - /* disable master interrupt */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), 0, - ~UVD_MASTINT_EN__VCPU_EN_MASK); - - /* enable LMI MC and UMC channels */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_LMI_CTRL2), 0, - ~UVD_LMI_CTRL2__STALL_ARB_UMC_MASK); - - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp &= ~UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; - tmp &= ~UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - - /* setup regUVD_LMI_CTRL */ - tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL); - WREG32_SOC15(VCN, i, regUVD_LMI_CTRL, tmp | - UVD_LMI_CTRL__WRITE_CLEAN_TIMER_EN_MASK | - UVD_LMI_CTRL__MASK_MC_URGENT_MASK | - UVD_LMI_CTRL__DATA_COHERENCY_EN_MASK | - UVD_LMI_CTRL__VCPU_DATA_COHERENCY_EN_MASK); - - /* setup regUVD_MPC_CNTL */ - tmp = RREG32_SOC15(VCN, i, regUVD_MPC_CNTL); - tmp &= ~UVD_MPC_CNTL__REPLACEMENT_MODE_MASK; - tmp |= 0x2 << UVD_MPC_CNTL__REPLACEMENT_MODE__SHIFT; - WREG32_SOC15(VCN, i, regUVD_MPC_CNTL, tmp); - - /* setup UVD_MPC_SET_MUXA0 */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXA0, - ((0x1 << UVD_MPC_SET_MUXA0__VARA_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUXA0__VARA_2__SHIFT) | - (0x3 << UVD_MPC_SET_MUXA0__VARA_3__SHIFT) | - (0x4 << UVD_MPC_SET_MUXA0__VARA_4__SHIFT))); - - /* setup UVD_MPC_SET_MUXB0 */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXB0, - ((0x1 << UVD_MPC_SET_MUXB0__VARB_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUXB0__VARB_2__SHIFT) | - (0x3 << UVD_MPC_SET_MUXB0__VARB_3__SHIFT) | - (0x4 << UVD_MPC_SET_MUXB0__VARB_4__SHIFT))); - - /* setup UVD_MPC_SET_MUX */ - WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUX, - ((0x0 << UVD_MPC_SET_MUX__SET_0__SHIFT) | - (0x1 << UVD_MPC_SET_MUX__SET_1__SHIFT) | - (0x2 << UVD_MPC_SET_MUX__SET_2__SHIFT))); - - vcn_v4_0_5_mc_resume(adev, i); - - /* VCN global tiling registers */ - WREG32_SOC15(VCN, i, regUVD_GFX10_ADDR_CONFIG, - adev->gfx.config.gb_addr_config); - - /* unblock VCPU register access */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), 0, - ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); - - /* release VCPU reset to boot */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - - for (j = 0; j < 10; ++j) { - uint32_t status; - - for (k = 0; k < 100; ++k) { - status = RREG32_SOC15(VCN, i, regUVD_STATUS); - if (status & 2) - break; - mdelay(10); - if (amdgpu_emu_mode == 1) - msleep(1); - } + /* disable VCN power gating */ + vcn_v4_0_5_disable_static_power_gating(adev, i); + + /* set VCN status busy */ + tmp = RREG32_SOC15(VCN, i, regUVD_STATUS) | UVD_STATUS__UVD_BUSY; + WREG32_SOC15(VCN, i, regUVD_STATUS, tmp); - if (amdgpu_emu_mode == 1) { - r = -1; - if (status & 2) { - r = 0; - break; - } - } else { + /* SW clock gating */ + vcn_v4_0_5_disable_clock_gating(adev, i); + + /* enable VCPU clock */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__CLK_EN_MASK, ~UVD_VCPU_CNTL__CLK_EN_MASK); + + /* disable master interrupt */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), 0, + ~UVD_MASTINT_EN__VCPU_EN_MASK); + + /* enable LMI MC and UMC channels */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_LMI_CTRL2), 0, + ~UVD_LMI_CTRL2__STALL_ARB_UMC_MASK); + + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp &= ~UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; + tmp &= ~UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + + /* setup regUVD_LMI_CTRL */ + tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL); + WREG32_SOC15(VCN, i, regUVD_LMI_CTRL, tmp | + UVD_LMI_CTRL__WRITE_CLEAN_TIMER_EN_MASK | + UVD_LMI_CTRL__MASK_MC_URGENT_MASK | + UVD_LMI_CTRL__DATA_COHERENCY_EN_MASK | + UVD_LMI_CTRL__VCPU_DATA_COHERENCY_EN_MASK); + + /* setup regUVD_MPC_CNTL */ + tmp = RREG32_SOC15(VCN, i, regUVD_MPC_CNTL); + tmp &= ~UVD_MPC_CNTL__REPLACEMENT_MODE_MASK; + tmp |= 0x2 << UVD_MPC_CNTL__REPLACEMENT_MODE__SHIFT; + WREG32_SOC15(VCN, i, regUVD_MPC_CNTL, tmp); + + /* setup UVD_MPC_SET_MUXA0 */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXA0, + ((0x1 << UVD_MPC_SET_MUXA0__VARA_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUXA0__VARA_2__SHIFT) | + (0x3 << UVD_MPC_SET_MUXA0__VARA_3__SHIFT) | + (0x4 << UVD_MPC_SET_MUXA0__VARA_4__SHIFT))); + + /* setup UVD_MPC_SET_MUXB0 */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUXB0, + ((0x1 << UVD_MPC_SET_MUXB0__VARB_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUXB0__VARB_2__SHIFT) | + (0x3 << UVD_MPC_SET_MUXB0__VARB_3__SHIFT) | + (0x4 << UVD_MPC_SET_MUXB0__VARB_4__SHIFT))); + + /* setup UVD_MPC_SET_MUX */ + WREG32_SOC15(VCN, i, regUVD_MPC_SET_MUX, + ((0x0 << UVD_MPC_SET_MUX__SET_0__SHIFT) | + (0x1 << UVD_MPC_SET_MUX__SET_1__SHIFT) | + (0x2 << UVD_MPC_SET_MUX__SET_2__SHIFT))); + + vcn_v4_0_5_mc_resume(adev, i); + + /* VCN global tiling registers */ + WREG32_SOC15(VCN, i, regUVD_GFX10_ADDR_CONFIG, + adev->gfx.config.gb_addr_config); + + /* unblock VCPU register access */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), 0, + ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); + + /* release VCPU reset to boot */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + + for (j = 0; j < 10; ++j) { + uint32_t status; + + for (k = 0; k < 100; ++k) { + status = RREG32_SOC15(VCN, i, regUVD_STATUS); + if (status & 2) + break; + mdelay(10); + if (amdgpu_emu_mode == 1) + msleep(1); + } + + if (amdgpu_emu_mode == 1) { + r = -1; + if (status & 2) { r = 0; - if (status & 2) - break; - - dev_err(adev->dev, - "VCN[%d] is not responding, trying to reset VCPU!!!\n", i); - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__BLK_RST_MASK, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - mdelay(10); - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~UVD_VCPU_CNTL__BLK_RST_MASK); - - mdelay(10); - r = -1; + break; } + } else { + r = 0; + if (status & 2) + break; + + dev_err(adev->dev, + "VCN[%d] is not responding, trying to reset VCPU!!!\n", i); + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__BLK_RST_MASK, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + mdelay(10); + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~UVD_VCPU_CNTL__BLK_RST_MASK); + + mdelay(10); + r = -1; } + } - if (r) { - dev_err(adev->dev, "VCN[%d] is not responding, giving up!!!\n", i); - return r; - } + if (r) { + dev_err(adev->dev, "VCN[%d] is not responding, giving up!!!\n", i); + return r; + } - /* enable master interrupt */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), - UVD_MASTINT_EN__VCPU_EN_MASK, - ~UVD_MASTINT_EN__VCPU_EN_MASK); + /* enable master interrupt */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_MASTINT_EN), + UVD_MASTINT_EN__VCPU_EN_MASK, + ~UVD_MASTINT_EN__VCPU_EN_MASK); - /* clear the busy bit of VCN_STATUS */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_STATUS), 0, - ~(2 << UVD_STATUS__VCPU_REPORT__SHIFT)); + /* clear the busy bit of VCN_STATUS */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_STATUS), 0, + ~(2 << UVD_STATUS__VCPU_REPORT__SHIFT)); - ring = &adev->vcn.inst[i].ring_enc[0]; - WREG32_SOC15(VCN, i, regVCN_RB1_DB_CTRL, - ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | - VCN_RB1_DB_CTRL__EN_MASK); - - WREG32_SOC15(VCN, i, regUVD_RB_BASE_LO, ring->gpu_addr); - WREG32_SOC15(VCN, i, regUVD_RB_BASE_HI, upper_32_bits(ring->gpu_addr)); - WREG32_SOC15(VCN, i, regUVD_RB_SIZE, ring->ring_size / 4); - - tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); - tmp &= ~(VCN_RB_ENABLE__RB1_EN_MASK); - WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); - fw_shared->sq.queue_mode |= FW_QUEUE_RING_RESET; - WREG32_SOC15(VCN, i, regUVD_RB_RPTR, 0); - WREG32_SOC15(VCN, i, regUVD_RB_WPTR, 0); - - tmp = RREG32_SOC15(VCN, i, regUVD_RB_RPTR); - WREG32_SOC15(VCN, i, regUVD_RB_WPTR, tmp); - ring->wptr = RREG32_SOC15(VCN, i, regUVD_RB_WPTR); - - tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); - tmp |= VCN_RB_ENABLE__RB1_EN_MASK; - WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); - fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); - } + ring = &adev->vcn.inst[i].ring_enc[0]; + WREG32_SOC15(VCN, i, regVCN_RB1_DB_CTRL, + ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | + VCN_RB1_DB_CTRL__EN_MASK); + + WREG32_SOC15(VCN, i, regUVD_RB_BASE_LO, ring->gpu_addr); + WREG32_SOC15(VCN, i, regUVD_RB_BASE_HI, upper_32_bits(ring->gpu_addr)); + WREG32_SOC15(VCN, i, regUVD_RB_SIZE, ring->ring_size / 4); + + tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + tmp &= ~(VCN_RB_ENABLE__RB1_EN_MASK); + WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); + fw_shared->sq.queue_mode |= FW_QUEUE_RING_RESET; + WREG32_SOC15(VCN, i, regUVD_RB_RPTR, 0); + WREG32_SOC15(VCN, i, regUVD_RB_WPTR, 0); + + tmp = RREG32_SOC15(VCN, i, regUVD_RB_RPTR); + WREG32_SOC15(VCN, i, regUVD_RB_WPTR, tmp); + ring->wptr = RREG32_SOC15(VCN, i, regUVD_RB_WPTR); + + tmp = RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + tmp |= VCN_RB_ENABLE__RB1_EN_MASK; + WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); + fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); return 0; } @@ -1204,88 +1199,87 @@ static void vcn_v4_0_5_stop_dpg_mode(struct amdgpu_device *adev, int inst_idx) * vcn_v4_0_5_stop - VCN stop * * @adev: amdgpu_device pointer + * @i: instance to stop * * Stop VCN block */ -static int vcn_v4_0_5_stop(struct amdgpu_device *adev) +static int vcn_v4_0_5_stop(struct amdgpu_device *adev, int i) { volatile struct amdgpu_vcn4_fw_shared *fw_shared; uint32_t tmp; - int i, r = 0; + int r = 0; - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->vcn.harvest_config & (1 << i)) - continue; - - fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; - fw_shared->sq.queue_mode |= FW_QUEUE_DPG_HOLD_OFF; + if (adev->vcn.harvest_config & (1 << i)) + return 0; - if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { - vcn_v4_0_5_stop_dpg_mode(adev, i); - continue; - } + fw_shared = adev->vcn.inst[i].fw_shared.cpu_addr; + fw_shared->sq.queue_mode |= FW_QUEUE_DPG_HOLD_OFF; - /* wait for vcn idle */ - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_STATUS, UVD_STATUS__IDLE, 0x7); - if (r) - return r; + if (adev->pg_flags & AMD_PG_SUPPORT_VCN_DPG) { + vcn_v4_0_5_stop_dpg_mode(adev, i); + r = 0; + goto done; + } - tmp = UVD_LMI_STATUS__VCPU_LMI_WRITE_CLEAN_MASK | - UVD_LMI_STATUS__READ_CLEAN_MASK | - UVD_LMI_STATUS__WRITE_CLEAN_MASK | - UVD_LMI_STATUS__WRITE_CLEAN_RAW_MASK; - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); - if (r) - return r; + /* wait for vcn idle */ + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_STATUS, UVD_STATUS__IDLE, 0x7); + if (r) + goto done; - /* disable LMI UMC channel */ - tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL2); - tmp |= UVD_LMI_CTRL2__STALL_ARB_UMC_MASK; - WREG32_SOC15(VCN, i, regUVD_LMI_CTRL2, tmp); - tmp = UVD_LMI_STATUS__UMC_READ_CLEAN_RAW_MASK | - UVD_LMI_STATUS__UMC_WRITE_CLEAN_RAW_MASK; - r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); - if (r) - return r; + tmp = UVD_LMI_STATUS__VCPU_LMI_WRITE_CLEAN_MASK | + UVD_LMI_STATUS__READ_CLEAN_MASK | + UVD_LMI_STATUS__WRITE_CLEAN_MASK | + UVD_LMI_STATUS__WRITE_CLEAN_RAW_MASK; + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); + if (r) + goto done; + + /* disable LMI UMC channel */ + tmp = RREG32_SOC15(VCN, i, regUVD_LMI_CTRL2); + tmp |= UVD_LMI_CTRL2__STALL_ARB_UMC_MASK; + WREG32_SOC15(VCN, i, regUVD_LMI_CTRL2, tmp); + tmp = UVD_LMI_STATUS__UMC_READ_CLEAN_RAW_MASK | + UVD_LMI_STATUS__UMC_WRITE_CLEAN_RAW_MASK; + r = SOC15_WAIT_ON_RREG(VCN, i, regUVD_LMI_STATUS, tmp, tmp); + if (r) + goto done; - /* block VCPU register access */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), - UVD_RB_ARB_CTRL__VCPU_DIS_MASK, - ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); + /* block VCPU register access */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_RB_ARB_CTRL), + UVD_RB_ARB_CTRL__VCPU_DIS_MASK, + ~UVD_RB_ARB_CTRL__VCPU_DIS_MASK); - /* reset VCPU */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), - UVD_VCPU_CNTL__BLK_RST_MASK, - ~UVD_VCPU_CNTL__BLK_RST_MASK); + /* reset VCPU */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), + UVD_VCPU_CNTL__BLK_RST_MASK, + ~UVD_VCPU_CNTL__BLK_RST_MASK); - /* disable VCPU clock */ - WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, - ~(UVD_VCPU_CNTL__CLK_EN_MASK)); + /* disable VCPU clock */ + WREG32_P(SOC15_REG_OFFSET(VCN, i, regUVD_VCPU_CNTL), 0, + ~(UVD_VCPU_CNTL__CLK_EN_MASK)); - /* apply soft reset */ - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp |= UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); - tmp |= UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; - WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + /* apply soft reset */ + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp |= UVD_SOFT_RESET__LMI_UMC_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); + tmp = RREG32_SOC15(VCN, i, regUVD_SOFT_RESET); + tmp |= UVD_SOFT_RESET__LMI_SOFT_RESET_MASK; + WREG32_SOC15(VCN, i, regUVD_SOFT_RESET, tmp); - /* clear status */ - WREG32_SOC15(VCN, i, regUVD_STATUS, 0); + /* clear status */ + WREG32_SOC15(VCN, i, regUVD_STATUS, 0); - /* apply HW clock gating */ - vcn_v4_0_5_enable_clock_gating(adev, i); + /* apply HW clock gating */ + vcn_v4_0_5_enable_clock_gating(adev, i); - /* enable VCN power gating */ - vcn_v4_0_5_enable_static_power_gating(adev, i); - } + /* enable VCN power gating */ + vcn_v4_0_5_enable_static_power_gating(adev, i); - for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { - if (adev->pm.dpm_enabled) - amdgpu_dpm_enable_vcn(adev, false, i); - } +done: + if (adev->pm.dpm_enabled) + amdgpu_dpm_enable_vcn(adev, false, i); - return 0; + return r; } /** @@ -1537,15 +1531,17 @@ static int vcn_v4_0_5_set_powergating_state(struct amdgpu_ip_block *ip_block, enum amd_powergating_state state) { struct amdgpu_device *adev = ip_block->adev; - int ret; + int ret = 0, i; if (state == adev->vcn.cur_state) return 0; - if (state == AMD_PG_STATE_GATE) - ret = vcn_v4_0_5_stop(adev); - else - ret = vcn_v4_0_5_start(adev); + for (i = 0; i < adev->vcn.num_vcn_inst; ++i) { + if (state == AMD_PG_STATE_GATE) + ret |= vcn_v4_0_5_stop(adev, i); + else + ret |= vcn_v4_0_5_start(adev, i); + } if (!ret) adev->vcn.cur_state = state; -- 2.49.0

3 weeks, 6 days

2
3
0 0

Regression between 6.1.135 and 6.1.139, possibly related to ITS mitigations

by Moritz Mühlenhoff

Hi, I'd like to report a regression which seems related to the latest ITS mitigations in Linux 6.1.x: The server in question is a Supermicro SYS-120C-TN10R with a "Intel(R) Xeon(R) Silver 4310 CPU @ 2.10GHz" CPU, running Debian Bookworm. The full output of /proc/cpuinfo is attached as cpuinfo.txt In addition to the kernel changes between 6.1.135 and 6.1.139 there is also some additional invariant, namely the Intel microcode loaded at early boot: On Linux 6.1.135 every works fine with both the 20250211 and 20250512 microcode releases (kern.log is attached as 6.1.135-feb-microcode.log and 6.1.135-may-microcode.log) With 6.1.139 and the February microcode, oopses appear related to clear_bhb_loop() (which may be related to "x86/its: Align RETs in BHB clear sequence to avoid thunking"?). This is captured in 6.1.139-feb-microcode.log. With 6.1.139 and the May microcode, the system mostly crashes on bootup (in my tests it crashed in three out of four attempts). I've captured both the crash (6.1.139-may-microcode-crash.log) and a working boot (6.1.139-may-microcode-noncrash.log). If you need any additional information, please let me know! Cheers, Moritz

3 weeks, 6 days

3
3
0 0

[PATCH v4 rc] iommu: Skip PASID validation for devices without PASID capability

by Tushar Dave

Generally PASID support requires ACS settings that usually create single device groups, but there are some niche cases where we can get multi-device groups and still have working PASID support. The primary issue is that PCI switches are not required to treat PASID tagged TLPs specially so appropriate ACS settings are required to route all TLPs to the host bridge if PASID is going to work properly. pci_enable_pasid() does check that each device that will use PASID has the proper ACS settings to achieve this routing. However, no-PASID devices can be combined with PASID capable devices within the same topology using non-uniform ACS settings. In this case the no-PASID devices may not have strict route to host ACS flags and end up being grouped with the PASID devices. This configuration fails to allow use of the PASID within the iommu core code which wrongly checks if the no-PASID device supports PASID. Fix this by ignoring no-PASID devices during the PASID validation. They will never issue a PASID TLP anyhow so they can be ignored. Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()") Cc: stable(a)vger.kernel.org Signed-off-by: Tushar Dave <tdave(a)nvidia.com> --- changes in v4: - rebase to 6.15-rc7 drivers/iommu/iommu.c | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 4f91a740c15f..9d728800a862 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -3366,10 +3366,12 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, int ret; for_each_group_device(group, device) { - ret = domain->ops->set_dev_pasid(domain, device->dev, - pasid, old); - if (ret) - goto err_revert; + if (device->dev->iommu->max_pasids > 0) { + ret = domain->ops->set_dev_pasid(domain, device->dev, + pasid, old); + if (ret) + goto err_revert; + } } return 0; @@ -3379,15 +3381,18 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, for_each_group_device(group, device) { if (device == last_gdev) break; - /* - * If no old domain, undo the succeeded devices/pasid. - * Otherwise, rollback the succeeded devices/pasid to the old - * domain. And it is a driver bug to fail attaching with a - * previously good domain. - */ - if (!old || WARN_ON(old->ops->set_dev_pasid(old, device->dev, + if (device->dev->iommu->max_pasids > 0) { + /* + * If no old domain, undo the succeeded devices/pasid. + * Otherwise, rollback the succeeded devices/pasid to + * the old domain. And it is a driver bug to fail + * attaching with a previously good domain. + */ + if (!old || + WARN_ON(old->ops->set_dev_pasid(old, device->dev, pasid, domain))) - iommu_remove_dev_pasid(device->dev, pasid, domain); + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } return ret; } @@ -3398,8 +3403,10 @@ static void __iommu_remove_group_pasid(struct iommu_group *group, { struct group_device *device; - for_each_group_device(group, device) - iommu_remove_dev_pasid(device->dev, pasid, domain); + for_each_group_device(group, device) { + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } /* @@ -3440,7 +3447,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, mutex_lock(&group->mutex); for_each_group_device(group, device) { - if (pasid >= device->dev->iommu->max_pasids) { + /* + * Skip PASID validation for devices without PASID support + * (max_pasids = 0). These devices cannot issue transactions + * with PASID, so they don't affect group's PASID usage. + */ + if ((device->dev->iommu->max_pasids > 0) && + (pasid >= device->dev->iommu->max_pasids)) { ret = -EINVAL; goto out_unlock; } -- 2.34.1

3 weeks, 6 days

4
3
0 0

6.12.29: amdgpu-related "fail"-messages during boot; bisected

by Rainer Fiebig

Hi! After updating to linux-6.12.29, I see lots of "fail"-messages during boot: May 19 23:39:09 LUX kernel: [ 4.819552] amdgpu 0000:30:00.0: amdgpu: [drm] amdgpu: DP AUX transfer fail:4 Bisecting for drivers/gpu/drm/amd had this result: > git bisect bad 2d63e66f7ba7b88b87e72155a33b970c81cf4664 is the first bad commit commit 2d63e66f7ba7b88b87e72155a33b970c81cf4664 (HEAD) Author: Wayne Lin <Wayne.Lin(a)amd.com> Date: Sun Apr 20 19:22:14 2025 +0800 drm/amd/display: Fix wrong handling for AUX_DEFER case commit 65924ec69b29296845c7f628112353438e63ea56 upstream. The system (Ryzen 3 5600G, latest BIOS) is stable so far but the error-messages are not nice to see. Thanks. Rainer Fiebig -- The truth always turns out to be simpler than you thought. Richard Feynman

3 weeks, 6 days

3
3
0 0

[PATCH v2] mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table

by Gavin Guo

The patch fixes a deadlock which can be triggered by an internal syzkaller [1] reproducer and captured by bpftrace script [2] and its log [3] in this scenario: Process 1 Process 2 --- --- hugetlb_fault mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // take A hugetlb_wp mutex_unlock(B) // release B ... hugetlb_fault ... mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // blocked unmap_ref_private ... mutex_lock(B) // retake and blocked This is a ABBA deadlock involving two locks: - Lock A: pagecache_folio lock - Lock B: hugetlb_fault_mutex_table lock The deadlock occurs between two processes as follows: 1. The first process (let’s call it Process 1) is handling a copy-on-write (COW) operation on a hugepage via hugetlb_wp. Due to insufficient reserved hugetlb pages, Process 1, owner of the reserved hugetlb page, attempts to unmap a hugepage owned by another process (non-owner) to satisfy the reservation. Before unmapping, Process 1 acquires lock B (hugetlb_fault_mutex_table lock) and then lock A (pagecache_folio lock). To proceed with the unmap, it releases Lock B but retains Lock A. After the unmap, Process 1 tries to reacquire Lock B. However, at this point, Lock B has already been acquired by another process. 2. The second process (Process 2) enters the hugetlb_fault handler during the unmap operation. It successfully acquires Lock B (hugetlb_fault_mutex_table lock) that was just released by Process 1, but then attempts to acquire Lock A (pagecache_folio lock), which is still held by Process 1. As a result, Process 1 (holding Lock A) is blocked waiting for Lock B (held by Process 2), while Process 2 (holding Lock B) is blocked waiting for Lock A (held by Process 1), constructing a ABBA deadlock scenario. The error message: INFO: task repro_20250402_:13229 blocked for more than 64 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:25856 pid:13229 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00004006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 schedule_preempt_disabled+0x15/0x30 __mutex_lock+0x75f/0xeb0 hugetlb_wp+0xf88/0x3440 hugetlb_fault+0x14c8/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0x61d/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0010:__put_user_4+0xd/0x20 copy_process+0x1f4a/0x3d60 kernel_clone+0x210/0x8f0 __x64_sys_clone+0x18d/0x1f0 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x41b26d </TASK> INFO: task repro_20250402_:13229 is blocked on a mutex likely owned by task repro_20250402_:13250. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> INFO: task repro_20250402_:13250 blocked for more than 65 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/35: #0: ffffffff879a7440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 2 locks held by repro_20250402_/13229: #0: ffff888017d801e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x37/0x300 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_wp+0xf88/0x3440 3 locks held by repro_20250402_/13250: #0: ffff8880177f3d08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x41b/0x1490 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_fault+0x3b8/0x2c30 #2: ffff8880129500e8 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_fault+0x494/0x2c30 Link: https://drive.google.com/file/d/1DVRnIW-vSayU5J1re9Ct_br3jJQU6Vpb/view?usp=… [1] Link: https://github.com/bboymimi/bpftracer/blob/master/scripts/hugetlb_lock_debu… [2] Link: https://drive.google.com/file/d/1bWq2-8o-BJAuhoHWX7zAhI6ggfhVzQUI/view?usp=… [3] Fixes: 40549ba8f8e0 ("hugetlb: use new vma_lock for pmd sharing synchronization") Cc: stable(a)vger.kernel.org Cc: Hugh Dickins <hughd(a)google.com> Cc: Florent Revest <revest(a)google.com> Cc: Gavin Shan <gshan(a)redhat.com> Suggested-by: Oscar Salvador <osalvador(a)suse.de> Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> --- V1 -> V2 Suggested-by Oscar Salvador: - Use folio_test_locked to replace the unnecessary parameter passing. mm/hugetlb.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 7ae38bfb9096..ed501f134eff 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -6226,6 +6226,12 @@ static vm_fault_t hugetlb_wp(struct folio *pagecache_folio, u32 hash; folio_put(old_folio); + /* + * The pagecache_folio needs to be unlocked to avoid + * deadlock when the child unmaps the folio. + */ + if (pagecache_folio) + folio_unlock(pagecache_folio); /* * Drop hugetlb_fault_mutex and vma_lock before * unmapping. unmapping needs to hold vma_lock @@ -6823,8 +6829,13 @@ vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, out_ptl: spin_unlock(vmf.ptl); + /* + * hugetlb_wp() might have already unlocked pagecache_folio, so + * skip it if that is the case. + */ if (pagecache_folio) { - folio_unlock(pagecache_folio); + if (folio_test_locked(pagecache_folio)) + folio_unlock(pagecache_folio); folio_put(pagecache_folio); } out_mutex: base-commit: 4a95bc121ccdaee04c4d72f84dbfa6b880a514b6 -- 2.43.0

3 weeks, 6 days

3
6
0 0

[PATCH] tty: serial: 8250_omap: fix TX with DMA for am33xx

by Jiri Slaby (SUSE)

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, the "skip_byte" is pulled from the kfifo and emitted directly in order to start the DMA. While the kfifo is updated, dma->tx_size is not decreased. This leads to uart_xmit_advance() called in omap_8250_dma_tx_complete() advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the DMA size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. Now, the "skip_byte" would no longer be accounted to the stats. As previously, dma->tx_size included also this skip byte, up->icount.tx was updated by aforementioned uart_xmit_advance() in omap_8250_dma_tx_complete(). Fix this by using the uart_fifo_out() helper instead of bare kfifo_get(). Based on patch by Mans Rullgard <mans(a)mansr.com> Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Reported-by: Mans Rullgard <mans(a)mansr.com> Cc: stable(a)vger.kernel.org --- The same as for the original patch, I would appreaciate if someone actually tests this one on a real HW too. A patch to optimize the driver to use 2 sgls is still welcome. I will not add it without actually having the HW. --- drivers/tty/serial/8250/8250_omap.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index c9b1c689a045..bb23afdd63f2 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1151,16 +1151,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1185,18 +1175,22 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } - if (!kfifo_get(&tport->xmit_fifo, &c)) { + if (!uart_fifo_out(&p->port, &c, 1)) { ret = -EINVAL; goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); + } + + sg_init_table(&sg, 1); + ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, UART_XMIT_SIZE, dma->tx_addr); + if (ret != 1) { + ret = -EINVAL; + goto err; } desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, @@ -1206,6 +1200,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; -- 2.49.0

3 weeks, 6 days

4
6
0 0

[PATCH v2] tty: serial: 8250_omap: fix TX with DMA for am33xx

by Jiri Slaby (SUSE)

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, the "skip_byte" is pulled from the kfifo and emitted directly in order to start the DMA. While the kfifo is updated, dma->tx_size is not decreased. This leads to uart_xmit_advance() called in omap_8250_dma_tx_complete() advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the DMA size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. Now, the "skip_byte" would no longer be accounted to the stats. As previously, dma->tx_size included also this skip byte, up->icount.tx was updated by aforementioned uart_xmit_advance() in omap_8250_dma_tx_complete(). Fix this by using the uart_fifo_out() helper instead of bare kfifo_get(). Based on patch by Mans Rullgard <mans(a)mansr.com> Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Link: https://lore.kernel.org/all/20250506150748.3162-1-mans@mansr.com/ Reported-by: Mans Rullgard <mans(a)mansr.com> Cc: stable(a)vger.kernel.org --- [v2] S-O-B added --- drivers/tty/serial/8250/8250_omap.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index 2a0ce11f405d..72ae08d6204f 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1173,16 +1173,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1207,18 +1197,22 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } - if (!kfifo_get(&tport->xmit_fifo, &c)) { + if (!uart_fifo_out(&p->port, &c, 1)) { ret = -EINVAL; goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); + } + + sg_init_table(&sg, 1); + ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, UART_XMIT_SIZE, dma->tx_addr); + if (ret != 1) { + ret = -EINVAL; + goto err; } desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, @@ -1228,6 +1222,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; -- 2.49.0

3 weeks, 6 days

1
0
0 0

[PATCH 6.1 00/97] 6.1.140-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.140 release. There are 97 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.140-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.140-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Théo Lebrun <theo.lebrun(a)bootlin.com> spi: cadence-qspi: fix pointer reference in runtime PM hooks Shigeru Yoshida <syoshida(a)redhat.com> ipv4: Fix uninit-value access in __ip_make_skb() Shigeru Yoshida <syoshida(a)redhat.com> ipv6: Fix potential uninit-value access in __ip6_make_skb() Shravya KN <shravya.k-n(a)broadcom.com> bnxt_en: Fix receive ring space parameters when XDP is active Maciej S. Szmigiero <mail(a)maciej.szmigiero.name> platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Mark Brown <broonie(a)kernel.org> arm64/sme: Always exit sme_alloc() early with existing storage Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: wait for rcu grace period on net_device removal Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx Filipe Manana <fdmanana(a)suse.com> btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Peter Collingbourne <pcc(a)google.com> bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Xu Lu <luxu.kernel(a)bytedance.com> riscv: mm: Fix the out of bound issue of vmemmap address Byungchul Park <byungchul(a)sk.com> mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index Feng Tang <feng.tang(a)linux.alibaba.com> selftests/mm: compaction_test: support platform with huge mount of memory GONG Ruiqi <gongruiqi1(a)huawei.com> usb: typec: fix pm usage counter imbalance in ucsi_ccg_sync_control() Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: fix potential array underflow in ucsi_ccg_sync_control() RD Babiera <rdbabiera(a)google.com> usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: trigger flr_work if reading pf2vf data failed Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Kees Cook <kees(a)kernel.org> binfmt_elf: Honor PT_LOAD alignment for static PIE Kees Cook <kees(a)kernel.org> binfmt_elf: Calculate total_size earlier Kees Cook <kees(a)kernel.org> selftests/exec: Build both static and non-static load_address tests Kees Cook <keescook(a)chromium.org> binfmt_elf: Leave a gap between .bss and brk Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/exec: load_address: conform test to TAP format output Kees Cook <keescook(a)chromium.org> binfmt_elf: elf_bss no longer used by load_elf_binary() Eric W. Biederman <ebiederm(a)xmission.com> binfmt_elf: Support segments with 0 filesz and misaligned starts Kees Cook <keescook(a)chromium.org> binfmt: Fix whitespace issues ------------- Diffstat: Makefile | 4 +- arch/arm64/kernel/fpsimd.c | 6 +- arch/arm64/net/bpf_jit_comp.c | 12 +- arch/loongarch/Makefile | 2 +- arch/loongarch/include/asm/ptrace.h | 2 +- arch/riscv/include/asm/page.h | 1 + arch/riscv/include/asm/pgtable.h | 2 +- arch/riscv/mm/init.c | 17 +- block/bio.c | 2 +- drivers/acpi/pptt.c | 11 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/clocksource/i8253.c | 4 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 145 +++++++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 + drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 + drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +---- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 10 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 +++- drivers/net/hyperv/netvsc_drv.c | 62 +---- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc.c | 8 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-cadence-quadspi.c | 6 +- drivers/spi/spi-loopback-test.c | 2 +- drivers/usb/typec/altmodes/displayport.c | 18 +- drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 +++ drivers/usb/typec/ucsi/ucsi.h | 3 + drivers/usb/typec/ucsi/ucsi_ccg.c | 5 + fs/binfmt_elf.c | 293 ++++++++++++--------- fs/binfmt_elf_fdpic.c | 2 +- fs/btrfs/discard.c | 17 +- fs/btrfs/extent-tree.c | 25 +- fs/exec.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/tpm.h | 2 +- include/net/netfilter/nf_tables.h | 3 +- include/net/sch_generic.h | 15 ++ include/uapi/linux/elf.h | 2 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/memory_hotplug.c | 6 +- mm/migrate.c | 8 + net/ipv4/ip_output.c | 3 +- net/ipv4/raw.c | 3 + net/ipv6/ip6_output.c | 3 +- net/mctp/route.c | 4 +- net/netfilter/nf_tables_api.c | 54 ++-- net/netfilter/nft_immediate.c | 2 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/sctp/sysctl.c | 4 + net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/testing/selftests/exec/Makefile | 19 +- tools/testing/selftests/exec/load_address.c | 83 ++++-- tools/testing/selftests/vm/compaction_test.c | 19 +- 103 files changed, 937 insertions(+), 530 deletions(-)

3 weeks, 6 days

10
106
0 0

[PATCH 6.6 000/117] 6.6.92-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.92 release. There are 117 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.92-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.92-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Filipe Manana <fdmanana(a)suse.com> btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Eric Dumazet <edumazet(a)google.com> sctp: add mutual exclusion in proc_sctp_do_udp_port() Ma Wupeng <mawupeng1(a)huawei.com> hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio Tom Lendacky <thomas.lendacky(a)amd.com> memblock: Accept allocated memory before use in memblock_double_array() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Explicitly specify code model in Makefile Peter Collingbourne <pcc(a)google.com> bpf, arm64: Fix address emission with tag-based KASAN enabled Puranjay Mohan <puranjay(a)kernel.org> bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG Zi Yan <ziy(a)nvidia.com> mm/migrate: correct nr_failed in migrate_pages_sync() Feng Tang <feng.tang(a)linux.alibaba.com> selftests/mm: compaction_test: support platform with huge mount of memory Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Fix build error for its_static_thunk() Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: Inline small fragments within TX descriptor Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Eric Dumazet <edumazet(a)google.com> mctp: no longer rely on net->dev_index_head[] Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Rahul Rameshbabu <rrameshbabu(a)nvidia.com> tools: ynl: ethtool.py: Output timestamping statistics from tsinfo-get operation Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support Zhigang Luo <Zhigang.Luo(a)amd.com> drm/amdgpu: trigger flr_work if reading pf2vf data failed Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the runtime resume failure issue Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Stop evicting resources on APUs in suspend Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Mikhail Lobanov <m.lobanov(a)rosa.ru> KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Peter Gonda <pgonda(a)google.com> KVM: SVM: Update SEV-ES shutdown intercepts with more metadata Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix timeout checks on polling path Luke Parkin <luke.parkin(a)arm.com> firmware: arm_scmi: Track basic SCMI communication debug metrics Luke Parkin <luke.parkin(a)arm.com> firmware: arm_scmi: Add support for debug metrics at the interface Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add message dump traces for bad and unexpected replies Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add helper to trace bad messages Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Kees Cook <kees(a)kernel.org> binfmt_elf: Honor PT_LOAD alignment for static PIE Kees Cook <kees(a)kernel.org> binfmt_elf: Calculate total_size earlier Kees Cook <kees(a)kernel.org> selftests/exec: Build both static and non-static load_address tests Kees Cook <keescook(a)chromium.org> binfmt_elf: Leave a gap between .bss and brk Muhammad Usama Anjum <usama.anjum(a)collabora.com> selftests/exec: load_address: conform test to TAP format output Kees Cook <keescook(a)chromium.org> binfmt_elf: elf_bss no longer used by load_elf_binary() Eric W. Biederman <ebiederm(a)xmission.com> binfmt_elf: Support segments with 0 filesz and misaligned starts Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs ------------- Diffstat: Makefile | 4 +- arch/arm64/net/bpf_jit_comp.c | 12 +- arch/loongarch/Makefile | 2 +- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/x86/kernel/alternative.c | 17 +- arch/x86/kvm/smm.c | 1 + arch/x86/kvm/svm/svm.c | 19 +- block/bio.c | 2 +- drivers/acpi/pptt.c | 11 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 ++++++++---- drivers/dma/ti/k3-udma.c | 10 +- drivers/firmware/arm_scmi/Kconfig | 14 + drivers/firmware/arm_scmi/common.h | 35 +++ drivers/firmware/arm_scmi/driver.c | 89 ++++++- drivers/firmware/arm_scmi/mailbox.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 51 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 29 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 3 + drivers/gpu/drm/amd/amdgpu/mxgpu_ai.c | 2 + drivers/gpu/drm/amd/amdgpu/mxgpu_nv.c | 2 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +---- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/sps30.c | 2 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_hw.h | 2 + drivers/net/ethernet/engleder/tsnep_main.c | 131 +++++++--- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++++- drivers/net/hyperv/netvsc_drv.c | 62 +---- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb-tegra186.c | 46 ++-- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 2 +- drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 +++ drivers/usb/typec/ucsi/ucsi.h | 2 + fs/binfmt_elf.c | 281 ++++++++++++--------- fs/btrfs/extent-tree.c | 25 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/tpm.h | 2 +- include/net/sch_generic.h | 15 ++ include/sound/ump_msg.h | 4 +- kernel/cgroup/cpuset.c | 6 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/memblock.c | 9 +- mm/memory_hotplug.c | 6 +- mm/migrate.c | 16 +- mm/page_alloc.c | 27 -- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 65 +++-- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/sctp/sysctl.c | 4 + net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- sound/core/seq/seq_clientmgr.c | 52 ++-- sound/core/seq/seq_ump_convert.c | 18 ++ sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/ethtool.py | 29 ++- tools/testing/selftests/exec/Makefile | 19 +- tools/testing/selftests/exec/load_address.c | 83 ++++-- tools/testing/selftests/mm/compaction_test.c | 19 +- 118 files changed, 1294 insertions(+), 693 deletions(-)

3 weeks, 6 days

10
126
0 0

[PATCH 6.12 000/143] 6.12.30-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.30 release. There are 143 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.30-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.30-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock Fabio Estevam <festevam(a)denx.de> drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Thomas Zimmermann <tzimmermann(a)suse.de> drm/panel-mipi-dbi: Run DRM default client setup Thomas Zimmermann <tzimmermann(a)suse.de> drm/fbdev-dma: Support struct drm_driver.fbdev_probe Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Fix kernel panic during FW release Luca Ceresoli <luca.ceresoli(a)bootlin.com> iio: light: opt3001: fix deadlock due to concurrent flag access Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Fix fw log printing Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Refactor functions in ivpu_fw_log.c Tomasz Rusinowicz <tomasz.rusinowicz(a)intel.com> accel/ivpu: Reset fw log on cold boot Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Rename ivpu_log_level to fw_log_level Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/gsc: do not flush the GSC worker from the reset path Ritvik Budhiraja <rbudhiraja(a)microsoft.com> CIFS: New mount option for cifs.upcall namespace resolution Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Barry Song <baohua(a)kernel.org> mm: userfaultfd: correct dirty flags set for both present and swap pte Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Fix persistent buffer when commit page is the reader page Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Mask TPM RC in tpm2_start_auth_session() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Christian Hewitt <christianshewitt(a)gmail.com> arm64: dts: amlogic: dreambox: fix missing clkc_audio node Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Alexey Makhalov <alexey.makhalov(a)broadcom.com> MAINTAINERS: Update Alexey Makhalov's email address Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: csa unmap use uninterruptible lock Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix incorrect MALL size for GFX1151 David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Melissa Wen <mwen(a)igalia.com> Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: add back warning for mount option commit values exceeding 300 Boris Burkov <boris(a)bur.io> btrfs: fix folio leak in submit_one_async_extent() Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Move __arch_cpu_idle() to .cpuidle.text section Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Rong Zhang <i(a)rong.moe> HID: bpf: abort dispatch if device destroyed Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Tejun Heo <tj(a)kernel.org> sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: Do not reallocate all ntuple filters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: all actions are indexed arrays Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: fix a couple of attribute names Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: Fix occasional failure in SIOCOUTQ tests Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: prevent standalone from trying to forward to other ports Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <m.othacehe(a)gmail.com> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cosmin Ratiu <cratiu(a)nvidia.com> tests/ncdevmem: Fix double-free of queue array Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Switch to AF_INET6 Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Make client_ip optional Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Unify error handling Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Separate out dmabuf provider Stanislav Fomichev <sdf(a)fomichev.me> selftests: ncdevmem: Redirect all non-payload output to stderr Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Eric Dumazet <edumazet(a)google.com> mctp: no longer rely on net->dev_index_head[] Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug Koichiro Den <koichiro.den(a)canonical.com> virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx Koichiro Den <koichiro.den(a)canonical.com> virtio_ring: add a func argument 'recycle_done' to virtqueue_reset() David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Improve performance by removing delay in transfer event polling. Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Add Suspend/Hibernate notification callback support David Lechner <dlechner(a)baylibre.com> iio: pressure: mprls0025pa: use aligned_s64 for timestamp David Lechner <dlechner(a)baylibre.com> iio: chemical: pms7003: use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Isaku Yamahata <isaku.yamahata(a)intel.com> KVM: Add member to struct kvm_gfn_range to indicate private/shared Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Fix sysfs creation path for ring buffer Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Himanshu Bhavani <himanshu.bhavani(a)siliconsignals.io> arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Ze Huang <huangze(a)whut.edu.cn> riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Tom Vincent <linux(a)tlvince.com> arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 ------------- Diffstat: Documentation/netlink/specs/tc.yaml | 10 +- MAINTAINERS | 6 +- Makefile | 4 +- .../boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 +- .../dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 + arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 +-- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/genex.S | 7 +- arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 +- arch/x86/kvm/mmu/mmu.c | 83 ++++- block/bio.c | 2 +- drivers/accel/ivpu/ivpu_debugfs.c | 2 +- drivers/accel/ivpu/ivpu_fw.c | 4 +- drivers/accel/ivpu/ivpu_fw_log.c | 119 +++--- drivers/accel/ivpu/ivpu_fw_log.h | 9 +- drivers/accel/ivpu/ivpu_pm.c | 1 + drivers/acpi/pptt.c | 11 +- drivers/bluetooth/btnxpuart.c | 6 +- drivers/char/tpm/tpm2-sessions.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 +++++--- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpio/gpio-pca953x.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu.h | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 - drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 47 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 11 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 +- drivers/gpu/drm/drm_fbdev_dma.c | 60 +-- drivers/gpu/drm/tiny/Kconfig | 1 + drivers/gpu/drm/tiny/panel-mipi-dbi.c | 7 +- drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 + drivers/gpu/drm/xe/xe_gsc.c | 22 ++ drivers/gpu/drm/xe/xe_gsc.h | 1 + drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 + drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 + drivers/gpu/drm/xe/xe_gt.c | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 7 +- drivers/gpu/drm/xe/xe_uc.c | 8 +- drivers/gpu/drm/xe/xe_uc.h | 1 + drivers/hid/bpf/hid_bpf_dispatch.c | 9 + drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +--- drivers/hv/hyperv_vmbus.h | 6 + drivers/hv/vmbus_drv.c | 100 ++++- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/chemical/pms7003.c | 5 +- drivers/iio/chemical/sps30.c | 2 +- drivers/iio/light/opt3001.c | 5 +- drivers/iio/pressure/mprls0025pa.h | 17 +- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/b53/b53_common.c | 33 ++ drivers/net/dsa/b53/b53_regs.h | 14 + drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_main.c | 30 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 + .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++- drivers/net/hyperv/netvsc_drv.c | 62 +--- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/virtio_net.c | 5 +- drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 +- drivers/phy/tegra/xusb-tegra186.c | 46 ++- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/amd/pmf/tee-if.c | 23 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/uio/uio_hv_generic.c | 39 +- drivers/usb/gadget/function/f_midi2.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 21 +- drivers/usb/host/xhci-dbgcap.h | 3 + drivers/usb/typec/ucsi/displayport.c | 19 +- drivers/usb/typec/ucsi/ucsi.c | 34 ++ drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/virtio/virtio_ring.c | 6 +- fs/binfmt_elf.c | 71 ++-- fs/btrfs/discard.c | 17 +- fs/btrfs/fs.h | 1 + fs/btrfs/inode.c | 7 + fs/btrfs/super.c | 4 + fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/cifs_spnego.c | 16 + fs/smb/client/cifsfs.c | 25 ++ fs/smb/client/cifsglob.h | 7 + fs/smb/client/connect.c | 20 + fs/smb/client/fs_context.c | 39 ++ fs/smb/client/fs_context.h | 10 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/drm/drm_fbdev_dma.h | 12 + include/linux/bio.h | 1 + include/linux/hyperv.h | 13 +- include/linux/kvm_host.h | 6 + include/linux/tpm.h | 21 +- include/linux/virtio.h | 3 +- include/net/sch_generic.h | 15 + include/sound/ump_msg.h | 4 +- kernel/cgroup/cpuset.c | 6 +- kernel/sched/ext.c | 6 + kernel/trace/ring_buffer.c | 8 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/page_alloc.c | 23 -- mm/userfaultfd.c | 12 +- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 65 ++-- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/Makefile.extrawarn | 12 + sound/core/seq/seq_clientmgr.c | 52 ++- sound/core/seq/seq_ump_convert.c | 18 + sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/ethtool.py | 22 +- tools/testing/selftests/net/ncdevmem.c | 404 ++++++++++++--------- tools/testing/vsock/vsock_test.c | 28 +- virt/kvm/guest_memfd.c | 2 + virt/kvm/kvm_main.c | 14 + 169 files changed, 1823 insertions(+), 918 deletions(-)

3 weeks, 6 days

13
155
0 0

[PATCH 6.14 000/145] 6.14.8-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.8 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 22 May 2025 12:57:37 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.8-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.8-rc1 Dan Carpenter <dan.carpenter(a)linaro.org> phy: tegra: xusb: remove a stray unlock Tiezhu Yang <yangtiezhu(a)loongson.cn> perf tools: Fix build error for LoongArch Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm/page_alloc: fix race condition in unaccepted memory handling Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> drm/xe/gsc: do not flush the GSC worker from the reset path Maciej Falkowski <maciej.falkowski(a)linux.intel.com> accel/ivpu: Flush pending jobs of device's workqueues Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix missing MMU events if file_priv is unbound Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Fix missing MMU events from reserved SSID Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Move parts of MMU event IRQ handling to thread handler Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Dump only first MMU fault from single context Maciej Falkowski <maciej.falkowski(a)linux.intel.com> accel/ivpu: Use workqueue for IRQ handling Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Refactor remove call with idxd_cleanup() helper Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_pci_probe Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing idxd cleanup to fix memory leak in remove call Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanups in cleanup internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: Add missing cleanup for early error out in idxd_setup_internals Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_groups Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_engines Shuai Xue <xueshuai(a)linux.alibaba.com> dmaengine: idxd: fix memory leak in error handling path of idxd_setup_wqs Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> dmaengine: ti: k3-udma: Use cap_mask directly from dma_device structure instead of a local copy Ronald Wahl <ronald.wahl(a)legrand.com> dmaengine: ti: k3-udma: Add missing locking Barry Song <baohua(a)kernel.org> mm: userfaultfd: correct dirty flags set for both present and swap pte Wupeng Ma <mawupeng1(a)huawei.com> mm: hugetlb: fix incorrect fallback for subpool hexue <xue01.he(a)samsung.com> io_uring/uring_cmd: fix hybrid polling initialization issue Jens Axboe <axboe(a)kernel.dk> io_uring/memmap: don't use page_address() on a highmem page Nathan Chancellor <nathan(a)kernel.org> net: qede: Initialize qede_ll_ops with designated initializer Steven Rostedt <rostedt(a)goodmis.org> ring-buffer: Fix persistent buffer when commit page is the reader page Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix missing hdr_trans_tlv command for broadcast wtbl Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: mt76: disable napi on driver removal Jarkko Sakkinen <jarkko(a)kernel.org> tpm: Mask TPM RC in tpm2_start_auth_session() Aaron Kling <webgeek1234(a)gmail.com> spi: tegra114: Use value to check for invalid delays Jethro Donaldson <devel(a)jro.nz> smb: client: fix memory leak during error handling for POSIX mkdir Steve Siwinski <ssiwinski(a)atto.com> scsi: sd_zbc: block: Respect bio vector limits for REPORT ZONES buffer Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Set timing registers only once Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: micrel: remove KSZ9477 EEE quirks now handled by phylink Oleksij Rempel <o.rempel(a)pengutronix.de> net: dsa: microchip: let phylink manage PHY EEE configuration on KSZ switches Ma Ke <make24(a)iscas.ac.cn> phy: Fix error handling in tegra_xusb_port_init Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking Steven Rostedt <rostedt(a)goodmis.org> tracing: samples: Initialize trace_array_printk() with the correct function Ashish Kalra <ashish.kalra(a)amd.com> x86/sev: Make sure pages are not skipped during kdump Ashish Kalra <ashish.kalra(a)amd.com> x86/sev: Do not touch VMSA pages during SNP guest memory kdump pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace filter command pengdonglin <pengdonglin(a)xiaomi.com> ftrace: Fix preemption accounting for stacktrace trigger command Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> i2c: designware: Fix an error handling path in i2c_dw_pci_probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Remove vmbus_sendpacket_pagebuffer() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Remove rmsg_pgcnt Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Preserve contiguous PFN grouping in the page buffer array Michael Kelley <mhklinux(a)outlook.com> hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Remove overdrive-mode OPPs from RK3588J SoC dtsi Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Allow Turing RK1 cooling fan to spin down Christian Hewitt <christianshewitt(a)gmail.com> arm64: dts: amlogic: dreambox: fix missing clkc_audio node Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Nicolas Chauvet <kwizart(a)gmail.com> ALSA: usb-audio: Add sample rate quirk for Microdia JP001 USB Camera Christian Heusel <christian(a)heusel.eu> ALSA: usb-audio: Add sample rate quirk for Audioengine D1 Wentao Liang <vulab(a)iscas.ac.cn> ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() Jeremy Linton <jeremy.linton(a)arm.com> ACPI: PPTT: Fix processor subtable walk Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> gpio: pca953x: fix IRQ storm on system wake up Alexey Makhalov <alexey.makhalov(a)broadcom.com> MAINTAINERS: Update Alexey Makhalov's email address Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid flooding unnecessary info messages Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Correct the reply value when AUX write incomplete Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: csa unmap use uninterruptible lock Tim Huang <tim.huang(a)amd.com> drm/amdgpu: fix incorrect MALL size for GFX1151 David (Ming Qiang) Wu <David.Wu3(a)amd.com> drm/amdgpu: read back register after written for VCN v4.0.5 Fabio Estevam <festevam(a)denx.de> drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Melissa Wen <mwen(a)igalia.com> Revert "drm/amd/display: Hardware cursor changes color when switched to software cursor" Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: add back warning for mount option commit values exceeding 300 Boris Burkov <boris(a)bur.io> btrfs: fix folio leak in submit_one_async_extent() Filipe Manana <fdmanana(a)suse.com> btrfs: fix discard worker infinite loop after disabling discard Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove redundant code about resume_era Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: uprobes: Remove user_{en,dis}able_single_step() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix MAX_REG_OFFSET calculation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Save and restore CSR.CNTC for hibernation Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Move __arch_cpu_idle() to .cpuidle.text section Tianyang Zhang <zhangtianyang(a)loongson.cn> LoongArch: Prevent cond_resched() occurring within kernel-fpu Mario Limonciello <mario.limonciello(a)amd.com> HID: amd_sfh: Fix SRA sensor when it's the only sensor Rong Zhang <i(a)rong.moe> HID: bpf: abort dispatch if device destroyed Max Kellermann <max.kellermann(a)ionos.com> fs/eventpoll: fix endless busy loop after timeout has expired Jan Kara <jack(a)suse.cz> udf: Make sure i_lenExtents is uptodate on inode eviction Tejun Heo <tj(a)kernel.org> sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator Thomas Weißschuh <linux(a)weissschuh.net> Revert "kbuild, rust: use -fremap-path-prefix to make paths relative" Nathan Lynch <nathan.lynch(a)amd.com> dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4/pnfs: Reset the layout state after a layoutreturn Ming Lei <ming.lei(a)redhat.com> ublk: fix dead loop when canceling io command Gerhard Engleder <gerhard(a)engleder-embedded.com> tsnep: fix timestamping with a stacked DSA driver Pengtao He <hept.hept.hept(a)gmail.com> net/tls: fix kernel panic when alloc_page failed Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices Kees Cook <kees(a)kernel.org> wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: Do not reallocate all ntuple filters Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-af: Fix CGX Receive counters Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: fix typo for declaration MT7988 ESW capability Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2-pf: macsec: Fix incorrect max transmit size in TX secy Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: all actions are indexed arrays Jakub Kicinski <kuba(a)kernel.org> netlink: specs: tc: fix a couple of attribute names Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/xe: Save CTX_TIMESTAMP mmio value instead of LRC value Jens Axboe <axboe(a)kernel.dk> io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: Fix ethtool support for SDP representors Cosmin Tanislav <demonsingur(a)gmail.com> regulator: max20086: fix invalid memory access Abdun Nihaal <abdun.nihaal(a)gmail.com> qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Disable MACsec offload for uplink representor profile Konstantin Shkolnyy <kshk(a)linux.ibm.com> vsock/test: Fix occasional failure in SIOCOUTQ tests Melissa Wen <mwen(a)igalia.com> drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: prevent standalone from trying to forward to other ports Geert Uytterhoeven <geert+renesas(a)glider.be> ALSA: sh: SND_AICA should depend on SH_DMA_API Keith Busch <kbusch(a)kernel.org> nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable Kees Cook <kees(a)kernel.org> nvme-pci: make nvme_pci_npages_prp() __always_inline Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING Mathieu Othacehe <othacehe(a)gnu.org> net: cadence: macb: Fix a possible deadlock in macb_halt_tx. Takashi Iwai <tiwai(a)suse.de> ALSA: ump: Fix a typo of snd_ump_stream_msg_device_info Takashi Iwai <tiwai(a)suse.de> ALSA: seq: Fix delivery of UMP events to group ports Andrew Jeffery <andrew(a)codeconstruct.com.au> net: mctp: Ensure keys maintain only one ref to corresponding dev Cosmin Ratiu <cratiu(a)nvidia.com> tests/ncdevmem: Fix double-free of queue array Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Don't access ifa_index when missing Hangbin Liu <liuhangbin(a)gmail.com> tools/net/ynl: ethtool: fix crash when Hardware Clock info is missing I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: Flush gso_skb list too during ->change() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem Geert Uytterhoeven <geert+renesas(a)glider.be> spi: loopback-test: Do not split 1024-byte hexdumps Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS/localio: Fix a race in nfs_local_open_fh() Li Lingfeng <lilingfeng3(a)huawei.com> nfs: handle failure of nfs_get_lock_context in unlock path Henry Martin <bsdhenrymartin(a)gmail.com> HID: uclogic: Add NULL check in uclogic_input_configured() Qasim Ijaz <qasdev00(a)gmail.com> HID: thrustmaster: fix memory leak in thrustmaster_interrupts() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug David Lechner <dlechner(a)baylibre.com> iio: adc: ad7606: check for NULL before calling sw_mode_config() Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: move software functions into common file Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: move the software mode configuration Michal Suchanek <msuchanek(a)suse.de> tpm: tis: Double the timeout B to 4s Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: probes: Fix a possible race in trace_probe_log APIs Breno Leitao <leitao(a)debian.org> tracing: fprobe: Fix RCU warning message in list traversal Waiman Long <longman(a)redhat.com> cgroup/cpuset: Extend kthread_is_per_cpu() check to all PF_NO_SETAFFINITY tasks Himanshu Bhavani <himanshu.bhavani(a)siliconsignals.io> arm64: dts: imx8mp-var-som: Fix LDO5 shutdown causing SD card timeout Hans de Goede <hdegoede(a)redhat.com> platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection Runhua He <hua(a)aosc.io> platform/x86/amd/pmc: Declare quirk_spurious_8042 for MECHREVO Wujie 14XA (GX4HRXL) Kees Cook <kees(a)kernel.org> binfmt_elf: Move brk for static PIE even if ASLR disabled Ze Huang <huangze(a)whut.edu.cn> riscv: dts: sophgo: fix DMA data-width configuration for CV18xx Nicolas Frattaroli <nicolas.frattaroli(a)collabora.com> arm64: dts: rockchip: fix Sige5 RTC interrupt pin Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Make amd_hsmp and hsmp_acpi as mutually exclusive drivers Yazen Ghannam <yazen.ghannam(a)amd.com> x86/amd_node, platform/x86/amd/hsmp: Have HSMP use SMN through AMD_NODE Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid Smart PC Policies Mario Limonciello <mario.limonciello(a)amd.com> drivers/platform/x86/amd: pmf: Check for invalid sideloaded Smart PC Policies Stephen Smalley <stephen.smalley.work(a)gmail.com> fs/xattr.c: fix simple_xattr_list to always include security.* xattrs Tom Vincent <linux(a)tlvince.com> arm64: dts: rockchip: Assign RT5616 MCLK rate on rk3588-friendlyelec-cm3588 ------------- Diffstat: Documentation/netlink/specs/tc.yaml | 10 +- MAINTAINERS | 6 +- Makefile | 5 +- .../boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 + arch/arm64/boot/dts/freescale/imx8mp-var-som.dtsi | 12 +- .../boot/dts/rockchip/rk3576-armsom-sige5.dts | 2 +- .../dts/rockchip/rk3588-friendlyelec-cm3588.dtsi | 4 + .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 2 + arch/arm64/boot/dts/rockchip/rk3588j.dtsi | 53 ++--- arch/loongarch/include/asm/ptrace.h | 2 +- arch/loongarch/include/asm/uprobes.h | 1 - arch/loongarch/kernel/genex.S | 7 +- arch/loongarch/kernel/kfpu.c | 22 +- arch/loongarch/kernel/time.c | 2 +- arch/loongarch/kernel/uprobes.c | 11 +- arch/loongarch/power/hibernate.c | 3 + arch/riscv/boot/dts/sophgo/cv18xx.dtsi | 2 +- arch/x86/coco/sev/core.c | 255 +++++++++++++-------- arch/x86/include/asm/amd_nb.h | 1 - arch/x86/include/asm/amd_node.h | 13 ++ arch/x86/kernel/amd_nb.c | 1 - arch/x86/kernel/amd_node.c | 9 + block/bio.c | 2 +- drivers/accel/ivpu/ivpu_drv.c | 39 +--- drivers/accel/ivpu/ivpu_drv.h | 5 +- drivers/accel/ivpu/ivpu_hw.c | 5 - drivers/accel/ivpu/ivpu_hw.h | 9 - drivers/accel/ivpu/ivpu_hw_btrs.c | 3 +- drivers/accel/ivpu/ivpu_ipc.c | 7 +- drivers/accel/ivpu/ivpu_ipc.h | 2 +- drivers/accel/ivpu/ivpu_job.c | 15 +- drivers/accel/ivpu/ivpu_job.h | 2 +- drivers/accel/ivpu/ivpu_mmu.c | 109 +++++++-- drivers/accel/ivpu/ivpu_mmu.h | 2 + drivers/accel/ivpu/ivpu_mmu_context.c | 13 -- drivers/accel/ivpu/ivpu_mmu_context.h | 2 - drivers/accel/ivpu/ivpu_pm.c | 3 +- drivers/accel/ivpu/ivpu_pm.h | 2 +- drivers/acpi/pptt.c | 11 +- drivers/block/ublk_drv.c | 2 +- drivers/char/tpm/tpm2-sessions.c | 20 +- drivers/char/tpm/tpm_tis_core.h | 2 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/dmatest.c | 6 +- drivers/dma/idxd/init.c | 159 +++++++++---- drivers/dma/ti/k3-udma.c | 10 +- drivers/gpio/gpio-pca953x.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 2 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 12 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 8 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 16 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 5 +- .../drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c | 6 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 4 +- drivers/gpu/drm/tiny/panel-mipi-dbi.c | 5 +- drivers/gpu/drm/xe/instructions/xe_mi_commands.h | 4 + drivers/gpu/drm/xe/xe_gsc.c | 22 ++ drivers/gpu/drm/xe/xe_gsc.h | 1 + drivers/gpu/drm/xe/xe_gsc_proxy.c | 11 + drivers/gpu/drm/xe/xe_gsc_proxy.h | 1 + drivers/gpu/drm/xe/xe_gt.c | 2 +- drivers/gpu/drm/xe/xe_lrc.c | 2 +- drivers/gpu/drm/xe/xe_ring_ops.c | 7 +- drivers/gpu/drm/xe/xe_uc.c | 8 +- drivers/gpu/drm/xe/xe_uc.h | 1 + drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 7 +- drivers/hid/bpf/hid_bpf_dispatch.c | 9 + drivers/hid/hid-thrustmaster.c | 1 + drivers/hid/hid-uclogic-core.c | 7 +- drivers/hv/channel.c | 65 +----- drivers/i2c/busses/i2c-designware-pcidrv.c | 4 +- drivers/iio/adc/ad7606.c | 154 +++++++++++-- drivers/iio/adc/ad7606.h | 37 ++- drivers/iio/adc/ad7606_spi.c | 137 +---------- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/sw/rxe/rxe_cq.c | 5 +- drivers/net/dsa/b53/b53_common.c | 33 +++ drivers/net/dsa/b53/b53_regs.h | 14 ++ drivers/net/dsa/microchip/ksz_common.c | 137 ++++++++--- drivers/net/dsa/sja1105/sja1105_main.c | 6 +- drivers/net/ethernet/cadence/macb_main.c | 19 +- drivers/net/ethernet/engleder/tsnep_main.c | 30 ++- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 5 + .../ethernet/marvell/octeontx2/nic/cn10k_macsec.c | 3 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 1 + .../ethernet/marvell/octeontx2/nic/otx2_devlink.c | 1 + .../ethernet/marvell/octeontx2/nic/otx2_ethtool.c | 10 +- .../ethernet/marvell/octeontx2/nic/otx2_flows.c | 3 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 + .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 + drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- .../ethernet/qlogic/qlcnic/qlcnic_sriov_common.c | 7 +- drivers/net/hyperv/hyperv_net.h | 13 +- drivers/net/hyperv/netvsc.c | 57 ++++- drivers/net/hyperv/netvsc_drv.c | 62 ++--- drivers/net/hyperv/rndis_filter.c | 24 +- drivers/net/phy/micrel.c | 7 - drivers/net/wireless/mediatek/mt76/dma.c | 1 + drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 4 +- drivers/nvme/host/pci.c | 4 +- drivers/phy/renesas/phy-rcar-gen3-usb2.c | 38 ++- drivers/phy/tegra/xusb-tegra186.c | 46 ++-- drivers/phy/tegra/xusb.c | 8 +- drivers/platform/x86/amd/hsmp/Kconfig | 2 +- drivers/platform/x86/amd/hsmp/acpi.c | 10 +- drivers/platform/x86/amd/hsmp/hsmp.c | 1 - drivers/platform/x86/amd/hsmp/hsmp.h | 4 +- drivers/platform/x86/amd/hsmp/plat.c | 42 ++-- drivers/platform/x86/amd/pmc/pmc-quirks.c | 7 + drivers/platform/x86/amd/pmf/tee-if.c | 23 +- drivers/platform/x86/asus-wmi.c | 3 +- drivers/regulator/max20086-regulator.c | 7 +- drivers/scsi/sd_zbc.c | 6 +- drivers/scsi/storvsc_drv.c | 1 + drivers/spi/spi-loopback-test.c | 2 +- drivers/spi/spi-tegra114.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 2 +- fs/binfmt_elf.c | 71 ++++-- fs/btrfs/discard.c | 17 +- fs/btrfs/fs.h | 1 + fs/btrfs/inode.c | 7 + fs/btrfs/super.c | 4 + fs/eventpoll.c | 7 +- fs/nfs/localio.c | 2 +- fs/nfs/nfs4proc.c | 9 +- fs/nfs/pnfs.c | 9 + fs/smb/client/smb2pdu.c | 2 +- fs/udf/truncate.c | 2 +- fs/xattr.c | 24 ++ include/linux/bio.h | 1 + include/linux/hyperv.h | 7 - include/linux/micrel_phy.h | 1 - include/linux/tpm.h | 21 +- include/net/sch_generic.h | 15 ++ include/sound/ump_msg.h | 4 +- io_uring/fdinfo.c | 48 ++-- io_uring/memmap.c | 2 +- io_uring/uring_cmd.c | 5 + kernel/cgroup/cpuset.c | 6 +- kernel/sched/ext.c | 6 + kernel/trace/fprobe.c | 3 +- kernel/trace/ring_buffer.c | 8 +- kernel/trace/trace_dynevent.c | 16 +- kernel/trace/trace_dynevent.h | 1 + kernel/trace/trace_events_trigger.c | 2 +- kernel/trace/trace_functions.c | 6 +- kernel/trace/trace_kprobe.c | 2 +- kernel/trace/trace_probe.c | 9 + kernel/trace/trace_uprobe.c | 2 +- mm/hugetlb.c | 28 ++- mm/page_alloc.c | 23 -- mm/userfaultfd.c | 12 +- net/bluetooth/mgmt.c | 9 +- net/mac80211/main.c | 6 +- net/mctp/device.c | 15 +- net/mctp/route.c | 4 +- net/sched/sch_codel.c | 2 +- net/sched/sch_fq.c | 2 +- net/sched/sch_fq_codel.c | 2 +- net/sched/sch_fq_pie.c | 2 +- net/sched/sch_hhf.c | 2 +- net/sched/sch_pie.c | 2 +- net/tls/tls_strp.c | 3 +- samples/ftrace/sample-trace-array.c | 2 +- scripts/Makefile.extrawarn | 12 + sound/core/seq/seq_clientmgr.c | 52 +++-- sound/core/seq/seq_ump_convert.c | 18 ++ sound/core/seq/seq_ump_convert.h | 1 + sound/pci/es1968.c | 6 +- sound/sh/Kconfig | 2 +- sound/usb/quirks.c | 4 + tools/net/ynl/pyynl/ethtool.py | 22 +- tools/perf/arch/loongarch/include/syscall_table.h | 2 +- tools/testing/selftests/drivers/net/hw/ncdevmem.c | 55 ++--- tools/testing/vsock/vsock_test.c | 28 ++- 177 files changed, 1689 insertions(+), 1027 deletions(-)

3 weeks, 6 days

16
165
0 0

[PATCH 5.10 0/5] kernfs: backport locking and concurrency improvement

by Qingfang Deng

KCSAN reports concurrent accesses to inode->i_mode: ================================================================== BUG: KCSAN: data-race in generic_permission / kernfs_iop_permission write to 0xffffffe001129590 of 2 bytes by task 2477 on cpu 1: kernfs_iop_permission+0x72/0x1a0 link_path_walk.part.0.constprop.0+0x348/0x420 path_openat+0xee/0x10f0 do_filp_open+0xaa/0x160 do_sys_openat2+0x252/0x380 sys_openat+0x4c/0xa0 ret_from_syscall+0x0/0x2 read to 0xffffffe001129590 of 2 bytes by task 3902 on cpu 3: generic_permission+0x26/0x120 kernfs_iop_permission+0x150/0x1a0 link_path_walk.part.0.constprop.0+0x348/0x420 path_lookupat+0x58/0x280 filename_lookup+0xae/0x1f0 user_path_at_empty+0x3a/0x70 vfs_statx+0x82/0x170 __do_sys_newfstatat+0x36/0x70 sys_newfstatat+0x2e/0x50 ret_from_syscall+0x0/0x2 Reported by Kernel Concurrency Sanitizer on: CPU: 3 PID: 3902 Comm: ls Not tainted 5.10.104+ #0 ================================================================== kernfs_iop_permission+0x72/0x1a0: kernfs_refresh_inode at fs/kernfs/inode.c:174 169 170 static void kernfs_refresh_inode(struct kernfs_node *kn, struct inode *inode) 171 { 172 struct kernfs_iattrs *attrs = kn->iattr; 173 >174< inode->i_mode = kn->mode; 175 if (attrs) 176 /* 177 * kernfs_node has non-default attributes get them from 178 * persistent copy in kernfs_node. 179 */ (inlined by) kernfs_iop_permission at fs/kernfs/inode.c:285 280 return -ECHILD; 281 282 kn = inode->i_private; 283 284 mutex_lock(&kernfs_mutex); >285< kernfs_refresh_inode(kn, inode); 286 mutex_unlock(&kernfs_mutex); 287 288 return generic_permission(inode, mask); 289 } 290 generic_permission+0x26/0x120: acl_permission_check at fs/namei.c:298 293 * Note that the POSIX ACL check cares about the MAY_NOT_BLOCK bit, 294 * for RCU walking. 295 */ 296 static int acl_permission_check(struct inode *inode, int mask) 297 { >298< unsigned int mode = inode->i_mode; 299 300 /* Are we the owner? If so, ACL's don't matter */ 301 if (likely(uid_eq(current_fsuid(), inode->i_uid))) { 302 mask &= 7; 303 mode >>= 6; (inlined by) generic_permission at fs/namei.c:353 348 int ret; 349 350 /* 351 * Do the basic permission checks. 352 */ >353< ret = acl_permission_check(inode, mask); 354 if (ret != -EACCES) 355 return ret; 356 357 if (S_ISDIR(inode->i_mode)) { 358 /* DACs are overridable for directories */ Backport the series from 5.15 to fix the concurrency bug. https://lore.kernel.org/all/162642752894.63632.5596341704463755308.stgit@we… Ian Kent (5): kernfs: add a revision to identify directory node changes kernfs: use VFS negative dentry caching kernfs: switch kernfs to use an rwsem kernfs: use i_lock to protect concurrent inode updates kernfs: dont call d_splice_alias() under kernfs node lock fs/kernfs/dir.c | 153 ++++++++++++++++++++---------------- fs/kernfs/file.c | 4 +- fs/kernfs/inode.c | 26 +++--- fs/kernfs/kernfs-internal.h | 24 +++++- fs/kernfs/mount.c | 12 +-- fs/kernfs/symlink.c | 4 +- include/linux/kernfs.h | 7 +- 7 files changed, 138 insertions(+), 92 deletions(-) -- 2.43.0

3 weeks, 6 days

4
14
0 0

[PATCH 5.10.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 6548bd90c5c3..e2ff343d1c42 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1516,6 +1516,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

3 weeks, 6 days

3
2
0 0

[PATCH 5.15.y v3 0/1] Manual Backport of 099606a7b2d5 to 5.15

by Harshvardhan Jha

The patch 099606a7b2d5 didn't cleanly apply to 5.15 due to the significant difference in codebases. I've tried to manually bring it back to 5.15 via some minor conflict resolution but also invoking the newly introduced API using inverted logic as the conditional statements present in 5.15 are the opposite of those in 6.1 xen/swiotlib. v2 of this patch was added and dropped due to some issues in testing. However, after further verification this version seems to be right as is. I kindly request Juergen's ack specifically before this is added to stable queue as this patch differs quite significantly compared to the original. Changes in v2: Include correct upstream SHA in the commit message Changes in v3: Patch remains the same, however further verification and testing was done. Harshvardhan Jha (1): xen/swiotlb: relax alignment requirements drivers/xen/swiotlb-xen.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) -- 2.47.1

3 weeks, 6 days

2
2
0 0

[PATCH 6.1.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 7f378fa0b6ed..e1371227a3bf 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1656,6 +1656,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

3 weeks, 6 days

2
1
0 0

[PATCH 5.15.y] sched/deadline: Fix warning in migrate_enable for boosted tasks

by bin.lan.cn＠windriver.com

From: Wander Lairson Costa <wander(a)redhat.com> [ Upstream commit 0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 ] When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. Fixes: 295d6d5e3736 ("sched/deadline: Fix switching to -deadline") Signed-off-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Juri Lelli <juri.lelli(a)redhat.com> Link: https://lore.kernel.org/r/20240724142253.27145-2-wander@redhat.com [Minor context change fixed.] Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- kernel/sched/deadline.c | 1 + 1 file changed, 1 insertion(+) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 66eb68c59f0b..5bb8915b1ca4 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -1514,6 +1514,7 @@ enqueue_dl_entity(struct sched_dl_entity *dl_se, int flags) } else if (flags & ENQUEUE_REPLENISH) { replenish_dl_entity(dl_se); } else if ((flags & ENQUEUE_RESTORE) && + !is_dl_boosted(dl_se) && dl_time_before(dl_se->deadline, rq_clock(rq_of_dl_rq(dl_rq_of_se(dl_se))))) { setup_new_dl_entity(dl_se); -- 2.34.1

3 weeks, 6 days

2
1
0 0

FAILED: patch "[PATCH] gpio: pca953x: fix IRQ storm on system wake up" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3e38f946062b4845961ab86b726651b4457b2af8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051941-gloomily-occupy-87f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e38f946062b4845961ab86b726651b4457b2af8 Mon Sep 17 00:00:00 2001 From: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Date: Mon, 12 May 2025 11:54:41 +0200 Subject: [PATCH] gpio: pca953x: fix IRQ storm on system wake up If an input changes state during wake-up and is used as an interrupt source, the IRQ handler reads the volatile input register to clear the interrupt mask and deassert the IRQ line. However, the IRQ handler is triggered before access to the register is granted, causing the read operation to fail. As a result, the IRQ handler enters a loop, repeatedly printing the "failed reading register" message, until `pca953x_resume()` is eventually called, which restores the driver context and enables access to registers. Fix by disabling the IRQ line before entering suspend mode, and re-enabling it after the driver context is restored in `pca953x_resume()`. An IRQ can be disabled with disable_irq() and still wake the system as long as the IRQ has wake enabled, so the wake-up functionality is preserved. Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle") Cc: stable(a)vger.kernel.org Signed-off-by: Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Signed-off-by: Francesco Dolcini <francesco.dolcini(a)toradex.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Tested-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://lore.kernel.org/r/20250512095441.31645-1-francesco@dolcini.it Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c index 442435ded020..13cc120cf11f 100644 --- a/drivers/gpio/gpio-pca953x.c +++ b/drivers/gpio/gpio-pca953x.c @@ -1204,6 +1204,8 @@ static int pca953x_restore_context(struct pca953x_chip *chip) guard(mutex)(&chip->i2c_lock); + if (chip->client->irq > 0) + enable_irq(chip->client->irq); regcache_cache_only(chip->regmap, false); regcache_mark_dirty(chip->regmap); ret = pca953x_regcache_sync(chip); @@ -1216,6 +1218,10 @@ static int pca953x_restore_context(struct pca953x_chip *chip) static void pca953x_save_context(struct pca953x_chip *chip) { guard(mutex)(&chip->i2c_lock); + + /* Disable IRQ to prevent early triggering while regmap "cache only" is on */ + if (chip->client->irq > 0) + disable_irq(chip->client->irq); regcache_cache_only(chip->regmap, true); }

3 weeks, 6 days

3
2
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021052-avenging-aflutter-192c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

3 weeks, 6 days

3
2
0 0

FAILED: patch "[PATCH] hrtimers: Force migrate away hrtimers queued after" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021053-unranked-silt-0282@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 53dac345395c0d2493cbc2f4c85fe38aef5b63f5 Mon Sep 17 00:00:00 2001 From: Frederic Weisbecker <frederic(a)kernel.org> Date: Sat, 18 Jan 2025 00:24:33 +0100 Subject: [PATCH] hrtimers: Force migrate away hrtimers queued after CPUHP_AP_HRTIMERS_DYING hrtimers are migrated away from the dying CPU to any online target at the CPUHP_AP_HRTIMERS_DYING stage in order not to delay bandwidth timers handling tasks involved in the CPU hotplug forward progress. However wakeups can still be performed by the outgoing CPU after CPUHP_AP_HRTIMERS_DYING. Those can result again in bandwidth timers being armed. Depending on several considerations (crystal ball power management based election, earliest timer already enqueued, timer migration enabled or not), the target may eventually be the current CPU even if offline. If that happens, the timer is eventually ignored. The most notable example is RCU which had to deal with each and every of those wake-ups by deferring them to an online CPU, along with related workarounds: _ e787644caf76 (rcu: Defer RCU kthreads wakeup when CPU is dying) _ 9139f93209d1 (rcu/nocb: Fix RT throttling hrtimer armed from offline CPU) _ f7345ccc62a4 (rcu/nocb: Fix rcuog wake-up from offline softirq) The problem isn't confined to RCU though as the stop machine kthread (which runs CPUHP_AP_HRTIMERS_DYING) reports its completion at the end of its work through cpu_stop_signal_done() and performs a wake up that eventually arms the deadline server timer: WARNING: CPU: 94 PID: 588 at kernel/time/hrtimer.c:1086 hrtimer_start_range_ns+0x289/0x2d0 CPU: 94 UID: 0 PID: 588 Comm: migration/94 Not tainted Stopper: multi_cpu_stop+0x0/0x120 <- stop_machine_cpuslocked+0x66/0xc0 RIP: 0010:hrtimer_start_range_ns+0x289/0x2d0 Call Trace: <TASK> start_dl_timer enqueue_dl_entity dl_server_start enqueue_task_fair enqueue_task ttwu_do_activate try_to_wake_up complete cpu_stopper_thread Instead of providing yet another bandaid to work around the situation, fix it in the hrtimers infrastructure instead: always migrate away a timer to an online target whenever it is enqueued from an offline CPU. This will also allow to revert all the above RCU disgraceful hacks. Fixes: 5c0930ccaad5 ("hrtimers: Push pending hrtimers away from outgoing CPU earlier") Reported-by: Vlad Poenaru <vlad.wing(a)gmail.com> Reported-by: Usama Arif <usamaarif642(a)gmail.com> Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Signed-off-by: Paul E. McKenney <paulmck(a)kernel.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Tested-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/all/20250117232433.24027-1-frederic@kernel.org Closes: 20241213203739.1519801-1-usamaarif642(a)gmail.com diff --git a/include/linux/hrtimer_defs.h b/include/linux/hrtimer_defs.h index c3b4b7ed7c16..84a5045f80f3 100644 --- a/include/linux/hrtimer_defs.h +++ b/include/linux/hrtimer_defs.h @@ -125,6 +125,7 @@ struct hrtimer_cpu_base { ktime_t softirq_expires_next; struct hrtimer *softirq_next_timer; struct hrtimer_clock_base clock_base[HRTIMER_MAX_CLOCK_BASES]; + call_single_data_t csd; } ____cacheline_aligned; diff --git a/kernel/time/hrtimer.c b/kernel/time/hrtimer.c index 4fb81f8c6f1c..deb1aa32814e 100644 --- a/kernel/time/hrtimer.c +++ b/kernel/time/hrtimer.c @@ -58,6 +58,8 @@ #define HRTIMER_ACTIVE_SOFT (HRTIMER_ACTIVE_HARD << MASK_SHIFT) #define HRTIMER_ACTIVE_ALL (HRTIMER_ACTIVE_SOFT | HRTIMER_ACTIVE_HARD) +static void retrigger_next_event(void *arg); + /* * The timer bases: * @@ -111,7 +113,8 @@ DEFINE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases) = .clockid = CLOCK_TAI, .get_time = &ktime_get_clocktai, }, - } + }, + .csd = CSD_INIT(retrigger_next_event, NULL) }; static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { @@ -124,6 +127,14 @@ static const int hrtimer_clock_to_base_table[MAX_CLOCKS] = { [CLOCK_TAI] = HRTIMER_BASE_TAI, }; +static inline bool hrtimer_base_is_online(struct hrtimer_cpu_base *base) +{ + if (!IS_ENABLED(CONFIG_HOTPLUG_CPU)) + return true; + else + return likely(base->online); +} + /* * Functions and macros which are different for UP/SMP systems are kept in a * single place @@ -178,27 +189,54 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, } /* - * We do not migrate the timer when it is expiring before the next - * event on the target cpu. When high resolution is enabled, we cannot - * reprogram the target cpu hardware and we would cause it to fire - * late. To keep it simple, we handle the high resolution enabled and - * disabled case similar. + * Check if the elected target is suitable considering its next + * event and the hotplug state of the current CPU. + * + * If the elected target is remote and its next event is after the timer + * to queue, then a remote reprogram is necessary. However there is no + * guarantee the IPI handling the operation would arrive in time to meet + * the high resolution deadline. In this case the local CPU becomes a + * preferred target, unless it is offline. + * + * High and low resolution modes are handled the same way for simplicity. * * Called with cpu_base->lock of target cpu held. */ -static int -hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) +static bool hrtimer_suitable_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base, + struct hrtimer_cpu_base *new_cpu_base, + struct hrtimer_cpu_base *this_cpu_base) { ktime_t expires; + /* + * The local CPU clockevent can be reprogrammed. Also get_target_base() + * guarantees it is online. + */ + if (new_cpu_base == this_cpu_base) + return true; + + /* + * The offline local CPU can't be the default target if the + * next remote target event is after this timer. Keep the + * elected new base. An IPI will we issued to reprogram + * it as a last resort. + */ + if (!hrtimer_base_is_online(this_cpu_base)) + return true; + expires = ktime_sub(hrtimer_get_expires(timer), new_base->offset); - return expires < new_base->cpu_base->expires_next; + + return expires >= new_base->cpu_base->expires_next; } -static inline -struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, - int pinned) +static inline struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, int pinned) { + if (!hrtimer_base_is_online(base)) { + int cpu = cpumask_any_and(cpu_online_mask, housekeeping_cpumask(HK_TYPE_TIMER)); + + return &per_cpu(hrtimer_bases, cpu); + } + #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) if (static_branch_likely(&timers_migration_enabled) && !pinned) return &per_cpu(hrtimer_bases, get_nohz_timer_target()); @@ -249,8 +287,8 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, raw_spin_unlock(&base->cpu_base->lock); raw_spin_lock(&new_base->cpu_base->lock); - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, + this_cpu_base)) { raw_spin_unlock(&new_base->cpu_base->lock); raw_spin_lock(&base->cpu_base->lock); new_cpu_base = this_cpu_base; @@ -259,8 +297,7 @@ switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, } WRITE_ONCE(timer->base, new_base); } else { - if (new_cpu_base != this_cpu_base && - hrtimer_check_target(timer, new_base)) { + if (!hrtimer_suitable_target(timer, new_base, new_cpu_base, this_cpu_base)) { new_cpu_base = this_cpu_base; goto again; } @@ -706,8 +743,6 @@ static inline int hrtimer_is_hres_enabled(void) return hrtimer_hres_enabled; } -static void retrigger_next_event(void *arg); - /* * Switch to high resolution mode */ @@ -1195,6 +1230,7 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, u64 delta_ns, const enum hrtimer_mode mode, struct hrtimer_clock_base *base) { + struct hrtimer_cpu_base *this_cpu_base = this_cpu_ptr(&hrtimer_bases); struct hrtimer_clock_base *new_base; bool force_local, first; @@ -1206,9 +1242,15 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, * and enforce reprogramming after it is queued no matter whether * it is the new first expiring timer again or not. */ - force_local = base->cpu_base == this_cpu_ptr(&hrtimer_bases); + force_local = base->cpu_base == this_cpu_base; force_local &= base->cpu_base->next_timer == timer; + /* + * Don't force local queuing if this enqueue happens on a unplugged + * CPU after hrtimer_cpu_dying() has been invoked. + */ + force_local &= this_cpu_base->online; + /* * Remove an active timer from the queue. In case it is not queued * on the current CPU, make sure that remove_hrtimer() updates the @@ -1238,8 +1280,27 @@ static int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, } first = enqueue_hrtimer(timer, new_base, mode); - if (!force_local) - return first; + if (!force_local) { + /* + * If the current CPU base is online, then the timer is + * never queued on a remote CPU if it would be the first + * expiring timer there. + */ + if (hrtimer_base_is_online(this_cpu_base)) + return first; + + /* + * Timer was enqueued remote because the current base is + * already offline. If the timer is the first to expire, + * kick the remote CPU to reprogram the clock event. + */ + if (first) { + struct hrtimer_cpu_base *new_cpu_base = new_base->cpu_base; + + smp_call_function_single_async(new_cpu_base->cpu, &new_cpu_base->csd); + } + return 0; + } /* * Timer was forced to stay on the current CPU to avoid

3 weeks, 6 days

5
6
0 0

FAILED: patch "[PATCH] btrfs: check folio mapping after unlock in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3e74859ee35edc33a022c3f3971df066ea0ca6b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024123045-parka-sublet-a95d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e74859ee35edc33a022c3f3971df066ea0ca6b9 Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Fri, 13 Dec 2024 12:22:32 -0800 Subject: [PATCH] btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. Fixes: e7f1326cc24e ("btrfs: set page extent mapped after read_folio in relocate_one_page") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index bf267bdfa8f8..db8b42f674b7 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -2902,6 +2902,7 @@ static int relocate_one_folio(struct reloc_control *rc, const bool use_rst = btrfs_need_stripe_tree_update(fs_info, rc->block_group->flags); ASSERT(index <= last_index); +again: folio = filemap_lock_folio(inode->i_mapping, index); if (IS_ERR(folio)) { @@ -2937,6 +2938,11 @@ static int relocate_one_folio(struct reloc_control *rc, ret = -EIO; goto release_folio; } + if (folio->mapping != inode->i_mapping) { + folio_unlock(folio); + folio_put(folio); + goto again; + } } /*

3 weeks, 6 days

4
5
0 0

FAILED: patch "[PATCH] btrfs: check folio mapping after unlock in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3e74859ee35edc33a022c3f3971df066ea0ca6b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024123042-limelight-doily-8703@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3e74859ee35edc33a022c3f3971df066ea0ca6b9 Mon Sep 17 00:00:00 2001 From: Boris Burkov <boris(a)bur.io> Date: Fri, 13 Dec 2024 12:22:32 -0800 Subject: [PATCH] btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. Fixes: e7f1326cc24e ("btrfs: set page extent mapped after read_folio in relocate_one_page") CC: stable(a)vger.kernel.org # 6.1+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Boris Burkov <boris(a)bur.io> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c index bf267bdfa8f8..db8b42f674b7 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -2902,6 +2902,7 @@ static int relocate_one_folio(struct reloc_control *rc, const bool use_rst = btrfs_need_stripe_tree_update(fs_info, rc->block_group->flags); ASSERT(index <= last_index); +again: folio = filemap_lock_folio(inode->i_mapping, index); if (IS_ERR(folio)) { @@ -2937,6 +2938,11 @@ static int relocate_one_folio(struct reloc_control *rc, ret = -EIO; goto release_folio; } + if (folio->mapping != inode->i_mapping) { + folio_unlock(folio); + folio_put(folio); + goto again; + } } /*

3 weeks, 6 days

3
2
0 0

RE: Drive Results for MRO & Air Charter with Targeted Contact Solutions

by Jessica Garcia

Hi , Circling back to see if you had any questions about my earlier email. Feel free to share your target industries and job titles, and I'll provide the relevant pricing and volume information. Regards, Jessica Marketing Manager Campaign Data Leads., Please respond with an Remove if you don't wish to receive further emails. -----Original Message----- From: Jessica Garcia Subject: Drive Results for MRO & Air Charter with Targeted Contact Solutions Hi , I'm offering a resource that connects aviation outreach with data-backed direction. We provide a current and verified list of contacts, tailored specifically for your industry. (i) High-Net-Worth Individuals (HNWI) seeking seamless luxury travel and private charters (ii) MRO Professionals focused on enhancing maintenance and procurement strategies (iii) Executive Assistants managing the travel needs of high-ranking executives For businesses offering aviation products, maintenance services, or charter flights, these contacts are ideal for your campaign. Please let me know if you'd like to explore the lead counts and their pricing structure. Regards, Jessica Marketing Manager Campaign Data Leads., Please respond with an Remove if you don't wish to receive further emails.

3 weeks, 6 days

1
0
0 0

[to-be-updated] mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table has been removed from the -mm tree. Its filename was mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table.patch This patch was dropped because an updated version will be issued ------------------------------------------------------ From: Gavin Guo <gavinguo(a)igalia.com> Subject: mm/hugetlb: fix a deadlock with pagecache_folio and hugetlb_fault_mutex_table Date: Tue, 13 May 2025 17:34:48 +0800 Fix a deadlock which can be triggered by an internal syzkaller [1] reproducer and captured by bpftrace script [2] and its log [3] in this scenario: Process 1 Process 2 --- --- hugetlb_fault mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // take A hugetlb_wp mutex_unlock(B) // release B ... hugetlb_fault ... mutex_lock(B) // take B filemap_lock_hugetlb_folio filemap_lock_folio __filemap_get_folio folio_lock(A) // blocked unmap_ref_private ... mutex_lock(B) // retake and blocked This is a ABBA deadlock involving two locks: - Lock A: pagecache_folio lock - Lock B: hugetlb_fault_mutex_table lock The deadlock occurs between two processes as follows: 1. The first process (let's call it Process 1) is handling a copy-on-write (COW) operation on a hugepage via hugetlb_wp. Due to insufficient reserved hugetlb pages, Process 1, owner of the reserved hugetlb page, attempts to unmap a hugepage owned by another process (non-owner) to satisfy the reservation. Before unmapping, Process 1 acquires lock B (hugetlb_fault_mutex_table lock) and then lock A (pagecache_folio lock). To proceed with the unmap, it releases Lock B but retains Lock A. After the unmap, Process 1 tries to reacquire Lock B. However, at this point, Lock B has already been acquired by another process. 2. The second process (Process 2) enters the hugetlb_fault handler during the unmap operation. It successfully acquires Lock B (hugetlb_fault_mutex_table lock) that was just released by Process 1, but then attempts to acquire Lock A (pagecache_folio lock), which is still held by Process 1. As a result, Process 1 (holding Lock A) is blocked waiting for Lock B (held by Process 2), while Process 2 (holding Lock B) is blocked waiting for Lock A (held by Process 1), constructing a ABBA deadlock scenario. The solution here is to unlock the pagecache_folio and provide the pagecache_folio_unlocked variable to the caller to have the visibility over the pagecache_folio status for subsequent handling. The error message: INFO: task repro_20250402_:13229 blocked for more than 64 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:25856 pid:13229 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00004006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 schedule_preempt_disabled+0x15/0x30 __mutex_lock+0x75f/0xeb0 hugetlb_wp+0xf88/0x3440 hugetlb_fault+0x14c8/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0x61d/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0010:__put_user_4+0xd/0x20 copy_process+0x1f4a/0x3d60 kernel_clone+0x210/0x8f0 __x64_sys_clone+0x18d/0x1f0 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x41b26d </TASK> INFO: task repro_20250402_:13229 is blocked on a mutex likely owned by task repro_20250402_:13250. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> INFO: task repro_20250402_:13250 blocked for more than 65 seconds. Not tainted 6.15.0-rc3+ #24 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:repro_20250402_ state:D stack:28288 pid:13250 tgid:13228 ppid:3513 task_flags:0x400040 flags:0x00000006 Call Trace: <TASK> __schedule+0x1755/0x4f50 schedule+0x158/0x330 io_schedule+0x92/0x110 folio_wait_bit_common+0x69a/0xba0 __filemap_get_folio+0x154/0xb70 hugetlb_fault+0xa50/0x2c30 trace_clock_x86_tsc+0x20/0x20 do_user_addr_fault+0xace/0x1490 exc_page_fault+0x64/0x100 asm_exc_page_fault+0x26/0x30 RIP: 0033:0x402619 </TASK> Showing all locks held in the system: 1 lock held by khungtaskd/35: #0: ffffffff879a7440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 2 locks held by repro_20250402_/13229: #0: ffff888017d801e0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x37/0x300 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_wp+0xf88/0x3440 3 locks held by repro_20250402_/13250: #0: ffff8880177f3d08 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x41b/0x1490 #1: ffff888000fec848 (&hugetlb_fault_mutex_table[i]){+.+.}-{4:4}, at: hugetlb_fault+0x3b8/0x2c30 #2: ffff8880129500e8 (&resv_map->rw_sema){++++}-{4:4}, at: hugetlb_fault+0x494/0x2c30 Link: https://drive.google.com/file/d/1DVRnIW-vSayU5J1re9Ct_br3jJQU6Vpb/view?usp=… [1] Link: https://github.com/bboymimi/bpftracer/blob/master/scripts/hugetlb_lock_debu… [2] Link: https://drive.google.com/file/d/1bWq2-8o-BJAuhoHWX7zAhI6ggfhVzQUI/view?usp=… [3] Link: https://lkml.kernel.org/r/20250513093448.592150-1-gavinguo@igalia.com Fixes: 40549ba8f8e0 ("hugetlb: use new vma_lock for pmd sharing synchronization") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Florent Revest <revest(a)google.com> Cc: Gavin Shan <gshan(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Byungchul Park <byungchul(a)sk.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-fix-a-deadlock-with-pagecache_folio-and-hugetlb_fault_mutex_table +++ a/mm/hugetlb.c @@ -6131,7 +6131,8 @@ static void unmap_ref_private(struct mm_ * Keep the pte_same checks anyway to make transition from the mutex easier. */ static vm_fault_t hugetlb_wp(struct folio *pagecache_folio, - struct vm_fault *vmf) + struct vm_fault *vmf, + bool *pagecache_folio_unlocked) { struct vm_area_struct *vma = vmf->vma; struct mm_struct *mm = vma->vm_mm; @@ -6229,6 +6230,22 @@ retry_avoidcopy: folio_put(old_folio); /* + * The pagecache_folio needs to be unlocked to avoid + * deadlock and we won't re-lock it in hugetlb_wp(). The + * pagecache_folio could be truncated after being + * unlocked. So its state should not be relied + * subsequently. + * + * Setting *pagecache_folio_unlocked to true allows the + * caller to handle any necessary logic related to the + * folio's unlocked state. + */ + if (pagecache_folio) { + folio_unlock(pagecache_folio); + if (pagecache_folio_unlocked) + *pagecache_folio_unlocked = true; + } + /* * Drop hugetlb_fault_mutex and vma_lock before * unmapping. unmapping needs to hold vma_lock * in write mode. Dropping vma_lock in read mode @@ -6581,7 +6598,7 @@ static vm_fault_t hugetlb_no_page(struct hugetlb_count_add(pages_per_huge_page(h), mm); if ((vmf->flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ - ret = hugetlb_wp(folio, vmf); + ret = hugetlb_wp(folio, vmf, NULL); } spin_unlock(vmf->ptl); @@ -6653,6 +6670,7 @@ vm_fault_t hugetlb_fault(struct mm_struc struct hstate *h = hstate_vma(vma); struct address_space *mapping; int need_wait_lock = 0; + bool pagecache_folio_unlocked = false; struct vm_fault vmf = { .vma = vma, .address = address & huge_page_mask(h), @@ -6807,7 +6825,8 @@ vm_fault_t hugetlb_fault(struct mm_struc if (flags & (FAULT_FLAG_WRITE|FAULT_FLAG_UNSHARE)) { if (!huge_pte_write(vmf.orig_pte)) { - ret = hugetlb_wp(pagecache_folio, &vmf); + ret = hugetlb_wp(pagecache_folio, &vmf, + &pagecache_folio_unlocked); goto out_put_page; } else if (likely(flags & FAULT_FLAG_WRITE)) { vmf.orig_pte = huge_pte_mkdirty(vmf.orig_pte); @@ -6824,10 +6843,14 @@ out_put_page: out_ptl: spin_unlock(vmf.ptl); - if (pagecache_folio) { + /* + * If the pagecache_folio is unlocked in hugetlb_wp(), we skip + * folio_unlock() here. + */ + if (pagecache_folio && !pagecache_folio_unlocked) folio_unlock(pagecache_folio); + if (pagecache_folio) folio_put(pagecache_folio); - } out_mutex: hugetlb_vma_unlock_read(vma); _ Patches currently in -mm which might be from gavinguo(a)igalia.com are

3 weeks, 6 days

1
0
0 0

[PATCH 1/1] alloc_tag: handle module codetag load errors as module load failures

by Suren Baghdasaryan

Failures inside codetag_load_module() are currently ignored. As a result an error there would not cause a module load failure and freeing of the associated resources. Correct this behavior by propagating the error code to the caller and handling possible errors. With this change, error to allocate percpu counters, which happens at this stage, will not be ignored and will cause a module load failure and freeing of resources. With this change we also do not need to disable memory allocation profiling when this error happens, instead we fail to load the module. Fixes: 10075262888b ("alloc_tag: allocate percpu counters for module tags dynamically") Reported-by: Casey Chen <cachen(a)purestorage.com> Closes: https://lore.kernel.org/all/20250520231620.15259-1-cachen@purestorage.com/ Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Cc: stable(a)vger.kernel.org --- include/linux/codetag.h | 8 ++++---- kernel/module/main.c | 5 +++-- lib/alloc_tag.c | 12 +++++++----- lib/codetag.c | 34 +++++++++++++++++++++++++--------- 4 files changed, 39 insertions(+), 20 deletions(-) diff --git a/include/linux/codetag.h b/include/linux/codetag.h index 0ee4c21c6dbc..5f2b9a1f722c 100644 --- a/include/linux/codetag.h +++ b/include/linux/codetag.h @@ -36,8 +36,8 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct module *mod, - struct codetag *start, struct codetag *end); + int (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); void (*module_unload)(struct module *mod, struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES @@ -89,7 +89,7 @@ void *codetag_alloc_module_section(struct module *mod, const char *name, unsigned long align); void codetag_free_module_sections(struct module *mod); void codetag_module_replaced(struct module *mod, struct module *new_mod); -void codetag_load_module(struct module *mod); +int codetag_load_module(struct module *mod); void codetag_unload_module(struct module *mod); #else /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ @@ -103,7 +103,7 @@ codetag_alloc_module_section(struct module *mod, const char *name, unsigned long align) { return NULL; } static inline void codetag_free_module_sections(struct module *mod) {} static inline void codetag_module_replaced(struct module *mod, struct module *new_mod) {} -static inline void codetag_load_module(struct module *mod) {} +static inline int codetag_load_module(struct module *mod) { return 0; } static inline void codetag_unload_module(struct module *mod) {} #endif /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ diff --git a/kernel/module/main.c b/kernel/module/main.c index 5c6ab20240a6..9861c2ac5fd5 100644 --- a/kernel/module/main.c +++ b/kernel/module/main.c @@ -3399,11 +3399,12 @@ static int load_module(struct load_info *info, const char __user *uargs, goto sysfs_cleanup; } + if (codetag_load_module(mod)) + goto sysfs_cleanup; + /* Get rid of temporary copy. */ free_copy(info, flags); - codetag_load_module(mod); - /* Done! */ trace_module_load(mod); diff --git a/lib/alloc_tag.c b/lib/alloc_tag.c index 45dae7da70e1..d48b80f3f007 100644 --- a/lib/alloc_tag.c +++ b/lib/alloc_tag.c @@ -607,15 +607,16 @@ static void release_module_tags(struct module *mod, bool used) mas_unlock(&mas); } -static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +static int load_module(struct module *mod, struct codetag *start, struct codetag *stop) { /* Allocate module alloc_tag percpu counters */ struct alloc_tag *start_tag; struct alloc_tag *stop_tag; struct alloc_tag *tag; + /* percpu counters for core allocations are already statically allocated */ if (!mod) - return; + return 0; start_tag = ct_to_alloc_tag(start); stop_tag = ct_to_alloc_tag(stop); @@ -627,12 +628,13 @@ static void load_module(struct module *mod, struct codetag *start, struct codeta free_percpu(tag->counters); tag->counters = NULL; } - shutdown_mem_profiling(true); - pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s\n", mod->name); - break; + return -ENOMEM; } } + + return 0; } static void replace_module(struct module *mod, struct module *new_mod) diff --git a/lib/codetag.c b/lib/codetag.c index de332e98d6f5..650d54d7e14d 100644 --- a/lib/codetag.c +++ b/lib/codetag.c @@ -167,6 +167,7 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) { struct codetag_range range; struct codetag_module *cmod; + int mod_id; int err; range = get_section_range(mod, cttype->desc.section); @@ -190,11 +191,20 @@ static int codetag_module_init(struct codetag_type *cttype, struct module *mod) cmod->range = range; down_write(&cttype->mod_lock); - err = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); - if (err >= 0) { - cttype->count += range_size(cttype, &range); - if (cttype->desc.module_load) - cttype->desc.module_load(mod, range.start, range.stop); + mod_id = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); + if (mod_id >= 0) { + if (cttype->desc.module_load) { + err = cttype->desc.module_load(mod, range.start, range.stop); + if (!err) + cttype->count += range_size(cttype, &range); + else + idr_remove(&cttype->mod_idr, mod_id); + } else { + cttype->count += range_size(cttype, &range); + err = 0; + } + } else { + err = mod_id; } up_write(&cttype->mod_lock); @@ -295,17 +305,23 @@ void codetag_module_replaced(struct module *mod, struct module *new_mod) mutex_unlock(&codetag_lock); } -void codetag_load_module(struct module *mod) +int codetag_load_module(struct module *mod) { struct codetag_type *cttype; + int ret = 0; if (!mod) - return; + return 0; mutex_lock(&codetag_lock); - list_for_each_entry(cttype, &codetag_types, link) - codetag_module_init(cttype, mod); + list_for_each_entry(cttype, &codetag_types, link) { + ret = codetag_module_init(cttype, mod); + if (ret) + break; + } mutex_unlock(&codetag_lock); + + return ret; } void codetag_unload_module(struct module *mod) base-commit: 9f3e87f6c8d4b28b96eb8bddb22d3ba4b846e10b -- 2.49.0.1112.g889b7c5bd8-goog

3 weeks, 6 days

2
2
0 0

[PATCH v2 1/2] SUNRPC: Prevent hang on NFS mount with xprtsec=[m]tls

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Engineers at Hammerspace noticed that sometimes mounting with "xprtsec=tls" hangs for a minute or so, and then times out, even when the NFS server is reachable and responsive. kTLS shuts off data_ready callbacks if strp->msg_ready is set to mitigate data_ready callbacks when a full TLS record is not yet ready to be read from the socket. Normally msg_ready is clear when the first TLS record arrives on a socket. However, I observed that sometimes tls_setsockopt() sets strp->msg_ready, and that prevents forward progress because tls_data_ready() becomes a no-op. Moreover, Jakub says: "If there's a full record queued at the time when [tlshd] passes the socket back to the kernel, it's up to the reader to read the already queued data out." So SunRPC cannot expect a data_ready call when ingress data is already waiting. Add an explicit poll after SunRPC's upper transport is set up to pick up any data that arrived after the TLS handshake but before transport set-up is complete. Reported-by: Steve Sears <sjs(a)hammerspace.com> Suggested-by: Jakub Kacinski <kuba(a)kernel.org> Fixes: 75eb6af7acdf ("SUNRPC: Add a TCP-with-TLS RPC transport class") Tested-by: Mike Snitzer <snitzer(a)kernel.org> Reviewed-by: Mike Snitzer <snitzer(a)kernel.org> Cc: stable(a)vger.kernel.org Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- net/sunrpc/xprtsock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 83cc095846d3..4b10ecf4c265 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -2740,6 +2740,11 @@ static void xs_tcp_tls_setup_socket(struct work_struct *work) } rpc_shutdown_client(lower_clnt); + /* Check for ingress data that arrived before the socket's + * ->data_ready callback was set up. + */ + xs_poll_check_readable(upper_transport); + out_unlock: current_restore_flags(pflags, PF_MEMALLOC); upper_transport->clnt = NULL; -- 2.49.0

3 weeks, 6 days

1
0
0 0

+ alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: alloc_tag: handle module codetag load errors as module load failures has been added to the -mm mm-hotfixes-unstable branch. Its filename is alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: handle module codetag load errors as module load failures Date: Wed, 21 May 2025 09:06:02 -0700 Failures inside codetag_load_module() are currently ignored. As a result an error there would not cause a module load failure and freeing of the associated resources. Correct this behavior by propagating the error code to the caller and handling possible errors. With this change, error to allocate percpu counters, which happens at this stage, will not be ignored and will cause a module load failure and freeing of resources. With this change we also do not need to disable memory allocation profiling when this error happens, instead we fail to load the module. Link: https://lkml.kernel.org/r/20250521160602.1940771-1-surenb@google.com Fixes: 10075262888b ("alloc_tag: allocate percpu counters for module tags dynamically") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: Casey Chen <cachen(a)purestorage.com> Closes: https://lore.kernel.org/all/20250520231620.15259-1-cachen@purestorage.com/ Cc: Daniel Gomez <da.gomez(a)samsung.com> Cc: David Wang <00107082(a)163.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Luis Chamberalin <mcgrof(a)kernel.org> Cc: Petr Pavlu <petr.pavlu(a)suse.com> Cc: Sami Tolvanen <samitolvanen(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/codetag.h | 8 ++++---- kernel/module/main.c | 5 +++-- lib/alloc_tag.c | 12 +++++++----- lib/codetag.c | 34 +++++++++++++++++++++++++--------- 4 files changed, 39 insertions(+), 20 deletions(-) --- a/include/linux/codetag.h~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/include/linux/codetag.h @@ -36,8 +36,8 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct module *mod, - struct codetag *start, struct codetag *end); + int (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); void (*module_unload)(struct module *mod, struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES @@ -89,7 +89,7 @@ void *codetag_alloc_module_section(struc unsigned long align); void codetag_free_module_sections(struct module *mod); void codetag_module_replaced(struct module *mod, struct module *new_mod); -void codetag_load_module(struct module *mod); +int codetag_load_module(struct module *mod); void codetag_unload_module(struct module *mod); #else /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ @@ -103,7 +103,7 @@ codetag_alloc_module_section(struct modu unsigned long align) { return NULL; } static inline void codetag_free_module_sections(struct module *mod) {} static inline void codetag_module_replaced(struct module *mod, struct module *new_mod) {} -static inline void codetag_load_module(struct module *mod) {} +static inline int codetag_load_module(struct module *mod) { return 0; } static inline void codetag_unload_module(struct module *mod) {} #endif /* defined(CONFIG_CODE_TAGGING) && defined(CONFIG_MODULES) */ --- a/kernel/module/main.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/kernel/module/main.c @@ -3399,11 +3399,12 @@ static int load_module(struct load_info goto sysfs_cleanup; } + if (codetag_load_module(mod)) + goto sysfs_cleanup; + /* Get rid of temporary copy. */ free_copy(info, flags); - codetag_load_module(mod); - /* Done! */ trace_module_load(mod); --- a/lib/alloc_tag.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/lib/alloc_tag.c @@ -618,15 +618,16 @@ out: mas_unlock(&mas); } -static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +static int load_module(struct module *mod, struct codetag *start, struct codetag *stop) { /* Allocate module alloc_tag percpu counters */ struct alloc_tag *start_tag; struct alloc_tag *stop_tag; struct alloc_tag *tag; + /* percpu counters for core allocations are already statically allocated */ if (!mod) - return; + return 0; start_tag = ct_to_alloc_tag(start); stop_tag = ct_to_alloc_tag(stop); @@ -638,12 +639,13 @@ static void load_module(struct module *m free_percpu(tag->counters); tag->counters = NULL; } - shutdown_mem_profiling(true); - pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s\n", mod->name); - break; + return -ENOMEM; } } + + return 0; } static void replace_module(struct module *mod, struct module *new_mod) --- a/lib/codetag.c~alloc_tag-handle-module-codetag-load-errors-as-module-load-failures +++ a/lib/codetag.c @@ -167,6 +167,7 @@ static int codetag_module_init(struct co { struct codetag_range range; struct codetag_module *cmod; + int mod_id; int err; range = get_section_range(mod, cttype->desc.section); @@ -190,11 +191,20 @@ static int codetag_module_init(struct co cmod->range = range; down_write(&cttype->mod_lock); - err = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); - if (err >= 0) { - cttype->count += range_size(cttype, &range); - if (cttype->desc.module_load) - cttype->desc.module_load(mod, range.start, range.stop); + mod_id = idr_alloc(&cttype->mod_idr, cmod, 0, 0, GFP_KERNEL); + if (mod_id >= 0) { + if (cttype->desc.module_load) { + err = cttype->desc.module_load(mod, range.start, range.stop); + if (!err) + cttype->count += range_size(cttype, &range); + else + idr_remove(&cttype->mod_idr, mod_id); + } else { + cttype->count += range_size(cttype, &range); + err = 0; + } + } else { + err = mod_id; } up_write(&cttype->mod_lock); @@ -295,17 +305,23 @@ void codetag_module_replaced(struct modu mutex_unlock(&codetag_lock); } -void codetag_load_module(struct module *mod) +int codetag_load_module(struct module *mod) { struct codetag_type *cttype; + int ret = 0; if (!mod) - return; + return 0; mutex_lock(&codetag_lock); - list_for_each_entry(cttype, &codetag_types, link) - codetag_module_init(cttype, mod); + list_for_each_entry(cttype, &codetag_types, link) { + ret = codetag_module_init(cttype, mod); + if (ret) + break; + } mutex_unlock(&codetag_lock); + + return ret; } void codetag_unload_module(struct module *mod) _ Patches currently in -mm which might be from surenb(a)google.com are alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch alloc_tag-handle-module-codetag-load-errors-as-module-load-failures.patch

3 weeks, 6 days

1
0
0 0

dot files in cifs mounted share

by bd730c5053df9efb

Hi! I upgraded the stock kernel on my slackware machine from 5.15.161 to 6.12.16 and I realized that I was not being able to create dot files in a cifs mounted volume. I just updated the kernel to 6.12.29 and I find the same behavior. The share is exported from a samba machine whose smb.conf file is the following (redacted for privacy) [global] security = ADS workgroup = ADDOMAIN realm = ADDOMAIN.COM username map = /etc/samba/user.map kerberos method = secrets and keytab winbind refresh tickets = Yes winbind expand groups = 2 winbind offline logon = Yes # winbind enum users = Yes # winbind enum groups = Yes dedicated keytab file = /etc/krb5.keytab idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config addomain:backend = ad idmap config addomain:schema_mode = rfc2307 idmap config addomain:range = 10000-999999 idmap config addomain:unix_nss_info = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes printing = CUPS log level = 1 auth:3 auth_audit:3 auth_json_audit:3 rpc_server:spoolss = external rpc_daemon:spoolssd = fork spoolssd:prefork_min_children = 5 spoolssd:prefork_max_children = 25 spoolssd:prefork_spawn_rate = 5 spoolssd:prefork_max_allowed_clients = 100 spoolssd:prefork_child_min_life = 60 ntlm auth = mschapv2-and-ntlmv2-only [printers] path = /var/spool/samba printable = Yes [print$] path = /srv/samba/printer_drivers read only = No [users] path = /home/users read only = No [Publicas] path = /home/shares/publicas read only = No The client is succesfully joined to the domain and the shares are mounted with the following parameters (redacted for privacy) //fileserver.addomain.com/Users/username on /home/username/.Documents type cifs (rw,relatime,vers=3.1.1,cache=strict,username=username,domain=ADDOMAIN,uid=11002,forceuid,gid=10513,forcegid,addr=192.168.25.6,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,reparse=nfs,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) //fileserver.addomain.com/Publicas on /home/username/Public type cifs (rw,relatime,vers=3.1.1,cache=strict,username=username,domain=ADDOMAIN,uid=11002,forceuid,gid=10513,forcegid,addr=192.168.25.6,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,reparse=nfs,rsize=4194304,wsize=4194304,bsize=1048576,retrans=1,echo_interval=60,actimeo=1,closetimeo=1) If I issue the following command cd /home/username/.Documents/ touch .foo.bar (this file doesn't exist on the volume) I get the following error "touch: cannot touch '.foo.bar': Permission denied" When I increase the debug by issuing the following command all echo 7 > /proc/fs/cifs/cifsFYI All I get in dmesg is [ 2702.654271] CIFS: Status code returned 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND However the even weirder part is that on the "Publicas" volume I have no such issue cd /home/username/Public/ touch ./.foo.bar ls -alt -rwxr-xr-x 1 ADDOMAIN\username ADDOMAIN\domain users 0 may 21 14:57 .foo.bar If I boot back 5.15.161 I have no such problem. Thanks in advance! Best regards, Dave.

3 weeks, 6 days

1
0
0 0

[PATCH] mmc: core: sd: Apply BROKEN_SD_DISCARD quirk earlier

by Avri Altman

Move the BROKEN_SD_DISCARD quirk for certain SanDisk SD cards from the `mmc_blk_fixups[]` to `mmc_sd_fixups[]`. This ensures the quirk is applied earlier in the device initialization process, aligning with the reasoning in [1]. Applying the quirk sooner prevents the kernel from incorrectly enabling discard support on affected cards during initial setup. [1] https://lore.kernel.org/all/20240820230631.GA436523@sony.com Fixes: 07d2872bf4c8 ("mmc: core: Add SD card quirk for broken discard") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/quirks.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/quirks.h b/drivers/mmc/core/quirks.h index 7f893bafaa60..c417ed34c057 100644 --- a/drivers/mmc/core/quirks.h +++ b/drivers/mmc/core/quirks.h @@ -44,6 +44,12 @@ static const struct mmc_fixup __maybe_unused mmc_sd_fixups[] = { 0, -1ull, SDIO_ANY_ID, SDIO_ANY_ID, add_quirk_sd, MMC_QUIRK_NO_UHS_DDR50_TUNING, EXT_CSD_REV_ANY), + /* + * Some SD cards reports discard support while they don't + */ + MMC_FIXUP(CID_NAME_ANY, CID_MANFID_SANDISK_SD, 0x5344, add_quirk_sd, + MMC_QUIRK_BROKEN_SD_DISCARD), + END_FIXUP }; @@ -147,12 +153,6 @@ static const struct mmc_fixup __maybe_unused mmc_blk_fixups[] = { MMC_FIXUP("M62704", CID_MANFID_KINGSTON, 0x0100, add_quirk_mmc, MMC_QUIRK_TRIM_BROKEN), - /* - * Some SD cards reports discard support while they don't - */ - MMC_FIXUP(CID_NAME_ANY, CID_MANFID_SANDISK_SD, 0x5344, add_quirk_sd, - MMC_QUIRK_BROKEN_SD_DISCARD), - END_FIXUP }; -- 2.25.1

3 weeks, 6 days

3
2
0 0

[PATCH 5.15 0/1] Oopses on module unload seen on 5.15-rc

by Fedor Pchelkin

A followup to the similar patch sent to 6.1.y: https://lore.kernel.org/stable/20250521165909.834545-1-pchelkin@ispras.ru/ commit 959cadf09dbae7b304f03e039b8d8e13c529e2dd Author: Peter Zijlstra <peterz(a)infradead.org> Date: Mon Oct 14 10:05:48 2024 -0700 x86/its: Use dynamic thunks for indirect branches commit 872df34d7c51a79523820ea6a14860398c639b87 upstream. being ported to 5.15.y would lead to kernel crashes there after module unload operations. As mentioned in the blamed patch comment describing the backport adaptations: [ pawan: CONFIG_EXECMEM and CONFIG_EXECMEM_ROX are not supported on backport kernel, made changes to use module_alloc() and set_memory_*() for dynamic thunks. ] module_alloc/module_memfree in conjunction with memory protection routines were used. The allocated memory is vmalloc-based, and it ends up being ROX upon release inside its_free_mod(). Freeing of special permissioned memory in vmalloc requires its own handling. VM_FLUSH_RESET_PERMS flag was introduced for these purposes. In-kernel users dealing with the stuff had to care about this explicitly before commit 4c4eb3ecc91f ("x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()"). It fixes the current problem. More recent kernels starting from 6.2 have the commit and are not affected. Found by Linux Verification Center (linuxtesting.org). Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() arch/x86/kernel/ftrace.c | 2 -- arch/x86/kernel/kprobes/core.c | 1 - arch/x86/kernel/module.c | 9 +++++---- 3 files changed, 5 insertions(+), 7 deletions(-) -- 2.49.0

3 weeks, 6 days

1
1
0 0

Re: [PATCH v1] virtio_blk: Fix disk deletion hang on device surprise removal

by Michael S. Tsirkin

On Wed, May 21, 2025 at 06:37:41AM +0000, Parav Pandit wrote: > When the PCI device is surprise removed, requests may not complete > the device as the VQ is marked as broken. Due to this, the disk > deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however > when the driver knows about unresponsive block device, swiftly clearing > them enables users and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in > virtio used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") > Cc: stable(a)vger.kernel.org > Reported-by: lirongqing(a)baidu.com > Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… > Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin <israelr(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > --- > changelog: > v0->v1: > - Fixed comments from Stefan to rename a cleanup function > - Improved logic for handling any outstanding requests > in bio layer > - improved cancel callback to sync with ongoing done() thanks for the patch! questions: > --- > drivers/block/virtio_blk.c | 95 ++++++++++++++++++++++++++++++++++++++ > 1 file changed, 95 insertions(+) > > diff --git a/drivers/block/virtio_blk.c b/drivers/block/virtio_blk.c > index 7cffea01d868..5212afdbd3c7 100644 > --- a/drivers/block/virtio_blk.c > +++ b/drivers/block/virtio_blk.c > @@ -435,6 +435,13 @@ static blk_status_t virtio_queue_rq(struct blk_mq_hw_ctx *hctx, > blk_status_t status; > int err; > > + /* Immediately fail all incoming requests if the vq is broken. > + * Once the queue is unquiesced, upper block layer flushes any pending > + * queued requests; fail them right away. > + */ > + if (unlikely(virtqueue_is_broken(vblk->vqs[qid].vq))) > + return BLK_STS_IOERR; > + > status = virtblk_prep_rq(hctx, vblk, req, vbr); > if (unlikely(status)) > return status; just below this: spin_lock_irqsave(&vblk->vqs[qid].lock, flags); err = virtblk_add_req(vblk->vqs[qid].vq, vbr); if (err) { and virtblk_add_req calls virtqueue_add_sgs, so it will fail on a broken vq. Why do we need to check it one extra time here? > @@ -508,6 +515,11 @@ static void virtio_queue_rqs(struct rq_list *rqlist) > while ((req = rq_list_pop(rqlist))) { > struct virtio_blk_vq *this_vq = get_virtio_blk_vq(req->mq_hctx); > > + if (unlikely(virtqueue_is_broken(this_vq->vq))) { > + rq_list_add_tail(&requeue_list, req); > + continue; > + } > + > if (vq && vq != this_vq) > virtblk_add_req_batch(vq, &submit_list); > vq = this_vq; similarly > @@ -1554,6 +1566,87 @@ static int virtblk_probe(struct virtio_device *vdev) > return err; > } > > +static bool virtblk_request_cancel(struct request *rq, void *data) > +{ > + struct virtblk_req *vbr = blk_mq_rq_to_pdu(rq); > + struct virtio_blk *vblk = data; > + struct virtio_blk_vq *vq; > + unsigned long flags; > + > + vq = &vblk->vqs[rq->mq_hctx->queue_num]; > + > + spin_lock_irqsave(&vq->lock, flags); > + > + vbr->in_hdr.status = VIRTIO_BLK_S_IOERR; > + if (blk_mq_request_started(rq) && !blk_mq_request_completed(rq)) > + blk_mq_complete_request(rq); > + > + spin_unlock_irqrestore(&vq->lock, flags); > + return true; > +} > + > +static void virtblk_broken_device_cleanup(struct virtio_blk *vblk) > +{ > + struct request_queue *q = vblk->disk->queue; > + > + if (!virtqueue_is_broken(vblk->vqs[0].vq)) > + return; > + > + /* Start freezing the queue, so that new requests keeps waitng at the > + * door of bio_queue_enter(). We cannot fully freeze the queue because > + * freezed queue is an empty queue and there are pending requests, so > + * only start freezing it. > + */ > + blk_freeze_queue_start(q); > + > + /* When quiescing completes, all ongoing dispatches have completed > + * and no new dispatch will happen towards the driver. > + * This ensures that later when cancel is attempted, then are not > + * getting processed by the queue_rq() or queue_rqs() handlers. > + */ > + blk_mq_quiesce_queue(q); > + > + /* > + * Synchronize with any ongoing VQ callbacks, effectively quiescing > + * the device and preventing it from completing further requests > + * to the block layer. Any outstanding, incomplete requests will be > + * completed by virtblk_request_cancel(). > + */ > + virtio_synchronize_cbs(vblk->vdev); > + > + /* At this point, no new requests can enter the queue_rq() and > + * completion routine will not complete any new requests either for the > + * broken vq. Hence, it is safe to cancel all requests which are > + * started. > + */ > + blk_mq_tagset_busy_iter(&vblk->tag_set, virtblk_request_cancel, vblk); > + blk_mq_tagset_wait_completed_request(&vblk->tag_set); > + > + /* All pending requests are cleaned up. Time to resume so that disk > + * deletion can be smooth. Start the HW queues so that when queue is > + * unquiesced requests can again enter the driver. > + */ > + blk_mq_start_stopped_hw_queues(q, true); > + > + /* Unquiescing will trigger dispatching any pending requests to the > + * driver which has crossed bio_queue_enter() to the driver. > + */ > + blk_mq_unquiesce_queue(q); > + > + /* Wait for all pending dispatches to terminate which may have been > + * initiated after unquiescing. > + */ > + blk_mq_freeze_queue_wait(q); > + > + /* Mark the disk dead so that once queue unfreeze, the requests > + * waiting at the door of bio_queue_enter() can be aborted right away. > + */ > + blk_mark_disk_dead(vblk->disk); > + > + /* Unfreeze the queue so that any waiting requests will be aborted. */ > + blk_mq_unfreeze_queue_nomemrestore(q); > +} > + > static void virtblk_remove(struct virtio_device *vdev) > { > struct virtio_blk *vblk = vdev->priv; > @@ -1561,6 +1654,8 @@ static void virtblk_remove(struct virtio_device *vdev) > /* Make sure no work handler is accessing the device. */ > flush_work(&vblk->config_work); > > + virtblk_broken_device_cleanup(vblk); > + > del_gendisk(vblk->disk); > blk_mq_free_tag_set(&vblk->tag_set); > > -- > 2.34.1

3 weeks, 6 days

2
8
0 0

FAILED: patch "[PATCH] drm/amdgpu: read back register after written for VCN v4.0.5" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ee7360fc27d6045510f8fe459b5649b2af27811a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052140-handsaw-train-2343@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee7360fc27d6045510f8fe459b5649b2af27811a Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Mon, 12 May 2025 15:14:43 -0400 Subject: [PATCH] drm/amdgpu: read back register after written for VCN v4.0.5 On VCN v4.0.5 there is a race condition where the WPTR is not updated after starting from idle when doorbell is used. Adding register read-back after written at function end is to ensure all register writes are done before they can be used. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12528 Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 07c9db090b86e5211188e1b351303fbc673378cf) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index a1171e6152ed..f11df9c2ec13 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -1023,6 +1023,10 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_vcn_inst *vinst, ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | VCN_RB1_DB_CTRL__EN_MASK); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, inst_idx, regVCN_RB1_DB_CTRL); + return 0; } @@ -1205,6 +1209,10 @@ static int vcn_v4_0_5_start(struct amdgpu_vcn_inst *vinst) WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + return 0; }

3 weeks, 6 days

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: read back register after written for VCN v4.0.5" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x ee7360fc27d6045510f8fe459b5649b2af27811a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052139-turkey-gumminess-1680@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee7360fc27d6045510f8fe459b5649b2af27811a Mon Sep 17 00:00:00 2001 From: "David (Ming Qiang) Wu" <David.Wu3(a)amd.com> Date: Mon, 12 May 2025 15:14:43 -0400 Subject: [PATCH] drm/amdgpu: read back register after written for VCN v4.0.5 On VCN v4.0.5 there is a race condition where the WPTR is not updated after starting from idle when doorbell is used. Adding register read-back after written at function end is to ensure all register writes are done before they can be used. Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12528 Signed-off-by: David (Ming Qiang) Wu <David.Wu3(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Tested-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 07c9db090b86e5211188e1b351303fbc673378cf) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index a1171e6152ed..f11df9c2ec13 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -1023,6 +1023,10 @@ static int vcn_v4_0_5_start_dpg_mode(struct amdgpu_vcn_inst *vinst, ring->doorbell_index << VCN_RB1_DB_CTRL__OFFSET__SHIFT | VCN_RB1_DB_CTRL__EN_MASK); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, inst_idx, regVCN_RB1_DB_CTRL); + return 0; } @@ -1205,6 +1209,10 @@ static int vcn_v4_0_5_start(struct amdgpu_vcn_inst *vinst) WREG32_SOC15(VCN, i, regVCN_RB_ENABLE, tmp); fw_shared->sq.queue_mode &= ~(FW_QUEUE_RING_RESET | FW_QUEUE_DPG_HOLD_OFF); + /* Keeping one read-back to ensure all register writes are done, otherwise + * it may introduce race conditions */ + RREG32_SOC15(VCN, i, regVCN_RB_ENABLE); + return 0; }

3 weeks, 6 days

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Defer BW-optimization-blocked DRR" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 874697e127931bf50a37ce9d96ee80f3a08a0c38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051956-disdain-foyer-a53c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 874697e127931bf50a37ce9d96ee80f3a08a0c38 Mon Sep 17 00:00:00 2001 From: John Olender <john.olender(a)gmail.com> Date: Wed, 16 Apr 2025 02:54:26 -0400 Subject: [PATCH] drm/amd/display: Defer BW-optimization-blocked DRR adjustments [Why & How] Instead of dropping DRR updates, defer them. This fixes issues where monitor continues to see incorrect refresh rate after VRR was turned off by userspace. Fixes: 32953485c558 ("drm/amd/display: Do not update DRR while BW optimizations pending") Link: https://gitlab.freedesktop.org/drm/amd/-/issues/3546 Reviewed-by: Sun peng Li <sunpeng.li(a)amd.com> Signed-off-by: John Olender <john.olender(a)gmail.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 53761b7ecd83e6fbb9f2206f8c980a6aa308c844) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 1525c408d452..cc01b9c68b47 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -372,6 +372,8 @@ get_crtc_by_otg_inst(struct amdgpu_device *adev, static inline bool is_dc_timing_adjust_needed(struct dm_crtc_state *old_state, struct dm_crtc_state *new_state) { + if (new_state->stream->adjust.timing_adjust_pending) + return true; if (new_state->freesync_config.state == VRR_STATE_ACTIVE_FIXED) return true; else if (amdgpu_dm_crtc_vrr_active(old_state) != amdgpu_dm_crtc_vrr_active(new_state)) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index 28d1353f403d..ba4ce8a63158 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -439,9 +439,12 @@ bool dc_stream_adjust_vmin_vmax(struct dc *dc, * Don't adjust DRR while there's bandwidth optimizations pending to * avoid conflicting with firmware updates. */ - if (dc->ctx->dce_version > DCE_VERSION_MAX) - if (dc->optimized_required || dc->wm_optimized_required) + if (dc->ctx->dce_version > DCE_VERSION_MAX) { + if (dc->optimized_required || dc->wm_optimized_required) { + stream->adjust.timing_adjust_pending = true; return false; + } + } dc_exit_ips_for_hw_access(dc); @@ -3168,7 +3171,8 @@ static void copy_stream_update_to_stream(struct dc *dc, if (update->crtc_timing_adjust) { if (stream->adjust.v_total_min != update->crtc_timing_adjust->v_total_min || - stream->adjust.v_total_max != update->crtc_timing_adjust->v_total_max) + stream->adjust.v_total_max != update->crtc_timing_adjust->v_total_max || + stream->adjust.timing_adjust_pending) update->crtc_timing_adjust->timing_adjust_pending = true; stream->adjust = *update->crtc_timing_adjust; update->crtc_timing_adjust->timing_adjust_pending = false;

3 weeks, 6 days

2
1
0 0

Random Crashes in Linux Kernel 6.1.139 on Intel Cascadelake/Icelake Due to ITS Mitigation

by Jinpu Wang

Hi Folks, Bug Description: When running Linux kernel version 6.1.139 on Intel Cascadelake/Icelake processors, systems experience random crashes related to mitigation. These crashes do not occur when booted with indirect_target_selection=off or when using kernel version 6.12.29. The crashes manifest as page faults leading to a kernel panic. System Details: Kernel Version: 6.1.139 or 6.1.118 with the ITS migration patches from 6.1.139 Hardware: Intel Cascadelake/Icelake Steps to Reproduce: Boot a system with Intel Cascadelake/Icelake processors using Linux kernel 6.1.139. Allow the system to run standard operations; crashes appear randomly. Notice that crashes do not occur when booted with indirect_target_selection=off. also works fine on Intel servers with Broadwell or Skylake CPU linux kernel 6.1.139 crash due to its mitigation on Intel Cascadelake/Icelake, the crash seems random, eg I've seen crashing like below: May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.207823] BUG: unable to handle page fault for address: ff1ac0d89d45f8c0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.212762] #PF: supervisor write access in kernel mode May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.217741] #PF: error_code(0x0003) - permissions violation May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.222708] PGD 5341c01067 P4D 5341c02067 PUD 211835063 PMD 21d44f063 PTE 800000021d45f161 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.227831] Oops: 0003 [#1] PREEMPT SMP May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.233002] CPU: 12 PID: 0 Comm: swapper/12 Kdump: loaded Tainted: G O 6.1.139-pserver #6.1.139-1+feature+linux+6.1.y+20250521.1015+45a526cf~deb12 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.244731] Hardware name: Dell Inc. PowerEdge R650/0PYXKY, BIOS 1.9.2 11/17/2022 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.250583] RIP: 0010:__build_skb_around+0x79/0xc0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.256492] Code: 00 00 00 00 89 85 bc 00 00 00 66 89 95 b6 00 00 00 66 89 8d b2 00 00 00 65 8b 15 c2 5b 90 48 48 8d 34 03 66 89 95 a0 00 00 00 <48> c7 06 00 00 00 00 48 c7 46 08 00 00 00 00 48 c7 46 10 00 00 00 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.269200] RSP: 0018:ff409de44cdf4d28 EFLAGS: 00010206 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.275492] RAX: 00000000000006c0 RBX: ff1ac0d89d45f200 RCX: 00000000ffffffff May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.281987] RDX: 000000000000000c RSI: ff1ac0d89d45f8c0 RDI: ff1ac0d7886a8000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.288943] RBP: ff1ac0d7886a8000 R08: 0000000000000006 R09: ff1ac11708ffc0b8 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.295838] R10: ffffffffb86060c0 R11: ff1ac0d8c02d7000 R12: ff1ac0d89d45f200 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.302796] R13: ff1ac0d839a20000 R14: ff1ac0d89d1241d0 R15: 0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.309496] FS: 0000000000000000(0000) GS:ff1ac116fef80000(0000) knlGS:0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.315978] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.322411] CR2: ff1ac0d89d45f8c0 CR3: 000000534060a005 CR4: 0000000000771ee0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.329030] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.336289] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.343624] PKRU: 55555554 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.350175] Call Trace: May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.356777] <IRQ> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.363585] build_skb+0x41/0xe0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.370198] mlx5e_skb_from_cqe_nonlinear+0x20a/0x3b0 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.377107] mlx5i_handle_rx_cqe+0x311/0x450 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.384273] mlx5e_poll_rx_cq+0x437/0x450 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.392409] mlx5e_napi_poll+0xe4/0x710 [mlx5_core] May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.399293] __napi_poll+0x28/0x160 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.406107] net_rx_action+0x29c/0x2f0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.412790] handle_softirqs+0xcf/0x270 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.419895] irq_exit_rcu+0x85/0xb0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.427245] common_interrupt+0x82/0xa0 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.434181] </IRQ> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.442032] <TASK> May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.448577] asm_common_interrupt+0x22/0x40 May 21 13:03:00 ps404a-62.stg.profitbricks.net >>> [ 241.455431] RIP: 0010:cpuidle_enter_state+0xd8/0x420 and below: kern.alert: May 21 05:59:31 ps404a-1 kernel: [ 35.775609] #PF: error_code(0x0003) - permissions violation kern.info: May 21 05:59:31 ps404a-1 kernel: [ 35.775740] PGD 251ac01067 P4D 251ac01067 PUD 1b17dd063 PMD 6098b1f063 PTE 8000000153faf161 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.775910] Oops: 0003 [#1] PREEMPT SMP kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776036] CPU: 54 PID: 3109 Comm: (spawn) Tainted: G O 6.1.118-pserver #6.1.118-9+develop+20250520.1233+48c89f78~deb 12 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776218] Hardware name: RAUSCH CoreVPS-Gen2-STG/X11DDW-NT, BIOS 3.3 02/21/2020 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776382] RIP: 0010:__tlb_remove_page_size+0x64/0x90 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776515] Code: c3 cc cc cc cc 83 7f 1c 13 74 39 31 f6 bf 00 28 00 00 e8 3f 27 01 00 48 85 c0 74 28 48 b9 00 00 00 00 fe 01 00 00 83 43 1c 01 <48> c7 00 00 00 00 00 48 89 48 08 48 8b 53 20 48 89 02 48 89 43 20 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776746] RSP: 0018:ffffb15a5d563a70 EFLAGS: 00010202 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.776876] RAX: ffff8ad4d3faf000 RBX: ffffb15a5d563c88 RCX: 000001fe00000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b3240b317c0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777149] RBP: 000055a0e8f5f000 R08: 0000000000000100 R09: 000055a0e9011fff kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777285] R10: ffffb15a5d563a08 R11: 0000000000000025 R12: ffffeff344443300 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777421] R13: ffffb15a5d563b90 R14: ffff8ad50c2faaf8 R15: 00000001110cc025 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777557] FS: 0000000000000000(0000) GS:ffff8b3240b00000(0000) knlGS:0000000000000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777724] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777855] CR2: ffff8ad4d3faf000 CR3: 000000018c2f8002 CR4: 00000000007706e0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.777991] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778126] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778262] PKRU: 55555554 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778382] Call Trace: kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778502] <TASK> kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778621] ? __die_body.cold+0x1a/0x1f kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778749] ? page_fault_oops+0x15a/0x2b0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.778875] ? search_module_extables+0x15/0x60 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779004] ? search_bpf_extables+0x5b/0x80 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779150] ? exc_page_fault+0x8d/0x120 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779277] ? asm_exc_page_fault+0x22/0x30 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779536] unmap_page_range+0x8f0/0x1370 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779667] unmap_vmas+0xea/0x180 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779794] exit_mmap+0xcb/0x2e0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.779919] __mmput+0x3d/0x110 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780045] begin_new_exec+0x46f/0xaf0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780173] ? load_elf_phdrs+0x6c/0xc0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780312] load_elf_binary+0x2c2/0x1750 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780438] ? __kernel_read+0x195/0x290 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780564] bprm_execve+0x27f/0x650 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780689] do_execveat_common.isra.0+0x1ad/0x220 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780818] __x64_sys_execve+0x32/0x40 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.780944] do_syscall_64+0x34/0x80 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781070] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781200] RIP: 0033:0x7f1d66e70ad7 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.781325] Code: Unable to access opcode bytes at 0x7f1d66e70aad. kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789385] RSP: 002b:00007ffceeb31338 EFLAGS: 00000206 ORIG_RAX: 000000000000003b kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789552] RAX: ffffffffffffffda RBX: 000055a11a55e4b0 RCX: 00007f1d66e70ad7 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789688] RDX: 000055a11a50f200 RSI: 000055a11a6c2d60 RDI: 000055a11a5748c0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789825] RBP: 00007ffceeb31570 R08: 0000000000000007 R09: 000055a11a6b1fa0 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.789962] R10: 0000000000000000 R11: 0000000000000206 R12: 00007ffceeb35570 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790098] R13: 000000000aba9500 R14: 00007ffceeb313b0 R15: 000055a11a6c2d60 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790237] </TASK> kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790367] Modules linked in: mei watchdog led_class pcc_cpufreq(-) dca acpi_pad button andbd_shared(O+) 8021q garp stp mrp llc dm_mod dax fuse ip_tables x_tables autofs4 loop raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 linear md_mod mlx5_core i2c_i801 crc32c_intel xhci_pci mlxfw i2c_smbus i40e lpc_ich i2c_core mfd_core xhci_hcd kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790742] CR2: ffff8ad4d3faf000 kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 35.790864] ---[ end trace 0000000000000000 ]--- kern.warning: May 21 05:59:31 ps404a-1 kernel: [ 36.457953] RIP: 0010:__tlb_remove_page_size+0x64/0x90 Any idea what went wrong and how to fix it? Thanks! Jinpu Wang

3 weeks, 6 days

1
0
0 0

[PATCH 0/2] usb: usbtmc: Fix read/get_stb and timeout in get_stb

by Dave Penkler

Patch 1: Fixes a regression introduced by a previous commit where the changed return value of usbtmc_get_stb caused usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to fail. Patch 2: Fixes the units of the timeout value passed to wait_event_interruptible_timeout in usbtmc_get_stb. Dave Penkler (2): usb: usbtmc: Fix read_stb function and get_stb ioctl usb: usbtmc: Fix timeout value in get_stb drivers/usb/class/usbtmc.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) -- 2.49.0

3 weeks, 6 days

1
3
0 0

patch "iio: adc: ad7944: mask high bits on direct read" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7944: mask high bits on direct read to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 7cdfbc0113d087348b8e65dd79276d0f57b89a10 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 5 May 2025 13:28:40 -0500 Subject: iio: adc: ad7944: mask high bits on direct read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply a mask to the raw value received over the SPI bus for unsigned direct reads. As we found recently, SPI controllers may not set unused bits to 0 when reading with bits_per_word != {8,16,32}. The ad7944 uses bits_per_word of 14 and 18, so we need to mask the value to be sure we returning the correct value to userspace during a direct read. Fixes: d1efcf8871db ("iio: adc: ad7944: add driver for AD7944/AD7985/AD7986") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250505-iio-adc-ad7944-max-high-bits-on-direct-re… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7944.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ad7944.c b/drivers/iio/adc/ad7944.c index 2f949fe55873..37a137bd8357 100644 --- a/drivers/iio/adc/ad7944.c +++ b/drivers/iio/adc/ad7944.c @@ -377,6 +377,8 @@ static int ad7944_single_conversion(struct ad7944_adc *adc, if (chan->scan_type.sign == 's') *val = sign_extend32(*val, chan->scan_type.realbits - 1); + else + *val &= GENMASK(chan->scan_type.realbits - 1, 0); return IIO_VAL_INT; } -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: imu: inv_icm42600: Fix temperature calculation" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: inv_icm42600: Fix temperature calculation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From e2f820014239df9360064079ae93f838ff3b7f8c Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Fri, 2 May 2025 11:37:26 +0200 Subject: iio: imu: inv_icm42600: Fix temperature calculation >From the documentation: "offset to be added to <type>[Y]_raw prior toscaling by <type>[Y]_scale" Offset should be applied before multiplying scale, so divide offset by scale to make this correct. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Acked-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20250502-imu-v1-1-129b8391a4e3@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 213cce1c3111..91f0f381082b 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -67,16 +67,18 @@ int inv_icm42600_temp_read_raw(struct iio_dev *indio_dev, return IIO_VAL_INT; /* * T°C = (temp / 132.48) + 25 - * Tm°C = 1000 * ((temp * 100 / 13248) + 25) + * Tm°C = 1000 * ((temp / 132.48) + 25) + * Tm°C = 7.548309 * temp + 25000 + * Tm°C = (temp + 3312) * 7.548309 * scale: 100000 / 13248 ~= 7.548309 - * offset: 25000 + * offset: 3312 */ case IIO_CHAN_INFO_SCALE: *val = 7; *val2 = 548309; return IIO_VAL_INT_PLUS_MICRO; case IIO_CHAN_INFO_OFFSET: - *val = 25000; + *val = 3312; return IIO_VAL_INT; default: return -EINVAL; -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7606_spi: fix reg write value mask" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606_spi: fix reg write value mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 89944d88f8795c6c89b9514cb365998145511cd4 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 28 Apr 2025 20:55:34 -0500 Subject: iio: adc: ad7606_spi: fix reg write value mask Fix incorrect value mask for register write. Register values are 8-bit, not 9. If this function was called with a value > 0xFF and an even addr, it would cause writing to the next register. Fixes: f2a22e1e172f ("iio: adc: ad7606: Add support for software mode for ad7616") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250428-iio-adc-ad7606_spi-fix-write-value-mask-v… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad7606_spi.c b/drivers/iio/adc/ad7606_spi.c index 179115e90988..b37458ce3c70 100644 --- a/drivers/iio/adc/ad7606_spi.c +++ b/drivers/iio/adc/ad7606_spi.c @@ -155,7 +155,7 @@ static int ad7606_spi_reg_write(struct ad7606_state *st, struct spi_device *spi = to_spi_device(st->dev); st->d16[0] = cpu_to_be16((st->bops->rd_wr_cmd(addr, 1) << 8) | - (val & 0x1FF)); + (val & 0xFF)); return spi_write(spi, &st->d16[0], sizeof(st->d16[0])); } -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7173: fix compiling without gpiolib" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix compiling without gpiolib to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From c553aa1b03719400a30d9387477190d4743fc1de Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 22 Apr 2025 15:12:27 -0500 Subject: iio: adc: ad7173: fix compiling without gpiolib Fix compiling the ad7173 driver when CONFIG_GPIOLIB is not set by selecting GPIOLIB to be always enabled and remove the #if. Commit 031bdc8aee01 ("iio: adc: ad7173: add calibration support") placed unrelated code in the middle of the #if IS_ENABLED(CONFIG_GPIOLIB) block which caused the reported compile error. However, later commit 7530ed2aaa3f ("iio: adc: ad7173: add openwire detection support for single conversions") makes use of the gpio regmap even when we aren't providing gpio controller support. So it makes more sense to always enable GPIOLIB rather than trying to make it optional. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202504220824.HVrTVov1-lkp@intel.com/ Fixes: 031bdc8aee01 ("iio: adc: ad7173: add calibration support") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250422-iio-adc-ad7173-fix-compile-without-gpioli… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 5 +++-- drivers/iio/adc/ad7173.c | 15 +-------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 6529df1a498c..ba746754a816 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -129,8 +129,9 @@ config AD7173 tristate "Analog Devices AD7173 driver" depends on SPI_MASTER select AD_SIGMA_DELTA - select GPIO_REGMAP if GPIOLIB - select REGMAP_SPI if GPIOLIB + select GPIOLIB + select GPIO_REGMAP + select REGMAP_SPI help Say yes here to build support for Analog Devices AD7173 and similar ADC Currently supported models: diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index 69de5886474c..b3e6bd2a55d7 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -230,10 +230,8 @@ struct ad7173_state { unsigned long long *config_cnts; struct clk *ext_clk; struct clk_hw int_clk_hw; -#if IS_ENABLED(CONFIG_GPIOLIB) struct regmap *reg_gpiocon_regmap; struct gpio_regmap *gpio_regmap; -#endif }; static unsigned int ad4115_sinc5_data_rates[] = { @@ -288,8 +286,6 @@ static const char *const ad7173_clk_sel[] = { "ext-clk", "xtal" }; -#if IS_ENABLED(CONFIG_GPIOLIB) - static const struct regmap_range ad7173_range_gpio[] = { regmap_reg_range(AD7173_REG_GPIO, AD7173_REG_GPIO), }; @@ -543,12 +539,6 @@ static int ad7173_gpio_init(struct ad7173_state *st) return 0; } -#else -static int ad7173_gpio_init(struct ad7173_state *st) -{ - return 0; -} -#endif /* CONFIG_GPIOLIB */ static struct ad7173_state *ad_sigma_delta_to_ad7173(struct ad_sigma_delta *sd) { @@ -1797,10 +1787,7 @@ static int ad7173_probe(struct spi_device *spi) if (ret) return ret; - if (IS_ENABLED(CONFIG_GPIOLIB)) - return ad7173_gpio_init(st); - - return 0; + return ad7173_gpio_init(st); } static const struct of_device_id ad7173_of_match[] = { -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7606: fix raw read for 18-bit chips" added to char-misc-next

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606: fix raw read for 18-bit chips to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-next branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will also be merged in the next major kernel release during the merge window. If you have any questions about this process, please let me know. From 3f5fd1717ae9497215f22aa748fc2c09df88b0e3 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Fri, 2 May 2025 10:04:30 -0500 Subject: iio: adc: ad7606: fix raw read for 18-bit chips Fix 18-bit raw read for 18-bit chips by applying a mask to the value we receive from the SPI controller. SPI controllers either return 1, 2 or 4 bytes per word depending on the bits_per_word. For 16-bit chips, there was no problem since they raw data fit exactly in the 2 bytes received from the SPI controller. But now that we have 18-bit chips and we are using bits_per_word = 18, we cannot assume that the extra bits in the 32-bit word are always zero. In fact, with the AXI SPI Engine controller, these bits are not always zero which caused the raw values to read 10s of 1000s of volts instead of the correct value. Therefore, we need to mask the value we receive from the SPI controller to ensure that only the 18 bits of real data are used. Fixes: f3838e934dff ("iio: adc: ad7606: add support for AD7606C-{16,18} parts") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250502-iio-adc-ad7606-fix-raw-read-for-18-bit-ch… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 703556eb7257..8ed65a35b486 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -727,17 +727,16 @@ static int ad7606_scan_direct(struct iio_dev *indio_dev, unsigned int ch, goto error_ret; chan = &indio_dev->channels[ch + 1]; - if (chan->scan_type.sign == 'u') { - if (realbits > 16) - *val = st->data.buf32[ch]; - else - *val = st->data.buf16[ch]; - } else { - if (realbits > 16) - *val = sign_extend32(st->data.buf32[ch], realbits - 1); - else - *val = sign_extend32(st->data.buf16[ch], realbits - 1); - } + + if (realbits > 16) + *val = st->data.buf32[ch]; + else + *val = st->data.buf16[ch]; + + *val &= GENMASK(realbits - 1, 0); + + if (chan->scan_type.sign == 's') + *val = sign_extend32(*val, realbits - 1); error_ret: if (!st->gpio_convst) { -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7944: mask high bits on direct read" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7944: mask high bits on direct read to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 7cdfbc0113d087348b8e65dd79276d0f57b89a10 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 5 May 2025 13:28:40 -0500 Subject: iio: adc: ad7944: mask high bits on direct read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Apply a mask to the raw value received over the SPI bus for unsigned direct reads. As we found recently, SPI controllers may not set unused bits to 0 when reading with bits_per_word != {8,16,32}. The ad7944 uses bits_per_word of 14 and 18, so we need to mask the value to be sure we returning the correct value to userspace during a direct read. Fixes: d1efcf8871db ("iio: adc: ad7944: add driver for AD7944/AD7985/AD7986") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Nuno Sá <nuno.sa(a)analog.com> Link: https://patch.msgid.link/20250505-iio-adc-ad7944-max-high-bits-on-direct-re… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7944.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iio/adc/ad7944.c b/drivers/iio/adc/ad7944.c index 2f949fe55873..37a137bd8357 100644 --- a/drivers/iio/adc/ad7944.c +++ b/drivers/iio/adc/ad7944.c @@ -377,6 +377,8 @@ static int ad7944_single_conversion(struct ad7944_adc *adc, if (chan->scan_type.sign == 's') *val = sign_extend32(*val, chan->scan_type.realbits - 1); + else + *val &= GENMASK(chan->scan_type.realbits - 1, 0); return IIO_VAL_INT; } -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: imu: inv_icm42600: Fix temperature calculation" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: imu: inv_icm42600: Fix temperature calculation to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From e2f820014239df9360064079ae93f838ff3b7f8c Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Fri, 2 May 2025 11:37:26 +0200 Subject: iio: imu: inv_icm42600: Fix temperature calculation >From the documentation: "offset to be added to <type>[Y]_raw prior toscaling by <type>[Y]_scale" Offset should be applied before multiplying scale, so divide offset by scale to make this correct. Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Acked-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> Link: https://patch.msgid.link/20250502-imu-v1-1-129b8391a4e3@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c index 213cce1c3111..91f0f381082b 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c @@ -67,16 +67,18 @@ int inv_icm42600_temp_read_raw(struct iio_dev *indio_dev, return IIO_VAL_INT; /* * T°C = (temp / 132.48) + 25 - * Tm°C = 1000 * ((temp * 100 / 13248) + 25) + * Tm°C = 1000 * ((temp / 132.48) + 25) + * Tm°C = 7.548309 * temp + 25000 + * Tm°C = (temp + 3312) * 7.548309 * scale: 100000 / 13248 ~= 7.548309 - * offset: 25000 + * offset: 3312 */ case IIO_CHAN_INFO_SCALE: *val = 7; *val2 = 548309; return IIO_VAL_INT_PLUS_MICRO; case IIO_CHAN_INFO_OFFSET: - *val = 25000; + *val = 3312; return IIO_VAL_INT; default: return -EINVAL; -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7606_spi: fix reg write value mask" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606_spi: fix reg write value mask to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 89944d88f8795c6c89b9514cb365998145511cd4 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Mon, 28 Apr 2025 20:55:34 -0500 Subject: iio: adc: ad7606_spi: fix reg write value mask Fix incorrect value mask for register write. Register values are 8-bit, not 9. If this function was called with a value > 0xFF and an even addr, it would cause writing to the next register. Fixes: f2a22e1e172f ("iio: adc: ad7606: Add support for software mode for ad7616") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Reviewed-by: Angelo Dureghello <adureghello(a)baylibre.com> Link: https://patch.msgid.link/20250428-iio-adc-ad7606_spi-fix-write-value-mask-v… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606_spi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/adc/ad7606_spi.c b/drivers/iio/adc/ad7606_spi.c index 179115e90988..b37458ce3c70 100644 --- a/drivers/iio/adc/ad7606_spi.c +++ b/drivers/iio/adc/ad7606_spi.c @@ -155,7 +155,7 @@ static int ad7606_spi_reg_write(struct ad7606_state *st, struct spi_device *spi = to_spi_device(st->dev); st->d16[0] = cpu_to_be16((st->bops->rd_wr_cmd(addr, 1) << 8) | - (val & 0x1FF)); + (val & 0xFF)); return spi_write(spi, &st->d16[0], sizeof(st->d16[0])); } -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7606: fix raw read for 18-bit chips" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7606: fix raw read for 18-bit chips to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From 3f5fd1717ae9497215f22aa748fc2c09df88b0e3 Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Fri, 2 May 2025 10:04:30 -0500 Subject: iio: adc: ad7606: fix raw read for 18-bit chips Fix 18-bit raw read for 18-bit chips by applying a mask to the value we receive from the SPI controller. SPI controllers either return 1, 2 or 4 bytes per word depending on the bits_per_word. For 16-bit chips, there was no problem since they raw data fit exactly in the 2 bytes received from the SPI controller. But now that we have 18-bit chips and we are using bits_per_word = 18, we cannot assume that the extra bits in the 32-bit word are always zero. In fact, with the AXI SPI Engine controller, these bits are not always zero which caused the raw values to read 10s of 1000s of volts instead of the correct value. Therefore, we need to mask the value we receive from the SPI controller to ensure that only the 18 bits of real data are used. Fixes: f3838e934dff ("iio: adc: ad7606: add support for AD7606C-{16,18} parts") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250502-iio-adc-ad7606-fix-raw-read-for-18-bit-ch… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/ad7606.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/drivers/iio/adc/ad7606.c b/drivers/iio/adc/ad7606.c index 703556eb7257..8ed65a35b486 100644 --- a/drivers/iio/adc/ad7606.c +++ b/drivers/iio/adc/ad7606.c @@ -727,17 +727,16 @@ static int ad7606_scan_direct(struct iio_dev *indio_dev, unsigned int ch, goto error_ret; chan = &indio_dev->channels[ch + 1]; - if (chan->scan_type.sign == 'u') { - if (realbits > 16) - *val = st->data.buf32[ch]; - else - *val = st->data.buf16[ch]; - } else { - if (realbits > 16) - *val = sign_extend32(st->data.buf32[ch], realbits - 1); - else - *val = sign_extend32(st->data.buf16[ch], realbits - 1); - } + + if (realbits > 16) + *val = st->data.buf32[ch]; + else + *val = st->data.buf16[ch]; + + *val &= GENMASK(realbits - 1, 0); + + if (chan->scan_type.sign == 's') + *val = sign_extend32(*val, realbits - 1); error_ret: if (!st->gpio_convst) { -- 2.49.0

3 weeks, 6 days

1
0
0 0

patch "iio: adc: ad7173: fix compiling without gpiolib" added to char-misc-testing

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled iio: adc: ad7173: fix compiling without gpiolib to my char-misc git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git in the char-misc-testing branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will be merged to the char-misc-next branch sometime soon, after it passes testing, and the merge window is open. If you have any questions about this process, please let me know. From c553aa1b03719400a30d9387477190d4743fc1de Mon Sep 17 00:00:00 2001 From: David Lechner <dlechner(a)baylibre.com> Date: Tue, 22 Apr 2025 15:12:27 -0500 Subject: iio: adc: ad7173: fix compiling without gpiolib Fix compiling the ad7173 driver when CONFIG_GPIOLIB is not set by selecting GPIOLIB to be always enabled and remove the #if. Commit 031bdc8aee01 ("iio: adc: ad7173: add calibration support") placed unrelated code in the middle of the #if IS_ENABLED(CONFIG_GPIOLIB) block which caused the reported compile error. However, later commit 7530ed2aaa3f ("iio: adc: ad7173: add openwire detection support for single conversions") makes use of the gpio regmap even when we aren't providing gpio controller support. So it makes more sense to always enable GPIOLIB rather than trying to make it optional. Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202504220824.HVrTVov1-lkp@intel.com/ Fixes: 031bdc8aee01 ("iio: adc: ad7173: add calibration support") Signed-off-by: David Lechner <dlechner(a)baylibre.com> Link: https://patch.msgid.link/20250422-iio-adc-ad7173-fix-compile-without-gpioli… Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> --- drivers/iio/adc/Kconfig | 5 +++-- drivers/iio/adc/ad7173.c | 15 +-------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/drivers/iio/adc/Kconfig b/drivers/iio/adc/Kconfig index 6529df1a498c..ba746754a816 100644 --- a/drivers/iio/adc/Kconfig +++ b/drivers/iio/adc/Kconfig @@ -129,8 +129,9 @@ config AD7173 tristate "Analog Devices AD7173 driver" depends on SPI_MASTER select AD_SIGMA_DELTA - select GPIO_REGMAP if GPIOLIB - select REGMAP_SPI if GPIOLIB + select GPIOLIB + select GPIO_REGMAP + select REGMAP_SPI help Say yes here to build support for Analog Devices AD7173 and similar ADC Currently supported models: diff --git a/drivers/iio/adc/ad7173.c b/drivers/iio/adc/ad7173.c index 69de5886474c..b3e6bd2a55d7 100644 --- a/drivers/iio/adc/ad7173.c +++ b/drivers/iio/adc/ad7173.c @@ -230,10 +230,8 @@ struct ad7173_state { unsigned long long *config_cnts; struct clk *ext_clk; struct clk_hw int_clk_hw; -#if IS_ENABLED(CONFIG_GPIOLIB) struct regmap *reg_gpiocon_regmap; struct gpio_regmap *gpio_regmap; -#endif }; static unsigned int ad4115_sinc5_data_rates[] = { @@ -288,8 +286,6 @@ static const char *const ad7173_clk_sel[] = { "ext-clk", "xtal" }; -#if IS_ENABLED(CONFIG_GPIOLIB) - static const struct regmap_range ad7173_range_gpio[] = { regmap_reg_range(AD7173_REG_GPIO, AD7173_REG_GPIO), }; @@ -543,12 +539,6 @@ static int ad7173_gpio_init(struct ad7173_state *st) return 0; } -#else -static int ad7173_gpio_init(struct ad7173_state *st) -{ - return 0; -} -#endif /* CONFIG_GPIOLIB */ static struct ad7173_state *ad_sigma_delta_to_ad7173(struct ad_sigma_delta *sd) { @@ -1797,10 +1787,7 @@ static int ad7173_probe(struct spi_device *spi) if (ret) return ret; - if (IS_ENABLED(CONFIG_GPIOLIB)) - return ad7173_gpio_init(st); - - return 0; + return ad7173_gpio_init(st); } static const struct of_device_id ad7173_of_match[] = { -- 2.49.0

3 weeks, 6 days

1
0
0 0

[PATCH v 3] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Reported-by: Tomasz Mon <tomasz.mon(a)nordicsemi.no> Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v3: - Rebased on top of 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 300ea4969f0c..b817002bdee0 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5383,20 +5383,33 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; base-commit: b4432656b36e5cc1d50a1f2dc15357543add530e -- 2.41.0

3 weeks, 6 days

2
1
0 0

[PATCH v2] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach

by RD Babiera

This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Changes since v1: * Rebased on top of usb-linus for v6.15 --- drivers/usb/typec/tcpm/tcpm.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 8adf6f954633..05c62a1673af 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4353,16 +4353,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4372,12 +4362,22 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + + ret = tcpm_set_roles(port, true, TYPEC_SOURCE, tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } port->pd_capable = false; @@ -4389,14 +4389,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; } base-commit: 82f2b0b97b36ee3fcddf0f0780a9a0825d52fec3 -- 2.49.0.1045.g170613ef41-goog

3 weeks, 6 days

2
1
0 0

[PATCH] usb: gadget: udc: renesas_usb3: Add null pointer check in usb3_irq_epc_pipe0_setup()

by Wentao Liang

The function usb3_irq_epc_pipe0_setup() calls the function usb3_get_request(), but does not check its return value which is a null pointer if the function fails. This can result in a null pointer dereference. Add a null pointer check for usb3_get_request() to avoid null pointer dereference when the function fails. Fixes: 746bfe63bba3 ("usb: gadget: renesas_usb3: add support for Renesas USB3.0 peripheral controller") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/usb/gadget/udc/renesas_usb3.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/renesas_usb3.c b/drivers/usb/gadget/udc/renesas_usb3.c index fce5c41d9f29..51f2dd8cbf91 100644 --- a/drivers/usb/gadget/udc/renesas_usb3.c +++ b/drivers/usb/gadget/udc/renesas_usb3.c @@ -1920,11 +1920,13 @@ static void usb3_irq_epc_pipe0_setup(struct renesas_usb3 *usb3) { struct usb_ctrlrequest ctrl; struct renesas_usb3_ep *usb3_ep = usb3_get_ep(usb3, 0); + struct renesas_usb3_request *usb3_req = usb3_get_request(usb3_ep); /* Call giveback function if previous transfer is not completed */ + if (!usb3_req) + return; if (usb3_ep->started) - usb3_request_done(usb3_ep, usb3_get_request(usb3_ep), - -ECONNRESET); + usb3_request_done(usb3_ep, usb3_req, -ECONNRESET); usb3_p0_con_clear_buffer(usb3); usb3_get_setup_data(usb3, &ctrl); -- 2.42.0.windows.2

3 weeks, 6 days

2
1
0 0

[PATCH 4/4 v3] crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.8+ --- v2->v3: - Align DMA memory to ARCH_DMA_MINALIGN as that is mapped as bidirectional v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 58 ++++++++++++++----- 1 file changed, 43 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index 204a31755710..8e95036e91d9 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -350,22 +350,47 @@ static inline struct otx2_cpt_inst_info * cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - u32 dlen = 0, g_len, sg_len, info_len; - int align = OTX2_CPT_DMA_MINALIGN; + u32 dlen = 0, g_len, s_len, sg_len, info_len; struct otx2_cpt_inst_info *info; - u16 g_sz_bytes, s_sz_bytes; u32 total_mem_len; int i; - g_sz_bytes = ((req->in_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ + + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + s_len = ((req->out_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + sg_len = g_len + s_len; - g_len = ALIGN(g_sz_bytes, align); - sg_len = ALIGN(g_len + s_sz_bytes, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = sg_len + info_len + sizeof(union otx2_cpt_res_s); + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, ARCH_DMA_MINALIGN) + sg_len; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) @@ -375,7 +400,8 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, dlen += req->in[i].size; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, ARCH_DMA_MINALIGN); + info->out_buffer = info->in_buffer + g_len; info->gthr_sz = req->in_cnt; info->sctr_sz = req->out_cnt; @@ -387,7 +413,7 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (sgv2io_components_setup(pdev, req->out, req->out_cnt, - &info->in_buffer[g_len])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -404,8 +430,10 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + sg_len; - info->comp_baddr = info->dptr_baddr + sg_len; + info->completion_addr = PTR_ALIGN((info->in_buffer + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

3 weeks, 6 days

1
0
0 0

Panic with a lis2dw12 accelerometer

by Maud Spierings

I've just experienced an Issue that I think may be a regression. I'm enabling a device which incorporates a lis2dw12 accelerometer, currently I am running 6.12 lts, so 6.12.29 as of typing this message. My first issue is a Panic: [ 0.281814] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000c0 [ 0.290626] Mem abort info: [ 0.293465] ESR = 0x0000000096000004 [ 0.297230] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.302558] SET = 0, FnV = 0 [ 0.305619] EA = 0, S1PTW = 0 [ 0.308766] FSC = 0x04: level 0 translation fault [ 0.313649] Data abort info: [ 0.316534] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 0.322032] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 0.327093] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 0.332413] [00000000000000c0] user address but active_mm is swapper [ 0.338774] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 0.345044] Modules linked in: [ 0.348106] CPU: 2 UID: 0 PID: 43 Comm: kworker/u16:1 Not tainted 6.12.28-00054-gf24728d836e5 #13 [ 0.356983] Hardware name: GOcontroll Moduline Mini (DT) [ 0.362297] Workqueue: events_unbound deferred_probe_work_func [ 0.368143] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 0.375109] pc : device_set_deferred_probe_reason+0x58/0x84 [ 0.380686] lr : device_set_deferred_probe_reason+0x50/0x84 [ 0.386262] sp : ffff8000816d34d0 [ 0.389577] x29: ffff8000816d34d0 x28: ffff000004099d08 x27: ffff0000040998f0 [ 0.396724] x26: 0000000030a40000 x25: ffff000004099be4 x24: ffff00003fdf2758 [ 0.403870] x23: 000000000000000f x22: ffff8000816d3508 x21: ffff000000260a20 [ 0.411017] x20: ffff00000409a808 x19: ffff800081299db8 x18: ffffffffffffffff [ 0.418163] x17: 00007fff7e57efff x16: ffff8000815ad000 x15: ffff0000002617da [ 0.425309] x14: 0000000000000001 x13: 0a7365696c707075 x12: 7320656c62616e65 [ 0.432454] x11: 0000000669b8cb4b x10: 0000000000000020 x9 : ffff8000816d3590 [ 0.439599] x8 : ffff8000816d3590 x7 : 0000000000000000 x6 : ffff800080fe16a6 [ 0.446745] x5 : ffff000000260a3f x4 : ffff800080fc3912 x3 : 0000000000000000 [ 0.453890] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000000260a20 [ 0.461037] Call trace: [ 0.463485] device_set_deferred_probe_reason+0x58/0x84 [ 0.468715] dev_err_probe+0xa0/0xec [ 0.472296] st_sensors_power_enable+0x50/0x60 [ 0.476748] st_accel_i2c_probe+0x70/0xe0 [ 0.480763] i2c_device_probe+0xfc/0x2d8 [ 0.484692] really_probe+0xc0/0x394 [ 0.488271] __driver_probe_device+0x7c/0x14c [ 0.492631] driver_probe_device+0x3c/0x120 [ 0.496818] __device_attach_driver+0xbc/0x160 [ 0.501265] bus_for_each_drv+0x88/0xe8 [ 0.505108] __device_attach+0xa0/0x1b4 [ 0.508949] device_initial_probe+0x14/0x20 [ 0.513135] bus_probe_device+0xb0/0xbc [ 0.516974] device_add+0x594/0x7a4 [ 0.520469] device_register+0x20/0x3c [ 0.524224] i2c_new_client_device+0x19c/0x3d0 [ 0.528671] of_i2c_register_device+0xd4/0xfc [ 0.533033] of_i2c_register_devices+0x6c/0x140 [ 0.537568] i2c_register_adapter+0x1f4/0x728 [ 0.541929] __i2c_add_numbered_adapter+0x58/0xa8 [ 0.546637] i2c_add_adapter+0xa0/0xd0 [ 0.550389] i2c_add_numbered_adapter+0x2c/0x38 [ 0.554924] i2c_imx_probe+0x2b0/0x6d4 [ 0.558679] platform_probe+0x68/0xdc [ 0.562347] really_probe+0xc0/0x394 [ 0.565926] __driver_probe_device+0x7c/0x14c [ 0.570286] driver_probe_device+0x3c/0x120 [ 0.574473] __device_attach_driver+0xbc/0x160 [ 0.578920] bus_for_each_drv+0x88/0xe8 [ 0.582763] __device_attach+0xa0/0x1b4 [ 0.586602] device_initial_probe+0x14/0x20 [ 0.590790] bus_probe_device+0xb0/0xbc [ 0.594628] deferred_probe_work_func+0xb8/0x11c [ 0.599250] process_one_work+0x180/0x2dc [ 0.603265] worker_thread+0x2c0/0x3e0 [ 0.607017] kthread+0x110/0x120 [ 0.610252] ret_from_fork+0x10/0x20 [ 0.613836] Code: 911a8021 97f9326d f9402681 aa0003f5 (f9406020) [ 0.619931] ---[ end trace 0000000000000000 ]--- [ 0.624551] Kernel panic - not syncing: Oops: Fatal exception [ 0.630299] SMP: stopping secondary CPUs [ 0.634543] Kernel Offset: disabled [ 0.638032] CPU features: 0x00,00000080,00200000,4200420b [ 0.643433] Memory Limit: none It seems that indio_dev->dev is not initialized in st_sensors_power_enable(), this causes an issue when devm_regulator_bulk_get_enable() fails and then calls dev_err_probe with an uninitialized device. To fix this I added: indio_dev->dev = client->dev; just before the call to st_sensors_power_enable() in drivers/iio/accel/st_accel_i2c.c This fixed the kernel panic but showed another issue: 0.440413] sysfs: cannot create duplicate filename '/devices/platform/soc(a)0/30800000.bus/30a40000.i2c/i2c-2/2-0018' [ 0.440422] CPU: 0 UID: 0 PID: 43 Comm: kworker/u16:1 Not tainted 6.12.29+ #6 [ 0.440430] Hardware name: GOcontroll Moduline Mini (DT) [ 0.440435] Workqueue: events_unbound deferred_probe_work_func [ 0.440449] Call trace: [ 0.440452] dump_backtrace+0xd0/0x120 [ 0.440462] show_stack+0x18/0x24 [ 0.440469] dump_stack_lvl+0x60/0x80 [ 0.440478] dump_stack+0x18/0x24 [ 0.440483] sysfs_warn_dup+0x64/0x80 [ 0.440491] sysfs_create_dir_ns+0xf4/0x120 [ 0.440496] kobject_add_internal+0xb4/0x2d0 [ 0.440504] kobject_add+0x9c/0x108 [ 0.440511] device_add+0xb0/0x7a4 [ 0.440519] cdev_device_add+0x50/0xbc [ 0.440525] __iio_device_register+0x718/0x924 [ 0.440535] __devm_iio_device_register+0x28/0x8c [ 0.440542] st_accel_common_probe+0xd4/0xf0 [ 0.440550] st_accel_i2c_probe+0xa0/0xe0 [ 0.440556] i2c_device_probe+0xfc/0x2d8 [ 0.440563] really_probe+0xc0/0x394 [ 0.440568] __driver_probe_device+0x7c/0x14c [ 0.440573] driver_probe_device+0x3c/0x120 [ 0.440578] __device_attach_driver+0xbc/0x160 [ 0.440583] bus_for_each_drv+0x88/0xe8 [ 0.440590] __device_attach+0xa0/0x1b4 [ 0.440595] device_initial_probe+0x14/0x20 [ 0.440601] bus_probe_device+0xb0/0xbc [ 0.440605] deferred_probe_work_func+0xb8/0x11c [ 0.440610] process_one_work+0x180/0x2dc [ 0.440616] worker_thread+0x2c0/0x3e0 [ 0.440621] kthread+0x110/0x120 [ 0.440628] ret_from_fork+0x10/0x20 [ 0.440636] kobject: kobject_add_internal failed for 2-0018 with -EEXIST, don't try to register things with the same name in the same directory. [ 0.453688] st-accel-i2c 2-0018: probe with driver st-accel-i2c failed with error -17 In /sys/bus/i2c/devices I can indeed see 2-0018 present, but it doesn't show up on the iio bus (/sys/bus/iio/devices), so I am guessing somewhere in the driver it registers it before it should, and then again when it should. This is where my ability to fix thing fizzles out and so here I am asking for assistance. Kind regards, Maud

3 weeks, 6 days

2
2
0 0

[PATCH] drm/xe/svm: Fix regression disallowing 64K SVM migration

by Maarten Lankhorst

When changing the condition from >= SZ_64K, it was changed to <= SZ_64K. This disallows migration of 64K, which is the exact minimum allowed. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5057 Fixes: a9ac0fa455b0 ("drm/xe: Strict migration policy for atomic SVM faults") Cc: stable(a)vger.kernel.org Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Signed-off-by: Maarten Lankhorst <dev(a)lankhorst.se> --- drivers/gpu/drm/xe/xe_svm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 4432685936ed4..a7386334d48c4 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -820,7 +820,7 @@ bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, struct xe_vm return false; } - if (preferred_region_is_vram && range_size <= SZ_64K && !supports_4K_migration(vm->xe)) { + if (preferred_region_is_vram && range_size < SZ_64K && !supports_4K_migration(vm->xe)) { drm_warn(&vm->xe->drm, "Platform doesn't support SZ_4K range migration\n"); return false; } -- 2.45.2

3 weeks, 6 days

2
1
0 0

[PATCH net] hv_netvsc: fix potential deadlock in netvsc_vf_setxdp()

by Saurabh Sengar

The MANA driver's probe registers netdevice via the following call chain: mana_probe() register_netdev() register_netdevice() register_netdevice() calls notifier callback for netvsc driver, holding the netdev mutex via netdev_lock_ops(). Further this netvsc notifier callback end up attempting to acquire the same lock again in dev_xdp_propagate() leading to deadlock. netvsc_netdev_event() netvsc_vf_setxdp() dev_xdp_propagate() This deadlock was not observed so far because net_shaper_ops was never set and this lock in noop in this case. Fix this by using netif_xdp_propagate instead of dev_xdp_propagate to avoid recursive locking in this path. This issue has not observed so far because net_shaper_ops was unset, making the lock path effectively a no-op. To prevent recursive locking and avoid this deadlock, replace dev_xdp_propagate() with netif_xdp_propagate(), which does not acquire the lock again. Also, clean up the unregistration path by removing unnecessary call to netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already performs this cleanup via dev_xdp_uninstall. Fixes: 97246d6d21c2 ("net: hold netdev instance lock during ndo_bpf") Cc: stable(a)vger.kernel.org Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> --- drivers/net/hyperv/netvsc_bpf.c | 2 +- drivers/net/hyperv/netvsc_drv.c | 2 -- net/core/dev.c | 1 + 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c index e01c5997a551..1dd3755d9e6d 100644 --- a/drivers/net/hyperv/netvsc_bpf.c +++ b/drivers/net/hyperv/netvsc_bpf.c @@ -183,7 +183,7 @@ int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog) xdp.command = XDP_SETUP_PROG; xdp.prog = prog; - ret = dev_xdp_propagate(vf_netdev, &xdp); + ret = netif_xdp_propagate(vf_netdev, &xdp); if (ret && prog) bpf_prog_put(prog); diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index d8b169ac0343..ee3aaf9c10e6 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -2462,8 +2462,6 @@ static int netvsc_unregister_vf(struct net_device *vf_netdev) netdev_info(ndev, "VF unregistering: %s\n", vf_netdev->name); - netvsc_vf_setxdp(vf_netdev, NULL); - reinit_completion(&net_device_ctx->vf_add); netdev_rx_handler_unregister(vf_netdev); netdev_upper_dev_unlink(vf_netdev, ndev); diff --git a/net/core/dev.c b/net/core/dev.c index fccf2167b235..8c6c9d7fba26 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9953,6 +9953,7 @@ int netif_xdp_propagate(struct net_device *dev, struct netdev_bpf *bpf) return dev->netdev_ops->ndo_bpf(dev, bpf); } +EXPORT_SYMBOL_GPL(netif_xdp_propagate); u32 dev_xdp_prog_id(struct net_device *dev, enum bpf_xdp_mode mode) { -- 2.43.0

4 weeks

4
3
0 0

[PATCH v2] r8152: Add wake up function for RTL8153

by Wentao Liang

In rtl8153_runtime_enable(), the runtime enable/disable logic for RTL8153 devices was incomplete, missing r8153_queue_wake() to enable or disable the automatic wake-up function. A proper implementation can be found in rtl8156_runtime_enable(). Add r8153_queue_wake(tp, true) if enable flag is set true, and add r8153_queue_wake(tp, false) otherwise. Fixes: 02552754a7ac ("r8152: adjust rtl8153_runtime_enable function") Cc: stable(a)vger.kernel.org # v4.13 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/net/usb/r8152.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c index 468c73974046..cb708b79a7af 100644 --- a/drivers/net/usb/r8152.c +++ b/drivers/net/usb/r8152.c @@ -4004,10 +4004,12 @@ static void rtl_runtime_suspend_enable(struct r8152 *tp, bool enable) static void rtl8153_runtime_enable(struct r8152 *tp, bool enable) { if (enable) { + r8153_queue_wake(tp, true); r8153_u1u2en(tp, false); r8153_u2p3en(tp, false); rtl_runtime_suspend_enable(tp, true); } else { + r8153_queue_wake(tp, false); rtl_runtime_suspend_enable(tp, false); switch (tp->version) { -- 2.42.0.windows.2

4 weeks

3
2
0 0

[PATCH net 4/4] can: slcan: allow reception of short error messages

by Marc Kleine-Budde

From: Carlos Sanchez <carlossanchez(a)geotab.com> Allows slcan to receive short messages (typically errors) from the serial interface. When error support was added to slcan protocol in b32ff4668544e1333b694fcc7812b2d7397b4d6a ("can: slcan: extend the protocol with error info") the minimum valid message size changed from 5 (minimum standard can frame tIII0) to 3 ("e1a" is a valid protocol message, it is one of the examples given in the comments for slcan_bump_err() ), but the check for minimum message length prodicating all decoding was not adjusted. This makes short error messages discarded and error frames not being generated. This patch changes the minimum length to the new minimum (3 characters, excluding terminator, is now a valid message). Signed-off-by: Carlos Sanchez <carlossanchez(a)geotab.com> Fixes: b32ff4668544 ("can: slcan: extend the protocol with error info") Reviewed-by: Vincent Mailhol <mailhol.vincent(a)wanadoo.fr> Link: https://patch.msgid.link/20250520102305.1097494-1-carlossanchez@geotab.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/slcan/slcan-core.c | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/drivers/net/can/slcan/slcan-core.c b/drivers/net/can/slcan/slcan-core.c index 24c6622d36bd..58ff2ec1d975 100644 --- a/drivers/net/can/slcan/slcan-core.c +++ b/drivers/net/can/slcan/slcan-core.c @@ -71,12 +71,21 @@ MODULE_AUTHOR("Dario Binacchi <dario.binacchi(a)amarulasolutions.com>"); #define SLCAN_CMD_LEN 1 #define SLCAN_SFF_ID_LEN 3 #define SLCAN_EFF_ID_LEN 8 +#define SLCAN_DATA_LENGTH_LEN 1 +#define SLCAN_ERROR_LEN 1 #define SLCAN_STATE_LEN 1 #define SLCAN_STATE_BE_RXCNT_LEN 3 #define SLCAN_STATE_BE_TXCNT_LEN 3 -#define SLCAN_STATE_FRAME_LEN (1 + SLCAN_CMD_LEN + \ - SLCAN_STATE_BE_RXCNT_LEN + \ - SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_STATE_MSG_LEN (SLCAN_CMD_LEN + \ + SLCAN_STATE_LEN + \ + SLCAN_STATE_BE_RXCNT_LEN + \ + SLCAN_STATE_BE_TXCNT_LEN) +#define SLCAN_ERROR_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_ERROR_LEN + \ + SLCAN_DATA_LENGTH_LEN) +#define SLCAN_FRAME_MSG_LEN_MIN (SLCAN_CMD_LEN + \ + SLCAN_SFF_ID_LEN + \ + SLCAN_DATA_LENGTH_LEN) struct slcan { struct can_priv can; @@ -176,6 +185,9 @@ static void slcan_bump_frame(struct slcan *sl) u32 tmpid; char *cmd = sl->rbuff; + if (sl->rcount < SLCAN_FRAME_MSG_LEN_MIN) + return; + skb = alloc_can_skb(sl->dev, &cf); if (unlikely(!skb)) { sl->dev->stats.rx_dropped++; @@ -281,7 +293,7 @@ static void slcan_bump_state(struct slcan *sl) return; } - if (state == sl->can.state || sl->rcount < SLCAN_STATE_FRAME_LEN) + if (state == sl->can.state || sl->rcount != SLCAN_STATE_MSG_LEN) return; cmd += SLCAN_STATE_BE_RXCNT_LEN + SLCAN_CMD_LEN + 1; @@ -328,6 +340,9 @@ static void slcan_bump_err(struct slcan *sl) bool rx_errors = false, tx_errors = false, rx_over_errors = false; int i, len; + if (sl->rcount < SLCAN_ERROR_MSG_LEN_MIN) + return; + /* get len from sanitized ASCII value */ len = cmd[1]; if (len >= '0' && len < '9') @@ -456,8 +471,7 @@ static void slcan_bump(struct slcan *sl) static void slcan_unesc(struct slcan *sl, unsigned char s) { if ((s == '\r') || (s == '\a')) { /* CR or BEL ends the pdu */ - if (!test_and_clear_bit(SLF_ERROR, &sl->flags) && - sl->rcount > 4) + if (!test_and_clear_bit(SLF_ERROR, &sl->flags)) slcan_bump(sl); sl->rcount = 0; -- 2.47.2

4 weeks

1
0
0 0

[PATCH net 3/4] can: kvaser_pciefd: Continue parsing DMA buf after dropped RX

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Going bus-off on a channel doing RX could result in dropped packets. As netif_running() gets cleared before the channel abort procedure, the handling of any last RDATA packets would see netif_rx() return non-zero to signal a dropped packet. kvaser_pciefd_read_buffer() dealt with this "error" by breaking out of processing the remaining DMA RX buffer. Only return an error from kvaser_pciefd_read_buffer() due to packet corruption, otherwise handle it internally. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-4-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index a61cbade96d9..f6921368cd14 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1209,7 +1209,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_canfd_skb(priv->dev, &cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } cf->len = can_fd_dlc2len(dlc); @@ -1221,7 +1221,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_can_skb(priv->dev, (struct can_frame **)&cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } can_frame_set_cc_len((struct can_frame *)cf, dlc, priv->ctrlmode); } @@ -1239,7 +1239,9 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, priv->dev->stats.rx_packets++; kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - return netif_rx(skb); + netif_rx(skb); + + return 0; } static void kvaser_pciefd_change_state(struct kvaser_pciefd_can *can, -- 2.47.2

4 weeks

1
0
0 0

[PATCH net 2/4] can: kvaser_pciefd: Fix echo_skb race

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> The functions kvaser_pciefd_start_xmit() and kvaser_pciefd_handle_ack_packet() raced to stop/wake TX queues and get/put echo skbs, as kvaser_pciefd_can->echo_lock was only ever taken when transmitting and KCAN_TX_NR_PACKETS_CURRENT gets decremented prior to handling of ACKs. E.g., this caused the following error: can_put_echo_skb: BUG! echo_skb 5 is occupied! Instead, use the synchronization helpers in netdev_queues.h. As those piggyback on BQL barriers, start updating in-flight packets and bytes counts as well. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-3-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 93 +++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index 9cc9176c2058..a61cbade96d9 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -16,6 +16,7 @@ #include <linux/netdevice.h> #include <linux/pci.h> #include <linux/timer.h> +#include <net/netdev_queues.h> MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Kvaser AB <support(a)kvaser.com>"); @@ -410,10 +411,13 @@ struct kvaser_pciefd_can { void __iomem *reg_base; struct can_berr_counter bec; u8 cmd_seq; + u8 tx_max_count; + u8 tx_idx; + u8 ack_idx; int err_rep_cnt; - int echo_idx; + unsigned int completed_tx_pkts; + unsigned int completed_tx_bytes; spinlock_t lock; /* Locks sensitive registers (e.g. MODE) */ - spinlock_t echo_lock; /* Locks the message echo buffer */ struct timer_list bec_poll_timer; struct completion start_comp, flush_comp; }; @@ -714,6 +718,9 @@ static int kvaser_pciefd_open(struct net_device *netdev) int ret; struct kvaser_pciefd_can *can = netdev_priv(netdev); + can->tx_idx = 0; + can->ack_idx = 0; + ret = open_candev(netdev); if (ret) return ret; @@ -745,21 +752,26 @@ static int kvaser_pciefd_stop(struct net_device *netdev) timer_delete(&can->bec_poll_timer); } can->can.state = CAN_STATE_STOPPED; + netdev_reset_queue(netdev); close_candev(netdev); return ret; } +static unsigned int kvaser_pciefd_tx_avail(const struct kvaser_pciefd_can *can) +{ + return can->tx_max_count - (READ_ONCE(can->tx_idx) - READ_ONCE(can->ack_idx)); +} + static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, - struct kvaser_pciefd_can *can, + struct can_priv *can, u8 seq, struct sk_buff *skb) { struct canfd_frame *cf = (struct canfd_frame *)skb->data; int packet_size; - int seq = can->echo_idx; memset(p, 0, sizeof(*p)); - if (can->can.ctrlmode & CAN_CTRLMODE_ONE_SHOT) + if (can->ctrlmode & CAN_CTRLMODE_ONE_SHOT) p->header[1] |= KVASER_PCIEFD_TPACKET_SMS; if (cf->can_id & CAN_RTR_FLAG) @@ -782,7 +794,7 @@ static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, } else { p->header[1] |= FIELD_PREP(KVASER_PCIEFD_RPACKET_DLC_MASK, - can_get_cc_dlc((struct can_frame *)cf, can->can.ctrlmode)); + can_get_cc_dlc((struct can_frame *)cf, can->ctrlmode)); } p->header[1] |= FIELD_PREP(KVASER_PCIEFD_PACKET_SEQ_MASK, seq); @@ -797,22 +809,24 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct kvaser_pciefd_can *can = netdev_priv(netdev); - unsigned long irq_flags; struct kvaser_pciefd_tx_packet packet; + unsigned int seq = can->tx_idx & (can->can.echo_skb_max - 1); + unsigned int frame_len; int nr_words; - u8 count; if (can_dev_dropped_skb(netdev, skb)) return NETDEV_TX_OK; + if (!netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1)) + return NETDEV_TX_BUSY; - nr_words = kvaser_pciefd_prepare_tx_packet(&packet, can, skb); + nr_words = kvaser_pciefd_prepare_tx_packet(&packet, &can->can, seq, skb); - spin_lock_irqsave(&can->echo_lock, irq_flags); /* Prepare and save echo skb in internal slot */ - can_put_echo_skb(skb, netdev, can->echo_idx, 0); - - /* Move echo index to the next slot */ - can->echo_idx = (can->echo_idx + 1) % can->can.echo_skb_max; + WRITE_ONCE(can->can.echo_skb[seq], NULL); + frame_len = can_skb_get_frame_len(skb); + can_put_echo_skb(skb, netdev, seq, frame_len); + netdev_sent_queue(netdev, frame_len); + WRITE_ONCE(can->tx_idx, can->tx_idx + 1); /* Write header to fifo */ iowrite32(packet.header[0], @@ -836,14 +850,7 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, KVASER_PCIEFD_KCAN_FIFO_LAST_REG); } - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); - /* No room for a new message, stop the queue until at least one - * successful transmit - */ - if (count >= can->can.echo_skb_max || can->can.echo_skb[can->echo_idx]) - netif_stop_queue(netdev); - spin_unlock_irqrestore(&can->echo_lock, irq_flags); + netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1); return NETDEV_TX_OK; } @@ -970,6 +977,8 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->kv_pcie = pcie; can->cmd_seq = 0; can->err_rep_cnt = 0; + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; can->bec.txerr = 0; can->bec.rxerr = 0; @@ -983,11 +992,10 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) tx_nr_packets_max = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_MAX_MASK, ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + can->tx_max_count = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); can->can.clock.freq = pcie->freq; - can->can.echo_skb_max = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); - can->echo_idx = 0; - spin_lock_init(&can->echo_lock); + can->can.echo_skb_max = roundup_pow_of_two(can->tx_max_count); spin_lock_init(&can->lock); can->can.bittiming_const = &kvaser_pciefd_bittiming_const; @@ -1510,19 +1518,21 @@ static int kvaser_pciefd_handle_ack_packet(struct kvaser_pciefd *pcie, netdev_dbg(can->can.dev, "Packet was flushed\n"); } else { int echo_idx = FIELD_GET(KVASER_PCIEFD_PACKET_SEQ_MASK, p->header[0]); - int len; - u8 count; + unsigned int len, frame_len = 0; struct sk_buff *skb; + if (echo_idx != (can->ack_idx & (can->can.echo_skb_max - 1))) + return 0; skb = can->can.echo_skb[echo_idx]; - if (skb) - kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - len = can_get_echo_skb(can->can.dev, echo_idx, NULL); - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + if (!skb) + return 0; + kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); + len = can_get_echo_skb(can->can.dev, echo_idx, &frame_len); - if (count < can->can.echo_skb_max && netif_queue_stopped(can->can.dev)) - netif_wake_queue(can->can.dev); + /* Pairs with barrier in kvaser_pciefd_start_xmit() */ + smp_store_release(&can->ack_idx, can->ack_idx + 1); + can->completed_tx_pkts++; + can->completed_tx_bytes += frame_len; if (!one_shot_fail) { can->can.dev->stats.tx_bytes += len; @@ -1638,11 +1648,26 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) { int pos = 0; int res = 0; + unsigned int i; do { res = kvaser_pciefd_read_packet(pcie, &pos, dma_buf); } while (!res && pos > 0 && pos < KVASER_PCIEFD_DMA_SIZE); + /* Report ACKs in this buffer to BQL en masse for correct periods */ + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; + + if (!can->completed_tx_pkts) + continue; + netif_subqueue_completed_wake(can->can.dev, 0, + can->completed_tx_pkts, + can->completed_tx_bytes, + kvaser_pciefd_tx_avail(can), 1); + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; + } + return res; } -- 2.47.2

4 weeks

1
0
0 0

[PATCH net 1/4] can: kvaser_pciefd: Force IRQ edge in case of nested IRQ

by Marc Kleine-Budde

From: Axel Forsman <axfo(a)kvaser.com> Avoid the driver missing IRQs by temporarily masking IRQs in the ISR to enforce an edge even if a different IRQ is signalled before handled IRQs are cleared. Fixes: 48f827d4f48f ("can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR") Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> Link: https://patch.msgid.link/20250520114332.8961-2-axfo@kvaser.com Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/kvaser_pciefd.c | 83 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index cf0d51805272..9cc9176c2058 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1646,24 +1646,28 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) return res; } -static u32 kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) +static void kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) { + void __iomem *srb_cmd_reg = KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG; u32 irq = ioread32(KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) { + kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, srb_cmd_reg); /* Rearm buffer */ + } + + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) { kvaser_pciefd_read_buffer(pcie, 1); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB1, srb_cmd_reg); /* Rearm buffer */ + } if (unlikely(irq & KVASER_PCIEFD_SRB_IRQ_DOF0 || irq & KVASER_PCIEFD_SRB_IRQ_DOF1 || irq & KVASER_PCIEFD_SRB_IRQ_DUF0 || irq & KVASER_PCIEFD_SRB_IRQ_DUF1)) dev_err(&pcie->pci->dev, "DMA IRQ error 0x%08X\n", irq); - - iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - return irq; } static void kvaser_pciefd_transmit_irq(struct kvaser_pciefd_can *can) @@ -1691,29 +1695,22 @@ static irqreturn_t kvaser_pciefd_irq_handler(int irq, void *dev) struct kvaser_pciefd *pcie = (struct kvaser_pciefd *)dev; const struct kvaser_pciefd_irq_mask *irq_mask = pcie->driver_data->irq_mask; u32 pci_irq = ioread32(KVASER_PCIEFD_PCI_IRQ_ADDR(pcie)); - u32 srb_irq = 0; - u32 srb_release = 0; int i; if (!(pci_irq & irq_mask->all)) return IRQ_NONE; + iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + if (pci_irq & irq_mask->kcan_rx0) - srb_irq = kvaser_pciefd_receive_irq(pcie); + kvaser_pciefd_receive_irq(pcie); for (i = 0; i < pcie->nr_channels; i++) { if (pci_irq & irq_mask->kcan_tx[i]) kvaser_pciefd_transmit_irq(pcie->can[i]); } - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB0; - - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD1) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB1; - - if (srb_release) - iowrite32(srb_release, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); return IRQ_HANDLED; } @@ -1733,13 +1730,22 @@ static void kvaser_pciefd_teardown_can_ctrls(struct kvaser_pciefd *pcie) } } +static void kvaser_pciefd_disable_irq_srcs(struct kvaser_pciefd *pcie) +{ + unsigned int i; + + /* Masking PCI_IRQ is insufficient as running ISR will unmask it */ + iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); + for (i = 0; i < pcie->nr_channels; ++i) + iowrite32(0, pcie->can[i]->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); +} + static int kvaser_pciefd_probe(struct pci_dev *pdev, const struct pci_device_id *id) { int ret; struct kvaser_pciefd *pcie; const struct kvaser_pciefd_irq_mask *irq_mask; - void __iomem *irq_en_base; pcie = devm_kzalloc(&pdev->dev, sizeof(*pcie), GFP_KERNEL); if (!pcie) @@ -1805,8 +1811,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); /* Enable PCI interrupts */ - irq_en_base = KVASER_PCIEFD_PCI_IEN_ADDR(pcie); - iowrite32(irq_mask->all, irq_en_base); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); /* Ready the DMA buffers */ iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); @@ -1820,8 +1825,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return 0; err_free_irq: - /* Disable PCI interrupts */ - iowrite32(0, irq_en_base); + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); err_pci_free_irq_vectors: @@ -1844,35 +1848,26 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return ret; } -static void kvaser_pciefd_remove_all_ctrls(struct kvaser_pciefd *pcie) -{ - int i; - - for (i = 0; i < pcie->nr_channels; i++) { - struct kvaser_pciefd_can *can = pcie->can[i]; - - if (can) { - iowrite32(0, can->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); - unregister_candev(can->can.dev); - timer_delete(&can->bec_poll_timer); - kvaser_pciefd_pwm_stop(can); - free_candev(can->can.dev); - } - } -} - static void kvaser_pciefd_remove(struct pci_dev *pdev) { struct kvaser_pciefd *pcie = pci_get_drvdata(pdev); + unsigned int i; - kvaser_pciefd_remove_all_ctrls(pcie); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; - /* Disable interrupts */ - iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CTRL_REG); - iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + unregister_candev(can->can.dev); + timer_delete(&can->bec_poll_timer); + kvaser_pciefd_pwm_stop(can); + } + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); pci_free_irq_vectors(pcie->pci); + + for (i = 0; i < pcie->nr_channels; ++i) + free_candev(pcie->can[i]->can.dev); + pci_iounmap(pdev, pcie->reg_base); pci_release_regions(pdev); pci_disable_device(pdev); base-commit: 9e89db3d847f2d66d2799c5533d00aebee2be4d1 -- 2.47.2

4 weeks

1
0
0 0

[PATCH v1] media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW

by Dongcheng Yan

reset_gpio needs to be an output and set to GPIOD_OUT_LOW, to ensure lt6911uxe is in reset state during probe. This issue was found on the onboard lt6911uxe, where the reset_pin was not reset, causing the lt6911uxe to fail to probe. Fixes: e49563c3be09d4 ("media: i2c: add lt6911uxe hdmi bridge driver") Cc: stable(a)vger.kernel.org Signed-off-by: Dongcheng Yan <dongcheng.yan(a)intel.com> --- drivers/media/i2c/lt6911uxe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/i2c/lt6911uxe.c b/drivers/media/i2c/lt6911uxe.c index c5b40bb58a37..4e2109db0145 100644 --- a/drivers/media/i2c/lt6911uxe.c +++ b/drivers/media/i2c/lt6911uxe.c @@ -600,7 +600,7 @@ static int lt6911uxe_probe(struct i2c_client *client) v4l2_i2c_subdev_init(&lt6911uxe->sd, client, &lt6911uxe_subdev_ops); - lt6911uxe->reset_gpio = devm_gpiod_get(dev, "reset", GPIOD_IN); + lt6911uxe->reset_gpio = devm_gpiod_get(dev, "reset", GPIOD_OUT_LOW); if (IS_ERR(lt6911uxe->reset_gpio)) return dev_err_probe(dev, PTR_ERR(lt6911uxe->reset_gpio), "failed to get reset gpio\n"); base-commit: f2151613e040973c868d28c8b00885dfab69eb75 prerequisite-patch-id: 6cade6d98fab1ea36ed59fe5502d7d2457180ca5 -- 2.34.1

4 weeks

1
0
0 0

[PATCH v4] fs: minix: Fix handling of corrupted directories

by Andrey Kriulin

If the directory is corrupted and the number of nlinks is less than 2 (valid nlinks have at least 2), then when the directory is deleted, the minix_rmdir will try to reduce the nlinks(unsigned int) to a negative value. Make nlinks validity check for directories. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Kriulin <kitotavrik.s(a)gmail.com> --- v4: Add nlinks check for parent dirictory to minix_rmdir per Jan Kara <jack(a)suse.cz> request. v3: Move nlinks validaty check to minix_rmdir and minix_rename per Jan Kara <jack(a)suse.cz> request. v2: Move nlinks validaty check to V[12]_minix_iget() per Jan Kara <jack(a)suse.cz> request. Change return error code to EUCLEAN. Don't block directory in r/o mode per Al Viro <viro(a)zeniv.linux.org.uk> request. fs/minix/namei.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/minix/namei.c b/fs/minix/namei.c index 8938536d8d3c..ab86fd16e548 100644 --- a/fs/minix/namei.c +++ b/fs/minix/namei.c @@ -161,8 +161,12 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry) static int minix_rmdir(struct inode * dir, struct dentry *dentry) { struct inode * inode = d_inode(dentry); - int err = -ENOTEMPTY; + int err = -EUCLEAN; + if (inode->i_nlink < 2 || dir->i_nlink <= 2) + return err; + + err = -ENOTEMPTY; if (minix_empty_dir(inode)) { err = minix_unlink(dir, dentry); if (!err) { @@ -235,6 +239,10 @@ static int minix_rename(struct mnt_idmap *idmap, mark_inode_dirty(old_inode); if (dir_de) { + if (old_dir->i_nlink <= 2) { + err = -EUCLEAN; + goto out_dir; + } err = minix_set_link(dir_de, dir_folio, new_dir); if (!err) inode_dec_link_count(old_dir); -- 2.47.2

4 weeks

1
0
0 0

[PATCH AUTOSEL 6.14 001/642] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 0b7952471c18f..79c09b378be81 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -112,8 +112,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

4 weeks

18
672
0 0

[merged mm-hotfixes-stable] kasan-avoid-sleepable-page-allocation-from-atomic-context-v9.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kasan: avoid sleepable page allocation from atomic context has been removed from the -mm tree. Its filename was kasan-avoid-sleepable-page-allocation-from-atomic-context-v9.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: kasan: avoid sleepable page allocation from atomic context Date: Thu, 15 May 2025 15:55:38 +0200 apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_populate_vmalloc_pte() callback on each page table walk iteration. However, the callback can go into sleep when trying to allocate a single page, e.g. if an architecutre disables preemption on lazy MMU mode enter. On s390 if make arch_enter_lazy_mmu_mode() -> preempt_enable() and arch_leave_lazy_mmu_mode() -> preempt_disable(), such crash occurs: [ 0.663336] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 0.663348] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd [ 0.663358] preempt_count: 1, expected: 0 [ 0.663366] RCU nest depth: 0, expected: 0 [ 0.663375] no locks held by kthreadd/2. [ 0.663383] Preemption disabled at: [ 0.663386] [<0002f3284cbb4eda>] apply_to_pte_range+0xfa/0x4a0 [ 0.663405] CPU: 0 UID: 0 PID: 2 Comm: kthreadd Not tainted 6.15.0-rc5-gcc-kasan-00043-gd76bb1ebb558-dirty #162 PREEMPT [ 0.663408] Hardware name: IBM 3931 A01 701 (KVM/Linux) [ 0.663409] Call Trace: [ 0.663410] [<0002f3284c385f58>] dump_stack_lvl+0xe8/0x140 [ 0.663413] [<0002f3284c507b9e>] __might_resched+0x66e/0x700 [ 0.663415] [<0002f3284cc4f6c0>] __alloc_frozen_pages_noprof+0x370/0x4b0 [ 0.663419] [<0002f3284ccc73c0>] alloc_pages_mpol+0x1a0/0x4a0 [ 0.663421] [<0002f3284ccc8518>] alloc_frozen_pages_noprof+0x88/0xc0 [ 0.663424] [<0002f3284ccc8572>] alloc_pages_noprof+0x22/0x120 [ 0.663427] [<0002f3284cc341ac>] get_free_pages_noprof+0x2c/0xc0 [ 0.663429] [<0002f3284cceba70>] kasan_populate_vmalloc_pte+0x50/0x120 [ 0.663433] [<0002f3284cbb4ef8>] apply_to_pte_range+0x118/0x4a0 [ 0.663435] [<0002f3284cbc7c14>] apply_to_pmd_range+0x194/0x3e0 [ 0.663437] [<0002f3284cbc99be>] __apply_to_page_range+0x2fe/0x7a0 [ 0.663440] [<0002f3284cbc9e88>] apply_to_page_range+0x28/0x40 [ 0.663442] [<0002f3284ccebf12>] kasan_populate_vmalloc+0x82/0xa0 [ 0.663445] [<0002f3284cc1578c>] alloc_vmap_area+0x34c/0xc10 [ 0.663448] [<0002f3284cc1c2a6>] __get_vm_area_node+0x186/0x2a0 [ 0.663451] [<0002f3284cc1e696>] __vmalloc_node_range_noprof+0x116/0x310 [ 0.663454] [<0002f3284cc1d950>] __vmalloc_node_noprof+0xd0/0x110 [ 0.663457] [<0002f3284c454b88>] alloc_thread_stack_node+0xf8/0x330 [ 0.663460] [<0002f3284c458d56>] dup_task_struct+0x66/0x4d0 [ 0.663463] [<0002f3284c45be90>] copy_process+0x280/0x4b90 [ 0.663465] [<0002f3284c460940>] kernel_clone+0xd0/0x4b0 [ 0.663467] [<0002f3284c46115e>] kernel_thread+0xbe/0xe0 [ 0.663469] [<0002f3284c4e440e>] kthreadd+0x50e/0x7f0 [ 0.663472] [<0002f3284c38c04a>] __ret_from_fork+0x8a/0xf0 [ 0.663475] [<0002f3284ed57ff2>] ret_from_fork+0xa/0x38 Instead of allocating single pages per-PTE, bulk-allocate the shadow memory prior to applying kasan_populate_vmalloc_pte() callback on a page range. Link: https://lkml.kernel.org/r/c61d3560297c93ed044f0b1af085610353a06a58.17473169… Fixes: 3c5c3cfb9ef4 ("kasan: support backing vmalloc space with real shadow memory") Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Suggested-by: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Reviewed-by: Harry Yoo <harry.yoo(a)oracle.com> Cc: Daniel Axtens <dja(a)axtens.net> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/kasan/shadow.c | 92 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 78 insertions(+), 14 deletions(-) --- a/mm/kasan/shadow.c~kasan-avoid-sleepable-page-allocation-from-atomic-context-v9 +++ a/mm/kasan/shadow.c @@ -292,33 +292,99 @@ void __init __weak kasan_populate_early_ { } +struct vmalloc_populate_data { + unsigned long start; + struct page **pages; +}; + static int kasan_populate_vmalloc_pte(pte_t *ptep, unsigned long addr, - void *unused) + void *_data) { - unsigned long page; + struct vmalloc_populate_data *data = _data; + struct page *page; pte_t pte; + int index; if (likely(!pte_none(ptep_get(ptep)))) return 0; - page = __get_free_page(GFP_KERNEL); - if (!page) - return -ENOMEM; - - __memset((void *)page, KASAN_VMALLOC_INVALID, PAGE_SIZE); - pte = pfn_pte(PFN_DOWN(__pa(page)), PAGE_KERNEL); + index = PFN_DOWN(addr - data->start); + page = data->pages[index]; + __memset(page_to_virt(page), KASAN_VMALLOC_INVALID, PAGE_SIZE); + pte = pfn_pte(page_to_pfn(page), PAGE_KERNEL); spin_lock(&init_mm.page_table_lock); if (likely(pte_none(ptep_get(ptep)))) { set_pte_at(&init_mm, addr, ptep, pte); - page = 0; + data->pages[index] = NULL; } spin_unlock(&init_mm.page_table_lock); - if (page) - free_page(page); + + return 0; +} + +static void ___free_pages_bulk(struct page **pages, int nr_pages) +{ + int i; + + for (i = 0; i < nr_pages; i++) { + if (pages[i]) { + __free_pages(pages[i], 0); + pages[i] = NULL; + } + } +} + +static int ___alloc_pages_bulk(struct page **pages, int nr_pages) +{ + unsigned long nr_populated, nr_total = nr_pages; + struct page **page_array = pages; + + while (nr_pages) { + nr_populated = alloc_pages_bulk(GFP_KERNEL, nr_pages, pages); + if (!nr_populated) { + ___free_pages_bulk(page_array, nr_total - nr_pages); + return -ENOMEM; + } + pages += nr_populated; + nr_pages -= nr_populated; + } + return 0; } +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +{ + unsigned long nr_pages, nr_total = PFN_UP(end - start); + struct vmalloc_populate_data data; + int ret = 0; + + data.pages = (struct page **)__get_free_page(GFP_KERNEL | __GFP_ZERO); + if (!data.pages) + return -ENOMEM; + + while (nr_total) { + nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); + ret = ___alloc_pages_bulk(data.pages, nr_pages); + if (ret) + break; + + data.start = start; + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, + kasan_populate_vmalloc_pte, &data); + ___free_pages_bulk(data.pages, nr_pages); + if (ret) + break; + + start += nr_pages * PAGE_SIZE; + nr_total -= nr_pages; + } + + free_page((unsigned long)data.pages); + + return ret; +} + int kasan_populate_vmalloc(unsigned long addr, unsigned long size) { unsigned long shadow_start, shadow_end; @@ -348,9 +414,7 @@ int kasan_populate_vmalloc(unsigned long shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = apply_to_page_range(&init_mm, shadow_start, - shadow_end - shadow_start, - kasan_populate_vmalloc_pte, NULL); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end); if (ret) return ret; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

4 weeks

1
0
0 0

[merged mm-hotfixes-stable] highmem-add-folio_test_partial_kmap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: highmem: add folio_test_partial_kmap() has been removed from the -mm tree. Its filename was highmem-add-folio_test_partial_kmap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Matthew Wilcox (Oracle)" <willy(a)infradead.org> Subject: highmem: add folio_test_partial_kmap() Date: Wed, 14 May 2025 18:06:02 +0100 In commit c749d9b7ebbc ("iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP"), Hugh correctly noted that if KMAP_LOCAL_FORCE_MAP is enabled, we must limit ourselves to PAGE_SIZE bytes per call to kmap_local(). The same problem exists in memcpy_from_folio(), memcpy_to_folio(), folio_zero_tail(), folio_fill_tail() and memcpy_from_file_folio(), so add folio_test_partial_kmap() to do this more succinctly. Link: https://lkml.kernel.org/r/20250514170607.3000994-2-willy@infradead.org Fixes: 00cdf76012ab ("mm: add memcpy_from_file_folio()") Signed-off-by: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/highmem.h | 10 +++++----- include/linux/page-flags.h | 7 +++++++ 2 files changed, 12 insertions(+), 5 deletions(-) --- a/include/linux/highmem.h~highmem-add-folio_test_partial_kmap +++ a/include/linux/highmem.h @@ -461,7 +461,7 @@ static inline void memcpy_from_folio(cha const char *from = kmap_local_folio(folio, offset); size_t chunk = len; - if (folio_test_highmem(folio) && + if (folio_test_partial_kmap(folio) && chunk > PAGE_SIZE - offset_in_page(offset)) chunk = PAGE_SIZE - offset_in_page(offset); memcpy(to, from, chunk); @@ -489,7 +489,7 @@ static inline void memcpy_to_folio(struc char *to = kmap_local_folio(folio, offset); size_t chunk = len; - if (folio_test_highmem(folio) && + if (folio_test_partial_kmap(folio) && chunk > PAGE_SIZE - offset_in_page(offset)) chunk = PAGE_SIZE - offset_in_page(offset); memcpy(to, from, chunk); @@ -522,7 +522,7 @@ static inline __must_check void *folio_z { size_t len = folio_size(folio) - offset; - if (folio_test_highmem(folio)) { + if (folio_test_partial_kmap(folio)) { size_t max = PAGE_SIZE - offset_in_page(offset); while (len > max) { @@ -560,7 +560,7 @@ static inline void folio_fill_tail(struc VM_BUG_ON(offset + len > folio_size(folio)); - if (folio_test_highmem(folio)) { + if (folio_test_partial_kmap(folio)) { size_t max = PAGE_SIZE - offset_in_page(offset); while (len > max) { @@ -597,7 +597,7 @@ static inline size_t memcpy_from_file_fo size_t offset = offset_in_folio(folio, pos); char *from = kmap_local_folio(folio, offset); - if (folio_test_highmem(folio)) { + if (folio_test_partial_kmap(folio)) { offset = offset_in_page(offset); len = min_t(size_t, len, PAGE_SIZE - offset); } else --- a/include/linux/page-flags.h~highmem-add-folio_test_partial_kmap +++ a/include/linux/page-flags.h @@ -615,6 +615,13 @@ FOLIO_FLAG(dropbehind, FOLIO_HEAD_PAGE) PAGEFLAG_FALSE(HighMem, highmem) #endif +/* Does kmap_local_folio() only allow access to one page of the folio? */ +#ifdef CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP +#define folio_test_partial_kmap(f) true +#else +#define folio_test_partial_kmap(f) folio_test_highmem(f) +#endif + #ifdef CONFIG_SWAP static __always_inline bool folio_test_swapcache(const struct folio *folio) { _ Patches currently in -mm which might be from willy(a)infradead.org are m68k-remove-use-of-page-index.patch mm-rename-page-index-to-page-__folio_index.patch ntfs3-use-folios-more-in-ntfs_compress_write.patch iov-remove-copy_page_from_iter_atomic.patch

4 weeks

1
0
0 0

[merged mm-hotfixes-stable] taskstats-fix-struct-taskstats-breaks-backward-compatibility-since-version-15.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: taskstats: fix struct taskstats breaks backward compatibility since version 15 has been removed from the -mm tree. Its filename was taskstats-fix-struct-taskstats-breaks-backward-compatibility-since-version-15.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wang Yaxin <wang.yaxin(a)zte.com.cn> Subject: taskstats: fix struct taskstats breaks backward compatibility since version 15 Date: Sat, 10 May 2025 15:54:13 +0800 (CST) Problem ======== commit 658eb5ab916d ("delayacct: add delay max to record delay peak") - adding more fields commit f65c64f311ee ("delayacct: add delay min to record delay peak") - adding more fields commit b016d0873777 ("taskstats: modify taskstats version") - version bump to 15 Since version 15 (TASKSTATS_VERSION=15) the new layout of the structure adds fields in the middle of the structure, rendering all old software incompatible with newer kernels and software compiled against the new kernel headers incompatible with older kernels. Solution ========= move delay max and delay min to the end of taskstat, and bump the version to 16 after the change [wang.yaxin(a)zte.com.cn: adjust indentation] Link: https://lkml.kernel.org/r/202505192131489882NSciXV4EGd8zzjLuwoOK@zte.com.cn Link: https://lkml.kernel.org/r/20250510155413259V4JNRXxukdDgzsaL0Fo6a@zte.com.cn Fixes: f65c64f311ee ("delayacct: add delay min to record delay peak") Signed-off-by: Wang Yaxin <wang.yaxin(a)zte.com.cn> Signed-off-by: xu xin <xu.xin16(a)zte.com.cn> Signed-off-by: Kun Jiang <jiang.kun2(a)zte.com.cn> Reviewed-by: Yang Yang <yang.yang29(a)zte.com.cn> Cc: Balbir Singh <bsingharora(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/uapi/linux/taskstats.h | 47 +++++++++++++++++++------------ 1 file changed, 29 insertions(+), 18 deletions(-) --- a/include/uapi/linux/taskstats.h~taskstats-fix-struct-taskstats-breaks-backward-compatibility-since-version-15 +++ a/include/uapi/linux/taskstats.h @@ -34,7 +34,7 @@ */ -#define TASKSTATS_VERSION 15 +#define TASKSTATS_VERSION 16 #define TS_COMM_LEN 32 /* should be >= TASK_COMM_LEN * in linux/sched.h */ @@ -72,8 +72,6 @@ struct taskstats { */ __u64 cpu_count __attribute__((aligned(8))); __u64 cpu_delay_total; - __u64 cpu_delay_max; - __u64 cpu_delay_min; /* Following four fields atomically updated using task->delays->lock */ @@ -82,14 +80,10 @@ struct taskstats { */ __u64 blkio_count; __u64 blkio_delay_total; - __u64 blkio_delay_max; - __u64 blkio_delay_min; /* Delay waiting for page fault I/O (swap in only) */ __u64 swapin_count; __u64 swapin_delay_total; - __u64 swapin_delay_max; - __u64 swapin_delay_min; /* cpu "wall-clock" running time * On some architectures, value will adjust for cpu time stolen @@ -172,14 +166,11 @@ struct taskstats { /* Delay waiting for memory reclaim */ __u64 freepages_count; __u64 freepages_delay_total; - __u64 freepages_delay_max; - __u64 freepages_delay_min; + /* Delay waiting for thrashing page */ __u64 thrashing_count; __u64 thrashing_delay_total; - __u64 thrashing_delay_max; - __u64 thrashing_delay_min; /* v10: 64-bit btime to avoid overflow */ __u64 ac_btime64; /* 64-bit begin time */ @@ -187,8 +178,6 @@ struct taskstats { /* v11: Delay waiting for memory compact */ __u64 compact_count; __u64 compact_delay_total; - __u64 compact_delay_max; - __u64 compact_delay_min; /* v12 begin */ __u32 ac_tgid; /* thread group ID */ @@ -210,15 +199,37 @@ struct taskstats { /* v13: Delay waiting for write-protect copy */ __u64 wpcopy_count; __u64 wpcopy_delay_total; - __u64 wpcopy_delay_max; - __u64 wpcopy_delay_min; /* v14: Delay waiting for IRQ/SOFTIRQ */ __u64 irq_count; __u64 irq_delay_total; - __u64 irq_delay_max; - __u64 irq_delay_min; - /* v15: add Delay max */ + + /* v15: add Delay max and Delay min */ + + /* v16: move Delay max and Delay min to the end of taskstat */ + __u64 cpu_delay_max; + __u64 cpu_delay_min; + + __u64 blkio_delay_max; + __u64 blkio_delay_min; + + __u64 swapin_delay_max; + __u64 swapin_delay_min; + + __u64 freepages_delay_max; + __u64 freepages_delay_min; + + __u64 thrashing_delay_max; + __u64 thrashing_delay_min; + + __u64 compact_delay_max; + __u64 compact_delay_min; + + __u64 wpcopy_delay_max; + __u64 wpcopy_delay_min; + + __u64 irq_delay_max; + __u64 irq_delay_min; }; _ Patches currently in -mm which might be from wang.yaxin(a)zte.com.cn are

4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-vm_uffd_minor-==-vm_shadow_stack-on-userfaultfd=y-arm64_gcs=y.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y has been removed from the -mm tree. Its filename was mm-fix-vm_uffd_minor-==-vm_shadow_stack-on-userfaultfd=y-arm64_gcs=y.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Florent Revest <revest(a)chromium.org> Subject: mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y Date: Wed, 7 May 2025 15:09:57 +0200 On configs with CONFIG_ARM64_GCS=y, VM_SHADOW_STACK is bit 38. On configs with CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y (selected by CONFIG_ARM64 when CONFIG_USERFAULTFD=y), VM_UFFD_MINOR is _also_ bit 38. This bit being shared by two different VMA flags could lead to all sorts of unintended behaviors. Presumably, a process could maybe call into userfaultfd in a way that disables the shadow stack vma flag. I can't think of any attack where this would help (presumably, if an attacker tries to disable shadow stacks, they are trying to hijack control flow so can't arbitrarily call into userfaultfd yet anyway) but this still feels somewhat scary. Link: https://lkml.kernel.org/r/20250507131000.1204175-2-revest@chromium.org Fixes: ae80e1629aea ("mm: Define VM_SHADOW_STACK for arm64 when we support GCS") Signed-off-by: Florent Revest <revest(a)chromium.org> Reviewed-by: Mark Brown <broonie(a)kernel.org> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Florent Revest <revest(a)chromium.org> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/linux/mm.h~mm-fix-vm_uffd_minor-==-vm_shadow_stack-on-userfaultfd=y-arm64_gcs=y +++ a/include/linux/mm.h @@ -385,7 +385,7 @@ extern unsigned int kobjsize(const void #endif #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR -# define VM_UFFD_MINOR_BIT 38 +# define VM_UFFD_MINOR_BIT 41 # define VM_UFFD_MINOR BIT(VM_UFFD_MINOR_BIT) /* UFFD minor faults */ #else /* !CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ # define VM_UFFD_MINOR VM_NONE _ Patches currently in -mm which might be from revest(a)chromium.org are

4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-mmap-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled has been removed from the -mm tree. Its filename was mm-mmap-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> Subject: mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled Date: Wed, 07 May 2025 15:28:06 +0200 commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGEPAGE is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. Link: https://lkml.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) --- a/include/linux/mman.h~mm-mmap-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled +++ a/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, uns return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } _ Patches currently in -mm which might be from Ignacio.MorenoGonzalez(a)kuka.com are

4 weeks

1
0
0 0

[merged mm-hotfixes-stable] mm-page_allocc-avoid-infinite-retries-caused-by-cpuset-race.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc.c: avoid infinite retries caused by cpuset race has been removed from the -mm tree. Its filename was mm-page_allocc-avoid-infinite-retries-caused-by-cpuset-race.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Tianyang Zhang <zhangtianyang(a)loongson.cn> Subject: mm/page_alloc.c: avoid infinite retries caused by cpuset race Date: Wed, 16 Apr 2025 16:24:05 +0800 __alloc_pages_slowpath has no change detection for ac->nodemask in the part of retry path, while cpuset can modify it in parallel. For some processes that set mempolicy as MPOL_BIND, this results ac->nodemask changes, and then the should_reclaim_retry will judge based on the latest nodemask and jump to retry, while the get_page_from_freelist only traverses the zonelist from ac->preferred_zoneref, which selected by a expired nodemask and may cause infinite retries in some cases cpu 64: __alloc_pages_slowpath { /* ..... */ retry: /* ac->nodemask = 0x1, ac->preferred->zone->nid = 1 */ if (alloc_flags & ALLOC_KSWAPD) wake_all_kswapds(order, gfp_mask, ac); /* cpu 1: cpuset_write_resmask update_nodemask update_nodemasks_hier update_tasks_nodemask mpol_rebind_task mpol_rebind_policy mpol_rebind_nodemask // mempolicy->nodes has been modified, // which ac->nodemask point to */ /* ac->nodemask = 0x3, ac->preferred->zone->nid = 1 */ if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags, did_some_progress > 0, &no_progress_loops)) goto retry; } Simultaneously starting multiple cpuset01 from LTP can quickly reproduce this issue on a multi node server when the maximum memory pressure is reached and the swap is enabled Link: https://lkml.kernel.org/r/20250416082405.20988-1-zhangtianyang@loongson.cn Fixes: c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice") Signed-off-by: Tianyang Zhang <zhangtianyang(a)loongson.cn> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 8 ++++++++ 1 file changed, 8 insertions(+) --- a/mm/page_alloc.c~mm-page_allocc-avoid-infinite-retries-caused-by-cpuset-race +++ a/mm/page_alloc.c @@ -4562,6 +4562,14 @@ restart: } retry: + /* + * Deal with possible cpuset update races or zonelist updates to avoid + * infinite retries. + */ + if (check_retry_cpuset(cpuset_mems_cookie, ac) || + check_retry_zonelist(zonelist_iter_cookie)) + goto restart; + /* Ensure kswapd doesn't accidentally go to sleep as long as we loop */ if (alloc_flags & ALLOC_KSWAPD) wake_all_kswapds(order, gfp_mask, ac); _ Patches currently in -mm which might be from zhangtianyang(a)loongson.cn are

4 weeks

1
0
0 0

[PATCH 3/4 v2] crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.5+ --- v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 64 ++++++++++++++----- 1 file changed, 49 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index e27e849b01df..bb4e067ae826 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -34,6 +34,9 @@ #define SG_COMP_2 2 #define SG_COMP_1 1 +#define OTX2_CPT_DPTR_RPTR_ALIGN 8 +#define OTX2_CPT_RES_ADDR_ALIGN 32 + union otx2_cpt_opcode { u16 flags; struct { @@ -417,10 +420,9 @@ static inline struct otx2_cpt_inst_info * otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - int align = OTX2_CPT_DMA_MINALIGN; struct otx2_cpt_inst_info *info; - u32 dlen, align_dlen, info_len; - u16 g_sz_bytes, s_sz_bytes; + u32 dlen, info_len; + u16 g_len, s_len; u32 total_mem_len; if (unlikely(req->in_cnt > OTX2_CPT_MAX_SG_IN_CNT || @@ -429,22 +431,52 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, return NULL; } - g_sz_bytes = ((req->in_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 3) / 4) * - sizeof(struct otx2_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ - dlen = g_sz_bytes + s_sz_bytes + SG_LIST_HDR_SIZE; - align_dlen = ALIGN(dlen, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = align_dlen + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + s_len = ((req->out_cnt + 3) / 4) * + sizeof(struct otx2_cpt_sglist_component); + + dlen = g_len + s_len + SG_LIST_HDR_SIZE; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN) + dlen; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) return NULL; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, + OTX2_CPT_DPTR_RPTR_ALIGN); + info->out_buffer = info->in_buffer + SG_LIST_HDR_SIZE + g_len; ((u16 *)info->in_buffer)[0] = req->out_cnt; ((u16 *)info->in_buffer)[1] = req->in_cnt; @@ -460,7 +492,7 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (setup_sgio_components(pdev, req->out, req->out_cnt, - &info->in_buffer[8 + g_sz_bytes])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -476,8 +508,10 @@ otx2_sg_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + align_dlen; - info->comp_baddr = info->dptr_baddr + align_dlen; + info->completion_addr = PTR_ALIGN((info->in_buffer + dlen), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + dlen), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 weeks

3
2
0 0

[PATCH 2/4 v2] crypto: octeontx2: Fix address alignment issue on ucode loading

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Completion address should be 32-Byte alignment when loading microcode. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.5+ --- v1->v2: - No Change .../marvell/octeontx2/otx2_cptpf_ucode.c | 30 +++++++++++-------- 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c index 9095dea2748d..3e8357c0ecb2 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c @@ -1491,12 +1491,13 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) union otx2_cpt_opcode opcode; union otx2_cpt_res_s *result; union otx2_cpt_inst_s inst; + dma_addr_t result_baddr; dma_addr_t rptr_baddr; struct pci_dev *pdev; - u32 len, compl_rlen; int timeout = 10000; int ret, etype; void *rptr; + u32 len; /* * We don't get capabilities if it was already done @@ -1519,22 +1520,27 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) if (ret) goto delete_grps; - compl_rlen = ALIGN(sizeof(union otx2_cpt_res_s), OTX2_CPT_DMA_MINALIGN); - len = compl_rlen + LOADFVC_RLEN; + len = LOADFVC_RLEN + sizeof(union otx2_cpt_res_s) + + OTX2_CPT_RES_ADDR_ALIGN; - result = kzalloc(len, GFP_KERNEL); - if (!result) { + rptr = kzalloc(len, GFP_KERNEL); + if (!rptr) { ret = -ENOMEM; goto lf_cleanup; } - rptr_baddr = dma_map_single(&pdev->dev, (void *)result, len, + + rptr_baddr = dma_map_single(&pdev->dev, rptr, len, DMA_BIDIRECTIONAL); if (dma_mapping_error(&pdev->dev, rptr_baddr)) { dev_err(&pdev->dev, "DMA mapping failed\n"); ret = -EFAULT; - goto free_result; + goto free_rptr; } - rptr = (u8 *)result + compl_rlen; + + result = (union otx2_cpt_res_s *)PTR_ALIGN(rptr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); + result_baddr = ALIGN(rptr_baddr + LOADFVC_RLEN, + OTX2_CPT_RES_ADDR_ALIGN); /* Fill in the command */ opcode.s.major = LOADFVC_MAJOR_OP; @@ -1546,14 +1552,14 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) /* 64-bit swap for microcode data reads, not needed for addresses */ cpu_to_be64s(&iq_cmd.cmd.u); iq_cmd.dptr = 0; - iq_cmd.rptr = rptr_baddr + compl_rlen; + iq_cmd.rptr = rptr_baddr; iq_cmd.cptr.u = 0; for (etype = 1; etype < OTX2_CPT_MAX_ENG_TYPES; etype++) { result->s.compcode = OTX2_CPT_COMPLETION_CODE_INIT; iq_cmd.cptr.s.grp = otx2_cpt_get_eng_grp(&cptpf->eng_grps, etype); - otx2_cpt_fill_inst(&inst, &iq_cmd, rptr_baddr); + otx2_cpt_fill_inst(&inst, &iq_cmd, result_baddr); lfs->ops->send_cmd(&inst, 1, &cptpf->lfs.lf[0]); timeout = 10000; @@ -1576,8 +1582,8 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) error_no_response: dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); -free_result: - kfree(result); +free_rptr: + kfree(rptr); lf_cleanup: otx2_cptlf_shutdown(lfs); delete_grps: -- 2.34.1

4 weeks

3
2
0 0

[PATCH 6.1.y v2 1/2] drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder functions

by jianqi.ren.cn＠windriver.com

From: Vinod Polimera <quic_vpolimer(a)quicinc.com> [ Upstream commit c0cd12a5d29fa36a8e2ebac7b8bec50c1a41fb57 ] Use atomic variants for encoder callback functions such that certain states like self-refresh can be accessed as part of enable/disable sequence. Signed-off-by: Kalyan Thota <quic_kalyant(a)quicinc.com> Signed-off-by: Vinod Polimera <quic_vpolimer(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Patchwork: https://patchwork.freedesktop.org/patch/524738/ Link: https://lore.kernel.org/r/1677774797-31063-12-git-send-email-quic_vpolimer@… Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index 5f8345016ffe..c7fcd617b48c 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -1182,7 +1182,8 @@ void dpu_encoder_virt_runtime_resume(struct drm_encoder *drm_enc) mutex_unlock(&dpu_enc->enc_lock); } -static void dpu_encoder_virt_enable(struct drm_encoder *drm_enc) +static void dpu_encoder_virt_atomic_enable(struct drm_encoder *drm_enc, + struct drm_atomic_state *state) { struct dpu_encoder_virt *dpu_enc = NULL; int ret = 0; @@ -1218,7 +1219,8 @@ static void dpu_encoder_virt_enable(struct drm_encoder *drm_enc) mutex_unlock(&dpu_enc->enc_lock); } -static void dpu_encoder_virt_disable(struct drm_encoder *drm_enc) +static void dpu_encoder_virt_atomic_disable(struct drm_encoder *drm_enc, + struct drm_atomic_state *state) { struct dpu_encoder_virt *dpu_enc = NULL; int i = 0; @@ -2407,8 +2409,8 @@ static void dpu_encoder_frame_done_timeout(struct timer_list *t) static const struct drm_encoder_helper_funcs dpu_encoder_helper_funcs = { .atomic_mode_set = dpu_encoder_virt_atomic_mode_set, - .disable = dpu_encoder_virt_disable, - .enable = dpu_encoder_virt_enable, + .atomic_disable = dpu_encoder_virt_atomic_disable, + .atomic_enable = dpu_encoder_virt_atomic_enable, .atomic_check = dpu_encoder_virt_atomic_check, }; -- 2.34.1

4 weeks

2
1
0 0

[PATCH 6.1.y v2 2/2] drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()

by jianqi.ren.cn＠windriver.com

From: Abhinav Kumar <quic_abhinavk(a)quicinc.com> [ Upstream commit aedf02e46eb549dac8db4821a6b9f0c6bf6e3990 ] For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assigned as there was no atomic_mode_set() call. Fix the NULL ptr access by moving the assignment for atomic_enable() and also use drm_atomic_get_new_connector_for_encoder() to get the connector from the atomic_state. Fixes: 25fdd5933e4c ("drm/msm: Add SDM845 DPU support") Reported-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Closes: https://gitlab.freedesktop.org/drm/msm/-/issues/59 Suggested-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Tested-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> # SM8350-HDK Patchwork: https://patchwork.freedesktop.org/patch/606729/ Link: https://lore.kernel.org/r/20240731191723.3050932-1-quic_abhinavk@quicinc.com Signed-off-by: Abhinav Kumar <quic_abhinavk(a)quicinc.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index c7fcd617b48c..94f352253c74 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -1101,8 +1101,6 @@ static void dpu_encoder_virt_atomic_mode_set(struct drm_encoder *drm_enc, cstate->num_mixers = num_lm; - dpu_enc->connector = conn_state->connector; - for (i = 0; i < dpu_enc->num_phys_encs; i++) { struct dpu_encoder_phys *phys = dpu_enc->phys_encs[i]; @@ -1192,6 +1190,9 @@ static void dpu_encoder_virt_atomic_enable(struct drm_encoder *drm_enc, dpu_enc = to_dpu_encoder_virt(drm_enc); mutex_lock(&dpu_enc->enc_lock); + + dpu_enc->connector = drm_atomic_get_new_connector_for_encoder(state, drm_enc); + cur_mode = &dpu_enc->base.crtc->state->adjusted_mode; trace_dpu_enc_enable(DRMID(drm_enc), cur_mode->hdisplay, -- 2.34.1

4 weeks

1
0
0 0

[PATCH v2] rust: kbuild: rebuild if `.clippy.toml` changes

by Miguel Ojeda

We rarely modify `.clippy.toml`, but currently we do not rebuild if that happens, thus it is easy to miss possible changes in lints. Thus rebuild in case of changes. Cc: stable(a)vger.kernel.org Reported-by: Tamir Duberstein <tamird(a)gmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/1151 Fixes: 7d56786edcbd ("rust: introduce `.clippy.toml`") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/Makefile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/rust/Makefile b/rust/Makefile index 3aca903a7d08..107299c32065 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -57,6 +57,10 @@ rustdoc_test_quiet=--test-args -q rustdoc_test_kernel_quiet=>/dev/null endif +ifeq ($(KBUILD_CLIPPY),1) + clippy_toml := $(srctree)/.clippy.toml +endif + core-cfgs = \ --cfg no_fp_fmt_parse @@ -405,11 +409,12 @@ quiet_cmd_rustc_procmacro = $(RUSTC_OR_CLIPPY_QUIET) P $@ --crate-name $(patsubst lib%.$(libmacros_extension),%,$(notdir $@)) $< # Procedural macros can only be used with the `rustc` that compiled it. -$(obj)/$(libmacros_name): $(src)/macros/lib.rs FORCE +$(obj)/$(libmacros_name): $(src)/macros/lib.rs $(clippy_toml) FORCE +$(call if_changed_dep,rustc_procmacro) $(obj)/$(libpin_init_internal_name): private rustc_target_flags = --cfg kernel -$(obj)/$(libpin_init_internal_name): $(src)/pin-init/internal/src/lib.rs FORCE +$(obj)/$(libpin_init_internal_name): $(src)/pin-init/internal/src/lib.rs \ + $(clippy_toml) FORCE +$(call if_changed_dep,rustc_procmacro) quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L $@ @@ -495,7 +500,8 @@ endif $(obj)/compiler_builtins.o: private skip_gendwarfksyms = 1 $(obj)/compiler_builtins.o: private rustc_objcopy = -w -W '__*' -$(obj)/compiler_builtins.o: $(src)/compiler_builtins.rs $(obj)/core.o FORCE +$(obj)/compiler_builtins.o: $(src)/compiler_builtins.rs $(obj)/core.o \ + $(clippy_toml) FORCE +$(call if_changed_rule,rustc_library) $(obj)/pin_init.o: private skip_gendwarfksyms = 1 base-commit: 22c3335c5dcd33063fe1894676a3a6ff1008d506 -- 2.49.0

4 weeks

3
2
0 0

[PATCH 1/5] objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0

by Miguel Ojeda

Starting with Rust 1.87.0 (expected 2025-05-15), `objtool` may report: rust/core.o: warning: objtool: _R..._4core9panicking9panic_fmt() falls through to next function _R..._4core9panicking18panic_nounwind_fmt() rust/core.o: warning: objtool: _R..._4core9panicking18panic_nounwind_fmt() falls through to next function _R..._4core9panicking5panic() The reason is that `rust_begin_unwind` is now mangled: _R..._7___rustc17rust_begin_unwind Thus add the mangled one to the list so that `objtool` knows it is actually `noreturn`. See commit 56d680dd23c3 ("objtool/rust: list `noreturn` Rust functions") for more details. Alternatively, we could remove the fixed one in `noreturn.h` and relax this test to cover both, but it seems best to be strict as long as we can. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Cc: Josh Poimboeuf <jpoimboe(a)kernel.org> Cc: Peter Zijlstra <peterz(a)infradead.org> Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- tools/objtool/check.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/objtool/check.c b/tools/objtool/check.c index 3a411064fa34..b21b12ec88d9 100644 --- a/tools/objtool/check.c +++ b/tools/objtool/check.c @@ -227,6 +227,7 @@ static bool is_rust_noreturn(const struct symbol *func) str_ends_with(func->name, "_4core9panicking19assert_failed_inner") || str_ends_with(func->name, "_4core9panicking30panic_null_pointer_dereference") || str_ends_with(func->name, "_4core9panicking36panic_misaligned_pointer_dereference") || + str_ends_with(func->name, "_7___rustc17rust_begin_unwind") || strstr(func->name, "_4core9panicking13assert_failed") || strstr(func->name, "_4core9panicking11panic_const24panic_const_") || (strstr(func->name, "_4core5slice5index24slice_") && -- 2.49.0

4 weeks

7
13
0 0

[PATCH v2] arm64: Restrict pagetable teardown to avoid false warning

by Dev Jain

Commit 9c006972c3fe removes the pxd_present() checks because the caller checks pxd_present(). But, in case of vmap_try_huge_pud(), the caller only checks pud_present(); pud_free_pmd_page() recurses on each pmd through pmd_free_pte_page(), wherein the pmd may be none. Thus it is possible to hit a warning in the latter, since pmd_none => !pmd_table(). Thus, add a pmd_present() check in pud_free_pmd_page(). This problem was found by code inspection. This patch is based on 6.15-rc6. Fixes: 9c006972c3fe (arm64: mmu: drop pXd_present() checks from pXd_free_pYd_table()) Cc: <stable(a)vger.kernel.org> Reported-by: Ryan Roberts <ryan.roberts(a)arm.com> Signed-off-by: Dev Jain <dev.jain(a)arm.com> --- v1->v2: - Enforce check in caller arch/arm64/mm/mmu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c index ea6695d53fb9..5b1f4cd238ca 100644 --- a/arch/arm64/mm/mmu.c +++ b/arch/arm64/mm/mmu.c @@ -1286,7 +1286,8 @@ int pud_free_pmd_page(pud_t *pudp, unsigned long addr) next = addr; end = addr + PUD_SIZE; do { - pmd_free_pte_page(pmdp, next); + if (pmd_present(*pmdp)) + pmd_free_pte_page(pmdp, next); } while (pmdp++, next += PMD_SIZE, next != end); pud_clear(pudp); -- 2.30.2

4 weeks

3
8
0 0

[PATCH] rust: kbuild: rebuild if `.clippy.toml` changes

by Miguel Ojeda

We rarely modify `.clippy.toml`, but currently we do not rebuild if that happens, thus it is easy to miss possible changes in lints. Thus rebuild in case of changes. Cc: stable(a)vger.kernel.org Reported-by: Tamir Duberstein <tamird(a)gmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/1151 Fixes: 7d56786edcbd ("rust: introduce `.clippy.toml`") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/Makefile | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/rust/Makefile b/rust/Makefile index 3aca903a7d08..0dcc9ba0d225 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -405,11 +405,12 @@ quiet_cmd_rustc_procmacro = $(RUSTC_OR_CLIPPY_QUIET) P $@ --crate-name $(patsubst lib%.$(libmacros_extension),%,$(notdir $@)) $< # Procedural macros can only be used with the `rustc` that compiled it. -$(obj)/$(libmacros_name): $(src)/macros/lib.rs FORCE +$(obj)/$(libmacros_name): $(src)/macros/lib.rs $(srctree)/.clippy.toml FORCE +$(call if_changed_dep,rustc_procmacro) $(obj)/$(libpin_init_internal_name): private rustc_target_flags = --cfg kernel -$(obj)/$(libpin_init_internal_name): $(src)/pin-init/internal/src/lib.rs FORCE +$(obj)/$(libpin_init_internal_name): $(src)/pin-init/internal/src/lib.rs \ + $(srctree)/.clippy.toml FORCE +$(call if_changed_dep,rustc_procmacro) quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L $@ @@ -495,7 +496,8 @@ endif $(obj)/compiler_builtins.o: private skip_gendwarfksyms = 1 $(obj)/compiler_builtins.o: private rustc_objcopy = -w -W '__*' -$(obj)/compiler_builtins.o: $(src)/compiler_builtins.rs $(obj)/core.o FORCE +$(obj)/compiler_builtins.o: $(src)/compiler_builtins.rs $(obj)/core.o \ + $(srctree)/.clippy.toml FORCE +$(call if_changed_rule,rustc_library) $(obj)/pin_init.o: private skip_gendwarfksyms = 1 base-commit: 22c3335c5dcd33063fe1894676a3a6ff1008d506 -- 2.49.0

4 weeks

3
2
0 0

[PATCH] arm64: dts: rockchip: Add missing SFC power-domains to rk3576

by Sebastian Reichel

Add the power-domains for the RK3576 SFC nodes according to the TRM part 1. This fixes potential SErrors when accessing the SFC registers without other peripherals (e.g. eMMC) doing a prior power-domain enable. For example this is easy to trigger on the Rock 4D, which enables the SFC0 interface, but does not enable the eMMC interface at the moment. Cc: stable(a)vger.kernel.org Fixes: 36299757129c8 ("arm64: dts: rockchip: Add SFC nodes for rk3576") Signed-off-by: Sebastian Reichel <sebastian.reichel(a)collabora.com> --- I finally managed to get some RK3576 boards integrated to our CI pipeline and promptly got some SError on Rock 4D with the extra test coverage :( As we hope to get some of those boards for KernelCI, it would be good to get this fixed in all affected trees. It seemed enough to just describe the power-domain in DT (i.e. that fixed the SError for the arm64 defconfig when booting the Rock 4D). If we see further problems (I haven't so far), we might need something like [0] for the FSPI driver. [0] https://lore.kernel.org/all/20250423-rk3576-emmc-fix-v3-1-0bf80e29967f@coll… [ 15.248915] Kernel panic - not syncing: Asynchronous SError Interrupt [ 15.248917] CPU: 7 UID: 0 PID: 142 Comm: (udev-worker) Not tainted 6.15.0-rc6-g51237a9145a9 #1 PREEMPT [ 15.248921] Hardware name: Radxa ROCK 4D (DT) [ 15.248923] Call trace: [ 15.248924] show_stack+0x2c/0x84 (C) [ 15.248937] dump_stack_lvl+0x60/0x80 [ 15.248941] dump_stack+0x18/0x24 [ 15.248944] panic+0x168/0x360 [ 15.248948] add_taint+0x0/0xbc [ 15.248952] arm64_serror_panic+0x64/0x70 [ 15.248956] do_serror+0x3c/0x70 [ 15.248958] el1h_64_error_handler+0x30/0x48 [ 15.248964] el1h_64_error+0x6c/0x70 [ 15.248967] rockchip_sfc_init.isra.0+0x20/0x8c [spi_rockchip_sfc] (P) [ 15.248972] platform_probe+0x68/0xdc [ 15.248978] really_probe+0xc0/0x39c [ 15.248982] __driver_probe_device+0x7c/0x14c [ 15.248985] driver_probe_device+0x3c/0x120 [ 15.248989] __driver_attach+0xc4/0x200 [ 15.248992] bus_for_each_dev+0x7c/0xdc [ 15.248995] driver_attach+0x24/0x30 [ 15.248998] bus_add_driver+0x110/0x240 [ 15.249001] driver_register+0x68/0x130 [ 15.249005] __platform_driver_register+0x24/0x30 [ 15.249010] rockchip_sfc_driver_init+0x20/0x1000 [spi_rockchip_sfc] [ 15.249014] do_one_initcall+0x60/0x1e0 [ 15.249017] do_init_module+0x54/0x1fc [ 15.249021] load_module+0x18f8/0x1e50 [ 15.249024] init_module_from_file+0x88/0xcc [ 15.249027] __arm64_sys_finit_module+0x260/0x358 [ 15.249031] invoke_syscall+0x48/0x104 [ 15.249035] el0_svc_common.constprop.0+0x40/0xe0 [ 15.249040] do_el0_svc+0x1c/0x28 [ 15.249044] el0_svc+0x30/0xcc [ 15.249048] el0t_64_sync_handler+0x10c/0x138 [ 15.249052] el0t_64_sync+0x198/0x19c [ 15.249057] SMP: stopping secondary CPUs [ 15.249064] Kernel Offset: 0x38f049600000 from 0xffff800080000000 [ 15.249066] PHYS_OFFSET: 0xfff0e21340000000 [ 15.249068] CPU features: 0x0400,00041250,01000400,0200421b [ 15.249071] Memory Limit: none [ 15.273962] ---[ end Kernel panic - not syncing: Asynchronous SError Interrupt ]--- --- arch/arm64/boot/dts/rockchip/rk3576.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/rockchip/rk3576.dtsi b/arch/arm64/boot/dts/rockchip/rk3576.dtsi index 79800959b7976950fb3655289076de70b5814283..260f9598ee6c9c1536115ca3dcb0cbaf61028057 100644 --- a/arch/arm64/boot/dts/rockchip/rk3576.dtsi +++ b/arch/arm64/boot/dts/rockchip/rk3576.dtsi @@ -1605,6 +1605,7 @@ sfc1: spi@2a300000 { interrupts = <GIC_SPI 255 IRQ_TYPE_LEVEL_HIGH>; clocks = <&cru SCLK_FSPI1_X2>, <&cru HCLK_FSPI1>; clock-names = "clk_sfc", "hclk_sfc"; + power-domains = <&power RK3576_PD_SDGMAC>; #address-cells = <1>; #size-cells = <0>; status = "disabled"; @@ -1655,6 +1656,7 @@ sfc0: spi@2a340000 { interrupts = <GIC_SPI 254 IRQ_TYPE_LEVEL_HIGH>; clocks = <&cru SCLK_FSPI_X2>, <&cru HCLK_FSPI>; clock-names = "clk_sfc", "hclk_sfc"; + power-domains = <&power RK3576_PD_NVM>; #address-cells = <1>; #size-cells = <0>; status = "disabled"; --- base-commit: a95d16b0324b6875f908e5965495b393c92614f8 change-id: 20250520-rk3576-fix-fspi-pmdomain-4cfae65b64dd Best regards, -- Sebastian Reichel <sre(a)kernel.org>

4 weeks

2
1
0 0

[PATCH 1/7] drm/i915/display: Add check for alloc_ordered_workqueue() and alloc_workqueue()

by Jani Nikula

From: Haoxiang Li <haoxiang_li2024(a)163.com> Add check for the return value of alloc_ordered_workqueue() and alloc_workqueue(). Furthermore, if some allocations fail, cleanup works are added to avoid potential memory leak problem. Fixes: 40053823baad ("drm/i915/display: move modeset probe/remove functions to intel_display_driver.c") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> Signed-off-by: Jani Nikula <jani.nikula(a)intel.com> --- .../drm/i915/display/intel_display_driver.c | 30 +++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_display_driver.c b/drivers/gpu/drm/i915/display/intel_display_driver.c index 5c74ab5fd1aa..411fe7b918a7 100644 --- a/drivers/gpu/drm/i915/display/intel_display_driver.c +++ b/drivers/gpu/drm/i915/display/intel_display_driver.c @@ -244,31 +244,45 @@ int intel_display_driver_probe_noirq(struct intel_display *display) intel_dmc_init(display); display->wq.modeset = alloc_ordered_workqueue("i915_modeset", 0); + if (!display->wq.modeset) { + ret = -ENOMEM; + goto cleanup_vga_client_pw_domain_dmc; + } + display->wq.flip = alloc_workqueue("i915_flip", WQ_HIGHPRI | WQ_UNBOUND, WQ_UNBOUND_MAX_ACTIVE); + if (!display->wq.flip) { + ret = -ENOMEM; + goto cleanup_wq_modeset; + } + display->wq.cleanup = alloc_workqueue("i915_cleanup", WQ_HIGHPRI, 0); + if (!display->wq.cleanup) { + ret = -ENOMEM; + goto cleanup_wq_flip; + } intel_mode_config_init(display); ret = intel_cdclk_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_color_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_dbuf_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_bw_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; ret = intel_pmdemand_init(display); if (ret) - goto cleanup_vga_client_pw_domain_dmc; + goto cleanup_wq_cleanup; intel_init_quirks(display); @@ -276,6 +290,12 @@ int intel_display_driver_probe_noirq(struct intel_display *display) return 0; +cleanup_wq_cleanup: + destroy_workqueue(display->wq.cleanup); +cleanup_wq_flip: + destroy_workqueue(display->wq.flip); +cleanup_wq_modeset: + destroy_workqueue(display->wq.modeset); cleanup_vga_client_pw_domain_dmc: intel_dmc_fini(display); intel_power_domains_driver_remove(display); -- 2.39.5

4 weeks

2
2
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) ld.lld: error: undefined symbol: cpu_wants_rethunk_at in vmlinux (...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- ld.lld: error: undefined symbol: cpu_wants_rethunk_at in vmlinux (Makefile:1234) [logspec:kbuild,kbuild.other] --- - dashboard: https://d.kernelci.org/i/maestro:029b000b9c1bb21b6d1cadf1eadd7d1b2b5f42bd - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: ba6ee53cdfadb92bab1c005dfb67a4397a8a7219 Log excerpt: ===================================================== .lds ld.lld: error: undefined symbol: cpu_wants_rethunk_at >>> referenced by static_call.c >>> kernel/static_call.o:(__static_call_transform) in archive arch/x86/built-in.a ===================================================== # Builds where the incident occurred: ## i386_defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (i386): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:682c81a1fef071f536c2ecc7 #kernelci issue maestro:029b000b9c1bb21b6d1cadf1eadd7d1b2b5f42bd Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

4 weeks

1
0
0 0

[PATCH 6.14 000/197] 6.14.7-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.7 release. There are 197 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 14 May 2025 17:19:58 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.7-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.7-rc1 Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> selftest/x86/bugs: Add selftests for ITS Peter Zijlstra <peterz(a)infradead.org> x86/its: Use dynamic thunks for indirect branches Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/ibt: Keep IBT disabled during alternative patching Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for RSB stuffing mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enable Indirect Target Selection mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe return thunk Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe indirect thunk Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enumerate Indirect Target Selection (ITS) bug Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation: x86/bugs/its: Add ITS documentation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Do not set BHI_DIS_S in 32-bit mode Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bpf: Add IBHF call at end of classic BPF Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bpf: Call branch history clearing sequence on exit James Morse <james.morse(a)arm.com> arm64: proton-pack: Add new CPUs 'k' values for branch mitigation James Morse <james.morse(a)arm.com> arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users James Morse <james.morse(a)arm.com> arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the branchy loop k value James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the platform is mitigated by firmware James Morse <james.morse(a)arm.com> arm64: insn: Add support for encoding DSB Johannes Weiner <hannes(a)cmpxchg.org> mm: page_alloc: speed up fallbacks in rmqueue_bulk() Johannes Weiner <hannes(a)cmpxchg.org> mm: page_alloc: don't steal single pages from biggest buddy Hao Qin <hao.qin(a)mediatek.com> Bluetooth: btmtk: Remove the resetting step before downloading the fw Jens Axboe <axboe(a)kernel.dk> io_uring: always arm linked timeouts prior to issue Miguel Ojeda <ojeda(a)kernel.org> rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint Miguel Ojeda <ojeda(a)kernel.org> rust: allow Rust 1.87.0's `clippy::ptr_eq` lint Al Viro <viro(a)zeniv.linux.org.uk> do_umount(): add missing barrier before refcount checks in sync case Gabriel Krisman Bertazi <krisman(a)suse.de> io_uring/sqpoll: Increase task_work submission batch size Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe: Release force wake first then runtime power Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs Samuel Holland <samuel.holland(a)sifive.com> riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: enable IRQs while handling misaligned accesses Clément Léger <cleger(a)rivosinc.com> riscv: misaligned: factorize trap handling Daniel Wagner <wagi(a)kernel.org> nvme: unblock ctrl state transition for firmware update Kevin Baker <kevinb(a)ventureresearch.com> drm/panel: simple: Update timings for AUO G101EVN010 Lizhi Xu <lizhi.xu(a)windriver.com> loop: Add sanity check for read/write_iter Christoph Hellwig <hch(a)lst.de> loop: factor out a loop_assign_backing_file helper Nylon Chen <nylon.chen(a)sifive.com> riscv: misaligned: Add handling for ZCB instructions Thorsten Blum <thorsten.blum(a)linux.dev> MIPS: Fix MAX_REG_OFFSET Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Correct mutex unlock order in job submission Karol Wachowski <karol.wachowski(a)intel.com> accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Prevent coarse clocks going backwards Marco Crivellari <marco.crivellari(a)suse.com> MIPS: Move r4k_wait() to .cpuidle.text section Marco Crivellari <marco.crivellari(a)suse.com> MIPS: Fix idle VS timer enqueue Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: dln2: Use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. Lothar Rubusch <l.rubusch(a)gmail.com> iio: accel: adxl367: fix setting odr for activity time update Gustavo Silva <gustavograzs(a)gmail.com> iio: imu: bmi270: fix initial sampling frequency configuration Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous generic_read ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous wait_srq ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous get_stb ioctl error returns Oliver Neukum <oneukum(a)suse.com> USB: usbtmc: use interruptible sleep in usbtmc_read Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix NULL pointer access Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix deadlock RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs Jim Lin <jilin(a)nvidia.com> usb: host: tegra: Prevent host controller crash when OTG port is used Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Use get_status callback to set remote wakeup capability Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: f_ecm: Add get_status callback Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with resuming from L1 Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: dwc3: gadget: Make gadget_wakeup asynchronous Jan Kara <jack(a)suse.cz> ocfs2: stop quota recovery before disabling quotas Jan Kara <jack(a)suse.cz> ocfs2: implement handshaking with ocfs2 recovery thread Jan Kara <jack(a)suse.cz> ocfs2: switch osb->disable_recovery to enum Heming Zhao <heming.zhao(a)suse.com> ocfs2: fix the issue with discontiguous allocation in the global_bitmap Mark Tinguely <mark.tinguely(a)oracle.com> ocfs2: fix panic in failed foilio allocation Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode: Consolidate the loader enablement checking Dmitry Antipov <dmantipov(a)yandex.ru> module: ensure that kobject_put() is safe for module type kobjects Tom Lendacky <thomas.lendacky(a)amd.com> memblock: Accept allocated memory before use in memblock_double_array() Sebastian Ott <sebott(a)redhat.com> KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Yeoreum Yun <yeoreum.yun(a)arm.com> arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Increase state dump msg timeout Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Use kref to track req lifetime John Ernberg <john.ernberg(a)actia.se> xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it Paul Aurich <paul(a)darkrain42.org> smb: client: Avoid race in open_cached_dir with lease breaks Alexey Charkov <alchark(a)gmail.com> usb: uhci-platform: Make the clock really optional Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Copy AUX read reply data whenever length > 0 Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Fix wrong handling for AUX_DEFER case Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Remove incorrect checking in dmub aux handler Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Fix the checking condition in dmub aux handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: more liberal vmin/vmax update for freesync Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix invalid context error in dml helper Ruijing Dong <ruijing.dong(a)amd.com> drm/amdgpu/vcn: using separate VCN1_AON_SOC offset Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix pm notifier handling Matthew Brost <matthew.brost(a)intel.com> drm/xe: Add page queue multiplier Maíra Canal <mcanal(a)igalia.com> drm/v3d: Add job to pending list if the reset was skipped Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amd: Stop evicting resources on APUs in suspend" David Lechner <dlechner(a)baylibre.com> iio: pressure: mprls0025pa: use aligned_s64 for timestamp Luca Ceresoli <luca.ceresoli(a)bootlin.com> iio: light: opt3001: fix deadlock due to concurrent flag access Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo David Lechner <dlechner(a)baylibre.com> iio: imu: inv_mpu6050: align buffer for timestamp Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: support multi-channel SCALE calculation Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Restore lost scale assignments David Lechner <dlechner(a)baylibre.com> iio: chemical: pms7003: use aligned_s64 for timestamp David Lechner <dlechner(a)baylibre.com> iio: chemical: sps30: use aligned_s64 for timestamp Gabriel Shahrouzi <gshahrouzi(a)gmail.com> iio: adis16201: Correct inclinometer channel resolution Simon Xue <xxm(a)rock-chips.com> iio: adc: rockchip: Fix clock initialization sequence Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: fix serial register access Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7266: Fix potential timestamp alignment issue. Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Fix insufficient alignment of timestamp. Jens Axboe <axboe(a)kernel.dk> io_uring: ensure deferred completions are flushed for multishot Nam Cao <namcao(a)linutronix.de> riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Shift DMUB AUX reply command if necessary Mikhail Lobanov <m.lobanov(a)rosa.ru> KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Sean Christopherson <seanjc(a)google.com> KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Madhavan Srinivasan <maddy(a)linux.ibm.com> selftests/mm: fix build break when compiling pkey_util.c Nysal Jan K.A. <nysal(a)linux.ibm.com> selftests/mm: fix a build failure on powerpc Feng Tang <feng.tang(a)linux.alibaba.com> selftests/mm: compaction_test: support platform with huge mount of memory Peter Xu <peterx(a)redhat.com> mm/userfaultfd: fix uninitialized output field for -EAGAIN race Gavin Guo <gavinguo(a)igalia.com> mm/huge_memory: fix dereferencing invalid pmd migration entry Kees Cook <kees(a)kernel.org> mm: vmalloc: support more granular vrealloc() sizing Petr Vaněk <arkamar(a)atlas.cz> mm: fix folio_pte_batch() on XEN PV Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Correct handling of tx_fifo_depth for size validation Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Remove hardware resets for user errors Dave Stevenson <dave.stevenson(a)raspberrypi.com> staging: bcm2835-camera: Initialise dev in v4l2_dev Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: iio: adc: ad7816: Correct conditional logic for store mode Naman Jain <namjain(a)linux.microsoft.com> uio_hv_generic: Fix sysfs creation path for ring buffer Miguel Ojeda <ojeda(a)kernel.org> rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration Miguel Ojeda <ojeda(a)kernel.org> objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0 Miguel Ojeda <ojeda(a)kernel.org> rust: clean Rust 1.88.0's `unnecessary_transmutes` lint Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - enable SMBus for HP Elitebook 850 G1 Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dell Precision M3800 Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Manuel Fombuena <fombuena(a)outlook.com> Input: synaptics - enable InterTouch on Dynabook Portege X30-D Vicki Pfau <vi(a)endrift.com> Input: xpad - fix two controller table values Lode Willems <me(a)lodewillems.com> Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Vicki Pfau <vi(a)endrift.com> Input: xpad - fix Share button on Xbox One controllers Gary Bisson <bisson.gary(a)gmail.com> Input: mtk-pmic-keys - fix possible null pointer dereference Mikael Gonella-Bolduc <mgonellabolduc(a)dimonoff.com> Input: cyttsp5 - fix power control issue on wakeup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Input: cyttsp5 - ensure minimum reset pulse width Jakub Kicinski <kuba(a)kernel.org> virtio-net: fix total qstat values Jakub Kicinski <kuba(a)kernel.org> net: export a helper for adding up queue stats Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Cleanup handling of completions Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Actually flush_tx instead of stalling out Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Gate AXI read/write enabling on FW mailbox Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Fix initialization of mailbox descriptor rings Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not set learning and unicast/multicast on up Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix learning on VLAN unaware bridges Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix toggling vlan_filtering Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not program vlans when vlan filtering is off Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not allow to configure VLAN 0 Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: always rejoin default untagged VLAN on bridge leave Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix flushing old pvid VLAN on pvid change Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix clearing PVID of a port Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: keep CPU port always tagged again Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow leaky reserved multicast Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Scrub packet on bpf_redirect_peer Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix region locking in hash types Julian Anastasov <ja(a)ssi.bg> ipvs: fix uninit-value for saddr in do_output_route4 Gao Xiang <xiang(a)kernel.org> erofs: ensure the extra temporary copy is valid for shortened bvecs Przemek Kitszel <przemyslaw.kitszel(a)intel.com> ice: use DSN instead of PCI BDF for ice_adapter index Michael-CY Lee <michael-cy.lee(a)mediatek.com> wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping Oliver Hartkopp <socketcan(a)hartkopp.net> can: gw: fix RCU/BH usage in cgw_create_job() Kelsey Maes <kelsey(a)vpprocess.com> can: mcp251xfd: fix TDC setting for low data bit rates Antonios Salios <antonios(a)mwa.re> can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe Frank Wunderlich <frank-w(a)public-files.de> net: ethernet: mtk_eth_soc: do not reset PSE when setting FE Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Guillaume Nault <gnault(a)redhat.com> gre: Fix again IPv6 link-local address generation. Jakub Kicinski <kuba(a)kernel.org> virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() Jakub Kicinski <kuba(a)kernel.org> virtio-net: don't re-enable refill work too early when NAPI is disabled Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_deactivate() idempotent Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Wang Zhaolong <wangzhaolong1(a)huawei.com> ksmbd: fix memory leak in parse_lease_state() Eelco Chaudron <echaudro(a)redhat.com> openvswitch: Fix unsafe attribute parsing in output_userspace() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix UAF in __close_file_table_ids Norbert Szetei <norbert(a)doyensec.com> ksmbd: prevent out-of-bounds stream writes by validating *pos Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: prevent rename with empty string Marc Kleine-Budde <mkl(a)pengutronix.de> can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Align huge faults to order Veerendranath Jakkam <quic_vjakkam(a)quicinc.com> wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Fix missing check for zpci_create_device() error return Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcan: m_can_class_unregister(): fix order of unregistration calls Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix timeout checks on polling path Wojciech Dubowik <Wojciech.Dubowik(a)mt.com> arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 Qu Wenruo <wqu(a)suse.com> Revert "btrfs: canonicalize the device path before adding it" Max Kellermann <max.kellermann(a)ionos.com> fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() Dan Carpenter <dan.carpenter(a)linaro.org> dm: add missing unlock on in dm_keyslot_evict() ------------- Diffstat: .clippy.toml | 2 +- Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 168 ++++++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 18 ++ Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 ++- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/insn.h | 1 + arch/arm64/include/asm/spectre.h | 3 + arch/arm64/kernel/cpufeature.c | 9 +- arch/arm64/kernel/proton-pack.c | 13 +- arch/arm64/kvm/mmu.c | 13 +- arch/arm64/lib/insn.c | 76 +++++--- arch/arm64/net/bpf_jit_comp.c | 57 +++++- arch/mips/include/asm/idle.h | 3 +- arch/mips/include/asm/ptrace.h | 3 +- arch/mips/kernel/genex.S | 63 +++--- arch/mips/kernel/idle.c | 7 - arch/riscv/kernel/process.c | 6 + arch/riscv/kernel/traps.c | 64 ++++--- arch/riscv/kernel/traps_misaligned.c | 17 ++ arch/s390/kernel/entry.S | 3 +- arch/s390/pci/pci_clp.c | 2 + arch/x86/Kconfig | 12 ++ arch/x86/entry/entry_64.S | 20 +- arch/x86/include/asm/alternative.h | 24 +++ arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/microcode.h | 2 + arch/x86/include/asm/msr-index.h | 8 + arch/x86/include/asm/nospec-branch.h | 10 + arch/x86/kernel/alternative.c | 195 ++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 176 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 72 +++++-- arch/x86/kernel/cpu/microcode/amd.c | 6 +- arch/x86/kernel/cpu/microcode/core.c | 60 +++--- arch/x86/kernel/cpu/microcode/intel.c | 2 +- arch/x86/kernel/cpu/microcode/internal.h | 1 - arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/head32.c | 4 - arch/x86/kernel/module.c | 6 + arch/x86/kernel/static_call.c | 4 +- arch/x86/kernel/vmlinux.lds.S | 10 + arch/x86/kvm/mmu/mmu.c | 89 ++++++--- arch/x86/kvm/smm.c | 1 + arch/x86/kvm/svm/svm.c | 4 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 ++++ arch/x86/mm/tlb.c | 23 ++- arch/x86/net/bpf_jit_comp.c | 58 +++++- drivers/accel/ivpu/ivpu_hw.c | 2 +- drivers/accel/ivpu/ivpu_job.c | 90 ++++++--- drivers/base/cpu.c | 3 + drivers/block/loop.c | 43 ++++- drivers/bluetooth/btmtk.c | 10 - drivers/clocksource/i8253.c | 4 +- drivers/firmware/arm_scmi/driver.c | 13 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 - drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 -- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 29 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 - drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 +- drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 1 + drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 ++-- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 ++- .../amd/display/dc/dml2/dml2_translation_helper.c | 14 +- drivers/gpu/drm/panel/panel-simple.c | 25 +-- drivers/gpu/drm/v3d/v3d_sched.c | 28 ++- drivers/gpu/drm/xe/tests/xe_mocs.c | 7 +- drivers/gpu/drm/xe/xe_gt_debugfs.c | 9 +- drivers/gpu/drm/xe/xe_gt_pagefault.c | 11 +- drivers/hv/hyperv_vmbus.h | 6 + drivers/hv/vmbus_drv.c | 100 +++++++++- drivers/iio/accel/adis16201.c | 4 +- drivers/iio/accel/adxl355_core.c | 2 +- drivers/iio/accel/adxl367.c | 10 +- drivers/iio/adc/ad7266.c | 2 +- drivers/iio/adc/ad7606_spi.c | 2 +- drivers/iio/adc/ad7768-1.c | 2 +- drivers/iio/adc/dln2-adc.c | 2 +- drivers/iio/adc/rockchip_saradc.c | 17 +- drivers/iio/chemical/pms7003.c | 5 +- drivers/iio/chemical/sps30.c | 2 +- .../iio/common/hid-sensors/hid-sensor-attributes.c | 4 + drivers/iio/imu/bmi270/bmi270_core.c | 6 +- drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 + drivers/iio/light/hid-sensor-prox.c | 22 ++- drivers/iio/light/opt3001.c | 5 +- drivers/iio/pressure/mprls0025pa.h | 17 +- drivers/iio/temperature/maxim_thermocouple.c | 2 +- drivers/input/joystick/xpad.c | 40 ++-- drivers/input/keyboard/mtk-pmic-keys.c | 4 +- drivers/input/mouse/synaptics.c | 5 + drivers/input/touchscreen/cyttsp5.c | 7 +- drivers/md/dm-table.c | 3 +- drivers/net/can/m_can/m_can.c | 3 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +++- drivers/net/dsa/b53/b53_common.c | 213 +++++++++++++++------ drivers/net/dsa/b53/b53_priv.h | 3 + drivers/net/dsa/bcm_sf2.c | 1 + drivers/net/ethernet/intel/ice/ice_adapter.c | 47 ++--- drivers/net/ethernet/intel/ice/ice_adapter.h | 6 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 19 +- drivers/net/ethernet/meta/fbnic/fbnic_csr.h | 2 + drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 197 +++++++++++-------- drivers/net/ethernet/meta/fbnic/fbnic_mac.c | 6 - drivers/net/virtio_net.c | 23 ++- drivers/nvme/host/core.c | 3 +- drivers/pci/hotplug/s390_pci_hpc.c | 1 - drivers/staging/axis-fifo/axis-fifo.c | 14 +- drivers/staging/iio/adc/ad7816.c | 2 +- .../vc04_services/bcm2835-camera/bcm2835-camera.c | 1 + drivers/uio/uio_hv_generic.c | 39 ++-- drivers/usb/cdns3/cdnsp-gadget.c | 31 +++ drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-pci.c | 12 +- drivers/usb/cdns3/cdnsp-ring.c | 3 +- drivers/usb/cdns3/core.h | 3 + drivers/usb/class/usbtmc.c | 59 +++--- drivers/usb/dwc3/core.h | 4 + drivers/usb/dwc3/gadget.c | 60 +++--- drivers/usb/gadget/composite.c | 12 +- drivers/usb/gadget/function/f_ecm.c | 7 + drivers/usb/gadget/udc/tegra-xudc.c | 4 + drivers/usb/host/uhci-platform.c | 2 +- drivers/usb/host/xhci-dbgcap.c | 19 +- drivers/usb/host/xhci-dbgcap.h | 3 + drivers/usb/host/xhci-tegra.c | 3 + drivers/usb/misc/onboard_usb_dev.c | 10 +- drivers/usb/typec/tcpm/tcpm.c | 2 +- drivers/usb/typec/ucsi/displayport.c | 21 +- drivers/usb/typec/ucsi/ucsi.c | 34 ++++ drivers/usb/typec/ucsi/ucsi.h | 2 + drivers/vfio/pci/vfio_pci_core.c | 12 +- drivers/xen/swiotlb-xen.c | 1 + drivers/xen/xenbus/xenbus.h | 2 + drivers/xen/xenbus/xenbus_comms.c | 9 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- drivers/xen/xenbus/xenbus_xs.c | 18 +- fs/btrfs/volumes.c | 91 +-------- fs/erofs/fileio.c | 4 +- fs/erofs/zdata.c | 29 ++- fs/namespace.c | 3 +- fs/ocfs2/alloc.c | 1 + fs/ocfs2/journal.c | 80 +++++--- fs/ocfs2/journal.h | 1 + fs/ocfs2/ocfs2.h | 17 +- fs/ocfs2/quota_local.c | 9 +- fs/ocfs2/suballoc.c | 38 +++- fs/ocfs2/suballoc.h | 1 + fs/ocfs2/super.c | 3 + fs/smb/client/cached_dir.c | 10 +- fs/smb/server/oplock.c | 7 +- fs/smb/server/smb2pdu.c | 5 + fs/smb/server/vfs.c | 7 + fs/smb/server/vfs_cache.c | 33 +++- fs/userfaultfd.c | 28 ++- include/linux/cpu.h | 2 + include/linux/execmem.h | 3 + include/linux/hyperv.h | 6 + include/linux/ieee80211.h | 2 +- include/linux/module.h | 5 + include/linux/timekeeper_internal.h | 8 +- include/linux/vmalloc.h | 1 + include/net/netdev_queues.h | 6 + init/Kconfig | 3 + io_uring/io_uring.c | 58 +++--- io_uring/sqpoll.c | 2 +- kernel/params.c | 4 +- kernel/time/timekeeping.c | 50 ++++- kernel/time/vsyscall.c | 4 +- mm/huge_memory.c | 11 +- mm/internal.h | 27 ++- mm/memblock.c | 9 +- mm/page_alloc.c | 159 +++++++++------ mm/vmalloc.c | 31 ++- net/can/gw.c | 151 +++++++++------ net/core/filter.c | 1 + net/core/netdev-genl.c | 69 +++++-- net/ipv6/addrconf.c | 15 +- net/mac80211/mlme.c | 12 +- net/netfilter/ipset/ip_set_hash_gen.h | 2 +- net/netfilter/ipvs/ip_vs_xmit.c | 27 +-- net/openvswitch/actions.c | 3 +- net/sched/sch_htb.c | 15 +- net/wireless/scan.c | 2 +- rust/bindings/lib.rs | 1 + rust/kernel/alloc/kvec.rs | 3 + rust/kernel/list.rs | 3 + rust/kernel/str.rs | 46 ++--- rust/macros/module.rs | 19 +- rust/macros/paste.rs | 2 +- rust/macros/pinned_drop.rs | 3 +- rust/uapi/lib.rs | 1 + tools/objtool/check.c | 1 + tools/testing/selftests/Makefile | 1 + tools/testing/selftests/mm/compaction_test.c | 19 +- tools/testing/selftests/mm/pkey-powerpc.h | 14 +- tools/testing/selftests/mm/pkey_util.c | 1 + tools/testing/selftests/x86/bugs/Makefile | 3 + tools/testing/selftests/x86/bugs/common.py | 164 ++++++++++++++++ .../selftests/x86/bugs/its_indirect_alignment.py | 150 +++++++++++++++ .../testing/selftests/x86/bugs/its_permutations.py | 109 +++++++++++ .../selftests/x86/bugs/its_ret_alignment.py | 139 ++++++++++++++ tools/testing/selftests/x86/bugs/its_sysfs.py | 65 +++++++ 218 files changed, 3603 insertions(+), 1269 deletions(-)

4 weeks

19
223
0 0

[PATCH] parisc: fix building with gcc-15

by Arnd Bergmann

From: Arnd Bergmann <arnd(a)arndb.de> The decompressor is built with the default C dialect, which is now gnu23 on gcc-15, and this clashes with the kernel's bool type definition: In file included from include/uapi/linux/posix_types.h:5, from arch/parisc/boot/compressed/misc.c:7: include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, Add the -std=gnu11 argument here, as we do for all other architectures. Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> --- arch/parisc/boot/compressed/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/parisc/boot/compressed/Makefile b/arch/parisc/boot/compressed/Makefile index 92227fa813dc..17c42d718eb3 100644 --- a/arch/parisc/boot/compressed/Makefile +++ b/arch/parisc/boot/compressed/Makefile @@ -18,6 +18,7 @@ KBUILD_CFLAGS += -fno-PIE -mno-space-regs -mdisable-fpregs -Os ifndef CONFIG_64BIT KBUILD_CFLAGS += -mfast-indirect-calls endif +KBUILD_CFLAGS += -std=gnu11 LDFLAGS_vmlinux := -X -e startup --as-needed -T $(obj)/vmlinux: $(obj)/vmlinux.lds $(addprefix $(obj)/, $(OBJECTS)) $(LIBGCC) FORCE -- 2.39.5

4 weeks

2
1
0 0

[PATCH 5.10.y] net: decrease cached dst counters in dst_release

by jianqi.ren.cn＠windriver.com

From: Antoine Tenart <atenart(a)kernel.org> [ Upstream commit 3a0a3ff6593d670af2451ec363ccb7b18aec0c0a ] Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too. Fixes: d71785ffc7e7 ("net: add dst_cache to ovs vxlan lwtunnel") Signed-off-by: Antoine Tenart <atenart(a)kernel.org> Link: https://patch.msgid.link/20250326173634.31096-1-atenart@kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/core/dst.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/core/dst.c b/net/core/dst.c index 5bb143857336..e5d2ce95a2b6 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -175,6 +175,14 @@ void dst_release(struct dst_entry *dst) net_warn_ratelimited("%s: dst:%p refcnt:%d\n", __func__, dst, newrefcnt); if (!newrefcnt){ +#ifdef CONFIG_DST_CACHE + if (dst->flags & DST_METADATA) { + struct metadata_dst *md_dst = (struct metadata_dst *)dst; + + if (md_dst->type == METADATA_IP_TUNNEL) + dst_cache_reset_now(&md_dst->u.tun_info.dst_cache); + } +#endif dst_count_dec(dst); call_rcu(&dst->rcu_head, dst_destroy_rcu); } -- 2.34.1

4 weeks

2
1
0 0

[PATCH 6.1.y] net: decrease cached dst counters in dst_release

by jianqi.ren.cn＠windriver.com

From: Antoine Tenart <atenart(a)kernel.org> [ Upstream commit 3a0a3ff6593d670af2451ec363ccb7b18aec0c0a ] Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too. Fixes: d71785ffc7e7 ("net: add dst_cache to ovs vxlan lwtunnel") Signed-off-by: Antoine Tenart <atenart(a)kernel.org> Link: https://patch.msgid.link/20250326173634.31096-1-atenart@kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/core/dst.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/core/dst.c b/net/core/dst.c index 8db87258d145..1c16821581c8 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -173,6 +173,14 @@ void dst_release(struct dst_entry *dst) net_warn_ratelimited("%s: dst:%p refcnt:%d\n", __func__, dst, newrefcnt); if (!newrefcnt){ +#ifdef CONFIG_DST_CACHE + if (dst->flags & DST_METADATA) { + struct metadata_dst *md_dst = (struct metadata_dst *)dst; + + if (md_dst->type == METADATA_IP_TUNNEL) + dst_cache_reset_now(&md_dst->u.tun_info.dst_cache); + } +#endif dst_count_dec(dst); call_rcu(&dst->rcu_head, dst_destroy_rcu); } -- 2.34.1

4 weeks

2
1
0 0

[PATCH 6.6/6.1 ] hwpoison, memory_hotplug: lock folio before unmap hwpoisoned folio

by Xiangyu Chen

From: Ma Wupeng <mawupeng1(a)huawei.com> commit af288a426c3e3552b62595c6138ec6371a17dbba upstream. Commit b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined) add page poison checks in do_migrate_range in order to make offline hwpoisoned page possible by introducing isolate_lru_page and try_to_unmap for hwpoisoned page. However folio lock must be held before calling try_to_unmap. Add it to fix this problem. Warning will be produced if folio is not locked during unmap: ------------[ cut here ]------------ kernel BUG at ./include/linux/swapops.h:400! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 4 UID: 0 PID: 411 Comm: bash Tainted: G W 6.13.0-rc1-00016-g3c434c7ee82a-dirty #41 Tainted: [W]=WARN Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : try_to_unmap_one+0xb08/0xd3c lr : try_to_unmap_one+0x3dc/0xd3c Call trace: try_to_unmap_one+0xb08/0xd3c (P) try_to_unmap_one+0x3dc/0xd3c (L) rmap_walk_anon+0xdc/0x1f8 rmap_walk+0x3c/0x58 try_to_unmap+0x88/0x90 unmap_poisoned_folio+0x30/0xa8 do_migrate_range+0x4a0/0x568 offline_pages+0x5a4/0x670 memory_block_action+0x17c/0x374 memory_subsys_offline+0x3c/0x78 device_offline+0xa4/0xd0 state_store+0x8c/0xf0 dev_attr_store+0x18/0x2c sysfs_kf_write+0x44/0x54 kernfs_fop_write_iter+0x118/0x1a8 vfs_write+0x3a8/0x4bc ksys_write+0x6c/0xf8 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x30/0xd0 el0t_64_sync_handler+0xc8/0xcc el0t_64_sync+0x198/0x19c Code: f9407be0 b5fff320 d4210000 17ffff97 (d4210000) ---[ end trace 0000000000000000 ]--- Link: https://lkml.kernel.org/r/20250217014329.3610326-4-mawupeng1@huawei.com Fixes: b15c87263a69 ("hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined") Signed-off-by: Ma Wupeng <mawupeng1(a)huawei.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified on build test --- mm/memory_hotplug.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 9beed7c71a8e..aab166905452 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1735,8 +1735,12 @@ static void do_migrate_range(unsigned long start_pfn, unsigned long end_pfn) if (PageHWPoison(page)) { if (WARN_ON(folio_test_lru(folio))) folio_isolate_lru(folio); - if (folio_mapped(folio)) + if (folio_mapped(folio)) { + folio_lock(folio); try_to_unmap(folio, TTU_IGNORE_MLOCK); + folio_unlock(folio); + } + continue; } -- 2.34.1

4 weeks

2
1
0 0

[PATCH 5.15.y] net: decrease cached dst counters in dst_release

by jianqi.ren.cn＠windriver.com

From: Antoine Tenart <atenart(a)kernel.org> [ Upstream commit 3a0a3ff6593d670af2451ec363ccb7b18aec0c0a ] Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid accessing already freed data in case of netns dismantle. However in case CONFIG_DST_CACHE is enabled and OvS+tunnels are used, this fix is incomplete as the same issue will be seen for cached dsts: Unable to handle kernel paging request at virtual address ffff5aabf6b5c000 Call trace: percpu_counter_add_batch+0x3c/0x160 (P) dst_release+0xec/0x108 dst_cache_destroy+0x68/0xd8 dst_destroy+0x13c/0x168 dst_destroy_rcu+0x1c/0xb0 rcu_do_batch+0x18c/0x7d0 rcu_core+0x174/0x378 rcu_core_si+0x18/0x30 Fix this by invalidating the cache, and thus decrementing cached dst counters, in dst_release too. Fixes: d71785ffc7e7 ("net: add dst_cache to ovs vxlan lwtunnel") Signed-off-by: Antoine Tenart <atenart(a)kernel.org> Link: https://patch.msgid.link/20250326173634.31096-1-atenart@kernel.org Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/core/dst.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/core/dst.c b/net/core/dst.c index 6d74b4663085..c1ea331c4bfd 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -173,6 +173,14 @@ void dst_release(struct dst_entry *dst) net_warn_ratelimited("%s: dst:%p refcnt:%d\n", __func__, dst, newrefcnt); if (!newrefcnt){ +#ifdef CONFIG_DST_CACHE + if (dst->flags & DST_METADATA) { + struct metadata_dst *md_dst = (struct metadata_dst *)dst; + + if (md_dst->type == METADATA_IP_TUNNEL) + dst_cache_reset_now(&md_dst->u.tun_info.dst_cache); + } +#endif dst_count_dec(dst); call_rcu(&dst->rcu_head, dst_destroy_rcu); } -- 2.34.1

4 weeks

2
1
0 0

[PATCH] mtd: nand: sunxi: Add randomizer configuration before randomizer enable

by Wentao Liang

In sunxi_nfc_hw_ecc_read_chunk(), the sunxi_nfc_randomizer_enable() is called without the config of randomizer. A proper implementation can be found in sunxi_nfc_hw_ecc_read_chunks_dma(). Add sunxi_nfc_randomizer_config() before the start of randomization. Fixes: 4be4e03efc7f ("mtd: nand: sunxi: add randomizer support") Cc: stable(a)vger.kernel.org # v4.6 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/mtd/nand/raw/sunxi_nand.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/mtd/nand/raw/sunxi_nand.c b/drivers/mtd/nand/raw/sunxi_nand.c index fab371e3e9b7..9179719f639e 100644 --- a/drivers/mtd/nand/raw/sunxi_nand.c +++ b/drivers/mtd/nand/raw/sunxi_nand.c @@ -817,6 +817,7 @@ static int sunxi_nfc_hw_ecc_read_chunk(struct nand_chip *nand, if (ret) return ret; + sunxi_nfc_randomizer_config(nand, page, false); sunxi_nfc_randomizer_enable(nand); writel(NFC_DATA_TRANS | NFC_DATA_SWAP_METHOD | NFC_ECC_OP, nfc->regs + NFC_REG_CMD); -- 2.42.0.windows.2

4 weeks

2
1
0 0

GERICHTSVERFAHREN(Sie haben 48 Stunden Zeit, um zu antworten)

by FEDPOLADMINCH POLIZEI

4 weeks

1
0
0 0

[6.12.y regression] loosetup: failed to set up loop device: Invalid argument after 184b147b9f7f ("loop: Add sanity check for read/write_iter")

by Salvatore Bonaccorso

Hi In Debian Roland Clobus reported a regression with setting up loop devices from a backing squashfs file lying on read-only mounted target directory from a iso. The original report is at: https://bugs.debian.org/1106070 Quoting the report: On Mon, May 19, 2025 at 12:15:10PM +0200, Roland Clobus wrote: > Package: linux-image-6.12.29-amd64 > Version: 6.12.29-1 > Severity: important > X-Debbugs-Cc: debian-amd64(a)lists.debian.org > User: debian-amd64(a)lists.debian.org > Usertags: amd64 > X-Debbugs-Cc: phil(a)hands.com > User: debian-qa(a)lists.debian.org > Usertags: openqa > X-Debbugs-Cc: debian-boot > > Hello maintainers of the kernel, > > The new kernel (6.12.29) has a modified behaviour (compared to 6.12.27) for > the loop device. > > This causes the Debian live images (for sid) to fail to boot. > > The change happened between 20250518T201633Z and 20250519T021902Z, which > matches the upload of 6.12.29 (https://tracker.debian.org/news/1646619/accepted-linux-signed-amd64-612291-…) > at 20250518T230426Z. > > To reproduce: > * Download the daily live image from https://openqa.debian.net/tests/396941/asset/iso/smallest-build_sid_2025051… > * Boot into the live image (the first boot option) > * Result: an initramfs shell (instead of a live system) -> FAIL > * Try: `losetup -r /dev/loop1 /run/live/medium/live/filesystem.squashfs` > * Result: `failed to set up loop device: invalid argument` -> FAIL > * Try: `cp /run/live/medium/live/filesystem.squashfs /` > * Try: `losetup -r /dev/loop2 /filesystem.squashfs` > * Result: `loop2: detected capacity change from 0 to 1460312` -> PASS > > It appears that the loopback device cannot be used any more with the mount > /run/live/medium (which is on /dev/sr0). > > I've verified: the md5sum of the squashfs file is OK. > > The newer kernel is not in trixie yet. > > With kind regards, > Roland Clobus A short reproducer is as follows: iso="netinst.iso" url="https://openqa.debian.net/tests/396941/asset/iso/smallest-build_sid_2025051…" if [ ! -e "${iso}" ]; then wget "${url}" -O "${iso}" fi mountdir="$(mktemp -d)" mount -v "./${iso}" "${mountdir}" losetup -v -r -f "${mountdir}/live/filesystem.squashfs" loosetup -l resulting in: mount: /tmp/tmp.HgbNe7ek3h: WARNING: source write-protected, mounted read-only. mount: /dev/loop0 mounted on /tmp/tmp.HgbNe7ek3h. losetup: /tmp/tmp.HgbNe7ek3h/live/filesystem.squashfs: failed to set up loop device: Invalid argument NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC /dev/loop0 0 0 1 0 /root/netinst.iso 0 512 Reverting 184b147b9f7f ("loop: Add sanity check for read/write_iter") on top of 6.12.29 fixes the issue: mount: /tmp/tmp.ACkkdCdYvB: WARNING: source write-protected, mounted read-only. mount: /dev/loop0 mounted on /tmp/tmp.ACkkdCdYvB. NAME SIZELIMIT OFFSET AUTOCLEAR RO BACK-FILE DIO LOG-SEC /dev/loop1 0 0 0 1 /tmp/tmp.ACkkdCdYvB/live/filesystem.squashfs 0 512 /dev/loop0 0 0 1 0 /root/netinst.iso 0 512 For completeness, netinst.iso is a iso9660 fstype with mount options "ro,relatime,nojoliet,check=s,map=n,blocksize=2048,iocharset=utf8". #regzbot introduced: 184b147b9f7f #regzbot link: https://bugs.debian.org/1106070 Regards, Salvatore

4 weeks

3
4
0 0

[PATCH] ext4: inline: fix len overflow in ext4_prepare_inline_data

by Thadeu Lima de Souza Cascardo

When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ftruncate(fd, 30); pwrite(fd, "a", 1, (1UL << 40) + 5UL); That happens because write_begin will succeed as when ext4_generic_write_inline_data calls ext4_prepare_inline_data, pos + len will be truncated, leading to ext4_prepare_inline_data parameter to be 6 instead of 0x10000000006. Then, later when write_end is called, we hit: BUG_ON(pos + len > EXT4_I(inode)->i_inline_size); at ext4_write_inline_data. Fix it by using a loff_t type for the len parameter in ext4_prepare_inline_data instead of an unsigned int. [ 44.545164] ------------[ cut here ]------------ [ 44.545530] kernel BUG at fs/ext4/inline.c:240! [ 44.545834] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 44.546172] CPU: 3 UID: 0 PID: 343 Comm: test Not tainted 6.15.0-rc2-00003-g9080916f4863 #45 PREEMPT(full) 112853fcebfdb93254270a7959841d2c6aa2c8bb [ 44.546523] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 44.546523] RIP: 0010:ext4_write_inline_data+0xfe/0x100 [ 44.546523] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49 [ 44.546523] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216 [ 44.546523] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006 [ 44.546523] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738 [ 44.546523] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 44.546523] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000 [ 44.546523] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738 [ 44.546523] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000 [ 44.546523] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.546523] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0 [ 44.546523] PKRU: 55555554 [ 44.546523] Call Trace: [ 44.546523] <TASK> [ 44.546523] ext4_write_inline_data_end+0x126/0x2d0 [ 44.546523] generic_perform_write+0x17e/0x270 [ 44.546523] ext4_buffered_write_iter+0xc8/0x170 [ 44.546523] vfs_write+0x2be/0x3e0 [ 44.546523] __x64_sys_pwrite64+0x6d/0xc0 [ 44.546523] do_syscall_64+0x6a/0xf0 [ 44.546523] ? __wake_up+0x89/0xb0 [ 44.546523] ? xas_find+0x72/0x1c0 [ 44.546523] ? next_uptodate_folio+0x317/0x330 [ 44.546523] ? set_pte_range+0x1a6/0x270 [ 44.546523] ? filemap_map_pages+0x6ee/0x840 [ 44.546523] ? ext4_setattr+0x2fa/0x750 [ 44.546523] ? do_pte_missing+0x128/0xf70 [ 44.546523] ? security_inode_post_setattr+0x3e/0xd0 [ 44.546523] ? ___pte_offset_map+0x19/0x100 [ 44.546523] ? handle_mm_fault+0x721/0xa10 [ 44.546523] ? do_user_addr_fault+0x197/0x730 [ 44.546523] ? do_syscall_64+0x76/0xf0 [ 44.546523] ? arch_exit_to_user_mode_prepare+0x1e/0x60 [ 44.546523] ? irqentry_exit_to_user_mode+0x79/0x90 [ 44.546523] entry_SYSCALL_64_after_hwframe+0x55/0x5d [ 44.546523] RIP: 0033:0x7f42999c6687 [ 44.546523] Code: 48 89 fa 4c 89 df e8 58 b3 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 44.546523] RSP: 002b:00007ffeae4a7930 EFLAGS: 00000202 ORIG_RAX: 0000000000000012 [ 44.546523] RAX: ffffffffffffffda RBX: 00007f4299934740 RCX: 00007f42999c6687 [ 44.546523] RDX: 0000000000000001 RSI: 000055ea6149200f RDI: 0000000000000003 [ 44.546523] RBP: 00007ffeae4a79a0 R08: 0000000000000000 R09: 0000000000000000 [ 44.546523] R10: 0000010000000005 R11: 0000000000000202 R12: 0000000000000000 [ 44.546523] R13: 00007ffeae4a7ac8 R14: 00007f4299b86000 R15: 000055ea61493dd8 [ 44.546523] </TASK> [ 44.546523] Modules linked in: [ 44.568501] ---[ end trace 0000000000000000 ]--- [ 44.568889] RIP: 0010:ext4_write_inline_data+0xfe/0x100 [ 44.569328] Code: 3c 0e 48 83 c7 48 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 e4 fa 43 01 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 0b <0f> 0b 0f 1f 44 00 00 55 41 57 41 56 41 55 41 54 53 48 83 ec 20 49 [ 44.570931] RSP: 0018:ffffb342008b79a8 EFLAGS: 00010216 [ 44.571356] RAX: 0000000000000001 RBX: ffff9329c579c000 RCX: 0000010000000006 [ 44.571959] RDX: 000000000000003c RSI: ffffb342008b79f0 RDI: ffff9329c158e738 [ 44.572571] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 44.573148] R10: 00007ffffffff000 R11: ffffffff9bd0d910 R12: 0000006210000000 [ 44.573748] R13: fffffc7e4015e700 R14: 0000010000000005 R15: ffff9329c158e738 [ 44.574335] FS: 00007f4299934740(0000) GS:ffff932a60179000(0000) knlGS:0000000000000000 [ 44.575027] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 44.575520] CR2: 00007f4299a1ec90 CR3: 0000000002886002 CR4: 0000000000770eb0 [ 44.576112] PKRU: 55555554 [ 44.576338] Kernel panic - not syncing: Fatal exception [ 44.576517] Kernel Offset: 0x1a600000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Reported-by: syzbot+fe2a25dae02a207717a0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fe2a25dae02a207717a0 Fixes: f19d5870cbf7 ("ext4: add normal write support for inline data") Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Cc: stable(a)vger.kernel.org --- fs/ext4/inline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 2c9b762925c72f2ff5a402b02500370bc1eb0eb1..e5e6bf0d338b965a885fb99581f9ed5e51c5257c 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -397,7 +397,7 @@ static int ext4_update_inline_data(handle_t *handle, struct inode *inode, } static int ext4_prepare_inline_data(handle_t *handle, struct inode *inode, - unsigned int len) + loff_t len) { int ret, size, no_expand; struct ext4_inode_info *ei = EXT4_I(inode); --- base-commit: 8ffd015db85fea3e15a77027fda6c02ced4d2444 change-id: 20250415-ext4-prepare-inline-overflow-8db0e747cb16 Best regards, -- Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com>

4 weeks

4
3
0 0

[PATCH 6.1 1/1] ocfs2: fix deadlock in ocfs2_get_system_file_inode

by Dmitriy Privalov

From: Mohammed Anees <pvmohammedanees2003(a)gmail.com> commit 7bf1823e010e8db2fb649c790bd1b449a75f52d8 upstream. syzbot has found a possible deadlock in ocfs2_get_system_file_inode [1]. The scenario is depicted here, CPU0 CPU1 lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); lock(&ocfs2_file_ip_alloc_sem_key); lock(&osb->system_file_mutex); The function calls which could lead to this are: CPU0 ocfs2_mknod - lock(&ocfs2_file_ip_alloc_sem_key); . . . ocfs2_get_system_file_inode - lock(&osb->system_file_mutex); CPU1 - ocfs2_fill_super - lock(&osb->system_file_mutex); . . . ocfs2_read_virt_blocks - lock(&ocfs2_file_ip_alloc_sem_key); This issue can be resolved by making the down_read -> down_read_try in the ocfs2_read_virt_blocks. [1] https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Link: https://lkml.kernel.org/r/20240924093257.7181-1-pvmohammedanees2003@gmail.c… Signed-off-by: Mohammed Anees <pvmohammedanees2003(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: <syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com> Closes: https://syzkaller.appspot.com/bug?extid=e0055ea09f1f5e6fabdd Tested-by: syzbot+e0055ea09f1f5e6fabdd(a)syzkaller.appspotmail.com Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- fs/ocfs2/extent_map.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/fs/ocfs2/extent_map.c b/fs/ocfs2/extent_map.c index 70a768b623cf..f7672472fa82 100644 --- a/fs/ocfs2/extent_map.c +++ b/fs/ocfs2/extent_map.c @@ -973,7 +973,13 @@ int ocfs2_read_virt_blocks(struct inode *inode, u64 v_block, int nr, } while (done < nr) { - down_read(&OCFS2_I(inode)->ip_alloc_sem); + if (!down_read_trylock(&OCFS2_I(inode)->ip_alloc_sem)) { + rc = -EAGAIN; + mlog(ML_ERROR, + "Inode #%llu ip_alloc_sem is temporarily unavailable\n", + (unsigned long long)OCFS2_I(inode)->ip_blkno); + break; + } rc = ocfs2_extent_map_get_blocks(inode, v_block + done, &p_block, &p_count, NULL); up_read(&OCFS2_I(inode)->ip_alloc_sem); -- 2.34.1

4 weeks

1
0
0 0

[PATCH AUTOSEL 6.6 001/294] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 0b7952471c18f..79c09b378be81 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -112,8 +112,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

4 weeks

2
295
0 0

[PATCH AUTOSEL 5.15 001/153] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 72da3b8d6f307..151f9938abaa7 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -105,8 +105,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

4 weeks

2
154
0 0

[PATCH AUTOSEL 5.4 01/79] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index d7d5c58b8b6aa..557f37f481fdf 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -98,8 +98,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

4 weeks

2
80
0 0

[PATCH AUTOSEL 6.14 01/15] iio: accel: fxls8962af: Fix wakeup source leaks on device unbind

by Sasha Levin

From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> [ Upstream commit 0cd34d98dfd4f2b596415b8f12faf7b946613458 ] Device can be unbound, so driver must also release memory for the wakeup source. Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://patch.msgid.link/20250406-b4-device-wakeup-leak-iio-v1-1-2d7d322a4a… Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/iio/accel/fxls8962af-core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/iio/accel/fxls8962af-core.c b/drivers/iio/accel/fxls8962af-core.c index 987212a7c038e..a0ae30c86687a 100644 --- a/drivers/iio/accel/fxls8962af-core.c +++ b/drivers/iio/accel/fxls8962af-core.c @@ -1229,8 +1229,11 @@ int fxls8962af_core_probe(struct device *dev, struct regmap *regmap, int irq) if (ret) return ret; - if (device_property_read_bool(dev, "wakeup-source")) - device_init_wakeup(dev, true); + if (device_property_read_bool(dev, "wakeup-source")) { + ret = devm_device_init_wakeup(dev); + if (ret) + return dev_err_probe(dev, ret, "Failed to init wakeup\n"); + } return devm_iio_device_register(dev, indio_dev); } -- 2.39.5

4 weeks

2
16
0 0

[PATCH 2/2] block: Fix a deadlock related freezing zoned storage devices

by Bart Van Assche

blk_mq_freeze_queue() never terminates if one or more bios are on the plug list and if the block device driver defines a .submit_bio() method. This is the case for device mapper drivers. The deadlock happens because blk_mq_freeze_queue() waits for q_usage_counter to drop to zero, because a queue reference is held by bios on the plug list and because the __bio_queue_enter() call in __submit_bio() waits for the queue to be unfrozen. This patch fixes the following deadlock: Workqueue: dm-51_zwplugs blk_zone_wplug_bio_work Call trace: __schedule+0xb08/0x1160 schedule+0x48/0xc8 __bio_queue_enter+0xcc/0x1d0 __submit_bio+0x100/0x1b0 submit_bio_noacct_nocheck+0x230/0x49c blk_zone_wplug_bio_work+0x168/0x250 process_one_work+0x26c/0x65c worker_thread+0x33c/0x498 kthread+0x110/0x134 ret_from_fork+0x10/0x20 Call trace: __switch_to+0x230/0x410 __schedule+0xb08/0x1160 schedule+0x48/0xc8 blk_mq_freeze_queue_wait+0x78/0xb8 blk_mq_freeze_queue+0x90/0xa4 queue_attr_store+0x7c/0xf0 sysfs_kf_write+0x98/0xc8 kernfs_fop_write_iter+0x12c/0x1d4 vfs_write+0x340/0x3ac ksys_write+0x78/0xe8 Cc: Christoph Hellwig <hch(a)lst.de> Cc: Damien Le Moal <dlemoal(a)kernel.org> Cc: Yu Kuai <yukuai1(a)huaweicloud.com> Cc: Ming Lei <ming.lei(a)redhat.com> Cc: stable(a)vger.kernel.org Fixes: dd291d77cc90 ("block: Introduce zone write plugging") Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> --- block/blk-core.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/block/blk-core.c b/block/blk-core.c index 4b728fa1c138..e961896a8717 100644 --- a/block/blk-core.c +++ b/block/blk-core.c @@ -621,6 +621,13 @@ static inline blk_status_t blk_check_zone_append(struct request_queue *q, return BLK_STS_OK; } +/* + * Do not call bio_queue_enter() if the BIO_ZONE_WRITE_PLUGGING flag has been + * set because this causes blk_mq_freeze_queue() to deadlock if + * blk_zone_wplug_bio_work() submits a bio. Calling bio_queue_enter() for bios + * on the plug list is not necessary since a q_usage_counter reference is held + * while a bio is on the plug list. + */ static void __submit_bio(struct bio *bio) { /* If plug is not used, add new plug here to cache nsecs time. */ @@ -633,7 +640,8 @@ static void __submit_bio(struct bio *bio) if (!bdev_test_flag(bio->bi_bdev, BD_HAS_SUBMIT_BIO)) { blk_mq_submit_bio(bio); - } else if (likely(bio_queue_enter(bio) == 0)) { + } else if (likely(bio_zone_write_plugging(bio) || + bio_queue_enter(bio) == 0)) { struct gendisk *disk = bio->bi_bdev->bd_disk; if ((bio->bi_opf & REQ_POLLED) && @@ -643,7 +651,8 @@ static void __submit_bio(struct bio *bio) } else { disk->fops->submit_bio(bio); } - blk_queue_exit(disk->queue); + if (!bio_zone_write_plugging(bio)) + blk_queue_exit(disk->queue); } blk_finish_plug(&plug);

4 weeks

2
3
0 0

[PATCH for 6.14.y] perf tools: Fix build error for LoongArch

by Tiezhu Yang

There exists the following error when building perf tools on LoongArch: CC util/syscalltbl.o In file included from util/syscalltbl.c:16: tools/perf/arch/loongarch/include/syscall_table.h:2:10: fatal error: asm/syscall_table_64.h: No such file or directory 2 | #include <asm/syscall_table_64.h> | ^~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. This is because the generated syscall header is syscalls_64.h rather than syscall_table_64.h. The above problem was introduced from v6.14, then the header syscall_table.h has been removed from mainline tree in commit af472d3c4454 ("perf syscalltbl: Remove syscall_table.h"), just fix it only for the linux-6.14.y branch of stable tree. By the way, no need to fix the mainline tree and there is no upstream git id for this patch. How to reproduce: git clone https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git cd linux && git checkout origin/linux-6.14.y make JOBS=1 -C tools/perf Fixes: fa70857a27e5 ("perf tools loongarch: Use syscall table") Signed-off-by: Tiezhu Yang <yangtiezhu(a)loongson.cn> --- tools/perf/arch/loongarch/include/syscall_table.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/arch/loongarch/include/syscall_table.h b/tools/perf/arch/loongarch/include/syscall_table.h index 9d0646d3455c..b53e31c15805 100644 --- a/tools/perf/arch/loongarch/include/syscall_table.h +++ b/tools/perf/arch/loongarch/include/syscall_table.h @@ -1,2 +1,2 @@ /* SPDX-License-Identifier: GPL-2.0 */ -#include <asm/syscall_table_64.h> +#include <asm/syscalls_64.h> -- 2.42.0

4 weeks

2
1
0 0

[PATCH 6.12.y] Bluetooth: btnxpuart: Fix kernel panic during FW release

by bin.lan.cn＠windriver.com

From: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> [ Upstream commit 1f77c05408c96bc0b58ae476a9cadc9e5b9cfd0f ] This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1 bootloader signatures. When driver receives the bootloader signature, it enters FW download mode, but since no consequtive bootloader signatures seen, FW file is not requested. After 60 seconds, when FW download times out, release_firmware causes a kernel panic. [ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573 [ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000 [ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000 [ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP [ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev [ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G C O 6.6.23-lts-next-06236-gb586a521770e #1 [ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT) [ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2602.010191] pc : _raw_spin_lock+0x34/0x68 [ 2602.010201] lr : free_fw_priv+0x20/0xfc [ 2602.020561] sp : ffff800089363b30 [ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000 [ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000 [ 2602.020577] x23: ffff0000dc856f38 [ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000 [ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000 [ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480 [ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002 [ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30 [ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000 [ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001 [ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573 [ 2602.083354] Call trace: [ 2602.083356] _raw_spin_lock+0x34/0x68 [ 2602.083364] release_firmware+0x48/0x6c [ 2602.083370] nxp_setup+0x3c4/0x540 [btnxpuart] [ 2602.083383] hci_dev_open_sync+0xf0/0xa34 [ 2602.083391] hci_dev_open+0xd8/0x178 [ 2602.083399] hci_sock_ioctl+0x3b0/0x590 [ 2602.083405] sock_do_ioctl+0x60/0x118 [ 2602.083413] sock_ioctl+0x2f4/0x374 [ 2602.091430] __arm64_sys_ioctl+0xac/0xf0 [ 2602.091437] invoke_syscall+0x48/0x110 [ 2602.091445] el0_svc_common.constprop.0+0xc0/0xe0 [ 2602.091452] do_el0_svc+0x1c/0x28 [ 2602.091457] el0_svc+0x40/0xe4 [ 2602.091465] el0t_64_sync_handler+0x120/0x12c [ 2602.091470] el0t_64_sync+0x190/0x194 Fixes: e3c4891098c8 ("Bluetooth: btnxpuart: Handle FW Download Abort scenario") Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/bluetooth/btnxpuart.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index 84a1ad61c4ad..56b875a6b1fb 100644 --- a/drivers/bluetooth/btnxpuart.c +++ b/drivers/bluetooth/btnxpuart.c @@ -612,8 +612,10 @@ static int nxp_download_firmware(struct hci_dev *hdev) &nxpdev->tx_state), msecs_to_jiffies(60000)); - release_firmware(nxpdev->fw); - memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); + if (nxpdev->fw && strlen(nxpdev->fw_name)) { + release_firmware(nxpdev->fw); + memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); + } if (err == 0) { bt_dev_err(hdev, "FW Download Timeout. offset: %d", -- 2.34.1

4 weeks

2
1
0 0

[PATCH 5.15.y] sctp: add mutual exclusion in proc_sctp_do_udp_port()

by jianqi.ren.cn＠windriver.com

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 10206302af856791fbcc27a33ed3c3eb09b2793d ] We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace: <TASK> udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181 sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930 proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553 proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x174/0x240 fs/splice.c:1227 do_sendfile+0xafd/0xe50 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1429 [inline] __se_sys_sendfile64 fs/read_write.c:1415 [inline] __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] Fixes: 046c052b475e ("sctp: enable udp tunneling socks") Reported-by: syzbot+fae49d997eb56fa7c74d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/67ea5c01.050a0220.1547ec.012b.GAE@google.com… Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Acked-by: Xin Long <lucien.xin(a)gmail.com> Link: https://patch.msgid.link/20250331091532.224982-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/sctp/sysctl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 916dc2e81e42..f3d09998c24d 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -518,6 +518,8 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, return ret; } +static DEFINE_MUTEX(sctp_sysctl_mutex); + static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { @@ -542,6 +544,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, if (new_value > max || new_value < min) return -EINVAL; + mutex_lock(&sctp_sysctl_mutex); net->sctp.udp_port = new_value; sctp_udp_sock_stop(net); if (new_value) { @@ -554,6 +557,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, lock_sock(sk); sctp_sk(sk)->udp_port = htons(net->sctp.udp_port); release_sock(sk); + mutex_unlock(&sctp_sysctl_mutex); } return ret; -- 2.34.1

4 weeks

2
1
0 0

FAILED: patch "[PATCH] mm/page_alloc: fix race condition in unaccepted memory" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x fefc075182275057ce607effaa3daa9e6e3bdc73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051945-yiddish-xerox-03f5@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fefc075182275057ce607effaa3daa9e6e3bdc73 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Tue, 6 May 2025 16:32:07 +0300 Subject: [PATCH] mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths to determine if it needs to deal with unaccepted memory. Borislav and Thomas pointed out that the tracking is racy: operations on static_branch are not serialized against adding/removing unaccepted pages to/from the zone. Sanity checks inside static_branch machinery detects it: WARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0 The comment around the WARN() explains the problem: /* * Warn about the '-1' case though; since that means a * decrement is concurrent with a first (0->1) increment. IOW * people are trying to disable something that wasn't yet fully * enabled. This suggests an ordering problem on the user side. */ The effect of this static_branch optimization is only visible on microbenchmark. Instead of adding more complexity around it, remove it altogether. Link: https://lkml.kernel.org/r/20250506133207.1009676-1-kirill.shutemov@linux.in… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Link: https://lore.kernel.org/all/20250506092445.GBaBnVXXyvnazly6iF@fat_crate.loc… Reported-by: Borislav Petkov <bp(a)alien8.de> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/internal.h b/mm/internal.h index 25a29872c634..5c7a2b43ad76 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1590,7 +1590,6 @@ unsigned long move_page_tables(struct pagetable_move_control *pmc); #ifdef CONFIG_UNACCEPTED_MEMORY void accept_page(struct page *page); -void unaccepted_cleanup_work(struct work_struct *work); #else /* CONFIG_UNACCEPTED_MEMORY */ static inline void accept_page(struct page *page) { diff --git a/mm/mm_init.c b/mm/mm_init.c index 327764ca0ee4..eedce9321e13 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -1441,7 +1441,6 @@ static void __meminit zone_init_free_lists(struct zone *zone) #ifdef CONFIG_UNACCEPTED_MEMORY INIT_LIST_HEAD(&zone->unaccepted_pages); - INIT_WORK(&zone->unaccepted_cleanup, unaccepted_cleanup_work); #endif } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 7248e300d36e..8258349e49ac 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -7172,16 +7172,8 @@ bool has_managed_dma(void) #ifdef CONFIG_UNACCEPTED_MEMORY -/* Counts number of zones with unaccepted pages. */ -static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); - static bool lazy_accept = true; -void unaccepted_cleanup_work(struct work_struct *work) -{ - static_branch_dec(&zones_with_unaccepted_pages); -} - static int __init accept_memory_parse(char *p) { if (!strcmp(p, "lazy")) { @@ -7206,11 +7198,7 @@ static bool page_contains_unaccepted(struct page *page, unsigned int order) static void __accept_page(struct zone *zone, unsigned long *flags, struct page *page) { - bool last; - list_del(&page->lru); - last = list_empty(&zone->unaccepted_pages); - account_freepages(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); __ClearPageUnaccepted(page); @@ -7219,28 +7207,6 @@ static void __accept_page(struct zone *zone, unsigned long *flags, accept_memory(page_to_phys(page), PAGE_SIZE << MAX_PAGE_ORDER); __free_pages_ok(page, MAX_PAGE_ORDER, FPI_TO_TAIL); - - if (last) { - /* - * There are two corner cases: - * - * - If allocation occurs during the CPU bring up, - * static_branch_dec() cannot be used directly as - * it causes a deadlock on cpu_hotplug_lock. - * - * Instead, use schedule_work() to prevent deadlock. - * - * - If allocation occurs before workqueues are initialized, - * static_branch_dec() should be called directly. - * - * Workqueues are initialized before CPU bring up, so this - * will not conflict with the first scenario. - */ - if (system_wq) - schedule_work(&zone->unaccepted_cleanup); - else - unaccepted_cleanup_work(&zone->unaccepted_cleanup); - } } void accept_page(struct page *page) @@ -7277,20 +7243,12 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static inline bool has_unaccepted_memory(void) -{ - return static_branch_unlikely(&zones_with_unaccepted_pages); -} - static bool cond_accept_memory(struct zone *zone, unsigned int order, int alloc_flags) { long to_accept, wmark; bool ret = false; - if (!has_unaccepted_memory()) - return false; - if (list_empty(&zone->unaccepted_pages)) return false; @@ -7328,22 +7286,17 @@ static bool __free_unaccepted(struct page *page) { struct zone *zone = page_zone(page); unsigned long flags; - bool first = false; if (!lazy_accept) return false; spin_lock_irqsave(&zone->lock, flags); - first = list_empty(&zone->unaccepted_pages); list_add_tail(&page->lru, &zone->unaccepted_pages); account_freepages(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); __SetPageUnaccepted(page); spin_unlock_irqrestore(&zone->lock, flags); - if (first) - static_branch_inc(&zones_with_unaccepted_pages); - return true; }

4 weeks

3
2
0 0

[PATCH 6.6.y] sctp: add mutual exclusion in proc_sctp_do_udp_port()

by jianqi.ren.cn＠windriver.com

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 10206302af856791fbcc27a33ed3c3eb09b2793d ] We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace: <TASK> udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181 sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930 proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553 proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x174/0x240 fs/splice.c:1227 do_sendfile+0xafd/0xe50 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1429 [inline] __se_sys_sendfile64 fs/read_write.c:1415 [inline] __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] Fixes: 046c052b475e ("sctp: enable udp tunneling socks") Reported-by: syzbot+fae49d997eb56fa7c74d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/67ea5c01.050a0220.1547ec.012b.GAE@google.com… Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Acked-by: Xin Long <lucien.xin(a)gmail.com> Link: https://patch.msgid.link/20250331091532.224982-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/sctp/sysctl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index fd73be940f46..77a76634014a 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -529,6 +529,8 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, return ret; } +static DEFINE_MUTEX(sctp_sysctl_mutex); + static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { @@ -553,6 +555,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, if (new_value > max || new_value < min) return -EINVAL; + mutex_lock(&sctp_sysctl_mutex); net->sctp.udp_port = new_value; sctp_udp_sock_stop(net); if (new_value) { @@ -565,6 +568,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, lock_sock(sk); sctp_sk(sk)->udp_port = htons(net->sctp.udp_port); release_sock(sk); + mutex_unlock(&sctp_sysctl_mutex); } return ret; -- 2.34.1

4 weeks

2
1
0 0

[PATCH -stable,5.10 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport fix for 5.10 -stable. The following list shows the backported patches, I am using original commit IDs for reference: 1) 8965d42bcf54 ("netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx") This is a stable dependency for the next patch. 2) c03d278fdf35 ("netfilter: nf_tables: wait for rcu grace period on net_device removal") 3) b04df3da1b5c ("netfilter: nf_tables: do not defer rule destruction via call_rcu") This is a fix-for-fix for patch 2. These three patches are required to fix the netdevice release path for netdev family basechains. Please, apply, Thanks Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal include/net/netfilter/nf_tables.h | 2 +- net/netfilter/nf_tables_api.c | 54 ++++++++++++++++++++++--------- net/netfilter/nft_immediate.c | 2 +- 3 files changed, 41 insertions(+), 17 deletions(-) -- 2.30.2

4 weeks

2
6
0 0

[PATCH -stable,6.1 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains backported fixes for 6.1 -stable. The following list shows the backported patches, I am using original commit IDs for reference: 1) 8965d42bcf54 ("netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx") This is a stable dependency for the next patch. 2) c03d278fdf35 ("netfilter: nf_tables: wait for rcu grace period on net_device removal") 3) b04df3da1b5c ("netfilter: nf_tables: do not defer rule destruction via call_rcu") This is a fix-for-fix for patch 2. These three patches are required to fix the netdevice release path for netdev family basechains. Please, apply, Thanks Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal include/net/netfilter/nf_tables.h | 3 +- net/netfilter/nf_tables_api.c | 54 ++++++++++++++++++++++--------- net/netfilter/nft_immediate.c | 2 +- 3 files changed, 42 insertions(+), 17 deletions(-) -- 2.30.2

4 weeks

3
7
0 0

FAILED: patch "[PATCH] mm/page_alloc: fix race condition in unaccepted memory" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fefc075182275057ce607effaa3daa9e6e3bdc73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051947-dimly-marina-9d5e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fefc075182275057ce607effaa3daa9e6e3bdc73 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Tue, 6 May 2025 16:32:07 +0300 Subject: [PATCH] mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths to determine if it needs to deal with unaccepted memory. Borislav and Thomas pointed out that the tracking is racy: operations on static_branch are not serialized against adding/removing unaccepted pages to/from the zone. Sanity checks inside static_branch machinery detects it: WARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0 The comment around the WARN() explains the problem: /* * Warn about the '-1' case though; since that means a * decrement is concurrent with a first (0->1) increment. IOW * people are trying to disable something that wasn't yet fully * enabled. This suggests an ordering problem on the user side. */ The effect of this static_branch optimization is only visible on microbenchmark. Instead of adding more complexity around it, remove it altogether. Link: https://lkml.kernel.org/r/20250506133207.1009676-1-kirill.shutemov@linux.in… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Link: https://lore.kernel.org/all/20250506092445.GBaBnVXXyvnazly6iF@fat_crate.loc… Reported-by: Borislav Petkov <bp(a)alien8.de> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/internal.h b/mm/internal.h index 25a29872c634..5c7a2b43ad76 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1590,7 +1590,6 @@ unsigned long move_page_tables(struct pagetable_move_control *pmc); #ifdef CONFIG_UNACCEPTED_MEMORY void accept_page(struct page *page); -void unaccepted_cleanup_work(struct work_struct *work); #else /* CONFIG_UNACCEPTED_MEMORY */ static inline void accept_page(struct page *page) { diff --git a/mm/mm_init.c b/mm/mm_init.c index 327764ca0ee4..eedce9321e13 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -1441,7 +1441,6 @@ static void __meminit zone_init_free_lists(struct zone *zone) #ifdef CONFIG_UNACCEPTED_MEMORY INIT_LIST_HEAD(&zone->unaccepted_pages); - INIT_WORK(&zone->unaccepted_cleanup, unaccepted_cleanup_work); #endif } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 7248e300d36e..8258349e49ac 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -7172,16 +7172,8 @@ bool has_managed_dma(void) #ifdef CONFIG_UNACCEPTED_MEMORY -/* Counts number of zones with unaccepted pages. */ -static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); - static bool lazy_accept = true; -void unaccepted_cleanup_work(struct work_struct *work) -{ - static_branch_dec(&zones_with_unaccepted_pages); -} - static int __init accept_memory_parse(char *p) { if (!strcmp(p, "lazy")) { @@ -7206,11 +7198,7 @@ static bool page_contains_unaccepted(struct page *page, unsigned int order) static void __accept_page(struct zone *zone, unsigned long *flags, struct page *page) { - bool last; - list_del(&page->lru); - last = list_empty(&zone->unaccepted_pages); - account_freepages(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); __ClearPageUnaccepted(page); @@ -7219,28 +7207,6 @@ static void __accept_page(struct zone *zone, unsigned long *flags, accept_memory(page_to_phys(page), PAGE_SIZE << MAX_PAGE_ORDER); __free_pages_ok(page, MAX_PAGE_ORDER, FPI_TO_TAIL); - - if (last) { - /* - * There are two corner cases: - * - * - If allocation occurs during the CPU bring up, - * static_branch_dec() cannot be used directly as - * it causes a deadlock on cpu_hotplug_lock. - * - * Instead, use schedule_work() to prevent deadlock. - * - * - If allocation occurs before workqueues are initialized, - * static_branch_dec() should be called directly. - * - * Workqueues are initialized before CPU bring up, so this - * will not conflict with the first scenario. - */ - if (system_wq) - schedule_work(&zone->unaccepted_cleanup); - else - unaccepted_cleanup_work(&zone->unaccepted_cleanup); - } } void accept_page(struct page *page) @@ -7277,20 +7243,12 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static inline bool has_unaccepted_memory(void) -{ - return static_branch_unlikely(&zones_with_unaccepted_pages); -} - static bool cond_accept_memory(struct zone *zone, unsigned int order, int alloc_flags) { long to_accept, wmark; bool ret = false; - if (!has_unaccepted_memory()) - return false; - if (list_empty(&zone->unaccepted_pages)) return false; @@ -7328,22 +7286,17 @@ static bool __free_unaccepted(struct page *page) { struct zone *zone = page_zone(page); unsigned long flags; - bool first = false; if (!lazy_accept) return false; spin_lock_irqsave(&zone->lock, flags); - first = list_empty(&zone->unaccepted_pages); list_add_tail(&page->lru, &zone->unaccepted_pages); account_freepages(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); __SetPageUnaccepted(page); spin_unlock_irqrestore(&zone->lock, flags); - if (first) - static_branch_inc(&zones_with_unaccepted_pages); - return true; }

4 weeks

3
2
0 0

[PATCH 6.1.y] sctp: add mutual exclusion in proc_sctp_do_udp_port()

by jianqi.ren.cn＠windriver.com

From: Eric Dumazet <edumazet(a)google.com> [ Upstream commit 10206302af856791fbcc27a33ed3c3eb09b2793d ] We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f] CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full) Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653 Call Trace: <TASK> udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181 sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930 proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553 proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601 iter_file_splice_write+0x91c/0x1150 fs/splice.c:738 do_splice_from fs/splice.c:935 [inline] direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158 splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102 do_splice_direct_actor fs/splice.c:1201 [inline] do_splice_direct+0x174/0x240 fs/splice.c:1227 do_sendfile+0xafd/0xe50 fs/read_write.c:1368 __do_sys_sendfile64 fs/read_write.c:1429 [inline] __se_sys_sendfile64 fs/read_write.c:1415 [inline] __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] Fixes: 046c052b475e ("sctp: enable udp tunneling socks") Reported-by: syzbot+fae49d997eb56fa7c74d(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/netdev/67ea5c01.050a0220.1547ec.012b.GAE@google.com… Signed-off-by: Eric Dumazet <edumazet(a)google.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Acked-by: Xin Long <lucien.xin(a)gmail.com> Link: https://patch.msgid.link/20250331091532.224982-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> [Minor conflict resolved due to code context change.] Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- net/sctp/sysctl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index 916dc2e81e42..f3d09998c24d 100644 --- a/net/sctp/sysctl.c +++ b/net/sctp/sysctl.c @@ -518,6 +518,8 @@ static int proc_sctp_do_auth(struct ctl_table *ctl, int write, return ret; } +static DEFINE_MUTEX(sctp_sysctl_mutex); + static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, void *buffer, size_t *lenp, loff_t *ppos) { @@ -542,6 +544,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, if (new_value > max || new_value < min) return -EINVAL; + mutex_lock(&sctp_sysctl_mutex); net->sctp.udp_port = new_value; sctp_udp_sock_stop(net); if (new_value) { @@ -554,6 +557,7 @@ static int proc_sctp_do_udp_port(struct ctl_table *ctl, int write, lock_sock(sk); sctp_sk(sk)->udp_port = htons(net->sctp.udp_port); release_sock(sk); + mutex_unlock(&sctp_sysctl_mutex); } return ret; -- 2.34.1

4 weeks

2
1
0 0

FAILED: patch "[PATCH] mm/page_alloc: fix race condition in unaccepted memory" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x fefc075182275057ce607effaa3daa9e6e3bdc73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051944-undone-repayment-6c7e@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fefc075182275057ce607effaa3daa9e6e3bdc73 Mon Sep 17 00:00:00 2001 From: "Kirill A. Shutemov" <kirill.shutemov(a)linux.intel.com> Date: Tue, 6 May 2025 16:32:07 +0300 Subject: [PATCH] mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths to determine if it needs to deal with unaccepted memory. Borislav and Thomas pointed out that the tracking is racy: operations on static_branch are not serialized against adding/removing unaccepted pages to/from the zone. Sanity checks inside static_branch machinery detects it: WARNING: CPU: 0 PID: 10 at kernel/jump_label.c:276 __static_key_slow_dec_cpuslocked+0x8e/0xa0 The comment around the WARN() explains the problem: /* * Warn about the '-1' case though; since that means a * decrement is concurrent with a first (0->1) increment. IOW * people are trying to disable something that wasn't yet fully * enabled. This suggests an ordering problem on the user side. */ The effect of this static_branch optimization is only visible on microbenchmark. Instead of adding more complexity around it, remove it altogether. Link: https://lkml.kernel.org/r/20250506133207.1009676-1-kirill.shutemov@linux.in… Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Link: https://lore.kernel.org/all/20250506092445.GBaBnVXXyvnazly6iF@fat_crate.loc… Reported-by: Borislav Petkov <bp(a)alien8.de> Tested-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: <stable(a)vger.kernel.org> [6.5+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/internal.h b/mm/internal.h index 25a29872c634..5c7a2b43ad76 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1590,7 +1590,6 @@ unsigned long move_page_tables(struct pagetable_move_control *pmc); #ifdef CONFIG_UNACCEPTED_MEMORY void accept_page(struct page *page); -void unaccepted_cleanup_work(struct work_struct *work); #else /* CONFIG_UNACCEPTED_MEMORY */ static inline void accept_page(struct page *page) { diff --git a/mm/mm_init.c b/mm/mm_init.c index 327764ca0ee4..eedce9321e13 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -1441,7 +1441,6 @@ static void __meminit zone_init_free_lists(struct zone *zone) #ifdef CONFIG_UNACCEPTED_MEMORY INIT_LIST_HEAD(&zone->unaccepted_pages); - INIT_WORK(&zone->unaccepted_cleanup, unaccepted_cleanup_work); #endif } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 7248e300d36e..8258349e49ac 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -7172,16 +7172,8 @@ bool has_managed_dma(void) #ifdef CONFIG_UNACCEPTED_MEMORY -/* Counts number of zones with unaccepted pages. */ -static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); - static bool lazy_accept = true; -void unaccepted_cleanup_work(struct work_struct *work) -{ - static_branch_dec(&zones_with_unaccepted_pages); -} - static int __init accept_memory_parse(char *p) { if (!strcmp(p, "lazy")) { @@ -7206,11 +7198,7 @@ static bool page_contains_unaccepted(struct page *page, unsigned int order) static void __accept_page(struct zone *zone, unsigned long *flags, struct page *page) { - bool last; - list_del(&page->lru); - last = list_empty(&zone->unaccepted_pages); - account_freepages(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); __ClearPageUnaccepted(page); @@ -7219,28 +7207,6 @@ static void __accept_page(struct zone *zone, unsigned long *flags, accept_memory(page_to_phys(page), PAGE_SIZE << MAX_PAGE_ORDER); __free_pages_ok(page, MAX_PAGE_ORDER, FPI_TO_TAIL); - - if (last) { - /* - * There are two corner cases: - * - * - If allocation occurs during the CPU bring up, - * static_branch_dec() cannot be used directly as - * it causes a deadlock on cpu_hotplug_lock. - * - * Instead, use schedule_work() to prevent deadlock. - * - * - If allocation occurs before workqueues are initialized, - * static_branch_dec() should be called directly. - * - * Workqueues are initialized before CPU bring up, so this - * will not conflict with the first scenario. - */ - if (system_wq) - schedule_work(&zone->unaccepted_cleanup); - else - unaccepted_cleanup_work(&zone->unaccepted_cleanup); - } } void accept_page(struct page *page) @@ -7277,20 +7243,12 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static inline bool has_unaccepted_memory(void) -{ - return static_branch_unlikely(&zones_with_unaccepted_pages); -} - static bool cond_accept_memory(struct zone *zone, unsigned int order, int alloc_flags) { long to_accept, wmark; bool ret = false; - if (!has_unaccepted_memory()) - return false; - if (list_empty(&zone->unaccepted_pages)) return false; @@ -7328,22 +7286,17 @@ static bool __free_unaccepted(struct page *page) { struct zone *zone = page_zone(page); unsigned long flags; - bool first = false; if (!lazy_accept) return false; spin_lock_irqsave(&zone->lock, flags); - first = list_empty(&zone->unaccepted_pages); list_add_tail(&page->lru, &zone->unaccepted_pages); account_freepages(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); __SetPageUnaccepted(page); spin_unlock_irqrestore(&zone->lock, flags); - if (first) - static_branch_inc(&zones_with_unaccepted_pages); - return true; }

4 weeks

3
2
0 0

[PATCH -stable,5.15 0/3] Netfilter fixes for -stable

by Pablo Neira Ayuso

Hi Greg, Sasha, This batch contains a backport fix for 5.15 -stable. The following list shows the backported patches, I am using original commit IDs for reference: 1) 8965d42bcf54 ("netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx") This is a stable dependency for the next patch. 2) c03d278fdf35 ("netfilter: nf_tables: wait for rcu grace period on net_device removal") 3) b04df3da1b5c ("netfilter: nf_tables: do not defer rule destruction via call_rcu") This is a fix-for-fix for patch 2. These three patches are required to fix the netdevice release path for netdev family basechains. Please, apply, Thanks Florian Westphal (2): netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx netfilter: nf_tables: do not defer rule destruction via call_rcu Pablo Neira Ayuso (1): netfilter: nf_tables: wait for rcu grace period on net_device removal include/net/netfilter/nf_tables.h | 2 +- net/netfilter/nf_tables_api.c | 54 ++++++++++++++++++++++--------- net/netfilter/nft_immediate.c | 2 +- 3 files changed, 41 insertions(+), 17 deletions(-) -- 2.30.2

4 weeks

2
6
0 0

[PATCH 6.6.y] Bluetooth: btnxpuart: Fix kernel panic during FW release

by bin.lan.cn＠windriver.com

From: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> [ Upstream commit 1f77c05408c96bc0b58ae476a9cadc9e5b9cfd0f ] This fixes a kernel panic seen during release FW in a stress test scenario where WLAN and BT FW download occurs simultaneously, and due to a HW bug, chip sends out only 1 bootloader signatures. When driver receives the bootloader signature, it enters FW download mode, but since no consequtive bootloader signatures seen, FW file is not requested. After 60 seconds, when FW download times out, release_firmware causes a kernel panic. [ 2601.949184] Unable to handle kernel paging request at virtual address 0000312e6f006573 [ 2601.992076] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000111802000 [ 2601.992080] [0000312e6f006573] pgd=0000000000000000, p4d=0000000000000000 [ 2601.992087] Internal error: Oops: 0000000096000021 [#1] PREEMPT SMP [ 2601.992091] Modules linked in: algif_hash algif_skcipher af_alg btnxpuart(O) pciexxx(O) mlan(O) overlay fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce snd_soc_fsl_easrc snd_soc_fsl_asoc_card imx8_media_dev(C) snd_soc_fsl_micfil polyval_generic snd_soc_fsl_xcvr snd_soc_fsl_sai snd_soc_imx_audmux snd_soc_fsl_asrc snd_soc_imx_card snd_soc_imx_hdmi snd_soc_fsl_aud2htx snd_soc_fsl_utils imx_pcm_dma dw_hdmi_cec flexcan can_dev [ 2602.001825] CPU: 2 PID: 20060 Comm: hciconfig Tainted: G C O 6.6.23-lts-next-06236-gb586a521770e #1 [ 2602.010182] Hardware name: NXP i.MX8MPlus EVK board (DT) [ 2602.010185] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2602.010191] pc : _raw_spin_lock+0x34/0x68 [ 2602.010201] lr : free_fw_priv+0x20/0xfc [ 2602.020561] sp : ffff800089363b30 [ 2602.020563] x29: ffff800089363b30 x28: ffff0000d0eb5880 x27: 0000000000000000 [ 2602.020570] x26: 0000000000000000 x25: ffff0000d728b330 x24: 0000000000000000 [ 2602.020577] x23: ffff0000dc856f38 [ 2602.033797] x22: ffff800089363b70 x21: ffff0000dc856000 [ 2602.033802] x20: ff00312e6f006573 x19: ffff0000d0d9ea80 x18: 0000000000000000 [ 2602.033809] x17: 0000000000000000 x16: 0000000000000000 x15: 0000aaaad80dd480 [ 2602.083320] x14: 0000000000000000 x13: 00000000000001b9 x12: 0000000000000002 [ 2602.083326] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff800089363a30 [ 2602.083333] x8 : ffff0001793d75c0 x7 : ffff0000d6dbc400 x6 : 0000000000000000 [ 2602.083339] x5 : 00000000410fd030 x4 : 0000000000000000 x3 : 0000000000000001 [ 2602.083346] x2 : 0000000000000000 x1 : 0000000000000001 x0 : ff00312e6f006573 [ 2602.083354] Call trace: [ 2602.083356] _raw_spin_lock+0x34/0x68 [ 2602.083364] release_firmware+0x48/0x6c [ 2602.083370] nxp_setup+0x3c4/0x540 [btnxpuart] [ 2602.083383] hci_dev_open_sync+0xf0/0xa34 [ 2602.083391] hci_dev_open+0xd8/0x178 [ 2602.083399] hci_sock_ioctl+0x3b0/0x590 [ 2602.083405] sock_do_ioctl+0x60/0x118 [ 2602.083413] sock_ioctl+0x2f4/0x374 [ 2602.091430] __arm64_sys_ioctl+0xac/0xf0 [ 2602.091437] invoke_syscall+0x48/0x110 [ 2602.091445] el0_svc_common.constprop.0+0xc0/0xe0 [ 2602.091452] do_el0_svc+0x1c/0x28 [ 2602.091457] el0_svc+0x40/0xe4 [ 2602.091465] el0t_64_sync_handler+0x120/0x12c [ 2602.091470] el0t_64_sync+0x190/0x194 Fixes: e3c4891098c8 ("Bluetooth: btnxpuart: Handle FW Download Abort scenario") Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets") Signed-off-by: Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Bin Lan <bin.lan.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Build test passed. --- drivers/bluetooth/btnxpuart.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c index a4274d8c7faa..f0d0c5a6d512 100644 --- a/drivers/bluetooth/btnxpuart.c +++ b/drivers/bluetooth/btnxpuart.c @@ -601,8 +601,10 @@ static int nxp_download_firmware(struct hci_dev *hdev) &nxpdev->tx_state), msecs_to_jiffies(60000)); - release_firmware(nxpdev->fw); - memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); + if (nxpdev->fw && strlen(nxpdev->fw_name)) { + release_firmware(nxpdev->fw); + memset(nxpdev->fw_name, 0, sizeof(nxpdev->fw_name)); + } if (err == 0) { bt_dev_err(hdev, "FW Download Timeout. offset: %d", -- 2.34.1

4 weeks

2
1
0 0

[PATCH v2] RDMA/irdma: puda: Clear entries after allocation to ensure clean state

by Wentao Liang

The irdma_puda_send() calls the irdma_puda_get_next_send_wqe() to get entries, but does not clear the entries after the function call. A proper implementation can be found in irdma_uk_send(). Add the irdma_clr_wqes() after irdma_puda_get_next_send_wqe(). Add the headfile of the irdma_clr_wqes(). Fixes: a3a06db504d3 ("RDMA/irdma: Add privileged UDA queue implementation") Cc: stable(a)vger.kernel.org # v5.14 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Fix code error and remove improper description. drivers/infiniband/hw/irdma/puda.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/infiniband/hw/irdma/puda.c b/drivers/infiniband/hw/irdma/puda.c index 7e3f9bca2c23..f7a826a5bedf 100644 --- a/drivers/infiniband/hw/irdma/puda.c +++ b/drivers/infiniband/hw/irdma/puda.c @@ -7,6 +7,7 @@ #include "protos.h" #include "puda.h" #include "ws.h" +#include "user.h" static void irdma_ieq_receive(struct irdma_sc_vsi *vsi, struct irdma_puda_buf *buf); @@ -444,6 +445,8 @@ int irdma_puda_send(struct irdma_sc_qp *qp, struct irdma_puda_send_info *info) if (!wqe) return -ENOMEM; + irdma_clr_wqes(&qp->qp_uk, wqe_idx); + qp->qp_uk.sq_wrtrk_array[wqe_idx].wrid = (uintptr_t)info->scratch; /* Third line of WQE descriptor */ /* maclen is in words */ -- 2.42.0.windows.2

4 weeks

2
1
0 0

[PATCH 4/4 v2] crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0

by Bharat Bhushan

octeontx2 crypto driver allocates memory using kmalloc/kzalloc, and uses this memory for dma (does dma_map_single()). It assumes that kmalloc/kzalloc will return 128-byte aligned address. But kmalloc/kzalloc returns 8-byte aligned address after below changes: "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size() Memory allocated are used for following purpose: - Input data or scatter list address - 8-Byte alignment - Output data or gather list address - 8-Byte alignment - Completion address - 32-Byte alignment. This patch ensures all addresses are aligned as mentioned above. Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.8+ --- v1->v2: - Fixed memory padding size calculation as per review comment .../marvell/octeontx2/otx2_cpt_reqmgr.h | 59 ++++++++++++++----- 1 file changed, 44 insertions(+), 15 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h index bb4e067ae826..766fa63fb075 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h +++ b/drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h @@ -350,22 +350,47 @@ static inline struct otx2_cpt_inst_info * cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, gfp_t gfp) { - u32 dlen = 0, g_len, sg_len, info_len; - int align = OTX2_CPT_DMA_MINALIGN; + u32 dlen = 0, g_len, s_len, sg_len, info_len; struct otx2_cpt_inst_info *info; - u16 g_sz_bytes, s_sz_bytes; u32 total_mem_len; int i; - g_sz_bytes = ((req->in_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); - s_sz_bytes = ((req->out_cnt + 2) / 3) * - sizeof(struct cn10kb_cpt_sglist_component); + /* Allocate memory to meet below alignment requirement: + * ---------------------------------- + * | struct otx2_cpt_inst_info | + * | (No alignment required) | + * | -----------------------------| + * | | padding for 8B alignment | + * |----------------------------------| + * | SG List Gather/Input memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * |----------------------------------| + * | SG List Scatter/Output memory | + * | Length = multiple of 32Bytes | + * | Alignment = 8Byte | + * | (padding for below alignment) | + * | -----------------------------| + * | | padding for 32B alignment | + * |----------------------------------| + * | Result response memory | + * ---------------------------------- + */ - g_len = ALIGN(g_sz_bytes, align); - sg_len = ALIGN(g_len + s_sz_bytes, align); - info_len = ALIGN(sizeof(*info), align); - total_mem_len = sg_len + info_len + sizeof(union otx2_cpt_res_s); + info_len = sizeof(*info); + + g_len = ((req->in_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + s_len = ((req->out_cnt + 2) / 3) * + sizeof(struct cn10kb_cpt_sglist_component); + sg_len = g_len + s_len; + + /* Allocate extra memory for SG and response address alignment */ + total_mem_len = ALIGN(info_len, OTX2_CPT_DPTR_RPTR_ALIGN) + sg_len; + total_mem_len = ALIGN(total_mem_len, OTX2_CPT_DPTR_RPTR_ALIGN); + total_mem_len += (OTX2_CPT_RES_ADDR_ALIGN - 1) & + ~(OTX2_CPT_DPTR_RPTR_ALIGN - 1); + total_mem_len += sizeof(union otx2_cpt_res_s); info = kzalloc(total_mem_len, gfp); if (unlikely(!info)) @@ -375,7 +400,9 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, dlen += req->in[i].size; info->dlen = dlen; - info->in_buffer = (u8 *)info + info_len; + info->in_buffer = PTR_ALIGN((u8 *)info + info_len, + OTX2_CPT_DPTR_RPTR_ALIGN); + info->out_buffer = info->in_buffer + g_len; info->gthr_sz = req->in_cnt; info->sctr_sz = req->out_cnt; @@ -387,7 +414,7 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, } if (sgv2io_components_setup(pdev, req->out, req->out_cnt, - &info->in_buffer[g_len])) { + info->out_buffer)) { dev_err(&pdev->dev, "Failed to setup scatter list\n"); goto destroy_info; } @@ -404,8 +431,10 @@ cn10k_sgv2_info_create(struct pci_dev *pdev, struct otx2_cpt_req_info *req, * Get buffer for union otx2_cpt_res_s response * structure and its physical address */ - info->completion_addr = info->in_buffer + sg_len; - info->comp_baddr = info->dptr_baddr + sg_len; + info->completion_addr = PTR_ALIGN((info->in_buffer + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); + info->comp_baddr = ALIGN((info->dptr_baddr + sg_len), + OTX2_CPT_RES_ADDR_ALIGN); return info; -- 2.34.1

4 weeks

1
0
0 0

[PATCH 1/4 v2] crypto: octeontx2: add timeout for load_fvc completion poll

by Bharat Bhushan

Adds timeout to exit from possible infinite loop, which polls on CPT instruction(load_fvc) completion. Signed-off-by: Srujana Challa <schalla(a)marvell.com> Signed-off-by: Bharat Bhushan <bbhushan2(a)marvell.com> Cc: <stable(a)vger.kernel.org> #v6.5+ --- v1->v2: - No Change .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c index 78367849c3d5..9095dea2748d 100644 --- a/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c +++ b/drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c @@ -1494,6 +1494,7 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) dma_addr_t rptr_baddr; struct pci_dev *pdev; u32 len, compl_rlen; + int timeout = 10000; int ret, etype; void *rptr; @@ -1554,16 +1555,27 @@ int otx2_cpt_discover_eng_capabilities(struct otx2_cptpf_dev *cptpf) etype); otx2_cpt_fill_inst(&inst, &iq_cmd, rptr_baddr); lfs->ops->send_cmd(&inst, 1, &cptpf->lfs.lf[0]); + timeout = 10000; while (lfs->ops->cpt_get_compcode(result) == - OTX2_CPT_COMPLETION_CODE_INIT) + OTX2_CPT_COMPLETION_CODE_INIT) { cpu_relax(); + udelay(1); + timeout--; + if (!timeout) { + ret = -ENODEV; + cptpf->is_eng_caps_discovered = false; + dev_warn(&pdev->dev, "Timeout on CPT load_fvc completion poll\n"); + goto error_no_response; + } + } cptpf->eng_caps[etype].u = be64_to_cpup(rptr); } - dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); cptpf->is_eng_caps_discovered = true; +error_no_response: + dma_unmap_single(&pdev->dev, rptr_baddr, len, DMA_BIDIRECTIONAL); free_result: kfree(result); lf_cleanup: -- 2.34.1

4 weeks

1
0
0 0

[PATCH v3 3/3] can: kvaser_pciefd: Continue parsing DMA buf after dropped RX

by Axel Forsman

Going bus-off on a channel doing RX could result in dropped packets. As netif_running() gets cleared before the channel abort procedure, the handling of any last RDATA packets would see netif_rx() return non-zero to signal a dropped packet. kvaser_pciefd_read_buffer() dealt with this "error" by breaking out of processing the remaining DMA RX buffer. Only return an error from kvaser_pciefd_read_buffer() due to packet corruption, otherwise handle it internally. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> --- drivers/net/can/kvaser_pciefd.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index a61cbade96d9..f6921368cd14 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1209,7 +1209,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_canfd_skb(priv->dev, &cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } cf->len = can_fd_dlc2len(dlc); @@ -1221,7 +1221,7 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, skb = alloc_can_skb(priv->dev, (struct can_frame **)&cf); if (!skb) { priv->dev->stats.rx_dropped++; - return -ENOMEM; + return 0; } can_frame_set_cc_len((struct can_frame *)cf, dlc, priv->ctrlmode); } @@ -1239,7 +1239,9 @@ static int kvaser_pciefd_handle_data_packet(struct kvaser_pciefd *pcie, priv->dev->stats.rx_packets++; kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - return netif_rx(skb); + netif_rx(skb); + + return 0; } static void kvaser_pciefd_change_state(struct kvaser_pciefd_can *can, -- 2.47.2

4 weeks

1
0
0 0

[PATCH v3 2/3] can: kvaser_pciefd: Fix echo_skb race

by Axel Forsman

The functions kvaser_pciefd_start_xmit() and kvaser_pciefd_handle_ack_packet() raced to stop/wake TX queues and get/put echo skbs, as kvaser_pciefd_can->echo_lock was only ever taken when transmitting and KCAN_TX_NR_PACKETS_CURRENT gets decremented prior to handling of ACKs. E.g., this caused the following error: can_put_echo_skb: BUG! echo_skb 5 is occupied! Instead, use the synchronization helpers in netdev_queues.h. As those piggyback on BQL barriers, start updating in-flight packets and bytes counts as well. Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> --- drivers/net/can/kvaser_pciefd.c | 93 +++++++++++++++++++++------------ 1 file changed, 59 insertions(+), 34 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index 9cc9176c2058..a61cbade96d9 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -16,6 +16,7 @@ #include <linux/netdevice.h> #include <linux/pci.h> #include <linux/timer.h> +#include <net/netdev_queues.h> MODULE_LICENSE("Dual BSD/GPL"); MODULE_AUTHOR("Kvaser AB <support(a)kvaser.com>"); @@ -410,10 +411,13 @@ struct kvaser_pciefd_can { void __iomem *reg_base; struct can_berr_counter bec; u8 cmd_seq; + u8 tx_max_count; + u8 tx_idx; + u8 ack_idx; int err_rep_cnt; - int echo_idx; + unsigned int completed_tx_pkts; + unsigned int completed_tx_bytes; spinlock_t lock; /* Locks sensitive registers (e.g. MODE) */ - spinlock_t echo_lock; /* Locks the message echo buffer */ struct timer_list bec_poll_timer; struct completion start_comp, flush_comp; }; @@ -714,6 +718,9 @@ static int kvaser_pciefd_open(struct net_device *netdev) int ret; struct kvaser_pciefd_can *can = netdev_priv(netdev); + can->tx_idx = 0; + can->ack_idx = 0; + ret = open_candev(netdev); if (ret) return ret; @@ -745,21 +752,26 @@ static int kvaser_pciefd_stop(struct net_device *netdev) timer_delete(&can->bec_poll_timer); } can->can.state = CAN_STATE_STOPPED; + netdev_reset_queue(netdev); close_candev(netdev); return ret; } +static unsigned int kvaser_pciefd_tx_avail(const struct kvaser_pciefd_can *can) +{ + return can->tx_max_count - (READ_ONCE(can->tx_idx) - READ_ONCE(can->ack_idx)); +} + static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, - struct kvaser_pciefd_can *can, + struct can_priv *can, u8 seq, struct sk_buff *skb) { struct canfd_frame *cf = (struct canfd_frame *)skb->data; int packet_size; - int seq = can->echo_idx; memset(p, 0, sizeof(*p)); - if (can->can.ctrlmode & CAN_CTRLMODE_ONE_SHOT) + if (can->ctrlmode & CAN_CTRLMODE_ONE_SHOT) p->header[1] |= KVASER_PCIEFD_TPACKET_SMS; if (cf->can_id & CAN_RTR_FLAG) @@ -782,7 +794,7 @@ static int kvaser_pciefd_prepare_tx_packet(struct kvaser_pciefd_tx_packet *p, } else { p->header[1] |= FIELD_PREP(KVASER_PCIEFD_RPACKET_DLC_MASK, - can_get_cc_dlc((struct can_frame *)cf, can->can.ctrlmode)); + can_get_cc_dlc((struct can_frame *)cf, can->ctrlmode)); } p->header[1] |= FIELD_PREP(KVASER_PCIEFD_PACKET_SEQ_MASK, seq); @@ -797,22 +809,24 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, struct net_device *netdev) { struct kvaser_pciefd_can *can = netdev_priv(netdev); - unsigned long irq_flags; struct kvaser_pciefd_tx_packet packet; + unsigned int seq = can->tx_idx & (can->can.echo_skb_max - 1); + unsigned int frame_len; int nr_words; - u8 count; if (can_dev_dropped_skb(netdev, skb)) return NETDEV_TX_OK; + if (!netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1)) + return NETDEV_TX_BUSY; - nr_words = kvaser_pciefd_prepare_tx_packet(&packet, can, skb); + nr_words = kvaser_pciefd_prepare_tx_packet(&packet, &can->can, seq, skb); - spin_lock_irqsave(&can->echo_lock, irq_flags); /* Prepare and save echo skb in internal slot */ - can_put_echo_skb(skb, netdev, can->echo_idx, 0); - - /* Move echo index to the next slot */ - can->echo_idx = (can->echo_idx + 1) % can->can.echo_skb_max; + WRITE_ONCE(can->can.echo_skb[seq], NULL); + frame_len = can_skb_get_frame_len(skb); + can_put_echo_skb(skb, netdev, seq, frame_len); + netdev_sent_queue(netdev, frame_len); + WRITE_ONCE(can->tx_idx, can->tx_idx + 1); /* Write header to fifo */ iowrite32(packet.header[0], @@ -836,14 +850,7 @@ static netdev_tx_t kvaser_pciefd_start_xmit(struct sk_buff *skb, KVASER_PCIEFD_KCAN_FIFO_LAST_REG); } - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); - /* No room for a new message, stop the queue until at least one - * successful transmit - */ - if (count >= can->can.echo_skb_max || can->can.echo_skb[can->echo_idx]) - netif_stop_queue(netdev); - spin_unlock_irqrestore(&can->echo_lock, irq_flags); + netif_subqueue_maybe_stop(netdev, 0, kvaser_pciefd_tx_avail(can), 1, 1); return NETDEV_TX_OK; } @@ -970,6 +977,8 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) can->kv_pcie = pcie; can->cmd_seq = 0; can->err_rep_cnt = 0; + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; can->bec.txerr = 0; can->bec.rxerr = 0; @@ -983,11 +992,10 @@ static int kvaser_pciefd_setup_can_ctrls(struct kvaser_pciefd *pcie) tx_nr_packets_max = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_MAX_MASK, ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + can->tx_max_count = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); can->can.clock.freq = pcie->freq; - can->can.echo_skb_max = min(KVASER_PCIEFD_CAN_TX_MAX_COUNT, tx_nr_packets_max - 1); - can->echo_idx = 0; - spin_lock_init(&can->echo_lock); + can->can.echo_skb_max = roundup_pow_of_two(can->tx_max_count); spin_lock_init(&can->lock); can->can.bittiming_const = &kvaser_pciefd_bittiming_const; @@ -1510,19 +1518,21 @@ static int kvaser_pciefd_handle_ack_packet(struct kvaser_pciefd *pcie, netdev_dbg(can->can.dev, "Packet was flushed\n"); } else { int echo_idx = FIELD_GET(KVASER_PCIEFD_PACKET_SEQ_MASK, p->header[0]); - int len; - u8 count; + unsigned int len, frame_len = 0; struct sk_buff *skb; + if (echo_idx != (can->ack_idx & (can->can.echo_skb_max - 1))) + return 0; skb = can->can.echo_skb[echo_idx]; - if (skb) - kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); - len = can_get_echo_skb(can->can.dev, echo_idx, NULL); - count = FIELD_GET(KVASER_PCIEFD_KCAN_TX_NR_PACKETS_CURRENT_MASK, - ioread32(can->reg_base + KVASER_PCIEFD_KCAN_TX_NR_PACKETS_REG)); + if (!skb) + return 0; + kvaser_pciefd_set_skb_timestamp(pcie, skb, p->timestamp); + len = can_get_echo_skb(can->can.dev, echo_idx, &frame_len); - if (count < can->can.echo_skb_max && netif_queue_stopped(can->can.dev)) - netif_wake_queue(can->can.dev); + /* Pairs with barrier in kvaser_pciefd_start_xmit() */ + smp_store_release(&can->ack_idx, can->ack_idx + 1); + can->completed_tx_pkts++; + can->completed_tx_bytes += frame_len; if (!one_shot_fail) { can->can.dev->stats.tx_bytes += len; @@ -1638,11 +1648,26 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) { int pos = 0; int res = 0; + unsigned int i; do { res = kvaser_pciefd_read_packet(pcie, &pos, dma_buf); } while (!res && pos > 0 && pos < KVASER_PCIEFD_DMA_SIZE); + /* Report ACKs in this buffer to BQL en masse for correct periods */ + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; + + if (!can->completed_tx_pkts) + continue; + netif_subqueue_completed_wake(can->can.dev, 0, + can->completed_tx_pkts, + can->completed_tx_bytes, + kvaser_pciefd_tx_avail(can), 1); + can->completed_tx_pkts = 0; + can->completed_tx_bytes = 0; + } + return res; } -- 2.47.2

4 weeks

1
0
0 0

[PATCH v3 1/3] can: kvaser_pciefd: Force IRQ edge in case of nested IRQ

by Axel Forsman

Avoid the driver missing IRQs by temporarily masking IRQs in the ISR to enforce an edge even if a different IRQ is signalled before handled IRQs are cleared. Fixes: 48f827d4f48f ("can: kvaser_pciefd: Move reset of DMA RX buffers to the end of the ISR") Cc: stable(a)vger.kernel.org Signed-off-by: Axel Forsman <axfo(a)kvaser.com> Tested-by: Jimmy Assarsson <extja(a)kvaser.com> Reviewed-by: Jimmy Assarsson <extja(a)kvaser.com> --- drivers/net/can/kvaser_pciefd.c | 83 ++++++++++++++++----------------- 1 file changed, 39 insertions(+), 44 deletions(-) diff --git a/drivers/net/can/kvaser_pciefd.c b/drivers/net/can/kvaser_pciefd.c index cf0d51805272..9cc9176c2058 100644 --- a/drivers/net/can/kvaser_pciefd.c +++ b/drivers/net/can/kvaser_pciefd.c @@ -1646,24 +1646,28 @@ static int kvaser_pciefd_read_buffer(struct kvaser_pciefd *pcie, int dma_buf) return res; } -static u32 kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) +static void kvaser_pciefd_receive_irq(struct kvaser_pciefd *pcie) { + void __iomem *srb_cmd_reg = KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG; u32 irq = ioread32(KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD0) { + kvaser_pciefd_read_buffer(pcie, 0); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, srb_cmd_reg); /* Rearm buffer */ + } + + if (irq & KVASER_PCIEFD_SRB_IRQ_DPD1) { kvaser_pciefd_read_buffer(pcie, 1); + iowrite32(KVASER_PCIEFD_SRB_CMD_RDB1, srb_cmd_reg); /* Rearm buffer */ + } if (unlikely(irq & KVASER_PCIEFD_SRB_IRQ_DOF0 || irq & KVASER_PCIEFD_SRB_IRQ_DOF1 || irq & KVASER_PCIEFD_SRB_IRQ_DUF0 || irq & KVASER_PCIEFD_SRB_IRQ_DUF1)) dev_err(&pcie->pci->dev, "DMA IRQ error 0x%08X\n", irq); - - iowrite32(irq, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IRQ_REG); - return irq; } static void kvaser_pciefd_transmit_irq(struct kvaser_pciefd_can *can) @@ -1691,29 +1695,22 @@ static irqreturn_t kvaser_pciefd_irq_handler(int irq, void *dev) struct kvaser_pciefd *pcie = (struct kvaser_pciefd *)dev; const struct kvaser_pciefd_irq_mask *irq_mask = pcie->driver_data->irq_mask; u32 pci_irq = ioread32(KVASER_PCIEFD_PCI_IRQ_ADDR(pcie)); - u32 srb_irq = 0; - u32 srb_release = 0; int i; if (!(pci_irq & irq_mask->all)) return IRQ_NONE; + iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + if (pci_irq & irq_mask->kcan_rx0) - srb_irq = kvaser_pciefd_receive_irq(pcie); + kvaser_pciefd_receive_irq(pcie); for (i = 0; i < pcie->nr_channels; i++) { if (pci_irq & irq_mask->kcan_tx[i]) kvaser_pciefd_transmit_irq(pcie->can[i]); } - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD0) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB0; - - if (srb_irq & KVASER_PCIEFD_SRB_IRQ_DPD1) - srb_release |= KVASER_PCIEFD_SRB_CMD_RDB1; - - if (srb_release) - iowrite32(srb_release, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); return IRQ_HANDLED; } @@ -1733,13 +1730,22 @@ static void kvaser_pciefd_teardown_can_ctrls(struct kvaser_pciefd *pcie) } } +static void kvaser_pciefd_disable_irq_srcs(struct kvaser_pciefd *pcie) +{ + unsigned int i; + + /* Masking PCI_IRQ is insufficient as running ISR will unmask it */ + iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); + for (i = 0; i < pcie->nr_channels; ++i) + iowrite32(0, pcie->can[i]->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); +} + static int kvaser_pciefd_probe(struct pci_dev *pdev, const struct pci_device_id *id) { int ret; struct kvaser_pciefd *pcie; const struct kvaser_pciefd_irq_mask *irq_mask; - void __iomem *irq_en_base; pcie = devm_kzalloc(&pdev->dev, sizeof(*pcie), GFP_KERNEL); if (!pcie) @@ -1805,8 +1811,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_IEN_REG); /* Enable PCI interrupts */ - irq_en_base = KVASER_PCIEFD_PCI_IEN_ADDR(pcie); - iowrite32(irq_mask->all, irq_en_base); + iowrite32(irq_mask->all, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); /* Ready the DMA buffers */ iowrite32(KVASER_PCIEFD_SRB_CMD_RDB0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CMD_REG); @@ -1820,8 +1825,7 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return 0; err_free_irq: - /* Disable PCI interrupts */ - iowrite32(0, irq_en_base); + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); err_pci_free_irq_vectors: @@ -1844,35 +1848,26 @@ static int kvaser_pciefd_probe(struct pci_dev *pdev, return ret; } -static void kvaser_pciefd_remove_all_ctrls(struct kvaser_pciefd *pcie) -{ - int i; - - for (i = 0; i < pcie->nr_channels; i++) { - struct kvaser_pciefd_can *can = pcie->can[i]; - - if (can) { - iowrite32(0, can->reg_base + KVASER_PCIEFD_KCAN_IEN_REG); - unregister_candev(can->can.dev); - timer_delete(&can->bec_poll_timer); - kvaser_pciefd_pwm_stop(can); - free_candev(can->can.dev); - } - } -} - static void kvaser_pciefd_remove(struct pci_dev *pdev) { struct kvaser_pciefd *pcie = pci_get_drvdata(pdev); + unsigned int i; - kvaser_pciefd_remove_all_ctrls(pcie); + for (i = 0; i < pcie->nr_channels; ++i) { + struct kvaser_pciefd_can *can = pcie->can[i]; - /* Disable interrupts */ - iowrite32(0, KVASER_PCIEFD_SRB_ADDR(pcie) + KVASER_PCIEFD_SRB_CTRL_REG); - iowrite32(0, KVASER_PCIEFD_PCI_IEN_ADDR(pcie)); + unregister_candev(can->can.dev); + timer_delete(&can->bec_poll_timer); + kvaser_pciefd_pwm_stop(can); + } + kvaser_pciefd_disable_irq_srcs(pcie); free_irq(pcie->pci->irq, pcie); pci_free_irq_vectors(pcie->pci); + + for (i = 0; i < pcie->nr_channels; ++i) + free_candev(pcie->can[i]->can.dev); + pci_iounmap(pdev, pcie->reg_base); pci_release_regions(pdev); pci_disable_device(pdev); -- 2.47.2

4 weeks

1
0
0 0

FAILED: patch "[PATCH] dm: add missing unlock on in dm_keyslot_evict()" failed to apply to 5.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.12.y git checkout FETCH_HEAD git cherry-pick -x 650266ac4c7230c89bcd1307acf5c9c92cfa85e2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050954-excretion-yonder-4e95@gregkh' --subject-prefix 'PATCH 5.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 650266ac4c7230c89bcd1307acf5c9c92cfa85e2 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Wed, 30 Apr 2025 11:05:54 +0300 Subject: [PATCH] dm: add missing unlock on in dm_keyslot_evict() We need to call dm_put_live_table() even if dm_get_live_table() returns NULL. Fixes: 9355a9eb21a5 ("dm: support key eviction from keyslot managers of underlying devices") Cc: stable(a)vger.kernel.org # v5.12+ Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c index 9e175c5e0634..31d67a1a91dd 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -1173,7 +1173,7 @@ static int dm_keyslot_evict(struct blk_crypto_profile *profile, t = dm_get_live_table(md, &srcu_idx); if (!t) - return 0; + goto put_live_table; for (unsigned int i = 0; i < t->num_targets; i++) { struct dm_target *ti = dm_table_get_target(t, i); @@ -1184,6 +1184,7 @@ static int dm_keyslot_evict(struct blk_crypto_profile *profile, (void *)key); } +put_live_table: dm_put_live_table(md, srcu_idx); return 0; }

4 weeks

3
2
0 0

[PATCH v2] net: mlx5: vport: Add error handling in mlx5_query_nic_vport_qkey_viol_cntr()

by Wentao Liang

The function mlx5_query_nic_vport_qkey_viol_cntr() calls the function mlx5_query_nic_vport_context() but does not check its return value. This could lead to undefined behavior if the query fails. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Remove redundant reassignment. Fix RCT. drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index 0d5f750faa45..ded086ffe8ac 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -519,19 +519,22 @@ int mlx5_query_nic_vport_qkey_viol_cntr(struct mlx5_core_dev *mdev, { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int ret; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (ret) + goto out; *qkey_viol_cntr = MLX5_GET(query_nic_vport_context_out, out, nic_vport_context.qkey_violation_counter); - +out: kvfree(out); - return 0; + return ret; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_qkey_viol_cntr); -- 2.42.0.windows.2

4 weeks

2
1
0 0

[PATCH v2] net: mlx5: vport: Add error handling in mlx5_query_nic_vport_node_guid()

by Wentao Liang

The function mlx5_query_nic_vport_node_guid() calls the function mlx5_query_nic_vport_context() but does not check its return value. A proper implementation can be found in mlx5_nic_vport_query_local_lb(). Add error handling for mlx5_query_nic_vport_context(). If it fails, free the out buffer via kvfree() and return error code. Fixes: 9efa75254593 ("net/mlx5_core: Introduce access functions to query vport RoCE fields") Cc: stable(a)vger.kernel.org # v4.5 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- v2: Remove redundant reassignment. Fix typo error. drivers/net/ethernet/mellanox/mlx5/core/vport.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/vport.c b/drivers/net/ethernet/mellanox/mlx5/core/vport.c index ded086ffe8ac..8235fa6add03 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/vport.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/vport.c @@ -465,19 +465,22 @@ int mlx5_query_nic_vport_node_guid(struct mlx5_core_dev *mdev, u64 *node_guid) { u32 *out; int outlen = MLX5_ST_SZ_BYTES(query_nic_vport_context_out); + int ret; out = kvzalloc(outlen, GFP_KERNEL); if (!out) return -ENOMEM; - mlx5_query_nic_vport_context(mdev, 0, out); + ret = mlx5_query_nic_vport_context(mdev, 0, out); + if (ret) + goto err; *node_guid = MLX5_GET64(query_nic_vport_context_out, out, nic_vport_context.node_guid); - +err: kvfree(out); - return 0; + return ret; } EXPORT_SYMBOL_GPL(mlx5_query_nic_vport_node_guid); -- 2.42.0.windows.2

4 weeks

2
1
0 0

[PATCH 6.1.y] selinux: avoid dereference of garbage after mount failure

by jianqi.ren.cn＠windriver.com

From: Christian Göttsche <cgzones(a)googlemail.com> commit 37801a36b4d68892ce807264f784d818f8d0d39b upstream. In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. Cc: stable(a)vger.kernel.org Fixes: 0619f0f5e36f ("selinux: wrap selinuxfs state") Signed-off-by: Christian Göttsche <cgzones(a)googlemail.com> Signed-off-by: Paul Moore <paul(a)paul-moore.com> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- security/selinux/selinuxfs.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index ab804d4ea911..c236f3cd2dd7 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -2210,7 +2210,6 @@ static struct file_system_type sel_fs_type = { .kill_sb = sel_kill_sb, }; -static struct vfsmount *selinuxfs_mount __ro_after_init; struct path selinux_null __ro_after_init; static int __init init_sel_fs(void) @@ -2232,18 +2231,21 @@ static int __init init_sel_fs(void) return err; } - selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type); - if (IS_ERR(selinuxfs_mount)) { + selinux_null.mnt = kern_mount(&sel_fs_type); + if (IS_ERR(selinux_null.mnt)) { pr_err("selinuxfs: could not mount!\n"); - err = PTR_ERR(selinuxfs_mount); - selinuxfs_mount = NULL; + err = PTR_ERR(selinux_null.mnt); + selinux_null.mnt = NULL; + return err; } + selinux_null.dentry = d_hash_and_lookup(selinux_null.mnt->mnt_root, &null_name); if (IS_ERR(selinux_null.dentry)) { pr_err("selinuxfs: could not lookup null!\n"); err = PTR_ERR(selinux_null.dentry); selinux_null.dentry = NULL; + return err; } return err; -- 2.34.1

4 weeks

3
2
0 0

[PATCH v2 2/2] Input: adp5588-keys - Prevent buffer overflow

by Denis Arefev

If the value of 'key_val' is less than 1 or greater than 80, a buffer overflow may occur. Add a check for valid values 'key_val'. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 69a4af606ed4 ("Input: adp5588-keys - support GPI events for ADP5588 devices") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- V1 -> V2: Added tag Fixes drivers/input/keyboard/adp5588-keys.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c index 13136f863270..91f00d6e2413 100644 --- a/drivers/input/keyboard/adp5588-keys.c +++ b/drivers/input/keyboard/adp5588-keys.c @@ -164,6 +164,9 @@ #define KEY_EV_PRESSED BIT(7) #define KEY_EV_MASK GENMASK(6, 0) +#define KEY_EVENT_MIN 1 +#define KEY_EVENT_MAX 80 + #define KP_SEL(x) (BIT(x) - 1) /* 2^x-1 */ #define KEYP_MAX_EVENT 10 @@ -531,7 +534,7 @@ static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt) if (key_val >= GPI_PIN_BASE && key_val <= GPI_PIN_END) { /* gpio line used as IRQ source */ adp5588_gpio_irq_handle(kpad, key_val, key_press); - } else { + } else if (key_val >= KEY_EVENT_MIN && key_val <= KEY_EVENT_MAX) { int row = (key_val - 1) / ADP5588_COLS_MAX; int col = (key_val - 1) % ADP5588_COLS_MAX; int code = MATRIX_SCAN_CODE(row, col, kpad->row_shift); @@ -542,6 +545,8 @@ static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt) input_report_key(kpad->input, kpad->keycode[code], key_press); + } else { + dev_err_ratelimited(&kpad->client->dev, "invalid report key value %d", key); } } } -- 2.43.0

4 weeks

1
0
0 0

[PATCH v2 1/2] Input: adp5588-keys - Add check on return code

by Denis Arefev

Function 'adp5588_read()' can return a negative value, which after calculations will be used as an index to access the array 'kpad->keycode'. Add a check for the return value. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 69a4af606ed4 ("Input: adp5588-keys - support GPI events for ADP5588 devices") Cc: stable(a)vger.kernel.org Signed-off-by: Denis Arefev <arefev(a)swemel.ru> --- V1 -> V2: Added tag Fixes drivers/input/keyboard/adp5588-keys.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/input/keyboard/adp5588-keys.c b/drivers/input/keyboard/adp5588-keys.c index dc734974ce06..13136f863270 100644 --- a/drivers/input/keyboard/adp5588-keys.c +++ b/drivers/input/keyboard/adp5588-keys.c @@ -519,9 +519,14 @@ static void adp5588_report_events(struct adp5588_kpad *kpad, int ev_cnt) int i; for (i = 0; i < ev_cnt; i++) { - int key = adp5588_read(kpad->client, KEY_EVENTA + i); - int key_val = key & KEY_EV_MASK; - int key_press = key & KEY_EV_PRESSED; + int key, key_val, key_press; + + key = adp5588_read(kpad->client, KEY_EVENTA + i); + if (key < 0) + continue; + + key_val = key & KEY_EV_MASK; + key_press = key & KEY_EV_PRESSED; if (key_val >= GPI_PIN_BASE && key_val <= GPI_PIN_END) { /* gpio line used as IRQ source */ -- 2.43.0

4 weeks

1
0
0 0

[PATCH 6.1.y 1/2] drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder functions

by jianqi.ren.cn＠windriver.com

From: Vinod Polimera <quic_vpolimer(a)quicinc.com> [ Upstream commit c0cd12a5d29fa36a8e2ebac7b8bec50c1a41fb57 ] Use atomic variants for encoder callback functions such that certain states like self-refresh can be accessed as part of enable/disable sequence. Signed-off-by: Kalyan Thota <quic_kalyant(a)quicinc.com> Signed-off-by: Vinod Polimera <quic_vpolimer(a)quicinc.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Patchwork: https://patchwork.freedesktop.org/patch/524738/ Link: https://lore.kernel.org/r/1677774797-31063-12-git-send-email-quic_vpolimer@… Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Signed-off-by: Jianqi Ren <jianqi.ren.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Verified the build test --- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c index 5f8345016ffe..c7fcd617b48c 100644 --- a/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c +++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c @@ -1182,7 +1182,8 @@ void dpu_encoder_virt_runtime_resume(struct drm_encoder *drm_enc) mutex_unlock(&dpu_enc->enc_lock); } -static void dpu_encoder_virt_enable(struct drm_encoder *drm_enc) +static void dpu_encoder_virt_atomic_enable(struct drm_encoder *drm_enc, + struct drm_atomic_state *state) { struct dpu_encoder_virt *dpu_enc = NULL; int ret = 0; @@ -1218,7 +1219,8 @@ static void dpu_encoder_virt_enable(struct drm_encoder *drm_enc) mutex_unlock(&dpu_enc->enc_lock); } -static void dpu_encoder_virt_disable(struct drm_encoder *drm_enc) +static void dpu_encoder_virt_atomic_disable(struct drm_encoder *drm_enc, + struct drm_atomic_state *state) { struct dpu_encoder_virt *dpu_enc = NULL; int i = 0; @@ -2407,8 +2409,8 @@ static void dpu_encoder_frame_done_timeout(struct timer_list *t) static const struct drm_encoder_helper_funcs dpu_encoder_helper_funcs = { .atomic_mode_set = dpu_encoder_virt_atomic_mode_set, - .disable = dpu_encoder_virt_disable, - .enable = dpu_encoder_virt_enable, + .atomic_disable = dpu_encoder_virt_atomic_disable, + .atomic_enable = dpu_encoder_virt_atomic_enable, .atomic_check = dpu_encoder_virt_atomic_check, }; -- 2.34.1

4 weeks

2
1
0 0

Request for backporting accel/ivpu FW log patches to 6.12

by Jacek Lawrynowicz

Hi, Please cherry-pick following 4 patches to 6.12: 3a3fb8110c65d361cd9d750c9e16520f740c93f2 accel/ivpu: Rename ivpu_log_level to fw_log_level 4b4d9e394b6f45ac26ac6144b31604c76b7e3705 accel/ivpu: Reset fw log on cold boot 1fc1251149a76d3b75d7f4c94d9c4e081b7df6b4 accel/ivpu: Refactor functions in ivpu_fw_log.c 4bc988b47019536b3b1f7d9c5b83893c712d94d6 accel/ivpu: Fix fw log printing These are fixing some firmware log corner cases that allow us to get reliable output in case of a failure. They should apply without conflicts. Thanks, Jacek

4 weeks

2
1
0 0

[PATCH net 3/3] can: bcm: add missing rcu read protection for procfs content

by Marc Kleine-Budde

From: Oliver Hartkopp <socketcan(a)hartkopp.net> When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the removal of bcm_op's is already implemented with rcu handling this patch adds the missing rcu_read_lock() and makes sure the list entries are properly removed under rcu protection. Fixes: f1b4e32aca08 ("can: bcm: use call_rcu() instead of costly synchronize_rcu()") Reported-by: Anderson Nascimento <anderson(a)allelesecurity.com> Suggested-by: Anderson Nascimento <anderson(a)allelesecurity.com> Tested-by: Anderson Nascimento <anderson(a)allelesecurity.com> Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Link: https://patch.msgid.link/20250519125027.11900-2-socketcan@hartkopp.net Cc: stable(a)vger.kernel.org # >= 5.4 Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/bcm.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/net/can/bcm.c b/net/can/bcm.c index 871707dab7db..6bc1cc4c94c5 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -219,7 +219,9 @@ static int bcm_proc_show(struct seq_file *m, void *v) seq_printf(m, " / bound %s", bcm_proc_getifname(net, ifname, bo->ifindex)); seq_printf(m, " <<<\n"); - list_for_each_entry(op, &bo->rx_ops, list) { + rcu_read_lock(); + + list_for_each_entry_rcu(op, &bo->rx_ops, list) { unsigned long reduction; @@ -275,6 +277,9 @@ static int bcm_proc_show(struct seq_file *m, void *v) seq_printf(m, "# sent %ld\n", op->frames_abs); } seq_putc(m, '\n'); + + rcu_read_unlock(); + return 0; } #endif /* CONFIG_PROC_FS */ @@ -858,7 +863,7 @@ static int bcm_delete_rx_op(struct list_head *ops, struct bcm_msg_head *mh, REGMASK(op->can_id), bcm_rx_handler, op); - list_del(&op->list); + list_del_rcu(&op->list); bcm_remove_op(op); return 1; /* done */ } @@ -878,7 +883,7 @@ static int bcm_delete_tx_op(struct list_head *ops, struct bcm_msg_head *mh, list_for_each_entry_safe(op, n, ops, list) { if ((op->can_id == mh->can_id) && (op->ifindex == ifindex) && (op->flags & CAN_FD_FRAME) == (mh->flags & CAN_FD_FRAME)) { - list_del(&op->list); + list_del_rcu(&op->list); bcm_remove_op(op); return 1; /* done */ } @@ -1296,7 +1301,7 @@ static int bcm_rx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, bcm_rx_handler, op, "bcm", sk); if (err) { /* this bcm rx op is broken -> remove it */ - list_del(&op->list); + list_del_rcu(&op->list); bcm_remove_op(op); return err; } -- 2.47.2

4 weeks

1
0
0 0

[PATCH net 2/3] can: bcm: add locking for bcm_op runtime updates

by Marc Kleine-Budde

From: Oliver Hartkopp <socketcan(a)hartkopp.net> The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the 'currframe' counter is then set to zero. Although this appeared to be a safe operation the updates of 'currframe' can be triggered from user space and hrtimer context in bcm_can_tx(). Anderson Nascimento created a proof of concept that triggered a KASAN slab-out-of-bounds read access which can be prevented with a spin_lock_bh. At the rework of bcm_can_tx() the 'count' variable has been moved into the protected section as this variable can be modified from both contexts too. Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol") Reported-by: Anderson Nascimento <anderson(a)allelesecurity.com> Tested-by: Anderson Nascimento <anderson(a)allelesecurity.com> Reviewed-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Signed-off-by: Oliver Hartkopp <socketcan(a)hartkopp.net> Link: https://patch.msgid.link/20250519125027.11900-1-socketcan@hartkopp.net Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- net/can/bcm.c | 66 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 45 insertions(+), 21 deletions(-) diff --git a/net/can/bcm.c b/net/can/bcm.c index 0bca1b9b3f70..871707dab7db 100644 --- a/net/can/bcm.c +++ b/net/can/bcm.c @@ -58,6 +58,7 @@ #include <linux/can/skb.h> #include <linux/can/bcm.h> #include <linux/slab.h> +#include <linux/spinlock.h> #include <net/sock.h> #include <net/net_namespace.h> @@ -122,6 +123,7 @@ struct bcm_op { struct canfd_frame last_sframe; struct sock *sk; struct net_device *rx_reg_dev; + spinlock_t bcm_tx_lock; /* protect currframe/count in runtime updates */ }; struct bcm_sock { @@ -285,13 +287,18 @@ static void bcm_can_tx(struct bcm_op *op) { struct sk_buff *skb; struct net_device *dev; - struct canfd_frame *cf = op->frames + op->cfsiz * op->currframe; + struct canfd_frame *cf; int err; /* no target device? => exit */ if (!op->ifindex) return; + /* read currframe under lock protection */ + spin_lock_bh(&op->bcm_tx_lock); + cf = op->frames + op->cfsiz * op->currframe; + spin_unlock_bh(&op->bcm_tx_lock); + dev = dev_get_by_index(sock_net(op->sk), op->ifindex); if (!dev) { /* RFC: should this bcm_op remove itself here? */ @@ -312,6 +319,10 @@ static void bcm_can_tx(struct bcm_op *op) skb->dev = dev; can_skb_set_owner(skb, op->sk); err = can_send(skb, 1); + + /* update currframe and count under lock protection */ + spin_lock_bh(&op->bcm_tx_lock); + if (!err) op->frames_abs++; @@ -320,6 +331,11 @@ static void bcm_can_tx(struct bcm_op *op) /* reached last frame? */ if (op->currframe >= op->nframes) op->currframe = 0; + + if (op->count > 0) + op->count--; + + spin_unlock_bh(&op->bcm_tx_lock); out: dev_put(dev); } @@ -430,7 +446,7 @@ static enum hrtimer_restart bcm_tx_timeout_handler(struct hrtimer *hrtimer) struct bcm_msg_head msg_head; if (op->kt_ival1 && (op->count > 0)) { - op->count--; + bcm_can_tx(op); if (!op->count && (op->flags & TX_COUNTEVT)) { /* create notification to user */ @@ -445,7 +461,6 @@ static enum hrtimer_restart bcm_tx_timeout_handler(struct hrtimer *hrtimer) bcm_send_to_user(op, &msg_head, NULL, 0); } - bcm_can_tx(op); } else if (op->kt_ival2) { bcm_can_tx(op); @@ -956,6 +971,27 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, } op->flags = msg_head->flags; + /* only lock for unlikely count/nframes/currframe changes */ + if (op->nframes != msg_head->nframes || + op->flags & TX_RESET_MULTI_IDX || + op->flags & SETTIMER) { + + spin_lock_bh(&op->bcm_tx_lock); + + if (op->nframes != msg_head->nframes || + op->flags & TX_RESET_MULTI_IDX) { + /* potentially update changed nframes */ + op->nframes = msg_head->nframes; + /* restart multiple frame transmission */ + op->currframe = 0; + } + + if (op->flags & SETTIMER) + op->count = msg_head->count; + + spin_unlock_bh(&op->bcm_tx_lock); + } + } else { /* insert new BCM operation for the given can_id */ @@ -963,9 +999,14 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, if (!op) return -ENOMEM; + spin_lock_init(&op->bcm_tx_lock); op->can_id = msg_head->can_id; op->cfsiz = CFSIZ(msg_head->flags); op->flags = msg_head->flags; + op->nframes = msg_head->nframes; + + if (op->flags & SETTIMER) + op->count = msg_head->count; /* create array for CAN frames and copy the data */ if (msg_head->nframes > 1) { @@ -1023,22 +1064,8 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, } /* if ((op = bcm_find_op(&bo->tx_ops, msg_head->can_id, ifindex))) */ - if (op->nframes != msg_head->nframes) { - op->nframes = msg_head->nframes; - /* start multiple frame transmission with index 0 */ - op->currframe = 0; - } - - /* check flags */ - - if (op->flags & TX_RESET_MULTI_IDX) { - /* start multiple frame transmission with index 0 */ - op->currframe = 0; - } - if (op->flags & SETTIMER) { /* set timer values */ - op->count = msg_head->count; op->ival1 = msg_head->ival1; op->ival2 = msg_head->ival2; op->kt_ival1 = bcm_timeval_to_ktime(msg_head->ival1); @@ -1055,11 +1082,8 @@ static int bcm_tx_setup(struct bcm_msg_head *msg_head, struct msghdr *msg, op->flags |= TX_ANNOUNCE; } - if (op->flags & TX_ANNOUNCE) { + if (op->flags & TX_ANNOUNCE) bcm_can_tx(op); - if (op->count) - op->count--; - } if (op->flags & STARTTIMER) bcm_tx_start_timer(op); -- 2.47.2

4 weeks

1
0
0 0

Request for backporting accel/ivpu MMU IRQ patches to 6.14

by Jacek Lawrynowicz

Hi, Please cherry-pick following 6 patches to 6.14: bc3e5f48b7ee021371dc37297678f7089be6ce28 accel/ivpu: Use workqueue for IRQ handling 0240fa18d247c99a1967f2fed025296a89a1c5f5 accel/ivpu: Dump only first MMU fault from single context 4480912f3f8b8a1fbb5ae12c5c547fd094ec4197 accel/ivpu: Move parts of MMU event IRQ handling to thread handler 353b8f48390d36b39276ff6af61464ec64cd4d5c accel/ivpu: Fix missing MMU events from reserved SSID 2f5bbea1807a064a1e4c1b385c8cea4f37bb4b17 accel/ivpu: Fix missing MMU events if file_priv is unbound 683e9fa1c885a0cffbc10b459a7eee9df92af1c1 accel/ivpu: Flush pending jobs of device's workqueues These are fixing an issue where host can be overloaded with MMU faults from NPU causing other IRQs to be missed and host to be slowed down significantly. They should apply without conflicts. Thanks, Jacek

4 weeks

2
1
0 0

Re: Patch "sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set()" has been added to the 6.14-stable tree

by Andrea Righi

Hi, On Sun, May 18, 2025 at 06:35:28AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set() > > to the 6.14-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > sched_ext-fix-missing-rq-lock-in-scx_bpf_cpuperf_set.patch > and it can be found in the queue-6.14 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This requires upstream commit 18853ba782bef ("sched_ext: Track currently locked rq"). Thanks, -Andrea > > > > commit e0dd90f92931fd4040aee0bf75b348a402464821 > Author: Andrea Righi <arighi(a)nvidia.com> > Date: Tue Apr 22 10:26:33 2025 +0200 > > sched_ext: Fix missing rq lock in scx_bpf_cpuperf_set() > > [ Upstream commit a11d6784d7316a6c77ca9f14fb1a698ebbb3c1fb ] > > scx_bpf_cpuperf_set() can be used to set a performance target level on > any CPU. However, it doesn't correctly acquire the corresponding rq > lock, which may lead to unsafe behavior and trigger the following > warning, due to the lockdep_assert_rq_held() check: > > [ 51.713737] WARNING: CPU: 3 PID: 3899 at kernel/sched/sched.h:1512 scx_bpf_cpuperf_set+0x1a0/0x1e0 > ... > [ 51.713836] Call trace: > [ 51.713837] scx_bpf_cpuperf_set+0x1a0/0x1e0 (P) > [ 51.713839] bpf_prog_62d35beb9301601f_bpfland_init+0x168/0x440 > [ 51.713841] bpf__sched_ext_ops_init+0x54/0x8c > [ 51.713843] scx_ops_enable.constprop.0+0x2c0/0x10f0 > [ 51.713845] bpf_scx_reg+0x18/0x30 > [ 51.713847] bpf_struct_ops_link_create+0x154/0x1b0 > [ 51.713849] __sys_bpf+0x1934/0x22a0 > > Fix by properly acquiring the rq lock when possible or raising an error > if we try to operate on a CPU that is not the one currently locked. > > Fixes: d86adb4fc0655 ("sched_ext: Add cpuperf support") > Signed-off-by: Andrea Righi <arighi(a)nvidia.com> > Acked-by: Changwoo Min <changwoo(a)igalia.com> > Signed-off-by: Tejun Heo <tj(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/kernel/sched/ext.c b/kernel/sched/ext.c > index 77cdff0d9f348..0067f540a3f0f 100644 > --- a/kernel/sched/ext.c > +++ b/kernel/sched/ext.c > @@ -7459,13 +7459,32 @@ __bpf_kfunc void scx_bpf_cpuperf_set(s32 cpu, u32 perf) > } > > if (ops_cpu_valid(cpu, NULL)) { > - struct rq *rq = cpu_rq(cpu); > + struct rq *rq = cpu_rq(cpu), *locked_rq = scx_locked_rq(); > + struct rq_flags rf; > + > + /* > + * When called with an rq lock held, restrict the operation > + * to the corresponding CPU to prevent ABBA deadlocks. > + */ > + if (locked_rq && rq != locked_rq) { > + scx_ops_error("Invalid target CPU %d", cpu); > + return; > + } > + > + /* > + * If no rq lock is held, allow to operate on any CPU by > + * acquiring the corresponding rq lock. > + */ > + if (!locked_rq) { > + rq_lock_irqsave(rq, &rf); > + update_rq_clock(rq); > + } > > rq->scx.cpuperf_target = perf; > + cpufreq_update_util(rq, 0); > > - rcu_read_lock_sched_notrace(); > - cpufreq_update_util(cpu_rq(cpu), 0); > - rcu_read_unlock_sched_notrace(); > + if (!locked_rq) > + rq_unlock_irqrestore(rq, &rf); > } > } >

4 weeks, 1 day

2
1
0 0

[PATCH 6.6 000/113] 6.6.91-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.91 release. There are 113 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 16 May 2025 12:55:38 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.91-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.91-rc2 Peter Zijlstra <peterz(a)infradead.org> x86/its: FineIBT-paranoid vs ITS Eric Biggers <ebiggers(a)google.com> x86/its: Fix build errors when CONFIG_MODULES=n Peter Zijlstra <peterz(a)infradead.org> x86/its: Use dynamic thunks for indirect branches Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/ibt: Keep IBT disabled during alternative patching Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Align RETs in BHB clear sequence to avoid thunking Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for RSB stuffing mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add "vmexit" option to skip mitigation on some CPUs Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enable Indirect Target Selection mitigation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe return thunk Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Add support for ITS-safe indirect thunk Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/its: Enumerate Indirect Target Selection (ITS) bug Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> Documentation: x86/bugs/its: Add ITS documentation Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/speculation: Remove the extra #ifdef around CALL_NOSPEC Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/speculation: Add a conditional CS prefix to CALL_NOSPEC Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/speculation: Simplify and make CALL_NOSPEC consistent Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bhi: Do not set BHI_DIS_S in 32-bit mode Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bpf: Add IBHF call at end of classic BPF Daniel Sneddon <daniel.sneddon(a)linux.intel.com> x86/bpf: Call branch history clearing sequence on exit James Morse <james.morse(a)arm.com> arm64: proton-pack: Add new CPUs 'k' values for branch mitigation James Morse <james.morse(a)arm.com> arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users James Morse <james.morse(a)arm.com> arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the branchy loop k value James Morse <james.morse(a)arm.com> arm64: proton-pack: Expose whether the platform is mitigated by firmware James Morse <james.morse(a)arm.com> arm64: insn: Add support for encoding DSB Jens Axboe <axboe(a)kernel.dk> io_uring: ensure deferred completions are posted for multishot Jens Axboe <axboe(a)kernel.dk> io_uring: always arm linked timeouts prior to issue Al Viro <viro(a)zeniv.linux.org.uk> do_umount(): add missing barrier before refcount checks in sync case Daniel Wagner <wagi(a)kernel.org> nvme: unblock ctrl state transition for firmware update Kevin Baker <kevinb(a)ventureresearch.com> drm/panel: simple: Update timings for AUO G101EVN010 Thorsten Blum <thorsten.blum(a)linux.dev> MIPS: Fix MAX_REG_OFFSET Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: dln2: Use aligned_s64 for timestamp Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> types: Complement the aligned types with signed 64-bit one Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. Lothar Rubusch <l.rubusch(a)gmail.com> iio: accel: adxl367: fix setting odr for activity time update Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous generic_read ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous wait_srq ioctl return Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix erroneous get_stb ioctl error returns Oliver Neukum <oneukum(a)suse.com> USB: usbtmc: use interruptible sleep in usbtmc_read Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: ucsi: displayport: Fix NULL pointer access RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Jim Lin <jilin(a)nvidia.com> usb: host: tegra: Prevent host controller crash when OTG port is used Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: Use get_status callback to set remote wakeup capability Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Prashanth K <prashanth.k(a)oss.qualcomm.com> usb: gadget: f_ecm: Add get_status callback Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with resuming from L1 Jan Kara <jack(a)suse.cz> ocfs2: stop quota recovery before disabling quotas Jan Kara <jack(a)suse.cz> ocfs2: implement handshaking with ocfs2 recovery thread Jan Kara <jack(a)suse.cz> ocfs2: switch osb->disable_recovery to enum Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode: Consolidate the loader enablement checking Dmitry Antipov <dmantipov(a)yandex.ru> module: ensure that kobject_put() is safe for module type kobjects Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Jason Andryuk <jason.andryuk(a)amd.com> xenbus: Use kref to track req lifetime John Ernberg <john.ernberg(a)actia.se> xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it Paul Aurich <paul(a)darkrain42.org> smb: client: Avoid race in open_cached_dir with lease breaks Alexey Charkov <alchark(a)gmail.com> usb: uhci-platform: Make the clock really optional Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Copy AUX read reply data whenever length > 0 Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Fix wrong handling for AUX_DEFER case Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Remove incorrect checking in dmub aux handler Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Fix the checking condition in dmub aux handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: more liberal vmin/vmax update for freesync Maíra Canal <mcanal(a)igalia.com> drm/v3d: Add job to pending list if the reset was skipped Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Silvano Seva <s.seva(a)4sigma.it> iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo Gabriel Shahrouzi <gshahrouzi(a)gmail.com> iio: adis16201: Correct inclinometer channel resolution Simon Xue <xxm(a)rock-chips.com> iio: adc: rockchip: Fix clock initialization sequence Angelo Dureghello <adureghello(a)baylibre.com> iio: adc: ad7606: fix serial register access Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Shift DMUB AUX reply command if necessary Dave Hansen <dave.hansen(a)linux.intel.com> x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Correct handling of tx_fifo_depth for size validation Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: axis-fifo: Remove hardware resets for user errors Gabriel Shahrouzi <gshahrouzi(a)gmail.com> staging: iio: adc: ad7816: Correct conditional logic for store mode Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics - enable SMBus for HP Elitebook 850 G1 Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dell Precision M3800 Aditya Garg <gargaditya08(a)live.com> Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Manuel Fombuena <fombuena(a)outlook.com> Input: synaptics - enable InterTouch on Dynabook Portege X30-D Vicki Pfau <vi(a)endrift.com> Input: xpad - fix two controller table values Lode Willems <me(a)lodewillems.com> Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Vicki Pfau <vi(a)endrift.com> Input: xpad - fix Share button on Xbox One controllers Gary Bisson <bisson.gary(a)gmail.com> Input: mtk-pmic-keys - fix possible null pointer dereference Mikael Gonella-Bolduc <mgonellabolduc(a)dimonoff.com> Input: cyttsp5 - fix power control issue on wakeup Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Input: cyttsp5 - ensure minimum reset pulse width Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix learning on VLAN unaware bridges Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: always rejoin default untagged VLAN on bridge leave Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix flushing old pvid VLAN on pvid change Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: fix clearing PVID of a port Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow leaky reserved multicast Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Scrub packet on bpf_redirect_peer Jozsef Kadlecsik <kadlec(a)netfilter.org> netfilter: ipset: fix region locking in hash types Julian Anastasov <ja(a)ssi.bg> ipvs: fix uninit-value for saddr in do_output_route4 Oliver Hartkopp <socketcan(a)hartkopp.net> can: gw: fix RCU/BH usage in cgw_create_job() Kelsey Maes <kelsey(a)vpprocess.com> can: mcp251xfd: fix TDC setting for low data bit rates Daniel Golle <daniel(a)makrotopia.org> net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Alexander Lobakin <aleksander.lobakin(a)intel.com> netdevice: add netdev_tx_reset_subqueue() shorthand Guillaume Nault <gnault(a)redhat.com> gre: Fix again IPv6 link-local address generation. Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_deactivate() idempotent Wang Zhaolong <wangzhaolong1(a)huawei.com> ksmbd: fix memory leak in parse_lease_state() Eelco Chaudron <echaudro(a)redhat.com> openvswitch: Fix unsafe attribute parsing in output_userspace() Sean Heelan <seanheelan(a)gmail.com> ksmbd: Fix UAF in __close_file_table_ids Norbert Szetei <norbert(a)doyensec.com> ksmbd: prevent out-of-bounds stream writes by validating *pos Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: prevent rename with empty string Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls Veerendranath Jakkam <quic_vjakkam(a)quicinc.com> wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcan: m_can_class_unregister(): fix order of unregistration calls Wojciech Dubowik <Wojciech.Dubowik(a)mt.com> arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 Dan Carpenter <dan.carpenter(a)linaro.org> dm: add missing unlock on in dm_keyslot_evict() ------------- Diffstat: Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 168 ++++++++++++++++ Documentation/admin-guide/kernel-parameters.txt | 18 ++ Makefile | 4 +- arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 ++- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/insn.h | 1 + arch/arm64/include/asm/spectre.h | 3 + arch/arm64/kernel/proton-pack.c | 13 +- arch/arm64/lib/insn.c | 76 +++++--- arch/arm64/net/bpf_jit_comp.c | 57 +++++- arch/mips/include/asm/ptrace.h | 3 +- arch/x86/Kconfig | 11 ++ arch/x86/entry/entry_64.S | 20 +- arch/x86/include/asm/alternative.h | 32 ++++ arch/x86/include/asm/cpufeatures.h | 3 + arch/x86/include/asm/microcode.h | 2 + arch/x86/include/asm/msr-index.h | 8 + arch/x86/include/asm/nospec-branch.h | 44 +++-- arch/x86/kernel/alternative.c | 211 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 178 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 72 +++++-- arch/x86/kernel/cpu/microcode/amd.c | 6 +- arch/x86/kernel/cpu/microcode/core.c | 60 +++--- arch/x86/kernel/cpu/microcode/intel.c | 2 +- arch/x86/kernel/cpu/microcode/internal.h | 1 - arch/x86/kernel/ftrace.c | 2 +- arch/x86/kernel/head32.c | 4 - arch/x86/kernel/module.c | 7 + arch/x86/kernel/static_call.c | 4 +- arch/x86/kernel/vmlinux.lds.S | 10 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 ++++ arch/x86/mm/tlb.c | 23 ++- arch/x86/net/bpf_jit_comp.c | 61 +++++- drivers/base/cpu.c | 3 + drivers/clocksource/i8253.c | 4 +- drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 +- drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 ++-- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 ++- drivers/gpu/drm/panel/panel-simple.c | 25 +-- drivers/gpu/drm/v3d/v3d_sched.c | 28 ++- drivers/iio/accel/adis16201.c | 4 +- drivers/iio/accel/adxl355_core.c | 2 +- drivers/iio/accel/adxl367.c | 10 +- drivers/iio/adc/ad7606_spi.c | 2 +- drivers/iio/adc/dln2-adc.c | 2 +- drivers/iio/adc/rockchip_saradc.c | 17 +- drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 + drivers/iio/temperature/maxim_thermocouple.c | 2 +- drivers/input/joystick/xpad.c | 40 ++-- drivers/input/keyboard/mtk-pmic-keys.c | 4 +- drivers/input/mouse/synaptics.c | 5 + drivers/input/touchscreen/cyttsp5.c | 7 +- drivers/md/dm-table.c | 3 +- drivers/net/can/m_can/m_can.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +++- drivers/net/dsa/b53/b53_common.c | 36 ++-- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 16 +- drivers/nvme/host/core.c | 3 +- drivers/staging/axis-fifo/axis-fifo.c | 14 +- drivers/staging/iio/adc/ad7816.c | 2 +- drivers/usb/cdns3/cdnsp-gadget.c | 31 +++ drivers/usb/cdns3/cdnsp-gadget.h | 6 + drivers/usb/cdns3/cdnsp-pci.c | 12 +- drivers/usb/cdns3/cdnsp-ring.c | 3 +- drivers/usb/cdns3/core.h | 3 + drivers/usb/class/usbtmc.c | 59 +++--- drivers/usb/gadget/composite.c | 12 +- drivers/usb/gadget/function/f_ecm.c | 7 + drivers/usb/gadget/udc/tegra-xudc.c | 4 + drivers/usb/host/uhci-platform.c | 2 +- drivers/usb/host/xhci-tegra.c | 3 + drivers/usb/typec/tcpm/tcpm.c | 2 +- drivers/usb/typec/ucsi/displayport.c | 2 + drivers/xen/swiotlb-xen.c | 1 + drivers/xen/xenbus/xenbus.h | 2 + drivers/xen/xenbus/xenbus_comms.c | 9 +- drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- drivers/xen/xenbus/xenbus_xs.c | 18 +- fs/namespace.c | 3 +- fs/ocfs2/journal.c | 80 +++++--- fs/ocfs2/journal.h | 1 + fs/ocfs2/ocfs2.h | 17 +- fs/ocfs2/quota_local.c | 9 +- fs/ocfs2/super.c | 3 + fs/smb/client/cached_dir.c | 10 +- fs/smb/server/oplock.c | 7 +- fs/smb/server/smb2pdu.c | 5 + fs/smb/server/vfs.c | 7 + fs/smb/server/vfs_cache.c | 33 +++- include/linux/cpu.h | 2 + include/linux/module.h | 5 + include/linux/netdevice.h | 13 +- include/linux/types.h | 3 +- include/uapi/linux/types.h | 1 + io_uring/io_uring.c | 61 +++--- kernel/params.c | 4 +- net/can/gw.c | 151 +++++++++------ net/core/filter.c | 1 + net/ipv6/addrconf.c | 15 +- net/netfilter/ipset/ip_set_hash_gen.h | 2 +- net/netfilter/ipvs/ip_vs_xmit.c | 27 +-- net/openvswitch/actions.c | 3 +- net/sched/sch_htb.c | 15 +- net/wireless/scan.c | 2 +- 110 files changed, 1716 insertions(+), 494 deletions(-)

4 weeks, 1 day

10
24
0 0

[PATCH 5.10.y] powerpc/pseries: Fix scv instruction crash with kexec

by Feng Liu

From: Nicholas Piggin <npiggin(a)gmail.com> [ commit 21a741eb75f80397e5f7d3739e24d7d75e619011 upstream ] kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv interrupt vector is 0x17000, and the fixed-location head code probably couldn't easily deal with implementing such high addresses so it was just decided not to support that interrupt at all. Fixes: 7fa95f9adaee ("powerpc/64s: system call support for scv/rfscv instructions") Cc: stable(a)vger.kernel.org # v5.9+ Reported-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Closes: https://lore.kernel.org/3b4b2943-49ad-4619-b195-bc416f1d1409@linux.ibm.com Signed-off-by: Nicholas Piggin <npiggin(a)gmail.com> Tested-by: Gautam Menghani <gautam(a)linux.ibm.com> Tested-by: Sourabh Jain <sourabhjain(a)linux.ibm.com> Link: https://msgid.link/20240625134047.298759-1-npiggin@gmail.com Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> [pSeries_machine_kexec hadn't been moved to kexec.c in v5.10, fix context accordingly] Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- arch/powerpc/kexec/core_64.c | 11 +++++++++++ arch/powerpc/platforms/pseries/setup.c | 11 ----------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/arch/powerpc/kexec/core_64.c b/arch/powerpc/kexec/core_64.c index 8a449b2d8715..ffc57d5a39a6 100644 --- a/arch/powerpc/kexec/core_64.c +++ b/arch/powerpc/kexec/core_64.c @@ -26,6 +26,7 @@ #include <asm/mmu.h> #include <asm/sections.h> /* _end */ #include <asm/prom.h> +#include <asm/setup.h> #include <asm/smp.h> #include <asm/hw_breakpoint.h> #include <asm/asm-prototypes.h> @@ -313,6 +314,16 @@ void default_machine_kexec(struct kimage *image) if (!kdump_in_progress()) kexec_prepare_cpus(); +#ifdef CONFIG_PPC_PSERIES + /* + * This must be done after other CPUs have shut down, otherwise they + * could execute the 'scv' instruction, which is not supported with + * reloc disabled (see configure_exceptions()). + */ + if (firmware_has_feature(FW_FEATURE_SET_MODE)) + pseries_disable_reloc_on_exc(); +#endif + printk("kexec: Starting switchover sequence.\n"); /* switch to a staticly allocated stack. Based on irq stack code. diff --git a/arch/powerpc/platforms/pseries/setup.c b/arch/powerpc/platforms/pseries/setup.c index 8e4a2e8aee11..be4d35354daf 100644 --- a/arch/powerpc/platforms/pseries/setup.c +++ b/arch/powerpc/platforms/pseries/setup.c @@ -409,16 +409,6 @@ void pseries_disable_reloc_on_exc(void) } EXPORT_SYMBOL(pseries_disable_reloc_on_exc); -#ifdef CONFIG_KEXEC_CORE -static void pSeries_machine_kexec(struct kimage *image) -{ - if (firmware_has_feature(FW_FEATURE_SET_MODE)) - pseries_disable_reloc_on_exc(); - - default_machine_kexec(image); -} -#endif - #ifdef __LITTLE_ENDIAN__ void pseries_big_endian_exceptions(void) { @@ -1071,7 +1061,6 @@ define_machine(pseries) { .machine_check_early = pseries_machine_check_realmode, .machine_check_exception = pSeries_machine_check_exception, #ifdef CONFIG_KEXEC_CORE - .machine_kexec = pSeries_machine_kexec, .kexec_cpu_down = pseries_kexec_cpu_down, #endif #ifdef CONFIG_MEMORY_HOTPLUG_SPARSE -- 2.34.1

4 weeks, 1 day

2
3
0 0

[PATCH 6.12.y 1/3] drm/fbdev-dma: Support struct drm_driver.fbdev_probe

by Fabio Estevam

From: Thomas Zimmermann <tzimmermann(a)suse.de> commit 8998eedda2539d2528cfebdc7c17eed0ad35b714 upstream. Rework fbdev probing to support fbdev_probe in struct drm_driver and reimplement the old fb_probe callback on top of it. Provide an initializer macro for struct drm_driver that sets the callback according to the kernel configuration. This change allows the common fbdev client to run on top of DMA- based DRM drivers. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240924071734.98201-6-tzimme… Signed-off-by: Fabio Estevam <festevam(a)denx.de> --- drivers/gpu/drm/drm_fbdev_dma.c | 60 ++++++++++++++++++++------------- include/drm/drm_fbdev_dma.h | 12 +++++++ 2 files changed, 48 insertions(+), 24 deletions(-) diff --git a/drivers/gpu/drm/drm_fbdev_dma.c b/drivers/gpu/drm/drm_fbdev_dma.c index 51c2d742d199..7c8287c18e38 100644 --- a/drivers/gpu/drm/drm_fbdev_dma.c +++ b/drivers/gpu/drm/drm_fbdev_dma.c @@ -105,6 +105,40 @@ static const struct fb_ops drm_fbdev_dma_deferred_fb_ops = { static int drm_fbdev_dma_helper_fb_probe(struct drm_fb_helper *fb_helper, struct drm_fb_helper_surface_size *sizes) +{ + return drm_fbdev_dma_driver_fbdev_probe(fb_helper, sizes); +} + +static int drm_fbdev_dma_helper_fb_dirty(struct drm_fb_helper *helper, + struct drm_clip_rect *clip) +{ + struct drm_device *dev = helper->dev; + int ret; + + /* Call damage handlers only if necessary */ + if (!(clip->x1 < clip->x2 && clip->y1 < clip->y2)) + return 0; + + if (helper->fb->funcs->dirty) { + ret = helper->fb->funcs->dirty(helper->fb, NULL, 0, 0, clip, 1); + if (drm_WARN_ONCE(dev, ret, "Dirty helper failed: ret=%d\n", ret)) + return ret; + } + + return 0; +} + +static const struct drm_fb_helper_funcs drm_fbdev_dma_helper_funcs = { + .fb_probe = drm_fbdev_dma_helper_fb_probe, + .fb_dirty = drm_fbdev_dma_helper_fb_dirty, +}; + +/* + * struct drm_fb_helper + */ + +int drm_fbdev_dma_driver_fbdev_probe(struct drm_fb_helper *fb_helper, + struct drm_fb_helper_surface_size *sizes) { struct drm_client_dev *client = &fb_helper->client; struct drm_device *dev = fb_helper->dev; @@ -148,6 +182,7 @@ static int drm_fbdev_dma_helper_fb_probe(struct drm_fb_helper *fb_helper, goto err_drm_client_buffer_delete; } + fb_helper->funcs = &drm_fbdev_dma_helper_funcs; fb_helper->buffer = buffer; fb_helper->fb = fb; @@ -211,30 +246,7 @@ static int drm_fbdev_dma_helper_fb_probe(struct drm_fb_helper *fb_helper, drm_client_framebuffer_delete(buffer); return ret; } - -static int drm_fbdev_dma_helper_fb_dirty(struct drm_fb_helper *helper, - struct drm_clip_rect *clip) -{ - struct drm_device *dev = helper->dev; - int ret; - - /* Call damage handlers only if necessary */ - if (!(clip->x1 < clip->x2 && clip->y1 < clip->y2)) - return 0; - - if (helper->fb->funcs->dirty) { - ret = helper->fb->funcs->dirty(helper->fb, NULL, 0, 0, clip, 1); - if (drm_WARN_ONCE(dev, ret, "Dirty helper failed: ret=%d\n", ret)) - return ret; - } - - return 0; -} - -static const struct drm_fb_helper_funcs drm_fbdev_dma_helper_funcs = { - .fb_probe = drm_fbdev_dma_helper_fb_probe, - .fb_dirty = drm_fbdev_dma_helper_fb_dirty, -}; +EXPORT_SYMBOL(drm_fbdev_dma_driver_fbdev_probe); /* * struct drm_client_funcs diff --git a/include/drm/drm_fbdev_dma.h b/include/drm/drm_fbdev_dma.h index 2da7ee784133..6ae4de46497c 100644 --- a/include/drm/drm_fbdev_dma.h +++ b/include/drm/drm_fbdev_dma.h @@ -4,12 +4,24 @@ #define DRM_FBDEV_DMA_H struct drm_device; +struct drm_fb_helper; +struct drm_fb_helper_surface_size; #ifdef CONFIG_DRM_FBDEV_EMULATION +int drm_fbdev_dma_driver_fbdev_probe(struct drm_fb_helper *fb_helper, + struct drm_fb_helper_surface_size *sizes); + +#define DRM_FBDEV_DMA_DRIVER_OPS \ + .fbdev_probe = drm_fbdev_dma_driver_fbdev_probe + void drm_fbdev_dma_setup(struct drm_device *dev, unsigned int preferred_bpp); #else static inline void drm_fbdev_dma_setup(struct drm_device *dev, unsigned int preferred_bpp) { } + +#define DRM_FBDEV_DMA_DRIVER_OPS \ + .fbdev_probe = NULL + #endif #endif -- 2.34.1

4 weeks, 1 day

2
5
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051222-thursday-outdoors-ffda@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

4 weeks, 1 day

3
4
0 0

[PATCH 5.15.y] mt76: mt7921: fix kernel crash at mt7921_pci_remove

by Feng Liu

From: Sean Wang <sean.wang(a)mediatek.com> [ Upstream commit ad483ed9dd5193a54293269c852a29051813b7bd ] The crash log shown it is possible that mt7921_irq_handler is called while devm_free_irq is being handled so mt76_free_device need to be postponed until devm_free_irq is completed to solve the crash we free the mt76 device too early. [ 9299.339655] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 9299.339705] #PF: supervisor read access in kernel mode [ 9299.339735] #PF: error_code(0x0000) - not-present page [ 9299.339768] PGD 0 P4D 0 [ 9299.339786] Oops: 0000 [#1] SMP PTI [ 9299.339812] CPU: 1 PID: 1624 Comm: prepare-suspend Not tainted 5.15.14-1.fc32.qubes.x86_64 #1 [ 9299.339863] Hardware name: Xen HVM domU, BIOS 4.14.3 01/20/2022 [ 9299.339901] RIP: 0010:mt7921_irq_handler+0x1e/0x70 [mt7921e] [ 9299.340048] RSP: 0018:ffffa81b80c27cb0 EFLAGS: 00010082 [ 9299.340081] RAX: 0000000000000000 RBX: ffff98a4cb752020 RCX: ffffffffa96211c5 [ 9299.340123] RDX: 0000000000000000 RSI: 00000000000d4204 RDI: ffff98a4cb752020 [ 9299.340165] RBP: ffff98a4c28a62a4 R08: ffff98a4c37a96c0 R09: 0000000080150011 [ 9299.340207] R10: 0000000040000000 R11: 0000000000000000 R12: ffff98a4c4eaa080 [ 9299.340249] R13: ffff98a4c28a6360 R14: ffff98a4cb752020 R15: ffff98a4c28a6228 [ 9299.340297] FS: 00007260840d3740(0000) GS:ffff98a4ef700000(0000) knlGS:0000000000000000 [ 9299.340345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 9299.340383] CR2: 0000000000000008 CR3: 0000000004c56001 CR4: 0000000000770ee0 [ 9299.340432] PKRU: 55555554 [ 9299.340449] Call Trace: [ 9299.340467] <TASK> [ 9299.340485] __free_irq+0x221/0x350 [ 9299.340527] free_irq+0x30/0x70 [ 9299.340553] devm_free_irq+0x55/0x80 [ 9299.340579] mt7921_pci_remove+0x2f/0x40 [mt7921e] [ 9299.340616] pci_device_remove+0x3b/0xa0 [ 9299.340651] __device_release_driver+0x17a/0x240 [ 9299.340686] device_driver_detach+0x3c/0xa0 [ 9299.340714] unbind_store+0x113/0x130 [ 9299.340740] kernfs_fop_write_iter+0x124/0x1b0 [ 9299.340775] new_sync_write+0x15c/0x1f0 [ 9299.340806] vfs_write+0x1d2/0x270 [ 9299.340831] ksys_write+0x67/0xe0 [ 9299.340857] do_syscall_64+0x3b/0x90 [ 9299.340887] entry_SYSCALL_64_after_hwframe+0x44/0xae Fixes: 5c14a5f944b9 ("mt76: mt7921: introduce mt7921e support") Reported-by: ThinerLogoer <logoerthiner1(a)163.com> Signed-off-by: Deren Wu <deren.wu(a)mediatek.com> Signed-off-by: Sean Wang <sean.wang(a)mediatek.com> Signed-off-by: Felix Fietkau <nbd(a)nbd.name> Signed-off-by: Sasha Levin <sashal(a)kernel.org> [mt7921_unregister_device was in init.c in linux5.10,fix context accordingly] Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 1 - drivers/net/wireless/mediatek/mt76/mt7921/pci.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/init.c b/drivers/net/wireless/mediatek/mt76/mt7921/init.c index c059cb419efd..6dee0268c4c1 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/init.c @@ -266,5 +266,4 @@ void mt7921_unregister_device(struct mt7921_dev *dev) mt7921_mcu_exit(dev); tasklet_disable(&dev->irq_tasklet); - mt76_free_device(&dev->mt76); } diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c index 7effee4978e9..f86558d897e4 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/pci.c @@ -310,6 +310,7 @@ static void mt7921_pci_remove(struct pci_dev *pdev) mt7921_unregister_device(dev); devm_free_irq(&pdev->dev, pdev->irq, dev); + mt76_free_device(&dev->mt76); pci_free_irq_vectors(pdev); } -- 2.34.1

4 weeks, 1 day

2
1
0 0

[PATCH 5.10.y] ASoC: q6afe-clocks: fix reprobing of the driver

by Feng Liu

From: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> [ Upstream commit 96fadf7e8ff49fdb74754801228942b67c3eeebd ] Q6afe-clocks driver can get reprobed. For example if the APR services are restarted after the firmware crash. However currently Q6afe-clocks driver will oops because hw.init will get cleared during first _probe call. Rewrite the driver to fill the clock data at runtime rather than using big static array of clocks. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Reviewed-by: Stephen Boyd <sboyd(a)kernel.org> Fixes: 520a1c396d19 ("ASoC: q6afe-clocks: add q6afe clock controller") Link: https://lore.kernel.org/r/20210327092857.3073879-1-dmitry.baryshkov@linaro.… Signed-off-by: Mark Brown <broonie(a)kernel.org> [Minor context change fixed] Signed-off-by: Feng Liu <Feng.Liu3(a)windriver.com> Signed-off-by: He Zhe <Zhe.He(a)windriver.com> --- Verified the build test. --- sound/soc/qcom/qdsp6/q6afe-clocks.c | 209 ++++++++++++++-------------- sound/soc/qcom/qdsp6/q6afe.c | 2 +- sound/soc/qcom/qdsp6/q6afe.h | 2 +- 3 files changed, 108 insertions(+), 105 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6afe-clocks.c b/sound/soc/qcom/qdsp6/q6afe-clocks.c index acfc0c698f6a..9431656283cd 100644 --- a/sound/soc/qcom/qdsp6/q6afe-clocks.c +++ b/sound/soc/qcom/qdsp6/q6afe-clocks.c @@ -11,33 +11,29 @@ #include <linux/slab.h> #include "q6afe.h" -#define Q6AFE_CLK(id) &(struct q6afe_clk) { \ +#define Q6AFE_CLK(id) { \ .clk_id = id, \ .afe_clk_id = Q6AFE_##id, \ .name = #id, \ - .attributes = LPASS_CLK_ATTRIBUTE_COUPLE_NO, \ .rate = 19200000, \ - .hw.init = &(struct clk_init_data) { \ - .ops = &clk_q6afe_ops, \ - .name = #id, \ - }, \ } -#define Q6AFE_VOTE_CLK(id, blkid, n) &(struct q6afe_clk) { \ +#define Q6AFE_VOTE_CLK(id, blkid, n) { \ .clk_id = id, \ .afe_clk_id = blkid, \ - .name = #n, \ - .hw.init = &(struct clk_init_data) { \ - .ops = &clk_vote_q6afe_ops, \ - .name = #id, \ - }, \ + .name = n, \ } -struct q6afe_clk { - struct device *dev; +struct q6afe_clk_init { int clk_id; int afe_clk_id; char *name; + int rate; +}; + +struct q6afe_clk { + struct device *dev; + int afe_clk_id; int attributes; int rate; uint32_t handle; @@ -48,8 +44,7 @@ struct q6afe_clk { struct q6afe_cc { struct device *dev; - struct q6afe_clk **clks; - int num_clks; + struct q6afe_clk *clks[Q6AFE_MAX_CLK_ID]; }; static int clk_q6afe_prepare(struct clk_hw *hw) @@ -105,7 +100,7 @@ static int clk_vote_q6afe_block(struct clk_hw *hw) struct q6afe_clk *clk = to_q6afe_clk(hw); return q6afe_vote_lpass_core_hw(clk->dev, clk->afe_clk_id, - clk->name, &clk->handle); + clk_hw_get_name(&clk->hw), &clk->handle); } static void clk_unvote_q6afe_block(struct clk_hw *hw) @@ -120,84 +115,76 @@ static const struct clk_ops clk_vote_q6afe_ops = { .unprepare = clk_unvote_q6afe_block, }; -struct q6afe_clk *q6afe_clks[Q6AFE_MAX_CLK_ID] = { - [LPASS_CLK_ID_PRI_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_MI2S_IBIT), - [LPASS_CLK_ID_PRI_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_MI2S_EBIT), - [LPASS_CLK_ID_SEC_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_MI2S_IBIT), - [LPASS_CLK_ID_SEC_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_MI2S_EBIT), - [LPASS_CLK_ID_TER_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_MI2S_IBIT), - [LPASS_CLK_ID_TER_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_MI2S_EBIT), - [LPASS_CLK_ID_QUAD_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_MI2S_IBIT), - [LPASS_CLK_ID_QUAD_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_MI2S_EBIT), - [LPASS_CLK_ID_SPEAKER_I2S_IBIT] = - Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_IBIT), - [LPASS_CLK_ID_SPEAKER_I2S_EBIT] = - Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_EBIT), - [LPASS_CLK_ID_SPEAKER_I2S_OSR] = - Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_OSR), - [LPASS_CLK_ID_QUI_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_IBIT), - [LPASS_CLK_ID_QUI_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_EBIT), - [LPASS_CLK_ID_SEN_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEN_MI2S_IBIT), - [LPASS_CLK_ID_SEN_MI2S_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEN_MI2S_EBIT), - [LPASS_CLK_ID_INT0_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT0_MI2S_IBIT), - [LPASS_CLK_ID_INT1_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT1_MI2S_IBIT), - [LPASS_CLK_ID_INT2_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT2_MI2S_IBIT), - [LPASS_CLK_ID_INT3_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT3_MI2S_IBIT), - [LPASS_CLK_ID_INT4_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT4_MI2S_IBIT), - [LPASS_CLK_ID_INT5_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT5_MI2S_IBIT), - [LPASS_CLK_ID_INT6_MI2S_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_INT6_MI2S_IBIT), - [LPASS_CLK_ID_QUI_MI2S_OSR] = Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_OSR), - [LPASS_CLK_ID_PRI_PCM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_PCM_IBIT), - [LPASS_CLK_ID_PRI_PCM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_PCM_EBIT), - [LPASS_CLK_ID_SEC_PCM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_PCM_IBIT), - [LPASS_CLK_ID_SEC_PCM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_PCM_EBIT), - [LPASS_CLK_ID_TER_PCM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_PCM_IBIT), - [LPASS_CLK_ID_TER_PCM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_PCM_EBIT), - [LPASS_CLK_ID_QUAD_PCM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_PCM_IBIT), - [LPASS_CLK_ID_QUAD_PCM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_PCM_EBIT), - [LPASS_CLK_ID_QUIN_PCM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUIN_PCM_IBIT), - [LPASS_CLK_ID_QUIN_PCM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUIN_PCM_EBIT), - [LPASS_CLK_ID_QUI_PCM_OSR] = Q6AFE_CLK(LPASS_CLK_ID_QUI_PCM_OSR), - [LPASS_CLK_ID_PRI_TDM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_TDM_IBIT), - [LPASS_CLK_ID_PRI_TDM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_PRI_TDM_EBIT), - [LPASS_CLK_ID_SEC_TDM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_TDM_IBIT), - [LPASS_CLK_ID_SEC_TDM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_SEC_TDM_EBIT), - [LPASS_CLK_ID_TER_TDM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_TDM_IBIT), - [LPASS_CLK_ID_TER_TDM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_TER_TDM_EBIT), - [LPASS_CLK_ID_QUAD_TDM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_TDM_IBIT), - [LPASS_CLK_ID_QUAD_TDM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUAD_TDM_EBIT), - [LPASS_CLK_ID_QUIN_TDM_IBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_IBIT), - [LPASS_CLK_ID_QUIN_TDM_EBIT] = Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_EBIT), - [LPASS_CLK_ID_QUIN_TDM_OSR] = Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_OSR), - [LPASS_CLK_ID_MCLK_1] = Q6AFE_CLK(LPASS_CLK_ID_MCLK_1), - [LPASS_CLK_ID_MCLK_2] = Q6AFE_CLK(LPASS_CLK_ID_MCLK_2), - [LPASS_CLK_ID_MCLK_3] = Q6AFE_CLK(LPASS_CLK_ID_MCLK_3), - [LPASS_CLK_ID_MCLK_4] = Q6AFE_CLK(LPASS_CLK_ID_MCLK_4), - [LPASS_CLK_ID_INTERNAL_DIGITAL_CODEC_CORE] = - Q6AFE_CLK(LPASS_CLK_ID_INTERNAL_DIGITAL_CODEC_CORE), - [LPASS_CLK_ID_INT_MCLK_0] = Q6AFE_CLK(LPASS_CLK_ID_INT_MCLK_0), - [LPASS_CLK_ID_INT_MCLK_1] = Q6AFE_CLK(LPASS_CLK_ID_INT_MCLK_1), - [LPASS_CLK_ID_WSA_CORE_MCLK] = Q6AFE_CLK(LPASS_CLK_ID_WSA_CORE_MCLK), - [LPASS_CLK_ID_WSA_CORE_NPL_MCLK] = - Q6AFE_CLK(LPASS_CLK_ID_WSA_CORE_NPL_MCLK), - [LPASS_CLK_ID_VA_CORE_MCLK] = Q6AFE_CLK(LPASS_CLK_ID_VA_CORE_MCLK), - [LPASS_CLK_ID_TX_CORE_MCLK] = Q6AFE_CLK(LPASS_CLK_ID_TX_CORE_MCLK), - [LPASS_CLK_ID_TX_CORE_NPL_MCLK] = - Q6AFE_CLK(LPASS_CLK_ID_TX_CORE_NPL_MCLK), - [LPASS_CLK_ID_RX_CORE_MCLK] = Q6AFE_CLK(LPASS_CLK_ID_RX_CORE_MCLK), - [LPASS_CLK_ID_RX_CORE_NPL_MCLK] = - Q6AFE_CLK(LPASS_CLK_ID_RX_CORE_NPL_MCLK), - [LPASS_CLK_ID_VA_CORE_2X_MCLK] = - Q6AFE_CLK(LPASS_CLK_ID_VA_CORE_2X_MCLK), - [LPASS_HW_AVTIMER_VOTE] = Q6AFE_VOTE_CLK(LPASS_HW_AVTIMER_VOTE, - Q6AFE_LPASS_CORE_AVTIMER_BLOCK, - "LPASS_AVTIMER_MACRO"), - [LPASS_HW_MACRO_VOTE] = Q6AFE_VOTE_CLK(LPASS_HW_MACRO_VOTE, - Q6AFE_LPASS_CORE_HW_MACRO_BLOCK, - "LPASS_HW_MACRO"), - [LPASS_HW_DCODEC_VOTE] = Q6AFE_VOTE_CLK(LPASS_HW_DCODEC_VOTE, - Q6AFE_LPASS_CORE_HW_DCODEC_BLOCK, - "LPASS_HW_DCODEC"), +static const struct q6afe_clk_init q6afe_clks[] = { + Q6AFE_CLK(LPASS_CLK_ID_PRI_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_PRI_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SPEAKER_I2S_OSR), + Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEN_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEN_MI2S_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT0_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT1_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT2_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT3_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT4_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT5_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_INT6_MI2S_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUI_MI2S_OSR), + Q6AFE_CLK(LPASS_CLK_ID_PRI_PCM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_PRI_PCM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_PCM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_PCM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_PCM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_PCM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_PCM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_PCM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUIN_PCM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUIN_PCM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUI_PCM_OSR), + Q6AFE_CLK(LPASS_CLK_ID_PRI_TDM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_PRI_TDM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_TDM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_SEC_TDM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_TDM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_TER_TDM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_TDM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUAD_TDM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_IBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_EBIT), + Q6AFE_CLK(LPASS_CLK_ID_QUIN_TDM_OSR), + Q6AFE_CLK(LPASS_CLK_ID_MCLK_1), + Q6AFE_CLK(LPASS_CLK_ID_MCLK_2), + Q6AFE_CLK(LPASS_CLK_ID_MCLK_3), + Q6AFE_CLK(LPASS_CLK_ID_MCLK_4), + Q6AFE_CLK(LPASS_CLK_ID_INTERNAL_DIGITAL_CODEC_CORE), + Q6AFE_CLK(LPASS_CLK_ID_INT_MCLK_0), + Q6AFE_CLK(LPASS_CLK_ID_INT_MCLK_1), + Q6AFE_CLK(LPASS_CLK_ID_WSA_CORE_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_WSA_CORE_NPL_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_VA_CORE_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_TX_CORE_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_TX_CORE_NPL_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_RX_CORE_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_RX_CORE_NPL_MCLK), + Q6AFE_CLK(LPASS_CLK_ID_VA_CORE_2X_MCLK), + Q6AFE_VOTE_CLK(LPASS_HW_AVTIMER_VOTE, + Q6AFE_LPASS_CORE_AVTIMER_BLOCK, + "LPASS_AVTIMER_MACRO"), + Q6AFE_VOTE_CLK(LPASS_HW_MACRO_VOTE, + Q6AFE_LPASS_CORE_HW_MACRO_BLOCK, + "LPASS_HW_MACRO"), + Q6AFE_VOTE_CLK(LPASS_HW_DCODEC_VOTE, + Q6AFE_LPASS_CORE_HW_DCODEC_BLOCK, + "LPASS_HW_DCODEC"), }; static struct clk_hw *q6afe_of_clk_hw_get(struct of_phandle_args *clkspec, @@ -207,7 +194,7 @@ static struct clk_hw *q6afe_of_clk_hw_get(struct of_phandle_args *clkspec, unsigned int idx = clkspec->args[0]; unsigned int attr = clkspec->args[1]; - if (idx >= cc->num_clks || attr > LPASS_CLK_ATTRIBUTE_COUPLE_DIVISOR) { + if (idx >= Q6AFE_MAX_CLK_ID || attr > LPASS_CLK_ATTRIBUTE_COUPLE_DIVISOR) { dev_err(cc->dev, "Invalid clk specifier (%d, %d)\n", idx, attr); return ERR_PTR(-EINVAL); } @@ -230,20 +217,36 @@ static int q6afe_clock_dev_probe(struct platform_device *pdev) if (!cc) return -ENOMEM; - cc->clks = &q6afe_clks[0]; - cc->num_clks = ARRAY_SIZE(q6afe_clks); + cc->dev = dev; for (i = 0; i < ARRAY_SIZE(q6afe_clks); i++) { - if (!q6afe_clks[i]) - continue; + unsigned int id = q6afe_clks[i].clk_id; + struct clk_init_data init = { + .name = q6afe_clks[i].name, + }; + struct q6afe_clk *clk; + + clk = devm_kzalloc(dev, sizeof(*clk), GFP_KERNEL); + if (!clk) + return -ENOMEM; + + clk->dev = dev; + clk->afe_clk_id = q6afe_clks[i].afe_clk_id; + clk->rate = q6afe_clks[i].rate; + clk->hw.init = &init; + + if (clk->rate) + init.ops = &clk_q6afe_ops; + else + init.ops = &clk_vote_q6afe_ops; - q6afe_clks[i]->dev = dev; + cc->clks[id] = clk; - ret = devm_clk_hw_register(dev, &q6afe_clks[i]->hw); + ret = devm_clk_hw_register(dev, &clk->hw); if (ret) return ret; } - ret = of_clk_add_hw_provider(dev->of_node, q6afe_of_clk_hw_get, cc); + ret = devm_of_clk_add_hw_provider(dev, q6afe_of_clk_hw_get, cc); if (ret) return ret; diff --git a/sound/soc/qcom/qdsp6/q6afe.c b/sound/soc/qcom/qdsp6/q6afe.c index 0ca1e4aae518..7be495336446 100644 --- a/sound/soc/qcom/qdsp6/q6afe.c +++ b/sound/soc/qcom/qdsp6/q6afe.c @@ -1681,7 +1681,7 @@ int q6afe_unvote_lpass_core_hw(struct device *dev, uint32_t hw_block_id, EXPORT_SYMBOL(q6afe_unvote_lpass_core_hw); int q6afe_vote_lpass_core_hw(struct device *dev, uint32_t hw_block_id, - char *client_name, uint32_t *client_handle) + const char *client_name, uint32_t *client_handle) { struct q6afe *afe = dev_get_drvdata(dev->parent); struct afe_cmd_remote_lpass_core_hw_vote_request *vote_cfg; diff --git a/sound/soc/qcom/qdsp6/q6afe.h b/sound/soc/qcom/qdsp6/q6afe.h index 22e10269aa10..3845b56c0ed3 100644 --- a/sound/soc/qcom/qdsp6/q6afe.h +++ b/sound/soc/qcom/qdsp6/q6afe.h @@ -236,7 +236,7 @@ int q6afe_port_set_sysclk(struct q6afe_port *port, int clk_id, int q6afe_set_lpass_clock(struct device *dev, int clk_id, int clk_src, int clk_root, unsigned int freq); int q6afe_vote_lpass_core_hw(struct device *dev, uint32_t hw_block_id, - char *client_name, uint32_t *client_handle); + const char *client_name, uint32_t *client_handle); int q6afe_unvote_lpass_core_hw(struct device *dev, uint32_t hw_block_id, uint32_t client_handle); #endif /* __Q6AFE_H__ */ -- 2.34.1

4 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051224-washing-elated-c973@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

4 weeks, 1 day

4
5
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051225-fiber-hummus-544f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

4 weeks, 1 day

3
4
0 0

FAILED: patch "[PATCH] usb: typec: ucsi: displayport: Fix deadlock" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 364618c89d4c57c85e5fc51a2446cd939bf57802 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051221-pacifist-liability-19cf@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 364618c89d4c57c85e5fc51a2446cd939bf57802 Mon Sep 17 00:00:00 2001 From: Andrei Kuchynski <akuchynski(a)chromium.org> Date: Thu, 24 Apr 2025 08:44:28 +0000 Subject: [PATCH] usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if a connection is established and the partner pointer is valid. This resolves a deadlock scenario where ucsi_displayport_remove_partner holds con->mutex waiting for dp_altmode_work to complete while dp_altmode_work attempts to acquire it. Cc: stable <stable(a)kernel.org> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Signed-off-by: Andrei Kuchynski <akuchynski(a)chromium.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250424084429.3220757-2-akuchynski@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..acd053d4e38c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -54,7 +54,8 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) u8 cur = 0; int ret; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -100,7 +101,7 @@ static int ucsi_displayport_enter(struct typec_altmode *alt, u32 *vdo) schedule_work(&dp->work); ret = 0; err_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -112,7 +113,8 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) u64 command; int ret = 0; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override) { const struct typec_altmode *p = typec_altmode_get_partner(alt); @@ -144,7 +146,7 @@ static int ucsi_displayport_exit(struct typec_altmode *alt) schedule_work(&dp->work); out_unlock: - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return ret; } @@ -202,20 +204,21 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, int cmd = PD_VDO_CMD(header); int svdm_version; - mutex_lock(&dp->con->lock); + if (!ucsi_con_mutex_lock(dp->con)) + return -ENOTCONN; if (!dp->override && dp->initialized) { const struct typec_altmode *p = typec_altmode_get_partner(alt); dev_warn(&p->dev, "firmware doesn't support alternate mode overriding\n"); - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return -EOPNOTSUPP; } svdm_version = typec_altmode_get_svdm_version(alt); if (svdm_version < 0) { - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return svdm_version; } @@ -259,7 +262,7 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, break; } - mutex_unlock(&dp->con->lock); + ucsi_con_mutex_unlock(dp->con); return 0; } diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c index e8c7e9dc4930..01ce858a1a2b 100644 --- a/drivers/usb/typec/ucsi/ucsi.c +++ b/drivers/usb/typec/ucsi/ucsi.c @@ -1922,6 +1922,40 @@ void ucsi_set_drvdata(struct ucsi *ucsi, void *data) } EXPORT_SYMBOL_GPL(ucsi_set_drvdata); +/** + * ucsi_con_mutex_lock - Acquire the connector mutex + * @con: The connector interface to lock + * + * Returns true on success, false if the connector is disconnected + */ +bool ucsi_con_mutex_lock(struct ucsi_connector *con) +{ + bool mutex_locked = false; + bool connected = true; + + while (connected && !mutex_locked) { + mutex_locked = mutex_trylock(&con->lock) != 0; + connected = UCSI_CONSTAT(con, CONNECTED); + if (connected && !mutex_locked) + msleep(20); + } + + connected = connected && con->partner; + if (!connected && mutex_locked) + mutex_unlock(&con->lock); + + return connected; +} + +/** + * ucsi_con_mutex_unlock - Release the connector mutex + * @con: The connector interface to unlock + */ +void ucsi_con_mutex_unlock(struct ucsi_connector *con) +{ + mutex_unlock(&con->lock); +} + /** * ucsi_create - Allocate UCSI instance * @dev: Device interface to the PPM (Platform Policy Manager) diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h index 3a2c1762bec1..9c5278a0c5d4 100644 --- a/drivers/usb/typec/ucsi/ucsi.h +++ b/drivers/usb/typec/ucsi/ucsi.h @@ -94,6 +94,8 @@ int ucsi_register(struct ucsi *ucsi); void ucsi_unregister(struct ucsi *ucsi); void *ucsi_get_drvdata(struct ucsi *ucsi); void ucsi_set_drvdata(struct ucsi *ucsi, void *data); +bool ucsi_con_mutex_lock(struct ucsi_connector *con); +void ucsi_con_mutex_unlock(struct ucsi_connector *con); void ucsi_connector_change(struct ucsi *ucsi, u8 num);

4 weeks, 1 day

3
4
0 0

My name is Hendrick John Neverett an International Trade Compliance Expert and Loan Facilitator for individual and corporate Loan Services. It is my pleasure to inform you of my intention to start a business investment in your country and I want you to be my partner/fiduciary agent.Respond for further

by Hendrick John Neverett

4 weeks, 1 day

1
0
0 0

[PATCH v2] dummycon: Trigger redraw when switching consoles with deferred takeover

by Thomas Zimmermann

Signal vt subsystem to redraw console when switching to dummycon with deferred takeover enabled. Makes the console switch to fbcon and displays the available output. With deferred takeover enabled, dummycon acts as the placeholder until the first output to the console happens. At that point, fbcon takes over. If the output happens while dummycon is not active, it cannot inform fbcon. This is the case if the vt subsystem runs in graphics mode. A typical graphical boot starts plymouth, a display manager and a compositor; all while leaving out dummycon. Switching to a text-mode console leaves the console with dummycon even if a getty terminal has been started. Returning true from dummycon's con_switch helper signals the vt subsystem to redraw the screen. If there's output available dummycon's con_putc{s} helpers trigger deferred takeover of fbcon, which sets a display mode and displays the output. If no output is available, dummycon remains active. v2: - make the comment slightly more verbose (Javier) Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1242191 Tested-by: Andrei Borzenkov <arvidjaar(a)gmail.com> Acked-by: Javier Martinez Canillas <javierm(a)redhat.com> Fixes: 83d83bebf401 ("console/fbcon: Add support for deferred console takeover") Cc: Hans de Goede <hdegoede(a)redhat.com> Cc: linux-fbdev(a)vger.kernel.org Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.19+ --- drivers/video/console/dummycon.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c index 139049368fdc..7d02470f19b9 100644 --- a/drivers/video/console/dummycon.c +++ b/drivers/video/console/dummycon.c @@ -85,6 +85,15 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, /* Redraw, so that we get putc(s) for output done while blanked */ return true; } + +static bool dummycon_switch(struct vc_data *vc) +{ + /* + * Redraw, so that we get putc(s) for output done while switched + * away. Informs deferred consoles to take over the display. + */ + return true; +} #else static void dummycon_putc(struct vc_data *vc, u16 c, unsigned int y, unsigned int x) { } @@ -95,6 +104,10 @@ static bool dummycon_blank(struct vc_data *vc, enum vesa_blank_mode blank, { return false; } +static bool dummycon_switch(struct vc_data *vc) +{ + return false; +} #endif static const char *dummycon_startup(void) @@ -124,11 +137,6 @@ static bool dummycon_scroll(struct vc_data *vc, unsigned int top, return false; } -static bool dummycon_switch(struct vc_data *vc) -{ - return false; -} - /* * The console `switch' structure for the dummy console * -- 2.49.0

4 weeks, 1 day

1
0
0 0

[PATCH] sched/eevdf: avoid pick_eevdf() returns NULL

by limingming3

pick_eevdf() may return NULL, which would triggers NULL pointer dereference and crash when best and curr are both NULL. There are two cases when curr would be NULL: 1) curr is NULL when enter pick_eevdf 2) we set it to NUll when curr is not on_rq or eligible. And when we went to the best = curr flow, the se should never be NULL, So when best and curr are both NULL, we'd better set best = se to avoid return NULL. Below crash is what I encounter very low probability on our server and I have not reproduce it, and I also found other people feedback some similar crash on lore. So believe the issue is really exit. <1>[ 8.607396] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 <1>[ 8.607399] Mem abort info: <1>[ 8.607400] ESR = 0x0000000096000004 <1>[ 8.607401] EC = 0x25: DABT (current EL), IL = 32 bits <1>[ 8.607402] SET = 0, FnV = 0 <1>[ 8.607403] EA = 0, S1PTW = 0 <1>[ 8.607403] FSC = 0x04: level 0 translation fault <1>[ 8.607404] Data abort info: <1>[ 8.607404] ISV = 0, ISS = 0x00000004 <1>[ 8.607404] CM = 0, WnR = 0 <1>[ 8.607405] user pgtable: 4k pages, 48-bit VAs, pgdp=000000011efef000 <1>[ 8.607406] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 <0>[ 8.607409] Internal error: Oops: 0000000096000004 [#1] PREEMPT_RT SMP <4>[ 8.607412] Modules linked in: tegradisp(O) sch_ingress xt_tcpudp iptable_filter 8021q garp mrp um_heap(O) nvhost_isp5(O) spidev nvhost_vi5(O) bridge nvhost_nvcsi_t194(O) tegra_capture_isp(O) tegra210_adma stp llc nvhost_capture(O) tegra_aconnect watchdog_tegra_t18x(O) spi_tegra114 tegra_camera(O) v4l2_dv_timings v4l2_fwnode v4l2_async videobuf2_dma_contig tegra_drm(O) cpuidle_tegra_auto(O) nvhost_nvcsi(O) nvhost_nvdla(O) tegra_camera_platform(O) drm_dp_aux_bus camchar(O) capture_ivc(O) cec videobuf2_v4l2 camera_diagnostics(O) snd_soc_tegra_virt_t210ref_pcm(O) drm_display_helper videobuf2_memops rtcpu_debug(O) snd_soc_tegra210_virt_alt_adsp(O) videobuf2_common drm_kms_helper videodev nvadsp(O) cdi_mgr(O) nvhost_pva(O) cdi_pwm(O) isc_mgr(O) sha3_ce isc_pwm(O) sha3_generic cdi_dev(O) sha512_ce lm90 snd_soc_tegra210_virt_alt_admaif(O) tegra_bpmp_thermal sha512_arm64 tegra_hv_vcpu_yield(O) tegra_hv_pm_ctl(O) cam_fsync(O) cdi_gpio(O) ukl(O) isc_dev(O) mc tegra_camera_rtcpu(O) <4>[ 8.607458] board_id_driver(O) tegra_fsicom(O) isc_gpio(O) ivc_bus(O) hsp_mailbox_client(O) nvhwpm(O) host1x_nvhost(O) nvgpu(O) mc_utils(O) nvmap(O) hvc_sysfs(O) tegra_nvvse_cryptodev(O) tegra_hv_vse_safety(O) host1x_fence(O) host1x(O) nvsciipc(O) userspace_ivc_mempool(O) ivc_cdev(O) logger(O) drm fuse ip_tables x_tables nvme nvme_core hashed_ecid(O) oak_pci(O) nvethernet(O) nvpps(O) tegra_bpmp(O) tegra_vblk(O) li_osdump(O) tegra_hv_vblk_oops(O) <4>[ 8.607479] CPU: 9 PID: 1300 Comm: R000000007400 Tainted: G W O 6.1.119-rt45-prod-rt-tegra #1 <4>[ 8.607481] Hardware name: p3960-0010 (DT) <4>[ 8.607482] pstate: 224000c5 (nzCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) <4>[ 8.607483] pc : pick_next_task_fair+0x98/0x490 <4>[ 8.607490] lr : pick_next_task_fair+0x98/0x490 <4>[ 8.607490] sp : ffff800021bdb1b0 <4>[ 8.607491] x29: ffff800021bdb1b0 x28: ffff0000836205c0 x27: 0000000000001000 <4>[ 8.607492] x26: d8e0d16df7b8e848 x25: ffff000e881b6dc0 x24: ffff000e881b6dc0 <4>[ 8.607494] x23: ffff800021bdb268 x22: ffff000e881b6d40 x21: ffff000083620000 <4>[ 8.607495] x20: ffff000e881b6dc0 x19: ffff000e881b6d40 x18: 00000000000005c8 <4>[ 8.607496] x17: 0000000000000000 x16: ffffd16df7896b40 x15: 0000000000000000 <4>[ 8.607497] x14: 0000000000000014 x13: ffff800021bdba90 x12: ffff0000b052f300 <4>[ 8.607498] x11: 00000000c425686b x10: 00000002010a4ab3 x9 : ffffd16df6ca7778 <4>[ 8.607499] x8 : ffff800021bdb390 x7 : 0000000000000000 x6 : 0000000000000002 <4>[ 8.607500] x5 : 0000000000000003 x4 : 0000000000000003 x3 : 0ab3e2bc8934c987 <4>[ 8.607501] x2 : ffff000085241ec0 x1 : 0abe8499696457cc x0 : 0000000000000000 <4>[ 8.607503] Call trace: <4>[ 8.607503] pick_next_task_fair+0x98/0x490 <4>[ 8.607505] __schedule+0x16c/0x870 <4>[ 8.607511] schedule_rtlock+0x28/0x60 <4>[ 8.607513] rtlock_slowlock_locked+0x3a0/0xcf0 <4>[ 8.607515] rt_spin_lock+0xb0/0xe0 <4>[ 8.607516] __wake_up_common_lock+0x68/0xe0 <4>[ 8.607519] __wake_up_sync_key+0x28/0x50 <4>[ 8.607520] sock_def_readable+0x48/0xa0 <4>[ 8.607523] __udp_enqueue_schedule_skb+0x158/0x2e0 <4>[ 8.607527] udp_queue_rcv_one_skb+0x1f8/0x6f0 <4>[ 8.607529] udp_queue_rcv_skb+0x64/0x290 <4>[ 8.607531] __udp4_lib_rcv+0x654/0x980 <4>[ 8.607532] udp_rcv+0x28/0x40 <4>[ 8.607533] ip_protocol_deliver_rcu+0x40/0x1d0 <4>[ 8.607538] ip_local_deliver_finish+0x84/0xe0 <4>[ 8.607540] ip_local_deliver+0x84/0x130 <4>[ 8.607542] ip_rcv+0x78/0x150 <4>[ 8.607544] __netif_receive_skb_one_core+0x60/0xb0 <4>[ 8.607548] __netif_receive_skb+0x20/0x80 <4>[ 8.607549] process_backlog+0xcc/0x1a0 <4>[ 8.607551] __napi_poll.constprop.0+0x40/0x230 <4>[ 8.607552] net_rx_action+0x13c/0x310 <4>[ 8.607553] handle_softirqs.isra.0+0x118/0x3a0 <4>[ 8.607556] __local_bh_enable_ip+0x8c/0x110 <4>[ 8.607556] netif_rx+0xf4/0x1d0 <4>[ 8.607558] dev_loopback_xmit+0x88/0x170 <4>[ 8.607559] ip_mc_finish_output+0x7c/0x180 <4>[ 8.607561] ip_mc_output+0x338/0x350 <4>[ 8.607562] ip_send_skb+0x58/0x130 <4>[ 8.607563] udp_send_skb+0x11c/0x3d0 <4>[ 8.607564] udp_sendmsg+0x794/0x9d0 <4>[ 8.607566] inet_sendmsg+0x4c/0xa0 <4>[ 8.607568] __sock_sendmsg+0x64/0x80 <4>[ 8.607572] __sys_sendto+0x114/0x170 <4>[ 8.607573] __arm64_sys_sendto+0x30/0x50 <4>[ 8.607575] invoke_syscall+0x50/0x140 <4>[ 8.607579] el0_svc_common.constprop.0+0x4c/0x110 <4>[ 8.607581] do_el0_svc+0x2c/0x90 <4>[ 8.607583] el0_svc+0x2c/0xa0 <4>[ 8.607585] el0t_64_sync_handler+0x124/0x130 <4>[ 8.607586] el0t_64_sync+0x190/0x194 <0>[ 8.607589] Code: 97fff1ee 37000200 aa1403e0 97ffddc7 (f9405014) <4>[ 8.607596] ---[ end trace 0000000000000000 ]--- Signed-off-by: limingming3 <limingming3(a)lixiang.com> --- kernel/sched/fair.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 0fb9bf995a47..7fd867d6b62d 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -978,7 +978,7 @@ static struct sched_entity *pick_eevdf(struct cfs_rq *cfs_rq) } found: if (!best || (curr && entity_before(curr, best))) - best = curr; + best = curr ? curr : se; return best; } -- 2.48.1

4 weeks, 1 day

4
4
0 0

Linux 6.14.7

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.7 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .clippy.toml | 2 Documentation/ABI/testing/sysfs-devices-system-cpu | 1 Documentation/admin-guide/hw-vuln/index.rst | 1 Documentation/admin-guide/hw-vuln/indirect-target-selection.rst | 168 ++++++++ Documentation/admin-guide/kernel-parameters.txt | 18 Makefile | 2 arch/arm64/boot/dts/freescale/imx8mm-verdin.dtsi | 25 - arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/insn.h | 1 arch/arm64/include/asm/spectre.h | 3 arch/arm64/kernel/cpufeature.c | 9 arch/arm64/kernel/proton-pack.c | 13 arch/arm64/kvm/mmu.c | 13 arch/arm64/lib/insn.c | 60 +- arch/arm64/net/bpf_jit_comp.c | 57 ++ arch/mips/include/asm/ptrace.h | 3 arch/riscv/kernel/process.c | 6 arch/riscv/kernel/traps.c | 64 +-- arch/riscv/kernel/traps_misaligned.c | 17 arch/s390/kernel/entry.S | 3 arch/s390/pci/pci_clp.c | 2 arch/x86/Kconfig | 12 arch/x86/entry/entry_64.S | 20 arch/x86/include/asm/alternative.h | 32 + arch/x86/include/asm/cpufeatures.h | 3 arch/x86/include/asm/microcode.h | 2 arch/x86/include/asm/msr-index.h | 8 arch/x86/include/asm/nospec-branch.h | 10 arch/x86/kernel/alternative.c | 208 +++++++++- arch/x86/kernel/cpu/bugs.c | 176 ++++++++ arch/x86/kernel/cpu/common.c | 72 ++- arch/x86/kernel/cpu/microcode/amd.c | 6 arch/x86/kernel/cpu/microcode/core.c | 58 +- arch/x86/kernel/cpu/microcode/intel.c | 2 arch/x86/kernel/cpu/microcode/internal.h | 1 arch/x86/kernel/ftrace.c | 2 arch/x86/kernel/head32.c | 4 arch/x86/kernel/module.c | 6 arch/x86/kernel/static_call.c | 4 arch/x86/kernel/vmlinux.lds.S | 10 arch/x86/kvm/mmu/mmu.c | 69 ++- arch/x86/kvm/smm.c | 1 arch/x86/kvm/svm/svm.c | 4 arch/x86/kvm/x86.c | 4 arch/x86/lib/retpoline.S | 39 + arch/x86/mm/tlb.c | 23 + arch/x86/net/bpf_jit_comp.c | 58 ++ drivers/accel/ivpu/ivpu_hw.c | 2 drivers/accel/ivpu/ivpu_job.c | 90 +++- drivers/base/cpu.c | 3 drivers/block/loop.c | 43 +- drivers/bluetooth/btmtk.c | 10 drivers/clocksource/i8253.c | 4 drivers/firmware/arm_scmi/driver.c | 13 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c | 18 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 29 - drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 drivers/gpu/drm/amd/amdgpu/hdp_v4_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v5_2.c | 12 drivers/gpu/drm/amd/amdgpu/hdp_v6_0.c | 7 drivers/gpu/drm/amd/amdgpu/hdp_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/vcn_v2_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v2_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 4 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_3.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 1 drivers/gpu/drm/amd/amdgpu/vcn_v5_0_0.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 36 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 28 + drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 14 drivers/gpu/drm/panel/panel-simple.c | 25 - drivers/gpu/drm/v3d/v3d_sched.c | 28 + drivers/gpu/drm/xe/tests/xe_mocs.c | 7 drivers/gpu/drm/xe/xe_gt_debugfs.c | 9 drivers/gpu/drm/xe/xe_gt_pagefault.c | 11 drivers/hv/hyperv_vmbus.h | 6 drivers/hv/vmbus_drv.c | 100 ++++ drivers/iio/accel/adis16201.c | 4 drivers/iio/accel/adxl355_core.c | 2 drivers/iio/accel/adxl367.c | 10 drivers/iio/adc/ad7266.c | 2 drivers/iio/adc/ad7606_spi.c | 2 drivers/iio/adc/ad7768-1.c | 2 drivers/iio/adc/dln2-adc.c | 2 drivers/iio/adc/rockchip_saradc.c | 17 drivers/iio/chemical/pms7003.c | 5 drivers/iio/chemical/sps30.c | 2 drivers/iio/common/hid-sensors/hid-sensor-attributes.c | 4 drivers/iio/imu/bmi270/bmi270_core.c | 6 drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_buffer.c | 6 drivers/iio/light/hid-sensor-prox.c | 22 - drivers/iio/light/opt3001.c | 5 drivers/iio/pressure/mprls0025pa.h | 17 drivers/iio/temperature/maxim_thermocouple.c | 2 drivers/input/joystick/xpad.c | 40 + drivers/input/keyboard/mtk-pmic-keys.c | 4 drivers/input/mouse/synaptics.c | 5 drivers/input/touchscreen/cyttsp5.c | 7 drivers/md/dm-table.c | 3 drivers/net/can/m_can/m_can.c | 3 drivers/net/can/rockchip/rockchip_canfd-core.c | 2 drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 +- drivers/net/dsa/b53/b53_common.c | 207 +++++++-- drivers/net/dsa/b53/b53_priv.h | 3 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/intel/ice/ice_adapter.c | 47 -- drivers/net/ethernet/intel/ice/ice_adapter.h | 6 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 19 drivers/net/ethernet/meta/fbnic/fbnic_csr.h | 2 drivers/net/ethernet/meta/fbnic/fbnic_fw.c | 197 +++++---- drivers/net/ethernet/meta/fbnic/fbnic_mac.c | 6 drivers/net/virtio_net.c | 23 - drivers/nvme/host/core.c | 3 drivers/pci/hotplug/s390_pci_hpc.c | 1 drivers/staging/axis-fifo/axis-fifo.c | 14 drivers/staging/iio/adc/ad7816.c | 2 drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c | 1 drivers/uio/uio_hv_generic.c | 39 - drivers/usb/cdns3/cdnsp-gadget.c | 31 + drivers/usb/cdns3/cdnsp-gadget.h | 6 drivers/usb/cdns3/cdnsp-pci.c | 12 drivers/usb/cdns3/cdnsp-ring.c | 3 drivers/usb/cdns3/core.h | 3 drivers/usb/class/usbtmc.c | 59 +- drivers/usb/dwc3/core.h | 4 drivers/usb/dwc3/gadget.c | 60 +- drivers/usb/gadget/composite.c | 12 drivers/usb/gadget/function/f_ecm.c | 7 drivers/usb/gadget/udc/tegra-xudc.c | 4 drivers/usb/host/uhci-platform.c | 2 drivers/usb/host/xhci-dbgcap.c | 19 drivers/usb/host/xhci-dbgcap.h | 3 drivers/usb/host/xhci-tegra.c | 3 drivers/usb/misc/onboard_usb_dev.c | 10 drivers/usb/typec/tcpm/tcpm.c | 2 drivers/usb/typec/ucsi/displayport.c | 21 - drivers/usb/typec/ucsi/ucsi.c | 34 + drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/vfio_pci_core.c | 12 drivers/xen/swiotlb-xen.c | 1 drivers/xen/xenbus/xenbus.h | 2 drivers/xen/xenbus/xenbus_comms.c | 9 drivers/xen/xenbus/xenbus_dev_frontend.c | 2 drivers/xen/xenbus/xenbus_xs.c | 18 fs/btrfs/volumes.c | 91 ---- fs/erofs/fileio.c | 4 fs/erofs/zdata.c | 31 - fs/namespace.c | 3 fs/ocfs2/alloc.c | 1 fs/ocfs2/journal.c | 80 ++- fs/ocfs2/journal.h | 1 fs/ocfs2/ocfs2.h | 17 fs/ocfs2/quota_local.c | 9 fs/ocfs2/suballoc.c | 38 + fs/ocfs2/suballoc.h | 1 fs/ocfs2/super.c | 3 fs/smb/client/cached_dir.c | 10 fs/smb/server/oplock.c | 7 fs/smb/server/smb2pdu.c | 5 fs/smb/server/vfs.c | 7 fs/smb/server/vfs_cache.c | 33 + fs/userfaultfd.c | 28 + include/linux/cpu.h | 2 include/linux/execmem.h | 3 include/linux/hyperv.h | 6 include/linux/ieee80211.h | 2 include/linux/module.h | 5 include/linux/timekeeper_internal.h | 8 include/linux/vmalloc.h | 1 include/net/netdev_queues.h | 6 init/Kconfig | 3 io_uring/io_uring.c | 58 +- io_uring/sqpoll.c | 2 kernel/params.c | 4 kernel/time/timekeeping.c | 50 ++ kernel/time/vsyscall.c | 4 mm/huge_memory.c | 11 mm/internal.h | 27 - mm/memblock.c | 9 mm/page_alloc.c | 161 ++++--- mm/vmalloc.c | 31 + net/can/gw.c | 149 ++++--- net/core/filter.c | 1 net/core/netdev-genl.c | 69 ++- net/ipv6/addrconf.c | 15 net/mac80211/mlme.c | 12 net/netfilter/ipset/ip_set_hash_gen.h | 2 net/netfilter/ipvs/ip_vs_xmit.c | 27 - net/openvswitch/actions.c | 3 net/sched/sch_htb.c | 15 net/wireless/scan.c | 2 rust/bindings/lib.rs | 1 rust/kernel/alloc/kvec.rs | 3 rust/kernel/list.rs | 3 rust/kernel/str.rs | 46 +- rust/macros/module.rs | 19 rust/macros/paste.rs | 2 rust/macros/pinned_drop.rs | 3 rust/uapi/lib.rs | 1 tools/objtool/check.c | 1 tools/testing/selftests/Makefile | 1 tools/testing/selftests/mm/compaction_test.c | 19 tools/testing/selftests/mm/pkey-powerpc.h | 14 tools/testing/selftests/mm/pkey_util.c | 1 tools/testing/selftests/x86/bugs/Makefile | 3 tools/testing/selftests/x86/bugs/common.py | 164 +++++++ tools/testing/selftests/x86/bugs/its_indirect_alignment.py | 150 +++++++ tools/testing/selftests/x86/bugs/its_permutations.py | 109 +++++ tools/testing/selftests/x86/bugs/its_ret_alignment.py | 139 ++++++ tools/testing/selftests/x86/bugs/its_sysfs.py | 65 +++ 215 files changed, 3564 insertions(+), 1212 deletions(-) Aditya Garg (3): Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Al Viro (1): do_umount(): add missing barrier before refcount checks in sync case Alex Deucher (7): Revert "drm/amd: Stop evicting resources on APUs in suspend" drm/amdgpu: fix pm notifier handling drm/amdgpu/hdp4: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5.2: use memcfg register to post the write for HDP flush drm/amdgpu/hdp5: use memcfg register to post the write for HDP flush drm/amdgpu/hdp6: use memcfg register to post the write for HDP flush drm/amdgpu/hdp7: use memcfg register to post the write for HDP flush Alex Williamson (1): vfio/pci: Align huge faults to order Alexander Duyck (7): fbnic: Fix initialization of mailbox descriptor rings fbnic: Gate AXI read/write enabling on FW mailbox fbnic: Actually flush_tx instead of stalling out fbnic: Cleanup handling of completions fbnic: Improve responsiveness of fbnic_mbx_poll_tx_ready fbnic: Pull fbnic_fw_xmit_cap_msg use out of interrupt context fbnic: Do not allow mailbox to toggle to ready outside fbnic_mbx_poll_tx_ready Alexey Charkov (1): usb: uhci-platform: Make the clock really optional Andrei Kuchynski (2): usb: typec: ucsi: displayport: Fix deadlock usb: typec: ucsi: displayport: Fix NULL pointer access Angelo Dureghello (1): iio: adc: ad7606: fix serial register access Antonios Salios (1): can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe Aurabindo Pillai (1): drm/amd/display: more liberal vmin/vmax update for freesync Borislav Petkov (AMD) (1): x86/microcode: Consolidate the loader enablement checking Christoph Hellwig (1): loop: factor out a loop_assign_backing_file helper Clément Léger (2): riscv: misaligned: factorize trap handling riscv: misaligned: enable IRQs while handling misaligned accesses Cong Wang (1): sch_htb: make htb_deactivate() idempotent Cristian Marussi (1): firmware: arm_scmi: Fix timeout checks on polling path Dan Carpenter (1): dm: add missing unlock on in dm_keyslot_evict() Daniel Golle (1): net: ethernet: mtk_eth_soc: reset all TX queues on DMA free Daniel Sneddon (2): x86/bpf: Call branch history clearing sequence on exit x86/bpf: Add IBHF call at end of classic BPF Daniel Wagner (1): nvme: unblock ctrl state transition for firmware update Dave Hansen (1): x86/mm: Eliminate window where TLB flushes may be inadvertently skipped Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return Dave Stevenson (1): staging: bcm2835-camera: Initialise dev in v4l2_dev David Lechner (4): iio: chemical: sps30: use aligned_s64 for timestamp iio: chemical: pms7003: use aligned_s64 for timestamp iio: imu: inv_mpu6050: align buffer for timestamp iio: pressure: mprls0025pa: use aligned_s64 for timestamp Dmitry Antipov (1): module: ensure that kobject_put() is safe for module type kobjects Dmitry Torokhov (1): Input: synaptics - enable SMBus for HP Elitebook 850 G1 Eelco Chaudron (1): openvswitch: Fix unsafe attribute parsing in output_userspace() Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Feng Tang (1): selftests/mm: compaction_test: support platform with huge mount of memory Frank Wunderlich (1): net: ethernet: mtk_eth_soc: do not reset PSE when setting FE Gabriel Krisman Bertazi (1): io_uring/sqpoll: Increase task_work submission batch size Gabriel Shahrouzi (4): staging: iio: adc: ad7816: Correct conditional logic for store mode staging: axis-fifo: Remove hardware resets for user errors staging: axis-fifo: Correct handling of tx_fifo_depth for size validation iio: adis16201: Correct inclinometer channel resolution Gao Xiang (1): erofs: ensure the extra temporary copy is valid for shortened bvecs Gary Bisson (1): Input: mtk-pmic-keys - fix possible null pointer dereference Gavin Guo (1): mm/huge_memory: fix dereferencing invalid pmd migration entry Greg Kroah-Hartman (1): Linux 6.14.7 Guillaume Nault (1): gre: Fix again IPv6 link-local address generation. Gustavo Silva (1): iio: imu: bmi270: fix initial sampling frequency configuration Hao Qin (1): Bluetooth: btmtk: Remove the resetting step before downloading the fw Heiko Carstens (1): s390/entry: Fix last breaking event handling in case of stack corruption Heming Zhao (1): ocfs2: fix the issue with discontiguous allocation in the global_bitmap Hugo Villeneuve (1): Input: cyttsp5 - ensure minimum reset pulse width Jacek Lawrynowicz (1): accel/ivpu: Increase state dump msg timeout Jakub Kicinski (4): virtio-net: don't re-enable refill work too early when NAPI is disabled virtio-net: free xsk_buffs on error in virtnet_xsk_pool_enable() net: export a helper for adding up queue stats virtio-net: fix total qstat values James Morse (6): arm64: insn: Add support for encoding DSB arm64: proton-pack: Expose whether the platform is mitigated by firmware arm64: proton-pack: Expose whether the branchy loop k value arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users arm64: proton-pack: Add new CPUs 'k' values for branch mitigation Jan Kara (3): ocfs2: switch osb->disable_recovery to enum ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: stop quota recovery before disabling quotas Jason Andryuk (1): xenbus: Use kref to track req lifetime Jens Axboe (2): io_uring: ensure deferred completions are flushed for multishot io_uring: always arm linked timeouts prior to issue Jim Lin (1): usb: host: tegra: Prevent host controller crash when OTG port is used Johannes Weiner (2): mm: page_alloc: don't steal single pages from biggest buddy mm: page_alloc: speed up fallbacks in rmqueue_bulk() John Ernberg (1): xen: swiotlb: Use swiotlb bouncing if kmalloc allocation demands it Jonas Gorski (11): net: dsa: b53: allow leaky reserved multicast net: dsa: b53: keep CPU port always tagged again net: dsa: b53: fix clearing PVID of a port net: dsa: b53: fix flushing old pvid VLAN on pvid change net: dsa: b53: fix VLAN ID for untagged vlan on bridge leave net: dsa: b53: always rejoin default untagged VLAN on bridge leave net: dsa: b53: do not allow to configure VLAN 0 net: dsa: b53: do not program vlans when vlan filtering is off net: dsa: b53: fix toggling vlan_filtering net: dsa: b53: fix learning on VLAN unaware bridges net: dsa: b53: do not set learning and unicast/multicast on up Jonathan Cameron (5): iio: adc: ad7768-1: Fix insufficient alignment of timestamp. iio: adc: ad7266: Fix potential timestamp alignment issue. iio: temp: maxim-thermocouple: Fix potential lack of DMA safe buffer. iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 iio: adc: dln2: Use aligned_s64 for timestamp Jozsef Kadlecsik (1): netfilter: ipset: fix region locking in hash types Julian Anastasov (1): ipvs: fix uninit-value for saddr in do_output_route4 Karol Wachowski (2): accel/ivpu: Separate DB ID and CMDQ ID allocations from CMDQ allocation accel/ivpu: Correct mutex unlock order in job submission Kees Cook (1): mm: vmalloc: support more granular vrealloc() sizing Kelsey Maes (1): can: mcp251xfd: fix TDC setting for low data bit rates Kevin Baker (1): drm/panel: simple: Update timings for AUO G101EVN010 Lizhi Xu (1): loop: Add sanity check for read/write_iter Lode Willems (1): Input: xpad - add support for 8BitDo Ultimate 2 Wireless Controller Lothar Rubusch (1): iio: accel: adxl367: fix setting odr for activity time update Luca Ceresoli (1): iio: light: opt3001: fix deadlock due to concurrent flag access Lukasz Czechowski (1): usb: misc: onboard_usb_dev: fix support for Cypress HX3 hubs Madhavan Srinivasan (1): selftests/mm: fix build break when compiling pkey_util.c Manuel Fombuena (1): Input: synaptics - enable InterTouch on Dynabook Portege X30-D Marc Kleine-Budde (3): can: mcan: m_can_class_unregister(): fix order of unregistration calls can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls Mark Tinguely (1): ocfs2: fix panic in failed foilio allocation Mathias Nyman (1): xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. Matthew Brost (1): drm/xe: Add page queue multiplier Max Kellermann (1): fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio() Maíra Canal (1): drm/v3d: Add job to pending list if the reset was skipped Michael-CY Lee (1): wifi: mac80211: fix the type of status_code for negotiated TID to Link Mapping Miguel Ojeda (5): rust: clean Rust 1.88.0's `unnecessary_transmutes` lint objtool/rust: add one more `noreturn` Rust function for Rust 1.87.0 rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration rust: allow Rust 1.87.0's `clippy::ptr_eq` lint rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint Mikael Gonella-Bolduc (1): Input: cyttsp5 - fix power control issue on wakeup Mikhail Lobanov (1): KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception Nam Cao (1): riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL Naman Jain (1): uio_hv_generic: Fix sysfs creation path for ring buffer Namjae Jeon (1): ksmbd: prevent rename with empty string Niklas Schnelle (2): s390/pci: Fix missing check for zpci_create_device() error return s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs Norbert Szetei (1): ksmbd: prevent out-of-bounds stream writes by validating *pos Nylon Chen (1): riscv: misaligned: Add handling for ZCB instructions Nysal Jan K.A. (1): selftests/mm: fix a build failure on powerpc Oliver Hartkopp (1): can: gw: fix RCU/BH usage in cgw_create_job() Oliver Neukum (1): USB: usbtmc: use interruptible sleep in usbtmc_read Paul Aurich (1): smb: client: Avoid race in open_cached_dir with lease breaks Paul Chaignon (1): bpf: Scrub packet on bpf_redirect_peer Pawan Gupta (11): x86/bhi: Do not set BHI_DIS_S in 32-bit mode Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs x86/its: Add support for RSB stuffing mitigation x86/its: Align RETs in BHB clear sequence to avoid thunking x86/ibt: Keep IBT disabled during alternative patching selftest/x86/bugs: Add selftests for ITS Pawel Laszczak (2): usb: cdnsp: Fix issue with resuming from L1 usb: cdnsp: fix L1 resume issue for RTL_REVISION_NEW_LPM version Peter Xu (1): mm/userfaultfd: fix uninitialized output field for -EAGAIN race Peter Zijlstra (2): x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Petr Vaněk (1): mm: fix folio_pte_batch() on XEN PV Prashanth K (3): usb: dwc3: gadget: Make gadget_wakeup asynchronous usb: gadget: f_ecm: Add get_status callback usb: gadget: Use get_status callback to set remote wakeup capability Przemek Kitszel (1): ice: use DSN instead of PCI BDF for ice_adapter index Qu Wenruo (1): Revert "btrfs: canonicalize the device path before adding it" RD Babiera (1): usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition Roman Li (1): drm/amd/display: Fix invalid context error in dml helper Ruijing Dong (1): drm/amdgpu/vcn: using separate VCN1_AON_SOC offset Samuel Holland (1): riscv: Disallow PR_GET_TAGGED_ADDR_CTRL without Supm Sean Christopherson (1): KVM: x86/mmu: Prevent installing hugepages when mem attributes are changing Sean Heelan (1): ksmbd: Fix UAF in __close_file_table_ids Sebastian Andrzej Siewior (1): clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() Sebastian Ott (1): KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Shuicheng Lin (1): drm/xe: Release force wake first then runtime power Silvano Seva (2): iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo Simon Xue (1): iio: adc: rockchip: Fix clock initialization sequence Tejas Upadhyay (1): drm/xe/tests/mocs: Hold XE_FORCEWAKE_ALL for LNCF regs Thomas Gleixner (1): timekeeping: Prevent coarse clocks going backwards Thorsten Blum (1): MIPS: Fix MAX_REG_OFFSET Tom Lendacky (1): memblock: Accept allocated memory before use in memblock_double_array() Veerendranath Jakkam (1): wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Vicki Pfau (2): Input: xpad - fix Share button on Xbox One controllers Input: xpad - fix two controller table values Wang Zhaolong (1): ksmbd: fix memory leak in parse_lease_state() Wayne Chang (1): usb: gadget: tegra-xudc: ACK ST_RC after clearing CTRL_RUN Wayne Lin (5): drm/amd/display: Shift DMUB AUX reply command if necessary drm/amd/display: Fix the checking condition in dmub aux handling drm/amd/display: Remove incorrect checking in dmub aux handler drm/amd/display: Fix wrong handling for AUX_DEFER case drm/amd/display: Copy AUX read reply data whenever length > 0 Wojciech Dubowik (1): arm64: dts: imx8mm-verdin: Link reg_usdhc2_vqmmc to usdhc2 Yeoreum Yun (1): arm64: cpufeature: Move arm64_use_ng_mappings to the .data section to prevent wrong idmap generation Zhang Lixu (3): iio: hid-sensor-prox: Restore lost scale assignments iio: hid-sensor-prox: support multi-channel SCALE calculation iio: hid-sensor-prox: Fix incorrect OFFSET calculation

4 weeks, 1 day

2
2
0 0

[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/powerpc/lib/crypto/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5da..3f9e1bbd9905b 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -8,10 +8,11 @@ config CRYPTO_CHACHA20_P10 select CRYPTO_ARCH_HAVE_LIB_CHACHA config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC config CRYPTO_SHA256_PPC_SPE base-commit: 57999ed153ed7e651afecbabe0e998e75cf2d798 -- 2.49.0

4 weeks, 1 day

3
7
0 0

[PATCH 0/4 RESEND] crypto: octeontx2: Fix hang and address alignment issues

by Bharat Bhushan

First patch of the series fixes possible infinite loop. Remaining three patches fixes address alignment issue observed after "9382bc44b5f5 arm64: allow kmalloc() caches aligned to the smaller cache_line_size()" Patch-2 and patch-3 applies to stable version 6.6 onwards. Patch-4 applies to stable version 6.12 onwards Bharat Bhushan (4): crypto: octeontx2: add timeout for load_fvc completion poll crypto: octeontx2: Fix address alignment issue on ucode loading crypto: octeontx2: Fix address alignment on CN10K A0/A1 and OcteonTX2 crypto: octeontx2: Fix address alignment on CN10KB and CN10KA-B0 .../marvell/octeontx2/otx2_cpt_reqmgr.h | 119 +++++++++++++----- .../marvell/octeontx2/otx2_cptpf_ucode.c | 46 ++++--- 2 files changed, 121 insertions(+), 44 deletions(-) -- 2.34.1

4 weeks, 1 day

4
9
0 0

[PATCH 1/1] Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests

by mhkelley58＠gmail.com

From: Michael Kelley <mhklinux(a)outlook.com> The Hyper-V host provides guest VMs with a range of MMIO addresses that guest VMBus drivers can use. The VMBus driver in Linux manages that MMIO space, and allocates portions to drivers upon request. As part of managing that MMIO space in a Generation 2 VM, the VMBus driver must reserve the portion of the MMIO space that Hyper-V has designated for the synthetic frame buffer, and not allocate this space to VMBus drivers other than graphics framebuffer drivers. The synthetic frame buffer MMIO area is described by the screen_info data structure that is passed to the Linux kernel at boot time, so the VMBus driver must access screen_info for Generation 2 VMs. (In Generation 1 VMs, the framebuffer MMIO space is communicated to the guest via a PCI pseudo-device, and access to screen_info is not needed.) In commit a07b50d80ab6 ("hyperv: avoid dependency on screen_info") the VMBus driver's access to screen_info is restricted to when CONFIG_SYSFB is enabled. CONFIG_SYSFB is typically enabled in kernels built for Hyper-V by virtue of having at least one of CONFIG_FB_EFI, CONFIG_FB_VESA, or CONFIG_SYSFB_SIMPLEFB enabled, so the restriction doesn't usually affect anything. But it's valid to have none of these enabled, in which case CONFIG_SYSFB is not enabled, and the VMBus driver is unable to properly reserve the framebuffer MMIO space for graphics framebuffer drivers. The framebuffer MMIO space may be assigned to some other VMBus driver, with undefined results. As an example, if a VM is using a PCI pass-thru NVMe controller to host the OS disk, the PCI NVMe controller is probed before any graphic devices, and the NVMe controller is assigned a portion of the framebuffer MMIO space. Hyper-V reports an error to Linux during the probe, and the OS disk fails to get setup. Then Linux fails to boot in the VM. Fix this by having CONFIG_HYPERV always select SYSFB. Then the VMBus driver in a Gen 2 VM can always reserve the MMIO space for the graphics framebuffer driver, and prevent the undefined behavior. Fixes: a07b50d80ab6 ("hyperv: avoid dependency on screen_info") Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> --- drivers/hv/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig index eefa0b559b73..e3b07f390c03 100644 --- a/drivers/hv/Kconfig +++ b/drivers/hv/Kconfig @@ -9,6 +9,7 @@ config HYPERV select PARAVIRT select X86_HV_CALLBACK_VECTOR if X86 select OF_EARLY_FLATTREE if OF + select SYSFB help Select this option to run Linux as a Hyper-V client operating system. -- 2.25.1

4 weeks, 1 day

5
8
0 0

[PATCH] mmc: sdhci-omap: Add error handling for sdhci_runtime_suspend_host()

by Wentao Liang

The sdhci_omap_runtime_suspend() calls sdhci_runtime_suspend_host() but does not handle the return value. A proper implementation can be found in sdhci_am654_runtime_suspend(). Add error handling for sdhci_runtime_suspend_host(). Return the error code if the suspend fails. Fixes: f433e8aac6b9 ("mmc: sdhci-omap: Implement PM runtime functions") Cc: stable(a)vger.kernel.org # v5.16 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- drivers/mmc/host/sdhci-omap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-omap.c b/drivers/mmc/host/sdhci-omap.c index 54d795205fb4..69b2e4e5cb20 100644 --- a/drivers/mmc/host/sdhci-omap.c +++ b/drivers/mmc/host/sdhci-omap.c @@ -1438,6 +1438,7 @@ static int __maybe_unused sdhci_omap_runtime_suspend(struct device *dev) struct sdhci_host *host = dev_get_drvdata(dev); struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); struct sdhci_omap_host *omap_host = sdhci_pltfm_priv(pltfm_host); + int ret; if (host->tuning_mode != SDHCI_TUNING_MODE_3) mmc_retune_needed(host->mmc); @@ -1445,7 +1446,9 @@ static int __maybe_unused sdhci_omap_runtime_suspend(struct device *dev) if (omap_host->con != -EINVAL) sdhci_runtime_suspend_host(host); - sdhci_omap_context_save(omap_host); + ret = sdhci_omap_context_save(omap_host); + if (ret) + return ret; pinctrl_pm_select_idle_state(dev); -- 2.42.0.windows.2

4 weeks, 1 day

2
1
0 0

+ alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: alloc_tag: allocate percpu counters for module tags dynamically has been added to the -mm mm-hotfixes-unstable branch. Its filename is alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: allocate percpu counters for module tags dynamically Date: Fri, 16 May 2025 17:07:39 -0700 When a module gets unloaded it checks whether any of its tags are still in use and if so, we keep the memory containing module's allocation tags alive until all tags are unused. However percpu counters referenced by the tags are freed by free_module(). This will lead to UAF if the memory allocated by a module is accessed after module was unloaded. To fix this we allocate percpu counters for module allocation tags dynamically and we keep it alive for tags which are still in use after module unloading. This also removes the requirement of a larger PERCPU_MODULE_RESERVE when memory allocation profiling is enabled because percpu memory for counters does not need to be reserved anymore. Link: https://lkml.kernel.org/r/20250517000739.5930-1-surenb@google.com Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate contiguous memory") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: David Wang <00107082(a)163.com> Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/ Tested-by: David Wang <00107082(a)163.com> Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org> Cc: Dennis Zhou <dennis(a)kernel.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/alloc_tag.h | 12 ++++ include/linux/codetag.h | 8 +-- include/linux/percpu.h | 4 - lib/alloc_tag.c | 89 ++++++++++++++++++++++++++++-------- lib/codetag.c | 5 +- 5 files changed, 89 insertions(+), 29 deletions(-) --- a/include/linux/alloc_tag.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/alloc_tag.h @@ -104,6 +104,16 @@ DECLARE_PER_CPU(struct alloc_tag_counter #else /* ARCH_NEEDS_WEAK_PER_CPU */ +#ifdef MODULE + +#define DEFINE_ALLOC_TAG(_alloc_tag) \ + static struct alloc_tag _alloc_tag __used __aligned(8) \ + __section(ALLOC_TAG_SECTION_NAME) = { \ + .ct = CODE_TAG_INIT, \ + .counters = NULL }; + +#else /* MODULE */ + #define DEFINE_ALLOC_TAG(_alloc_tag) \ static DEFINE_PER_CPU(struct alloc_tag_counters, _alloc_tag_cntr); \ static struct alloc_tag _alloc_tag __used __aligned(8) \ @@ -111,6 +121,8 @@ DECLARE_PER_CPU(struct alloc_tag_counter .ct = CODE_TAG_INIT, \ .counters = &_alloc_tag_cntr }; +#endif /* MODULE */ + #endif /* ARCH_NEEDS_WEAK_PER_CPU */ DECLARE_STATIC_KEY_MAYBE(CONFIG_MEM_ALLOC_PROFILING_ENABLED_BY_DEFAULT, --- a/include/linux/codetag.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/codetag.h @@ -36,10 +36,10 @@ union codetag_ref { struct codetag_type_desc { const char *section; size_t tag_size; - void (*module_load)(struct codetag_type *cttype, - struct codetag_module *cmod); - void (*module_unload)(struct codetag_type *cttype, - struct codetag_module *cmod); + void (*module_load)(struct module *mod, + struct codetag *start, struct codetag *end); + void (*module_unload)(struct module *mod, + struct codetag *start, struct codetag *end); #ifdef CONFIG_MODULES void (*module_replaced)(struct module *mod, struct module *new_mod); bool (*needs_section_mem)(struct module *mod, unsigned long size); --- a/include/linux/percpu.h~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/include/linux/percpu.h @@ -15,11 +15,7 @@ /* enough to cover all DEFINE_PER_CPUs in modules */ #ifdef CONFIG_MODULES -#ifdef CONFIG_MEM_ALLOC_PROFILING -#define PERCPU_MODULE_RESERVE (8 << 13) -#else #define PERCPU_MODULE_RESERVE (8 << 10) -#endif #else #define PERCPU_MODULE_RESERVE 0 #endif --- a/lib/alloc_tag.c~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/lib/alloc_tag.c @@ -350,18 +350,28 @@ static bool needs_section_mem(struct mod return size >= sizeof(struct alloc_tag); } -static struct alloc_tag *find_used_tag(struct alloc_tag *from, struct alloc_tag *to) +static bool clean_unused_counters(struct alloc_tag *start_tag, + struct alloc_tag *end_tag) { - while (from <= to) { + struct alloc_tag *tag; + bool ret = true; + + for (tag = start_tag; tag <= end_tag; tag++) { struct alloc_tag_counters counter; - counter = alloc_tag_read(from); - if (counter.bytes) - return from; - from++; + if (!tag->counters) + continue; + + counter = alloc_tag_read(tag); + if (!counter.bytes) { + free_percpu(tag->counters); + tag->counters = NULL; + } else { + ret = false; + } } - return NULL; + return ret; } /* Called with mod_area_mt locked */ @@ -371,12 +381,16 @@ static void clean_unused_module_areas_lo struct module *val; mas_for_each(&mas, val, module_tags.size) { + struct alloc_tag *start_tag; + struct alloc_tag *end_tag; + if (val != &unloaded_mod) continue; /* Release area if all tags are unused */ - if (!find_used_tag((struct alloc_tag *)(module_tags.start_addr + mas.index), - (struct alloc_tag *)(module_tags.start_addr + mas.last))) + start_tag = (struct alloc_tag *)(module_tags.start_addr + mas.index); + end_tag = (struct alloc_tag *)(module_tags.start_addr + mas.last); + if (clean_unused_counters(start_tag, end_tag)) mas_erase(&mas); } } @@ -561,7 +575,8 @@ unlock: static void release_module_tags(struct module *mod, bool used) { MA_STATE(mas, &mod_area_mt, module_tags.size, module_tags.size); - struct alloc_tag *tag; + struct alloc_tag *start_tag; + struct alloc_tag *end_tag; struct module *val; mas_lock(&mas); @@ -575,15 +590,22 @@ static void release_module_tags(struct m if (!used) goto release_area; - /* Find out if the area is used */ - tag = find_used_tag((struct alloc_tag *)(module_tags.start_addr + mas.index), - (struct alloc_tag *)(module_tags.start_addr + mas.last)); - if (tag) { - struct alloc_tag_counters counter = alloc_tag_read(tag); - - pr_info("%s:%u module %s func:%s has %llu allocated at module unload\n", - tag->ct.filename, tag->ct.lineno, tag->ct.modname, - tag->ct.function, counter.bytes); + start_tag = (struct alloc_tag *)(module_tags.start_addr + mas.index); + end_tag = (struct alloc_tag *)(module_tags.start_addr + mas.last); + if (!clean_unused_counters(start_tag, end_tag)) { + struct alloc_tag *tag; + + for (tag = start_tag; tag <= end_tag; tag++) { + struct alloc_tag_counters counter; + + if (!tag->counters) + continue; + + counter = alloc_tag_read(tag); + pr_info("%s:%u module %s func:%s has %llu allocated at module unload\n", + tag->ct.filename, tag->ct.lineno, tag->ct.modname, + tag->ct.function, counter.bytes); + } } else { used = false; } @@ -596,6 +618,34 @@ out: mas_unlock(&mas); } +static void load_module(struct module *mod, struct codetag *start, struct codetag *stop) +{ + /* Allocate module alloc_tag percpu counters */ + struct alloc_tag *start_tag; + struct alloc_tag *stop_tag; + struct alloc_tag *tag; + + if (!mod) + return; + + start_tag = ct_to_alloc_tag(start); + stop_tag = ct_to_alloc_tag(stop); + for (tag = start_tag; tag < stop_tag; tag++) { + WARN_ON(tag->counters); + tag->counters = alloc_percpu(struct alloc_tag_counters); + if (!tag->counters) { + while (--tag >= start_tag) { + free_percpu(tag->counters); + tag->counters = NULL; + } + shutdown_mem_profiling(true); + pr_err("Failed to allocate memory for allocation tag percpu counters in the module %s. Memory allocation profiling is disabled!\n", + mod->name); + break; + } + } +} + static void replace_module(struct module *mod, struct module *new_mod) { MA_STATE(mas, &mod_area_mt, 0, module_tags.size); @@ -757,6 +807,7 @@ static int __init alloc_tag_init(void) .needs_section_mem = needs_section_mem, .alloc_section_mem = reserve_module_tags, .free_section_mem = release_module_tags, + .module_load = load_module, .module_replaced = replace_module, #endif }; --- a/lib/codetag.c~alloc_tag-allocate-percpu-counters-for-module-tags-dynamically +++ a/lib/codetag.c @@ -194,7 +194,7 @@ static int codetag_module_init(struct co if (err >= 0) { cttype->count += range_size(cttype, &range); if (cttype->desc.module_load) - cttype->desc.module_load(cttype, cmod); + cttype->desc.module_load(mod, range.start, range.stop); } up_write(&cttype->mod_lock); @@ -333,7 +333,8 @@ void codetag_unload_module(struct module } if (found) { if (cttype->desc.module_unload) - cttype->desc.module_unload(cttype, cmod); + cttype->desc.module_unload(cmod->mod, + cmod->range.start, cmod->range.stop); cttype->count -= range_size(cttype, &cmod->range); idr_remove(&cttype->mod_idr, mod_id); _ Patches currently in -mm which might be from surenb(a)google.com are alloc_tag-allocate-percpu-counters-for-module-tags-dynamically.patch

4 weeks, 1 day

1
0
0 0

[PATCH AUTOSEL 5.4 1/5] HID: quirks: Add ADATA XPG alpha wireless mouse support

by Sasha Levin

From: Milton Barrera <miltonjosue2001(a)gmail.com> [ Upstream commit fa9fdeea1b7d6440c22efa6d59a769eae8bc89f1 ] This patch adds HID_QUIRK_ALWAYS_POLL for the ADATA XPG wireless gaming mouse (USB ID 125f:7505) and its USB dongle (USB ID 125f:7506). Without this quirk, the device does not generate input events properly. Signed-off-by: Milton Barrera <miltonjosue2001(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-ids.h | 4 ++++ drivers/hid/hid-quirks.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index d5369577b4755..356916608cc49 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -40,6 +40,10 @@ #define USB_VENDOR_ID_ACTIONSTAR 0x2101 #define USB_DEVICE_ID_ACTIONSTAR_1011 0x1011 +#define USB_VENDOR_ID_ADATA_XPG 0x125f +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE 0x7505 +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE 0x7506 + #define USB_VENDOR_ID_ADS_TECH 0x06e1 #define USB_DEVICE_ID_ADS_TECH_RADIO_SI470X 0xa155 diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index 9b375ca53946e..ff1a9d142cddf 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -27,6 +27,8 @@ static const struct hid_device_id hid_quirks[] = { { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_GAMEPAD), HID_QUIRK_BADPAD }, { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_PREDATOR), HID_QUIRK_BADPAD }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE), HID_QUIRK_ALWAYS_POLL }, { HID_USB_DEVICE(USB_VENDOR_ID_AFATECH, USB_DEVICE_ID_AFATECH_AF9016), HID_QUIRK_FULLSPEED_INTERVAL }, { HID_USB_DEVICE(USB_VENDOR_ID_AIREN, USB_DEVICE_ID_AIREN_SLIMPLUS), HID_QUIRK_NOGET }, { HID_USB_DEVICE(USB_VENDOR_ID_AKAI_09E8, USB_DEVICE_ID_AKAI_09E8_MIDIMIX), HID_QUIRK_NO_INIT_REPORTS }, -- 2.39.5

4 weeks, 1 day

1
4
0 0

[PATCH AUTOSEL 5.10 1/6] HID: quirks: Add ADATA XPG alpha wireless mouse support

by Sasha Levin

From: Milton Barrera <miltonjosue2001(a)gmail.com> [ Upstream commit fa9fdeea1b7d6440c22efa6d59a769eae8bc89f1 ] This patch adds HID_QUIRK_ALWAYS_POLL for the ADATA XPG wireless gaming mouse (USB ID 125f:7505) and its USB dongle (USB ID 125f:7506). Without this quirk, the device does not generate input events properly. Signed-off-by: Milton Barrera <miltonjosue2001(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-ids.h | 4 ++++ drivers/hid/hid-quirks.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index d86720fce48f9..4b8f8e0ce8ca2 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -41,6 +41,10 @@ #define USB_VENDOR_ID_ACTIONSTAR 0x2101 #define USB_DEVICE_ID_ACTIONSTAR_1011 0x1011 +#define USB_VENDOR_ID_ADATA_XPG 0x125f +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE 0x7505 +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE 0x7506 + #define USB_VENDOR_ID_ADS_TECH 0x06e1 #define USB_DEVICE_ID_ADS_TECH_RADIO_SI470X 0xa155 diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index 9c1afe9cdddfd..b3e7ede8f398e 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -27,6 +27,8 @@ static const struct hid_device_id hid_quirks[] = { { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_GAMEPAD), HID_QUIRK_BADPAD }, { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_PREDATOR), HID_QUIRK_BADPAD }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE), HID_QUIRK_ALWAYS_POLL }, { HID_USB_DEVICE(USB_VENDOR_ID_AFATECH, USB_DEVICE_ID_AFATECH_AF9016), HID_QUIRK_FULLSPEED_INTERVAL }, { HID_USB_DEVICE(USB_VENDOR_ID_AIREN, USB_DEVICE_ID_AIREN_SLIMPLUS), HID_QUIRK_NOGET }, { HID_USB_DEVICE(USB_VENDOR_ID_AKAI_09E8, USB_DEVICE_ID_AKAI_09E8_MIDIMIX), HID_QUIRK_NO_INIT_REPORTS }, -- 2.39.5

4 weeks, 1 day

1
5
0 0

[PATCH AUTOSEL 5.15 1/7] HID: quirks: Add ADATA XPG alpha wireless mouse support

by Sasha Levin

From: Milton Barrera <miltonjosue2001(a)gmail.com> [ Upstream commit fa9fdeea1b7d6440c22efa6d59a769eae8bc89f1 ] This patch adds HID_QUIRK_ALWAYS_POLL for the ADATA XPG wireless gaming mouse (USB ID 125f:7505) and its USB dongle (USB ID 125f:7506). Without this quirk, the device does not generate input events properly. Signed-off-by: Milton Barrera <miltonjosue2001(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-ids.h | 4 ++++ drivers/hid/hid-quirks.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 44825a916eeb2..08494eb652091 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -41,6 +41,10 @@ #define USB_VENDOR_ID_ACTIONSTAR 0x2101 #define USB_DEVICE_ID_ACTIONSTAR_1011 0x1011 +#define USB_VENDOR_ID_ADATA_XPG 0x125f +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE 0x7505 +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE 0x7506 + #define USB_VENDOR_ID_ADS_TECH 0x06e1 #define USB_DEVICE_ID_ADS_TECH_RADIO_SI470X 0xa155 diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index b5ad4c87daacf..126cadb117fef 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -27,6 +27,8 @@ static const struct hid_device_id hid_quirks[] = { { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_GAMEPAD), HID_QUIRK_BADPAD }, { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_PREDATOR), HID_QUIRK_BADPAD }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE), HID_QUIRK_ALWAYS_POLL }, { HID_USB_DEVICE(USB_VENDOR_ID_AFATECH, USB_DEVICE_ID_AFATECH_AF9016), HID_QUIRK_FULLSPEED_INTERVAL }, { HID_USB_DEVICE(USB_VENDOR_ID_AIREN, USB_DEVICE_ID_AIREN_SLIMPLUS), HID_QUIRK_NOGET }, { HID_USB_DEVICE(USB_VENDOR_ID_AKAI_09E8, USB_DEVICE_ID_AKAI_09E8_MIDIMIX), HID_QUIRK_NO_INIT_REPORTS }, -- 2.39.5

4 weeks, 1 day

1
6
0 0

[PATCH AUTOSEL 6.1 1/8] HID: quirks: Add ADATA XPG alpha wireless mouse support

by Sasha Levin

From: Milton Barrera <miltonjosue2001(a)gmail.com> [ Upstream commit fa9fdeea1b7d6440c22efa6d59a769eae8bc89f1 ] This patch adds HID_QUIRK_ALWAYS_POLL for the ADATA XPG wireless gaming mouse (USB ID 125f:7505) and its USB dongle (USB ID 125f:7506). Without this quirk, the device does not generate input events properly. Signed-off-by: Milton Barrera <miltonjosue2001(a)gmail.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-ids.h | 4 ++++ drivers/hid/hid-quirks.c | 2 ++ 2 files changed, 6 insertions(+) diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h index 4187d890bcc1a..e078d2ac92c87 100644 --- a/drivers/hid/hid-ids.h +++ b/drivers/hid/hid-ids.h @@ -41,6 +41,10 @@ #define USB_VENDOR_ID_ACTIONSTAR 0x2101 #define USB_DEVICE_ID_ACTIONSTAR_1011 0x1011 +#define USB_VENDOR_ID_ADATA_XPG 0x125f +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE 0x7505 +#define USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE 0x7506 + #define USB_VENDOR_ID_ADS_TECH 0x06e1 #define USB_DEVICE_ID_ADS_TECH_RADIO_SI470X 0xa155 diff --git a/drivers/hid/hid-quirks.c b/drivers/hid/hid-quirks.c index 875c44e5cf6c2..d8c5c7d451efd 100644 --- a/drivers/hid/hid-quirks.c +++ b/drivers/hid/hid-quirks.c @@ -27,6 +27,8 @@ static const struct hid_device_id hid_quirks[] = { { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_GAMEPAD), HID_QUIRK_BADPAD }, { HID_USB_DEVICE(USB_VENDOR_ID_AASHIMA, USB_DEVICE_ID_AASHIMA_PREDATOR), HID_QUIRK_BADPAD }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE), HID_QUIRK_ALWAYS_POLL }, + { HID_USB_DEVICE(USB_VENDOR_ID_ADATA_XPG, USB_VENDOR_ID_ADATA_XPG_WL_GAMING_MOUSE_DONGLE), HID_QUIRK_ALWAYS_POLL }, { HID_USB_DEVICE(USB_VENDOR_ID_AFATECH, USB_DEVICE_ID_AFATECH_AF9016), HID_QUIRK_FULLSPEED_INTERVAL }, { HID_USB_DEVICE(USB_VENDOR_ID_AIREN, USB_DEVICE_ID_AIREN_SLIMPLUS), HID_QUIRK_NOGET }, { HID_USB_DEVICE(USB_VENDOR_ID_AKAI_09E8, USB_DEVICE_ID_AKAI_09E8_MIDIMIX), HID_QUIRK_NO_INIT_REPORTS }, -- 2.39.5

4 weeks, 1 day

1
7
0 0

[PATCH AUTOSEL 6.6 01/11] dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open

by Sasha Levin

From: Purva Yeshi <purvayeshi550(a)gmail.com> [ Upstream commit 97994333de2b8062d2df4e6ce0dc65c2dc0f40dc ] Fix Smatch-detected issue: drivers/dma/idxd/cdev.c:321 idxd_cdev_open() error: uninitialized symbol 'sva'. 'sva' pointer may be used uninitialized in error handling paths. Specifically, if PASID support is enabled and iommu_sva_bind_device() returns an error, the code jumps to the cleanup label and attempts to call iommu_sva_unbind_device(sva) without ensuring that sva was successfully assigned. This triggers a Smatch warning about an uninitialized symbol. Initialize sva to NULL at declaration and add a check using IS_ERR_OR_NULL() before unbinding the device. This ensures the function does not use an invalid or uninitialized pointer during cleanup. Signed-off-by: Purva Yeshi <purvayeshi550(a)gmail.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Link: https://lore.kernel.org/r/20250410110216.21592-1-purvayeshi550@gmail.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/dma/idxd/cdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c index c18633ad8455f..c9eea639a749e 100644 --- a/drivers/dma/idxd/cdev.c +++ b/drivers/dma/idxd/cdev.c @@ -225,7 +225,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) struct idxd_wq *wq; struct device *dev, *fdev; int rc = 0; - struct iommu_sva *sva; + struct iommu_sva *sva = NULL; unsigned int pasid; struct idxd_cdev *idxd_cdev; @@ -322,7 +322,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) if (device_user_pasid_enabled(idxd)) idxd_xa_pasid_remove(ctx); failed_get_pasid: - if (device_user_pasid_enabled(idxd)) + if (device_user_pasid_enabled(idxd) && !IS_ERR_OR_NULL(sva)) iommu_sva_unbind_device(sva); failed: mutex_unlock(&wq->wq_lock); -- 2.39.5

4 weeks, 1 day

1
10
0 0

[PATCH AUTOSEL 6.12 01/18] dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open

by Sasha Levin

From: Purva Yeshi <purvayeshi550(a)gmail.com> [ Upstream commit 97994333de2b8062d2df4e6ce0dc65c2dc0f40dc ] Fix Smatch-detected issue: drivers/dma/idxd/cdev.c:321 idxd_cdev_open() error: uninitialized symbol 'sva'. 'sva' pointer may be used uninitialized in error handling paths. Specifically, if PASID support is enabled and iommu_sva_bind_device() returns an error, the code jumps to the cleanup label and attempts to call iommu_sva_unbind_device(sva) without ensuring that sva was successfully assigned. This triggers a Smatch warning about an uninitialized symbol. Initialize sva to NULL at declaration and add a check using IS_ERR_OR_NULL() before unbinding the device. This ensures the function does not use an invalid or uninitialized pointer during cleanup. Signed-off-by: Purva Yeshi <purvayeshi550(a)gmail.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Link: https://lore.kernel.org/r/20250410110216.21592-1-purvayeshi550@gmail.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/dma/idxd/cdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c index 57f1bf2ab20be..48210760bdf87 100644 --- a/drivers/dma/idxd/cdev.c +++ b/drivers/dma/idxd/cdev.c @@ -225,7 +225,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) struct idxd_wq *wq; struct device *dev, *fdev; int rc = 0; - struct iommu_sva *sva; + struct iommu_sva *sva = NULL; unsigned int pasid; struct idxd_cdev *idxd_cdev; @@ -322,7 +322,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) if (device_user_pasid_enabled(idxd)) idxd_xa_pasid_remove(ctx); failed_get_pasid: - if (device_user_pasid_enabled(idxd)) + if (device_user_pasid_enabled(idxd) && !IS_ERR_OR_NULL(sva)) iommu_sva_unbind_device(sva); failed: mutex_unlock(&wq->wq_lock); -- 2.39.5

4 weeks, 1 day

1
17
0 0

[PATCH AUTOSEL 6.14 01/23] dmaengine: idxd: cdev: Fix uninitialized use of sva in idxd_cdev_open

by Sasha Levin

From: Purva Yeshi <purvayeshi550(a)gmail.com> [ Upstream commit 97994333de2b8062d2df4e6ce0dc65c2dc0f40dc ] Fix Smatch-detected issue: drivers/dma/idxd/cdev.c:321 idxd_cdev_open() error: uninitialized symbol 'sva'. 'sva' pointer may be used uninitialized in error handling paths. Specifically, if PASID support is enabled and iommu_sva_bind_device() returns an error, the code jumps to the cleanup label and attempts to call iommu_sva_unbind_device(sva) without ensuring that sva was successfully assigned. This triggers a Smatch warning about an uninitialized symbol. Initialize sva to NULL at declaration and add a check using IS_ERR_OR_NULL() before unbinding the device. This ensures the function does not use an invalid or uninitialized pointer during cleanup. Signed-off-by: Purva Yeshi <purvayeshi550(a)gmail.com> Reviewed-by: Dave Jiang <dave.jiang(a)intel.com> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Link: https://lore.kernel.org/r/20250410110216.21592-1-purvayeshi550@gmail.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/dma/idxd/cdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/dma/idxd/cdev.c b/drivers/dma/idxd/cdev.c index ff94ee892339d..7bd031a608943 100644 --- a/drivers/dma/idxd/cdev.c +++ b/drivers/dma/idxd/cdev.c @@ -222,7 +222,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) struct idxd_wq *wq; struct device *dev, *fdev; int rc = 0; - struct iommu_sva *sva; + struct iommu_sva *sva = NULL; unsigned int pasid; struct idxd_cdev *idxd_cdev; @@ -317,7 +317,7 @@ static int idxd_cdev_open(struct inode *inode, struct file *filp) if (device_user_pasid_enabled(idxd)) idxd_xa_pasid_remove(ctx); failed_get_pasid: - if (device_user_pasid_enabled(idxd)) + if (device_user_pasid_enabled(idxd) && !IS_ERR_OR_NULL(sva)) iommu_sva_unbind_device(sva); failed: mutex_unlock(&wq->wq_lock); -- 2.39.5

4 weeks, 1 day

1
22
0 0

+ module-release-codetag-section-when-module-load-fails.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: module: release codetag section when module load fails has been added to the -mm mm-hotfixes-unstable branch. Its filename is module-release-codetag-section-when-module-load-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Wang <00107082(a)163.com> Subject: module: release codetag section when module load fails Date: Tue, 20 May 2025 00:38:23 +0800 When module load fails after memory for codetag section is ready, codetag section memory will not be properly released. This causes memory leak, and if next module load happens to get the same module address, codetag may pick the uninitialized section when manipulating tags during module unload, and leads to "unable to handle page fault" BUG. Link: https://lkml.kernel.org/r/20250519163823.7540-1-00107082@163.com Fixes: 0db6f8d7820a ("alloc_tag: load module tags into separate contiguous memory") Closes: https://lore.kernel.org/all/20250516131246.6244-1-00107082@163.com/ Signed-off-by: David Wang <00107082(a)163.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Petr Pavlu <petr.pavlu(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/module/main.c | 1 + 1 file changed, 1 insertion(+) --- a/kernel/module/main.c~module-release-codetag-section-when-module-load-fails +++ a/kernel/module/main.c @@ -2829,6 +2829,7 @@ static void module_deallocate(struct mod { percpu_modfree(mod); module_arch_freeing_init(mod); + codetag_free_module_sections(mod); free_mod_mem(mod); } _ Patches currently in -mm which might be from 00107082(a)163.com are module-release-codetag-section-when-module-load-fails.patch

4 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] drm/xe/gsc: do not flush the GSC worker from the reset path" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x 03552d8ac0afcc080c339faa0b726e2c0e9361cb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051238-lurch-dollop-0b0f@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 03552d8ac0afcc080c339faa0b726e2c0e9361cb Mon Sep 17 00:00:00 2001 From: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Date: Fri, 2 May 2025 08:51:04 -0700 Subject: [PATCH] drm/xe/gsc: do not flush the GSC worker from the reset path The workqueue used for the reset worker is marked as WQ_MEM_RECLAIM, while the GSC one isn't (and can't be as we need to do memory allocations in the gsc worker). Therefore, we can't flush the latter from the former. The reason why we had such a flush was to avoid interrupting either the GSC FW load or in progress GSC proxy operations. GSC proxy operations fall into 2 categories: 1) GSC proxy init: this only happens once immediately after GSC FW load and does not support being interrupted. The only way to recover from an interruption of the proxy init is to do an FLR and re-load the GSC. 2) GSC proxy request: this can happen in response to a request that the driver sends to the GSC. If this is interrupted, the GSC FW will timeout and the driver request will be failed, but overall the GSC will keep working fine. Flushing the work allowed us to avoid interruption in both cases (unless the hang came from the GSC engine itself, in which case we're toast anyway). However, a failure on a proxy request is tolerable if we're in a scenario where we're triggering a GT reset (i.e., something is already gone pretty wrong), so what we really need to avoid is interrupting the init flow, which we can do by polling on the register that reports when the proxy init is complete (as that ensure us that all the load and init operations have been completed). Note that during suspend we still want to do a flush of the worker to make sure it completes any operations involving the HW before the power is cut. v2: fix spelling in commit msg, rename waiter function (Julia) Fixes: dd0e89e5edc2 ("drm/xe/gsc: GSC FW load") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4830 Signed-off-by: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: John Harrison <John.C.Harrison(a)Intel.com> Cc: Alan Previn <alan.previn.teres.alexis(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Julia Filipchuk <julia.filipchuk(a)intel.com> Link: https://lore.kernel.org/r/20250502155104.2201469-1-daniele.ceraolospurio@in… (cherry picked from commit 12370bfcc4f0bdf70279ec5b570eb298963422b5) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_gsc.c b/drivers/gpu/drm/xe/xe_gsc.c index fd41113f8572..0bcf97063ff6 100644 --- a/drivers/gpu/drm/xe/xe_gsc.c +++ b/drivers/gpu/drm/xe/xe_gsc.c @@ -555,6 +555,28 @@ void xe_gsc_wait_for_worker_completion(struct xe_gsc *gsc) flush_work(&gsc->work); } +void xe_gsc_stop_prepare(struct xe_gsc *gsc) +{ + struct xe_gt *gt = gsc_to_gt(gsc); + int ret; + + if (!xe_uc_fw_is_loadable(&gsc->fw) || xe_uc_fw_is_in_error_state(&gsc->fw)) + return; + + xe_force_wake_assert_held(gt_to_fw(gt), XE_FW_GSC); + + /* + * If the GSC FW load or the proxy init are interrupted, the only way + * to recover it is to do an FLR and reload the GSC from scratch. + * Therefore, let's wait for the init to complete before stopping + * operations. The proxy init is the last step, so we can just wait on + * that + */ + ret = xe_gsc_wait_for_proxy_init_done(gsc); + if (ret) + xe_gt_err(gt, "failed to wait for GSC init completion before uc stop\n"); +} + /* * wa_14015076503: if the GSC FW is loaded, we need to alert it before doing a * GSC engine reset by writing a notification bit in the GS1 register and then diff --git a/drivers/gpu/drm/xe/xe_gsc.h b/drivers/gpu/drm/xe/xe_gsc.h index d99f66c38075..b8b8e0810ad9 100644 --- a/drivers/gpu/drm/xe/xe_gsc.h +++ b/drivers/gpu/drm/xe/xe_gsc.h @@ -16,6 +16,7 @@ struct xe_hw_engine; int xe_gsc_init(struct xe_gsc *gsc); int xe_gsc_init_post_hwconfig(struct xe_gsc *gsc); void xe_gsc_wait_for_worker_completion(struct xe_gsc *gsc); +void xe_gsc_stop_prepare(struct xe_gsc *gsc); void xe_gsc_load_start(struct xe_gsc *gsc); void xe_gsc_hwe_irq_handler(struct xe_hw_engine *hwe, u16 intr_vec); diff --git a/drivers/gpu/drm/xe/xe_gsc_proxy.c b/drivers/gpu/drm/xe/xe_gsc_proxy.c index 8cf70b228ff3..d0519cd6704a 100644 --- a/drivers/gpu/drm/xe/xe_gsc_proxy.c +++ b/drivers/gpu/drm/xe/xe_gsc_proxy.c @@ -71,6 +71,17 @@ bool xe_gsc_proxy_init_done(struct xe_gsc *gsc) HECI1_FWSTS1_PROXY_STATE_NORMAL; } +int xe_gsc_wait_for_proxy_init_done(struct xe_gsc *gsc) +{ + struct xe_gt *gt = gsc_to_gt(gsc); + + /* Proxy init can take up to 500ms, so wait double that for safety */ + return xe_mmio_wait32(&gt->mmio, HECI_FWSTS1(MTL_GSC_HECI1_BASE), + HECI1_FWSTS1_CURRENT_STATE, + HECI1_FWSTS1_PROXY_STATE_NORMAL, + USEC_PER_SEC, NULL, false); +} + static void __gsc_proxy_irq_rmw(struct xe_gsc *gsc, u32 clr, u32 set) { struct xe_gt *gt = gsc_to_gt(gsc); diff --git a/drivers/gpu/drm/xe/xe_gsc_proxy.h b/drivers/gpu/drm/xe/xe_gsc_proxy.h index fdef56995cd4..765602221dbc 100644 --- a/drivers/gpu/drm/xe/xe_gsc_proxy.h +++ b/drivers/gpu/drm/xe/xe_gsc_proxy.h @@ -12,6 +12,7 @@ struct xe_gsc; int xe_gsc_proxy_init(struct xe_gsc *gsc); bool xe_gsc_proxy_init_done(struct xe_gsc *gsc); +int xe_gsc_wait_for_proxy_init_done(struct xe_gsc *gsc); int xe_gsc_proxy_start(struct xe_gsc *gsc); int xe_gsc_proxy_request_handler(struct xe_gsc *gsc); diff --git a/drivers/gpu/drm/xe/xe_gt.c b/drivers/gpu/drm/xe/xe_gt.c index 10a9e3c72b36..66198cf2662c 100644 --- a/drivers/gpu/drm/xe/xe_gt.c +++ b/drivers/gpu/drm/xe/xe_gt.c @@ -857,7 +857,7 @@ void xe_gt_suspend_prepare(struct xe_gt *gt) fw_ref = xe_force_wake_get(gt_to_fw(gt), XE_FORCEWAKE_ALL); - xe_uc_stop_prepare(&gt->uc); + xe_uc_suspend_prepare(&gt->uc); xe_force_wake_put(gt_to_fw(gt), fw_ref); } diff --git a/drivers/gpu/drm/xe/xe_uc.c b/drivers/gpu/drm/xe/xe_uc.c index c14bd2282044..3a8751a8b92d 100644 --- a/drivers/gpu/drm/xe/xe_uc.c +++ b/drivers/gpu/drm/xe/xe_uc.c @@ -244,7 +244,7 @@ void xe_uc_gucrc_disable(struct xe_uc *uc) void xe_uc_stop_prepare(struct xe_uc *uc) { - xe_gsc_wait_for_worker_completion(&uc->gsc); + xe_gsc_stop_prepare(&uc->gsc); xe_guc_stop_prepare(&uc->guc); } @@ -278,6 +278,12 @@ static void uc_reset_wait(struct xe_uc *uc) goto again; } +void xe_uc_suspend_prepare(struct xe_uc *uc) +{ + xe_gsc_wait_for_worker_completion(&uc->gsc); + xe_guc_stop_prepare(&uc->guc); +} + int xe_uc_suspend(struct xe_uc *uc) { /* GuC submission not enabled, nothing to do */ diff --git a/drivers/gpu/drm/xe/xe_uc.h b/drivers/gpu/drm/xe/xe_uc.h index 3813c1ede450..c23e6f5e2514 100644 --- a/drivers/gpu/drm/xe/xe_uc.h +++ b/drivers/gpu/drm/xe/xe_uc.h @@ -18,6 +18,7 @@ int xe_uc_reset_prepare(struct xe_uc *uc); void xe_uc_stop_prepare(struct xe_uc *uc); void xe_uc_stop(struct xe_uc *uc); int xe_uc_start(struct xe_uc *uc); +void xe_uc_suspend_prepare(struct xe_uc *uc); int xe_uc_suspend(struct xe_uc *uc); int xe_uc_sanitize_reset(struct xe_uc *uc); void xe_uc_declare_wedged(struct xe_uc *uc);

4 weeks, 1 day

3
3
0 0

[PATCH v2] binder: fix use-after-free in binderfs_evict_inode()

by Carlos Llamas

From: Dmitry Antipov <dmantipov(a)yandex.ru> Running 'stress-ng --binderfs 16 --timeout 300' under KASAN-enabled kernel, I've noticed the following: BUG: KASAN: slab-use-after-free in binderfs_evict_inode+0x1de/0x2d0 Write of size 8 at addr ffff88807379bc08 by task stress-ng-binde/1699 CPU: 0 UID: 0 PID: 1699 Comm: stress-ng-binde Not tainted 6.14.0-rc7-g586de92313fc-dirty #13 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x1c2/0x2a0 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? __virt_addr_valid+0x18c/0x540 ? __virt_addr_valid+0x469/0x540 print_report+0x155/0x840 ? __virt_addr_valid+0x18c/0x540 ? __virt_addr_valid+0x469/0x540 ? __phys_addr+0xba/0x170 ? binderfs_evict_inode+0x1de/0x2d0 kasan_report+0x147/0x180 ? binderfs_evict_inode+0x1de/0x2d0 binderfs_evict_inode+0x1de/0x2d0 ? __pfx_binderfs_evict_inode+0x10/0x10 evict+0x524/0x9f0 ? __pfx_lock_release+0x10/0x10 ? __pfx_evict+0x10/0x10 ? do_raw_spin_unlock+0x4d/0x210 ? _raw_spin_unlock+0x28/0x50 ? iput+0x697/0x9b0 __dentry_kill+0x209/0x660 ? shrink_kill+0x8d/0x2c0 shrink_kill+0xa9/0x2c0 shrink_dentry_list+0x2e0/0x5e0 shrink_dcache_parent+0xa2/0x2c0 ? __pfx_shrink_dcache_parent+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? __pfx_do_raw_spin_lock+0x10/0x10 do_one_tree+0x23/0xe0 shrink_dcache_for_umount+0xa0/0x170 generic_shutdown_super+0x67/0x390 kill_litter_super+0x76/0xb0 binderfs_kill_super+0x44/0x90 deactivate_locked_super+0xb9/0x130 cleanup_mnt+0x422/0x4c0 ? lockdep_hardirqs_on+0x9d/0x150 task_work_run+0x1d2/0x260 ? __pfx_task_work_run+0x10/0x10 resume_user_mode_work+0x52/0x60 syscall_exit_to_user_mode+0x9a/0x120 do_syscall_64+0x103/0x210 ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0xcac57b Code: c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 f3 0f 1e fa 31 f6 e9 05 00 00 00 0f 1f 44 00 00 f3 0f 1e fa b8 RSP: 002b:00007ffecf4226a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 RAX: 0000000000000000 RBX: 00007ffecf422720 RCX: 0000000000cac57b RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffecf422850 RBP: 00007ffecf422850 R08: 0000000028d06ab1 R09: 7fffffffffffffff R10: 3fffffffffffffff R11: 0000000000000246 R12: 00007ffecf422718 R13: 00007ffecf422710 R14: 00007f478f87b658 R15: 00007ffecf422830 </TASK> Allocated by task 1705: kasan_save_track+0x3e/0x80 __kasan_kmalloc+0x8f/0xa0 __kmalloc_cache_noprof+0x213/0x3e0 binderfs_binder_device_create+0x183/0xa80 binder_ctl_ioctl+0x138/0x190 __x64_sys_ioctl+0x120/0x1b0 do_syscall_64+0xf6/0x210 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 1705: kasan_save_track+0x3e/0x80 kasan_save_free_info+0x46/0x50 __kasan_slab_free+0x62/0x70 kfree+0x194/0x440 evict+0x524/0x9f0 do_unlinkat+0x390/0x5b0 __x64_sys_unlink+0x47/0x50 do_syscall_64+0xf6/0x210 entry_SYSCALL_64_after_hwframe+0x77/0x7f This 'stress-ng' workload causes the concurrent deletions from 'binder_devices' and so requires full-featured synchronization to prevent list corruption. I've found this issue independently but pretty sure that syzbot did the same, so Reported-by: and Closes: should be applicable here as well. Cc: stable(a)vger.kernel.org Reported-by: syzbot+353d7b75658a95aa955a(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=353d7b75658a95aa955a Fixes: e77aff5528a18 ("binderfs: fix use-after-free in binder_devices") Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Acked-by: Carlos Llamas <cmllamas(a)google.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- v1: https://lore.kernel.org/all/20250324132427.922495-1-dmantipov@yandex.ru/ v2: - Collect tags. Actually Cc Greg and stable@ this time. drivers/android/binder.c | 15 +++++++++++++-- drivers/android/binder_internal.h | 8 ++++++-- drivers/android/binderfs.c | 2 +- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 5fc2c8ee61b1..8d9c5f436fca 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -79,6 +79,8 @@ static HLIST_HEAD(binder_deferred_list); static DEFINE_MUTEX(binder_deferred_lock); static HLIST_HEAD(binder_devices); +static DEFINE_SPINLOCK(binder_devices_lock); + static HLIST_HEAD(binder_procs); static DEFINE_MUTEX(binder_procs_lock); @@ -6929,7 +6931,16 @@ const struct binder_debugfs_entry binder_debugfs_entries[] = { void binder_add_device(struct binder_device *device) { + spin_lock(&binder_devices_lock); hlist_add_head(&device->hlist, &binder_devices); + spin_unlock(&binder_devices_lock); +} + +void binder_remove_device(struct binder_device *device) +{ + spin_lock(&binder_devices_lock); + hlist_del_init(&device->hlist); + spin_unlock(&binder_devices_lock); } static int __init init_binder_device(const char *name) @@ -6956,7 +6967,7 @@ static int __init init_binder_device(const char *name) return ret; } - hlist_add_head(&binder_device->hlist, &binder_devices); + binder_add_device(binder_device); return ret; } @@ -7018,7 +7029,7 @@ static int __init binder_init(void) err_init_binder_device_failed: hlist_for_each_entry_safe(device, tmp, &binder_devices, hlist) { misc_deregister(&device->miscdev); - hlist_del(&device->hlist); + binder_remove_device(device); kfree(device); } diff --git a/drivers/android/binder_internal.h b/drivers/android/binder_internal.h index 6a66c9769c6c..1ba5caf1d88d 100644 --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -583,9 +583,13 @@ struct binder_object { /** * Add a binder device to binder_devices * @device: the new binder device to add to the global list - * - * Not reentrant as the list is not protected by any locks */ void binder_add_device(struct binder_device *device); +/** + * Remove a binder device to binder_devices + * @device: the binder device to remove from the global list + */ +void binder_remove_device(struct binder_device *device); + #endif /* _LINUX_BINDER_INTERNAL_H */ diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c index 94c6446604fc..44d430c4ebef 100644 --- a/drivers/android/binderfs.c +++ b/drivers/android/binderfs.c @@ -274,7 +274,7 @@ static void binderfs_evict_inode(struct inode *inode) mutex_unlock(&binderfs_minors_mutex); if (refcount_dec_and_test(&device->ref)) { - hlist_del_init(&device->hlist); + binder_remove_device(device); kfree(device->context.name); kfree(device); } -- 2.49.0.1101.gccaa498523-goog

4 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 9c1798259b9420f38f1fa1b83e3d864c3eb1a83e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051936-qualify-waged-4677@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9c1798259b9420f38f1fa1b83e3d864c3eb1a83e Mon Sep 17 00:00:00 2001 From: Fabio Estevam <festevam(a)denx.de> Date: Thu, 17 Apr 2025 07:34:58 -0300 Subject: [PATCH] drm/tiny: panel-mipi-dbi: Use drm_client_setup_with_fourcc() Since commit 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default"), RGB565 displays such as the CFAF240320X no longer render correctly: colors are distorted and the content is shown twice horizontally. This regression is due to the fbdev emulation layer defaulting to 32 bits per pixel, whereas the display expects 16 bpp (RGB565). As a result, the framebuffer data is incorrectly interpreted by the panel. Fix the issue by calling drm_client_setup_with_fourcc() with a format explicitly selected based on the display's bits-per-pixel value. For 16 bpp, use DRM_FORMAT_RGB565; for other values, fall back to the previous behavior. This ensures that the allocated framebuffer format matches the hardware expectations, avoiding color and layout corruption. Tested on a CFAF240320X display with an RGB565 configuration, confirming correct colors and layout after applying this patch. Cc: stable(a)vger.kernel.org Fixes: 559358282e5b ("drm/fb-helper: Don't use the preferred depth for the BPP default") Signed-off-by: Fabio Estevam <festevam(a)denx.de> Reviewed-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://lore.kernel.org/r/20250417103458.2496790-1-festevam@gmail.com diff --git a/drivers/gpu/drm/tiny/panel-mipi-dbi.c b/drivers/gpu/drm/tiny/panel-mipi-dbi.c index 0460ecaef4bd..23914a9f7fd3 100644 --- a/drivers/gpu/drm/tiny/panel-mipi-dbi.c +++ b/drivers/gpu/drm/tiny/panel-mipi-dbi.c @@ -390,7 +390,10 @@ static int panel_mipi_dbi_spi_probe(struct spi_device *spi) spi_set_drvdata(spi, drm); - drm_client_setup(drm, NULL); + if (bpp == 16) + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB565); + else + drm_client_setup_with_fourcc(drm, DRM_FORMAT_RGB888); return 0; }

4 weeks, 1 day

3
3
0 0

FAILED: patch "[PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 54c4c58713aaff76c2422ff5750e557ab3b100d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051925-parasail-grinch-05f6@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 54c4c58713aaff76c2422ff5750e557ab3b100d7 Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Wed, 7 May 2025 15:50:28 +0300 Subject: [PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250507125032.565017-2-claudiu.beznea.uj@bp.rene… Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel))

4 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 54c4c58713aaff76c2422ff5750e557ab3b100d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051924-sulfite-ahoy-71d8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 54c4c58713aaff76c2422ff5750e557ab3b100d7 Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Wed, 7 May 2025 15:50:28 +0300 Subject: [PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250507125032.565017-2-claudiu.beznea.uj@bp.rene… Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel))

4 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 54c4c58713aaff76c2422ff5750e557ab3b100d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051923-veto-uncivil-bb49@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 54c4c58713aaff76c2422ff5750e557ab3b100d7 Mon Sep 17 00:00:00 2001 From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Date: Wed, 7 May 2025 15:50:28 +0300 Subject: [PATCH] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Link: https://lore.kernel.org/r/20250507125032.565017-2-claudiu.beznea.uj@bp.rene… Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel))

4 weeks, 1 day

1
0
0 0

[PATCH] net: hns3: Add error handling for VLAN filter hardware configuration

by Wentao Liang

The hclge_rm_vport_vlan_table() calls hclge_set_vlan_filter_hw() but does not check the return value. This could lead to execution with potentially invalid data. A proper implementation can be found in hclge_add_vport_all_vlan_table(). Add error handling after calling hclge_set_vlan_filter_hw(). If hclge_set_vlan_filter_hw() fails, log an error message via dev_err() and return. Fixes: c6075b193462 ("net: hns3: Record VF vlan tables") Cc: stable(a)vger.kernel.org # v5.1 Signed-off-by: Wentao Liang <vulab(a)iscas.ac.cn> --- .../hisilicon/hns3/hns3pf/hclge_main.c | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c index db7845009252..5ab4c7f63766 100644 --- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c @@ -10141,15 +10141,23 @@ static void hclge_rm_vport_vlan_table(struct hclge_vport *vport, u16 vlan_id, { struct hclge_vport_vlan_cfg *vlan, *tmp; struct hclge_dev *hdev = vport->back; + int ret; list_for_each_entry_safe(vlan, tmp, &vport->vlan_list, node) { if (vlan->vlan_id == vlan_id) { - if (is_write_tbl && vlan->hd_tbl_status) - hclge_set_vlan_filter_hw(hdev, - htons(ETH_P_8021Q), - vport->vport_id, - vlan_id, - true); + if (is_write_tbl && vlan->hd_tbl_status) { + ret = hclge_set_vlan_filter_hw(hdev, + htons(ETH_P_8021Q), + vport->vport_id, + vlan_id, + true); + if (ret) { + dev_err(&hdev->pdev->dev, + "restore vport vlan list failed, ret=%d\n", + ret); + return; + } + } list_del(&vlan->node); kfree(vlan); -- 2.42.0.windows.2

4 weeks, 1 day

2
1
0 0

regression in 6.6.91: arch/x86/kernel/alternative.c:1452:5: error: redefinition of 'its_static_thunk'

by Natanael Copa

Hi! When building 6.6.91 for Alpine Linux I got this error on 32 bit x86: CC net/devlink/dpipe.o /home/buildozer/aports/main/linux-lts/src/linux-6.6/arch/x86/kernel/alternative.c:1452:5: error: redefinition of 'its_static_thunk' 1452 | u8 *its_static_thunk(int reg) | ^~~~~~~~~~~~~~~~ In file included from /home/buildozer/aports/main/linux-lts/src/linux-6.6/arch/x86/include/asm/barrier.h:5, from /home/buildozer/aports/main/linux-lts/src/linux-6.6/include/linux/list.h:11, from /home/buildozer/aports/main/linux-lts/src/linux-6.6/include/linux/module.h:12, from /home/buildozer/aports/main/linux-lts/src/linux-6.6/arch/x86/kernel/alternative.c:4: /home/buildozer/aports/main/linux-lts/src/linux-6.6/arch/x86/include/asm/alternative.h:143:19: note: previous definition of 'its_static_thunk' with type 'u8 *(int)' {aka 'unsigned char *(int)'} 143 | static inline u8 *its_static_thunk(int reg) | ^~~~~~~~~~~~~~~~ CC [M] net/sched/act_skbmod.o make[4]: *** [/home/buildozer/aports/main/linux-lts/src/linux-6.6/scripts/Makefile.build:243: arch/x86/kernel/alternative.o] Error 1 make[3]: *** [/home/buildozer/aports/main/linux-lts/src/linux-6.6/scripts/Makefile.build:480: arch/x86/kernel] Error 2 make[3]: *** Waiting for unfinished jobs.... I believe this was introduce with commit 772934d9062a0f7297ad4e5bffbd904208655660 Author: Peter Zijlstra <peterz(a)infradead.org> Date: Wed Apr 23 09:57:31 2025 +0200 x86/its: FineIBT-paranoid vs ITS commit e52c1dc7455d32c8a55f9949d300e5e87d011fa6 upstream.

4 weeks, 1 day

2
1
0 0

[PATCH] perf/arm-cmn: Add CMN S3 ACPI binding

by Robin Murphy

An ACPI binding for CMN S3 was not yet finalised when the driver support was originally written, but v1.2 of DEN0093 "ACPI for Arm Components" has at last been published; support ACPI systems using the proper HID. Cc: stable(a)vger.kernel.org Fixes: 0dc2f4963f7e ("perf/arm-cmn: Support CMN S3") Signed-off-by: Robin Murphy <robin.murphy(a)arm.com> --- drivers/perf/arm-cmn.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/perf/arm-cmn.c b/drivers/perf/arm-cmn.c index e385f187a084..403850b1040d 100644 --- a/drivers/perf/arm-cmn.c +++ b/drivers/perf/arm-cmn.c @@ -2651,6 +2651,7 @@ static const struct acpi_device_id arm_cmn_acpi_match[] = { { "ARMHC600", PART_CMN600 }, { "ARMHC650" }, { "ARMHC700" }, + { "ARMHC003" }, {} }; MODULE_DEVICE_TABLE(acpi, arm_cmn_acpi_match); -- 2.39.2.101.g768bb238c484.dirty

4 weeks, 1 day

2
1
0 0

[PATCH net] phy: dp83869: fix interrupts issue when using with an optical fiber sfp. to correctly clear the interrupts both status registers must be read.

by chalianis1＠gmail.com

From: Anis Chali <chalianis1(a)gmail.com> from datasheet of dp83869hm 7.3.6 Interrupt The DP83869HM can be configured to generate an interrupt when changes of internal status occur. The interrupt allows a MAC to act upon the status in the PHY without polling the PHY registers. The interrupt source can be selected through the interrupt registers, MICR (12h) and FIBER_INT_EN (C18h). The interrupt status can be read from ISR (13h) and FIBER_INT_STTS (C19h) registers. Some interrupts are enabled by default and can be disabled through register access. Both the interrupt status registers must be read in order to clear pending interrupts. Until the pending interrupts are cleared, new interrupts may not be routed to the interrupt pin. Fixes: interrupts issue when using with an optical fiber sfp. Signed-off-by: Anis Chali <chalianis1(a)gmail.com> --- drivers/net/phy/dp83869.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/net/phy/dp83869.c b/drivers/net/phy/dp83869.c index a62cd838a9ea..1e8c20f387b8 100644 --- a/drivers/net/phy/dp83869.c +++ b/drivers/net/phy/dp83869.c @@ -41,6 +41,7 @@ #define DP83869_IO_MUX_CFG 0x0170 #define DP83869_OP_MODE 0x01df #define DP83869_FX_CTRL 0x0c00 +#define DP83869_FX_INT_STS 0x0c19 #define DP83869_SW_RESET BIT(15) #define DP83869_SW_RESTART BIT(14) @@ -195,6 +196,12 @@ static int dp83869_ack_interrupt(struct phy_device *phydev) if (err < 0) return err; + if (linkmode_test_bit(ETHTOOL_LINK_MODE_FIBRE_BIT, phydev->supported)) { + err = phy_read_mmd(phydev, DP83869_DEVADDR, DP83869_FX_INT_STS); + if (err < 0) + return err; + } + return 0; } -- 2.49.0

4 weeks, 1 day

3
2
0 0

v2 [PATCH] ocfs2: fix panic in failed foilio allocation

by Mark Tinguely

In the page to order 0 folio conversion series, the commit 7e119cff9d0a, "ocfs2: convert w_pages to w_folios" and commit 9a5e08652dc4b, "ocfs2: use an array of folios instead of an array of pages", saves -ENOMEM in the folio array upon allocation failure and calls the folio array free code. The folio array free code expects either valid folio pointers or NULL. Finding the -ENOMEM will result in a panic. Fix by NULLing the error folio entry. Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> Cc: stable(a)vger.kernel.org Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Matthew Wilcox <willy(a)infradead.org> --- v2: sorry, ocfs2_grab_folios() needs the same change. the other callers do not need the change. --- fs/ocfs2/alloc.c | 1 + fs/ocfs2/aops.c | 1 + 2 files changed, 2 insertions(+) diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c index b8ac85b548c7..821cb7874685 100644 --- a/fs/ocfs2/alloc.c +++ b/fs/ocfs2/alloc.c @@ -6918,6 +6918,7 @@ static int ocfs2_grab_folios(struct inode *inode, loff_t start, loff_t end, if (IS_ERR(folios[numfolios])) { ret = PTR_ERR(folios[numfolios]); mlog_errno(ret); + folios[numfolios] = NULL; goto out; } diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c index 40b6bce12951..89aadc6cdd87 100644 --- a/fs/ocfs2/aops.c +++ b/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(struct address_space *mapping, if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } -- 2.39.5 (Apple Git-154)

4 weeks, 1 day

3
3
0 0

Fortinet Customers List

by Christy Woody

Hi, Would you be interested in acquiring Fortinet-Checkpoint-Palo Alto-Watchguard-SonicWALL Userscontacts list? We have other Technologies users List: - Juniper Networks BitDefender Cisco Meraki Sophos Webroot Imperva FireEye Symantec Forcepoint FireMon Imperva McAfee Interested in reaching these tech users? Reply with your “target tech and region” and I’ll provide more details. Cheers, Christy Woody Senior Lead Executive US-CANADA-EMEA-APAC Reply “LEAVEOUT” in the subject to unsubscribe.

4 weeks, 1 day

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror