- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 11a1f4bc47362700fcbde717292158873fb847ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072921-crazed-babble-80d9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 11a1f4bc4736 ("PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 11a1f4bc47362700fcbde717292158873fb847ed Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Tue, 18 Jun 2024 12:54:55 +0200 Subject: [PATCH] PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci_dev cause the kernel to oops. That's because pci_bridge_wait_for_secondary_bus() neglects to hold a reference on the child device. Before v6.3, the function was only called on resume from system sleep or on runtime resume. Holding a reference wasn't necessary back then because the pciehp IRQ thread could never run concurrently. (On resume from system sleep, IRQs are not enabled until after the resume_noirq phase. And runtime resume is always awaited before a PCI device is removed.) However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset"), which introduced that, failed to appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a reference on the child device because dpc_handler() and pciehp may indeed run concurrently. The commit was backported to v5.10+ stable kernels, so that's the oldest one affected. Add the missing reference acquisition. Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler() Fixes: 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset") Closes: https://lore.kernel.org/r/20240612181625.3604512-3-kbusch@meta.com/ Link: https://lore.kernel.org/linux-pci/8e4bcd4116fd94f592f2bf2749f168099c480ddf.… Reported-by: Keith Busch <kbusch(a)kernel.org> Tested-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Keith Busch <kbusch(a)kernel.org> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v5.10+ diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 59e0949fb079..c40a6c11e959 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4753,7 +4753,7 @@ static int pci_bus_max_d3cold_delay(const struct pci_bus *bus) */ int pci_bridge_wait_for_secondary_bus(struct pci_dev *dev, char *reset_type) { - struct pci_dev *child; + struct pci_dev *child __free(pci_dev_put) = NULL; int delay; if (pci_dev_is_disconnected(dev)) @@ -4782,8 +4782,8 @@ int pci_bridge_wait_for_secondary_bus(struct pci_dev *dev, char *reset_type) return 0; } - child = list_first_entry(&dev->subordinate->devices, struct pci_dev, - bus_list); + child = pci_dev_get(list_first_entry(&dev->subordinate->devices, + struct pci_dev, bus_list)); up_read(&pci_bus_sem); /*

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 11a1f4bc47362700fcbde717292158873fb847ed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072919-booted-rise-cc5d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 11a1f4bc4736 ("PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 11a1f4bc47362700fcbde717292158873fb847ed Mon Sep 17 00:00:00 2001 From: Lukas Wunner <lukas(a)wunner.de> Date: Tue, 18 Jun 2024 12:54:55 +0200 Subject: [PATCH] PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits readiness of the secondary bus below the Downstream Port where the DPC event occurred. To do so, it polls the config space of the first child device on the secondary bus. If that child device is concurrently removed, accesses to its struct pci_dev cause the kernel to oops. That's because pci_bridge_wait_for_secondary_bus() neglects to hold a reference on the child device. Before v6.3, the function was only called on resume from system sleep or on runtime resume. Holding a reference wasn't necessary back then because the pciehp IRQ thread could never run concurrently. (On resume from system sleep, IRQs are not enabled until after the resume_noirq phase. And runtime resume is always awaited before a PCI device is removed.) However starting with v6.3, pci_bridge_wait_for_secondary_bus() is also called on a DPC event. Commit 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset"), which introduced that, failed to appreciate that pci_bridge_wait_for_secondary_bus() now needs to hold a reference on the child device because dpc_handler() and pciehp may indeed run concurrently. The commit was backported to v5.10+ stable kernels, so that's the oldest one affected. Add the missing reference acquisition. Abridged stack trace: BUG: unable to handle page fault for address: 00000000091400c0 CPU: 15 PID: 2464 Comm: irq/53-pcie-dpc 6.9.0 RIP: pci_bus_read_config_dword+0x17/0x50 pci_dev_wait() pci_bridge_wait_for_secondary_bus() dpc_reset_link() pcie_do_recovery() dpc_handler() Fixes: 53b54ad074de ("PCI/DPC: Await readiness of secondary bus after reset") Closes: https://lore.kernel.org/r/20240612181625.3604512-3-kbusch@meta.com/ Link: https://lore.kernel.org/linux-pci/8e4bcd4116fd94f592f2bf2749f168099c480ddf.… Reported-by: Keith Busch <kbusch(a)kernel.org> Tested-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Lukas Wunner <lukas(a)wunner.de> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Reviewed-by: Keith Busch <kbusch(a)kernel.org> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Cc: stable(a)vger.kernel.org # v5.10+ diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 59e0949fb079..c40a6c11e959 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4753,7 +4753,7 @@ static int pci_bus_max_d3cold_delay(const struct pci_bus *bus) */ int pci_bridge_wait_for_secondary_bus(struct pci_dev *dev, char *reset_type) { - struct pci_dev *child; + struct pci_dev *child __free(pci_dev_put) = NULL; int delay; if (pci_dev_is_disconnected(dev)) @@ -4782,8 +4782,8 @@ int pci_bridge_wait_for_secondary_bus(struct pci_dev *dev, char *reset_type) return 0; } - child = list_first_entry(&dev->subordinate->devices, struct pci_dev, - bus_list); + child = pci_dev_get(list_first_entry(&dev->subordinate->devices, + struct pci_dev, bus_list)); up_read(&pci_bus_sem); /*

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dev/parport: fix the array out-of-bounds risk" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x ab11dac93d2d568d151b1918d7b84c2d02bacbd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072939-dropbox-upheld-5fc6@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: ab11dac93d2d ("dev/parport: fix the array out-of-bounds risk") a6abfdff4fe5 ("parport: Standardize use of printmode") decf26f6ec25 ("parport: Convert printk(KERN_<LEVEL> to pr_<level>(") aa1f0fa374ed ("parport: parport_pc: Mark expected switch fall-through") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab11dac93d2d568d151b1918d7b84c2d02bacbd5 Mon Sep 17 00:00:00 2001 From: tuhaowen <tuhaowen(a)uniontech.com> Date: Mon, 8 Jul 2024 16:04:30 +0800 Subject: [PATCH] dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] Signed-off-by: tuhaowen <tuhaowen(a)uniontech.com> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240708080430.8221-1-tuhaowen@uniontech.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index bd388560ed59..c2e371c50dcf 100644 --- a/drivers/parport/procfs.c +++ b/drivers/parport/procfs.c @@ -51,12 +51,12 @@ static int do_active_device(struct ctl_table *table, int write, for (dev = port->devices; dev ; dev = dev->next) { if(dev == port->cad) { - len += sprintf(buffer, "%s\n", dev->name); + len += snprintf(buffer, sizeof(buffer), "%s\n", dev->name); } } if(!len) { - len += sprintf(buffer, "%s\n", "none"); + len += snprintf(buffer, sizeof(buffer), "%s\n", "none"); } if (len > *lenp) @@ -87,19 +87,19 @@ static int do_autoprobe(struct ctl_table *table, int write, } if ((str = info->class_name) != NULL) - len += sprintf (buffer + len, "CLASS:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "CLASS:%s;\n", str); if ((str = info->model) != NULL) - len += sprintf (buffer + len, "MODEL:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "MODEL:%s;\n", str); if ((str = info->mfr) != NULL) - len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "MANUFACTURER:%s;\n", str); if ((str = info->description) != NULL) - len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "DESCRIPTION:%s;\n", str); if ((str = info->cmdset) != NULL) - len += sprintf (buffer + len, "COMMAND SET:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "COMMAND SET:%s;\n", str); if (len > *lenp) len = *lenp; @@ -117,7 +117,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, void *result, size_t *lenp, loff_t *ppos) { struct parport *port = (struct parport *)table->extra1; - char buffer[20]; + char buffer[64]; int len = 0; if (*ppos) { @@ -128,7 +128,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%lu\t%lu\n", port->base, port->base_hi); + len += snprintf (buffer, sizeof(buffer), "%lu\t%lu\n", port->base, port->base_hi); if (len > *lenp) len = *lenp; @@ -155,7 +155,7 @@ static int do_hardware_irq(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%d\n", port->irq); + len += snprintf (buffer, sizeof(buffer), "%d\n", port->irq); if (len > *lenp) len = *lenp; @@ -182,7 +182,7 @@ static int do_hardware_dma(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%d\n", port->dma); + len += snprintf (buffer, sizeof(buffer), "%d\n", port->dma); if (len > *lenp) len = *lenp; @@ -213,7 +213,7 @@ static int do_hardware_modes(struct ctl_table *table, int write, #define printmode(x) \ do { \ if (port->modes & PARPORT_MODE_##x) \ - len += sprintf(buffer + len, "%s%s", f++ ? "," : "", #x); \ + len += snprintf(buffer + len, sizeof(buffer) - len, "%s%s", f++ ? "," : "", #x); \ } while (0) int f = 0; printmode(PCSPP);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] dev/parport: fix the array out-of-bounds risk" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ab11dac93d2d568d151b1918d7b84c2d02bacbd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072938-roundworm-wagon-ec6b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ab11dac93d2d ("dev/parport: fix the array out-of-bounds risk") a6abfdff4fe5 ("parport: Standardize use of printmode") decf26f6ec25 ("parport: Convert printk(KERN_<LEVEL> to pr_<level>(") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab11dac93d2d568d151b1918d7b84c2d02bacbd5 Mon Sep 17 00:00:00 2001 From: tuhaowen <tuhaowen(a)uniontech.com> Date: Mon, 8 Jul 2024 16:04:30 +0800 Subject: [PATCH] dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm: QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2 [ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp [ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024 [ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace: [ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0 [ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20 [ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c [ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc [ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38 [ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport] Signed-off-by: tuhaowen <tuhaowen(a)uniontech.com> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/r/20240708080430.8221-1-tuhaowen@uniontech.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index bd388560ed59..c2e371c50dcf 100644 --- a/drivers/parport/procfs.c +++ b/drivers/parport/procfs.c @@ -51,12 +51,12 @@ static int do_active_device(struct ctl_table *table, int write, for (dev = port->devices; dev ; dev = dev->next) { if(dev == port->cad) { - len += sprintf(buffer, "%s\n", dev->name); + len += snprintf(buffer, sizeof(buffer), "%s\n", dev->name); } } if(!len) { - len += sprintf(buffer, "%s\n", "none"); + len += snprintf(buffer, sizeof(buffer), "%s\n", "none"); } if (len > *lenp) @@ -87,19 +87,19 @@ static int do_autoprobe(struct ctl_table *table, int write, } if ((str = info->class_name) != NULL) - len += sprintf (buffer + len, "CLASS:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "CLASS:%s;\n", str); if ((str = info->model) != NULL) - len += sprintf (buffer + len, "MODEL:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "MODEL:%s;\n", str); if ((str = info->mfr) != NULL) - len += sprintf (buffer + len, "MANUFACTURER:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "MANUFACTURER:%s;\n", str); if ((str = info->description) != NULL) - len += sprintf (buffer + len, "DESCRIPTION:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "DESCRIPTION:%s;\n", str); if ((str = info->cmdset) != NULL) - len += sprintf (buffer + len, "COMMAND SET:%s;\n", str); + len += snprintf (buffer + len, sizeof(buffer) - len, "COMMAND SET:%s;\n", str); if (len > *lenp) len = *lenp; @@ -117,7 +117,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, void *result, size_t *lenp, loff_t *ppos) { struct parport *port = (struct parport *)table->extra1; - char buffer[20]; + char buffer[64]; int len = 0; if (*ppos) { @@ -128,7 +128,7 @@ static int do_hardware_base_addr(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%lu\t%lu\n", port->base, port->base_hi); + len += snprintf (buffer, sizeof(buffer), "%lu\t%lu\n", port->base, port->base_hi); if (len > *lenp) len = *lenp; @@ -155,7 +155,7 @@ static int do_hardware_irq(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%d\n", port->irq); + len += snprintf (buffer, sizeof(buffer), "%d\n", port->irq); if (len > *lenp) len = *lenp; @@ -182,7 +182,7 @@ static int do_hardware_dma(struct ctl_table *table, int write, if (write) /* permissions prevent this anyway */ return -EACCES; - len += sprintf (buffer, "%d\n", port->dma); + len += snprintf (buffer, sizeof(buffer), "%d\n", port->dma); if (len > *lenp) len = *lenp; @@ -213,7 +213,7 @@ static int do_hardware_modes(struct ctl_table *table, int write, #define printmode(x) \ do { \ if (port->modes & PARPORT_MODE_##x) \ - len += sprintf(buffer + len, "%s%s", f++ ? "," : "", #x); \ + len += snprintf(buffer + len, sizeof(buffer) - len, "%s%s", f++ ? "," : "", #x); \ } while (0) int f = 0; printmode(PCSPP);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 840b7a5edf88fe678c60dee88a135647c0ea4375 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072924-yonder-factoid-6692@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 840b7a5edf88 ("PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio") 58adbfb3ebec ("PCI: rockchip: Make 'ep-gpios' DT property optional") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 840b7a5edf88fe678c60dee88a135647c0ea4375 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Tue, 16 Apr 2024 11:12:35 +0530 Subject: [PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rockchip platforms use 'GPIO_ACTIVE_HIGH' flag in the devicetree definition for ep_gpio. This means, whatever the logical value set by the driver for the ep_gpio, physical line will output the same logic level. For instance, gpiod_set_value_cansleep(rockchip->ep_gpio, 0); --> Level low gpiod_set_value_cansleep(rockchip->ep_gpio, 1); --> Level high But while requesting the ep_gpio, GPIOD_OUT_HIGH flag is currently used. Now, this also causes the physical line to output 'high' creating trouble for endpoint devices during host reboot. When host reboot happens, the ep_gpio will initially output 'low' due to the GPIO getting reset to its POR value. Then during host controller probe, it will output 'high' due to GPIOD_OUT_HIGH flag. Then during rockchip_pcie_host_init_port(), it will first output 'low' and then 'high' indicating the completion of controller initialization. On the endpoint side, each output 'low' of ep_gpio is accounted for PERST# assert and 'high' for PERST# deassert. With the above mentioned flow during host reboot, endpoint will witness below state changes for PERST#: (1) PERST# assert - GPIO POR state (2) PERST# deassert - GPIOD_OUT_HIGH while requesting GPIO (3) PERST# assert - rockchip_pcie_host_init_port() (4) PERST# deassert - rockchip_pcie_host_init_port() Now the time interval between (2) and (3) is very short as both happen during the driver probe(), and this results in a race in the endpoint. Because, before completing the PERST# deassertion in (2), endpoint got another PERST# assert in (3). A proper way to fix this issue is to change the GPIOD_OUT_HIGH flag in (2) to GPIOD_OUT_LOW. Because the usual convention is to request the GPIO with a state corresponding to its 'initial/default' value and let the driver change the state of the GPIO when required. As per that, the ep_gpio should be requested with GPIOD_OUT_LOW as it corresponds to the POR value of '0' (PERST# assert in the endpoint). Then the driver can change the state of the ep_gpio later in rockchip_pcie_host_init_port() as per the initialization sequence. This fixes the firmware crash issue in Qcom based modems connected to Rockpro64 based board. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Closes: https://lore.kernel.org/mhi/20240402045647.GG2933@thinkpad/ Link: https://lore.kernel.org/linux-pci/20240416-pci-rockchip-perst-fix-v1-1-4800… Reported-by: Slark Xiao <slark_xiao(a)163.com> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Cc: stable(a)vger.kernel.org # v4.9 diff --git a/drivers/pci/controller/pcie-rockchip.c b/drivers/pci/controller/pcie-rockchip.c index 0ef2e622d36e..c07d7129f1c7 100644 --- a/drivers/pci/controller/pcie-rockchip.c +++ b/drivers/pci/controller/pcie-rockchip.c @@ -121,7 +121,7 @@ int rockchip_pcie_parse_dt(struct rockchip_pcie *rockchip) if (rockchip->is_rc) { rockchip->ep_gpio = devm_gpiod_get_optional(dev, "ep", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->ep_gpio)) return dev_err_probe(dev, PTR_ERR(rockchip->ep_gpio), "failed to get ep GPIO\n");

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 840b7a5edf88fe678c60dee88a135647c0ea4375 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072923-grating-bobsled-30d0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 840b7a5edf88 ("PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio") 58adbfb3ebec ("PCI: rockchip: Make 'ep-gpios' DT property optional") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 840b7a5edf88fe678c60dee88a135647c0ea4375 Mon Sep 17 00:00:00 2001 From: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Date: Tue, 16 Apr 2024 11:12:35 +0530 Subject: [PATCH] PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rockchip platforms use 'GPIO_ACTIVE_HIGH' flag in the devicetree definition for ep_gpio. This means, whatever the logical value set by the driver for the ep_gpio, physical line will output the same logic level. For instance, gpiod_set_value_cansleep(rockchip->ep_gpio, 0); --> Level low gpiod_set_value_cansleep(rockchip->ep_gpio, 1); --> Level high But while requesting the ep_gpio, GPIOD_OUT_HIGH flag is currently used. Now, this also causes the physical line to output 'high' creating trouble for endpoint devices during host reboot. When host reboot happens, the ep_gpio will initially output 'low' due to the GPIO getting reset to its POR value. Then during host controller probe, it will output 'high' due to GPIOD_OUT_HIGH flag. Then during rockchip_pcie_host_init_port(), it will first output 'low' and then 'high' indicating the completion of controller initialization. On the endpoint side, each output 'low' of ep_gpio is accounted for PERST# assert and 'high' for PERST# deassert. With the above mentioned flow during host reboot, endpoint will witness below state changes for PERST#: (1) PERST# assert - GPIO POR state (2) PERST# deassert - GPIOD_OUT_HIGH while requesting GPIO (3) PERST# assert - rockchip_pcie_host_init_port() (4) PERST# deassert - rockchip_pcie_host_init_port() Now the time interval between (2) and (3) is very short as both happen during the driver probe(), and this results in a race in the endpoint. Because, before completing the PERST# deassertion in (2), endpoint got another PERST# assert in (3). A proper way to fix this issue is to change the GPIOD_OUT_HIGH flag in (2) to GPIOD_OUT_LOW. Because the usual convention is to request the GPIO with a state corresponding to its 'initial/default' value and let the driver change the state of the GPIO when required. As per that, the ep_gpio should be requested with GPIOD_OUT_LOW as it corresponds to the POR value of '0' (PERST# assert in the endpoint). Then the driver can change the state of the ep_gpio later in rockchip_pcie_host_init_port() as per the initialization sequence. This fixes the firmware crash issue in Qcom based modems connected to Rockpro64 based board. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Closes: https://lore.kernel.org/mhi/20240402045647.GG2933@thinkpad/ Link: https://lore.kernel.org/linux-pci/20240416-pci-rockchip-perst-fix-v1-1-4800… Reported-by: Slark Xiao <slark_xiao(a)163.com> Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Cc: stable(a)vger.kernel.org # v4.9 diff --git a/drivers/pci/controller/pcie-rockchip.c b/drivers/pci/controller/pcie-rockchip.c index 0ef2e622d36e..c07d7129f1c7 100644 --- a/drivers/pci/controller/pcie-rockchip.c +++ b/drivers/pci/controller/pcie-rockchip.c @@ -121,7 +121,7 @@ int rockchip_pcie_parse_dt(struct rockchip_pcie *rockchip) if (rockchip->is_rc) { rockchip->ep_gpio = devm_gpiod_get_optional(dev, "ep", - GPIOD_OUT_HIGH); + GPIOD_OUT_LOW); if (IS_ERR(rockchip->ep_gpio)) return dev_err_probe(dev, PTR_ERR(rockchip->ep_gpio), "failed to get ep GPIO\n");

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-platter-duke-71de@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") 7470849745e6 ("video: Move HP PARISC STI core code to shared location") 93604a5ade3a ("fbdev: Handle video= parameter in video/cmdline.c") 367221793d47 ("fbdev: Move option-string lookup into helper") 6d8ad3406a69 ("fbdev: Unexport fb_mode_option") cedaf7cddd73 ("fbdev: Support NULL for name in option-string lookup") 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller; clarify ownership") 678573b8eee2 ("fbdev/vesafb: Do not use struct fb_info.apertures") 4ef614be6557 ("fbdev/vesafb: Remove trailing whitespaces") 9a758d8756da ("drm: Move nomodeset kernel parameter to drivers/video") 7283f862bd99 ("drm: Implement DRM aperture helpers under video/") efc8f3229f84 ("MAINTAINERS: Broaden scope of simpledrm entry") fb84efa28a48 ("drm/aperture: Run fbdev removal before internal helpers") 2518f226c60d ("Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072912-chafe-starship-0f16@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") 7470849745e6 ("video: Move HP PARISC STI core code to shared location") 93604a5ade3a ("fbdev: Handle video= parameter in video/cmdline.c") 367221793d47 ("fbdev: Move option-string lookup into helper") 6d8ad3406a69 ("fbdev: Unexport fb_mode_option") cedaf7cddd73 ("fbdev: Support NULL for name in option-string lookup") 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller; clarify ownership") 678573b8eee2 ("fbdev/vesafb: Do not use struct fb_info.apertures") 4ef614be6557 ("fbdev/vesafb: Remove trailing whitespaces") 9a758d8756da ("drm: Move nomodeset kernel parameter to drivers/video") 7283f862bd99 ("drm: Implement DRM aperture helpers under video/") efc8f3229f84 ("MAINTAINERS: Broaden scope of simpledrm entry") fb84efa28a48 ("drm/aperture: Run fbdev removal before internal helpers") 2518f226c60d ("Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072902-arise-online-fd6e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") 7470849745e6 ("video: Move HP PARISC STI core code to shared location") 93604a5ade3a ("fbdev: Handle video= parameter in video/cmdline.c") 367221793d47 ("fbdev: Move option-string lookup into helper") 6d8ad3406a69 ("fbdev: Unexport fb_mode_option") cedaf7cddd73 ("fbdev: Support NULL for name in option-string lookup") 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller; clarify ownership") 678573b8eee2 ("fbdev/vesafb: Do not use struct fb_info.apertures") 4ef614be6557 ("fbdev/vesafb: Remove trailing whitespaces") 9a758d8756da ("drm: Move nomodeset kernel parameter to drivers/video") 7283f862bd99 ("drm: Implement DRM aperture helpers under video/") efc8f3229f84 ("MAINTAINERS: Broaden scope of simpledrm entry") fb84efa28a48 ("drm/aperture: Run fbdev removal before internal helpers") 2518f226c60d ("Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072956-rockfish-extradite-7f79@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") 7470849745e6 ("video: Move HP PARISC STI core code to shared location") 93604a5ade3a ("fbdev: Handle video= parameter in video/cmdline.c") 367221793d47 ("fbdev: Move option-string lookup into helper") 6d8ad3406a69 ("fbdev: Unexport fb_mode_option") cedaf7cddd73 ("fbdev: Support NULL for name in option-string lookup") 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller; clarify ownership") 678573b8eee2 ("fbdev/vesafb: Do not use struct fb_info.apertures") 4ef614be6557 ("fbdev/vesafb: Remove trailing whitespaces") 9a758d8756da ("drm: Move nomodeset kernel parameter to drivers/video") 7283f862bd99 ("drm: Implement DRM aperture helpers under video/") efc8f3229f84 ("MAINTAINERS: Broaden scope of simpledrm entry") fb84efa28a48 ("drm/aperture: Run fbdev removal before internal helpers") 2518f226c60d ("Merge tag 'drm-next-2022-05-25' of git://anongit.freedesktop.org/drm/drm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072951-greeter-mummy-752b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") 7470849745e6 ("video: Move HP PARISC STI core code to shared location") 93604a5ade3a ("fbdev: Handle video= parameter in video/cmdline.c") 367221793d47 ("fbdev: Move option-string lookup into helper") 6d8ad3406a69 ("fbdev: Unexport fb_mode_option") cedaf7cddd73 ("fbdev: Support NULL for name in option-string lookup") 73ce73c30ba9 ("fbdev: Transfer video= option strings to caller; clarify ownership") 678573b8eee2 ("fbdev/vesafb: Do not use struct fb_info.apertures") 4ef614be6557 ("fbdev/vesafb: Remove trailing whitespaces") 9a758d8756da ("drm: Move nomodeset kernel parameter to drivers/video") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c2bc958b2b03e361f14df99983bc64a39a7323a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072945-reenter-waving-4e70@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c2bc958b2b03 ("fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes") 75fa9b7e375e ("video: Add helpers for decoding screen_info") 3218286bbb78 ("fbdev/vesafb: Replace references to global screen_info by local pointer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2bc958b2b03e361f14df99983bc64a39a7323a3 Mon Sep 17 00:00:00 2001 From: Thomas Zimmermann <tzimmermann(a)suse.de> Date: Mon, 17 Jun 2024 13:06:27 +0200 Subject: [PATCH] fbdev: vesafb: Detect VGA compatibility from screen info's VESA attributes Test the vesa_attributes field in struct screen_info for compatibility with VGA hardware. Vesafb currently tests bit 1 in screen_info's capabilities field which indicates a 64-bit lfb address and is unrelated to VGA compatibility. Section 4.4 of the Vesa VBE 2.0 specifications defines that bit 5 in the mode's attributes field signals VGA compatibility. The mode is compatible with VGA hardware if the bit is clear. In that case, the driver can access VGA state of the VBE's underlying hardware. The vesafb driver uses this feature to program the color LUT in palette modes. Without, colors might be incorrect. The problem got introduced in commit 89ec4c238e7a ("[PATCH] vesafb: Fix incorrect logo colors in x86_64"). It incorrectly stores the mode attributes in the screen_info's capabilities field and updates vesafb accordingly. Later, commit 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") fixed the screen_info, but did not update vesafb. Color output still tends to work, because bit 1 in capabilities is usually 0. Besides fixing the bug in vesafb, this commit introduces a helper that reads the correct bit from screen_info. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 5e8ddcbe8692 ("Video mode probing support for the new x86 setup code") Reviewed-by: Javier Martinez Canillas <javierm(a)redhat.com> Cc: <stable(a)vger.kernel.org> # v2.6.23+ Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git a/drivers/video/fbdev/vesafb.c b/drivers/video/fbdev/vesafb.c index 8ab64ae4cad3..5a161750a3ae 100644 --- a/drivers/video/fbdev/vesafb.c +++ b/drivers/video/fbdev/vesafb.c @@ -271,7 +271,7 @@ static int vesafb_probe(struct platform_device *dev) if (si->orig_video_isVGA != VIDEO_TYPE_VLFB) return -ENODEV; - vga_compat = (si->capabilities & 2) ? 0 : 1; + vga_compat = !__screen_info_vbe_mode_nonvga(si); vesafb_fix.smem_start = si->lfb_base; vesafb_defined.bits_per_pixel = si->lfb_depth; if (15 == vesafb_defined.bits_per_pixel) diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 75303c126285..6a4a3cec4638 100644 --- a/include/linux/screen_info.h +++ b/include/linux/screen_info.h @@ -49,6 +49,16 @@ static inline u64 __screen_info_lfb_size(const struct screen_info *si, unsigned return lfb_size; } +static inline bool __screen_info_vbe_mode_nonvga(const struct screen_info *si) +{ + /* + * VESA modes typically run on VGA hardware. Set bit 5 signals that this + * is not the case. Drivers can then not make use of VGA resources. See + * Sec 4.4 of the VBE 2.0 spec. + */ + return si->vesa_attributes & BIT(5); +} + static inline unsigned int __screen_info_video_type(unsigned int type) { switch (type) {

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e6e18021ddd0dc5af487fb86b6d7c964e062d692 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072902-kooky-velocity-3391@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e6e18021ddd0 ("ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models") 2be46155d792 ("ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp") 0bfe105018bd ("ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR") 24b6332c2d4f ("ALSA: hda: Add Lenovo Legion 7i gen7 sound quirk") b5cb53fd3277 ("ALSA: hda/tas2781: add fixup for Lenovo 14ARB7") ba7053b4b4a4 ("ALSA: hda: Add driver properties for cs35l41 for Lenovo Legion Slim 7 Gen 8 serie") d110858a6925 ("ALSA: hda: cs35l41: Prevent firmware load if SPI speed too low") ee694e7db47e ("ALSA: hda: cs35l41: Support additional Dell models without _DSD") 2b35b66d82dc ("ALSA: hda: cs35l41: Support additional ASUS Zenbook 2023 Models") b257187bcff4 ("ALSA: hda: cs35l41: Support additional ASUS Zenbook 2022 Models") b592ed2e1d78 ("ALSA: hda: cs35l41: Support additional ASUS ROG 2023 models") 8c4c216db8fb ("ALSA: hda: cs35l41: Add config table to support many laptops without _DSD") f01b371b0794 ("ALSA: hda: cs35l41: Use reset label to get GPIO for HP Zbook Fury 17 G9") 447106e92a0c ("ALSA: hda: cs35l41: Support mute notifications for CS35L41 HDA") 93dc18e11b1a ("ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED") 581523ee3652 ("ALSA: hda: cs35l41: Override the _DSD for HP Zbook Fury 17 G9 to correct boost type") 3babae915f4c ("ALSA: hda/tas2781: Add tas2781 HDA driver") ef4ba63f12b0 ("ALSA: hda: cs35l41: Support systems with missing _DSD properties") a32e0834df76 ("Merge tag 'asoc-v6.6-early' of https://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6e18021ddd0dc5af487fb86b6d7c964e062d692 Mon Sep 17 00:00:00 2001 From: "Luke D. Jones" <luke(a)ljones.dev> Date: Tue, 23 Jul 2024 13:12:24 +1200 Subject: [PATCH] ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models Adjust quirks for 0x3a20, 0x3a30, 0x3a50 to match the 0x3a60. This set has now been confirmed to work with this patch. Signed-off-by: Luke D. Jones <luke(a)ljones.dev> Fixes: 811dd426a9b1 ("ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41") Cc: <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240723011224.115579-1-luke@ljones.dev Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index c3a86a99f8c6..462194bf6954 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10359,10 +10359,10 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1043, 0x1f62, "ASUS UX7602ZM", ALC245_FIXUP_CS35L41_SPI_2), SND_PCI_QUIRK(0x1043, 0x1f92, "ASUS ROG Flow X16", ALC289_FIXUP_ASUS_GA401), SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2), - SND_PCI_QUIRK(0x1043, 0x3a20, "ASUS G614JZR", ALC245_FIXUP_CS35L41_SPI_2), - SND_PCI_QUIRK(0x1043, 0x3a30, "ASUS G814JVR/JIR", ALC245_FIXUP_CS35L41_SPI_2), + SND_PCI_QUIRK(0x1043, 0x3a20, "ASUS G614JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), + SND_PCI_QUIRK(0x1043, 0x3a30, "ASUS G814JVR/JIR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x3a40, "ASUS G814JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), - SND_PCI_QUIRK(0x1043, 0x3a50, "ASUS G834JYR/JZR", ALC245_FIXUP_CS35L41_SPI_2), + SND_PCI_QUIRK(0x1043, 0x3a50, "ASUS G834JYR/JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x3a60, "ASUS G634JYR/JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x1043, 0x834a, "ASUS S101", ALC269_FIXUP_STEREO_DMIC),

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e6e18021ddd0dc5af487fb86b6d7c964e062d692 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072959-wilt-balsamic-2f7d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e6e18021ddd0 ("ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models") 2be46155d792 ("ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp") 0bfe105018bd ("ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR") 24b6332c2d4f ("ALSA: hda: Add Lenovo Legion 7i gen7 sound quirk") b5cb53fd3277 ("ALSA: hda/tas2781: add fixup for Lenovo 14ARB7") ba7053b4b4a4 ("ALSA: hda: Add driver properties for cs35l41 for Lenovo Legion Slim 7 Gen 8 serie") d110858a6925 ("ALSA: hda: cs35l41: Prevent firmware load if SPI speed too low") ee694e7db47e ("ALSA: hda: cs35l41: Support additional Dell models without _DSD") 2b35b66d82dc ("ALSA: hda: cs35l41: Support additional ASUS Zenbook 2023 Models") b257187bcff4 ("ALSA: hda: cs35l41: Support additional ASUS Zenbook 2022 Models") b592ed2e1d78 ("ALSA: hda: cs35l41: Support additional ASUS ROG 2023 models") 8c4c216db8fb ("ALSA: hda: cs35l41: Add config table to support many laptops without _DSD") f01b371b0794 ("ALSA: hda: cs35l41: Use reset label to get GPIO for HP Zbook Fury 17 G9") 447106e92a0c ("ALSA: hda: cs35l41: Support mute notifications for CS35L41 HDA") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6e18021ddd0dc5af487fb86b6d7c964e062d692 Mon Sep 17 00:00:00 2001 From: "Luke D. Jones" <luke(a)ljones.dev> Date: Tue, 23 Jul 2024 13:12:24 +1200 Subject: [PATCH] ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models Adjust quirks for 0x3a20, 0x3a30, 0x3a50 to match the 0x3a60. This set has now been confirmed to work with this patch. Signed-off-by: Luke D. Jones <luke(a)ljones.dev> Fixes: 811dd426a9b1 ("ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41") Cc: <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240723011224.115579-1-luke@ljones.dev Signed-off-by: Takashi Iwai <tiwai(a)suse.de> diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c index c3a86a99f8c6..462194bf6954 100644 --- a/sound/pci/hda/patch_realtek.c +++ b/sound/pci/hda/patch_realtek.c @@ -10359,10 +10359,10 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { SND_PCI_QUIRK(0x1043, 0x1f62, "ASUS UX7602ZM", ALC245_FIXUP_CS35L41_SPI_2), SND_PCI_QUIRK(0x1043, 0x1f92, "ASUS ROG Flow X16", ALC289_FIXUP_ASUS_GA401), SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2), - SND_PCI_QUIRK(0x1043, 0x3a20, "ASUS G614JZR", ALC245_FIXUP_CS35L41_SPI_2), - SND_PCI_QUIRK(0x1043, 0x3a30, "ASUS G814JVR/JIR", ALC245_FIXUP_CS35L41_SPI_2), + SND_PCI_QUIRK(0x1043, 0x3a20, "ASUS G614JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), + SND_PCI_QUIRK(0x1043, 0x3a30, "ASUS G814JVR/JIR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x3a40, "ASUS G814JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), - SND_PCI_QUIRK(0x1043, 0x3a50, "ASUS G834JYR/JZR", ALC245_FIXUP_CS35L41_SPI_2), + SND_PCI_QUIRK(0x1043, 0x3a50, "ASUS G834JYR/JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x3a60, "ASUS G634JYR/JZR", ALC285_FIXUP_ASUS_SPI_REAR_SPEAKERS), SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC), SND_PCI_QUIRK(0x1043, 0x834a, "ASUS S101", ALC269_FIXUP_STEREO_DMIC),

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] jbd2: avoid infinite transaction commit loop" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 27ba5b67312a944576addc4df44ac3b709aabede # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-thirty-clay-7316@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 27ba5b67312a ("jbd2: avoid infinite transaction commit loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27ba5b67312a944576addc4df44ac3b709aabede Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Mon, 24 Jun 2024 19:01:19 +0200 Subject: [PATCH] jbd2: avoid infinite transaction commit loop Commit 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") started to account descriptor blocks into transactions outstanding credits. However it didn't appropriately decrease the maximum amount of credits available to userspace. Thus if the filesystem requests a transaction smaller than j_max_transaction_buffers but large enough that when descriptor blocks are added the size exceeds j_max_transaction_buffers, we confuse add_transaction_credits() into thinking previous handles have grown the transaction too much and enter infinite journal commit loop in start_this_handle() -> add_transaction_credits() trying to create transaction with enough credits available. Fix the problem by properly accounting for transaction space reserved for descriptor blocks when verifying requested transaction handle size. CC: stable(a)vger.kernel.org Fixes: 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") Reported-by: Alexander Coffin <alex.coffin(a)maticrobots.com> Link: https://lore.kernel.org/all/CA+hUFcuGs04JHZ_WzA1zGN57+ehL2qmHOt5a7RMpo+rv6V… Signed-off-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Zhang Yi <yi.zhang(a)huawei.com> Link: https://patch.msgid.link/20240624170127.3253-3-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index a095f1a3114b..66513c18ca29 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -191,6 +191,13 @@ static void sub_reserved_credits(journal_t *journal, int blocks) wake_up(&journal->j_wait_reserved); } +/* Maximum number of blocks for user transaction payload */ +static int jbd2_max_user_trans_buffers(journal_t *journal) +{ + return journal->j_max_transaction_buffers - + journal->j_transaction_overhead_buffers; +} + /* * Wait until we can add credits for handle to the running transaction. Called * with j_state_lock held for reading. Returns 0 if handle joined the running @@ -240,12 +247,12 @@ __must_hold(&journal->j_state_lock) * big to fit this handle? Wait until reserved credits are freed. */ if (atomic_read(&journal->j_reserved_credits) + total > - journal->j_max_transaction_buffers) { + jbd2_max_user_trans_buffers(journal)) { read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + total <= - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -285,14 +292,14 @@ __must_hold(&journal->j_state_lock) needed = atomic_add_return(rsv_blocks, &journal->j_reserved_credits); /* We allow at most half of a transaction to be reserved */ - if (needed > journal->j_max_transaction_buffers / 2) { + if (needed > jbd2_max_user_trans_buffers(journal) / 2) { sub_reserved_credits(journal, rsv_blocks); atomic_sub(total, &t->t_outstanding_credits); read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + rsv_blocks - <= journal->j_max_transaction_buffers / 2); + <= jbd2_max_user_trans_buffers(journal) / 2); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -322,12 +329,12 @@ static int start_this_handle(journal_t *journal, handle_t *handle, * size and limit the number of total credits to not exceed maximum * transaction size per operation. */ - if ((rsv_blocks > journal->j_max_transaction_buffers / 2) || - (rsv_blocks + blocks > journal->j_max_transaction_buffers)) { + if (rsv_blocks > jbd2_max_user_trans_buffers(journal) / 2 || + rsv_blocks + blocks > jbd2_max_user_trans_buffers(journal)) { printk(KERN_ERR "JBD2: %s wants too many credits " "credits:%d rsv_credits:%d max:%d\n", current->comm, blocks, rsv_blocks, - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); WARN_ON(1); return -ENOSPC; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] jbd2: avoid infinite transaction commit loop" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 27ba5b67312a944576addc4df44ac3b709aabede # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072949-unframed-extradite-14cf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 27ba5b67312a ("jbd2: avoid infinite transaction commit loop") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27ba5b67312a944576addc4df44ac3b709aabede Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Mon, 24 Jun 2024 19:01:19 +0200 Subject: [PATCH] jbd2: avoid infinite transaction commit loop Commit 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") started to account descriptor blocks into transactions outstanding credits. However it didn't appropriately decrease the maximum amount of credits available to userspace. Thus if the filesystem requests a transaction smaller than j_max_transaction_buffers but large enough that when descriptor blocks are added the size exceeds j_max_transaction_buffers, we confuse add_transaction_credits() into thinking previous handles have grown the transaction too much and enter infinite journal commit loop in start_this_handle() -> add_transaction_credits() trying to create transaction with enough credits available. Fix the problem by properly accounting for transaction space reserved for descriptor blocks when verifying requested transaction handle size. CC: stable(a)vger.kernel.org Fixes: 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") Reported-by: Alexander Coffin <alex.coffin(a)maticrobots.com> Link: https://lore.kernel.org/all/CA+hUFcuGs04JHZ_WzA1zGN57+ehL2qmHOt5a7RMpo+rv6V… Signed-off-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Zhang Yi <yi.zhang(a)huawei.com> Link: https://patch.msgid.link/20240624170127.3253-3-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index a095f1a3114b..66513c18ca29 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -191,6 +191,13 @@ static void sub_reserved_credits(journal_t *journal, int blocks) wake_up(&journal->j_wait_reserved); } +/* Maximum number of blocks for user transaction payload */ +static int jbd2_max_user_trans_buffers(journal_t *journal) +{ + return journal->j_max_transaction_buffers - + journal->j_transaction_overhead_buffers; +} + /* * Wait until we can add credits for handle to the running transaction. Called * with j_state_lock held for reading. Returns 0 if handle joined the running @@ -240,12 +247,12 @@ __must_hold(&journal->j_state_lock) * big to fit this handle? Wait until reserved credits are freed. */ if (atomic_read(&journal->j_reserved_credits) + total > - journal->j_max_transaction_buffers) { + jbd2_max_user_trans_buffers(journal)) { read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + total <= - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -285,14 +292,14 @@ __must_hold(&journal->j_state_lock) needed = atomic_add_return(rsv_blocks, &journal->j_reserved_credits); /* We allow at most half of a transaction to be reserved */ - if (needed > journal->j_max_transaction_buffers / 2) { + if (needed > jbd2_max_user_trans_buffers(journal) / 2) { sub_reserved_credits(journal, rsv_blocks); atomic_sub(total, &t->t_outstanding_credits); read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + rsv_blocks - <= journal->j_max_transaction_buffers / 2); + <= jbd2_max_user_trans_buffers(journal) / 2); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -322,12 +329,12 @@ static int start_this_handle(journal_t *journal, handle_t *handle, * size and limit the number of total credits to not exceed maximum * transaction size per operation. */ - if ((rsv_blocks > journal->j_max_transaction_buffers / 2) || - (rsv_blocks + blocks > journal->j_max_transaction_buffers)) { + if (rsv_blocks > jbd2_max_user_trans_buffers(journal) / 2 || + rsv_blocks + blocks > jbd2_max_user_trans_buffers(journal)) { printk(KERN_ERR "JBD2: %s wants too many credits " "credits:%d rsv_credits:%d max:%d\n", current->comm, blocks, rsv_blocks, - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); WARN_ON(1); return -ENOSPC; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Check for pending posted interrupts when looking" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 27c4fa42b11af780d49ce704f7fa67b3c2544df4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072918-undivided-veneering-9883@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 27c4fa42b11a ("KVM: nVMX: Check for pending posted interrupts when looking for nested events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27c4fa42b11af780d49ce704f7fa67b3c2544df4 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:07 -0700 Subject: [PATCH] KVM: nVMX: Check for pending posted interrupts when looking for nested events Check for pending (and notified!) posted interrupts when checking if L2 has a pending wake event, as fully posted/notified virtual interrupt is a valid wake event for HLT. Note that KVM must check vmx->nested.pi_pending to avoid prematurely waking L2, e.g. even if KVM sees a non-zero PID.PIR and PID.0N=1, the virtual interrupt won't actually be recognized until a notification IRQ is received by the vCPU or the vCPU does (nested) VM-Enter. Fixes: 26844fee6ade ("KVM: x86: never write to memory from kvm_vcpu_check_block()") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Reported-by: Jim Mattson <jmattson(a)google.com> Closes: https://lore.kernel.org/all/20231207010302.2240506-1-jmattson@google.com Link: https://lore.kernel.org/r/20240607172609.3205077-5-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 411fe7aa0793..732340ff3300 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4034,8 +4034,40 @@ static bool nested_vmx_preemption_timer_pending(struct kvm_vcpu *vcpu) static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection) { - return nested_vmx_preemption_timer_pending(vcpu) || - to_vmx(vcpu)->nested.mtf_pending; + struct vcpu_vmx *vmx = to_vmx(vcpu); + void *vapic = vmx->nested.virtual_apic_map.hva; + int max_irr, vppr; + + if (nested_vmx_preemption_timer_pending(vcpu) || + vmx->nested.mtf_pending) + return true; + + /* + * Virtual Interrupt Delivery doesn't require manual injection. Either + * the interrupt is already in GUEST_RVI and will be recognized by CPU + * at VM-Entry, or there is a KVM_REQ_EVENT pending and KVM will move + * the interrupt from the PIR to RVI prior to entering the guest. + */ + if (for_injection) + return false; + + if (!nested_cpu_has_vid(get_vmcs12(vcpu)) || + __vmx_interrupt_blocked(vcpu)) + return false; + + if (!vapic) + return false; + + vppr = *((u32 *)(vapic + APIC_PROCPRI)); + + if (vmx->nested.pi_pending && vmx->nested.pi_desc && + pi_test_on(vmx->nested.pi_desc)) { + max_irr = pi_find_highest_vector(vmx->nested.pi_desc); + if (max_irr > 0 && (max_irr & 0xf0) > (vppr & 0xf0)) + return true; + } + + return false; } /*

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Check for pending posted interrupts when looking" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 27c4fa42b11af780d49ce704f7fa67b3c2544df4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072918-outsource-hardwired-03be@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 27c4fa42b11a ("KVM: nVMX: Check for pending posted interrupts when looking for nested events") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27c4fa42b11af780d49ce704f7fa67b3c2544df4 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:07 -0700 Subject: [PATCH] KVM: nVMX: Check for pending posted interrupts when looking for nested events Check for pending (and notified!) posted interrupts when checking if L2 has a pending wake event, as fully posted/notified virtual interrupt is a valid wake event for HLT. Note that KVM must check vmx->nested.pi_pending to avoid prematurely waking L2, e.g. even if KVM sees a non-zero PID.PIR and PID.0N=1, the virtual interrupt won't actually be recognized until a notification IRQ is received by the vCPU or the vCPU does (nested) VM-Enter. Fixes: 26844fee6ade ("KVM: x86: never write to memory from kvm_vcpu_check_block()") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Reported-by: Jim Mattson <jmattson(a)google.com> Closes: https://lore.kernel.org/all/20231207010302.2240506-1-jmattson@google.com Link: https://lore.kernel.org/r/20240607172609.3205077-5-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 411fe7aa0793..732340ff3300 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4034,8 +4034,40 @@ static bool nested_vmx_preemption_timer_pending(struct kvm_vcpu *vcpu) static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection) { - return nested_vmx_preemption_timer_pending(vcpu) || - to_vmx(vcpu)->nested.mtf_pending; + struct vcpu_vmx *vmx = to_vmx(vcpu); + void *vapic = vmx->nested.virtual_apic_map.hva; + int max_irr, vppr; + + if (nested_vmx_preemption_timer_pending(vcpu) || + vmx->nested.mtf_pending) + return true; + + /* + * Virtual Interrupt Delivery doesn't require manual injection. Either + * the interrupt is already in GUEST_RVI and will be recognized by CPU + * at VM-Entry, or there is a KVM_REQ_EVENT pending and KVM will move + * the interrupt from the PIR to RVI prior to entering the guest. + */ + if (for_injection) + return false; + + if (!nested_cpu_has_vid(get_vmcs12(vcpu)) || + __vmx_interrupt_blocked(vcpu)) + return false; + + if (!vapic) + return false; + + vppr = *((u32 *)(vapic + APIC_PROCPRI)); + + if (vmx->nested.pi_pending && vmx->nested.pi_desc && + pi_test_on(vmx->nested.pi_desc)) { + max_irr = pi_find_highest_vector(vmx->nested.pi_desc); + if (max_irr > 0 && (max_irr & 0xf0) > (vppr & 0xf0)) + return true; + } + + return false; } /*

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Fold requested virtual interrupt check into" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 321ef62b0c5f6f57bb8500a2ca5986052675abbf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072925-straw-mashing-54f6@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 321ef62b0c5f ("KVM: nVMX: Fold requested virtual interrupt check into has_nested_events()") 27c4fa42b11a ("KVM: nVMX: Check for pending posted interrupts when looking for nested events") e366f92ea99e ("KVM: SEV: Support SEV-SNP AP Creation NAE event") c63cf135cc99 ("KVM: SEV: Add support to handle RMP nested page faults") 9b54e248d264 ("KVM: SEV: Add support to handle Page State Change VMGEXIT") d46b7b6a5f9e ("KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT") 0c76b1d08280 ("KVM: SEV: Add support to handle GHCB GPA register VMGEXIT") 1dfe571c12cf ("KVM: SEV: Add initial SEV-SNP support") bbe10a5cc0c7 ("Merge branch 'kvm-sev-es-ghcbv2' into HEAD") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 321ef62b0c5f6f57bb8500a2ca5986052675abbf Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:08 -0700 Subject: [PATCH] KVM: nVMX: Fold requested virtual interrupt check into has_nested_events() Check for a Requested Virtual Interrupt, i.e. a virtual interrupt that is pending delivery, in vmx_has_nested_events() and drop the one-off kvm_x86_ops.guest_apic_has_interrupt() hook. In addition to dropping a superfluous hook, this fixes a bug where KVM would incorrectly treat virtual interrupts _for L2_ as always enabled due to kvm_arch_interrupt_allowed(), by way of vmx_interrupt_blocked(), treating IRQs as enabled if L2 is active and vmcs12 is configured to exit on IRQs, i.e. KVM would treat a virtual interrupt for L2 as a valid wake event based on L1's IRQ blocking status. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240607172609.3205077-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 566d19b02483..f91d413d7de1 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -85,7 +85,6 @@ KVM_X86_OP_OPTIONAL(update_cr8_intercept) KVM_X86_OP(refresh_apicv_exec_ctrl) KVM_X86_OP_OPTIONAL(hwapic_irr_update) KVM_X86_OP_OPTIONAL(hwapic_isr_update) -KVM_X86_OP_OPTIONAL_RET0(guest_apic_has_interrupt) KVM_X86_OP_OPTIONAL(load_eoi_exitmap) KVM_X86_OP_OPTIONAL(set_virtual_apic_mode) KVM_X86_OP_OPTIONAL(set_apic_access_page_addr) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b3b796f06801..2715c1d6a4db 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1715,7 +1715,6 @@ struct kvm_x86_ops { void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu); void (*hwapic_irr_update)(struct kvm_vcpu *vcpu, int max_irr); void (*hwapic_isr_update)(int isr); - bool (*guest_apic_has_interrupt)(struct kvm_vcpu *vcpu); void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap); void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu); void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index d4ed681785fd..547fca3709fe 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -97,7 +97,6 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS, .hwapic_irr_update = vmx_hwapic_irr_update, .hwapic_isr_update = vmx_hwapic_isr_update, - .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, .sync_pir_to_irr = vmx_sync_pir_to_irr, .deliver_interrupt = vmx_deliver_interrupt, .dy_apicv_has_pending_interrupt = pi_has_pending_interrupt, diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 732340ff3300..7c57d6524f75 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4060,6 +4060,10 @@ static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection) vppr = *((u32 *)(vapic + APIC_PROCPRI)); + max_irr = vmx_get_rvi(); + if ((max_irr & 0xf0) > (vppr & 0xf0)) + return true; + if (vmx->nested.pi_pending && vmx->nested.pi_desc && pi_test_on(vmx->nested.pi_desc)) { max_irr = pi_find_highest_vector(vmx->nested.pi_desc); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 7efb52328e5d..8ccdba6360aa 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4105,26 +4105,6 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu) } } -bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) -{ - struct vcpu_vmx *vmx = to_vmx(vcpu); - void *vapic_page; - u32 vppr; - int rvi; - - if (WARN_ON_ONCE(!is_guest_mode(vcpu)) || - !nested_cpu_has_vid(get_vmcs12(vcpu)) || - WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn)) - return false; - - rvi = vmx_get_rvi(); - - vapic_page = vmx->nested.virtual_apic_map.hva; - vppr = *((u32 *)(vapic_page + APIC_PROCPRI)); - - return ((rvi & 0xf0) > (vppr & 0xf0)); -} - void vmx_msr_filter_changed(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index 502704596c83..d404227c164d 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -49,7 +49,6 @@ void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu); bool vmx_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason); void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr); void vmx_hwapic_isr_update(int max_isr); -bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu); int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu); void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode, int trig_mode, int vector); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8cce76b93d83..cacca83b06aa 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13108,12 +13108,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm, kvm_arch_free_memslot(kvm, old); } -static inline bool kvm_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) -{ - return (is_guest_mode(vcpu) && - static_call(kvm_x86_guest_apic_has_interrupt)(vcpu)); -} - static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) { if (!list_empty_careful(&vcpu->async_pf.done)) @@ -13147,9 +13141,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) if (kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) return true; - if (kvm_arch_interrupt_allowed(vcpu) && - (kvm_cpu_has_interrupt(vcpu) || - kvm_guest_apic_has_interrupt(vcpu))) + if (kvm_arch_interrupt_allowed(vcpu) && kvm_cpu_has_interrupt(vcpu)) return true; if (kvm_hv_has_stimer_pending(vcpu))

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Fold requested virtual interrupt check into" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 321ef62b0c5f6f57bb8500a2ca5986052675abbf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072924-negate-external-8f62@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 321ef62b0c5f ("KVM: nVMX: Fold requested virtual interrupt check into has_nested_events()") 27c4fa42b11a ("KVM: nVMX: Check for pending posted interrupts when looking for nested events") e366f92ea99e ("KVM: SEV: Support SEV-SNP AP Creation NAE event") c63cf135cc99 ("KVM: SEV: Add support to handle RMP nested page faults") 9b54e248d264 ("KVM: SEV: Add support to handle Page State Change VMGEXIT") d46b7b6a5f9e ("KVM: SEV: Add support to handle MSR based Page State Change VMGEXIT") 0c76b1d08280 ("KVM: SEV: Add support to handle GHCB GPA register VMGEXIT") 1dfe571c12cf ("KVM: SEV: Add initial SEV-SNP support") bbe10a5cc0c7 ("Merge branch 'kvm-sev-es-ghcbv2' into HEAD") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 321ef62b0c5f6f57bb8500a2ca5986052675abbf Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:08 -0700 Subject: [PATCH] KVM: nVMX: Fold requested virtual interrupt check into has_nested_events() Check for a Requested Virtual Interrupt, i.e. a virtual interrupt that is pending delivery, in vmx_has_nested_events() and drop the one-off kvm_x86_ops.guest_apic_has_interrupt() hook. In addition to dropping a superfluous hook, this fixes a bug where KVM would incorrectly treat virtual interrupts _for L2_ as always enabled due to kvm_arch_interrupt_allowed(), by way of vmx_interrupt_blocked(), treating IRQs as enabled if L2 is active and vmcs12 is configured to exit on IRQs, i.e. KVM would treat a virtual interrupt for L2 as a valid wake event based on L1's IRQ blocking status. Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240607172609.3205077-6-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 566d19b02483..f91d413d7de1 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -85,7 +85,6 @@ KVM_X86_OP_OPTIONAL(update_cr8_intercept) KVM_X86_OP(refresh_apicv_exec_ctrl) KVM_X86_OP_OPTIONAL(hwapic_irr_update) KVM_X86_OP_OPTIONAL(hwapic_isr_update) -KVM_X86_OP_OPTIONAL_RET0(guest_apic_has_interrupt) KVM_X86_OP_OPTIONAL(load_eoi_exitmap) KVM_X86_OP_OPTIONAL(set_virtual_apic_mode) KVM_X86_OP_OPTIONAL(set_apic_access_page_addr) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b3b796f06801..2715c1d6a4db 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1715,7 +1715,6 @@ struct kvm_x86_ops { void (*refresh_apicv_exec_ctrl)(struct kvm_vcpu *vcpu); void (*hwapic_irr_update)(struct kvm_vcpu *vcpu, int max_irr); void (*hwapic_isr_update)(int isr); - bool (*guest_apic_has_interrupt)(struct kvm_vcpu *vcpu); void (*load_eoi_exitmap)(struct kvm_vcpu *vcpu, u64 *eoi_exit_bitmap); void (*set_virtual_apic_mode)(struct kvm_vcpu *vcpu); void (*set_apic_access_page_addr)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index d4ed681785fd..547fca3709fe 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -97,7 +97,6 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS, .hwapic_irr_update = vmx_hwapic_irr_update, .hwapic_isr_update = vmx_hwapic_isr_update, - .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, .sync_pir_to_irr = vmx_sync_pir_to_irr, .deliver_interrupt = vmx_deliver_interrupt, .dy_apicv_has_pending_interrupt = pi_has_pending_interrupt, diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 732340ff3300..7c57d6524f75 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -4060,6 +4060,10 @@ static bool vmx_has_nested_events(struct kvm_vcpu *vcpu, bool for_injection) vppr = *((u32 *)(vapic + APIC_PROCPRI)); + max_irr = vmx_get_rvi(); + if ((max_irr & 0xf0) > (vppr & 0xf0)) + return true; + if (vmx->nested.pi_pending && vmx->nested.pi_desc && pi_test_on(vmx->nested.pi_desc)) { max_irr = pi_find_highest_vector(vmx->nested.pi_desc); diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 7efb52328e5d..8ccdba6360aa 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -4105,26 +4105,6 @@ void pt_update_intercept_for_msr(struct kvm_vcpu *vcpu) } } -bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) -{ - struct vcpu_vmx *vmx = to_vmx(vcpu); - void *vapic_page; - u32 vppr; - int rvi; - - if (WARN_ON_ONCE(!is_guest_mode(vcpu)) || - !nested_cpu_has_vid(get_vmcs12(vcpu)) || - WARN_ON_ONCE(!vmx->nested.virtual_apic_map.gfn)) - return false; - - rvi = vmx_get_rvi(); - - vapic_page = vmx->nested.virtual_apic_map.hva; - vppr = *((u32 *)(vapic_page + APIC_PROCPRI)); - - return ((rvi & 0xf0) > (vppr & 0xf0)); -} - void vmx_msr_filter_changed(struct kvm_vcpu *vcpu) { struct vcpu_vmx *vmx = to_vmx(vcpu); diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index 502704596c83..d404227c164d 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -49,7 +49,6 @@ void vmx_apicv_pre_state_restore(struct kvm_vcpu *vcpu); bool vmx_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason); void vmx_hwapic_irr_update(struct kvm_vcpu *vcpu, int max_irr); void vmx_hwapic_isr_update(int max_isr); -bool vmx_guest_apic_has_interrupt(struct kvm_vcpu *vcpu); int vmx_sync_pir_to_irr(struct kvm_vcpu *vcpu); void vmx_deliver_interrupt(struct kvm_lapic *apic, int delivery_mode, int trig_mode, int vector); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8cce76b93d83..cacca83b06aa 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -13108,12 +13108,6 @@ void kvm_arch_commit_memory_region(struct kvm *kvm, kvm_arch_free_memslot(kvm, old); } -static inline bool kvm_guest_apic_has_interrupt(struct kvm_vcpu *vcpu) -{ - return (is_guest_mode(vcpu) && - static_call(kvm_x86_guest_apic_has_interrupt)(vcpu)); -} - static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) { if (!list_empty_careful(&vcpu->async_pf.done)) @@ -13147,9 +13141,7 @@ static inline bool kvm_vcpu_has_events(struct kvm_vcpu *vcpu) if (kvm_test_request(KVM_REQ_UPDATE_PROTECTED_GUEST_STATE, vcpu)) return true; - if (kvm_arch_interrupt_allowed(vcpu) && - (kvm_cpu_has_interrupt(vcpu) || - kvm_guest_apic_has_interrupt(vcpu))) + if (kvm_arch_interrupt_allowed(vcpu) && kvm_cpu_has_interrupt(vcpu)) return true; if (kvm_hv_has_stimer_pending(vcpu))

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Add a helper to get highest pending from Posted" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d83c36d822be44db4bad0c43bea99c8908f54117 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072948-cosponsor-jacket-16bb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d83c36d822be ("KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector") 699f67512f04 ("KVM: VMX: Move posted interrupt descriptor out of VMX code") 50a82b0eb88c ("KVM: VMX: Split off vmx_onhyperv.{ch} from hyperv.{ch}") 662f6815786e ("KVM: VMX: Rename XSAVES control to follow KVM's preferred "ENABLE_XYZ"") 1143c0b85c07 ("KVM: VMX: Recompute "XSAVES enabled" only after CPUID update") fbc722aac1ce ("KVM: VMX: Rename "KVM is using eVMCS" static key to match its wrapper") 19f10315fd53 ("KVM: VMX: Stub out enable_evmcs static key for CONFIG_HYPERV=n") 68ac4221497b ("KVM: nVMX: Move EVMCS1_SUPPORT_* macros to hyperv.c") 93827a0a3639 ("KVM: VMX: Fix crash due to uninitialized current_vmcs") 11633f69506d ("KVM: VMX: Always inline eVMCS read/write helpers") d83420c2d74e ("KVM: x86: Move CPU compat checks hook to kvm_x86_ops (from kvm_x86_init_ops)") 325fc9579c2e ("KVM: SVM: Check for SVM support in CPU compatibility checks") 8504ef2139e2 ("KVM: VMX: Shuffle support checks and hardware enabling code around") d41931324975 ("KVM: x86: Do VMX/SVM support checks directly in vendor code") 462689b37f08 ("KVM: VMX: Use current CPU's info to perform "disabled by BIOS?" checks") 8d20bd638167 ("KVM: x86: Unify pr_fmt to use module name for all KVM modules") 3045c483eeee ("KVM: x86: Do CPU compatibility checks in x86 code") a578a0a9e352 ("KVM: Drop kvm_arch_{init,exit}() hooks") 20deee32f553 ("KVM: RISC-V: Do arch init directly in riscv_kvm_init()") 3fb8e89aa2a0 ("KVM: MIPS: Setup VZ emulation? directly from kvm_mips_init()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d83c36d822be44db4bad0c43bea99c8908f54117 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:04 -0700 Subject: [PATCH] KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector Add a helper to retrieve the highest pending vector given a Posted Interrupt descriptor. While the actual operation is straightforward, it's surprisingly easy to mess up, e.g. if one tries to reuse lapic.c's find_highest_vector(), which doesn't work with PID.PIR due to the APIC's IRR and ISR component registers being physically discontiguous (they're 4-byte registers aligned at 16-byte intervals). To make PIR handling more consistent with respect to IRR and ISR handling, return -1 to indicate "no interrupt pending". Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240607172609.3205077-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 643935a0f70a..8f4db6e8f57c 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -12,6 +12,7 @@ #include "mmu.h" #include "nested.h" #include "pmu.h" +#include "posted_intr.h" #include "sgx.h" #include "trace.h" #include "vmx.h" @@ -3899,8 +3900,8 @@ static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) if (!pi_test_and_clear_on(vmx->nested.pi_desc)) return 0; - max_irr = find_last_bit((unsigned long *)vmx->nested.pi_desc->pir, 256); - if (max_irr != 256) { + max_irr = pi_find_highest_vector(vmx->nested.pi_desc); + if (max_irr > 0) { vapic_page = vmx->nested.virtual_apic_map.hva; if (!vapic_page) goto mmio_needed; diff --git a/arch/x86/kvm/vmx/posted_intr.h b/arch/x86/kvm/vmx/posted_intr.h index 6b2a0226257e..1715d2ab07be 100644 --- a/arch/x86/kvm/vmx/posted_intr.h +++ b/arch/x86/kvm/vmx/posted_intr.h @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 */ #ifndef __KVM_X86_VMX_POSTED_INTR_H #define __KVM_X86_VMX_POSTED_INTR_H + +#include <linux/find.h> #include <asm/posted_intr.h> void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu); @@ -12,4 +14,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, uint32_t guest_irq, bool set); void vmx_pi_start_assignment(struct kvm *kvm); +static inline int pi_find_highest_vector(struct pi_desc *pi_desc) +{ + int vec; + + vec = find_last_bit((unsigned long *)pi_desc->pir, 256); + return vec < 256 ? vec : -1; +} + #endif /* __KVM_X86_VMX_POSTED_INTR_H */

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: nVMX: Add a helper to get highest pending from Posted" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d83c36d822be44db4bad0c43bea99c8908f54117 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072947-acutely-kindness-fc65@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d83c36d822be ("KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector") 699f67512f04 ("KVM: VMX: Move posted interrupt descriptor out of VMX code") 50a82b0eb88c ("KVM: VMX: Split off vmx_onhyperv.{ch} from hyperv.{ch}") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d83c36d822be44db4bad0c43bea99c8908f54117 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 7 Jun 2024 10:26:04 -0700 Subject: [PATCH] KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector Add a helper to retrieve the highest pending vector given a Posted Interrupt descriptor. While the actual operation is straightforward, it's surprisingly easy to mess up, e.g. if one tries to reuse lapic.c's find_highest_vector(), which doesn't work with PID.PIR due to the APIC's IRR and ISR component registers being physically discontiguous (they're 4-byte registers aligned at 16-byte intervals). To make PIR handling more consistent with respect to IRR and ISR handling, return -1 to indicate "no interrupt pending". Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240607172609.3205077-2-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c index 643935a0f70a..8f4db6e8f57c 100644 --- a/arch/x86/kvm/vmx/nested.c +++ b/arch/x86/kvm/vmx/nested.c @@ -12,6 +12,7 @@ #include "mmu.h" #include "nested.h" #include "pmu.h" +#include "posted_intr.h" #include "sgx.h" #include "trace.h" #include "vmx.h" @@ -3899,8 +3900,8 @@ static int vmx_complete_nested_posted_interrupt(struct kvm_vcpu *vcpu) if (!pi_test_and_clear_on(vmx->nested.pi_desc)) return 0; - max_irr = find_last_bit((unsigned long *)vmx->nested.pi_desc->pir, 256); - if (max_irr != 256) { + max_irr = pi_find_highest_vector(vmx->nested.pi_desc); + if (max_irr > 0) { vapic_page = vmx->nested.virtual_apic_map.hva; if (!vapic_page) goto mmio_needed; diff --git a/arch/x86/kvm/vmx/posted_intr.h b/arch/x86/kvm/vmx/posted_intr.h index 6b2a0226257e..1715d2ab07be 100644 --- a/arch/x86/kvm/vmx/posted_intr.h +++ b/arch/x86/kvm/vmx/posted_intr.h @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 */ #ifndef __KVM_X86_VMX_POSTED_INTR_H #define __KVM_X86_VMX_POSTED_INTR_H + +#include <linux/find.h> #include <asm/posted_intr.h> void vmx_vcpu_pi_load(struct kvm_vcpu *vcpu, int cpu); @@ -12,4 +14,12 @@ int vmx_pi_update_irte(struct kvm *kvm, unsigned int host_irq, uint32_t guest_irq, bool set); void vmx_pi_start_assignment(struct kvm *kvm); +static inline int pi_find_highest_vector(struct pi_desc *pi_desc) +{ + int vec; + + vec = find_last_bit((unsigned long *)pi_desc->pir, 256); + return vec < 256 ? vec : -1; +} + #endif /* __KVM_X86_VMX_POSTED_INTR_H */

9 months, 1 week

1
0
0 0

[PATCH] clk: qcom: camcc-sc8280xp: Remove always-on GDSC hard-coding

by Bryan O'Donoghue

We have both shared_ops for the Titan Top GDSC and a hard-coded always on whack the register and forget about it in probe(). @static struct clk_branch camcc_gdsc_clk = {} Only one representation of the Top GDSC is required. Use the CCF representation not the hard-coded register write. Fixes: ff93872a9c61 ("clk: qcom: camcc-sc8280xp: Add sc8280xp CAMCC") Tested-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> # Lenovo X13s Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- drivers/clk/qcom/camcc-sc8280xp.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/clk/qcom/camcc-sc8280xp.c b/drivers/clk/qcom/camcc-sc8280xp.c index 479964f91608..f99cd968459c 100644 --- a/drivers/clk/qcom/camcc-sc8280xp.c +++ b/drivers/clk/qcom/camcc-sc8280xp.c @@ -3031,19 +3031,14 @@ static int camcc_sc8280xp_probe(struct platform_device *pdev) clk_lucid_pll_configure(&camcc_pll6, regmap, &camcc_pll6_config); clk_lucid_pll_configure(&camcc_pll7, regmap, &camcc_pll7_config); - /* Keep some clocks always-on */ - qcom_branch_set_clk_en(regmap, 0xc1e4); /* CAMCC_GDSC_CLK */ - ret = qcom_cc_really_probe(&pdev->dev, &camcc_sc8280xp_desc, regmap); if (ret) - goto err_disable; + goto err_put_rpm; pm_runtime_put(&pdev->dev); return 0; -err_disable: - regmap_update_bits(regmap, 0xc1e4, BIT(0), 0); err_put_rpm: pm_runtime_put_sync(&pdev->dev); --- base-commit: 3fe121b622825ff8cc995a1e6b026181c48188db change-id: 20240715-linux-next-24-07-13-sc8280xp-camcc-fixes-274f11b396ac Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

9 months, 1 week

4
14
0 0

FAILED: patch "[PATCH] jbd2: avoid infinite transaction commit loop" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 27ba5b67312a944576addc4df44ac3b709aabede # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072940-corridor-private-1f67@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 27ba5b67312a ("jbd2: avoid infinite transaction commit loop") b33d9f5909c8 ("jbd2: add sparse annotations for add_transaction_credits()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 27ba5b67312a944576addc4df44ac3b709aabede Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Mon, 24 Jun 2024 19:01:19 +0200 Subject: [PATCH] jbd2: avoid infinite transaction commit loop Commit 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") started to account descriptor blocks into transactions outstanding credits. However it didn't appropriately decrease the maximum amount of credits available to userspace. Thus if the filesystem requests a transaction smaller than j_max_transaction_buffers but large enough that when descriptor blocks are added the size exceeds j_max_transaction_buffers, we confuse add_transaction_credits() into thinking previous handles have grown the transaction too much and enter infinite journal commit loop in start_this_handle() -> add_transaction_credits() trying to create transaction with enough credits available. Fix the problem by properly accounting for transaction space reserved for descriptor blocks when verifying requested transaction handle size. CC: stable(a)vger.kernel.org Fixes: 9f356e5a4f12 ("jbd2: Account descriptor blocks into t_outstanding_credits") Reported-by: Alexander Coffin <alex.coffin(a)maticrobots.com> Link: https://lore.kernel.org/all/CA+hUFcuGs04JHZ_WzA1zGN57+ehL2qmHOt5a7RMpo+rv6V… Signed-off-by: Jan Kara <jack(a)suse.cz> Reviewed-by: Zhang Yi <yi.zhang(a)huawei.com> Link: https://patch.msgid.link/20240624170127.3253-3-jack@suse.cz Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index a095f1a3114b..66513c18ca29 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -191,6 +191,13 @@ static void sub_reserved_credits(journal_t *journal, int blocks) wake_up(&journal->j_wait_reserved); } +/* Maximum number of blocks for user transaction payload */ +static int jbd2_max_user_trans_buffers(journal_t *journal) +{ + return journal->j_max_transaction_buffers - + journal->j_transaction_overhead_buffers; +} + /* * Wait until we can add credits for handle to the running transaction. Called * with j_state_lock held for reading. Returns 0 if handle joined the running @@ -240,12 +247,12 @@ __must_hold(&journal->j_state_lock) * big to fit this handle? Wait until reserved credits are freed. */ if (atomic_read(&journal->j_reserved_credits) + total > - journal->j_max_transaction_buffers) { + jbd2_max_user_trans_buffers(journal)) { read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + total <= - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -285,14 +292,14 @@ __must_hold(&journal->j_state_lock) needed = atomic_add_return(rsv_blocks, &journal->j_reserved_credits); /* We allow at most half of a transaction to be reserved */ - if (needed > journal->j_max_transaction_buffers / 2) { + if (needed > jbd2_max_user_trans_buffers(journal) / 2) { sub_reserved_credits(journal, rsv_blocks); atomic_sub(total, &t->t_outstanding_credits); read_unlock(&journal->j_state_lock); jbd2_might_wait_for_commit(journal); wait_event(journal->j_wait_reserved, atomic_read(&journal->j_reserved_credits) + rsv_blocks - <= journal->j_max_transaction_buffers / 2); + <= jbd2_max_user_trans_buffers(journal) / 2); __acquire(&journal->j_state_lock); /* fake out sparse */ return 1; } @@ -322,12 +329,12 @@ static int start_this_handle(journal_t *journal, handle_t *handle, * size and limit the number of total credits to not exceed maximum * transaction size per operation. */ - if ((rsv_blocks > journal->j_max_transaction_buffers / 2) || - (rsv_blocks + blocks > journal->j_max_transaction_buffers)) { + if (rsv_blocks > jbd2_max_user_trans_buffers(journal) / 2 || + rsv_blocks + blocks > jbd2_max_user_trans_buffers(journal)) { printk(KERN_ERR "JBD2: %s wants too many credits " "credits:%d rsv_credits:%d max:%d\n", current->comm, blocks, rsv_blocks, - journal->j_max_transaction_buffers); + jbd2_max_user_trans_buffers(journal)); WARN_ON(1); return -ENOSPC; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] leds: triggers: Flush pending brightness before activating" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ab477b766edd3bfb6321a6e3df4c790612613fae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-pulsate-subduing-2b97@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger") b1bbd20f35e1 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") 822c91e72eac ("leds: trigger: Store brightness set by led_trigger_event()") c82a1662d454 ("leds: trigger: Remove unused function led_trigger_rename_static()") 2a5a8fa8b231 ("leds: trigger: use RCU to protect the led_cdevs list") 27af8e2c90fb ("leds: trigger: fix potential deadlock with libata") 93690cdf3060 ("leds: trigger: add support for LED-private device triggers") ec28a8cfdce6 ("leds: core: Remove extern from header") 11f700022137 ("leds: remove PAGE_SIZE limit of /sys/class/leds/<led>/trigger") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab477b766edd3bfb6321a6e3df4c790612613fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 13 Jun 2024 17:24:51 +0200 Subject: [PATCH] leds: triggers: Flush pending brightness before activating trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/r/20240613-led-trigger-flush-v2-1-f4f970799d77@weis… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] leds: triggers: Flush pending brightness before activating" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ab477b766edd3bfb6321a6e3df4c790612613fae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072915-ducktail-recapture-094b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger") b1bbd20f35e1 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") 822c91e72eac ("leds: trigger: Store brightness set by led_trigger_event()") c82a1662d454 ("leds: trigger: Remove unused function led_trigger_rename_static()") 2a5a8fa8b231 ("leds: trigger: use RCU to protect the led_cdevs list") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab477b766edd3bfb6321a6e3df4c790612613fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 13 Jun 2024 17:24:51 +0200 Subject: [PATCH] leds: triggers: Flush pending brightness before activating trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/r/20240613-led-trigger-flush-v2-1-f4f970799d77@weis… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] leds: triggers: Flush pending brightness before activating" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ab477b766edd3bfb6321a6e3df4c790612613fae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-emphasize-gluten-2f10@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger") b1bbd20f35e1 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") 822c91e72eac ("leds: trigger: Store brightness set by led_trigger_event()") c82a1662d454 ("leds: trigger: Remove unused function led_trigger_rename_static()") 2a5a8fa8b231 ("leds: trigger: use RCU to protect the led_cdevs list") 27af8e2c90fb ("leds: trigger: fix potential deadlock with libata") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab477b766edd3bfb6321a6e3df4c790612613fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 13 Jun 2024 17:24:51 +0200 Subject: [PATCH] leds: triggers: Flush pending brightness before activating trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/r/20240613-led-trigger-flush-v2-1-f4f970799d77@weis… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] leds: triggers: Flush pending brightness before activating" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ab477b766edd3bfb6321a6e3df4c790612613fae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072915-library-pronounce-3052@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger") b1bbd20f35e1 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") 822c91e72eac ("leds: trigger: Store brightness set by led_trigger_event()") c82a1662d454 ("leds: trigger: Remove unused function led_trigger_rename_static()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab477b766edd3bfb6321a6e3df4c790612613fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 13 Jun 2024 17:24:51 +0200 Subject: [PATCH] leds: triggers: Flush pending brightness before activating trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/r/20240613-led-trigger-flush-v2-1-f4f970799d77@weis… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] leds: triggers: Flush pending brightness before activating" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ab477b766edd3bfb6321a6e3df4c790612613fae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072914-fiddle-little-c002@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ab477b766edd ("leds: triggers: Flush pending brightness before activating trigger") b1bbd20f35e1 ("leds: trigger: Call synchronize_rcu() before calling trig->activate()") 822c91e72eac ("leds: trigger: Store brightness set by led_trigger_event()") c82a1662d454 ("leds: trigger: Remove unused function led_trigger_rename_static()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ab477b766edd3bfb6321a6e3df4c790612613fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 13 Jun 2024 17:24:51 +0200 Subject: [PATCH] leds: triggers: Flush pending brightness before activating trigger MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The race fixed in timer_trig_activate() between a blocking set_brightness() call and trigger->activate() can affect any trigger. So move the call to flush_work() into led_trigger_set() where it can avoid the race for all triggers. Fixes: 0db37915d912 ("leds: avoid races with workqueue") Fixes: 8c0f693c6eff ("leds: avoid flush_work in atomic context") Cc: stable(a)vger.kernel.org Tested-by: Dustin L. Howett <dustin(a)howett.net> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Link: https://lore.kernel.org/r/20240613-led-trigger-flush-v2-1-f4f970799d77@weis… Signed-off-by: Lee Jones <lee(a)kernel.org> diff --git a/drivers/leds/led-triggers.c b/drivers/leds/led-triggers.c index 59deadb86335..78eb20093b2c 100644 --- a/drivers/leds/led-triggers.c +++ b/drivers/leds/led-triggers.c @@ -201,6 +201,12 @@ int led_trigger_set(struct led_classdev *led_cdev, struct led_trigger *trig) */ synchronize_rcu(); + /* + * If "set brightness to 0" is pending in workqueue, + * we don't want that to be reordered after ->activate() + */ + flush_work(&led_cdev->set_brightness_work); + ret = 0; if (trig->activate) ret = trig->activate(led_cdev); diff --git a/drivers/leds/trigger/ledtrig-timer.c b/drivers/leds/trigger/ledtrig-timer.c index b4688d1d9d2b..1d213c999d40 100644 --- a/drivers/leds/trigger/ledtrig-timer.c +++ b/drivers/leds/trigger/ledtrig-timer.c @@ -110,11 +110,6 @@ static int timer_trig_activate(struct led_classdev *led_cdev) led_cdev->flags &= ~LED_INIT_DEFAULT_TRIGGER; } - /* - * If "set brightness to 0" is pending in workqueue, we don't - * want that to be reordered after blink_set() - */ - flush_work(&led_cdev->set_brightness_work); led_blink_set(led_cdev, &led_cdev->blink_delay_on, &led_cdev->blink_delay_off);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drivers: soc: xilinx: check return status of" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 9b003e14801cf85a8cebeddc87bc9fc77100fdce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072942-curse-primate-40bf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 9b003e14801c ("drivers: soc: xilinx: check return status of get_api_version()") 7fd890b89dea ("soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9b003e14801cf85a8cebeddc87bc9fc77100fdce Mon Sep 17 00:00:00 2001 From: Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> Date: Wed, 15 May 2024 04:23:45 -0700 Subject: [PATCH] drivers: soc: xilinx: check return status of get_api_version() Currently return status is not getting checked for get_api_version and because of that for x86 arch we are getting below smatch error. CC drivers/soc/xilinx/zynqmp_power.o drivers/soc/xilinx/zynqmp_power.c: In function 'zynqmp_pm_probe': drivers/soc/xilinx/zynqmp_power.c:295:12: warning: 'pm_api_version' is used uninitialized [-Wuninitialized] 295 | if (pm_api_version < ZYNQMP_PM_VERSION) | ^ CHECK drivers/soc/xilinx/zynqmp_power.c drivers/soc/xilinx/zynqmp_power.c:295 zynqmp_pm_probe() error: uninitialized symbol 'pm_api_version'. So, check return status of pm_get_api_version and return error in case of failure to avoid checking uninitialized pm_api_version variable. Fixes: b9b3a8be28b3 ("firmware: xilinx: Remove eemi ops for get_api_version") Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240515112345.24673-1-jay.buddhabhatti@amd.com Signed-off-by: Michal Simek <michal.simek(a)amd.com> diff --git a/drivers/soc/xilinx/zynqmp_power.c b/drivers/soc/xilinx/zynqmp_power.c index fced6bedca43..411d33f2fb05 100644 --- a/drivers/soc/xilinx/zynqmp_power.c +++ b/drivers/soc/xilinx/zynqmp_power.c @@ -288,7 +288,9 @@ static int zynqmp_pm_probe(struct platform_device *pdev) u32 pm_api_version, pm_family_code, pm_sub_family_code, node_id; struct mbox_client *client; - zynqmp_pm_get_api_version(&pm_api_version); + ret = zynqmp_pm_get_api_version(&pm_api_version); + if (ret) + return ret; /* Check PM API version number */ if (pm_api_version < ZYNQMP_PM_VERSION)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drivers: soc: xilinx: check return status of" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9b003e14801cf85a8cebeddc87bc9fc77100fdce # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072936-ogle-royal-3339@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 9b003e14801c ("drivers: soc: xilinx: check return status of get_api_version()") 7fd890b89dea ("soc: xilinx: move PM_INIT_FINALIZE to zynqmp_pm_domains driver") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9b003e14801cf85a8cebeddc87bc9fc77100fdce Mon Sep 17 00:00:00 2001 From: Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> Date: Wed, 15 May 2024 04:23:45 -0700 Subject: [PATCH] drivers: soc: xilinx: check return status of get_api_version() Currently return status is not getting checked for get_api_version and because of that for x86 arch we are getting below smatch error. CC drivers/soc/xilinx/zynqmp_power.o drivers/soc/xilinx/zynqmp_power.c: In function 'zynqmp_pm_probe': drivers/soc/xilinx/zynqmp_power.c:295:12: warning: 'pm_api_version' is used uninitialized [-Wuninitialized] 295 | if (pm_api_version < ZYNQMP_PM_VERSION) | ^ CHECK drivers/soc/xilinx/zynqmp_power.c drivers/soc/xilinx/zynqmp_power.c:295 zynqmp_pm_probe() error: uninitialized symbol 'pm_api_version'. So, check return status of pm_get_api_version and return error in case of failure to avoid checking uninitialized pm_api_version variable. Fixes: b9b3a8be28b3 ("firmware: xilinx: Remove eemi ops for get_api_version") Signed-off-by: Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240515112345.24673-1-jay.buddhabhatti@amd.com Signed-off-by: Michal Simek <michal.simek(a)amd.com> diff --git a/drivers/soc/xilinx/zynqmp_power.c b/drivers/soc/xilinx/zynqmp_power.c index fced6bedca43..411d33f2fb05 100644 --- a/drivers/soc/xilinx/zynqmp_power.c +++ b/drivers/soc/xilinx/zynqmp_power.c @@ -288,7 +288,9 @@ static int zynqmp_pm_probe(struct platform_device *pdev) u32 pm_api_version, pm_family_code, pm_sub_family_code, node_id; struct mbox_client *client; - zynqmp_pm_get_api_version(&pm_api_version); + ret = zynqmp_pm_get_api_version(&pm_api_version); + if (ret) + return ret; /* Check PM API version number */ if (pm_api_version < ZYNQMP_PM_VERSION)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d01c84b97f19f1137211e90b0a910289a560019e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072918-agile-embody-42e0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d01c84b97f19 ("cpufreq: qcom-nvmem: fix memory leaks in probe error paths") 2a5d46c3ad6b ("cpufreq: qcom-nvmem: Simplify driver data allocation") 402732324b17 ("cpufreq: qcom-nvmem: Convert to platform remove callback returning void") d78be404f97f ("cpufreq: qcom-nvmem: Switch to use dev_err_probe() helper") 49cd000dc51b ("cpufreq: qcom-nvmem: Migrate to dev_pm_opp_set_config()") 2ff8fe13ac6d ("cpufreq: qcom-cpufreq-nvmem: dev_pm_opp_put_*() accepts NULL argument") a8811ec764f9 ("cpufreq: qcom: Add support for krait based socs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d01c84b97f19f1137211e90b0a910289a560019e Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 23 May 2024 23:24:59 +0200 Subject: [PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths The code refactoring added new error paths between the np device node allocation and the call to of_node_put(), which leads to memory leaks if any of those errors occur. Add the missing of_node_put() in the error paths that require it. Cc: stable(a)vger.kernel.org Fixes: 57f2f8b4aa0c ("cpufreq: qcom: Refactor the driver to make it easier to extend") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c index ea05d9d67490..5004e1dbc752 100644 --- a/drivers/cpufreq/qcom-cpufreq-nvmem.c +++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c @@ -480,23 +480,30 @@ static int qcom_cpufreq_probe(struct platform_device *pdev) drv = devm_kzalloc(&pdev->dev, struct_size(drv, cpus, num_possible_cpus()), GFP_KERNEL); - if (!drv) + if (!drv) { + of_node_put(np); return -ENOMEM; + } match = pdev->dev.platform_data; drv->data = match->data; - if (!drv->data) + if (!drv->data) { + of_node_put(np); return -ENODEV; + } if (drv->data->get_version) { speedbin_nvmem = of_nvmem_cell_get(np, NULL); - if (IS_ERR(speedbin_nvmem)) + if (IS_ERR(speedbin_nvmem)) { + of_node_put(np); return dev_err_probe(cpu_dev, PTR_ERR(speedbin_nvmem), "Could not get nvmem cell\n"); + } ret = drv->data->get_version(cpu_dev, speedbin_nvmem, &pvs_name, drv); if (ret) { + of_node_put(np); nvmem_cell_put(speedbin_nvmem); return ret; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d01c84b97f19f1137211e90b0a910289a560019e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-daily-trio-3d03@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d01c84b97f19 ("cpufreq: qcom-nvmem: fix memory leaks in probe error paths") 2a5d46c3ad6b ("cpufreq: qcom-nvmem: Simplify driver data allocation") 402732324b17 ("cpufreq: qcom-nvmem: Convert to platform remove callback returning void") d78be404f97f ("cpufreq: qcom-nvmem: Switch to use dev_err_probe() helper") 49cd000dc51b ("cpufreq: qcom-nvmem: Migrate to dev_pm_opp_set_config()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d01c84b97f19f1137211e90b0a910289a560019e Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 23 May 2024 23:24:59 +0200 Subject: [PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths The code refactoring added new error paths between the np device node allocation and the call to of_node_put(), which leads to memory leaks if any of those errors occur. Add the missing of_node_put() in the error paths that require it. Cc: stable(a)vger.kernel.org Fixes: 57f2f8b4aa0c ("cpufreq: qcom: Refactor the driver to make it easier to extend") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c index ea05d9d67490..5004e1dbc752 100644 --- a/drivers/cpufreq/qcom-cpufreq-nvmem.c +++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c @@ -480,23 +480,30 @@ static int qcom_cpufreq_probe(struct platform_device *pdev) drv = devm_kzalloc(&pdev->dev, struct_size(drv, cpus, num_possible_cpus()), GFP_KERNEL); - if (!drv) + if (!drv) { + of_node_put(np); return -ENOMEM; + } match = pdev->dev.platform_data; drv->data = match->data; - if (!drv->data) + if (!drv->data) { + of_node_put(np); return -ENODEV; + } if (drv->data->get_version) { speedbin_nvmem = of_nvmem_cell_get(np, NULL); - if (IS_ERR(speedbin_nvmem)) + if (IS_ERR(speedbin_nvmem)) { + of_node_put(np); return dev_err_probe(cpu_dev, PTR_ERR(speedbin_nvmem), "Could not get nvmem cell\n"); + } ret = drv->data->get_version(cpu_dev, speedbin_nvmem, &pvs_name, drv); if (ret) { + of_node_put(np); nvmem_cell_put(speedbin_nvmem); return ret; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d01c84b97f19f1137211e90b0a910289a560019e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-chivalry-timid-afc3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d01c84b97f19 ("cpufreq: qcom-nvmem: fix memory leaks in probe error paths") 2a5d46c3ad6b ("cpufreq: qcom-nvmem: Simplify driver data allocation") 402732324b17 ("cpufreq: qcom-nvmem: Convert to platform remove callback returning void") d78be404f97f ("cpufreq: qcom-nvmem: Switch to use dev_err_probe() helper") 49cd000dc51b ("cpufreq: qcom-nvmem: Migrate to dev_pm_opp_set_config()") 2ff8fe13ac6d ("cpufreq: qcom-cpufreq-nvmem: dev_pm_opp_put_*() accepts NULL argument") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d01c84b97f19f1137211e90b0a910289a560019e Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 23 May 2024 23:24:59 +0200 Subject: [PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths The code refactoring added new error paths between the np device node allocation and the call to of_node_put(), which leads to memory leaks if any of those errors occur. Add the missing of_node_put() in the error paths that require it. Cc: stable(a)vger.kernel.org Fixes: 57f2f8b4aa0c ("cpufreq: qcom: Refactor the driver to make it easier to extend") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c index ea05d9d67490..5004e1dbc752 100644 --- a/drivers/cpufreq/qcom-cpufreq-nvmem.c +++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c @@ -480,23 +480,30 @@ static int qcom_cpufreq_probe(struct platform_device *pdev) drv = devm_kzalloc(&pdev->dev, struct_size(drv, cpus, num_possible_cpus()), GFP_KERNEL); - if (!drv) + if (!drv) { + of_node_put(np); return -ENOMEM; + } match = pdev->dev.platform_data; drv->data = match->data; - if (!drv->data) + if (!drv->data) { + of_node_put(np); return -ENODEV; + } if (drv->data->get_version) { speedbin_nvmem = of_nvmem_cell_get(np, NULL); - if (IS_ERR(speedbin_nvmem)) + if (IS_ERR(speedbin_nvmem)) { + of_node_put(np); return dev_err_probe(cpu_dev, PTR_ERR(speedbin_nvmem), "Could not get nvmem cell\n"); + } ret = drv->data->get_version(cpu_dev, speedbin_nvmem, &pvs_name, drv); if (ret) { + of_node_put(np); nvmem_cell_put(speedbin_nvmem); return ret; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d01c84b97f19f1137211e90b0a910289a560019e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-lusty-flashy-062b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d01c84b97f19 ("cpufreq: qcom-nvmem: fix memory leaks in probe error paths") 2a5d46c3ad6b ("cpufreq: qcom-nvmem: Simplify driver data allocation") 402732324b17 ("cpufreq: qcom-nvmem: Convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d01c84b97f19f1137211e90b0a910289a560019e Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 23 May 2024 23:24:59 +0200 Subject: [PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths The code refactoring added new error paths between the np device node allocation and the call to of_node_put(), which leads to memory leaks if any of those errors occur. Add the missing of_node_put() in the error paths that require it. Cc: stable(a)vger.kernel.org Fixes: 57f2f8b4aa0c ("cpufreq: qcom: Refactor the driver to make it easier to extend") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c index ea05d9d67490..5004e1dbc752 100644 --- a/drivers/cpufreq/qcom-cpufreq-nvmem.c +++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c @@ -480,23 +480,30 @@ static int qcom_cpufreq_probe(struct platform_device *pdev) drv = devm_kzalloc(&pdev->dev, struct_size(drv, cpus, num_possible_cpus()), GFP_KERNEL); - if (!drv) + if (!drv) { + of_node_put(np); return -ENOMEM; + } match = pdev->dev.platform_data; drv->data = match->data; - if (!drv->data) + if (!drv->data) { + of_node_put(np); return -ENODEV; + } if (drv->data->get_version) { speedbin_nvmem = of_nvmem_cell_get(np, NULL); - if (IS_ERR(speedbin_nvmem)) + if (IS_ERR(speedbin_nvmem)) { + of_node_put(np); return dev_err_probe(cpu_dev, PTR_ERR(speedbin_nvmem), "Could not get nvmem cell\n"); + } ret = drv->data->get_version(cpu_dev, speedbin_nvmem, &pvs_name, drv); if (ret) { + of_node_put(np); nvmem_cell_put(speedbin_nvmem); return ret; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d01c84b97f19f1137211e90b0a910289a560019e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072915-unweave-tiling-74ec@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d01c84b97f19 ("cpufreq: qcom-nvmem: fix memory leaks in probe error paths") 2a5d46c3ad6b ("cpufreq: qcom-nvmem: Simplify driver data allocation") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d01c84b97f19f1137211e90b0a910289a560019e Mon Sep 17 00:00:00 2001 From: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Date: Thu, 23 May 2024 23:24:59 +0200 Subject: [PATCH] cpufreq: qcom-nvmem: fix memory leaks in probe error paths The code refactoring added new error paths between the np device node allocation and the call to of_node_put(), which leads to memory leaks if any of those errors occur. Add the missing of_node_put() in the error paths that require it. Cc: stable(a)vger.kernel.org Fixes: 57f2f8b4aa0c ("cpufreq: qcom: Refactor the driver to make it easier to extend") Signed-off-by: Javier Carrasco <javier.carrasco.cruz(a)gmail.com> Signed-off-by: Viresh Kumar <viresh.kumar(a)linaro.org> diff --git a/drivers/cpufreq/qcom-cpufreq-nvmem.c b/drivers/cpufreq/qcom-cpufreq-nvmem.c index ea05d9d67490..5004e1dbc752 100644 --- a/drivers/cpufreq/qcom-cpufreq-nvmem.c +++ b/drivers/cpufreq/qcom-cpufreq-nvmem.c @@ -480,23 +480,30 @@ static int qcom_cpufreq_probe(struct platform_device *pdev) drv = devm_kzalloc(&pdev->dev, struct_size(drv, cpus, num_possible_cpus()), GFP_KERNEL); - if (!drv) + if (!drv) { + of_node_put(np); return -ENOMEM; + } match = pdev->dev.platform_data; drv->data = match->data; - if (!drv->data) + if (!drv->data) { + of_node_put(np); return -ENODEV; + } if (drv->data->get_version) { speedbin_nvmem = of_nvmem_cell_get(np, NULL); - if (IS_ERR(speedbin_nvmem)) + if (IS_ERR(speedbin_nvmem)) { + of_node_put(np); return dev_err_probe(cpu_dev, PTR_ERR(speedbin_nvmem), "Could not get nvmem cell\n"); + } ret = drv->data->get_version(cpu_dev, speedbin_nvmem, &pvs_name, drv); if (ret) { + of_node_put(np); nvmem_cell_put(speedbin_nvmem); return ret; }

9 months, 1 week

1
0
0 0

[PATCH v5.15] wifi: mac80211: check basic rates validity

by Vincenzo Mezzela

From: Johannes Berg <johannes.berg(a)intel.com> commit ce04abc3fcc62cd5640af981ebfd7c4dc3bded28 upstream. When userspace sets basic rates, it might send us some rates list that's empty or consists of invalid values only. We're currently ignoring invalid values and then may end up with a rates bitmap that's empty, which later results in a warning. Reject the call if there were no valid rates. [ Conflict resolution involved adjusting the patch to accommodate changes in the function signature of ieee80211_parse_bitrates, specifically the updated first parameter ] Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Reported-by: syzbot+19013115c9786bfd0c4e(a)syzkaller.appspotmail.com Tested-by: syzbot+19013115c9786bfd0c4e(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=19013115c9786bfd0c4e Signed-off-by: Vincenzo Mezzela <vincenzo.mezzela(a)gmail.com> --- net/mac80211/cfg.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index f277ce839ddb..85abd3ff07b4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -2339,6 +2339,17 @@ static int ieee80211_change_bss(struct wiphy *wiphy, if (!sband) return -EINVAL; + if (params->basic_rates) { + if (!ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, + wiphy->bands[sband->band], + params->basic_rates, + params->basic_rates_len, + &sdata->vif.bss_conf.basic_rates)) + return -EINVAL; + changed |= BSS_CHANGED_BASIC_RATES; + ieee80211_check_rate_mask(sdata); + } + if (params->use_cts_prot >= 0) { sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot; changed |= BSS_CHANGED_ERP_CTS_PROT; @@ -2362,16 +2373,6 @@ static int ieee80211_change_bss(struct wiphy *wiphy, changed |= BSS_CHANGED_ERP_SLOT; } - if (params->basic_rates) { - ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef, - wiphy->bands[sband->band], - params->basic_rates, - params->basic_rates_len, - &sdata->vif.bss_conf.basic_rates); - changed |= BSS_CHANGED_BASIC_RATES; - ieee80211_check_rate_mask(sdata); - } - if (params->ap_isolate >= 0) { if (params->ap_isolate) sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS; -- 2.43.0

9 months, 1 week

2
1
0 0

stable backport: wifi: mac80211: track capability/opmode NSS separately

by Hauke Mehrtens

Hi, Please backport the following patch back to the stable series 6.6 and 6.1: commit a8bca3e9371dc5e276af4168be099b2a05554c2a Author: Johannes Berg <johannes.berg(a)intel.com> Date: Wed Feb 28 12:01:57 2024 +0100 wifi: mac80211: track capability/opmode NSS separately There is a small conflict in the copyright year update in net/mac80211/sta_info.h, just take the 2024 version. On kernel 6.1 please backport this patch first to make the other one apply: commit 57b341e9ab13e5688491bfd54f8b5502416c8905 Author: Rameshkumar Sundaram <quic_ramess(a)quicinc.com> Date: Tue Feb 7 17:11:46 2023 +0530 wifi: mac80211: Allow NSS change only up to capability This commit fixes a throughput regression introduced into Linux stable with the backport of following commit: commit dd6c064cfc3fc18d871107c6f5db8837e88572e4 Author: Johannes Berg <johannes.berg(a)intel.com> Date: Mon Jan 29 15:53:55 2024 +0100 wifi: mac80211: set station RX-NSS on reconfig On older kernel versions it is harder to backport the fixes, maybe revert the offending commit in Linux stable 5.15 and older. This regression was found by multiple users of OpenWrt in Wifi AP mode. See the discussion in this forum thread: https://forum.openwrt.org/t/openwrt-23-05-4-service-release/204514/111 Thank you KONG from the OpenWrt forum for finding the commit which reduced the Wifi throughput. Hauke

9 months, 1 week

2
1
0 0

[tip: sched/core] sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime

by tip-bot2 for Zheng Zucheng

The following commit has been merged into the sched/core branch of tip: Commit-ID: 77baa5bafcbe1b2a15ef9c37232c21279c95481c Gitweb: https://git.kernel.org/tip/77baa5bafcbe1b2a15ef9c37232c21279c95481c Author: Zheng Zucheng <zhengzucheng(a)huawei.com> AuthorDate: Fri, 26 Jul 2024 02:32:35 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Mon, 29 Jul 2024 12:22:32 +02:00 sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime In extreme test scenarios: the 14th field utime in /proc/xx/stat is greater than sum_exec_runtime, utime = 18446744073709518790 ns, rtime = 135989749728000 ns In cputime_adjust() process, stime is greater than rtime due to mul_u64_u64_div_u64() precision problem. before call mul_u64_u64_div_u64(), stime = 175136586720000, rtime = 135989749728000, utime = 1416780000. after call mul_u64_u64_div_u64(), stime = 135989949653530 unsigned reversion occurs because rtime is less than stime. utime = rtime - stime = 135989749728000 - 135989949653530 = -199925530 = (u64)18446744073709518790 Trigger condition: 1). User task run in kernel mode most of time 2). ARM64 architecture 3). TICK_CPU_ACCOUNTING=y CONFIG_VIRT_CPU_ACCOUNTING_NATIVE is not set Fix mul_u64_u64_div_u64() conversion precision by reset stime to rtime Fixes: 3dc167ba5729 ("sched/cputime: Improve cputime_adjust()") Signed-off-by: Zheng Zucheng <zhengzucheng(a)huawei.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: <stable(a)vger.kernel.org> Link: https://lkml.kernel.org/r/20240726023235.217771-1-zhengzucheng@huawei.com --- kernel/sched/cputime.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c index a5e0029..0bed0fa 100644 --- a/kernel/sched/cputime.c +++ b/kernel/sched/cputime.c @@ -582,6 +582,12 @@ void cputime_adjust(struct task_cputime *curr, struct prev_cputime *prev, } stime = mul_u64_u64_div_u64(stime, rtime, stime + utime); + /* + * Because mul_u64_u64_div_u64() can approximate on some + * achitectures; enforce the constraint that: a*b/(b+c) <= a. + */ + if (unlikely(stime > rtime)) + stime = rtime; update: /*

9 months, 1 week

1
0
0 0

[PATCH V7 1/9] sched/deadline: Comment sched_dl_entity::dl_server variable

by Daniel Bristot de Oliveira

Add an explanation for the newly added variable. Cc: stable(a)vger.kernel.org Fixes: 63ba8422f876 ("sched/deadline: Introduce deadline servers") Signed-off-by: Daniel Bristot de Oliveira <bristot(a)kernel.org> --- include/linux/sched.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/sched.h b/include/linux/sched.h index 61591ac6eab6..abce356932cc 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -637,6 +637,8 @@ struct sched_dl_entity { * * @dl_overrun tells if the task asked to be informed about runtime * overruns. + * + * @dl_server tells if this is a server entity. */ unsigned int dl_throttled : 1; unsigned int dl_yielded : 1; -- 2.45.1

9 months, 1 week

2
1
0 0

[PATCH V7 2/9] sched/core: Add clearing of ->dl_server in put_prev_task_balance()

by Daniel Bristot de Oliveira

From: "Joel Fernandes (Google)" <joel(a)joelfernandes.org> Paths using put_prev_task_balance() need to do a pick shortly after. Make sure they also clear the ->dl_server on prev as a part of that. Cc: stable(a)vger.kernel.org Fixes: 63ba8422f876 ("sched/deadline: Introduce deadline servers") Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Signed-off-by: Daniel Bristot de Oliveira <bristot(a)kernel.org> --- kernel/sched/core.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index bcf2c4cc0522..08c409457152 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -6006,6 +6006,14 @@ static void put_prev_task_balance(struct rq *rq, struct task_struct *prev, #endif put_prev_task(rq, prev); + + /* + * We've updated @prev and no longer need the server link, clear it. + * Must be done before ->pick_next_task() because that can (re)set + * ->dl_server. + */ + if (prev->dl_server) + prev->dl_server = NULL; } /* @@ -6049,14 +6057,6 @@ __pick_next_task(struct rq *rq, struct task_struct *prev, struct rq_flags *rf) restart: put_prev_task_balance(rq, prev, rf); - /* - * We've updated @prev and no longer need the server link, clear it. - * Must be done before ->pick_next_task() because that can (re)set - * ->dl_server. - */ - if (prev->dl_server) - prev->dl_server = NULL; - for_each_class(class) { p = class->pick_next_task(rq); if (p) -- 2.45.1

9 months, 1 week

2
1
0 0

[PATCH V7 3/9] sched/core: Clear prev->dl_server in CFS pick fast path

by Daniel Bristot de Oliveira

From: Youssef Esmat <youssefesmat(a)google.com> In case the previous pick was a DL server pick, ->dl_server might be set. Clear it in the fast path as well. Cc: stable(a)vger.kernel.org Fixes: 63ba8422f876 ("sched/deadline: Introduce deadline servers") Signed-off-by: Youssef Esmat <youssefesmat(a)google.com> Signed-off-by: Joel Fernandes (Google) <joel(a)joelfernandes.org> Signed-off-by: Daniel Bristot de Oliveira <bristot(a)kernel.org> --- kernel/sched/core.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 08c409457152..6d01863f93ca 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -6044,6 +6044,13 @@ __pick_next_task(struct rq *rq, struct task_struct *prev, struct rq_flags *rf) p = pick_next_task_idle(rq); } + /* + * This is a normal CFS pick, but the previous could be a DL pick. + * Clear it as previous is no longer picked. + */ + if (prev->dl_server) + prev->dl_server = NULL; + /* * This is the fast path; it cannot be a DL server pick; * therefore even if @p == @prev, ->dl_server must be NULL. -- 2.45.1

9 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072911-elsewhere-latter-afa3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") 3d392b2676bf ("ext4: add prefetch_block_bitmaps mount option") ab74c7b23f37 ("ext4: indicate via a block bitmap read is prefetched via a tracepoint") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072909-shamrock-frail-43e9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") 8016e29f4362 ("ext4: fast commit recovery path") 5b849b5f96b4 ("jbd2: fast commit recovery path") aa75f4d3daae ("ext4: main fast-commit commit path") ff780b91efe9 ("jbd2: add fast commit machinery") 6866d7b3f2bb ("ext4 / jbd2: add fast commit initialization") 995a3ed67fc8 ("ext4: add fast_commit feature and handling for extended mount options") 2d069c0889ef ("ext4: use common helpers in all places reading metadata buffers") d9befedaafcf ("ext4: clear buffer verified flag if read meta block from disk") 15ed2851b0f4 ("ext4: remove unused argument from ext4_(inc|dec)_count") 3d392b2676bf ("ext4: add prefetch_block_bitmaps mount option") ab74c7b23f37 ("ext4: indicate via a block bitmap read is prefetched via a tracepoint") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072908-ibuprofen-destruct-80dc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072907-animosity-ocelot-8f7c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072906-unshaven-whenever-406d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") 6c120399cde6 ("ext4: make ext4_es_insert_extent() return void") 2a69c450083d ("ext4: using nofail preallocation in ext4_es_insert_extent()") bda3efaf774f ("ext4: use pre-allocated es in __es_remove_extent()") 95f0b320339a ("ext4: use pre-allocated es in __es_insert_extent()") 73a2f033656b ("ext4: factor out __es_alloc_extent() and __es_free_extent()") 9649eb18c628 ("ext4: add a new helper to check if es must be kept") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072904-rule-emblem-471a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") acf795dc161f ("ext4: convert to exclusive lock while inserting delalloc extents") 3fcc2b887a1b ("ext4: refactor ext4_da_map_blocks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ext4: check the extent status again before inserting delalloc" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072903-oblong-old-80b6@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 0ea6560abb3b ("ext4: check the extent status again before inserting delalloc block") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0ea6560abb3bac1ffcfa4bf6b2c4d344fdc27b3c Mon Sep 17 00:00:00 2001 From: Zhang Yi <yi.zhang(a)huawei.com> Date: Fri, 17 May 2024 20:39:57 +0800 Subject: [PATCH] ext4: check the extent status again before inserting delalloc block ext4_da_map_blocks looks up for any extent entry in the extent status tree (w/o i_data_sem) and then the looks up for any ondisk extent mapping (with i_data_sem in read mode). If it finds a hole in the extent status tree or if it couldn't find any entry at all, it then takes the i_data_sem in write mode to add a da entry into the extent status tree. This can actually race with page mkwrite & fallocate path. Note that this is ok between 1. ext4 buffered-write path v/s ext4_page_mkwrite(), because of the folio lock 2. ext4 buffered write path v/s ext4 fallocate because of the inode lock. But this can race between ext4_page_mkwrite() & ext4 fallocate path ext4_page_mkwrite() ext4_fallocate() block_page_mkwrite() ext4_da_map_blocks() //find hole in extent status tree ext4_alloc_file_blocks() ext4_map_blocks() //allocate block and unwritten extent ext4_insert_delayed_block() ext4_da_reserve_space() //reserve one more block ext4_es_insert_delayed_block() //drop unwritten extent and add delayed extent by mistake Then, the delalloc extent is wrong until writeback and the extra reserved block can't be released any more and it triggers below warning: EXT4-fs (pmem2): Inode 13 (00000000bbbd4d23): i_reserved_data_blocks(1) not cleared! Fix the problem by looking up extent status tree again while the i_data_sem is held in write mode. If it still can't find any entry, then we insert a new da entry into the extent status tree. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Link: https://patch.msgid.link/20240517124005.347221-3-yi.zhang@huaweicloud.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 168819b4db01..4b0d64a76e88 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1737,6 +1737,7 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, if (ext4_es_is_hole(&es)) goto add_delayed; +found: /* * Delayed extent could be allocated by fallocate. * So we need to check it. @@ -1781,6 +1782,26 @@ static int ext4_da_map_blocks(struct inode *inode, sector_t iblock, add_delayed: down_write(&EXT4_I(inode)->i_data_sem); + /* + * Page fault path (ext4_page_mkwrite does not take i_rwsem) + * and fallocate path (no folio lock) can race. Make sure we + * lookup the extent status tree here again while i_data_sem + * is held in write mode, before inserting a new da entry in + * the extent status tree. + */ + if (ext4_es_lookup_extent(inode, iblock, NULL, &es)) { + if (!ext4_es_is_hole(&es)) { + up_write(&EXT4_I(inode)->i_data_sem); + goto found; + } + } else if (!ext4_has_inline_data(inode)) { + retval = ext4_map_query_blocks(NULL, inode, map); + if (retval) { + up_write(&EXT4_I(inode)->i_data_sem); + return retval; + } + } + retval = ext4_insert_delayed_block(inode, map->m_lblk); up_write(&EXT4_I(inode)->i_data_sem); if (retval)

9 months, 1 week

1
0
0 0

[tip: perf/core] perf/x86/intel/pt: Fix sampling synchronization

by tip-bot2 for Adrian Hunter

The following commit has been merged into the perf/core branch of tip: Commit-ID: d92792a4b26e50b96ab734cbe203d8a4c932a7a9 Gitweb: https://git.kernel.org/tip/d92792a4b26e50b96ab734cbe203d8a4c932a7a9 Author: Adrian Hunter <adrian.hunter(a)intel.com> AuthorDate: Mon, 15 Jul 2024 19:07:00 +03:00 Committer: Peter Zijlstra <peterz(a)infradead.org> CommitterDate: Mon, 29 Jul 2024 12:16:24 +02:00 perf/x86/intel/pt: Fix sampling synchronization pt_event_snapshot_aux() uses pt->handle_nmi to determine if tracing needs to be stopped, however tracing can still be going because pt->handle_nmi is set to zero before tracing is stopped in pt_event_stop, whereas pt_event_snapshot_aux() requires that tracing must be stopped in order to copy a sample of trace from the buffer. Instead call pt_config_stop() always, which anyway checks config for RTIT_CTL_TRACEEN and does nothing if it is already clear. Note pt_event_snapshot_aux() can continue to use pt->handle_nmi to determine if the trace needs to be restarted afterwards. Fixes: 25e8920b301c ("perf/x86/intel/pt: Add sampling support") Signed-off-by: Adrian Hunter <adrian.hunter(a)intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lkml.kernel.org/r/20240715160712.127117-2-adrian.hunter@intel.com --- arch/x86/events/intel/pt.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/x86/events/intel/pt.c b/arch/x86/events/intel/pt.c index b4aa8da..2959970 100644 --- a/arch/x86/events/intel/pt.c +++ b/arch/x86/events/intel/pt.c @@ -1606,6 +1606,7 @@ static void pt_event_stop(struct perf_event *event, int mode) * see comment in intel_pt_interrupt(). */ WRITE_ONCE(pt->handle_nmi, 0); + barrier(); pt_config_stop(event); @@ -1657,11 +1658,10 @@ static long pt_event_snapshot_aux(struct perf_event *event, return 0; /* - * Here, handle_nmi tells us if the tracing is on + * There is no PT interrupt in this mode, so stop the trace and it will + * remain stopped while the buffer is copied. */ - if (READ_ONCE(pt->handle_nmi)) - pt_config_stop(event); - + pt_config_stop(event); pt_read_offset(buf); pt_update_head(pt); @@ -1673,11 +1673,10 @@ static long pt_event_snapshot_aux(struct perf_event *event, ret = perf_output_copy_aux(&pt->handle, handle, from, to); /* - * If the tracing was on when we turned up, restart it. - * Compiler barrier not needed as we couldn't have been - * preempted by anything that touches pt->handle_nmi. + * Here, handle_nmi tells us if the tracing was on. + * If the tracing was on, restart it. */ - if (pt->handle_nmi) + if (READ_ONCE(pt->handle_nmi)) pt_config_start(event); return ret;

9 months, 1 week

1
0
0 0

Re: [PATCH 1/1] arm: devtree: fix missing device_node cleanup

by vincenzo mezzela

On 7/12/24 11:47, Javier Carrasco wrote: > On 12/07/2024 11:44, Vincenzo Mezzela wrote: >> Device node `cpus` is allocated but never released using `of_node_put`. >> >> This patch introduces the __free attribute for `cpus` device_node that >> automatically handle the cleanup of the resource by adding a call to >> `of_node_put` at the end of the current scope. This enhancement aims to >> mitigate memory management issues associated with forgetting to release >> the resources. >> >> Signed-off-by: Vincenzo Mezzela <vincenzo.mezzela(a)gmail.com> >> --- >> arch/arm/kernel/devtree.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/arch/arm/kernel/devtree.c b/arch/arm/kernel/devtree.c >> index fdb74e64206a..223d66a5fff3 100644 >> --- a/arch/arm/kernel/devtree.c >> +++ b/arch/arm/kernel/devtree.c >> @@ -70,14 +70,14 @@ void __init arm_dt_init_cpu_maps(void) >> * contain a list of MPIDR[23:0] values where MPIDR[31:24] must >> * read as 0. >> */ >> - struct device_node *cpu, *cpus; >> int found_method = 0; >> u32 i, j, cpuidx = 1; >> u32 mpidr = is_smp() ? read_cpuid_mpidr() & MPIDR_HWID_BITMASK : 0; >> >> u32 tmp_map[NR_CPUS] = { [0 ... NR_CPUS-1] = MPIDR_INVALID }; >> bool bootcpu_valid = false; >> - cpus = of_find_node_by_path("/cpus"); >> + struct device_node *cpu; >> + struct device_node *cpus __free(device_node) = of_find_node_by_path("/cpus"); >> >> if (!cpus) >> return; > Hello Vincenzo, > > If this is a fix, please provide the Fixes: tag as well as Cc: for > stable if it applies. > > Best regards, Javier Carrasco Sure, will do. :) Best regards, Vincenzo Fixes: a0ae02405076a ("ARM: kernel: add device tree init map function") Cc: stable(a)vger.kernel.org

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] udf: Avoid using corrupted block bitmap buffer" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x a90d4471146de21745980cba51ce88e7926bcc4f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072927-stubbly-curler-09c4@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: a90d4471146d ("udf: Avoid using corrupted block bitmap buffer") 1e0d4adf17e7 ("udf: Check consistency of Space Bitmap Descriptor") 101ee137d32a ("udf: Drop VARCONV support") a27b2923de7e ("udf: Move udf_expand_dir_adinicb() to its callsite") 57bda9fb169d ("udf: Convert udf_expand_dir_adinicb() to new directory iteration") d16076d9b684 ("udf: New directory iteration code") e4ae4735f7c2 ("udf: use sb_bdev_nr_blocks") b64533344371 ("udf: Fix iocharset=utf8 mount option") 979a6e28dd96 ("udf: Get rid of 0-length arrays in struct fileIdentDesc") fa236c2b2d44 ("udf: Fix NULL pointer dereference in udf_symlink function") 382a2287bf9c ("udf: Remove pointless union in udf_inode_info") 044e2e26f214 ("udf: Avoid accessing uninitialized data on failed inode read") 8b075e5ba459 ("udf: stop using ioctl_by_bdev") 4eb09e111218 ("fs-udf: Delete an unnecessary check before brelse()") ab9a3a737284 ("udf: reduce leakage of blocks related to named streams") a768a9abc625 ("udf: Explain handling of load_nls() failure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a90d4471146de21745980cba51ce88e7926bcc4f Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Mon, 17 Jun 2024 17:41:52 +0200 Subject: [PATCH] udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not. Reported-by: syzbot+5f682cd029581f9edfd1(a)syzkaller.appspotmail.com CC: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240617154201.29512-2-jack@suse.cz Fixes: 1e0d4adf17e7 ("udf: Check consistency of Space Bitmap Descriptor") Signed-off-by: Jan Kara <jack(a)suse.cz> diff --git a/fs/udf/balloc.c b/fs/udf/balloc.c index ab3ffc355949..558ad046972a 100644 --- a/fs/udf/balloc.c +++ b/fs/udf/balloc.c @@ -64,8 +64,12 @@ static int read_block_bitmap(struct super_block *sb, } for (i = 0; i < count; i++) - if (udf_test_bit(i + off, bh->b_data)) + if (udf_test_bit(i + off, bh->b_data)) { + bitmap->s_block_bitmap[bitmap_nr] = + ERR_PTR(-EFSCORRUPTED); + brelse(bh); return -EFSCORRUPTED; + } return 0; } @@ -81,8 +85,15 @@ static int __load_block_bitmap(struct super_block *sb, block_group, nr_groups); } - if (bitmap->s_block_bitmap[block_group]) + if (bitmap->s_block_bitmap[block_group]) { + /* + * The bitmap failed verification in the past. No point in + * trying again. + */ + if (IS_ERR(bitmap->s_block_bitmap[block_group])) + return PTR_ERR(bitmap->s_block_bitmap[block_group]); return block_group; + } retval = read_block_bitmap(sb, bitmap, block_group, block_group); if (retval < 0) diff --git a/fs/udf/super.c b/fs/udf/super.c index 9381a66c6ce5..92d477053905 100644 --- a/fs/udf/super.c +++ b/fs/udf/super.c @@ -336,7 +336,8 @@ static void udf_sb_free_bitmap(struct udf_bitmap *bitmap) int nr_groups = bitmap->s_nr_groups; for (i = 0; i < nr_groups; i++) - brelse(bitmap->s_block_bitmap[i]); + if (!IS_ERR_OR_NULL(bitmap->s_block_bitmap[i])) + brelse(bitmap->s_block_bitmap[i]); kvfree(bitmap); }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] apparmor: use kvfree_sensitive to free data->data" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2bc73505a5cd2a18a7a542022722f136c19e3b87 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072905-twirl-endless-6a91@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2bc73505a5cd ("apparmor: use kvfree_sensitive to free data->data") 000518bc5aef ("apparmor: fix missing error check for rhashtable_insert_fast") 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()") 45365a06aa30 ("Merge tag 's390-5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2bc73505a5cd2a18a7a542022722f136c19e3b87 Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Thu, 1 Feb 2024 17:24:48 +0300 Subject: [PATCH] apparmor: use kvfree_sensitive to free data->data Inside unpack_profile() data->data is allocated using kvmemdup() so it should be freed with the corresponding kvfree_sensitive(). Also add missing data->data release for rhashtable insertion failure path in unpack_profile(). Found by Linux Verification Center (linuxtesting.org). Fixes: e025be0f26d5 ("apparmor: support querying extended trusted helper extra data") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Signed-off-by: John Johansen <john.johansen(a)canonical.com> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 957654d253dd..14df15e35695 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -225,7 +225,7 @@ static void aa_free_data(void *ptr, void *arg) { struct aa_data *data = ptr; - kfree_sensitive(data->data); + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); } diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5e578ef0ddff..75452acd0e35 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1071,6 +1071,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) if (rhashtable_insert_fast(profile->data, &data->head, profile->data->p)) { + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); info = "failed to insert data to table";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] apparmor: use kvfree_sensitive to free data->data" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2bc73505a5cd2a18a7a542022722f136c19e3b87 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072904-landmass-fragrant-ef08@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2bc73505a5cd ("apparmor: use kvfree_sensitive to free data->data") 000518bc5aef ("apparmor: fix missing error check for rhashtable_insert_fast") 453431a54934 ("mm, treewide: rename kzfree() to kfree_sensitive()") 45365a06aa30 ("Merge tag 's390-5.9-1' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2bc73505a5cd2a18a7a542022722f136c19e3b87 Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Thu, 1 Feb 2024 17:24:48 +0300 Subject: [PATCH] apparmor: use kvfree_sensitive to free data->data Inside unpack_profile() data->data is allocated using kvmemdup() so it should be freed with the corresponding kvfree_sensitive(). Also add missing data->data release for rhashtable insertion failure path in unpack_profile(). Found by Linux Verification Center (linuxtesting.org). Fixes: e025be0f26d5 ("apparmor: support querying extended trusted helper extra data") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Signed-off-by: John Johansen <john.johansen(a)canonical.com> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 957654d253dd..14df15e35695 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -225,7 +225,7 @@ static void aa_free_data(void *ptr, void *arg) { struct aa_data *data = ptr; - kfree_sensitive(data->data); + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); } diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5e578ef0ddff..75452acd0e35 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1071,6 +1071,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) if (rhashtable_insert_fast(profile->data, &data->head, profile->data->p)) { + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); info = "failed to insert data to table";

9 months, 1 week

1
0
0 0

Re: [PATCH v3] sched/fair: Use all little CPUs for CPU-bound workload

by Pierre Gondois

Hello stable folk, This patch was merged as: commit 3af7524b1419 ("sched/fair: Use all little CPUs for CPU-bound workloads") into 6.7, improving the following: commit 0b0695f2b34a ("sched/fair: Rework load_balance()") Would it be possible to port it to the 6.1 stable branch ? The patch should apply cleanly by cherry-picking onto v6.1.94, Regards, Pierre On 12/6/23 10:00, Pierre Gondois wrote: > Running n CPU-bound tasks on an n CPUs platform: > - with asymmetric CPU capacity > - not being a DynamIq system (i.e. having a PKG level sched domain > without the SD_SHARE_PKG_RESOURCES flag set) > might result in a task placement where two tasks run on a big CPU > and none on a little CPU. This placement could be more optimal by > using all CPUs. > > Testing platform: > Juno-r2: > - 2 big CPUs (1-2), maximum capacity of 1024 > - 4 little CPUs (0,3-5), maximum capacity of 383 > > Testing workload ([1]): > Spawn 6 CPU-bound tasks. During the first 100ms (step 1), each tasks > is affine to a CPU, except for: > - one little CPU which is left idle. > - one big CPU which has 2 tasks affine. > After the 100ms (step 2), remove the cpumask affinity. > > Before patch: > During step 2, the load balancer running from the idle CPU tags sched > domains as: > - little CPUs: 'group_has_spare'. Cf. group_has_capacity() and > group_is_overloaded(), 3 CPU-bound tasks run on a 4 CPUs > sched-domain, and the idle CPU provides enough spare capacity > regarding the imbalance_pct > - big CPUs: 'group_overloaded'. Indeed, 3 tasks run on a 2 CPUs > sched-domain, so the following path is used: > group_is_overloaded() > \-if (sgs->sum_nr_running <= sgs->group_weight) return true; > > The following path which would change the migration type to > 'migrate_task' is not taken: > calculate_imbalance() > \-if (env->idle != CPU_NOT_IDLE && env->imbalance == 0) > as the local group has some spare capacity, so the imbalance > is not 0. > > The migration type requested is 'migrate_util' and the busiest > runqueue is the big CPU's runqueue having 2 tasks (each having a > utilization of 512). The idle little CPU cannot pull one of these > task as its capacity is too small for the task. The following path > is used: > detach_tasks() > \-case migrate_util: > \-if (util > env->imbalance) goto next; > > After patch: > As the number of failed balancing attempts grows (with > 'nr_balance_failed'), progressively make it easier to migrate > a big task to the idling little CPU. A similar mechanism is > used for the 'migrate_load' migration type. > > Improvement: > Running the testing workload [1] with the step 2 representing > a ~10s load for a big CPU: > Before patch: ~19.3s > After patch: ~18s (-6.7%) > > Similar issue reported at: > https://lore.kernel.org/lkml/20230716014125.139577-1-qyousef@layalina.io/ > > v1: > https://lore.kernel.org/all/20231110125902.2152380-1-pierre.gondois@arm.com/ > v2: > https://lore.kernel.org/all/20231124153323.3202444-1-pierre.gondois@arm.com/ > > Suggested-by: Vincent Guittot <vincent.guittot(a)linaro.org> > Signed-off-by: Pierre Gondois <pierre.gondois(a)arm.com> > Reviewed-by: Vincent Guittot <vincent.guittot(a)linaro.org> > Reviewed-by: Dietmar Eggemann <dietmar.eggemann(a)arm.com> > --- > > Notes: > v2: > - Used Vincent's approach. > v3: > - Updated commit message. > - Added Reviewed-by tags > > kernel/sched/fair.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c > index d7a3c63a2171..9481b8cff31b 100644 > --- a/kernel/sched/fair.c > +++ b/kernel/sched/fair.c > @@ -9060,7 +9060,7 @@ static int detach_tasks(struct lb_env *env) > case migrate_util: > util = task_util_est(p); > > - if (util > env->imbalance) > + if (shr_bound(util, env->sd->nr_balance_failed) > env->imbalance) > goto next; > > env->imbalance -= util;

9 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] irqchip/gic-v3: Fix 'broken_rdists' unused warning when !SMP" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 080402007007ca1bed8bcb103625137a5c8446c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-brewing-cavalier-a90a@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 080402007007 ("irqchip/gic-v3: Fix 'broken_rdists' unused warning when !SMP and !ACPI") d633da5d3ab1 ("irqchip/gic-v3: Add support for ACPI's disabled but 'online capable' CPUs") fa2dabe57220 ("irqchip/gic-v3: Don't return errors from gic_acpi_match_gicc()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 080402007007ca1bed8bcb103625137a5c8446c6 Mon Sep 17 00:00:00 2001 From: Catalin Marinas <catalin.marinas(a)arm.com> Date: Fri, 5 Jul 2024 12:54:29 +0100 Subject: [PATCH] irqchip/gic-v3: Fix 'broken_rdists' unused warning when !SMP and !ACPI Compiling the GICv3 driver on arm32 with CONFIG_SMP disabled (CONFIG_ACPI is not available) generates an unused variable warning for 'broken_rdists'. Add a __maybe_unused attribute to silence the compiler. Fixes: d633da5d3ab1 ("irqchip/gic-v3: Add support for ACPI's disabled but 'online capable' CPUs") Cc: <stable(a)vger.kernel.org> # .x Acked-by: Marc Zyngier <maz(a)kernel.org> Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c index cc81515c1413..18619d29b2ed 100644 --- a/drivers/irqchip/irq-gic-v3.c +++ b/drivers/irqchip/irq-gic-v3.c @@ -44,7 +44,7 @@ #define GIC_IRQ_TYPE_PARTITION (GIC_IRQ_TYPE_LPI + 1) -static struct cpumask broken_rdists __read_mostly; +static struct cpumask broken_rdists __read_mostly __maybe_unused; struct redist_region { void __iomem *redist_base;

9 months, 1 week

4
3
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072918-bauble-crock-c0f3@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072917-footsie-stopwatch-c5d7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-grill-deniable-ee28@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072916-area-amusing-82db@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072915-childless-spherical-32e3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072914-strewn-upheld-6833@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Remove ASSERT if significance is zero in" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 5302d1a06a2cd9855378122a07c9e0942f0f04a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072908-unheard-ozone-f012@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 5302d1a06a2c ("drm/amd/display: Remove ASSERT if significance is zero in math_ceil2") 70839da63605 ("drm/amd/display: Add new DCN401 sources") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5302d1a06a2cd9855378122a07c9e0942f0f04a9 Mon Sep 17 00:00:00 2001 From: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Date: Thu, 4 Jul 2024 11:54:34 -0600 Subject: [PATCH] drm/amd/display: Remove ASSERT if significance is zero in math_ceil2 In the DML math_ceil2 function, there is one ASSERT if the significance is equal to zero. However, significance might be equal to zero sometimes, and this is not an issue for a ceil function, but the current ASSERT will trigger warnings in those cases. This commit removes the ASSERT if the significance is equal to zero to avoid unnecessary noise. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Chaitanya Dhere <chaitanya.dhere(a)amd.com> Signed-off-by: Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 332315885d3ccc6d8fe99700f3c2e4c24aa65ab7) diff --git a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c index defe13436a2c..e73579f1a88e 100644 --- a/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c +++ b/drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_standalone_libraries/lib_float_math.c @@ -64,8 +64,6 @@ double math_ceil(const double arg) double math_ceil2(const double arg, const double significance) { - ASSERT(significance != 0); - return ((int)(arg / significance + 0.99999)) * significance; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072942-sedan-dingo-ba07@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072941-bogged-stingray-2127@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072941-uncross-untrained-affb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072940-cryptic-starter-05a2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072939-creole-geologist-da49@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072939-deuce-disaster-61c1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") 7fcf755896a3 ("drm/i915/display: use intel_encoder_is/to_* functions") 0a099232d254 ("drm/i915/snps: pass encoder to intel_snps_phy_update_psr_power_state()") 684a37a6ffa9 ("drm/i915/ddi: pass encoder to intel_wait_ddi_buf_active()") 65ea19a698f2 ("drm/i915/hdmi: convert *_port_to_ddc_pin() to *_encoder_to_ddc_pin()") 6a8c66bf0e56 ("drm/i915: Don't explode when the dig port we don't have an AUX CH") d5c7854b50e6 ("drm/i915/xe2lpd: Move D2D enable/disable") 2e4b90fbe755 ("drm/i915: Filter out glitches on HPD lines during hotplug detection") 31a5b6ed88c7 ("drm/i915/display: Unify VSC SPD preparation") 00076671a648 ("drm/i915/display: Move colorimetry_support from intel_psr to intel_dp") e11300a1d8e3 ("drm/i915/display: Remove intel_crtc_state->psr_vsc") 561322c3bc14 ("drm/i915/display: Skip state verification with TBT-ALT mode") 7966a93a27cf ("drm/i915: Push audio enable/disable further out") 59be90248b42 ("drm/i915/mtl: C20 state verification") 3257e55d3ea7 ("drm/i915/panelreplay: enable/disable panel replay") b8cf5b5d266e ("drm/i915/panelreplay: Initializaton and compute config for panel replay") dd8f2298e34b ("drm/i915/psr: Move psr specific dpcd init into own function") 36f579ffc692 ("drm/i915/dp_mst: Improve BW sharing between MST streams") e37137380931 ("drm/i915/dp_mst: Force modeset CRTC if DSC toggling requires it") b2608c6b3212 ("drm/i915/dp_mst: Enable MST DSC decompression for all streams") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x aaf9dc86bd806458f848c39057d59e5aa652a399 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072938-rectangle-freckles-e9c3@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: aaf9dc86bd80 ("drm/i915/display: For MTL+ platforms skip mg dp programming") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From aaf9dc86bd806458f848c39057d59e5aa652a399 Mon Sep 17 00:00:00 2001 From: Imre Deak <imre.deak(a)intel.com> Date: Tue, 25 Jun 2024 14:18:40 +0300 Subject: [PATCH] drm/i915/display: For MTL+ platforms skip mg dp programming For MTL+ platforms we use PICA chips for Type-C support and hence mg programming is not needed. Fixes issue with drm warn of TC port not being in legacy mode. Cc: stable(a)vger.kernel.org Signed-off-by: Mika Kahola <mika.kahola(a)intel.com> Signed-off-by: Imre Deak <imre.deak(a)intel.com> Reviewed-by: Gustavo Sousa <gustavo.sousa(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240625111840.597574-1-mika.… diff --git a/drivers/gpu/drm/i915/display/intel_ddi.c b/drivers/gpu/drm/i915/display/intel_ddi.c index bb13a3ca8c7c..6672fc162c4f 100644 --- a/drivers/gpu/drm/i915/display/intel_ddi.c +++ b/drivers/gpu/drm/i915/display/intel_ddi.c @@ -2096,6 +2096,9 @@ icl_program_mg_dp_mode(struct intel_digital_port *dig_port, u32 ln0, ln1, pin_assignment; u8 width; + if (DISPLAY_VER(dev_priv) >= 14) + return; + if (!intel_encoder_is_tc(&dig_port->base) || intel_tc_port_in_tbt_alt_mode(dig_port)) return;

9 months, 1 week

1
0
0 0

Re: [PATCH] drm/amd/display: fix corruption with high refresh rates on DCN 3.0

by Linux regression tracking (Thorsten Leemhuis)

On 16.07.24 19:33, Alex Deucher wrote: > This reverts commit bc87d666c05a13e6d4ae1ddce41fc43d2567b9a2 and the > register changes from commit 6d4279cb99ac4f51d10409501d29969f687ac8dc. > > Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3478 > Cc: mikhail.v.gavrilov(a)gmail.com > Cc: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > [...] Hi Greg, quick note, as I don't see the quoted patch in your 6.10-queue yet: you might want to pick up e3615bd198289f ("drm/amd/display: fix corruption with high refresh rates on DCN 3.0") [v6.11-rc1, contains table tag] rather sooner than later for 6.10.y, as the problem apparently hit a few people and even made the news: https://lore.kernel.org/all/20240723042420.GA1455@sol.localdomain/ https://www.reddit.com/r/archlinux/comments/1eaxjzo/linux_610_causes_screen… Ciao, Thorsten

9 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] ipv4: fix source address selection with route leak" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6807352353561187a718e87204458999dbcbba1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072909-turbine-disparity-9044@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 680735235356 ("ipv4: fix source address selection with route leak") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6807352353561187a718e87204458999dbcbba1b Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:27 +0200 Subject: [PATCH] ipv4: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv4: fix source address selection with route leak" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6807352353561187a718e87204458999dbcbba1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072908-desolate-jeeringly-c274@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 680735235356 ("ipv4: fix source address selection with route leak") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6807352353561187a718e87204458999dbcbba1b Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:27 +0200 Subject: [PATCH] ipv4: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } }

9 months, 1 week

1
0
0 0

[PATCH v2] PCI: j721e: Disable INTx mapping and swizzling

by Siddharth Vadapalli

Since the configuration of INTx (Legacy Interrupt) is not supported, set the .map_irq and .swizzle_irq callbacks to NULL. This fixes the error: of_irq_parse_pci: failed with rc=-22 when the pcieport driver attempts to setup INTx for the Host Bridge via "pci_assign_irq()". The device-tree node of the Host Bridge doesn't contain Legacy Interrupts. As a result, Legacy Interrupts are searched for in the MSI Interrupt Parent of the Host Bridge with the help of "of_irq_parse_raw()". Since the MSI Interrupt Parent of the Host Bridge uses 3 interrupt cells while Legacy Interrupts only use 1, the search for Legacy Interrupts is terminated prematurely by the "of_irq_parse_raw()" function with the -EINVAL error code (rc=-22). Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Cc: stable(a)vger.kernel.org Reported-by: Andrew Halaney <ahalaney(a)redhat.com> Tested-by: Andrew Halaney <ahalaney(a)redhat.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit 1722389b0d86 Merge tag 'net-6.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net of Mainline Linux. v1: https://lore.kernel.org/r/20240724065048.285838-1-s-vadapalli@ti.com Changes since v1: - Added "Cc: stable(a)vger.kernel.org" in the commit message. - Based on Bjorn's feedback at: https://lore.kernel.org/r/20240724162304.GA802428@bhelgaas/ the $subject and commit message have been updated. Additionally, the comment in the driver has also been updated to specify "INTx" instead of "Legacy Interrupts". - Collected Tested-by tag from Andrew Halaney <ahalaney(a)redhat.com>: https://lore.kernel.org/r/vj6vtjphpmqv6hcblaalr2m4bwjujjwvom6ca4bjdzcmgazya… Patch has been tested on J721e-EVM and J784S4-EVM. Regards, Siddharth. drivers/pci/controller/cadence/pci-j721e.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index 85718246016b..eaa6cfeb03c7 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -417,6 +417,10 @@ static int j721e_pcie_probe(struct platform_device *pdev) if (!bridge) return -ENOMEM; + /* INTx is not supported */ + bridge->map_irq = NULL; + bridge->swizzle_irq = NULL; + if (!data->byte_access_allowed) bridge->ops = &cdns_ti_pcie_host_ops; rc = pci_host_bridge_priv(bridge); -- 2.40.1

9 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072929-ocelot-buccaneer-e755@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") 0889f44e2810 ("ipc: Check permissions for checkpoint_restart sysctls at open time") 1f5c135ee509 ("ipc: Store ipc sysctls in the ipc namespace") dc55e35f9e81 ("ipc: Store mqueue sysctls in the ipc namespace") 0e9beb8a96f2 ("ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL") 5563cabdde7e ("ipc: check checkpoint_restore_ns_capable() to modify C/R proc files") 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") 2374c09b1c8a ("sysctl: remove all extern declaration from sysctl.c") 26363af56434 ("mm: remove watermark_boost_factor_sysctl_handler") 6923aa0d8c62 ("mm/compaction: Disable compact_unevictable_allowed on RT") 964b692daf30 ("mm/compaction: really limit compact_unevictable_allowed to 0 and 1") eaee41727e6d ("sysctl/sysrq: Remove __sysrq_enabled copy") 0a6cad5df541 ("Merge branch 'vmwgfx-coherent' of git://people.freedesktop.org/~thomash/linux into drm-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072928-bunny-banana-9335@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") 0889f44e2810 ("ipc: Check permissions for checkpoint_restart sysctls at open time") 1f5c135ee509 ("ipc: Store ipc sysctls in the ipc namespace") dc55e35f9e81 ("ipc: Store mqueue sysctls in the ipc namespace") 0e9beb8a96f2 ("ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL") 5563cabdde7e ("ipc: check checkpoint_restore_ns_capable() to modify C/R proc files") 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler") 2374c09b1c8a ("sysctl: remove all extern declaration from sysctl.c") 26363af56434 ("mm: remove watermark_boost_factor_sysctl_handler") 6923aa0d8c62 ("mm/compaction: Disable compact_unevictable_allowed on RT") 964b692daf30 ("mm/compaction: really limit compact_unevictable_allowed to 0 and 1") eaee41727e6d ("sysctl/sysrq: Remove __sysrq_enabled copy") 0a6cad5df541 ("Merge branch 'vmwgfx-coherent' of git://people.freedesktop.org/~thomash/linux into drm-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072927-tricolor-backfield-1bfe@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") 0889f44e2810 ("ipc: Check permissions for checkpoint_restart sysctls at open time") 1f5c135ee509 ("ipc: Store ipc sysctls in the ipc namespace") dc55e35f9e81 ("ipc: Store mqueue sysctls in the ipc namespace") 0e9beb8a96f2 ("ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL") 5563cabdde7e ("ipc: check checkpoint_restore_ns_capable() to modify C/R proc files") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072920-anytime-unfailing-5f2c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072921-steadfast-bulk-c488@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") 0889f44e2810 ("ipc: Check permissions for checkpoint_restart sysctls at open time") 1f5c135ee509 ("ipc: Store ipc sysctls in the ipc namespace") dc55e35f9e81 ("ipc: Store mqueue sysctls in the ipc namespace") 0e9beb8a96f2 ("ipc/ipc_sysctl.c: remove fallback for !CONFIG_PROC_SYSCTL") 5563cabdde7e ("ipc: check checkpoint_restore_ns_capable() to modify C/R proc files") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sysctl: always initialize i_uid/i_gid" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072920-unmarked-likewise-acb2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 98ca62ba9e2b ("sysctl: always initialize i_uid/i_gid") 520713a93d55 ("sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)") f9436a5d0497 ("sysctl: allow to change limits for posix messages queues") 50ec499b9a43 ("sysctl: allow change system v ipc sysctls inside ipc namespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Tue, 2 Apr 2024 23:10:34 +0200 Subject: [PATCH] sysctl: always initialize i_uid/i_gid MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value failed. Fixes: 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Joel Granados <j.granados(a)samsung.com> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index b1c2c0b82116..dd7b462387a0 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -476,12 +476,10 @@ static struct inode *proc_sys_make_inode(struct super_block *sb, make_empty_dir_inode(inode); } + inode->i_uid = GLOBAL_ROOT_UID; + inode->i_gid = GLOBAL_ROOT_GID; if (root->set_ownership) root->set_ownership(head, &inode->i_uid, &inode->i_gid); - else { - inode->i_uid = GLOBAL_ROOT_UID; - inode->i_gid = GLOBAL_ROOT_GID; - } return inode; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 28ab9769117ca944cb6eb537af5599aa436287a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072908-kissing-cornbread-2dc7@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 28ab9769117c ("ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error") f2b1e9c6f867 ("scsi: core: Introduce scsi_build_sense()") 8148dfba29e7 ("scsi: 3w-xxxx: Whitespace cleanup") 96e209be6ecb ("scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers") da255e2e7cc8 ("scsi: lpfc: Convert SCSI path to use common I/O submission path") 47ff4c510f02 ("scsi: lpfc: Enable common send_io interface for SCSI and NVMe") 307e338097dc ("scsi: lpfc: Rework remote port ref counting and node freeing") 7af29d455362 ("scsi: lpfc: Fix-up around 120 documentation issues") 372c187b8a70 ("scsi: lpfc: Add an internal trace log buffer") 317aeb83c92b ("scsi: lpfc: Add blk_io_poll support for latency improvment") f0020e428af7 ("scsi: lpfc: Add support to display if adapter dumps are available") 86ee57a97a17 ("scsi: lpfc: Fix kdump hang on PPC") 818dbde78e0f ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 28ab9769117ca944cb6eb537af5599aa436287a4 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:31 +0000 Subject: [PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error SAT-5 revision 8 specification removed the text about the ANSI INCITS 431-2007 compliance which was requiring SCSI/ATA Translation (SAT) to return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. Let's honor the D_SENSE bit for ATA PASS-THROUGH commands while generating the "ATA PASS-THROUGH INFORMATION AVAILABLE" sense data. SAT-5 revision 7 ================ 12.2.2.8 Fixed format sense data Table 212 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. SATLs compliant with ANSI INCITS 431-2007, SCSI/ATA Translation (SAT) return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. SAT-5 revision 8 ================ 12.2.2.8 Fixed format sense data Table 211 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. Cc: stable(a)vger.kernel.org # 4.19+ Reported-by: Niklas Cassel <cassel(a)kernel.org> Closes: https://lore.kernel.org/linux-ide/Zn1WUhmLglM4iais@ryzen.lan Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Link: https://lore.kernel.org/r/20240702024735.1152293-4-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a9d2a1cf4c3d..fdc2a3b59fc1 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -941,11 +941,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) &sense_key, &asc, &ascq); ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq); } else { - /* - * ATA PASS-THROUGH INFORMATION AVAILABLE - * Always in descriptor format sense. - */ - scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); + /* ATA PASS-THROUGH INFORMATION AVAILABLE */ + ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D); } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 28ab9769117ca944cb6eb537af5599aa436287a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072907-pronounce-drop-down-3db9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 28ab9769117c ("ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error") f2b1e9c6f867 ("scsi: core: Introduce scsi_build_sense()") 8148dfba29e7 ("scsi: 3w-xxxx: Whitespace cleanup") 96e209be6ecb ("scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers") da255e2e7cc8 ("scsi: lpfc: Convert SCSI path to use common I/O submission path") 47ff4c510f02 ("scsi: lpfc: Enable common send_io interface for SCSI and NVMe") 307e338097dc ("scsi: lpfc: Rework remote port ref counting and node freeing") 7af29d455362 ("scsi: lpfc: Fix-up around 120 documentation issues") 372c187b8a70 ("scsi: lpfc: Add an internal trace log buffer") 317aeb83c92b ("scsi: lpfc: Add blk_io_poll support for latency improvment") f0020e428af7 ("scsi: lpfc: Add support to display if adapter dumps are available") 86ee57a97a17 ("scsi: lpfc: Fix kdump hang on PPC") 818dbde78e0f ("Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 28ab9769117ca944cb6eb537af5599aa436287a4 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:31 +0000 Subject: [PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error SAT-5 revision 8 specification removed the text about the ANSI INCITS 431-2007 compliance which was requiring SCSI/ATA Translation (SAT) to return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. Let's honor the D_SENSE bit for ATA PASS-THROUGH commands while generating the "ATA PASS-THROUGH INFORMATION AVAILABLE" sense data. SAT-5 revision 7 ================ 12.2.2.8 Fixed format sense data Table 212 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. SATLs compliant with ANSI INCITS 431-2007, SCSI/ATA Translation (SAT) return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. SAT-5 revision 8 ================ 12.2.2.8 Fixed format sense data Table 211 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. Cc: stable(a)vger.kernel.org # 4.19+ Reported-by: Niklas Cassel <cassel(a)kernel.org> Closes: https://lore.kernel.org/linux-ide/Zn1WUhmLglM4iais@ryzen.lan Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Link: https://lore.kernel.org/r/20240702024735.1152293-4-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a9d2a1cf4c3d..fdc2a3b59fc1 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -941,11 +941,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) &sense_key, &asc, &ascq); ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq); } else { - /* - * ATA PASS-THROUGH INFORMATION AVAILABLE - * Always in descriptor format sense. - */ - scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); + /* ATA PASS-THROUGH INFORMATION AVAILABLE */ + ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D); } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 28ab9769117ca944cb6eb537af5599aa436287a4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072906-drapery-glimpse-fc09@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 28ab9769117c ("ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error") f2b1e9c6f867 ("scsi: core: Introduce scsi_build_sense()") 8148dfba29e7 ("scsi: 3w-xxxx: Whitespace cleanup") 96e209be6ecb ("scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers") da255e2e7cc8 ("scsi: lpfc: Convert SCSI path to use common I/O submission path") 47ff4c510f02 ("scsi: lpfc: Enable common send_io interface for SCSI and NVMe") 307e338097dc ("scsi: lpfc: Rework remote port ref counting and node freeing") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 28ab9769117ca944cb6eb537af5599aa436287a4 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:31 +0000 Subject: [PATCH] ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error SAT-5 revision 8 specification removed the text about the ANSI INCITS 431-2007 compliance which was requiring SCSI/ATA Translation (SAT) to return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. Let's honor the D_SENSE bit for ATA PASS-THROUGH commands while generating the "ATA PASS-THROUGH INFORMATION AVAILABLE" sense data. SAT-5 revision 7 ================ 12.2.2.8 Fixed format sense data Table 212 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. SATLs compliant with ANSI INCITS 431-2007, SCSI/ATA Translation (SAT) return descriptor format sense data for the ATA PASS-THROUGH commands regardless of the setting of the D_SENSE bit. SAT-5 revision 8 ================ 12.2.2.8 Fixed format sense data Table 211 shows the fields returned in the fixed format sense data (see SPC-5) for ATA PASS-THROUGH commands. Cc: stable(a)vger.kernel.org # 4.19+ Reported-by: Niklas Cassel <cassel(a)kernel.org> Closes: https://lore.kernel.org/linux-ide/Zn1WUhmLglM4iais@ryzen.lan Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Link: https://lore.kernel.org/r/20240702024735.1152293-4-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a9d2a1cf4c3d..fdc2a3b59fc1 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -941,11 +941,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) &sense_key, &asc, &ascq); ata_scsi_set_sense(qc->dev, cmd, sense_key, asc, ascq); } else { - /* - * ATA PASS-THROUGH INFORMATION AVAILABLE - * Always in descriptor format sense. - */ - scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); + /* ATA PASS-THROUGH INFORMATION AVAILABLE */ + ata_scsi_set_sense(qc->dev, cmd, RECOVERED_ERROR, 0, 0x1D); } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Do not overwrite valid sense data when" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 97981926224afe17ba3e22e0c2b7dd8b516ee574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072946-resonate-sprung-9a3c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 97981926224a ("ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1") 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 7574a8377c7a ("ata: libata-scsi: do not overwrite SCSI ML and status bytes") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97981926224afe17ba3e22e0c2b7dd8b516ee574 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:30 +0000 Subject: [PATCH] ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Current ata_gen_passthru_sense() code performs two actions: 1. Generates sense data based on the ATA 'status' and ATA 'error' fields. 2. Populates "ATA Status Return sense data descriptor" / "Fixed format sense data" with ATA taskfile fields. The problem is that #1 generates sense data even when a valid sense data is already present (ATA_QCFLAG_SENSE_VALID is set). Factoring out #2 into a separate function allows us to generate sense data only when there is no valid sense data (ATA_QCFLAG_SENSE_VALID is not set). As a bonus, we can now delete a FIXME comment in atapi_qc_complete() which states that we don't want to translate taskfile registers into sense descriptors for ATAPI. Additionally, always set SAM_STAT_CHECK_CONDITION when CK_COND=1 because SAT specification mandates that SATL shall return CHECK CONDITION if the CK_COND bit is set. The ATA PASS-THROUGH handling logic in ata_scsi_qc_complete() is hard to read/understand. Improve the readability of the code by moving checks into self-explanatory boolean variables. Cc: stable(a)vger.kernel.org # 4.19+ Co-developed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-3-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a0c68b0a00c4..a9d2a1cf4c3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -230,6 +230,80 @@ void ata_scsi_set_sense_information(struct ata_device *dev, SCSI_SENSE_BUFFERSIZE, information); } +/** + * ata_scsi_set_passthru_sense_fields - Set ATA fields in sense buffer + * @qc: ATA PASS-THROUGH command. + * + * Populates "ATA Status Return sense data descriptor" / "Fixed format + * sense data" with ATA taskfile fields. + * + * LOCKING: + * None. + */ +static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc) +{ + struct scsi_cmnd *cmd = qc->scsicmd; + struct ata_taskfile *tf = &qc->result_tf; + unsigned char *sb = cmd->sense_buffer; + + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; + u8 len; + + /* descriptor format */ + len = sb[7]; + desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); + if (!desc) { + if (SCSI_SENSE_BUFFERSIZE < len + 14) + return; + sb[7] = len + 14; + desc = sb + 8 + len; + } + desc[0] = 9; + desc[1] = 12; + /* + * Copy registers into sense buffer. + */ + desc[2] = 0x00; + desc[3] = tf->error; + desc[5] = tf->nsect; + desc[7] = tf->lbal; + desc[9] = tf->lbam; + desc[11] = tf->lbah; + desc[12] = tf->device; + desc[13] = tf->status; + + /* + * Fill in Extend bit, and the high order bytes + * if applicable. + */ + if (tf->flags & ATA_TFLAG_LBA48) { + desc[2] |= 0x01; + desc[4] = tf->hob_nsect; + desc[6] = tf->hob_lbal; + desc[8] = tf->hob_lbam; + desc[10] = tf->hob_lbah; + } + } else { + /* Fixed sense format */ + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; + if (tf->flags & ATA_TFLAG_LBA48) { + sb[8] |= 0x80; + if (tf->hob_nsect) + sb[8] |= 0x40; + if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) + sb[8] |= 0x20; + } + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; + } +} + static void ata_scsi_set_invalid_field(struct ata_device *dev, struct scsi_cmnd *cmd, u16 field, u8 bit) { @@ -837,10 +911,8 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk, * ata_gen_passthru_sense - Generate check condition sense block. * @qc: Command that completed. * - * This function is specific to the ATA descriptor format sense - * block specified for the ATA pass through commands. Regardless - * of whether the command errored or not, return a sense - * block. Copy all controller registers into the sense + * This function is specific to the ATA pass through commands. + * Regardless of whether the command errored or not, return a sense * block. If there was no error, we get the request from an ATA * passthrough command, so we use the following sense data: * sk = RECOVERED ERROR @@ -875,63 +947,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) */ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - - if ((sb[0] & 0x7f) >= 0x72) { - unsigned char *desc; - u8 len; - - /* descriptor format */ - len = sb[7]; - desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); - if (!desc) { - if (SCSI_SENSE_BUFFERSIZE < len + 14) - return; - sb[7] = len + 14; - desc = sb + 8 + len; - } - desc[0] = 9; - desc[1] = 12; - /* - * Copy registers into sense buffer. - */ - desc[2] = 0x00; - desc[3] = tf->error; - desc[5] = tf->nsect; - desc[7] = tf->lbal; - desc[9] = tf->lbam; - desc[11] = tf->lbah; - desc[12] = tf->device; - desc[13] = tf->status; - - /* - * Fill in Extend bit, and the high order bytes - * if applicable. - */ - if (tf->flags & ATA_TFLAG_LBA48) { - desc[2] |= 0x01; - desc[4] = tf->hob_nsect; - desc[6] = tf->hob_lbal; - desc[8] = tf->hob_lbam; - desc[10] = tf->hob_lbah; - } - } else { - /* Fixed sense format */ - sb[0] |= 0x80; - sb[3] = tf->error; - sb[4] = tf->status; - sb[5] = tf->device; - sb[6] = tf->nsect; - if (tf->flags & ATA_TFLAG_LBA48) { - sb[8] |= 0x80; - if (tf->hob_nsect) - sb[8] |= 0x40; - if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - sb[8] |= 0x20; - } - sb[9] = tf->lbal; - sb[10] = tf->lbam; - sb[11] = tf->lbah; - } } /** @@ -1632,26 +1647,32 @@ static void ata_scsi_qc_complete(struct ata_queued_cmd *qc) { struct scsi_cmnd *cmd = qc->scsicmd; u8 *cdb = cmd->cmnd; - int need_sense = (qc->err_mask != 0) && - !(qc->flags & ATA_QCFLAG_SENSE_VALID); + bool have_sense = qc->flags & ATA_QCFLAG_SENSE_VALID; + bool is_ata_passthru = cdb[0] == ATA_16 || cdb[0] == ATA_12; + bool is_ck_cond_request = cdb[2] & 0x20; + bool is_error = qc->err_mask != 0; /* For ATA pass thru (SAT) commands, generate a sense block if * user mandated it or if there's an error. Note that if we - * generate because the user forced us to [CK_COND =1], a check + * generate because the user forced us to [CK_COND=1], a check * condition is generated and the ATA register values are returned * whether the command completed successfully or not. If there - * was no error, we use the following sense data: + * was no error, and CK_COND=1, we use the following sense data: * sk = RECOVERED ERROR * asc,ascq = ATA PASS-THROUGH INFORMATION AVAILABLE */ - if (((cdb[0] == ATA_16) || (cdb[0] == ATA_12)) && - ((cdb[2] & 0x20) || need_sense)) - ata_gen_passthru_sense(qc); - else if (need_sense) + if (is_ata_passthru && (is_ck_cond_request || is_error || have_sense)) { + if (!have_sense) + ata_gen_passthru_sense(qc); + ata_scsi_set_passthru_sense_fields(qc); + if (is_ck_cond_request) + set_status_byte(qc->scsicmd, SAM_STAT_CHECK_CONDITION); + } else if (is_error && !have_sense) { ata_gen_ata_sense(qc); - else + } else { /* Keep the SCSI ML and status byte, clear host byte. */ cmd->result &= 0x0000ffff; + } ata_qc_done(qc); } @@ -2590,14 +2611,8 @@ static void atapi_qc_complete(struct ata_queued_cmd *qc) /* handle completion from EH */ if (unlikely(err_mask || qc->flags & ATA_QCFLAG_SENSE_VALID)) { - if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) { - /* FIXME: not quite right; we don't want the - * translation of taskfile registers into a - * sense descriptors, since that's only - * correct for ATA, not ATAPI - */ + if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) ata_gen_passthru_sense(qc); - } /* SCSI EH automatically locks door if sdev->locked is * set. Sometimes door lock request continues to

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Do not overwrite valid sense data when" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 97981926224afe17ba3e22e0c2b7dd8b516ee574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072945-gibberish-convene-2781@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 97981926224a ("ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1") 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 7574a8377c7a ("ata: libata-scsi: do not overwrite SCSI ML and status bytes") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97981926224afe17ba3e22e0c2b7dd8b516ee574 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:30 +0000 Subject: [PATCH] ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Current ata_gen_passthru_sense() code performs two actions: 1. Generates sense data based on the ATA 'status' and ATA 'error' fields. 2. Populates "ATA Status Return sense data descriptor" / "Fixed format sense data" with ATA taskfile fields. The problem is that #1 generates sense data even when a valid sense data is already present (ATA_QCFLAG_SENSE_VALID is set). Factoring out #2 into a separate function allows us to generate sense data only when there is no valid sense data (ATA_QCFLAG_SENSE_VALID is not set). As a bonus, we can now delete a FIXME comment in atapi_qc_complete() which states that we don't want to translate taskfile registers into sense descriptors for ATAPI. Additionally, always set SAM_STAT_CHECK_CONDITION when CK_COND=1 because SAT specification mandates that SATL shall return CHECK CONDITION if the CK_COND bit is set. The ATA PASS-THROUGH handling logic in ata_scsi_qc_complete() is hard to read/understand. Improve the readability of the code by moving checks into self-explanatory boolean variables. Cc: stable(a)vger.kernel.org # 4.19+ Co-developed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-3-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a0c68b0a00c4..a9d2a1cf4c3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -230,6 +230,80 @@ void ata_scsi_set_sense_information(struct ata_device *dev, SCSI_SENSE_BUFFERSIZE, information); } +/** + * ata_scsi_set_passthru_sense_fields - Set ATA fields in sense buffer + * @qc: ATA PASS-THROUGH command. + * + * Populates "ATA Status Return sense data descriptor" / "Fixed format + * sense data" with ATA taskfile fields. + * + * LOCKING: + * None. + */ +static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc) +{ + struct scsi_cmnd *cmd = qc->scsicmd; + struct ata_taskfile *tf = &qc->result_tf; + unsigned char *sb = cmd->sense_buffer; + + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; + u8 len; + + /* descriptor format */ + len = sb[7]; + desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); + if (!desc) { + if (SCSI_SENSE_BUFFERSIZE < len + 14) + return; + sb[7] = len + 14; + desc = sb + 8 + len; + } + desc[0] = 9; + desc[1] = 12; + /* + * Copy registers into sense buffer. + */ + desc[2] = 0x00; + desc[3] = tf->error; + desc[5] = tf->nsect; + desc[7] = tf->lbal; + desc[9] = tf->lbam; + desc[11] = tf->lbah; + desc[12] = tf->device; + desc[13] = tf->status; + + /* + * Fill in Extend bit, and the high order bytes + * if applicable. + */ + if (tf->flags & ATA_TFLAG_LBA48) { + desc[2] |= 0x01; + desc[4] = tf->hob_nsect; + desc[6] = tf->hob_lbal; + desc[8] = tf->hob_lbam; + desc[10] = tf->hob_lbah; + } + } else { + /* Fixed sense format */ + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; + if (tf->flags & ATA_TFLAG_LBA48) { + sb[8] |= 0x80; + if (tf->hob_nsect) + sb[8] |= 0x40; + if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) + sb[8] |= 0x20; + } + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; + } +} + static void ata_scsi_set_invalid_field(struct ata_device *dev, struct scsi_cmnd *cmd, u16 field, u8 bit) { @@ -837,10 +911,8 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk, * ata_gen_passthru_sense - Generate check condition sense block. * @qc: Command that completed. * - * This function is specific to the ATA descriptor format sense - * block specified for the ATA pass through commands. Regardless - * of whether the command errored or not, return a sense - * block. Copy all controller registers into the sense + * This function is specific to the ATA pass through commands. + * Regardless of whether the command errored or not, return a sense * block. If there was no error, we get the request from an ATA * passthrough command, so we use the following sense data: * sk = RECOVERED ERROR @@ -875,63 +947,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) */ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - - if ((sb[0] & 0x7f) >= 0x72) { - unsigned char *desc; - u8 len; - - /* descriptor format */ - len = sb[7]; - desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); - if (!desc) { - if (SCSI_SENSE_BUFFERSIZE < len + 14) - return; - sb[7] = len + 14; - desc = sb + 8 + len; - } - desc[0] = 9; - desc[1] = 12; - /* - * Copy registers into sense buffer. - */ - desc[2] = 0x00; - desc[3] = tf->error; - desc[5] = tf->nsect; - desc[7] = tf->lbal; - desc[9] = tf->lbam; - desc[11] = tf->lbah; - desc[12] = tf->device; - desc[13] = tf->status; - - /* - * Fill in Extend bit, and the high order bytes - * if applicable. - */ - if (tf->flags & ATA_TFLAG_LBA48) { - desc[2] |= 0x01; - desc[4] = tf->hob_nsect; - desc[6] = tf->hob_lbal; - desc[8] = tf->hob_lbam; - desc[10] = tf->hob_lbah; - } - } else { - /* Fixed sense format */ - sb[0] |= 0x80; - sb[3] = tf->error; - sb[4] = tf->status; - sb[5] = tf->device; - sb[6] = tf->nsect; - if (tf->flags & ATA_TFLAG_LBA48) { - sb[8] |= 0x80; - if (tf->hob_nsect) - sb[8] |= 0x40; - if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - sb[8] |= 0x20; - } - sb[9] = tf->lbal; - sb[10] = tf->lbam; - sb[11] = tf->lbah; - } } /** @@ -1632,26 +1647,32 @@ static void ata_scsi_qc_complete(struct ata_queued_cmd *qc) { struct scsi_cmnd *cmd = qc->scsicmd; u8 *cdb = cmd->cmnd; - int need_sense = (qc->err_mask != 0) && - !(qc->flags & ATA_QCFLAG_SENSE_VALID); + bool have_sense = qc->flags & ATA_QCFLAG_SENSE_VALID; + bool is_ata_passthru = cdb[0] == ATA_16 || cdb[0] == ATA_12; + bool is_ck_cond_request = cdb[2] & 0x20; + bool is_error = qc->err_mask != 0; /* For ATA pass thru (SAT) commands, generate a sense block if * user mandated it or if there's an error. Note that if we - * generate because the user forced us to [CK_COND =1], a check + * generate because the user forced us to [CK_COND=1], a check * condition is generated and the ATA register values are returned * whether the command completed successfully or not. If there - * was no error, we use the following sense data: + * was no error, and CK_COND=1, we use the following sense data: * sk = RECOVERED ERROR * asc,ascq = ATA PASS-THROUGH INFORMATION AVAILABLE */ - if (((cdb[0] == ATA_16) || (cdb[0] == ATA_12)) && - ((cdb[2] & 0x20) || need_sense)) - ata_gen_passthru_sense(qc); - else if (need_sense) + if (is_ata_passthru && (is_ck_cond_request || is_error || have_sense)) { + if (!have_sense) + ata_gen_passthru_sense(qc); + ata_scsi_set_passthru_sense_fields(qc); + if (is_ck_cond_request) + set_status_byte(qc->scsicmd, SAM_STAT_CHECK_CONDITION); + } else if (is_error && !have_sense) { ata_gen_ata_sense(qc); - else + } else { /* Keep the SCSI ML and status byte, clear host byte. */ cmd->result &= 0x0000ffff; + } ata_qc_done(qc); } @@ -2590,14 +2611,8 @@ static void atapi_qc_complete(struct ata_queued_cmd *qc) /* handle completion from EH */ if (unlikely(err_mask || qc->flags & ATA_QCFLAG_SENSE_VALID)) { - if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) { - /* FIXME: not quite right; we don't want the - * translation of taskfile registers into a - * sense descriptors, since that's only - * correct for ATA, not ATAPI - */ + if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) ata_gen_passthru_sense(qc); - } /* SCSI EH automatically locks door if sdev->locked is * set. Sometimes door lock request continues to

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Do not overwrite valid sense data when" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 97981926224afe17ba3e22e0c2b7dd8b516ee574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072944-grating-modular-edd2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 97981926224a ("ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1") 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 7574a8377c7a ("ata: libata-scsi: do not overwrite SCSI ML and status bytes") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97981926224afe17ba3e22e0c2b7dd8b516ee574 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:30 +0000 Subject: [PATCH] ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Current ata_gen_passthru_sense() code performs two actions: 1. Generates sense data based on the ATA 'status' and ATA 'error' fields. 2. Populates "ATA Status Return sense data descriptor" / "Fixed format sense data" with ATA taskfile fields. The problem is that #1 generates sense data even when a valid sense data is already present (ATA_QCFLAG_SENSE_VALID is set). Factoring out #2 into a separate function allows us to generate sense data only when there is no valid sense data (ATA_QCFLAG_SENSE_VALID is not set). As a bonus, we can now delete a FIXME comment in atapi_qc_complete() which states that we don't want to translate taskfile registers into sense descriptors for ATAPI. Additionally, always set SAM_STAT_CHECK_CONDITION when CK_COND=1 because SAT specification mandates that SATL shall return CHECK CONDITION if the CK_COND bit is set. The ATA PASS-THROUGH handling logic in ata_scsi_qc_complete() is hard to read/understand. Improve the readability of the code by moving checks into self-explanatory boolean variables. Cc: stable(a)vger.kernel.org # 4.19+ Co-developed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-3-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a0c68b0a00c4..a9d2a1cf4c3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -230,6 +230,80 @@ void ata_scsi_set_sense_information(struct ata_device *dev, SCSI_SENSE_BUFFERSIZE, information); } +/** + * ata_scsi_set_passthru_sense_fields - Set ATA fields in sense buffer + * @qc: ATA PASS-THROUGH command. + * + * Populates "ATA Status Return sense data descriptor" / "Fixed format + * sense data" with ATA taskfile fields. + * + * LOCKING: + * None. + */ +static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc) +{ + struct scsi_cmnd *cmd = qc->scsicmd; + struct ata_taskfile *tf = &qc->result_tf; + unsigned char *sb = cmd->sense_buffer; + + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; + u8 len; + + /* descriptor format */ + len = sb[7]; + desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); + if (!desc) { + if (SCSI_SENSE_BUFFERSIZE < len + 14) + return; + sb[7] = len + 14; + desc = sb + 8 + len; + } + desc[0] = 9; + desc[1] = 12; + /* + * Copy registers into sense buffer. + */ + desc[2] = 0x00; + desc[3] = tf->error; + desc[5] = tf->nsect; + desc[7] = tf->lbal; + desc[9] = tf->lbam; + desc[11] = tf->lbah; + desc[12] = tf->device; + desc[13] = tf->status; + + /* + * Fill in Extend bit, and the high order bytes + * if applicable. + */ + if (tf->flags & ATA_TFLAG_LBA48) { + desc[2] |= 0x01; + desc[4] = tf->hob_nsect; + desc[6] = tf->hob_lbal; + desc[8] = tf->hob_lbam; + desc[10] = tf->hob_lbah; + } + } else { + /* Fixed sense format */ + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; + if (tf->flags & ATA_TFLAG_LBA48) { + sb[8] |= 0x80; + if (tf->hob_nsect) + sb[8] |= 0x40; + if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) + sb[8] |= 0x20; + } + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; + } +} + static void ata_scsi_set_invalid_field(struct ata_device *dev, struct scsi_cmnd *cmd, u16 field, u8 bit) { @@ -837,10 +911,8 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk, * ata_gen_passthru_sense - Generate check condition sense block. * @qc: Command that completed. * - * This function is specific to the ATA descriptor format sense - * block specified for the ATA pass through commands. Regardless - * of whether the command errored or not, return a sense - * block. Copy all controller registers into the sense + * This function is specific to the ATA pass through commands. + * Regardless of whether the command errored or not, return a sense * block. If there was no error, we get the request from an ATA * passthrough command, so we use the following sense data: * sk = RECOVERED ERROR @@ -875,63 +947,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) */ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - - if ((sb[0] & 0x7f) >= 0x72) { - unsigned char *desc; - u8 len; - - /* descriptor format */ - len = sb[7]; - desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); - if (!desc) { - if (SCSI_SENSE_BUFFERSIZE < len + 14) - return; - sb[7] = len + 14; - desc = sb + 8 + len; - } - desc[0] = 9; - desc[1] = 12; - /* - * Copy registers into sense buffer. - */ - desc[2] = 0x00; - desc[3] = tf->error; - desc[5] = tf->nsect; - desc[7] = tf->lbal; - desc[9] = tf->lbam; - desc[11] = tf->lbah; - desc[12] = tf->device; - desc[13] = tf->status; - - /* - * Fill in Extend bit, and the high order bytes - * if applicable. - */ - if (tf->flags & ATA_TFLAG_LBA48) { - desc[2] |= 0x01; - desc[4] = tf->hob_nsect; - desc[6] = tf->hob_lbal; - desc[8] = tf->hob_lbam; - desc[10] = tf->hob_lbah; - } - } else { - /* Fixed sense format */ - sb[0] |= 0x80; - sb[3] = tf->error; - sb[4] = tf->status; - sb[5] = tf->device; - sb[6] = tf->nsect; - if (tf->flags & ATA_TFLAG_LBA48) { - sb[8] |= 0x80; - if (tf->hob_nsect) - sb[8] |= 0x40; - if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - sb[8] |= 0x20; - } - sb[9] = tf->lbal; - sb[10] = tf->lbam; - sb[11] = tf->lbah; - } } /** @@ -1632,26 +1647,32 @@ static void ata_scsi_qc_complete(struct ata_queued_cmd *qc) { struct scsi_cmnd *cmd = qc->scsicmd; u8 *cdb = cmd->cmnd; - int need_sense = (qc->err_mask != 0) && - !(qc->flags & ATA_QCFLAG_SENSE_VALID); + bool have_sense = qc->flags & ATA_QCFLAG_SENSE_VALID; + bool is_ata_passthru = cdb[0] == ATA_16 || cdb[0] == ATA_12; + bool is_ck_cond_request = cdb[2] & 0x20; + bool is_error = qc->err_mask != 0; /* For ATA pass thru (SAT) commands, generate a sense block if * user mandated it or if there's an error. Note that if we - * generate because the user forced us to [CK_COND =1], a check + * generate because the user forced us to [CK_COND=1], a check * condition is generated and the ATA register values are returned * whether the command completed successfully or not. If there - * was no error, we use the following sense data: + * was no error, and CK_COND=1, we use the following sense data: * sk = RECOVERED ERROR * asc,ascq = ATA PASS-THROUGH INFORMATION AVAILABLE */ - if (((cdb[0] == ATA_16) || (cdb[0] == ATA_12)) && - ((cdb[2] & 0x20) || need_sense)) - ata_gen_passthru_sense(qc); - else if (need_sense) + if (is_ata_passthru && (is_ck_cond_request || is_error || have_sense)) { + if (!have_sense) + ata_gen_passthru_sense(qc); + ata_scsi_set_passthru_sense_fields(qc); + if (is_ck_cond_request) + set_status_byte(qc->scsicmd, SAM_STAT_CHECK_CONDITION); + } else if (is_error && !have_sense) { ata_gen_ata_sense(qc); - else + } else { /* Keep the SCSI ML and status byte, clear host byte. */ cmd->result &= 0x0000ffff; + } ata_qc_done(qc); } @@ -2590,14 +2611,8 @@ static void atapi_qc_complete(struct ata_queued_cmd *qc) /* handle completion from EH */ if (unlikely(err_mask || qc->flags & ATA_QCFLAG_SENSE_VALID)) { - if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) { - /* FIXME: not quite right; we don't want the - * translation of taskfile registers into a - * sense descriptors, since that's only - * correct for ATA, not ATAPI - */ + if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) ata_gen_passthru_sense(qc); - } /* SCSI EH automatically locks door if sdev->locked is * set. Sometimes door lock request continues to

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Do not overwrite valid sense data when" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 97981926224afe17ba3e22e0c2b7dd8b516ee574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072943-backup-snaking-6c85@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 97981926224a ("ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1") 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 7574a8377c7a ("ata: libata-scsi: do not overwrite SCSI ML and status bytes") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97981926224afe17ba3e22e0c2b7dd8b516ee574 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:30 +0000 Subject: [PATCH] ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Current ata_gen_passthru_sense() code performs two actions: 1. Generates sense data based on the ATA 'status' and ATA 'error' fields. 2. Populates "ATA Status Return sense data descriptor" / "Fixed format sense data" with ATA taskfile fields. The problem is that #1 generates sense data even when a valid sense data is already present (ATA_QCFLAG_SENSE_VALID is set). Factoring out #2 into a separate function allows us to generate sense data only when there is no valid sense data (ATA_QCFLAG_SENSE_VALID is not set). As a bonus, we can now delete a FIXME comment in atapi_qc_complete() which states that we don't want to translate taskfile registers into sense descriptors for ATAPI. Additionally, always set SAM_STAT_CHECK_CONDITION when CK_COND=1 because SAT specification mandates that SATL shall return CHECK CONDITION if the CK_COND bit is set. The ATA PASS-THROUGH handling logic in ata_scsi_qc_complete() is hard to read/understand. Improve the readability of the code by moving checks into self-explanatory boolean variables. Cc: stable(a)vger.kernel.org # 4.19+ Co-developed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-3-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a0c68b0a00c4..a9d2a1cf4c3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -230,6 +230,80 @@ void ata_scsi_set_sense_information(struct ata_device *dev, SCSI_SENSE_BUFFERSIZE, information); } +/** + * ata_scsi_set_passthru_sense_fields - Set ATA fields in sense buffer + * @qc: ATA PASS-THROUGH command. + * + * Populates "ATA Status Return sense data descriptor" / "Fixed format + * sense data" with ATA taskfile fields. + * + * LOCKING: + * None. + */ +static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc) +{ + struct scsi_cmnd *cmd = qc->scsicmd; + struct ata_taskfile *tf = &qc->result_tf; + unsigned char *sb = cmd->sense_buffer; + + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; + u8 len; + + /* descriptor format */ + len = sb[7]; + desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); + if (!desc) { + if (SCSI_SENSE_BUFFERSIZE < len + 14) + return; + sb[7] = len + 14; + desc = sb + 8 + len; + } + desc[0] = 9; + desc[1] = 12; + /* + * Copy registers into sense buffer. + */ + desc[2] = 0x00; + desc[3] = tf->error; + desc[5] = tf->nsect; + desc[7] = tf->lbal; + desc[9] = tf->lbam; + desc[11] = tf->lbah; + desc[12] = tf->device; + desc[13] = tf->status; + + /* + * Fill in Extend bit, and the high order bytes + * if applicable. + */ + if (tf->flags & ATA_TFLAG_LBA48) { + desc[2] |= 0x01; + desc[4] = tf->hob_nsect; + desc[6] = tf->hob_lbal; + desc[8] = tf->hob_lbam; + desc[10] = tf->hob_lbah; + } + } else { + /* Fixed sense format */ + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; + if (tf->flags & ATA_TFLAG_LBA48) { + sb[8] |= 0x80; + if (tf->hob_nsect) + sb[8] |= 0x40; + if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) + sb[8] |= 0x20; + } + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; + } +} + static void ata_scsi_set_invalid_field(struct ata_device *dev, struct scsi_cmnd *cmd, u16 field, u8 bit) { @@ -837,10 +911,8 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk, * ata_gen_passthru_sense - Generate check condition sense block. * @qc: Command that completed. * - * This function is specific to the ATA descriptor format sense - * block specified for the ATA pass through commands. Regardless - * of whether the command errored or not, return a sense - * block. Copy all controller registers into the sense + * This function is specific to the ATA pass through commands. + * Regardless of whether the command errored or not, return a sense * block. If there was no error, we get the request from an ATA * passthrough command, so we use the following sense data: * sk = RECOVERED ERROR @@ -875,63 +947,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) */ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - - if ((sb[0] & 0x7f) >= 0x72) { - unsigned char *desc; - u8 len; - - /* descriptor format */ - len = sb[7]; - desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); - if (!desc) { - if (SCSI_SENSE_BUFFERSIZE < len + 14) - return; - sb[7] = len + 14; - desc = sb + 8 + len; - } - desc[0] = 9; - desc[1] = 12; - /* - * Copy registers into sense buffer. - */ - desc[2] = 0x00; - desc[3] = tf->error; - desc[5] = tf->nsect; - desc[7] = tf->lbal; - desc[9] = tf->lbam; - desc[11] = tf->lbah; - desc[12] = tf->device; - desc[13] = tf->status; - - /* - * Fill in Extend bit, and the high order bytes - * if applicable. - */ - if (tf->flags & ATA_TFLAG_LBA48) { - desc[2] |= 0x01; - desc[4] = tf->hob_nsect; - desc[6] = tf->hob_lbal; - desc[8] = tf->hob_lbam; - desc[10] = tf->hob_lbah; - } - } else { - /* Fixed sense format */ - sb[0] |= 0x80; - sb[3] = tf->error; - sb[4] = tf->status; - sb[5] = tf->device; - sb[6] = tf->nsect; - if (tf->flags & ATA_TFLAG_LBA48) { - sb[8] |= 0x80; - if (tf->hob_nsect) - sb[8] |= 0x40; - if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - sb[8] |= 0x20; - } - sb[9] = tf->lbal; - sb[10] = tf->lbam; - sb[11] = tf->lbah; - } } /** @@ -1632,26 +1647,32 @@ static void ata_scsi_qc_complete(struct ata_queued_cmd *qc) { struct scsi_cmnd *cmd = qc->scsicmd; u8 *cdb = cmd->cmnd; - int need_sense = (qc->err_mask != 0) && - !(qc->flags & ATA_QCFLAG_SENSE_VALID); + bool have_sense = qc->flags & ATA_QCFLAG_SENSE_VALID; + bool is_ata_passthru = cdb[0] == ATA_16 || cdb[0] == ATA_12; + bool is_ck_cond_request = cdb[2] & 0x20; + bool is_error = qc->err_mask != 0; /* For ATA pass thru (SAT) commands, generate a sense block if * user mandated it or if there's an error. Note that if we - * generate because the user forced us to [CK_COND =1], a check + * generate because the user forced us to [CK_COND=1], a check * condition is generated and the ATA register values are returned * whether the command completed successfully or not. If there - * was no error, we use the following sense data: + * was no error, and CK_COND=1, we use the following sense data: * sk = RECOVERED ERROR * asc,ascq = ATA PASS-THROUGH INFORMATION AVAILABLE */ - if (((cdb[0] == ATA_16) || (cdb[0] == ATA_12)) && - ((cdb[2] & 0x20) || need_sense)) - ata_gen_passthru_sense(qc); - else if (need_sense) + if (is_ata_passthru && (is_ck_cond_request || is_error || have_sense)) { + if (!have_sense) + ata_gen_passthru_sense(qc); + ata_scsi_set_passthru_sense_fields(qc); + if (is_ck_cond_request) + set_status_byte(qc->scsicmd, SAM_STAT_CHECK_CONDITION); + } else if (is_error && !have_sense) { ata_gen_ata_sense(qc); - else + } else { /* Keep the SCSI ML and status byte, clear host byte. */ cmd->result &= 0x0000ffff; + } ata_qc_done(qc); } @@ -2590,14 +2611,8 @@ static void atapi_qc_complete(struct ata_queued_cmd *qc) /* handle completion from EH */ if (unlikely(err_mask || qc->flags & ATA_QCFLAG_SENSE_VALID)) { - if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) { - /* FIXME: not quite right; we don't want the - * translation of taskfile registers into a - * sense descriptors, since that's only - * correct for ATA, not ATAPI - */ + if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) ata_gen_passthru_sense(qc); - } /* SCSI EH automatically locks door if sdev->locked is * set. Sometimes door lock request continues to

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Do not overwrite valid sense data when" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 97981926224afe17ba3e22e0c2b7dd8b516ee574 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072942-ditzy-tropical-a9b7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 97981926224a ("ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1") 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 7574a8377c7a ("ata: libata-scsi: do not overwrite SCSI ML and status bytes") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 97981926224afe17ba3e22e0c2b7dd8b516ee574 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:30 +0000 Subject: [PATCH] ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 Current ata_gen_passthru_sense() code performs two actions: 1. Generates sense data based on the ATA 'status' and ATA 'error' fields. 2. Populates "ATA Status Return sense data descriptor" / "Fixed format sense data" with ATA taskfile fields. The problem is that #1 generates sense data even when a valid sense data is already present (ATA_QCFLAG_SENSE_VALID is set). Factoring out #2 into a separate function allows us to generate sense data only when there is no valid sense data (ATA_QCFLAG_SENSE_VALID is not set). As a bonus, we can now delete a FIXME comment in atapi_qc_complete() which states that we don't want to translate taskfile registers into sense descriptors for ATAPI. Additionally, always set SAM_STAT_CHECK_CONDITION when CK_COND=1 because SAT specification mandates that SATL shall return CHECK CONDITION if the CK_COND bit is set. The ATA PASS-THROUGH handling logic in ata_scsi_qc_complete() is hard to read/understand. Improve the readability of the code by moving checks into self-explanatory boolean variables. Cc: stable(a)vger.kernel.org # 4.19+ Co-developed-by: Niklas Cassel <cassel(a)kernel.org> Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-3-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index a0c68b0a00c4..a9d2a1cf4c3d 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -230,6 +230,80 @@ void ata_scsi_set_sense_information(struct ata_device *dev, SCSI_SENSE_BUFFERSIZE, information); } +/** + * ata_scsi_set_passthru_sense_fields - Set ATA fields in sense buffer + * @qc: ATA PASS-THROUGH command. + * + * Populates "ATA Status Return sense data descriptor" / "Fixed format + * sense data" with ATA taskfile fields. + * + * LOCKING: + * None. + */ +static void ata_scsi_set_passthru_sense_fields(struct ata_queued_cmd *qc) +{ + struct scsi_cmnd *cmd = qc->scsicmd; + struct ata_taskfile *tf = &qc->result_tf; + unsigned char *sb = cmd->sense_buffer; + + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; + u8 len; + + /* descriptor format */ + len = sb[7]; + desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); + if (!desc) { + if (SCSI_SENSE_BUFFERSIZE < len + 14) + return; + sb[7] = len + 14; + desc = sb + 8 + len; + } + desc[0] = 9; + desc[1] = 12; + /* + * Copy registers into sense buffer. + */ + desc[2] = 0x00; + desc[3] = tf->error; + desc[5] = tf->nsect; + desc[7] = tf->lbal; + desc[9] = tf->lbam; + desc[11] = tf->lbah; + desc[12] = tf->device; + desc[13] = tf->status; + + /* + * Fill in Extend bit, and the high order bytes + * if applicable. + */ + if (tf->flags & ATA_TFLAG_LBA48) { + desc[2] |= 0x01; + desc[4] = tf->hob_nsect; + desc[6] = tf->hob_lbal; + desc[8] = tf->hob_lbam; + desc[10] = tf->hob_lbah; + } + } else { + /* Fixed sense format */ + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; + if (tf->flags & ATA_TFLAG_LBA48) { + sb[8] |= 0x80; + if (tf->hob_nsect) + sb[8] |= 0x40; + if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) + sb[8] |= 0x20; + } + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; + } +} + static void ata_scsi_set_invalid_field(struct ata_device *dev, struct scsi_cmnd *cmd, u16 field, u8 bit) { @@ -837,10 +911,8 @@ static void ata_to_sense_error(unsigned id, u8 drv_stat, u8 drv_err, u8 *sk, * ata_gen_passthru_sense - Generate check condition sense block. * @qc: Command that completed. * - * This function is specific to the ATA descriptor format sense - * block specified for the ATA pass through commands. Regardless - * of whether the command errored or not, return a sense - * block. Copy all controller registers into the sense + * This function is specific to the ATA pass through commands. + * Regardless of whether the command errored or not, return a sense * block. If there was no error, we get the request from an ATA * passthrough command, so we use the following sense data: * sk = RECOVERED ERROR @@ -875,63 +947,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) */ scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - - if ((sb[0] & 0x7f) >= 0x72) { - unsigned char *desc; - u8 len; - - /* descriptor format */ - len = sb[7]; - desc = (char *)scsi_sense_desc_find(sb, len + 8, 9); - if (!desc) { - if (SCSI_SENSE_BUFFERSIZE < len + 14) - return; - sb[7] = len + 14; - desc = sb + 8 + len; - } - desc[0] = 9; - desc[1] = 12; - /* - * Copy registers into sense buffer. - */ - desc[2] = 0x00; - desc[3] = tf->error; - desc[5] = tf->nsect; - desc[7] = tf->lbal; - desc[9] = tf->lbam; - desc[11] = tf->lbah; - desc[12] = tf->device; - desc[13] = tf->status; - - /* - * Fill in Extend bit, and the high order bytes - * if applicable. - */ - if (tf->flags & ATA_TFLAG_LBA48) { - desc[2] |= 0x01; - desc[4] = tf->hob_nsect; - desc[6] = tf->hob_lbal; - desc[8] = tf->hob_lbam; - desc[10] = tf->hob_lbah; - } - } else { - /* Fixed sense format */ - sb[0] |= 0x80; - sb[3] = tf->error; - sb[4] = tf->status; - sb[5] = tf->device; - sb[6] = tf->nsect; - if (tf->flags & ATA_TFLAG_LBA48) { - sb[8] |= 0x80; - if (tf->hob_nsect) - sb[8] |= 0x40; - if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - sb[8] |= 0x20; - } - sb[9] = tf->lbal; - sb[10] = tf->lbam; - sb[11] = tf->lbah; - } } /** @@ -1632,26 +1647,32 @@ static void ata_scsi_qc_complete(struct ata_queued_cmd *qc) { struct scsi_cmnd *cmd = qc->scsicmd; u8 *cdb = cmd->cmnd; - int need_sense = (qc->err_mask != 0) && - !(qc->flags & ATA_QCFLAG_SENSE_VALID); + bool have_sense = qc->flags & ATA_QCFLAG_SENSE_VALID; + bool is_ata_passthru = cdb[0] == ATA_16 || cdb[0] == ATA_12; + bool is_ck_cond_request = cdb[2] & 0x20; + bool is_error = qc->err_mask != 0; /* For ATA pass thru (SAT) commands, generate a sense block if * user mandated it or if there's an error. Note that if we - * generate because the user forced us to [CK_COND =1], a check + * generate because the user forced us to [CK_COND=1], a check * condition is generated and the ATA register values are returned * whether the command completed successfully or not. If there - * was no error, we use the following sense data: + * was no error, and CK_COND=1, we use the following sense data: * sk = RECOVERED ERROR * asc,ascq = ATA PASS-THROUGH INFORMATION AVAILABLE */ - if (((cdb[0] == ATA_16) || (cdb[0] == ATA_12)) && - ((cdb[2] & 0x20) || need_sense)) - ata_gen_passthru_sense(qc); - else if (need_sense) + if (is_ata_passthru && (is_ck_cond_request || is_error || have_sense)) { + if (!have_sense) + ata_gen_passthru_sense(qc); + ata_scsi_set_passthru_sense_fields(qc); + if (is_ck_cond_request) + set_status_byte(qc->scsicmd, SAM_STAT_CHECK_CONDITION); + } else if (is_error && !have_sense) { ata_gen_ata_sense(qc); - else + } else { /* Keep the SCSI ML and status byte, clear host byte. */ cmd->result &= 0x0000ffff; + } ata_qc_done(qc); } @@ -2590,14 +2611,8 @@ static void atapi_qc_complete(struct ata_queued_cmd *qc) /* handle completion from EH */ if (unlikely(err_mask || qc->flags & ATA_QCFLAG_SENSE_VALID)) { - if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) { - /* FIXME: not quite right; we don't want the - * translation of taskfile registers into a - * sense descriptors, since that's only - * correct for ATA, not ATAPI - */ + if (!(qc->flags & ATA_QCFLAG_SENSE_VALID)) ata_gen_passthru_sense(qc); - } /* SCSI EH automatically locks door if sdev->locked is * set. Sometimes door lock request continues to

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 38dab832c3f4154968f95b267a3bb789e87554b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072947-shelter-deftly-2238@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") fa82cabb8883 ("doc: admin-guide: Update libata kernel parameters") 2c33bbdac28c ("ata: libata-core: Allow forcing most horkage flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38dab832c3f4154968f95b267a3bb789e87554b0 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:29 +0000 Subject: [PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Correct the ATA PASS-THROUGH fixed format sense data offsets to conform to SPC-6 and SAT-5 specifications. Additionally, set the VALID bit to indicate that the INFORMATION field contains valid information. INFORMATION =========== SAT-5 Table 212 — "Fixed format sense data INFORMATION field for the ATA PASS-THROUGH commands" defines the following format: +------+------------+ | Byte | Field | +------+------------+ | 0 | ERROR | | 1 | STATUS | | 2 | DEVICE | | 3 | COUNT(7:0) | +------+------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the INFORMATION field starts at byte 3 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: +------------+-------------------------+ | Field | Offset in sense buffer | +------------+-------------------------+ | ERROR | 3 | | STATUS | 4 | | DEVICE | 5 | | COUNT(7:0) | 6 | +------------+-------------------------+ COMMAND-SPECIFIC INFORMATION ============================ SAT-5 Table 213 - "Fixed format sense data COMMAND-SPECIFIC INFORMATION field for ATA PASS-THROUGH" defines the following format: +------+-------------------+ | Byte | Field | +------+-------------------+ | 0 | FLAGS | LOG INDEX | | 1 | LBA (7:0) | | 2 | LBA (15:8) | | 3 | LBA (23:16) | +------+-------------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the COMMAND-SPECIFIC-INFORMATION field starts at byte 8 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: Offsets of these fields in the fixed sense format are as follows: +-------------------+-------------------------+ | Field | Offset in sense buffer | +-------------------+-------------------------+ | FLAGS | LOG INDEX | 8 | | LBA (7:0) | 9 | | LBA (15:8) | 10 | | LBA (23:16) | 11 | +-------------------+-------------------------+ Reported-by: Akshat Jain <akshatzen(a)google.com> Fixes: 11093cb1ef56 ("libata-scsi: generate correct ATA pass-through sense") Cc: stable(a)vger.kernel.org Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-2-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index cdf29b178ddc..a0c68b0a00c4 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -855,7 +855,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) struct scsi_cmnd *cmd = qc->scsicmd; struct ata_taskfile *tf = &qc->result_tf; unsigned char *sb = cmd->sense_buffer; - unsigned char *desc = sb + 8; u8 sense_key, asc, ascq; memset(sb, 0, SCSI_SENSE_BUFFERSIZE); @@ -877,7 +876,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - if ((cmd->sense_buffer[0] & 0x7f) >= 0x72) { + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; u8 len; /* descriptor format */ @@ -916,21 +916,21 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) } } else { /* Fixed sense format */ - desc[0] = tf->error; - desc[1] = tf->status; - desc[2] = tf->device; - desc[3] = tf->nsect; - desc[7] = 0; + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; if (tf->flags & ATA_TFLAG_LBA48) { - desc[8] |= 0x80; + sb[8] |= 0x80; if (tf->hob_nsect) - desc[8] |= 0x40; + sb[8] |= 0x40; if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - desc[8] |= 0x20; + sb[8] |= 0x20; } - desc[9] = tf->lbal; - desc[10] = tf->lbam; - desc[11] = tf->lbah; + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 38dab832c3f4154968f95b267a3bb789e87554b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072945-crept-keg-f9ef@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") cb6e73aaadff ("ata: libata-eh: Remove the unneeded result variable") 066de3b9d93b ("ata: libata-core: Simplify ata_build_rw_tf()") e00923c59e68 ("ata: libata: Rename ATA_DFLAG_NCQ_PRIO_ENABLE") fa82cabb8883 ("doc: admin-guide: Update libata kernel parameters") 2c33bbdac28c ("ata: libata-core: Allow forcing most horkage flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38dab832c3f4154968f95b267a3bb789e87554b0 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:29 +0000 Subject: [PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Correct the ATA PASS-THROUGH fixed format sense data offsets to conform to SPC-6 and SAT-5 specifications. Additionally, set the VALID bit to indicate that the INFORMATION field contains valid information. INFORMATION =========== SAT-5 Table 212 — "Fixed format sense data INFORMATION field for the ATA PASS-THROUGH commands" defines the following format: +------+------------+ | Byte | Field | +------+------------+ | 0 | ERROR | | 1 | STATUS | | 2 | DEVICE | | 3 | COUNT(7:0) | +------+------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the INFORMATION field starts at byte 3 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: +------------+-------------------------+ | Field | Offset in sense buffer | +------------+-------------------------+ | ERROR | 3 | | STATUS | 4 | | DEVICE | 5 | | COUNT(7:0) | 6 | +------------+-------------------------+ COMMAND-SPECIFIC INFORMATION ============================ SAT-5 Table 213 - "Fixed format sense data COMMAND-SPECIFIC INFORMATION field for ATA PASS-THROUGH" defines the following format: +------+-------------------+ | Byte | Field | +------+-------------------+ | 0 | FLAGS | LOG INDEX | | 1 | LBA (7:0) | | 2 | LBA (15:8) | | 3 | LBA (23:16) | +------+-------------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the COMMAND-SPECIFIC-INFORMATION field starts at byte 8 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: Offsets of these fields in the fixed sense format are as follows: +-------------------+-------------------------+ | Field | Offset in sense buffer | +-------------------+-------------------------+ | FLAGS | LOG INDEX | 8 | | LBA (7:0) | 9 | | LBA (15:8) | 10 | | LBA (23:16) | 11 | +-------------------+-------------------------+ Reported-by: Akshat Jain <akshatzen(a)google.com> Fixes: 11093cb1ef56 ("libata-scsi: generate correct ATA pass-through sense") Cc: stable(a)vger.kernel.org Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-2-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index cdf29b178ddc..a0c68b0a00c4 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -855,7 +855,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) struct scsi_cmnd *cmd = qc->scsicmd; struct ata_taskfile *tf = &qc->result_tf; unsigned char *sb = cmd->sense_buffer; - unsigned char *desc = sb + 8; u8 sense_key, asc, ascq; memset(sb, 0, SCSI_SENSE_BUFFERSIZE); @@ -877,7 +876,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - if ((cmd->sense_buffer[0] & 0x7f) >= 0x72) { + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; u8 len; /* descriptor format */ @@ -916,21 +916,21 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) } } else { /* Fixed sense format */ - desc[0] = tf->error; - desc[1] = tf->status; - desc[2] = tf->device; - desc[3] = tf->nsect; - desc[7] = 0; + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; if (tf->flags & ATA_TFLAG_LBA48) { - desc[8] |= 0x80; + sb[8] |= 0x80; if (tf->hob_nsect) - desc[8] |= 0x40; + sb[8] |= 0x40; if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - desc[8] |= 0x20; + sb[8] |= 0x20; } - desc[9] = tf->lbal; - desc[10] = tf->lbam; - desc[11] = tf->lbah; + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 38dab832c3f4154968f95b267a3bb789e87554b0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072944-swoosh-muster-ccde@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 38dab832c3f4 ("ata: libata-scsi: Fix offsets for the fixed format sense data") ff8072d589dc ("ata: libata: remove references to non-existing error_handler()") 3ac873c76d79 ("ata: libata-core: fix when to fetch sense data for successful commands") 18bd7718b5c4 ("scsi: ata: libata: Handle completion of CDL commands using policy 0xD") eafe804bda7b ("scsi: ata: libata: Set read/write commands CDL index") df60f9c64576 ("scsi: ata: libata: Add ATA feature control sub-page translation") 673b2fe6ff1d ("scsi: ata: libata-scsi: Add support for CDL pages mode sense") 62e4a60e0cdb ("scsi: ata: libata: Detect support for command duration limits") bc9af4909406 ("ata: libata: Fix FUA handling in ata_build_rw_tf()") 4d2e4980a528 ("ata: libata: cleanup fua support detection") 87aab3c4cd59 ("ata: libata: move NCQ related ATA_DFLAGs") 876293121f24 ("ata: scsi: rename flag ATA_QCFLAG_FAILED to ATA_QCFLAG_EH") b83ad9eec316 ("ata: libata-eh: Cleanup ata_scsi_cmd_error_handler()") 3d8a3ae3d966 ("ata: libata: fix commands incorrectly not getting retried during NCQ error") 4cb7c6f1ef96 ("ata: make use of ata_port_is_frozen() helper") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 38dab832c3f4154968f95b267a3bb789e87554b0 Mon Sep 17 00:00:00 2001 From: Igor Pylypiv <ipylypiv(a)google.com> Date: Tue, 2 Jul 2024 02:47:29 +0000 Subject: [PATCH] ata: libata-scsi: Fix offsets for the fixed format sense data MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Correct the ATA PASS-THROUGH fixed format sense data offsets to conform to SPC-6 and SAT-5 specifications. Additionally, set the VALID bit to indicate that the INFORMATION field contains valid information. INFORMATION =========== SAT-5 Table 212 — "Fixed format sense data INFORMATION field for the ATA PASS-THROUGH commands" defines the following format: +------+------------+ | Byte | Field | +------+------------+ | 0 | ERROR | | 1 | STATUS | | 2 | DEVICE | | 3 | COUNT(7:0) | +------+------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the INFORMATION field starts at byte 3 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: +------------+-------------------------+ | Field | Offset in sense buffer | +------------+-------------------------+ | ERROR | 3 | | STATUS | 4 | | DEVICE | 5 | | COUNT(7:0) | 6 | +------------+-------------------------+ COMMAND-SPECIFIC INFORMATION ============================ SAT-5 Table 213 - "Fixed format sense data COMMAND-SPECIFIC INFORMATION field for ATA PASS-THROUGH" defines the following format: +------+-------------------+ | Byte | Field | +------+-------------------+ | 0 | FLAGS | LOG INDEX | | 1 | LBA (7:0) | | 2 | LBA (15:8) | | 3 | LBA (23:16) | +------+-------------------+ SPC-6 Table 48 - "Fixed format sense data" specifies that the COMMAND-SPECIFIC-INFORMATION field starts at byte 8 in sense buffer resulting in the following offsets for the ATA PASS-THROUGH commands: Offsets of these fields in the fixed sense format are as follows: +-------------------+-------------------------+ | Field | Offset in sense buffer | +-------------------+-------------------------+ | FLAGS | LOG INDEX | 8 | | LBA (7:0) | 9 | | LBA (15:8) | 10 | | LBA (23:16) | 11 | +-------------------+-------------------------+ Reported-by: Akshat Jain <akshatzen(a)google.com> Fixes: 11093cb1ef56 ("libata-scsi: generate correct ATA pass-through sense") Cc: stable(a)vger.kernel.org Reviewed-by: Hannes Reinecke <hare(a)suse.de> Reviewed-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Link: https://lore.kernel.org/r/20240702024735.1152293-2-ipylypiv@google.com Signed-off-by: Niklas Cassel <cassel(a)kernel.org> diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c index cdf29b178ddc..a0c68b0a00c4 100644 --- a/drivers/ata/libata-scsi.c +++ b/drivers/ata/libata-scsi.c @@ -855,7 +855,6 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) struct scsi_cmnd *cmd = qc->scsicmd; struct ata_taskfile *tf = &qc->result_tf; unsigned char *sb = cmd->sense_buffer; - unsigned char *desc = sb + 8; u8 sense_key, asc, ascq; memset(sb, 0, SCSI_SENSE_BUFFERSIZE); @@ -877,7 +876,8 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) scsi_build_sense(cmd, 1, RECOVERED_ERROR, 0, 0x1D); } - if ((cmd->sense_buffer[0] & 0x7f) >= 0x72) { + if ((sb[0] & 0x7f) >= 0x72) { + unsigned char *desc; u8 len; /* descriptor format */ @@ -916,21 +916,21 @@ static void ata_gen_passthru_sense(struct ata_queued_cmd *qc) } } else { /* Fixed sense format */ - desc[0] = tf->error; - desc[1] = tf->status; - desc[2] = tf->device; - desc[3] = tf->nsect; - desc[7] = 0; + sb[0] |= 0x80; + sb[3] = tf->error; + sb[4] = tf->status; + sb[5] = tf->device; + sb[6] = tf->nsect; if (tf->flags & ATA_TFLAG_LBA48) { - desc[8] |= 0x80; + sb[8] |= 0x80; if (tf->hob_nsect) - desc[8] |= 0x40; + sb[8] |= 0x40; if (tf->hob_lbal || tf->hob_lbam || tf->hob_lbah) - desc[8] |= 0x20; + sb[8] |= 0x20; } - desc[9] = tf->lbal; - desc[10] = tf->lbam; - desc[11] = tf->lbah; + sb[9] = tf->lbal; + sb[10] = tf->lbam; + sb[11] = tf->lbah; } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sched/fair: set_load_weight() must also call reweight_task()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d329605287020c3d1c3b0dadc63d8208e7251382 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072951-crimson-ashamed-1d63@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d32960528702 ("sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks") 0dacee1bfa70 ("sched/pelt: Remove unused runnable load average") fe71bbb21ee1 ("sched/fair: calculate delta runnable load only when it's needed") 8de6242cca17 ("sched/debug: Add new tracepoint to track PELT at se level") ba19f51fcb54 ("sched/debug: Add new tracepoints to track PELT at rq level") 039ae8bcf7a5 ("sched/fair: Fix O(nr_cgroups) in the load balancing path") 5d299eabea5a ("sched/fair: Add tmp_alone_branch assertion") 23127296889f ("sched/fair: Update scale invariance of PELT") c40f7d74c741 ("sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c") dfcb245e2848 ("sched: Fix various typos in comments") 1da1843f9f03 ("sched/core: Create task_has_idle_policy() helper") 4a465e3ebbc8 ("sched/fair: Remove setting task's se->runnable_weight during PELT update") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d329605287020c3d1c3b0dadc63d8208e7251382 Mon Sep 17 00:00:00 2001 From: Tejun Heo <tj(a)kernel.org> Date: Tue, 25 Jun 2024 15:29:58 -1000 Subject: [PATCH] sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks When a task's weight is being changed, set_load_weight() is called with @update_load set. As weight changes aren't trivial for the fair class, set_load_weight() calls fair.c::reweight_task() for fair class tasks. However, set_load_weight() first tests task_has_idle_policy() on entry and skips calling reweight_task() for SCHED_IDLE tasks. This is buggy as SCHED_IDLE tasks are just fair tasks with a very low weight and they would incorrectly skip load, vlag and position updates. Fix it by updating reweight_task() to take struct load_weight as idle weight can't be expressed with prio and making set_load_weight() call reweight_task() for SCHED_IDLE tasks too when @update_load is set. Fixes: 9059393e4ec1 ("sched/fair: Use reweight_entity() for set_user_nice()") Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org # v4.15+ Link: http://lkml.kernel.org/r/20240624102331.GI31592@noisy.programming.kicks-ass… diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0935f9d4bb7b..747683487be7 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1328,27 +1328,24 @@ int tg_nop(struct task_group *tg, void *data) void set_load_weight(struct task_struct *p, bool update_load) { int prio = p->static_prio - MAX_RT_PRIO; - struct load_weight *load = &p->se.load; + struct load_weight lw; - /* - * SCHED_IDLE tasks get minimal weight: - */ if (task_has_idle_policy(p)) { - load->weight = scale_load(WEIGHT_IDLEPRIO); - load->inv_weight = WMULT_IDLEPRIO; - return; + lw.weight = scale_load(WEIGHT_IDLEPRIO); + lw.inv_weight = WMULT_IDLEPRIO; + } else { + lw.weight = scale_load(sched_prio_to_weight[prio]); + lw.inv_weight = sched_prio_to_wmult[prio]; } /* * SCHED_OTHER tasks have to update their load when changing their * weight */ - if (update_load && p->sched_class == &fair_sched_class) { - reweight_task(p, prio); - } else { - load->weight = scale_load(sched_prio_to_weight[prio]); - load->inv_weight = sched_prio_to_wmult[prio]; - } + if (update_load && p->sched_class == &fair_sched_class) + reweight_task(p, &lw); + else + p->se.load = lw; } #ifdef CONFIG_UCLAMP_TASK diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 41b58387023d..f205e2482690 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -3835,15 +3835,14 @@ static void reweight_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, } } -void reweight_task(struct task_struct *p, int prio) +void reweight_task(struct task_struct *p, const struct load_weight *lw) { struct sched_entity *se = &p->se; struct cfs_rq *cfs_rq = cfs_rq_of(se); struct load_weight *load = &se->load; - unsigned long weight = scale_load(sched_prio_to_weight[prio]); - reweight_entity(cfs_rq, se, weight); - load->inv_weight = sched_prio_to_wmult[prio]; + reweight_entity(cfs_rq, se, lw->weight); + load->inv_weight = lw->inv_weight; } static inline int throttled_hierarchy(struct cfs_rq *cfs_rq); diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 62fd8bc6fd08..9ab53435debd 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -2509,7 +2509,7 @@ extern void init_sched_dl_class(void); extern void init_sched_rt_class(void); extern void init_sched_fair_class(void); -extern void reweight_task(struct task_struct *p, int prio); +extern void reweight_task(struct task_struct *p, const struct load_weight *lw); extern void resched_curr(struct rq *rq); extern void resched_cpu(int cpu);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] sched/fair: set_load_weight() must also call reweight_task()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d329605287020c3d1c3b0dadc63d8208e7251382 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072950-swab-uncharted-cf85@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d32960528702 ("sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks") 0dacee1bfa70 ("sched/pelt: Remove unused runnable load average") fe71bbb21ee1 ("sched/fair: calculate delta runnable load only when it's needed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d329605287020c3d1c3b0dadc63d8208e7251382 Mon Sep 17 00:00:00 2001 From: Tejun Heo <tj(a)kernel.org> Date: Tue, 25 Jun 2024 15:29:58 -1000 Subject: [PATCH] sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks When a task's weight is being changed, set_load_weight() is called with @update_load set. As weight changes aren't trivial for the fair class, set_load_weight() calls fair.c::reweight_task() for fair class tasks. However, set_load_weight() first tests task_has_idle_policy() on entry and skips calling reweight_task() for SCHED_IDLE tasks. This is buggy as SCHED_IDLE tasks are just fair tasks with a very low weight and they would incorrectly skip load, vlag and position updates. Fix it by updating reweight_task() to take struct load_weight as idle weight can't be expressed with prio and making set_load_weight() call reweight_task() for SCHED_IDLE tasks too when @update_load is set. Fixes: 9059393e4ec1 ("sched/fair: Use reweight_entity() for set_user_nice()") Suggested-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org # v4.15+ Link: http://lkml.kernel.org/r/20240624102331.GI31592@noisy.programming.kicks-ass… diff --git a/kernel/sched/core.c b/kernel/sched/core.c index 0935f9d4bb7b..747683487be7 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -1328,27 +1328,24 @@ int tg_nop(struct task_group *tg, void *data) void set_load_weight(struct task_struct *p, bool update_load) { int prio = p->static_prio - MAX_RT_PRIO; - struct load_weight *load = &p->se.load; + struct load_weight lw; - /* - * SCHED_IDLE tasks get minimal weight: - */ if (task_has_idle_policy(p)) { - load->weight = scale_load(WEIGHT_IDLEPRIO); - load->inv_weight = WMULT_IDLEPRIO; - return; + lw.weight = scale_load(WEIGHT_IDLEPRIO); + lw.inv_weight = WMULT_IDLEPRIO; + } else { + lw.weight = scale_load(sched_prio_to_weight[prio]); + lw.inv_weight = sched_prio_to_wmult[prio]; } /* * SCHED_OTHER tasks have to update their load when changing their * weight */ - if (update_load && p->sched_class == &fair_sched_class) { - reweight_task(p, prio); - } else { - load->weight = scale_load(sched_prio_to_weight[prio]); - load->inv_weight = sched_prio_to_wmult[prio]; - } + if (update_load && p->sched_class == &fair_sched_class) + reweight_task(p, &lw); + else + p->se.load = lw; } #ifdef CONFIG_UCLAMP_TASK diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index 41b58387023d..f205e2482690 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -3835,15 +3835,14 @@ static void reweight_entity(struct cfs_rq *cfs_rq, struct sched_entity *se, } } -void reweight_task(struct task_struct *p, int prio) +void reweight_task(struct task_struct *p, const struct load_weight *lw) { struct sched_entity *se = &p->se; struct cfs_rq *cfs_rq = cfs_rq_of(se); struct load_weight *load = &se->load; - unsigned long weight = scale_load(sched_prio_to_weight[prio]); - reweight_entity(cfs_rq, se, weight); - load->inv_weight = sched_prio_to_wmult[prio]; + reweight_entity(cfs_rq, se, lw->weight); + load->inv_weight = lw->inv_weight; } static inline int throttled_hierarchy(struct cfs_rq *cfs_rq); diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h index 62fd8bc6fd08..9ab53435debd 100644 --- a/kernel/sched/sched.h +++ b/kernel/sched/sched.h @@ -2509,7 +2509,7 @@ extern void init_sched_dl_class(void); extern void init_sched_rt_class(void); extern void init_sched_fair_class(void); -extern void reweight_task(struct task_struct *p, int prio); +extern void reweight_task(struct task_struct *p, const struct load_weight *lw); extern void resched_curr(struct rq *rq); extern void resched_cpu(int cpu);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv4: fix source address selection with route leak" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6807352353561187a718e87204458999dbcbba1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072923-veteran-backless-4326@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 680735235356 ("ipv4: fix source address selection with route leak") eba618abacad ("ipv4: Add fib_nh_common to fib_result") 0af7e7c128eb ("ipv4: Update fib_table_lookup tracepoint to take common nexthop") b75ed8b1aa9c ("ipv4: Rename fib_nh entries") faa041a40b9f ("ipv4: Create cleanup helper for fib_nh") e4516ef65490 ("ipv4: Create init helper for fib_nh") 331c7a402358 ("ipv4: Move IN_DEV_IGNORE_ROUTES_WITH_LINKDOWN to helper") 8373c6c84e67 ("ipv4: Define fib_get_nhs when CONFIG_IP_ROUTE_MULTIPATH is disabled") 544fe7c2e654 ("net/mlx5e: Activate HW multipath and handle port affinity based on FIB events") 724b509ca023 ("net/mlx5: Add multipath mode") 10a193ed78ad ("net/mlx5: Expose lag operations in header file") bb19ad0d8d49 ("net/mlx5: Use unsigned int bit instead of bool as a struct member") 97417f6182f8 ("net/mlx5e: Fix GRE key by controlling port tunnel entropy calculation") d9ee0491c2ff ("net/mlx5e: Use dedicated uplink vport netdev representor") 025380b20dc2 ("net/mlx5e: Use single argument for the esw representor build params helper") 958246664043 ("net/mlx5: Handle LAG FW commands failure gracefully") 7c34ec19e10c ("net/mlx5: Make RoCE and SR-IOV LAG modes explicit") 292612d68c4e ("net/mlx5: Rename mlx5_lag_is_bonded() to __mlx5_lag_is_active()") eff849b2c669 ("net/mlx5: Allow/disallow LAG according to pre-req only") 3b5ff59fd851 ("net/mlx5: Adjustments for the activate LAG logic to run under sriov") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6807352353561187a718e87204458999dbcbba1b Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:27 +0200 Subject: [PATCH] ipv4: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 8cbb512c923d ("net: Add source address lookup op for VRF") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Link: https://patch.msgid.link/20240710081521.3809742-2-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c index f669da98d11d..8956026bc0a2 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -2270,6 +2270,15 @@ void fib_select_path(struct net *net, struct fib_result *res, fib_select_default(fl4, res); check_saddr: - if (!fl4->saddr) - fl4->saddr = fib_result_prefsrc(net, res); + if (!fl4->saddr) { + struct net_device *l3mdev; + + l3mdev = dev_get_by_index_rcu(net, fl4->flowi4_l3mdev); + + if (!l3mdev || + l3mdev_master_dev_rcu(FIB_RES_DEV(*res)) == l3mdev) + fl4->saddr = fib_result_prefsrc(net, res); + else + fl4->saddr = inet_select_addr(l3mdev, 0, RT_SCOPE_LINK); + } }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv6: fix source address selection with route leak" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 252442f2ae317d109ef0b4b39ce0608c09563042 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072910-phoney-unruly-d3cc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 252442f2ae31 ("ipv6: fix source address selection with route leak") fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") 859f8b265fc2 ("ipv6: lockless IPV6_FLOWINFO_SEND implementation") 6b724bc4300b ("ipv6: lockless IPV6_MTU_DISCOVER implementation") 83cd5eb654b3 ("ipv6: lockless IPV6_ROUTER_ALERT_ISOLATE implementation") 3cccda8db2cf ("ipv6: move np->repflow to atomic flags") 3fa29971c695 ("ipv6: lockless IPV6_RECVERR implemetation") 1086ca7cce29 ("ipv6: lockless IPV6_DONTFRAG implementation") 5121516b0c47 ("ipv6: lockless IPV6_AUTOFLOWLABEL implementation") 6559c0ff3bc2 ("ipv6: lockless IPV6_MULTICAST_ALL implementation") dcae74622c05 ("ipv6: lockless IPV6_RECVERR_RFC4884 implementation") 273784d3c574 ("ipv6: lockless IPV6_MINHOPCOUNT implementation") 15f926c4457a ("ipv6: lockless IPV6_MTU implementation") 2da23eb07c91 ("ipv6: lockless IPV6_MULTICAST_HOPS implementation") d986f52124e0 ("ipv6: lockless IPV6_MULTICAST_LOOP implementation") b0adfba7ee77 ("ipv6: lockless IPV6_UNICAST_HOPS implementation") 8cdd9f1aaedf ("ipv6: fix ip6_sock_set_addr_preferences() typo") e3390b30a5df ("net: annotate data-races around sk->sk_tsflags") 0f158b32a9b1 ("net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR") 08e39c0dfa29 ("inet: move inet->defer_connect to inet->inet_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 252442f2ae317d109ef0b4b39ce0608c09563042 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:28 +0200 Subject: [PATCH] ipv6: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv6: fix source address selection with route leak" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 252442f2ae317d109ef0b4b39ce0608c09563042 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072910-fax-periscope-a350@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 252442f2ae31 ("ipv6: fix source address selection with route leak") fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") 859f8b265fc2 ("ipv6: lockless IPV6_FLOWINFO_SEND implementation") 6b724bc4300b ("ipv6: lockless IPV6_MTU_DISCOVER implementation") 83cd5eb654b3 ("ipv6: lockless IPV6_ROUTER_ALERT_ISOLATE implementation") 3cccda8db2cf ("ipv6: move np->repflow to atomic flags") 3fa29971c695 ("ipv6: lockless IPV6_RECVERR implemetation") 1086ca7cce29 ("ipv6: lockless IPV6_DONTFRAG implementation") 5121516b0c47 ("ipv6: lockless IPV6_AUTOFLOWLABEL implementation") 6559c0ff3bc2 ("ipv6: lockless IPV6_MULTICAST_ALL implementation") dcae74622c05 ("ipv6: lockless IPV6_RECVERR_RFC4884 implementation") 273784d3c574 ("ipv6: lockless IPV6_MINHOPCOUNT implementation") 15f926c4457a ("ipv6: lockless IPV6_MTU implementation") 2da23eb07c91 ("ipv6: lockless IPV6_MULTICAST_HOPS implementation") d986f52124e0 ("ipv6: lockless IPV6_MULTICAST_LOOP implementation") b0adfba7ee77 ("ipv6: lockless IPV6_UNICAST_HOPS implementation") 8cdd9f1aaedf ("ipv6: fix ip6_sock_set_addr_preferences() typo") e3390b30a5df ("net: annotate data-races around sk->sk_tsflags") 0f158b32a9b1 ("net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR") 08e39c0dfa29 ("inet: move inet->defer_connect to inet->inet_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 252442f2ae317d109ef0b4b39ce0608c09563042 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:28 +0200 Subject: [PATCH] ipv6: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv6: fix source address selection with route leak" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 252442f2ae317d109ef0b4b39ce0608c09563042 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072909-varnish-hence-c531@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 252442f2ae31 ("ipv6: fix source address selection with route leak") fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") 859f8b265fc2 ("ipv6: lockless IPV6_FLOWINFO_SEND implementation") 6b724bc4300b ("ipv6: lockless IPV6_MTU_DISCOVER implementation") 83cd5eb654b3 ("ipv6: lockless IPV6_ROUTER_ALERT_ISOLATE implementation") 3cccda8db2cf ("ipv6: move np->repflow to atomic flags") 3fa29971c695 ("ipv6: lockless IPV6_RECVERR implemetation") 1086ca7cce29 ("ipv6: lockless IPV6_DONTFRAG implementation") 5121516b0c47 ("ipv6: lockless IPV6_AUTOFLOWLABEL implementation") 6559c0ff3bc2 ("ipv6: lockless IPV6_MULTICAST_ALL implementation") dcae74622c05 ("ipv6: lockless IPV6_RECVERR_RFC4884 implementation") 273784d3c574 ("ipv6: lockless IPV6_MINHOPCOUNT implementation") 15f926c4457a ("ipv6: lockless IPV6_MTU implementation") 2da23eb07c91 ("ipv6: lockless IPV6_MULTICAST_HOPS implementation") d986f52124e0 ("ipv6: lockless IPV6_MULTICAST_LOOP implementation") b0adfba7ee77 ("ipv6: lockless IPV6_UNICAST_HOPS implementation") 8cdd9f1aaedf ("ipv6: fix ip6_sock_set_addr_preferences() typo") e3390b30a5df ("net: annotate data-races around sk->sk_tsflags") 0f158b32a9b1 ("net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR") 08e39c0dfa29 ("inet: move inet->defer_connect to inet->inet_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 252442f2ae317d109ef0b4b39ce0608c09563042 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:28 +0200 Subject: [PATCH] ipv6: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv6: fix source address selection with route leak" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 252442f2ae317d109ef0b4b39ce0608c09563042 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072908-clicker-cornball-8a64@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 252442f2ae31 ("ipv6: fix source address selection with route leak") fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") 859f8b265fc2 ("ipv6: lockless IPV6_FLOWINFO_SEND implementation") 6b724bc4300b ("ipv6: lockless IPV6_MTU_DISCOVER implementation") 83cd5eb654b3 ("ipv6: lockless IPV6_ROUTER_ALERT_ISOLATE implementation") 3cccda8db2cf ("ipv6: move np->repflow to atomic flags") 3fa29971c695 ("ipv6: lockless IPV6_RECVERR implemetation") 1086ca7cce29 ("ipv6: lockless IPV6_DONTFRAG implementation") 5121516b0c47 ("ipv6: lockless IPV6_AUTOFLOWLABEL implementation") 6559c0ff3bc2 ("ipv6: lockless IPV6_MULTICAST_ALL implementation") dcae74622c05 ("ipv6: lockless IPV6_RECVERR_RFC4884 implementation") 273784d3c574 ("ipv6: lockless IPV6_MINHOPCOUNT implementation") 15f926c4457a ("ipv6: lockless IPV6_MTU implementation") 2da23eb07c91 ("ipv6: lockless IPV6_MULTICAST_HOPS implementation") d986f52124e0 ("ipv6: lockless IPV6_MULTICAST_LOOP implementation") b0adfba7ee77 ("ipv6: lockless IPV6_UNICAST_HOPS implementation") 8cdd9f1aaedf ("ipv6: fix ip6_sock_set_addr_preferences() typo") e3390b30a5df ("net: annotate data-races around sk->sk_tsflags") 0f158b32a9b1 ("net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR") 08e39c0dfa29 ("inet: move inet->defer_connect to inet->inet_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 252442f2ae317d109ef0b4b39ce0608c09563042 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:28 +0200 Subject: [PATCH] ipv6: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ipv6: fix source address selection with route leak" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 252442f2ae317d109ef0b4b39ce0608c09563042 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072907-unlaced-unlovely-6e01@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 252442f2ae31 ("ipv6: fix source address selection with route leak") fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") 859f8b265fc2 ("ipv6: lockless IPV6_FLOWINFO_SEND implementation") 6b724bc4300b ("ipv6: lockless IPV6_MTU_DISCOVER implementation") 83cd5eb654b3 ("ipv6: lockless IPV6_ROUTER_ALERT_ISOLATE implementation") 3cccda8db2cf ("ipv6: move np->repflow to atomic flags") 3fa29971c695 ("ipv6: lockless IPV6_RECVERR implemetation") 1086ca7cce29 ("ipv6: lockless IPV6_DONTFRAG implementation") 5121516b0c47 ("ipv6: lockless IPV6_AUTOFLOWLABEL implementation") 6559c0ff3bc2 ("ipv6: lockless IPV6_MULTICAST_ALL implementation") dcae74622c05 ("ipv6: lockless IPV6_RECVERR_RFC4884 implementation") 273784d3c574 ("ipv6: lockless IPV6_MINHOPCOUNT implementation") 15f926c4457a ("ipv6: lockless IPV6_MTU implementation") 2da23eb07c91 ("ipv6: lockless IPV6_MULTICAST_HOPS implementation") d986f52124e0 ("ipv6: lockless IPV6_MULTICAST_LOOP implementation") b0adfba7ee77 ("ipv6: lockless IPV6_UNICAST_HOPS implementation") 8cdd9f1aaedf ("ipv6: fix ip6_sock_set_addr_preferences() typo") e3390b30a5df ("net: annotate data-races around sk->sk_tsflags") 0f158b32a9b1 ("net: selectively purge error queue in IP_RECVERR / IPV6_RECVERR") 08e39c0dfa29 ("inet: move inet->defer_connect to inet->inet_flags") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 252442f2ae317d109ef0b4b39ce0608c09563042 Mon Sep 17 00:00:00 2001 From: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Date: Wed, 10 Jul 2024 10:14:28 +0200 Subject: [PATCH] ipv6: fix source address selection with route leak By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address. Let's add a check against the output interface and call the appropriate function to select the source address. CC: stable(a)vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel <nicolas.dichtel(a)6wind.com> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h index a18ed24fed94..6dbdf60b342f 100644 --- a/include/net/ip6_route.h +++ b/include/net/ip6_route.h @@ -127,18 +127,26 @@ void rt6_age_exceptions(struct fib6_info *f6i, struct fib6_gc_args *gc_args, static inline int ip6_route_get_saddr(struct net *net, struct fib6_info *f6i, const struct in6_addr *daddr, - unsigned int prefs, + unsigned int prefs, int l3mdev_index, struct in6_addr *saddr) { + struct net_device *l3mdev; + struct net_device *dev; + bool same_vrf; int err = 0; - if (f6i && f6i->fib6_prefsrc.plen) { - *saddr = f6i->fib6_prefsrc.addr; - } else { - struct net_device *dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + rcu_read_lock(); - err = ipv6_dev_get_saddr(net, dev, daddr, prefs, saddr); - } + l3mdev = dev_get_by_index_rcu(net, l3mdev_index); + if (!f6i || !f6i->fib6_prefsrc.plen || l3mdev) + dev = f6i ? fib6_info_nh_dev(f6i) : NULL; + same_vrf = !l3mdev || l3mdev_master_dev_rcu(dev) == l3mdev; + if (f6i && f6i->fib6_prefsrc.plen && same_vrf) + *saddr = f6i->fib6_prefsrc.addr; + else + err = ipv6_dev_get_saddr(net, same_vrf ? dev : l3mdev, daddr, prefs, saddr); + + rcu_read_unlock(); return err; } diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 27d8725445e3..784424ac4147 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1124,6 +1124,7 @@ static int ip6_dst_lookup_tail(struct net *net, const struct sock *sk, from = rt ? rcu_dereference(rt->from) : NULL; err = ip6_route_get_saddr(net, from, &fl6->daddr, sk ? READ_ONCE(inet6_sk(sk)->srcprefs) : 0, + fl6->flowi6_l3mdev, &fl6->saddr); rcu_read_unlock(); diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 8d72ca0b086d..c9a9506b714d 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5689,7 +5689,7 @@ static int rt6_fill_node(struct net *net, struct sk_buff *skb, goto nla_put_failure; } else if (dest) { struct in6_addr saddr_buf; - if (ip6_route_get_saddr(net, rt, dest, 0, &saddr_buf) == 0 && + if (ip6_route_get_saddr(net, rt, dest, 0, 0, &saddr_buf) == 0 && nla_put_in6_addr(skb, RTA_PREFSRC, &saddr_buf)) goto nla_put_failure; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] kernel: rerun task_work while freezing in get_signal()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 943ad0b62e3c21f324c4884caa6cb4a871bca05c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072941-nucleus-cannabis-e513@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 943ad0b62e3c ("kernel: rerun task_work while freezing in get_signal()") f5d39b020809 ("freezer,sched: Rewrite core freezer logic") 9963e444f71e ("sched: Widen TAKS_state literals") f9fc8cad9728 ("sched: Add TASK_ANY for wait_task_inactive()") 9204a97f7ae8 ("sched: Change wait_task_inactive()s match_state") 1fbcaa923ce2 ("freezer,umh: Clean up freezer/initrd interaction") 5950e5d574c6 ("freezer: Have {,un}lock_system_sleep() save/restore flags") 0b9d46fc5ef7 ("sched: Rename task_running() to task_on_cpu()") 8386c414e27c ("PM: hibernate: defer device probing when resuming from hibernation") 57b6de08b5f6 ("ptrace: Admit ptrace_stop can generate spuriuos SIGTRAPs") 7b0fe1367ef2 ("ptrace: Document that wait_task_inactive can't fail") 1930a6e739c4 ("Merge tag 'ptrace-cleanups-for-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 943ad0b62e3c21f324c4884caa6cb4a871bca05c Mon Sep 17 00:00:00 2001 From: Pavel Begunkov <asml.silence(a)gmail.com> Date: Wed, 10 Jul 2024 18:58:18 +0100 Subject: [PATCH] kernel: rerun task_work while freezing in get_signal() io_uring can asynchronously add a task_work while the task is getting freezed. TIF_NOTIFY_SIGNAL will prevent the task from sleeping in do_freezer_trap(), and since the get_signal()'s relock loop doesn't retry task_work, the task will spin there not being able to sleep until the freezing is cancelled / the task is killed / etc. Run task_works in the freezer path. Keep the patch small and simple so it can be easily back ported, but we might need to do some cleaning after and look if there are other places with similar problems. Cc: stable(a)vger.kernel.org Link: https://github.com/systemd/systemd/issues/33626 Fixes: 12db8b690010c ("entry: Add support for TIF_NOTIFY_SIGNAL") Reported-by: Julian Orth <ju.orth(a)gmail.com> Acked-by: Oleg Nesterov <oleg(a)redhat.com> Acked-by: Tejun Heo <tj(a)kernel.org> Signed-off-by: Pavel Begunkov <asml.silence(a)gmail.com> Link: https://lore.kernel.org/r/89ed3a52933370deaaf61a0a620a6ac91f1e754d.17206341… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/kernel/signal.c b/kernel/signal.c index 1f9dd41c04be..60c737e423a1 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -2600,6 +2600,14 @@ static void do_freezer_trap(void) spin_unlock_irq(&current->sighand->siglock); cgroup_enter_frozen(); schedule(); + + /* + * We could've been woken by task_work, run it to clear + * TIF_NOTIFY_SIGNAL. The caller will retry if necessary. + */ + clear_notify_signal(); + if (unlikely(task_work_pending(current))) + task_work_run(); } static int ptrace_signal(int signr, kernel_siginfo_t *info, enum pid_type type)

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] thermal/drivers/broadcom: Fix race between removal and clock" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e90c369cc2ffcf7145a46448de101f715a1f5584 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072901-rare-engaging-abb3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e90c369cc2ff ("thermal/drivers/broadcom: Fix race between removal and clock disable") f29ecd3748a2 ("thermal: bcm2835: Convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e90c369cc2ffcf7145a46448de101f715a1f5584 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Tue, 9 Jul 2024 14:59:31 +0200 Subject: [PATCH] thermal/drivers/broadcom: Fix race between removal and clock disable During the probe, driver enables clocks necessary to access registers (in get_temp()) and then registers thermal zone with managed-resources (devm) interface. Removal of device is not done in reversed order, because: 1. Clock will be disabled in driver remove() callback - thermal zone is still registered and accessible to users, 2. devm interface will unregister thermal zone. This leaves short window between (1) and (2) for accessing the get_temp() callback with disabled clock. Fix this by enabling clock also via devm-interface, so entire cleanup path will be in proper, reversed order. Fixes: 8454c8c09c77 ("thermal/drivers/bcm2835: Remove buggy call to thermal_of_zone_unregister") Cc: stable(a)vger.kernel.org Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Link: https://lore.kernel.org/r/20240709-thermal-probe-v1-1-241644e2b6e0@linaro.o… Signed-off-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> diff --git a/drivers/thermal/broadcom/bcm2835_thermal.c b/drivers/thermal/broadcom/bcm2835_thermal.c index 5c1cebe07580..3b1030fc4fbf 100644 --- a/drivers/thermal/broadcom/bcm2835_thermal.c +++ b/drivers/thermal/broadcom/bcm2835_thermal.c @@ -185,7 +185,7 @@ static int bcm2835_thermal_probe(struct platform_device *pdev) return err; } - data->clk = devm_clk_get(&pdev->dev, NULL); + data->clk = devm_clk_get_enabled(&pdev->dev, NULL); if (IS_ERR(data->clk)) { err = PTR_ERR(data->clk); if (err != -EPROBE_DEFER) @@ -193,10 +193,6 @@ static int bcm2835_thermal_probe(struct platform_device *pdev) return err; } - err = clk_prepare_enable(data->clk); - if (err) - return err; - rate = clk_get_rate(data->clk); if ((rate < 1920000) || (rate > 5000000)) dev_warn(&pdev->dev, @@ -211,7 +207,7 @@ static int bcm2835_thermal_probe(struct platform_device *pdev) dev_err(&pdev->dev, "Failed to register the thermal device: %d\n", err); - goto err_clk; + return err; } /* @@ -236,7 +232,7 @@ static int bcm2835_thermal_probe(struct platform_device *pdev) dev_err(&pdev->dev, "Not able to read trip_temp: %d\n", err); - goto err_tz; + return err; } /* set bandgap reference voltage and enable voltage regulator */ @@ -269,17 +265,11 @@ static int bcm2835_thermal_probe(struct platform_device *pdev) */ err = thermal_add_hwmon_sysfs(tz); if (err) - goto err_tz; + return err; bcm2835_thermal_debugfs(pdev); return 0; -err_tz: - devm_thermal_of_zone_unregister(&pdev->dev, tz); -err_clk: - clk_disable_unprepare(data->clk); - - return err; } static void bcm2835_thermal_remove(struct platform_device *pdev) @@ -287,7 +277,6 @@ static void bcm2835_thermal_remove(struct platform_device *pdev) struct bcm2835_thermal_data *data = platform_get_drvdata(pdev); debugfs_remove_recursive(data->debugfsdir); - clk_disable_unprepare(data->clk); } static struct platform_driver bcm2835_thermal_driver = {

9 months, 1 week

1
0
0 0

EFI backports from v6.11-rc to v6.6 and newer

by Ard Biesheuvel

Please consider the following patches (in this order) for backporting to v6.6 and newer. fb318ca0a522295edd6d796fb987e99ec41f0ee5 ae835a96d72cd025421910edb0e8faf706998727 The second patch addresses a regression on older Dell hardware. The first one is a prerequisite for the second one, and a minor bugfix itself. Thanks, Ard.

9 months, 1 week

2
1
0 0

FAILED: patch "[PATCH] mm/mglru: fix ineffective protection calculation" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 30d77b7eef019fa4422980806e8b7cdc8674493e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072911-marshland-grab-ced7@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 30d77b7eef01 ("mm/mglru: fix ineffective protection calculation") 3f74e6bd3b84 ("mm/mglru: fix overshooting shrinker memory") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 30d77b7eef019fa4422980806e8b7cdc8674493e Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Fri, 12 Jul 2024 17:29:56 -0600 Subject: [PATCH] mm/mglru: fix ineffective protection calculation mem_cgroup_calculate_protection() is not stateless and should only be used as part of a top-down tree traversal. shrink_one() traverses the per-node memcg LRU instead of the root_mem_cgroup tree, and therefore it should not call mem_cgroup_calculate_protection(). The existing misuse in shrink_one() can cause ineffective protection of sub-trees that are grandchildren of root_mem_cgroup. Fix it by reusing lru_gen_age_node(), which already traverses the root_mem_cgroup tree, to calculate the protection. Previously lru_gen_age_node() opportunistically skips the first pass, i.e., when scan_control->priority is DEF_PRIORITY. On the second pass, lruvec_is_sizable() uses appropriate scan_control->priority, set by set_initial_priority() from lru_gen_shrink_node(), to decide whether a memcg is too small to reclaim from. Now lru_gen_age_node() unconditionally traverses the root_mem_cgroup tree. So it should call set_initial_priority() upfront, to make sure lruvec_is_sizable() uses appropriate scan_control->priority on the first pass. Otherwise, lruvec_is_reclaimable() can return false negatives and result in premature OOM kills when min_ttl_ms is used. Link: https://lkml.kernel.org/r/20240712232956.1427127-1-yuzhao@google.com Fixes: e4dde56cd208 ("mm: multi-gen LRU: per-node lru_gen_folio lists") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Reported-by: T.J. Mercier <tjmercier(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmscan.c b/mm/vmscan.c index 6216d79edb7f..525d3ffa8451 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -3915,6 +3915,32 @@ static bool try_to_inc_max_seq(struct lruvec *lruvec, unsigned long seq, * working set protection ******************************************************************************/ +static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) +{ + int priority; + unsigned long reclaimable; + + if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) + return; + /* + * Determine the initial priority based on + * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, + * where reclaimed_to_scanned_ratio = inactive / total. + */ + reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); + if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) + reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); + + /* round down reclaimable and round up sc->nr_to_reclaim */ + priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); + + /* + * The estimation is based on LRU pages only, so cap it to prevent + * overshoots of shrinker objects by large margins. + */ + sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); +} + static bool lruvec_is_sizable(struct lruvec *lruvec, struct scan_control *sc) { int gen, type, zone; @@ -3948,19 +3974,17 @@ static bool lruvec_is_reclaimable(struct lruvec *lruvec, struct scan_control *sc struct mem_cgroup *memcg = lruvec_memcg(lruvec); DEFINE_MIN_SEQ(lruvec); - /* see the comment on lru_gen_folio */ - gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); - birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - - if (time_is_after_jiffies(birth + min_ttl)) + if (mem_cgroup_below_min(NULL, memcg)) return false; if (!lruvec_is_sizable(lruvec, sc)) return false; - mem_cgroup_calculate_protection(NULL, memcg); + /* see the comment on lru_gen_folio */ + gen = lru_gen_from_seq(min_seq[LRU_GEN_FILE]); + birth = READ_ONCE(lruvec->lrugen.timestamps[gen]); - return !mem_cgroup_below_min(NULL, memcg); + return time_is_before_jiffies(birth + min_ttl); } /* to protect the working set of the last N jiffies */ @@ -3970,23 +3994,20 @@ static void lru_gen_age_node(struct pglist_data *pgdat, struct scan_control *sc) { struct mem_cgroup *memcg; unsigned long min_ttl = READ_ONCE(lru_gen_min_ttl); + bool reclaimable = !min_ttl; VM_WARN_ON_ONCE(!current_is_kswapd()); - /* check the order to exclude compaction-induced reclaim */ - if (!min_ttl || sc->order || sc->priority == DEF_PRIORITY) - return; + set_initial_priority(pgdat, sc); memcg = mem_cgroup_iter(NULL, NULL, NULL); do { struct lruvec *lruvec = mem_cgroup_lruvec(memcg, pgdat); - if (lruvec_is_reclaimable(lruvec, sc, min_ttl)) { - mem_cgroup_iter_break(NULL, memcg); - return; - } + mem_cgroup_calculate_protection(NULL, memcg); - cond_resched(); + if (!reclaimable) + reclaimable = lruvec_is_reclaimable(lruvec, sc, min_ttl); } while ((memcg = mem_cgroup_iter(NULL, memcg, NULL))); /* @@ -3994,7 +4015,7 @@ static void lru_gen_age_node(struct pglist_data *pgdat, struct scan_control *sc) * younger than min_ttl. However, another possibility is all memcgs are * either too small or below min. */ - if (mutex_trylock(&oom_lock)) { + if (!reclaimable && mutex_trylock(&oom_lock)) { struct oom_control oc = { .gfp_mask = sc->gfp_mask, }; @@ -4786,8 +4807,7 @@ static int shrink_one(struct lruvec *lruvec, struct scan_control *sc) struct mem_cgroup *memcg = lruvec_memcg(lruvec); struct pglist_data *pgdat = lruvec_pgdat(lruvec); - mem_cgroup_calculate_protection(NULL, memcg); - + /* lru_gen_age_node() called mem_cgroup_calculate_protection() */ if (mem_cgroup_below_min(NULL, memcg)) return MEMCG_LRU_YOUNG; @@ -4911,32 +4931,6 @@ static void lru_gen_shrink_lruvec(struct lruvec *lruvec, struct scan_control *sc blk_finish_plug(&plug); } -static void set_initial_priority(struct pglist_data *pgdat, struct scan_control *sc) -{ - int priority; - unsigned long reclaimable; - - if (sc->priority != DEF_PRIORITY || sc->nr_to_reclaim < MIN_LRU_BATCH) - return; - /* - * Determine the initial priority based on - * (total >> priority) * reclaimed_to_scanned_ratio = nr_to_reclaim, - * where reclaimed_to_scanned_ratio = inactive / total. - */ - reclaimable = node_page_state(pgdat, NR_INACTIVE_FILE); - if (can_reclaim_anon_pages(NULL, pgdat->node_id, sc)) - reclaimable += node_page_state(pgdat, NR_INACTIVE_ANON); - - /* round down reclaimable and round up sc->nr_to_reclaim */ - priority = fls_long(reclaimable) - 1 - fls_long(sc->nr_to_reclaim - 1); - - /* - * The estimation is based on LRU pages only, so cap it to prevent - * overshoots of shrinker objects by large margins. - */ - sc->priority = clamp(priority, DEF_PRIORITY / 2, DEF_PRIORITY); -} - static void lru_gen_shrink_node(struct pglist_data *pgdat, struct scan_control *sc) { struct blk_plug plug;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/migrate: putback split folios when numa hint migration" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 6e49019db5f7a09a9c0e8ac4d108e656c3f8e583 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072937-aloe-fog-7fc4@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 6e49019db5f7 ("mm/migrate: putback split folios when numa hint migration fails") ee86814b0562 ("mm/migrate: move NUMA hinting fault folio isolation + checks under PTL") 4b88c23ab8c9 ("mm/migrate: make migrate_misplaced_folio() return 0 on success") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6e49019db5f7a09a9c0e8ac4d108e656c3f8e583 Mon Sep 17 00:00:00 2001 From: Peter Xu <peterx(a)redhat.com> Date: Mon, 8 Jul 2024 17:55:37 -0400 Subject: [PATCH] mm/migrate: putback split folios when numa hint migration fails This issue is not from any report yet, but by code observation only. This is yet another fix besides Hugh's patch [1] but on relevant code path, where eager split of folio can happen if the folio is already on deferred list during a folio migration. Here the issue is NUMA path (migrate_misplaced_folio()) may start to encounter such folio split now even with MR_NUMA_MISPLACED hint applied. Then when migrate_pages() didn't migrate all the folios, it's possible the split small folios be put onto the list instead of the original folio. Then putting back only the head page won't be enough. Fix it by putting back all the folios on the list. [1] https://lore.kernel.org/all/46c948b4-4dd8-6e03-4c7b-ce4e81cfa536@google.com/ [akpm(a)linux-foundation.org: remove now unused local `nr_pages'] Link: https://lkml.kernel.org/r/20240708215537.2630610-1-peterx@redhat.com Fixes: 7262f208ca68 ("mm/migrate: split source folio if it is on deferred split list") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Huang Ying <ying.huang(a)intel.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/migrate.c b/mm/migrate.c index 6eb9df239230..bdbb5bb04c91 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -2621,20 +2621,13 @@ int migrate_misplaced_folio(struct folio *folio, struct vm_area_struct *vma, int nr_remaining; unsigned int nr_succeeded; LIST_HEAD(migratepages); - int nr_pages = folio_nr_pages(folio); list_add(&folio->lru, &migratepages); nr_remaining = migrate_pages(&migratepages, alloc_misplaced_dst_folio, NULL, node, MIGRATE_ASYNC, MR_NUMA_MISPLACED, &nr_succeeded); - if (nr_remaining) { - if (!list_empty(&migratepages)) { - list_del(&folio->lru); - node_stat_mod_folio(folio, NR_ISOLATED_ANON + - folio_is_file_lru(folio), -nr_pages); - folio_putback_lru(folio); - } - } + if (nr_remaining && !list_empty(&migratepages)) + putback_movable_pages(&migratepages); if (nr_succeeded) { count_vm_numa_events(NUMA_PAGE_MIGRATE, nr_succeeded); if (!node_is_toptier(folio_nid(folio)) && node_is_toptier(node))

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: avoid overflows in dirty throttling logic" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 68ed2a394a0190433ba982b353579075a29099bd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072925-darling-chaplain-8e34@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 68ed2a394a01 ("mm: avoid overflows in dirty throttling logic") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 68ed2a394a0190433ba982b353579075a29099bd Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Fri, 21 Jun 2024 16:42:38 +0200 Subject: [PATCH] mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes interfaces we can just refuse to set so large limits. For dirty_ratio / dirty_background_ratio it isn't so simple as the dirty limit is computed from the amount of available memory which can change due to memory hotplug etc. So when converting dirty limits from ratios to numbers of pages, we just don't allow the result to exceed UINT_MAX. This is root-only triggerable problem which occurs when the operator sets dirty limits to >16 TB. Link: https://lkml.kernel.org/r/20240621144246.11148-2-jack@suse.cz Signed-off-by: Jan Kara <jack(a)suse.cz> Reported-by: Zach O'Keefe <zokeefe(a)google.com> Reviewed-By: Zach O'Keefe <zokeefe(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/page-writeback.c b/mm/page-writeback.c index c4aa6e84c20a..acff24e9fae4 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c @@ -417,13 +417,20 @@ static void domain_dirty_limits(struct dirty_throttle_control *dtc) else bg_thresh = (bg_ratio * available_memory) / PAGE_SIZE; - if (bg_thresh >= thresh) - bg_thresh = thresh / 2; tsk = current; if (rt_task(tsk)) { bg_thresh += bg_thresh / 4 + global_wb_domain.dirty_limit / 32; thresh += thresh / 4 + global_wb_domain.dirty_limit / 32; } + /* + * Dirty throttling logic assumes the limits in page units fit into + * 32-bits. This gives 16TB dirty limits max which is hopefully enough. + */ + if (thresh > UINT_MAX) + thresh = UINT_MAX; + /* This makes sure bg_thresh is within 32-bits as well */ + if (bg_thresh >= thresh) + bg_thresh = thresh / 2; dtc->thresh = thresh; dtc->bg_thresh = bg_thresh; @@ -473,7 +480,11 @@ static unsigned long node_dirty_limit(struct pglist_data *pgdat) if (rt_task(tsk)) dirty += dirty / 4; - return dirty; + /* + * Dirty throttling logic assumes the limits in page units fit into + * 32-bits. This gives 16TB dirty limits max which is hopefully enough. + */ + return min_t(unsigned long, dirty, UINT_MAX); } /** @@ -510,10 +521,17 @@ static int dirty_background_bytes_handler(struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos) { int ret; + unsigned long old_bytes = dirty_background_bytes; ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos); - if (ret == 0 && write) + if (ret == 0 && write) { + if (DIV_ROUND_UP(dirty_background_bytes, PAGE_SIZE) > + UINT_MAX) { + dirty_background_bytes = old_bytes; + return -ERANGE; + } dirty_background_ratio = 0; + } return ret; } @@ -539,6 +557,10 @@ static int dirty_bytes_handler(struct ctl_table *table, int write, ret = proc_doulongvec_minmax(table, write, buffer, lenp, ppos); if (ret == 0 && write && vm_dirty_bytes != old_bytes) { + if (DIV_ROUND_UP(vm_dirty_bytes, PAGE_SIZE) > UINT_MAX) { + vm_dirty_bytes = old_bytes; + return -ERANGE; + } writeback_set_ratelimit(); vm_dirty_ratio = 0; }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/hugetlb: fix kernel NULL pointer dereference when" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 1390a3334a48ecac5175865fd433d55eec255db8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072954-overhung-citrus-9daa@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 1390a3334a48 ("mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1390a3334a48ecac5175865fd433d55eec255db8 Mon Sep 17 00:00:00 2001 From: Miaohe Lin <linmiaohe(a)huawei.com> Date: Tue, 9 Jul 2024 20:04:33 +0800 Subject: [PATCH] mm/hugetlb: fix kernel NULL pointer dereference when migrating hugetlb folio A kernel crash was observed when migrating hugetlb folio: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 3435 Comm: bash Not tainted 6.10.0-rc6-00450-g8578ca01f21f #66 RIP: 0010:__folio_undo_large_rmappable+0x70/0xb0 RSP: 0018:ffffb165c98a7b38 EFLAGS: 00000097 RAX: fffffbbc44528090 RBX: 0000000000000000 RCX: 0000000000000000 RDX: ffffa30e000a2800 RSI: 0000000000000246 RDI: ffffa3153ffffcc0 RBP: fffffbbc44528000 R08: 0000000000002371 R09: ffffffffbe4e5868 R10: 0000000000000001 R11: 0000000000000001 R12: ffffa3153ffffcc0 R13: fffffbbc44468000 R14: 0000000000000001 R15: 0000000000000001 FS: 00007f5b3a716740(0000) GS:ffffa3151fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000010959a000 CR4: 00000000000006f0 Call Trace: <TASK> __folio_migrate_mapping+0x59e/0x950 __migrate_folio.constprop.0+0x5f/0x120 move_to_new_folio+0xfd/0x250 migrate_pages+0x383/0xd70 soft_offline_page+0x2ab/0x7f0 soft_offline_page_store+0x52/0x90 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x380/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5b3a514887 RSP: 002b:00007ffe138fce68 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f5b3a514887 RDX: 000000000000000c RSI: 0000556ab809ee10 RDI: 0000000000000001 RBP: 0000556ab809ee10 R08: 00007f5b3a5d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007f5b3a61b780 R14: 00007f5b3a617600 R15: 00007f5b3a616a00 It's because hugetlb folio is passed to __folio_undo_large_rmappable() unexpectedly. large_rmappable flag is imperceptibly set to hugetlb folio since commit f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio"). Then commit be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") makes folio_migrate_mapping() call folio_undo_large_rmappable() triggering the bug. Fix this issue by clearing large_rmappable flag for hugetlb folios. They don't need that flag set anyway. Link: https://lkml.kernel.org/r/20240709120433.4136700-1-linmiaohe@huawei.com Fixes: f6a8dd98a2ce ("hugetlb: convert alloc_buddy_hugetlb_folio to use a folio") Fixes: be9581ea8c05 ("mm: fix crashes from deferred split racing folio migration") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 80a93b69652f..11f25e00a293 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -2166,6 +2166,9 @@ static struct folio *alloc_buddy_hugetlb_folio(struct hstate *h, nid = numa_mem_id(); retry: folio = __folio_alloc(gfp_mask, order, nid, nmask); + /* Ensure hugetlb folio won't have large_rmappable flag set. */ + if (folio) + folio_clear_large_rmappable(folio); if (folio && !folio_ref_freeze(folio, 1)) { folio_put(folio);

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm: fix khugepaged activation policy" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 00f58104202c472e487f0866fbd38832523fd4f9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072942-compare-unworried-8aec@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 00f58104202c ("mm: fix khugepaged activation policy") 7f83bf14603e ("mm/huge_memory: mark racy access onhuge_anon_orders_always") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 00f58104202c472e487f0866fbd38832523fd4f9 Mon Sep 17 00:00:00 2001 From: Ryan Roberts <ryan.roberts(a)arm.com> Date: Thu, 4 Jul 2024 10:10:50 +0100 Subject: [PATCH] mm: fix khugepaged activation policy Since the introduction of mTHP, the docuementation has stated that khugepaged would be enabled when any mTHP size is enabled, and disabled when all mTHP sizes are disabled. There are 2 problems with this; 1. this is not what was implemented by the code and 2. this is not the desirable behavior. Desirable behavior is for khugepaged to be enabled when any PMD-sized THP is enabled, anon or file. (Note that file THP is still controlled by the top-level control so we must always consider that, as well as the PMD-size mTHP control for anon). khugepaged only supports collapsing to PMD-sized THP so there is no value in enabling it when PMD-sized THP is disabled. So let's change the code and documentation to reflect this policy. Further, per-size enabled control modification events were not previously forwarded to khugepaged to give it an opportunity to start or stop. Consequently the following was resulting in khugepaged eroneously not being activated: echo never > /sys/kernel/mm/transparent_hugepage/enabled echo always > /sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled [ryan.roberts(a)arm.com: v3] Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20240705102849.2479686-1-ryan.roberts@arm.com Link: https://lkml.kernel.org/r/20240704091051.2411934-1-ryan.roberts@arm.com Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Fixes: 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") Closes: https://lore.kernel.org/linux-mm/7a0bbe69-1e3d-4263-b206-da007791a5c4@redha… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Lance Yang <ioworker0(a)gmail.com> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/Documentation/admin-guide/mm/transhuge.rst b/Documentation/admin-guide/mm/transhuge.rst index a1bc9b24e29a..fe237825b95c 100644 --- a/Documentation/admin-guide/mm/transhuge.rst +++ b/Documentation/admin-guide/mm/transhuge.rst @@ -202,12 +202,11 @@ PMD-mappable transparent hugepage:: cat /sys/kernel/mm/transparent_hugepage/hpage_pmd_size -khugepaged will be automatically started when one or more hugepage -sizes are enabled (either by directly setting "always" or "madvise", -or by setting "inherit" while the top-level enabled is set to "always" -or "madvise"), and it'll be automatically shutdown when the last -hugepage size is disabled (either by directly setting "never", or by -setting "inherit" while the top-level enabled is set to "never"). +khugepaged will be automatically started when PMD-sized THP is enabled +(either of the per-size anon control or the top-level control are set +to "always" or "madvise"), and it'll be automatically shutdown when +PMD-sized THP is disabled (when both the per-size anon control and the +top-level control are "never") Khugepaged controls ------------------- diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index cee3c5da8f0e..acb6ac24a07e 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -128,18 +128,6 @@ static inline bool hugepage_global_always(void) (1<<TRANSPARENT_HUGEPAGE_FLAG); } -static inline bool hugepage_flags_enabled(void) -{ - /* - * We cover both the anon and the file-backed case here; we must return - * true if globally enabled, even when all anon sizes are set to never. - * So we don't need to look at huge_anon_orders_inherit. - */ - return hugepage_global_enabled() || - READ_ONCE(huge_anon_orders_always) || - READ_ONCE(huge_anon_orders_madvise); -} - static inline int highest_order(unsigned long orders) { return fls_long(orders) - 1; diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 17fb072a0ca1..f8b5cbd4dd71 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -502,6 +502,13 @@ static ssize_t thpsize_enabled_store(struct kobject *kobj, } else ret = -EINVAL; + if (ret > 0) { + int err; + + err = start_stop_khugepaged(); + if (err) + ret = err; + } return ret; } diff --git a/mm/khugepaged.c b/mm/khugepaged.c index 409f67a817f1..a5ec03ef8722 100644 --- a/mm/khugepaged.c +++ b/mm/khugepaged.c @@ -413,6 +413,26 @@ static inline int hpage_collapse_test_exit_or_disable(struct mm_struct *mm) test_bit(MMF_DISABLE_THP, &mm->flags); } +static bool hugepage_pmd_enabled(void) +{ + /* + * We cover both the anon and the file-backed case here; file-backed + * hugepages, when configured in, are determined by the global control. + * Anon pmd-sized hugepages are determined by the pmd-size control. + */ + if (IS_ENABLED(CONFIG_READ_ONLY_THP_FOR_FS) && + hugepage_global_enabled()) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_always)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_madvise)) + return true; + if (test_bit(PMD_ORDER, &huge_anon_orders_inherit) && + hugepage_global_enabled()) + return true; + return false; +} + void __khugepaged_enter(struct mm_struct *mm) { struct khugepaged_mm_slot *mm_slot; @@ -449,7 +469,7 @@ void khugepaged_enter_vma(struct vm_area_struct *vma, unsigned long vm_flags) { if (!test_bit(MMF_VM_HUGEPAGE, &vma->vm_mm->flags) && - hugepage_flags_enabled()) { + hugepage_pmd_enabled()) { if (thp_vma_allowable_order(vma, vm_flags, TVA_ENFORCE_SYSFS, PMD_ORDER)) __khugepaged_enter(vma->vm_mm); @@ -2462,8 +2482,7 @@ static unsigned int khugepaged_scan_mm_slot(unsigned int pages, int *result, static int khugepaged_has_work(void) { - return !list_empty(&khugepaged_scan.mm_head) && - hugepage_flags_enabled(); + return !list_empty(&khugepaged_scan.mm_head) && hugepage_pmd_enabled(); } static int khugepaged_wait_event(void) @@ -2536,7 +2555,7 @@ static void khugepaged_wait_work(void) return; } - if (hugepage_flags_enabled()) + if (hugepage_pmd_enabled()) wait_event_freezable(khugepaged_wait, khugepaged_wait_event()); } @@ -2567,7 +2586,7 @@ static void set_recommended_min_free_kbytes(void) int nr_zones = 0; unsigned long recommended_min; - if (!hugepage_flags_enabled()) { + if (!hugepage_pmd_enabled()) { calculate_min_free_kbytes(); goto update_wmarks; } @@ -2617,7 +2636,7 @@ int start_stop_khugepaged(void) int err = 0; mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled()) { + if (hugepage_pmd_enabled()) { if (!khugepaged_thread) khugepaged_thread = kthread_run(khugepaged, NULL, "khugepaged"); @@ -2643,7 +2662,7 @@ int start_stop_khugepaged(void) void khugepaged_min_free_kbytes_update(void) { mutex_lock(&khugepaged_mutex); - if (hugepage_flags_enabled() && khugepaged_thread) + if (hugepage_pmd_enabled() && khugepaged_thread) set_recommended_min_free_kbytes(); mutex_unlock(&khugepaged_mutex); }

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/huge_memory: avoid PMD-size page cache if needed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d659b715e94ac039803d7601505d3473393fc0be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072952-envision-salvation-6c3a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d659b715e94a ("mm/huge_memory: avoid PMD-size page cache if needed") e0ffb29bc54d ("mm: simplify thp_vma_allowable_order") 19eaf44954df ("mm: thp: support allocation of anonymous multi-size THP") 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") 7a81751fcdeb ("mm/thp: fix "mm: thp: kill __transhuge_page_enabled()"") 5003a2bdf688 ("mm: call update_mmu_cache_range() in more page fault handling paths") daa60ae64c65 ("mm,thp: fix smaps THPeligible output alignment") 3db82b9374ca ("mm/memory: allow pte_offset_map[_lock]() to fail") 3b65f437d9e8 ("mm: fix failure to unmap pte on highmem systems") 2bad466cc9d9 ("mm/uffd: UFFD_FEATURE_WP_UNPOPULATED") 3c556d2425b0 ("mm/thp: rename TRANSPARENT_HUGEPAGE_NEVER_DAX to _UNSUPPORTED") 28d41a486331 ("mm: convert wp_page_copy() to use folios") cb3184deef10 ("mm: convert do_anonymous_page() to use a folio") 6bc56a4d8553 ("mm: add vma_alloc_zeroed_movable_folio()") 2cf1338454a8 ("mm: fix khugepaged with shmem_enabled=advise") d1751118c886 ("mm/uffd: detect pgtable allocation failures") a79390f5d6a7 ("mm/mprotect: use long for page accountings and retval") 1ef488edd6c4 ("mm/mprotect: drop pgprot_t parameter from change_protection()") 931298e103c2 ("mm/userfaultfd: rely on vma->vm_page_prot in uffd_wp_range()") fed15f1345dc ("mm/hugetlb: pre-allocate pgtable pages for uffd wr-protects") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d659b715e94ac039803d7601505d3473393fc0be Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Mon, 15 Jul 2024 10:04:23 +1000 Subject: [PATCH] mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory's collapsing path on ARM64 system whose base page size is 64KB. 512MB page cache is breaking the limitation and a warning is raised when the xarray entry is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by correcting the supported page cache orders, different sets for DAX and other files. With it corrected, 512MB page cache becomes disallowed on all non-DAX files on ARM64 system where the base page size is 64KB. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240715000423.316491-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index cff002be83eb..e25d9ebfdf89 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -74,14 +74,20 @@ extern struct kobj_attribute thpsize_shmem_enabled_attr; #define THP_ORDERS_ALL_ANON ((BIT(PMD_ORDER + 1) - 1) & ~(BIT(0) | BIT(1))) /* - * Mask of all large folio orders supported for file THP. + * Mask of all large folio orders supported for file THP. Folios in a DAX + * file is never split and the MAX_PAGECACHE_ORDER limit does not apply to + * it. */ -#define THP_ORDERS_ALL_FILE (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DAX \ + (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DEFAULT \ + ((BIT(MAX_PAGECACHE_ORDER + 1) - 1) & ~BIT(0)) /* * Mask of all large folio orders supported for THP. */ -#define THP_ORDERS_ALL (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE) +#define THP_ORDERS_ALL \ + (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE_DAX | THP_ORDERS_ALL_FILE_DEFAULT) #define TVA_SMAPS (1 << 0) /* Will be used for procfs */ #define TVA_IN_PF (1 << 1) /* Page fault handler */ diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 04b72912035d..f4be468e06a4 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -89,9 +89,17 @@ unsigned long __thp_vma_allowable_orders(struct vm_area_struct *vma, bool smaps = tva_flags & TVA_SMAPS; bool in_pf = tva_flags & TVA_IN_PF; bool enforce_sysfs = tva_flags & TVA_ENFORCE_SYSFS; + unsigned long supported_orders; + /* Check the intersection of requested and supported orders. */ - orders &= vma_is_anonymous(vma) ? - THP_ORDERS_ALL_ANON : THP_ORDERS_ALL_FILE; + if (vma_is_anonymous(vma)) + supported_orders = THP_ORDERS_ALL_ANON; + else if (vma_is_dax(vma)) + supported_orders = THP_ORDERS_ALL_FILE_DAX; + else + supported_orders = THP_ORDERS_ALL_FILE_DEFAULT; + + orders &= supported_orders; if (!orders) return 0;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] mm/huge_memory: avoid PMD-size page cache if needed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d659b715e94ac039803d7601505d3473393fc0be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072950-factsheet-cabbie-418a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d659b715e94a ("mm/huge_memory: avoid PMD-size page cache if needed") e0ffb29bc54d ("mm: simplify thp_vma_allowable_order") 19eaf44954df ("mm: thp: support allocation of anonymous multi-size THP") 3485b88390b0 ("mm: thp: introduce multi-size THP sysfs interface") 7a81751fcdeb ("mm/thp: fix "mm: thp: kill __transhuge_page_enabled()"") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d659b715e94ac039803d7601505d3473393fc0be Mon Sep 17 00:00:00 2001 From: Gavin Shan <gshan(a)redhat.com> Date: Mon, 15 Jul 2024 10:04:23 +1000 Subject: [PATCH] mm/huge_memory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory's collapsing path on ARM64 system whose base page size is 64KB. 512MB page cache is breaking the limitation and a warning is raised when the xarray entry is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by correcting the supported page cache orders, different sets for DAX and other files. With it corrected, 512MB page cache becomes disallowed on all non-DAX files on ARM64 system where the base page size is 64KB. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240715000423.316491-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/huge_mm.h b/include/linux/huge_mm.h index cff002be83eb..e25d9ebfdf89 100644 --- a/include/linux/huge_mm.h +++ b/include/linux/huge_mm.h @@ -74,14 +74,20 @@ extern struct kobj_attribute thpsize_shmem_enabled_attr; #define THP_ORDERS_ALL_ANON ((BIT(PMD_ORDER + 1) - 1) & ~(BIT(0) | BIT(1))) /* - * Mask of all large folio orders supported for file THP. + * Mask of all large folio orders supported for file THP. Folios in a DAX + * file is never split and the MAX_PAGECACHE_ORDER limit does not apply to + * it. */ -#define THP_ORDERS_ALL_FILE (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DAX \ + (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DEFAULT \ + ((BIT(MAX_PAGECACHE_ORDER + 1) - 1) & ~BIT(0)) /* * Mask of all large folio orders supported for THP. */ -#define THP_ORDERS_ALL (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE) +#define THP_ORDERS_ALL \ + (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE_DAX | THP_ORDERS_ALL_FILE_DEFAULT) #define TVA_SMAPS (1 << 0) /* Will be used for procfs */ #define TVA_IN_PF (1 << 1) /* Page fault handler */ diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 04b72912035d..f4be468e06a4 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -89,9 +89,17 @@ unsigned long __thp_vma_allowable_orders(struct vm_area_struct *vma, bool smaps = tva_flags & TVA_SMAPS; bool in_pf = tva_flags & TVA_IN_PF; bool enforce_sysfs = tva_flags & TVA_ENFORCE_SYSFS; + unsigned long supported_orders; + /* Check the intersection of requested and supported orders. */ - orders &= vma_is_anonymous(vma) ? - THP_ORDERS_ALL_ANON : THP_ORDERS_ALL_FILE; + if (vma_is_anonymous(vma)) + supported_orders = THP_ORDERS_ALL_ANON; + else if (vma_is_dax(vma)) + supported_orders = THP_ORDERS_ALL_FILE_DAX; + else + supported_orders = THP_ORDERS_ALL_FILE_DEFAULT; + + orders &= supported_orders; if (!orders) return 0;

9 months, 1 week

1
0
0 0

Linux 6.9.12

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.12 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 13 +++++++- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 +++++++- arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 17 ++++++++--- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 17 ++++++++--- arch/s390/mm/fault.c | 3 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 - drivers/net/tap.c | 5 +++ drivers/net/tun.c | 3 + drivers/usb/gadget/function/f_midi2.c | 19 +++++++----- fs/jfs/xattr.c | 23 ++++++++++++--- fs/locks.c | 9 ++--- fs/ntfs3/fslog.c | 44 ++++++++++++++++++++++++---- fs/ocfs2/dir.c | 46 ++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 +++ sound/core/seq/seq_ump_client.c | 16 ++++++++++ sound/pci/hda/patch_realtek.c | 3 + 27 files changed, 198 insertions(+), 55 deletions(-) Abel Vesa (4): arm64: dts: qcom: x1e80100-qcp: Fix USB PHYs regulators arm64: dts: qcom: x1e80100-crd: Fix the PHY regulator for PCIe 6a arm64: dts: qcom: x1e80100-qcp: Fix the PHY regulator for PCIe 6a arm64: dts: qcom: x1e80100-crd: Fix USB PHYs regulators Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Dmitry Baryshkov (2): arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Gerald Schaefer (1): s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() Greg Kroah-Hartman (1): Linux 6.9.12 Jann Horn (1): filelock: Fix fcntl/close race recovery compat path Konstantin Komarov (1): fs/ntfs3: Add a check for attr_names and oatbl Krishna Kurapati (10): arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shenghao Ding (1): ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop Shengjiu Wang (1): ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame Takashi Iwai (2): usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup ALSA: seq: ump: Skip useless ports for static blocks lei lu (3): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset

9 months, 1 week

1
2
0 0

[PATCH v1 2/2] mm/hugetlb: fix hugetlb vs. core-mm PT locking

by David Hildenbrand

We recently made GUP's common page table walking code to also walk hugetlb VMAs without most hugetlb special-casing, preparing for the future of having less hugetlb-specific page table walking code in the codebase. Turns out that we missed one page table locking detail: page table locking for hugetlb folios that are not mapped using a single PMD/PUD. Assume we have hugetlb folio that spans multiple PTEs (e.g., 64 KiB hugetlb folios on arm64 with 4 KiB base page size). GUP, as it walks the page tables, will perform a pte_offset_map_lock() to grab the PTE table lock. However, hugetlb that concurrently modifies these page tables would actually grab the mm->page_table_lock: with USE_SPLIT_PTE_PTLOCKS, the locks would differ. Something similar can happen right now with hugetlb folios that span multiple PMDs when USE_SPLIT_PMD_PTLOCKS. Let's make huge_pte_lockptr() effectively uses the same PT locks as any core-mm page table walker would. There is one ugly case: powerpc 8xx, whereby we have an 8 MiB hugetlb folio being mapped using two PTE page tables. While hugetlb wants to take the PMD table lock, core-mm would grab the PTE table lock of one of both PTE page tables. In such corner cases, we have to make sure that both locks match, which is (fortunately!) currently guaranteed for 8xx as it does not support SMP. Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- include/linux/hugetlb.h | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index c9bf68c239a01..da800e56fe590 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -944,10 +944,29 @@ static inline bool htlb_allow_alloc_fallback(int reason) static inline spinlock_t *huge_pte_lockptr(struct hstate *h, struct mm_struct *mm, pte_t *pte) { - if (huge_page_size(h) == PMD_SIZE) + VM_WARN_ON(huge_page_size(h) == PAGE_SIZE); + VM_WARN_ON(huge_page_size(h) >= P4D_SIZE); + + /* + * hugetlb must use the exact same PT locks as core-mm page table + * walkers would. When modifying a PTE table, hugetlb must take the + * PTE PT lock, when modifying a PMD table, hugetlb must take the PMD + * PT lock etc. + * + * The expectation is that any hugetlb folio smaller than a PMD is + * always mapped into a single PTE table and that any hugetlb folio + * smaller than a PUD (but at least as big as a PMD) is always mapped + * into a single PMD table. + * + * If that does not hold for an architecture, then that architecture + * must disable split PT locks such that all *_lockptr() functions + * will give us the same result: the per-MM PT lock. + */ + if (huge_page_size(h) < PMD_SIZE) + return pte_lockptr(mm, pte); + else if (huge_page_size(h) < PUD_SIZE) return pmd_lockptr(mm, (pmd_t *) pte); - VM_BUG_ON(huge_page_size(h) == PAGE_SIZE); - return &mm->page_table_lock; + return pud_lockptr(mm, (pud_t *) pte); } #ifndef hugepages_supported -- 2.45.2

9 months, 1 week

5
11
0 0

[PATCH v3] arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent

by Qingqing Zhou

The SMMUs on sa8775p are cache-coherent. GPU SMMU is marked as such, mark the APPS and PCIe ones as well. Fixes: 603f96d4c9d0 ("arm64: dts: qcom: add initial support for qcom sa8775p-ride") Fixes: 2dba7a613a6e ("arm64: dts: qcom: sa8775p: add the pcie smmu node") Cc: stable(a)vger.kernel.org Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Qingqing Zhou <quic_qqzhou(a)quicinc.com> --- v2 -> v3: - Remove the line break between tags. - Add the Cc stable tag. Link to v2: https://lore.kernel.org/all/20240723075948.9545-1-quic_qqzhou@quicinc.com/ v1 -> v2: - Add the Fixes tags. - Update the commit message. Link to v1: https://lore.kernel.org/lkml/20240715071649.25738-1-quic_qqzhou@quicinc.com/ --- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sa8775p.dtsi b/arch/arm64/boot/dts/qcom/sa8775p.dtsi index 23f1b2e5e624..95691ab58a23 100644 --- a/arch/arm64/boot/dts/qcom/sa8775p.dtsi +++ b/arch/arm64/boot/dts/qcom/sa8775p.dtsi @@ -3070,6 +3070,7 @@ reg = <0x0 0x15000000 0x0 0x100000>; #iommu-cells = <2>; #global-interrupts = <2>; + dma-coherent; interrupts = <GIC_SPI 119 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>, @@ -3208,6 +3209,7 @@ reg = <0x0 0x15200000 0x0 0x80000>; #iommu-cells = <2>; #global-interrupts = <2>; + dma-coherent; interrupts = <GIC_SPI 920 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 921 IRQ_TYPE_LEVEL_HIGH>, -- 2.17.1

9 months, 1 week

2
1
0 0

[PATCH v2] soc: qcom: cmd-db: Map shared memory as WC, not WB

by Maulik Shah

From: Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage 2 translation tables. The issue manifests if we want to use another hypervisor (like Xen or KVM), which does not know anything about those specific mappings. Changing the mapping of cmd-db memory from MEMREMAP_WB to MEMREMAP_WT/WC removes dependency on correct mappings in Stage 2 tables. This patch fixes the issue by updating the mapping to MEMREMAP_WC. I tested this on SA8155P with Xen. Fixes: 312416d9171a ("drivers: qcom: add command DB driver") Cc: stable(a)vger.kernel.org # 5.4+ Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> Tested-by: Nikita Travkin <nikita(a)trvn.ru> # sc7180 WoA in EL2 Signed-off-by: Maulik Shah <quic_mkshah(a)quicinc.com> --- Changes in v2: - Use MEMREMAP_WC instead of MEMREMAP_WT - Update commit message from comments in v1 - Add Fixes tag and Cc to stable - Link to v1: https://lore.kernel.org/lkml/20240327200917.2576034-1-volodymyr_babchuk@epa… --- drivers/soc/qcom/cmd-db.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/qcom/cmd-db.c b/drivers/soc/qcom/cmd-db.c index d84572662017..ae66c2623d25 100644 --- a/drivers/soc/qcom/cmd-db.c +++ b/drivers/soc/qcom/cmd-db.c @@ -349,7 +349,7 @@ static int cmd_db_dev_probe(struct platform_device *pdev) return -EINVAL; } - cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WB); + cmd_db_header = memremap(rmem->base, rmem->size, MEMREMAP_WC); if (!cmd_db_header) { ret = -ENOMEM; cmd_db_header = NULL; --- base-commit: 797012914d2d031430268fe512af0ccd7d8e46ef change-id: 20240718-cmd_db_uncached-e896da5c5296 Best regards, -- Maulik Shah <quic_mkshah(a)quicinc.com>

9 months, 1 week

4
7
0 0

[PATCH] clk: qcom: gcc-sm8450: Do not turn off PCIe GDSCs during gdsc_disable()

by Manivannan Sadhasivam

With PWRSTS_OFF_ON, PCIe GDSCs are turned off during gdsc_disable(). This can happen during scenarios such as system suspend and breaks the resume of PCIe controllers from suspend. So use PWRSTS_RET_ON to indicate the GDSC driver to not turn off the GDSCs during gdsc_disable() and allow the hardware to transition the GDSCs to retention when the parent domain enters low power state during system suspend. Cc: stable(a)vger.kernel.org # 5.17 Fixes: db0c944ee92b ("clk: qcom: Add clock driver for SM8450") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/clk/qcom/gcc-sm8450.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/clk/qcom/gcc-sm8450.c b/drivers/clk/qcom/gcc-sm8450.c index 639a9a955914..c445c271678a 100644 --- a/drivers/clk/qcom/gcc-sm8450.c +++ b/drivers/clk/qcom/gcc-sm8450.c @@ -2974,7 +2974,7 @@ static struct gdsc pcie_0_gdsc = { .pd = { .name = "pcie_0_gdsc", }, - .pwrsts = PWRSTS_OFF_ON, + .pwrsts = PWRSTS_RET_ON, }; static struct gdsc pcie_1_gdsc = { @@ -2982,7 +2982,7 @@ static struct gdsc pcie_1_gdsc = { .pd = { .name = "pcie_1_gdsc", }, - .pwrsts = PWRSTS_OFF_ON, + .pwrsts = PWRSTS_RET_ON, }; static struct gdsc ufs_phy_gdsc = { -- 2.25.1

9 months, 1 week

2
1
0 0

[PATCH] clk: qcom: gcc-sm8250: Do not turn off PCIe GDSCs during gdsc_disable()

by Manivannan Sadhasivam

With PWRSTS_OFF_ON, PCIe GDSCs are turned off during gdsc_disable(). This can happen during scenarios such as system suspend and breaks the resume of PCIe controllers from suspend. So use PWRSTS_RET_ON to indicate the GDSC driver to not turn off the GDSCs during gdsc_disable() and allow the hardware to transition the GDSCs to retention when the parent domain enters low power state during system suspend. Cc: stable(a)vger.kernel.org # 5.7 Fixes: 3e5770921a88 ("clk: qcom: gcc: Add global clock controller driver for SM8250") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/clk/qcom/gcc-sm8250.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/clk/qcom/gcc-sm8250.c b/drivers/clk/qcom/gcc-sm8250.c index 991cd8b8d597..1c59d70e0f96 100644 --- a/drivers/clk/qcom/gcc-sm8250.c +++ b/drivers/clk/qcom/gcc-sm8250.c @@ -3226,7 +3226,7 @@ static struct gdsc pcie_0_gdsc = { .pd = { .name = "pcie_0_gdsc", }, - .pwrsts = PWRSTS_OFF_ON, + .pwrsts = PWRSTS_RET_ON, }; static struct gdsc pcie_1_gdsc = { @@ -3234,7 +3234,7 @@ static struct gdsc pcie_1_gdsc = { .pd = { .name = "pcie_1_gdsc", }, - .pwrsts = PWRSTS_OFF_ON, + .pwrsts = PWRSTS_RET_ON, }; static struct gdsc pcie_2_gdsc = { @@ -3242,7 +3242,7 @@ static struct gdsc pcie_2_gdsc = { .pd = { .name = "pcie_2_gdsc", }, - .pwrsts = PWRSTS_OFF_ON, + .pwrsts = PWRSTS_RET_ON, }; static struct gdsc ufs_card_gdsc = { -- 2.25.1

9 months, 1 week

2
1
0 0

[PATCH 6.9 2/2] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591

by Erpeng Xu

From: WangYuli <wangyuli(a)uniontech.com> commit 0cbc22dfe14453c77e53dbd28a3e27e01b699f31 upstream Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Erpeng Xu <xuerpeng(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index d507ea9d240c..f8d4869fa221 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -554,6 +554,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH 6.9 1/2] Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables

by Erpeng Xu

From: Hilda Wu <hildawu(a)realtek.com> commit 02e1aa098d52b294f80e4929abef4c44f378ddf4 upstream Add the support ID 0489:e125 to usb_device_id table for Realtek RTL8852B chip. The device info from /sys/kernel/debug/usb/devices as below. T: Bus=01 Lev=01 Prnt=01 Port=07 Cnt=03 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0489 ProdID=e125 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by: Hilda Wu <hildawu(a)realtek.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Erpeng Xu <xuerpeng(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index fb716849b60f..d507ea9d240c 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -554,6 +554,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek 8852BT/8852BE-VT Bluetooth devices */ { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH 6.10 2/2] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591

by Erpeng Xu

From: WangYuli <wangyuli(a)uniontech.com> commit 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 upstream Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Erpeng Xu <xuerpeng(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index aec6da3e37ef..789c492df6fa 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH 6.10 1/2] Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables

by Erpeng Xu

From: Hilda Wu <hildawu(a)realtek.com> commit 295ef07a9dae6182ad4b689aa8c6a7dbba21474c upstream Add the support ID 0489:e125 to usb_device_id table for Realtek RTL8852B chip. The device info from /sys/kernel/debug/usb/devices as below. T: Bus=01 Lev=01 Prnt=01 Port=07 Cnt=03 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=0489 ProdID=e125 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Signed-off-by: Hilda Wu <hildawu(a)realtek.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Erpeng Xu <xuerpeng(a)uniontech.com> --- drivers/bluetooth/btusb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index e384ef6ff050..aec6da3e37ef 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, /* Realtek 8852BT/8852BE-VT Bluetooth devices */ { USB_DEVICE(0x0bda, 0x8520), .driver_info = BTUSB_REALTEK | -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH] [DEBUG] md/raid1: check recovery_offset in raid1_check_read_range

by Mateusz Jończyk

This should fix the filesystem corruption during RAID resync. Checking this condition in raid1_check_read_range is not ideal, but this is only a debug patch. Link: https://lore.kernel.org/lkml/20240724141906.10b4fc4e@peluse-desk5/T/#m671d6… Signed-off-by: Mateusz Jończyk <mat.jonczyk(a)o2.pl> Cc: Yu Kuai <yukuai3(a)huawei.com> Cc: Song Liu <song(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/md/raid1-10.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/md/raid1-10.c b/drivers/md/raid1-10.c index 2ea1710a3b70..4ab896e8cb12 100644 --- a/drivers/md/raid1-10.c +++ b/drivers/md/raid1-10.c @@ -252,6 +252,10 @@ static inline int raid1_check_read_range(struct md_rdev *rdev, sector_t first_bad; int bad_sectors; + if (!test_bit(In_sync, &rdev->flags) && + rdev->recovery_offset < this_sector + *len) + return 0; + /* no bad block overlap */ if (!is_badblock(rdev, this_sector, *len, &first_bad, &bad_sectors)) return *len; -- 2.25.1

9 months, 1 week

2
1
0 0

[PATCH v2 0/2] ALSA: firewire-lib: restore process context workqueue to prevent deadlock

by Edmund Raile

This patchset serves to prevent a deadlock between process context and softIRQ context: A. In the process context * (lock A) Acquiring spin_lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) Then attempt to enter tasklet B. In the softIRQ context * (lock B) Enter tasklet * (lock A) Attempt to acquire spin_lock by snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci The issue has been reported as a regression of kernel 5.14: Link: https://lore.kernel.org/regressions/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg7… ("[REGRESSION] ALSA: firewire-lib: snd_pcm_period_elapsed deadlock with Fireface 800") Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. Commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") belongs to the same patch series and removed the now-unused workqueue entirely. Though being observed on RME Fireface 800, this issue would affect all Firewire audio interfaces using ohci amdtp + pcm streaming. ALSA streaming, especially under intensive CPU load will reveal this issue the soonest due to issuing more hardIRQs, with time to occurrence ranging from 2 secons to 30 minutes after starting playback. to reproduce the issue: direct ALSA playback to the device: mpv --audio-device=alsa/sysdefault:CARD=Fireface800 Spor-Ignition.flac Time to occurrence: 2s to 30m Likelihood increased by: - high CPU load stress --cpu $(nproc) - switching between applications via workspaces tested with i915 in Xfce PulsaAudio / PipeWire conceal the issue as they run PCM substream without period wakeup mode, issuing less hardIRQs. Backport note: Also applies to and fixes on (tested): 6.10.2, 6.9.12, 6.6.43, 6.1.102, 5.15.164 Edmund Raile (2): ALSA: firewire-lib: restore workqueue for process context ALSA: firewire-lib: prevent deadlock between process and softIRQ context sound/firewire/amdtp-stream.c | 36 ++++++++++++++++++++++------------- sound/firewire/amdtp-stream.h | 1 + 2 files changed, 24 insertions(+), 13 deletions(-) -- 2.45.2

9 months, 1 week

2
3
0 0

+ mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation has been added to the -mm mm-unstable branch. Its filename is mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Adrian Huang <ahuang12(a)lenovo.com> Subject: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation Date: Sat, 27 Jul 2024 00:52:46 +0800 When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0 Code: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75 RSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202 RAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949 RDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50 RBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800 R10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39 R13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0 Call Trace: <IRQ> ? watchdog_timer_fn+0x2cd/0x390 ? __pfx_watchdog_timer_fn+0x10/0x10 ? __hrtimer_run_queues+0x300/0x6d0 ? sched_clock_cpu+0x69/0x4e0 ? __pfx___hrtimer_run_queues+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? ktime_get_update_offsets_now+0x7f/0x2a0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? hrtimer_interrupt+0x2ca/0x760 ? __sysvec_apic_timer_interrupt+0x8c/0x2b0 ? sysvec_apic_timer_interrupt+0x6a/0x90 </IRQ> <TASK> ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? smp_call_function_many_cond+0x1d8/0xbb0 ? __pfx_do_kernel_range_flush+0x10/0x10 on_each_cpu_cond_mask+0x20/0x40 flush_tlb_kernel_range+0x19b/0x250 ? srso_return_thunk+0x5/0x5f ? kasan_release_vmalloc+0xa7/0xc0 purge_vmap_node+0x357/0x820 ? __pfx_purge_vmap_node+0x10/0x10 __purge_vmap_area_lazy+0x5b8/0xa10 drain_vmap_area_work+0x21/0x30 process_one_work+0x661/0x10b0 worker_thread+0x844/0x10e0 ? srso_return_thunk+0x5/0x5f ? __kthread_parkme+0x82/0x140 ? __pfx_worker_thread+0x10/0x10 kthread+0x2a5/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Debugging Analysis: 1. The following ftrace log shows that the lockup CPU spends too much time iterating vmap_nodes and flushing TLB when purging vm_area structures. (Some info is trimmed). kworker: funcgraph_entry: | drain_vmap_area_work() { kworker: funcgraph_entry: | mutex_lock() { kworker: funcgraph_entry: 1.092 us | __cond_resched(); kworker: funcgraph_exit: 3.306 us | } ... ... kworker: funcgraph_entry: | flush_tlb_kernel_range() { ... ... kworker: funcgraph_exit: # 7533.649 us | } ... ... kworker: funcgraph_entry: 2.344 us | mutex_unlock(); kworker: funcgraph_exit: $ 23871554 us | } The drain_vmap_area_work() spends over 23 seconds. There are 2805 flush_tlb_kernel_range() calls in the ftrace log. * One is called in __purge_vmap_area_lazy(). * Others are called by purge_vmap_node->kasan_release_vmalloc. purge_vmap_node() iteratively releases kasan vmalloc allocations and flushes TLB for each vmap_area. - [Rough calculation] Each flush_tlb_kernel_range() runs about 7.5ms. -- 2804 * 7.5ms = 21.03 seconds. -- That's why a soft lock is triggered. 2. Extending the soft lockup time can work around the issue (For example, # echo 60 > /proc/sys/kernel/watchdog_thresh). This confirms the above-mentioned speculation: drain_vmap_area_work() spends too much time. If we combine all TLB flush operations of the KASAN shadow virtual address into one operation in the call path 'purge_vmap_node()->kasan_release_vmalloc()', the running time of drain_vmap_area_work() can be saved greatly. The idea is from the flush_tlb_kernel_range() call in __purge_vmap_area_lazy(). And, the soft lockup won't not be triggered. Here is the test result based on 6.10: [6.10 wo/ the patch] 1. ftrace latency profiling (record a trace if the latency > 20s). echo 20000000 > /sys/kernel/debug/tracing/tracing_thresh echo drain_vmap_area_work > /sys/kernel/debug/tracing/set_graph_function echo function_graph > /sys/kernel/debug/tracing/current_tracer echo 1 > /sys/kernel/debug/tracing/tracing_on 2. Run `make -j $(nproc)` to compile the kernel source 3. Once the soft lockup is reproduced, check the ftrace log: cat /sys/kernel/debug/tracing/trace # tracer: function_graph # # CPU DURATION FUNCTION CALLS # | | | | | | | 76) $ 50412985 us | } /* __purge_vmap_area_lazy */ 76) $ 50412997 us | } /* drain_vmap_area_work */ 76) $ 29165911 us | } /* __purge_vmap_area_lazy */ 76) $ 29165926 us | } /* drain_vmap_area_work */ 91) $ 53629423 us | } /* __purge_vmap_area_lazy */ 91) $ 53629434 us | } /* drain_vmap_area_work */ 91) $ 28121014 us | } /* __purge_vmap_area_lazy */ 91) $ 28121026 us | } /* drain_vmap_area_work */ [6.10 w/ the patch] 1. Repeat step 1-2 in "[6.10 wo/ the patch]" 2. The soft lockup is not triggered and ftrace log is empty. cat /sys/kernel/debug/tracing/trace # tracer: function_graph # # CPU DURATION FUNCTION CALLS # | | | | | | | 3. Setting 'tracing_thresh' to 10/5 seconds does not get any ftrace log. 4. Setting 'tracing_thresh' to 1 second gets ftrace log. cat /sys/kernel/debug/tracing/trace # tracer: function_graph # # CPU DURATION FUNCTION CALLS # | | | | | | | 23) $ 1074942 us | } /* __purge_vmap_area_lazy */ 23) $ 1074950 us | } /* drain_vmap_area_work */ The worst execution time of drain_vmap_area_work() is about 1 second. Link: https://lore.kernel.org/lkml/ZqFlawuVnOMY2k3E@pc638.lan/ Link: https://lkml.kernel.org/r/20240726165246.31326-1-ahuang12@lenovo.com Fixes: 282631cb2447 ("mm: vmalloc: remove global purge_vmap_area_root rb-tree") Signed-off-by: Adrian Huang <ahuang12(a)lenovo.com> Co-developed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Tested-by: Jiwei Sun <sunjw10(a)lenovo.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 12 +++++++++--- mm/kasan/shadow.c | 14 ++++++++++---- mm/vmalloc.c | 34 ++++++++++++++++++++++++++-------- 3 files changed, 45 insertions(+), 15 deletions(-) --- a/include/linux/kasan.h~mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation +++ a/include/linux/kasan.h @@ -29,6 +29,9 @@ typedef unsigned int __bitwise kasan_vma #define KASAN_VMALLOC_VM_ALLOC ((__force kasan_vmalloc_flags_t)0x02u) #define KASAN_VMALLOC_PROT_NORMAL ((__force kasan_vmalloc_flags_t)0x04u) +#define KASAN_VMALLOC_PAGE_RANGE 0x1 /* Apply exsiting page range */ +#define KASAN_VMALLOC_TLB_FLUSH 0x2 /* TLB flush */ + #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) #include <linux/pgtable.h> @@ -531,7 +534,8 @@ void kasan_populate_early_vm_area_shadow int kasan_populate_vmalloc(unsigned long addr, unsigned long size); void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, - unsigned long free_region_end); + unsigned long free_region_end, + unsigned long flags); #else /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ @@ -546,7 +550,8 @@ static inline int kasan_populate_vmalloc static inline void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, - unsigned long free_region_end) { } + unsigned long free_region_end, + unsigned long flags) { } #endif /* CONFIG_KASAN_GENERIC || CONFIG_KASAN_SW_TAGS */ @@ -581,7 +586,8 @@ static inline int kasan_populate_vmalloc static inline void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, - unsigned long free_region_end) { } + unsigned long free_region_end, + unsigned long flags) { } static inline void *kasan_unpoison_vmalloc(const void *start, unsigned long size, --- a/mm/kasan/shadow.c~mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation +++ a/mm/kasan/shadow.c @@ -489,7 +489,8 @@ static int kasan_depopulate_vmalloc_pte( */ void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, - unsigned long free_region_end) + unsigned long free_region_end, + unsigned long flags) { void *shadow_start, *shadow_end; unsigned long region_start, region_end; @@ -522,12 +523,17 @@ void kasan_release_vmalloc(unsigned long __memset(shadow_start, KASAN_SHADOW_INIT, shadow_end - shadow_start); return; } - apply_to_existing_page_range(&init_mm, + + + if (flags & KASAN_VMALLOC_PAGE_RANGE) + apply_to_existing_page_range(&init_mm, (unsigned long)shadow_start, size, kasan_depopulate_vmalloc_pte, NULL); - flush_tlb_kernel_range((unsigned long)shadow_start, - (unsigned long)shadow_end); + + if (flags & KASAN_VMALLOC_TLB_FLUSH) + flush_tlb_kernel_range((unsigned long)shadow_start, + (unsigned long)shadow_end); } } --- a/mm/vmalloc.c~mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation +++ a/mm/vmalloc.c @@ -2187,6 +2187,25 @@ decay_va_pool_node(struct vmap_node *vn, reclaim_list_global(&decay_list); } +static void +kasan_release_vmalloc_node(struct vmap_node *vn) +{ + struct vmap_area *va; + unsigned long start, end; + + start = list_first_entry(&vn->purge_list, struct vmap_area, list)->va_start; + end = list_last_entry(&vn->purge_list, struct vmap_area, list)->va_end; + + list_for_each_entry(va, &vn->purge_list, list) { + if (is_vmalloc_or_module_addr((void *) va->va_start)) + kasan_release_vmalloc(va->va_start, va->va_end, + va->va_start, va->va_end, + KASAN_VMALLOC_PAGE_RANGE); + } + + kasan_release_vmalloc(start, end, start, end, KASAN_VMALLOC_TLB_FLUSH); +} + static void purge_vmap_node(struct work_struct *work) { struct vmap_node *vn = container_of(work, @@ -2194,20 +2213,17 @@ static void purge_vmap_node(struct work_ struct vmap_area *va, *n_va; LIST_HEAD(local_list); + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) + kasan_release_vmalloc_node(vn); + vn->nr_purged = 0; list_for_each_entry_safe(va, n_va, &vn->purge_list, list) { unsigned long nr = (va->va_end - va->va_start) >> PAGE_SHIFT; - unsigned long orig_start = va->va_start; - unsigned long orig_end = va->va_end; unsigned int vn_id = decode_vn_id(va->flags); list_del_init(&va->list); - if (is_vmalloc_or_module_addr((void *)orig_start)) - kasan_release_vmalloc(orig_start, orig_end, - va->va_start, va->va_end); - atomic_long_sub(nr, &vmap_lazy_nr); vn->nr_purged++; @@ -4789,7 +4805,8 @@ recovery: &free_vmap_area_list); if (va) kasan_release_vmalloc(orig_start, orig_end, - va->va_start, va->va_end); + va->va_start, va->va_end, + KASAN_VMALLOC_PAGE_RANGE | KASAN_VMALLOC_TLB_FLUSH); vas[area] = NULL; } @@ -4839,7 +4856,8 @@ err_free_shadow: &free_vmap_area_list); if (va) kasan_release_vmalloc(orig_start, orig_end, - va->va_start, va->va_end); + va->va_start, va->va_end, + KASAN_VMALLOC_PAGE_RANGE | KASAN_VMALLOC_TLB_FLUSH); vas[area] = NULL; kfree(vms[area]); } _ Patches currently in -mm which might be from ahuang12(a)lenovo.com are mm-vmalloc-combine-all-tlb-flush-operations-of-kasan-shadow-virtual-address-into-one-operation.patch

9 months, 1 week

1
0
0 0

[PATCH] kbuild: Fix '-S -c' in x86 stack protector scripts

by Nathan Chancellor

After a recent change in clang to stop consuming all instances of '-S' and '-c' [1], the stack protector scripts break due to the kernel's use of -Werror=unused-command-line-argument to catch cases where flags are not being properly consumed by the compiler driver: $ echo | clang -o - -x c - -S -c -Werror=unused-command-line-argument clang: error: argument unused during compilation: '-c' [-Werror,-Wunused-command-line-argument] This results in CONFIG_STACKPROTECTOR getting disabled because CONFIG_CC_HAS_SANE_STACKPROTECTOR is no longer set. '-c' and '-S' both instruct the compiler to stop at different stages of the pipeline ('-S' after compiling, '-c' after assembling), so having them present together in the same command makes little sense. In this case, the test wants to stop before assembling because it is looking at the textual assembly output of the compiler for either '%fs' or '%gs', so remove '-c' from the list of arguments to resolve the error. All versions of GCC continue to work after this change, along with versions of clang that do or do not contain the change mentioned above. Cc: stable(a)vger.kernel.org Fixes: 4f7fd4d7a791 ("[PATCH] Add the -fstack-protector option to the CFLAGS") Fixes: 60a5317ff0f4 ("x86: implement x86_32 stack protector") Link: https://github.com/llvm/llvm-project/commit/6461e537815f7fa68cef06842505353… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- I think this could go via either -tip or Kbuild? Perhaps this is an issue in the clang commit mentioned in the message above since it deviates from GCC (Fangrui is on CC here) but I think the combination of these options is a little dubious to begin with, hence this change. --- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/gcc-x86_32-has-stack-protector.sh b/scripts/gcc-x86_32-has-stack-protector.sh index 825c75c5b715..9459ca4f0f11 100755 --- a/scripts/gcc-x86_32-has-stack-protector.sh +++ b/scripts/gcc-x86_32-has-stack-protector.sh @@ -5,4 +5,4 @@ # -mstack-protector-guard-reg, added by # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81708 -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m32 -O0 -fstack-protector -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard - -o - 2> /dev/null | grep -q "%fs" +echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -m32 -O0 -fstack-protector -mstack-protector-guard-reg=fs -mstack-protector-guard-symbol=__stack_chk_guard - -o - 2> /dev/null | grep -q "%fs" diff --git a/scripts/gcc-x86_64-has-stack-protector.sh b/scripts/gcc-x86_64-has-stack-protector.sh index 75e4e22b986a..f680bb01aeeb 100755 --- a/scripts/gcc-x86_64-has-stack-protector.sh +++ b/scripts/gcc-x86_64-has-stack-protector.sh @@ -1,4 +1,4 @@ #!/bin/sh # SPDX-License-Identifier: GPL-2.0 -echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -c -m64 -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs" +echo "int foo(void) { char X[200]; return 3; }" | $* -S -x c -m64 -O0 -mcmodel=kernel -fno-PIE -fstack-protector - -o - 2> /dev/null | grep -q "%gs" --- base-commit: 1722389b0d863056d78287a120a1d6cadb8d4f7b change-id: 20240726-fix-x86-stack-protector-tests-b542b1b9416b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

9 months, 1 week

3
7
0 0

[PATCH AUTOSEL 4.19 1/4] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index bb51820890965..a3a4c4724b6c9 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -4822,6 +4822,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, { 0 } }; -- 2.43.0

9 months, 1 week

1
3
0 0

[PATCH AUTOSEL 5.4 1/7] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 3bc7058404156..aef73bc36ee98 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -4986,6 +4986,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

9 months, 1 week

1
6
0 0

[PATCH AUTOSEL 6.1 01/15] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 56dce858a6934..e02a1e513f989 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -4997,6 +4997,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

9 months, 1 week

1
14
0 0

[PATCH AUTOSEL 6.6 01/17] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index ec4277d7835b2..1bf1a83dabb93 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -5092,6 +5092,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

9 months, 1 week

1
16
0 0

[PATCH AUTOSEL 6.10 01/23] PCI: Add ACS quirk for Broadcom BCM5760X NIC

by Sasha Levin

From: Ajit Khaparde <ajit.khaparde(a)broadcom.com> [ Upstream commit 524e057b2d66b61f9b63b6db30467ab7b0bb4796 ] The Broadcom BCM5760X NIC may be a multi-function device. While it does not advertise an ACS capability, peer-to-peer transactions are not possible between the individual functions. So it is ok to treat them as fully isolated. Add an ACS quirk for this device so the functions can be in independent IOMMU groups and attached individually to userspace applications using VFIO. [kwilczynski: commit log] Link: https://lore.kernel.org/linux-pci/20240510204228.73435-1-ajit.khaparde@broa… Signed-off-by: Ajit Khaparde <ajit.khaparde(a)broadcom.com> Signed-off-by: Krzysztof Wilczyński <kwilczynski(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Andy Gospodarek <gospo(a)broadcom.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pci/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 568410e64ce64..a2ce4e08edf5a 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c @@ -5099,6 +5099,10 @@ static const struct pci_dev_acs_enabled { { PCI_VENDOR_ID_BROADCOM, 0x1750, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1751, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0x1752, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1760, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1761, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1762, pci_quirk_mf_endpoint_acs }, + { PCI_VENDOR_ID_BROADCOM, 0x1763, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_BROADCOM, 0xD714, pci_quirk_brcm_acs }, /* Amazon Annapurna Labs */ { PCI_VENDOR_ID_AMAZON_ANNAPURNA_LABS, 0x0031, pci_quirk_al_acs }, -- 2.43.0

9 months, 1 week

1
22
0 0

[PATCH AUTOSEL 4.19 1/5] media: uvcvideo: Ignore empty TS packets

by Sasha Levin

From: Ricardo Ribalda <ribalda(a)chromium.org> [ Upstream commit 5cd7c25f6f0576073b3d03bc4cfb1e8ca63a1195 ] Some SunplusIT cameras took a borderline interpretation of the UVC 1.5 standard, and fill the PTS and SCR fields with invalid data if the package does not contain data. "STC must be captured when the first video data of a video frame is put on the USB bus." Some SunplusIT devices send, e.g., buffer: 0xa7755c00 len 000012 header:0x8c stc 00000000 sof 0000 pts 00000000 buffer: 0xa7755c00 len 000012 header:0x8c stc 00000000 sof 0000 pts 00000000 buffer: 0xa7755c00 len 000668 header:0x8c stc 73779dba sof 070c pts 7376d37a While the UVC specification meant that the first two packets shouldn't have had the SCR bit set in the header. This borderline/buggy interpretation has been implemented in a variety of devices, from directly SunplusIT and from other OEMs that rebrand SunplusIT products. So quirking based on VID:PID will be problematic. All the affected modules have the following extension unit: VideoControl Interface Descriptor: guidExtensionCode {82066163-7050-ab49-b8cc-b3855e8d221d} But the vendor plans to use that GUID in the future and fix the bug, this means that we should use heuristic to figure out the broken packets. This patch takes care of this. lsusb of one of the affected cameras: Bus 001 Device 003: ID 1bcf:2a01 Sunplus Innovation Technology Inc. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.01 bDeviceClass 239 Miscellaneous Device bDeviceSubClass 2 ? bDeviceProtocol 1 Interface Association bMaxPacketSize0 64 idVendor 0x1bcf Sunplus Innovation Technology Inc. idProduct 0x2a01 bcdDevice 0.02 iManufacturer 1 SunplusIT Inc iProduct 2 HanChen Wise Camera iSerial 3 01.00.00 bNumConfigurations 1 Tested-by: HungNien Chen <hn.chen(a)sunplusit.com> Reviewed-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> Reviewed-by: Tomasz Figa <tfiga(a)chromium.org> Link: https://lore.kernel.org/r/20240323-resend-hwtimestamp-v10-2-b08e590d97c7@ch… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/media/usb/uvc/uvc_video.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index c57bc62251bb8..e2c1b98fb4a25 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -473,6 +473,7 @@ uvc_video_clock_decode(struct uvc_streaming *stream, struct uvc_buffer *buf, ktime_t time; u16 host_sof; u16 dev_sof; + u32 dev_stc; switch (data[1] & (UVC_STREAM_PTS | UVC_STREAM_SCR)) { case UVC_STREAM_PTS | UVC_STREAM_SCR: @@ -517,6 +518,34 @@ uvc_video_clock_decode(struct uvc_streaming *stream, struct uvc_buffer *buf, if (dev_sof == stream->clock.last_sof) return; + dev_stc = get_unaligned_le32(&data[header_size - 6]); + + /* + * STC (Source Time Clock) is the clock used by the camera. The UVC 1.5 + * standard states that it "must be captured when the first video data + * of a video frame is put on the USB bus". This is generally understood + * as requiring devices to clear the payload header's SCR bit before + * the first packet containing video data. + * + * Most vendors follow that interpretation, but some (namely SunplusIT + * on some devices) always set the `UVC_STREAM_SCR` bit, fill the SCR + * field with 0's,and expect that the driver only processes the SCR if + * there is data in the packet. + * + * Ignore all the hardware timestamp information if we haven't received + * any data for this frame yet, the packet contains no data, and both + * STC and SOF are zero. This heuristics should be safe on compliant + * devices. This should be safe with compliant devices, as in the very + * unlikely case where a UVC 1.1 device would send timing information + * only before the first packet containing data, and both STC and SOF + * happen to be zero for a particular frame, we would only miss one + * clock sample from many and the clock recovery algorithm wouldn't + * suffer from this condition. + */ + if (buf && buf->bytesused == 0 && len == header_size && + dev_stc == 0 && dev_sof == 0) + return; + stream->clock.last_sof = dev_sof; host_sof = usb_get_current_frame_number(stream->dev->udev); @@ -554,7 +583,7 @@ uvc_video_clock_decode(struct uvc_streaming *stream, struct uvc_buffer *buf, spin_lock_irqsave(&stream->clock.lock, flags); sample = &stream->clock.samples[stream->clock.head]; - sample->dev_stc = get_unaligned_le32(&data[header_size - 6]); + sample->dev_stc = dev_stc; sample->dev_sof = dev_sof; sample->host_sof = host_sof; sample->host_time = time; -- 2.43.0

9 months, 1 week

1
4
0 0

[PATCH AUTOSEL 5.4 1/6] drm/amdgpu: Fix the null pointer dereference to ras_manager

by Sasha Levin

From: Ma Jun <Jun.Ma2(a)amd.com> [ Upstream commit 4c11d30c95576937c6c35e6f29884761f2dddb43 ] Check ras_manager before using it Signed-off-by: Ma Jun <Jun.Ma2(a)amd.com> Reviewed-by: Lijo Lazar <lijo.lazar(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index b6fc191c353a7..96aad6cc83b1e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -1053,12 +1053,15 @@ static void amdgpu_ras_interrupt_process_handler(struct work_struct *work) int amdgpu_ras_interrupt_dispatch(struct amdgpu_device *adev, struct ras_dispatch_if *info) { - struct ras_manager *obj = amdgpu_ras_find_obj(adev, &info->head); - struct ras_ih_data *data = &obj->ih_data; + struct ras_manager *obj; + struct ras_ih_data *data; + obj = amdgpu_ras_find_obj(adev, &info->head); if (!obj) return -EINVAL; + data = &obj->ih_data; + if (data->inuse == 0) return 0; -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 5.10 1/7] drm/amdgpu: Fix the null pointer dereference to ras_manager

by Sasha Levin

From: Ma Jun <Jun.Ma2(a)amd.com> [ Upstream commit 4c11d30c95576937c6c35e6f29884761f2dddb43 ] Check ras_manager before using it Signed-off-by: Ma Jun <Jun.Ma2(a)amd.com> Reviewed-by: Lijo Lazar <lijo.lazar(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c index e971d2b9e3c00..56f10679a26d1 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -1351,12 +1351,15 @@ static void amdgpu_ras_interrupt_process_handler(struct work_struct *work) int amdgpu_ras_interrupt_dispatch(struct amdgpu_device *adev, struct ras_dispatch_if *info) { - struct ras_manager *obj = amdgpu_ras_find_obj(adev, &info->head); - struct ras_ih_data *data = &obj->ih_data; + struct ras_manager *obj; + struct ras_ih_data *data; + obj = amdgpu_ras_find_obj(adev, &info->head); if (!obj) return -EINVAL; + data = &obj->ih_data; + if (data->inuse == 0) return 0; -- 2.43.0

9 months, 1 week

1
6
0 0

[PATCH AUTOSEL 5.15 01/10] drm/amdgpu/pm: Fix the null pointer dereference for smu7

by Sasha Levin

From: Ma Jun <Jun.Ma2(a)amd.com> [ Upstream commit c02c1960c93eede587576625a1221205a68a904f ] optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table. Signed-off-by: Ma Jun <Jun.Ma2(a)amd.com> Reviewed-by: Yang Wang <kevinyang.wang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 50 +++++++++---------- 1 file changed, 24 insertions(+), 26 deletions(-) diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c index 9bfc465d08fb0..2451cec031dda 100644 --- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c +++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c @@ -2907,6 +2907,7 @@ static int smu7_update_edc_leakage_table(struct pp_hwmgr *hwmgr) static int smu7_hwmgr_backend_init(struct pp_hwmgr *hwmgr) { + struct amdgpu_device *adev = hwmgr->adev; struct smu7_hwmgr *data; int result = 0; @@ -2943,40 +2944,37 @@ static int smu7_hwmgr_backend_init(struct pp_hwmgr *hwmgr) /* Initalize Dynamic State Adjustment Rule Settings */ result = phm_initializa_dynamic_state_adjustment_rule_settings(hwmgr); - if (0 == result) { - struct amdgpu_device *adev = hwmgr->adev; + if (result) + goto fail; - data->is_tlu_enabled = false; + data->is_tlu_enabled = false; - hwmgr->platform_descriptor.hardwareActivityPerformanceLevels = + hwmgr->platform_descriptor.hardwareActivityPerformanceLevels = SMU7_MAX_HARDWARE_POWERLEVELS; - hwmgr->platform_descriptor.hardwarePerformanceLevels = 2; - hwmgr->platform_descriptor.minimumClocksReductionPercentage = 50; + hwmgr->platform_descriptor.hardwarePerformanceLevels = 2; + hwmgr->platform_descriptor.minimumClocksReductionPercentage = 50; - data->pcie_gen_cap = adev->pm.pcie_gen_mask; - if (data->pcie_gen_cap & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) - data->pcie_spc_cap = 20; - else - data->pcie_spc_cap = 16; - data->pcie_lane_cap = adev->pm.pcie_mlw_mask; - - hwmgr->platform_descriptor.vbiosInterruptId = 0x20000400; /* IRQ_SOURCE1_SW_INT */ -/* The true clock step depends on the frequency, typically 4.5 or 9 MHz. Here we use 5. */ - hwmgr->platform_descriptor.clockStep.engineClock = 500; - hwmgr->platform_descriptor.clockStep.memoryClock = 500; - smu7_thermal_parameter_init(hwmgr); - } else { - /* Ignore return value in here, we are cleaning up a mess. */ - smu7_hwmgr_backend_fini(hwmgr); - } + data->pcie_gen_cap = adev->pm.pcie_gen_mask; + if (data->pcie_gen_cap & CAIL_PCIE_LINK_SPEED_SUPPORT_GEN3) + data->pcie_spc_cap = 20; + else + data->pcie_spc_cap = 16; + data->pcie_lane_cap = adev->pm.pcie_mlw_mask; + + hwmgr->platform_descriptor.vbiosInterruptId = 0x20000400; /* IRQ_SOURCE1_SW_INT */ + /* The true clock step depends on the frequency, typically 4.5 or 9 MHz. Here we use 5. */ + hwmgr->platform_descriptor.clockStep.engineClock = 500; + hwmgr->platform_descriptor.clockStep.memoryClock = 500; + smu7_thermal_parameter_init(hwmgr); result = smu7_update_edc_leakage_table(hwmgr); - if (result) { - smu7_hwmgr_backend_fini(hwmgr); - return result; - } + if (result) + goto fail; return 0; +fail: + smu7_hwmgr_backend_fini(hwmgr); + return result; } static int smu7_force_dpm_highest(struct pp_hwmgr *hwmgr) -- 2.43.0

9 months, 1 week

1
9
0 0

[PATCH AUTOSEL 6.1 01/17] drm/amdgpu/pm: Fix the param type of set_power_profile_mode

by Sasha Levin

From: Ma Jun <Jun.Ma2(a)amd.com> [ Upstream commit f683f24093dd94a831085fe0ea8e9dc4c6c1a2d1 ] Function .set_power_profile_mode need an array as input parameter. So define variable workload as an array to fix the below coverity warning. "Passing &workload to function hwmgr->hwmgr_func->set_power_profile_mode which uses it as an array. This might corrupt or misinterpret adjacent memory locations" Signed-off-by: Ma Jun <Jun.Ma2(a)amd.com> Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 8 ++++---- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 8 ++++---- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 ++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c b/drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c index 179e1c593a53f..f3668911a88fd 100644 --- a/drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c +++ b/drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c @@ -928,7 +928,7 @@ static int pp_dpm_switch_power_profile(void *handle, enum PP_SMC_POWER_PROFILE type, bool en) { struct pp_hwmgr *hwmgr = handle; - long workload; + long workload[1]; uint32_t index; if (!hwmgr || !hwmgr->pm_en) @@ -946,12 +946,12 @@ static int pp_dpm_switch_power_profile(void *handle, hwmgr->workload_mask &= ~(1 << hwmgr->workload_prority[type]); index = fls(hwmgr->workload_mask); index = index > 0 && index <= Workload_Policy_Max ? index - 1 : 0; - workload = hwmgr->workload_setting[index]; + workload[0] = hwmgr->workload_setting[index]; } else { hwmgr->workload_mask |= (1 << hwmgr->workload_prority[type]); index = fls(hwmgr->workload_mask); index = index <= Workload_Policy_Max ? index - 1 : 0; - workload = hwmgr->workload_setting[index]; + workload[0] = hwmgr->workload_setting[index]; } if (type == PP_SMC_POWER_PROFILE_COMPUTE && @@ -961,7 +961,7 @@ static int pp_dpm_switch_power_profile(void *handle, } if (hwmgr->dpm_level != AMD_DPM_FORCED_LEVEL_MANUAL) - hwmgr->hwmgr_func->set_power_profile_mode(hwmgr, &workload, 0); + hwmgr->hwmgr_func->set_power_profile_mode(hwmgr, workload, 0); return 0; } diff --git a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c index 1d829402cd2e2..f4bd8e9357e22 100644 --- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c +++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c @@ -269,7 +269,7 @@ int psm_adjust_power_state_dynamic(struct pp_hwmgr *hwmgr, bool skip_display_set struct pp_power_state *new_ps) { uint32_t index; - long workload; + long workload[1]; if (hwmgr->not_vf) { if (!skip_display_settings) @@ -294,10 +294,10 @@ int psm_adjust_power_state_dynamic(struct pp_hwmgr *hwmgr, bool skip_display_set if (hwmgr->dpm_level != AMD_DPM_FORCED_LEVEL_MANUAL) { index = fls(hwmgr->workload_mask); index = index > 0 && index <= Workload_Policy_Max ? index - 1 : 0; - workload = hwmgr->workload_setting[index]; + workload[0] = hwmgr->workload_setting[index]; - if (hwmgr->power_profile_mode != workload && hwmgr->hwmgr_func->set_power_profile_mode) - hwmgr->hwmgr_func->set_power_profile_mode(hwmgr, &workload, 0); + if (hwmgr->power_profile_mode != workload[0] && hwmgr->hwmgr_func->set_power_profile_mode) + hwmgr->hwmgr_func->set_power_profile_mode(hwmgr, workload, 0); } return 0; diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c index 1d0693dad8185..91f0646eb3ee0 100644 --- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c +++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c @@ -1834,7 +1834,7 @@ static int smu_adjust_power_state_dynamic(struct smu_context *smu, { int ret = 0; int index = 0; - long workload; + long workload[1]; struct smu_dpm_context *smu_dpm_ctx = &(smu->smu_dpm); if (!skip_display_settings) { @@ -1874,10 +1874,10 @@ static int smu_adjust_power_state_dynamic(struct smu_context *smu, smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) { index = fls(smu->workload_mask); index = index > 0 && index <= WORKLOAD_POLICY_MAX ? index - 1 : 0; - workload = smu->workload_setting[index]; + workload[0] = smu->workload_setting[index]; - if (smu->power_profile_mode != workload) - smu_bump_power_profile_mode(smu, &workload, 0); + if (smu->power_profile_mode != workload[0]) + smu_bump_power_profile_mode(smu, workload, 0); } return ret; @@ -1927,7 +1927,7 @@ static int smu_switch_power_profile(void *handle, { struct smu_context *smu = handle; struct smu_dpm_context *smu_dpm_ctx = &(smu->smu_dpm); - long workload; + long workload[1]; uint32_t index; if (!smu->pm_enabled || !smu->adev->pm.dpm_enabled) @@ -1940,17 +1940,17 @@ static int smu_switch_power_profile(void *handle, smu->workload_mask &= ~(1 << smu->workload_prority[type]); index = fls(smu->workload_mask); index = index > 0 && index <= WORKLOAD_POLICY_MAX ? index - 1 : 0; - workload = smu->workload_setting[index]; + workload[0] = smu->workload_setting[index]; } else { smu->workload_mask |= (1 << smu->workload_prority[type]); index = fls(smu->workload_mask); index = index <= WORKLOAD_POLICY_MAX ? index - 1 : 0; - workload = smu->workload_setting[index]; + workload[0] = smu->workload_setting[index]; } if (smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_MANUAL && smu_dpm_ctx->dpm_level != AMD_DPM_FORCED_LEVEL_PERF_DETERMINISM) - smu_bump_power_profile_mode(smu, &workload, 0); + smu_bump_power_profile_mode(smu, workload, 0); return 0; } -- 2.43.0

9 months, 1 week

1
16
0 0

[PATCH AUTOSEL 6.6 01/20] drm/amd/display: Add delay to improve LTTPR UHBR interop

by Sasha Levin

From: Michael Strauss <michael.strauss(a)amd.com> [ Upstream commit 10839ee6a977ed1f7d0f4deb29f2d7e5d1f2a9dd ] [WHY] Avoid race condition which puts LTTPR into bad state during UHBR LT. [HOW] Delay 30ms between starting UHBR TPS1 PHY output and sending TPS1 via DPCD. Reviewed-by: Wenjing Liu <wenjing.liu(a)amd.com> Acked-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Michael Strauss <michael.strauss(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- .../dc/link/hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c b/drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c index b621b97711b61..a7f5b0f6272ce 100644 --- a/drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c +++ b/drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c @@ -162,7 +162,12 @@ static void set_hpo_fixed_vs_pe_retimer_dp_link_test_pattern(struct dc_link *lin link_res->hpo_dp_link_enc->funcs->set_link_test_pattern( link_res->hpo_dp_link_enc, tp_params); } + link->dc->link_srv->dp_trace_source_sequence(link, DPCD_SOURCE_SEQ_AFTER_SET_SOURCE_PATTERN); + + // Give retimer extra time to lock before updating DP_TRAINING_PATTERN_SET to TPS1 + if (tp_params->dp_phy_pattern == DP_TEST_PATTERN_128b_132b_TPS1_TRAINING_MODE) + msleep(30); } static void set_hpo_fixed_vs_pe_retimer_dp_lane_settings(struct dc_link *link, -- 2.43.0

9 months, 1 week

1
19
0 0

[PATCH AUTOSEL 6.10 01/34] drm/xe/preempt_fence: enlarge the fence critical section

by Sasha Levin

From: Matthew Auld <matthew.auld(a)intel.com> [ Upstream commit 3cd1585e57908b6efcd967465ef7685f40b2a294 ] It is really easy to introduce subtle deadlocks in preempt_fence_work_func() since we operate on single global ordered-wq for signalling our preempt fences behind the scenes, so even though we signal a particular fence, everything in the callback should be in the fence critical section, since blocking in the callback will prevent other published fences from signalling. If we enlarge the fence critical section to cover the entire callback, then lockdep should be able to understand this better, and complain if we grab a sensitive lock like vm->lock, which is also held when waiting on preempt fences. Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240418144630.299531-2-matth… Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/xe/xe_preempt_fence.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_preempt_fence.c b/drivers/gpu/drm/xe/xe_preempt_fence.c index 7d50c6e89d8e7..5b243b7feb59d 100644 --- a/drivers/gpu/drm/xe/xe_preempt_fence.c +++ b/drivers/gpu/drm/xe/xe_preempt_fence.c @@ -23,11 +23,19 @@ static void preempt_fence_work_func(struct work_struct *w) q->ops->suspend_wait(q); dma_fence_signal(&pfence->base); - dma_fence_end_signalling(cookie); - + /* + * Opt for keep everything in the fence critical section. This looks really strange since we + * have just signalled the fence, however the preempt fences are all signalled via single + * global ordered-wq, therefore anything that happens in this callback can easily block + * progress on the entire wq, which itself may prevent other published preempt fences from + * ever signalling. Therefore try to keep everything here in the callback in the fence + * critical section. For example if something below grabs a scary lock like vm->lock, + * lockdep should complain since we also hold that lock whilst waiting on preempt fences to + * complete. + */ xe_vm_queue_rebind_worker(q->vm); - xe_exec_queue_put(q); + dma_fence_end_signalling(cookie); } static const char * -- 2.43.0

9 months, 1 week

1
33
0 0

c1839501fe3e tested

by Edmund Raile

c1839501fe3e ("ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case") indeed fixes the issue. Thank you very much! I just hope non-CIP_NO_HEADER cases work, but then again, looking at the original struct ``` struct { struct fw_iso_packet params; __be32 header[CIP_HEADER_QUADLETS]; } template = { {0}, {0} }; ``` the fw_iso_packet wasn't at the end of the array, thus ``` struct fw_iso_packet { u16 payload_length; /* Length of indirect payload */ u32 interrupt:1; /* Generate interrupt on this packet */ u32 skip:1; /* tx: Set to not send packet at all */ /* rx: Sync bit, wait for matching sy */ u32 tag:2; /* tx: Tag in packet header */ u32 sy:4; /* tx: Sy in packet header */ u32 header_length:8; /* Size of immediate header */ u32 header[]; /* tx: Top of 1394 isoch. data_block */ }; ``` its header array wouldn't ever end up being initialized here with > 0 elements. Maybe that wasn't ever required. Tested-by: Edmund Raile <edmund.raile(a)protonmail.com> Link: https://lore.kernel.org/r/20240725155640.128442-1-o-takashi@sakamocchi.jp

9 months, 1 week

1
0
0 0

[PATCH v2 0/2] ALSA: firewire-lib: restore process context workqueue to prevent deadlock

by Edmund Raile

This patchset serves to prevent a deadlock between process context and softIRQ context: A. In the process context * (lock A) Acquiring spin_lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) Then attempt to enter tasklet B. In the softIRQ context * (lock B) Enter tasklet * (lock A) Attempt to acquire spin_lock by snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci The issue has been reported as a regression of kernel 5.14: Link: https://lore.kernel.org/regressions/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg7… ("[REGRESSION] ALSA: firewire-lib: snd_pcm_period_elapsed deadlock with Fireface 800") Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. Commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") belongs to the same patch series and removed the now-unused workqueue entirely. Though being observed on RME Fireface 800, this issue would affect all Firewire audio interfaces using ohci amdtp + pcm streaming. ALSA streaming, especially under intensive CPU load will reveal this issue the soonest due to issuing more hardIRQs, with time to occurrence ranging from 2 secons to 30 minutes after starting playback. to reproduce the issue: direct ALSA playback to the device: mpv --audio-device=alsa/sysdefault:CARD=Fireface800 Spor-Ignition.flac Time to occurrence: 2s to 30m Likelihood increased by: - high CPU load stress --cpu $(nproc) - switching between applications via workspaces tested with i915 in Xfce PulsaAudio / PipeWire conceal the issue as they run PCM substream without period wakeup mode, issuing less hardIRQs. Backport note: Also applies to and fixes on (tested): 6.10.2, 6.9.12, 6.6.43, 6.1.102, 5.15.164 Edmund Raile (2): ALSA: firewire-lib: restore workqueue for process context ALSA: firewire-lib: prevent deadlock between process and softIRQ context sound/firewire/amdtp-stream.c | 36 ++++++++++++++++++++++------------- sound/firewire/amdtp-stream.h | 1 + 2 files changed, 24 insertions(+), 13 deletions(-) -- 2.45.2

9 months, 1 week

1
2
0 0

[PATCH v2 2/2] ALSA: firewire-lib: prevent deadlock between process and softIRQ context

by Edmund Raile

Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing a deadlock with eventual system freeze under ALSA operation: A. In the process context * (lock A) Acquiring spin_lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) Then attempt to enter tasklet B. In the softIRQ context * (lock B) Enter tasklet * (lock A) Attempt to acquire spin_lock by snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock between ALSA substream process context spin_lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and OHCI 1394 IT softIRQ context spin_lock of snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). Cc: stable(a)vger.kernel.org Fixes: 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Link: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Reported-by: edmund.raile <edmund.raile(a)proton.me> Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index 31201d506a21..c037d7de1fdc 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -615,16 +615,9 @@ static void update_pcm_pointers(struct amdtp_stream *s, // The program in user process should periodically check the status of intermediate // buffer associated to PCM substream to process PCM frames in the buffer, instead // of receiving notification of period elapsed by poll wait. - if (!pcm->runtime->no_period_wakeup) { - if (in_softirq()) { - // In software IRQ context for 1394 OHCI. - snd_pcm_period_elapsed(pcm); - } else { - // In process context of ALSA PCM application under acquired lock of - // PCM substream. - snd_pcm_period_elapsed_under_stream_lock(pcm); - } - } + if (!pcm->runtime->no_period_wakeup) + // wq used with amdtp_domain_stream_pcm_pointer() to prevent deadlock + queue_work(system_highpri_wq, &s->period_work); } } @@ -1866,9 +1859,11 @@ unsigned long amdtp_domain_stream_pcm_pointer(struct amdtp_domain *d, // Process isochronous packets queued till recent isochronous cycle to handle PCM frames. if (irq_target && amdtp_stream_running(irq_target)) { - // In software IRQ context, the call causes dead-lock to disable the tasklet - // synchronously. - if (!in_softirq()) + // use wq to prevent deadlock between process context spin_lock + // of snd_pcm_stream_lock_irq() in snd_pcm_status64() and + // softIRQ context spin_lock of snd_pcm_stream_lock_irqsave() + // in snd_pcm_period_elapsed() + if ((!in_softirq()) && (current_work() != &s->period_work)) fw_iso_context_flush_completions(irq_target->context); } -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH v2 1/2] ALSA: firewire-lib: restore workqueue for process context

by Edmund Raile

prepare resolution of deadlock between process context and softIRQ context: restore workqueue previously used for process context: revert commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Reported-by: edmund.raile <edmund.raile(a)proton.me> Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 15 +++++++++++++++ sound/firewire/amdtp-stream.h | 1 + 2 files changed, 16 insertions(+) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..31201d506a21 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -77,6 +77,8 @@ // overrun. Actual device can skip more, then this module stops the packet streaming. #define IR_JUMBO_PAYLOAD_MAX_SKIP_CYCLES 5 +static void pcm_period_work(struct work_struct *work); + /** * amdtp_stream_init - initialize an AMDTP stream structure * @s: the AMDTP stream to initialize @@ -105,6 +107,7 @@ int amdtp_stream_init(struct amdtp_stream *s, struct fw_unit *unit, s->flags = flags; s->context = ERR_PTR(-1); mutex_init(&s->mutex); + INIT_WORK(&s->period_work, pcm_period_work); s->packet_index = 0; init_waitqueue_head(&s->ready_wait); @@ -347,6 +350,7 @@ EXPORT_SYMBOL(amdtp_stream_get_max_payload); */ void amdtp_stream_pcm_prepare(struct amdtp_stream *s) { + cancel_work_sync(&s->period_work); s->pcm_buffer_pointer = 0; s->pcm_period_pointer = 0; } @@ -624,6 +628,16 @@ static void update_pcm_pointers(struct amdtp_stream *s, } } +static void pcm_period_work(struct work_struct *work) +{ + struct amdtp_stream *s = container_of(work, struct amdtp_stream, + period_work); + struct snd_pcm_substream *pcm = READ_ONCE(s->pcm); + + if (pcm) + snd_pcm_period_elapsed(pcm); +} + static int queue_packet(struct amdtp_stream *s, struct fw_iso_packet *params, bool sched_irq) { @@ -1910,6 +1924,7 @@ static void amdtp_stream_stop(struct amdtp_stream *s) return; } + cancel_work_sync(&s->period_work); fw_iso_context_stop(s->context); fw_iso_context_destroy(s->context); s->context = ERR_PTR(-1); diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h index a1ed2e80f91a..775db3fc4959 100644 --- a/sound/firewire/amdtp-stream.h +++ b/sound/firewire/amdtp-stream.h @@ -191,5 +191,6 @@ struct amdtp_stream { /* For a PCM substream processing. */ struct snd_pcm_substream *pcm; + struct work_struct period_work; snd_pcm_uframes_t pcm_buffer_pointer; unsigned int pcm_period_pointer; -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH v2 2/2] ALSA: firewire-lib: prevent deadlock between process and softIRQ context

by Edmund Raile

Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing a deadlock with eventual system freeze under ALSA operation: A. In the process context * (lock A) Acquiring spin_lock by snd_pcm_stream_lock_irq() in snd_pcm_status64() * (lock B) Then attempt to enter tasklet B. In the softIRQ context * (lock B) Enter tasklet * (lock A) Attempt to acquire spin_lock by snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed() ? tasklet_unlock_spin_wait </NMI> <TASK> ohci_flush_iso_completions firewire_ohci amdtp_domain_stream_pcm_pointer snd_firewire_lib snd_pcm_update_hw_ptr0 snd_pcm snd_pcm_status64 snd_pcm ? native_queued_spin_lock_slowpath </NMI> <IRQ> _raw_spin_lock_irqsave snd_pcm_period_elapsed snd_pcm process_rx_packets snd_firewire_lib irq_target_callback snd_firewire_lib handle_it_packet firewire_ohci context_tasklet firewire_ohci Restore the process context work queue to prevent deadlock between ALSA substream process context spin_lock of snd_pcm_stream_lock_irq() in snd_pcm_status64() and OHCI 1394 IT softIRQ context spin_lock of snd_pcm_stream_lock_irqsave() in snd_pcm_period_elapsed(). Cc: stable(a)vger.kernel.org Fixes: 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") Link: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Reported-by: edmund.raile <edmund.raile(a)proton.me> Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index 31201d506a21..c037d7de1fdc 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -615,16 +615,9 @@ static void update_pcm_pointers(struct amdtp_stream *s, // The program in user process should periodically check the status of intermediate // buffer associated to PCM substream to process PCM frames in the buffer, instead // of receiving notification of period elapsed by poll wait. - if (!pcm->runtime->no_period_wakeup) { - if (in_softirq()) { - // In software IRQ context for 1394 OHCI. - snd_pcm_period_elapsed(pcm); - } else { - // In process context of ALSA PCM application under acquired lock of - // PCM substream. - snd_pcm_period_elapsed_under_stream_lock(pcm); - } - } + if (!pcm->runtime->no_period_wakeup) + // wq used with amdtp_domain_stream_pcm_pointer() to prevent deadlock + queue_work(system_highpri_wq, &s->period_work); } } @@ -1866,9 +1859,11 @@ unsigned long amdtp_domain_stream_pcm_pointer(struct amdtp_domain *d, // Process isochronous packets queued till recent isochronous cycle to handle PCM frames. if (irq_target && amdtp_stream_running(irq_target)) { - // In software IRQ context, the call causes dead-lock to disable the tasklet - // synchronously. - if (!in_softirq()) + // use wq to prevent deadlock between process context spin_lock + // of snd_pcm_stream_lock_irq() in snd_pcm_status64() and + // softIRQ context spin_lock of snd_pcm_stream_lock_irqsave() + // in snd_pcm_period_elapsed() + if ((!in_softirq()) && (current_work() != &s->period_work)) fw_iso_context_flush_completions(irq_target->context); } -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH v2 1/2] ALSA: firewire-lib: restore workqueue for process context

by Edmund Raile

prepare resolution of deadlock between process context and softIRQ context: restore workqueue previously used for process context: revert commit b5b519965c4c ("ALSA: firewire-lib: obsolete workqueue for period update") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/kwryofzdmjvzkuw6j3clftsxmoolynljztxqwg76hzeo4simn… Reported-by: edmund.raile <edmund.raile(a)proton.me> Signed-off-by: Edmund Raile <edmund.raile(a)protonmail.com> --- sound/firewire/amdtp-stream.c | 15 +++++++++++++++ sound/firewire/amdtp-stream.h | 1 + 2 files changed, 16 insertions(+) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..31201d506a21 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -77,6 +77,8 @@ // overrun. Actual device can skip more, then this module stops the packet streaming. #define IR_JUMBO_PAYLOAD_MAX_SKIP_CYCLES 5 +static void pcm_period_work(struct work_struct *work); + /** * amdtp_stream_init - initialize an AMDTP stream structure * @s: the AMDTP stream to initialize @@ -105,6 +107,7 @@ int amdtp_stream_init(struct amdtp_stream *s, struct fw_unit *unit, s->flags = flags; s->context = ERR_PTR(-1); mutex_init(&s->mutex); + INIT_WORK(&s->period_work, pcm_period_work); s->packet_index = 0; init_waitqueue_head(&s->ready_wait); @@ -347,6 +350,7 @@ EXPORT_SYMBOL(amdtp_stream_get_max_payload); */ void amdtp_stream_pcm_prepare(struct amdtp_stream *s) { + cancel_work_sync(&s->period_work); s->pcm_buffer_pointer = 0; s->pcm_period_pointer = 0; } @@ -624,6 +628,16 @@ static void update_pcm_pointers(struct amdtp_stream *s, } } +static void pcm_period_work(struct work_struct *work) +{ + struct amdtp_stream *s = container_of(work, struct amdtp_stream, + period_work); + struct snd_pcm_substream *pcm = READ_ONCE(s->pcm); + + if (pcm) + snd_pcm_period_elapsed(pcm); +} + static int queue_packet(struct amdtp_stream *s, struct fw_iso_packet *params, bool sched_irq) { @@ -1910,6 +1924,7 @@ static void amdtp_stream_stop(struct amdtp_stream *s) return; } + cancel_work_sync(&s->period_work); fw_iso_context_stop(s->context); fw_iso_context_destroy(s->context); s->context = ERR_PTR(-1); diff --git a/sound/firewire/amdtp-stream.h b/sound/firewire/amdtp-stream.h index a1ed2e80f91a..775db3fc4959 100644 --- a/sound/firewire/amdtp-stream.h +++ b/sound/firewire/amdtp-stream.h @@ -191,5 +191,6 @@ struct amdtp_stream { /* For a PCM substream processing. */ struct snd_pcm_substream *pcm; + struct work_struct period_work; snd_pcm_uframes_t pcm_buffer_pointer; unsigned int pcm_period_pointer; -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH AUTOSEL 4.19 1/4] PCI: Add Edimax Vendor ID to pci_ids.h

by Sasha Levin

From: FUJITA Tomonori <fujita.tomonori(a)gmail.com> [ Upstream commit eee5528890d54b22b46f833002355a5ee94c3bb4 ] Add the Edimax Vendor ID (0x1432) for an ethernet driver for Tehuti Networks TN40xx chips. This ID can be used for Realtek 8180 and Ralink rt28xx wireless drivers. Signed-off-by: FUJITA Tomonori <fujita.tomonori(a)gmail.com> Acked-by: Bjorn Helgaas <bhelgaas(a)google.com> Link: https://patch.msgid.link/20240623235507.108147-2-fujita.tomonori@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/linux/pci_ids.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h index 3ac7b92b35b9d..91193284710f1 100644 --- a/include/linux/pci_ids.h +++ b/include/linux/pci_ids.h @@ -2136,6 +2136,8 @@ #define PCI_VENDOR_ID_CHELSIO 0x1425 +#define PCI_VENDOR_ID_EDIMAX 0x1432 + #define PCI_VENDOR_ID_ADLINK 0x144a #define PCI_VENDOR_ID_SAMSUNG 0x144d -- 2.43.0

9 months, 1 week

1
3
0 0

[PATCH AUTOSEL 5.4 1/6] r8169: remove detection of chip version 11 (early RTL8168b)

by Sasha Levin

From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 982300c115d229565d7af8e8b38aa1ee7bb1f5bd ] This early RTL8168b version was the first PCIe chip version, and it's quite quirky. Last sign of life is from more than 15 yrs ago. Let's remove detection of this chip version, we'll see whether anybody complains. If not, support for this chip version can be removed a few kernel versions later. Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Link: https://lore.kernel.org/r/875cdcf4-843c-420a-ad5d-417447b68572@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/realtek/r8169_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 319f8d7a502da..32ea1d902a173 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -2185,7 +2185,9 @@ static void rtl8169_get_mac_version(struct rtl8169_private *tp) /* 8168B family. */ { 0x7cf, 0x380, RTL_GIGA_MAC_VER_12 }, { 0x7c8, 0x380, RTL_GIGA_MAC_VER_17 }, - { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + /* This one is very old and rare, let's see if anybody complains. + * { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + */ /* 8101 family. */ { 0x7c8, 0x448, RTL_GIGA_MAC_VER_39 }, -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 5.10 1/6] r8169: remove detection of chip version 11 (early RTL8168b)

by Sasha Levin

From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 982300c115d229565d7af8e8b38aa1ee7bb1f5bd ] This early RTL8168b version was the first PCIe chip version, and it's quite quirky. Last sign of life is from more than 15 yrs ago. Let's remove detection of this chip version, we'll see whether anybody complains. If not, support for this chip version can be removed a few kernel versions later. Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Link: https://lore.kernel.org/r/875cdcf4-843c-420a-ad5d-417447b68572@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/realtek/r8169_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index d24eb5ee152a5..7d3443ad8e797 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -2018,7 +2018,9 @@ static enum mac_version rtl8169_get_mac_version(u16 xid, bool gmii) /* 8168B family. */ { 0x7cf, 0x380, RTL_GIGA_MAC_VER_12 }, { 0x7c8, 0x380, RTL_GIGA_MAC_VER_17 }, - { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + /* This one is very old and rare, let's see if anybody complains. + * { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + */ /* 8101 family. */ { 0x7c8, 0x448, RTL_GIGA_MAC_VER_39 }, -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 5.15 1/6] r8169: remove detection of chip version 11 (early RTL8168b)

by Sasha Levin

From: Heiner Kallweit <hkallweit1(a)gmail.com> [ Upstream commit 982300c115d229565d7af8e8b38aa1ee7bb1f5bd ] This early RTL8168b version was the first PCIe chip version, and it's quite quirky. Last sign of life is from more than 15 yrs ago. Let's remove detection of this chip version, we'll see whether anybody complains. If not, support for this chip version can be removed a few kernel versions later. Signed-off-by: Heiner Kallweit <hkallweit1(a)gmail.com> Link: https://lore.kernel.org/r/875cdcf4-843c-420a-ad5d-417447b68572@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/ethernet/realtek/r8169_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c index 76d820c4e6eef..c0ad5cd963d08 100644 --- a/drivers/net/ethernet/realtek/r8169_main.c +++ b/drivers/net/ethernet/realtek/r8169_main.c @@ -2063,7 +2063,9 @@ static enum mac_version rtl8169_get_mac_version(u16 xid, bool gmii) /* 8168B family. */ { 0x7cf, 0x380, RTL_GIGA_MAC_VER_12 }, { 0x7c8, 0x380, RTL_GIGA_MAC_VER_17 }, - { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + /* This one is very old and rare, let's see if anybody complains. + * { 0x7c8, 0x300, RTL_GIGA_MAC_VER_11 }, + */ /* 8101 family. */ { 0x7c8, 0x448, RTL_GIGA_MAC_VER_39 }, -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 6.1 01/11] wifi: nl80211: disallow setting special AP channel widths

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 23daf1b4c91db9b26f8425cc7039cf96d22ccbfe ] Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. Reported-by: syzbot+bc0f5b92cc7091f45fb6(a)syzkaller.appspotmail.com Link: https://msgid.link/20240515141600.d4a9590bfe32.I19a32d60097e81b527eafe6b092… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a00df7b89ca86..603fcd921bd22 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3346,6 +3346,33 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, if (chandef.chan != cur_chan) return -EBUSY; + /* only allow this for regular channel widths */ + switch (wdev->links[link_id].ap.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + + switch (chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + result = rdev_set_ap_chanwidth(rdev, dev, link_id, &chandef); if (result) -- 2.43.0

9 months, 1 week

1
10
0 0

[PATCH AUTOSEL 6.6 01/15] wifi: nl80211: disallow setting special AP channel widths

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit 23daf1b4c91db9b26f8425cc7039cf96d22ccbfe ] Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. Reported-by: syzbot+bc0f5b92cc7091f45fb6(a)syzkaller.appspotmail.com Link: https://msgid.link/20240515141600.d4a9590bfe32.I19a32d60097e81b527eafe6b092… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/nl80211.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 8f8f077e6cd40..053258b4e28d2 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -3398,6 +3398,33 @@ static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, if (chandef.chan != cur_chan) return -EBUSY; + /* only allow this for regular channel widths */ + switch (wdev->links[link_id].ap.chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + + switch (chandef.width) { + case NL80211_CHAN_WIDTH_20_NOHT: + case NL80211_CHAN_WIDTH_20: + case NL80211_CHAN_WIDTH_40: + case NL80211_CHAN_WIDTH_80: + case NL80211_CHAN_WIDTH_80P80: + case NL80211_CHAN_WIDTH_160: + case NL80211_CHAN_WIDTH_320: + break; + default: + return -EINVAL; + } + result = rdev_set_ap_chanwidth(rdev, dev, link_id, &chandef); if (result) -- 2.43.0

9 months, 1 week

1
14
0 0

[PATCH AUTOSEL 5.4 1/2] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index a49a09e3de1b3..af78f76a28729 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -681,12 +681,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -823,7 +829,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -868,7 +877,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -879,7 +888,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.10 1/2] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index 8b43efe97da5d..2e1462b8929c0 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -670,12 +670,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -812,7 +818,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -857,7 +866,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -868,7 +877,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
1
0 0

[PATCH AUTOSEL 5.15 1/2] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index c7569151fd02a..aed4132985a96 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -676,12 +676,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -818,7 +824,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -863,7 +872,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -874,7 +883,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
1
0 0

[PATCH AUTOSEL 6.1 1/2] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index 084f156bdfbc4..088740fdea355 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -667,12 +667,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -809,7 +815,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -854,7 +863,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -865,7 +874,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
1
0 0

[PATCH AUTOSEL 6.6 1/3] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index 969bf81e8d546..7f7ad94f22b91 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -678,12 +678,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -823,7 +829,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -868,7 +877,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -879,7 +888,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
2
0 0

[PATCH AUTOSEL 6.10 1/9] ACPI: battery: create alarm sysfs attribute atomically

by Sasha Levin

From: Thomas Weißschuh <linux(a)weissschuh.net> [ Upstream commit a231eed10ed5a290129fda36ad7bcc263c53ff7d ] Let the power supply core register the attribute. This ensures that the attribute is created before the device is announced to userspace, avoid a race condition. Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/acpi/battery.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c index b379401ff1c20..44ca989f16466 100644 --- a/drivers/acpi/battery.c +++ b/drivers/acpi/battery.c @@ -678,12 +678,18 @@ static ssize_t acpi_battery_alarm_store(struct device *dev, return count; } -static const struct device_attribute alarm_attr = { +static struct device_attribute alarm_attr = { .attr = {.name = "alarm", .mode = 0644}, .show = acpi_battery_alarm_show, .store = acpi_battery_alarm_store, }; +static struct attribute *acpi_battery_attrs[] = { + &alarm_attr.attr, + NULL +}; +ATTRIBUTE_GROUPS(acpi_battery); + /* * The Battery Hooking API * @@ -823,7 +829,10 @@ static void __exit battery_hook_exit(void) static int sysfs_add_battery(struct acpi_battery *battery) { - struct power_supply_config psy_cfg = { .drv_data = battery, }; + struct power_supply_config psy_cfg = { + .drv_data = battery, + .attr_grp = acpi_battery_groups, + }; bool full_cap_broken = false; if (!ACPI_BATTERY_CAPACITY_VALID(battery->full_charge_capacity) && @@ -868,7 +877,7 @@ static int sysfs_add_battery(struct acpi_battery *battery) return result; } battery_hook_add_battery(battery); - return device_create_file(&battery->bat->dev, &alarm_attr); + return 0; } static void sysfs_remove_battery(struct acpi_battery *battery) @@ -879,7 +888,6 @@ static void sysfs_remove_battery(struct acpi_battery *battery) return; } battery_hook_remove_battery(battery); - device_remove_file(&battery->bat->dev, &alarm_attr); power_supply_unregister(battery->bat); battery->bat = NULL; mutex_unlock(&battery->sysfs_lock); -- 2.43.0

9 months, 1 week

1
8
0 0

[PATCH AUTOSEL 4.19 1/3] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 7763a1a10f592..2751cb70f2dc1 100644 --- a/fs/open.c +++ b/fs/open.c @@ -229,6 +229,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -297,8 +298,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.4 1/3] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index f1c2ec6790bb3..d88b7f3b4d9f1 100644 --- a/fs/open.c +++ b/fs/open.c @@ -230,6 +230,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -298,8 +299,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
2
0 0

[PATCH AUTOSEL 5.10 1/6] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 694110929519c..be3eb6126d6da 100644 --- a/fs/open.c +++ b/fs/open.c @@ -230,6 +230,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -298,8 +299,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 5.15 1/6] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 97932af49071a..73d864636ae57 100644 --- a/fs/open.c +++ b/fs/open.c @@ -229,6 +229,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -297,8 +298,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
5
0 0

[PATCH AUTOSEL 6.1 1/8] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 0d63c94e1c5e6..dd68725cd7247 100644 --- a/fs/open.c +++ b/fs/open.c @@ -244,6 +244,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -312,8 +313,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
7
0 0

[PATCH AUTOSEL 6.6 1/9] fs: remove accidental overflow during wraparound check

by Sasha Levin

From: Justin Stitt <justinstitt(a)google.com> [ Upstream commit 23cc6ef6fd453b13502caae23130844e7d6ed0fe ] Running syzkaller with the newly enabled signed integer overflow sanitizer produces this report: [ 195.401651] ------------[ cut here ]------------ [ 195.404808] UBSAN: signed-integer-overflow in ../fs/open.c:321:15 [ 195.408739] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long') [ 195.414683] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.420138] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.425804] Call Trace: [ 195.427360] <TASK> [ 195.428791] dump_stack_lvl+0x93/0xd0 [ 195.431150] handle_overflow+0x171/0x1b0 [ 195.433640] vfs_fallocate+0x459/0x4f0 ... [ 195.490053] ------------[ cut here ]------------ [ 195.493146] UBSAN: signed-integer-overflow in ../fs/open.c:321:61 [ 195.497030] 9223372036854775807 + 562984447377399 cannot be represented in type 'loff_t' (aka 'long long) [ 195.502940] CPU: 1 PID: 703 Comm: syz-executor.0 Not tainted 6.8.0-rc2-00039-g14de58dbe653-dirty #11 [ 195.508395] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 195.514075] Call Trace: [ 195.515636] <TASK> [ 195.517000] dump_stack_lvl+0x93/0xd0 [ 195.519255] handle_overflow+0x171/0x1b0 [ 195.521677] vfs_fallocate+0x4cb/0x4f0 [ 195.524033] __x64_sys_fallocate+0xb2/0xf0 Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang. It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's use the check_add_overflow helper to first verify the addition stays within the bounds of its type (long long); then we can use that sum for the following check. Link: https://github.com/llvm/llvm-project/pull/82432 [1] Closes: https://github.com/KSPP/linux/issues/356 Cc: linux-hardening(a)vger.kernel.org Reviewed-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Justin Stitt <justinstitt(a)google.com> Link: https://lore.kernel.org/r/20240513-b4-sio-vfs_fallocate-v2-1-db415872fb16@g… Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/open.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 59db720693f9a..61f0b733ad962 100644 --- a/fs/open.c +++ b/fs/open.c @@ -245,6 +245,7 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) { struct inode *inode = file_inode(file); long ret; + loff_t sum; if (offset < 0 || len <= 0) return -EINVAL; @@ -313,8 +314,11 @@ int vfs_fallocate(struct file *file, int mode, loff_t offset, loff_t len) if (!S_ISREG(inode->i_mode) && !S_ISBLK(inode->i_mode)) return -ENODEV; - /* Check for wrap through zero too */ - if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) + /* Check for wraparound */ + if (check_add_overflow(offset, len, &sum)) + return -EFBIG; + + if (sum > inode->i_sb->s_maxbytes) return -EFBIG; if (!file->f_op->fallocate) -- 2.43.0

9 months, 1 week

1
8
0 0

[PATCH v2] Bluetooth: hci_core: fix suspicious RCU usage in hci_conn_drop()

by Yunseong Kim

Protection from the queuing operation is achieved with an RCU read lock to avoid calling 'queue_delayed_work()' after 'cancel_delayed_work()', but this does not apply to 'hci_conn_drop()'. commit deee93d13d38 ("Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works") The situation described raises concerns about suspicious RCU usage in a corrupted context. CPU 1 CPU 2 hci_dev_do_reset() synchronize_rcu() hci_conn_drop() drain_workqueue() <-- no RCU read protection during queuing. --> queue_delayed_work() It displays a warning message like the following Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 ============================= WARNING: suspicious RCU usage 6.10.0-rc6-01340-gf14c0bb78769 #5 Not tainted ----------------------------- net/mac80211/util.c:4000 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor/798: #0: ffff800089a3de50 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x28/0x40 net/core/rtnetlink.c:79 stack backtrace: CPU: 0 PID: 798 Comm: syz-executor Not tainted 6.10.0-rc6-01340-gf14c0bb78769 #5 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace.part.0+0x1b8/0x1d0 arch/arm64/kernel/stacktrace.c:317 dump_backtrace arch/arm64/kernel/stacktrace.c:323 [inline] show_stack+0x34/0x50 arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xf0/0x170 lib/dump_stack.c:114 dump_stack+0x20/0x30 lib/dump_stack.c:123 lockdep_rcu_suspicious+0x204/0x2f8 kernel/locking/lockdep.c:6712 ieee80211_check_combinations+0x71c/0x828 [mac80211] ieee80211_check_concurrent_iface+0x494/0x700 [mac80211] ieee80211_open+0x140/0x238 [mac80211] __dev_open+0x270/0x498 net/core/dev.c:1474 __dev_change_flags+0x47c/0x610 net/core/dev.c:8837 dev_change_flags+0x98/0x170 net/core/dev.c:8909 devinet_ioctl+0xdf0/0x18d0 net/ipv4/devinet.c:1177 inet_ioctl+0x34c/0x388 net/ipv4/af_inet.c:1003 sock_do_ioctl+0xe4/0x240 net/socket.c:1222 sock_ioctl+0x4cc/0x740 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x184/0x218 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x90/0x2e8 arch/arm64/kernel/syscall.c:48 el0_svc_common.constprop.0+0x200/0x2a8 arch/arm64/kernel/syscall.c:131 el0_svc+0x48/0xc0 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x120/0x130 arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x198 arch/arm64/kernel/entry.S:598 This patch attempts to fix that issue with the same convention. Cc: stable(a)vger.kernel.org # v6.1+ Fixes: deee93d13d38 ("Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Tested-by: Yunseong Kim <yskelg(a)gmail.com> Signed-off-by: Yunseong Kim <yskelg(a)gmail.com> --- include/net/bluetooth/hci_core.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 31020891fc68..111509dc1a23 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -1572,8 +1572,13 @@ static inline void hci_conn_drop(struct hci_conn *conn) } cancel_delayed_work(&conn->disc_work); - queue_delayed_work(conn->hdev->workqueue, - &conn->disc_work, timeo); + + rcu_read_lock(); + if (!hci_dev_test_flag(conn->hdev, HCI_CMD_DRAIN_WORKQUEUE)) { + queue_delayed_work(conn->hdev->workqueue, + &conn->disc_work, timeo); + } + rcu_read_unlock(); } } -- 2.45.2

9 months, 1 week

2
2
0 0

[REGRESSION] Brightness at max level after waking up from sleep on AMD Laptop

by serg.partizan＠gmail.com

Hello, After updating from 6.8.9 to 6.9.1 I noticed a bug on my HP Envy x360 with AMD Ryzen 5 4500U. #regzbot introduced: v6.8.9..v6.9.1 After waking up from sleep brightness is set to max level, ignoring previous value. With the help of Arch Linux team, we was able to track bad commit to this: https://gitlab.freedesktop.org/agd5f/linux/-/commit/63d0b87213a0ba241b3fcfb… I have tested this on latest mainline kernel: Results after waking up: > cat /sys/class/backlight/amdgpu_bl1/{brightness,actual_brightness} 12 252 Then, on exact this commit (63d0b87213a0ba241b3fcfba3fe7b0aed0cd1cc5), result is the same. Then, on commit just before this one (aeaf3e6cf842): > cat /sys/class/backlight/amdgpu_bl1/{brightness,actual_brightness} 12 12 I hope I included all relevant information, more info can be found here: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/52

9 months, 1 week

1
0
0 0

Linux 6.10.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.2 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 13 +++++++- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 +++++++- arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 17 ++++++++--- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 17 ++++++++--- arch/s390/mm/fault.c | 3 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 - drivers/net/tap.c | 5 +++ drivers/net/tun.c | 3 + drivers/usb/gadget/function/f_midi2.c | 19 +++++++----- fs/jfs/xattr.c | 23 ++++++++++++--- fs/locks.c | 9 ++--- fs/ntfs3/fslog.c | 44 ++++++++++++++++++++++++---- fs/ocfs2/dir.c | 46 ++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 +++ sound/core/seq/seq_ump_client.c | 16 ++++++++++ sound/pci/hda/patch_realtek.c | 3 + 27 files changed, 198 insertions(+), 55 deletions(-) Abel Vesa (4): arm64: dts: qcom: x1e80100-qcp: Fix USB PHYs regulators arm64: dts: qcom: x1e80100-crd: Fix the PHY regulator for PCIe 6a arm64: dts: qcom: x1e80100-qcp: Fix the PHY regulator for PCIe 6a arm64: dts: qcom: x1e80100-crd: Fix USB PHYs regulators Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Dmitry Baryshkov (2): arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Gerald Schaefer (1): s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() Greg Kroah-Hartman (1): Linux 6.10.2 Jann Horn (1): filelock: Fix fcntl/close race recovery compat path Konstantin Komarov (1): fs/ntfs3: Add a check for attr_names and oatbl Krishna Kurapati (10): arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shenghao Ding (1): ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop Shengjiu Wang (1): ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame Takashi Iwai (2): usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup ALSA: seq: ump: Skip useless ports for static blocks lei lu (3): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset

9 months, 1 week

1
1
0 0

Linux 6.6.43

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.43 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 ++++++++ arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 - drivers/net/tap.c | 5 +++ drivers/net/tun.c | 3 ++ drivers/usb/gadget/function/f_midi2.c | 19 +++++++----- fs/jfs/xattr.c | 23 ++++++++++++--- fs/locks.c | 9 ++---- fs/ntfs3/fslog.c | 44 ++++++++++++++++++++++++----- fs/ocfs2/dir.c | 46 +++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 +++- sound/core/seq/seq_ump_client.c | 16 ++++++++++ sound/pci/hda/patch_realtek.c | 2 + 17 files changed, 149 insertions(+), 45 deletions(-) Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Dmitry Baryshkov (1): arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Greg Kroah-Hartman (1): Linux 6.6.43 Jann Horn (1): filelock: Fix fcntl/close race recovery compat path Konstantin Komarov (1): fs/ntfs3: Add a check for attr_names and oatbl Krishna Kurapati (4): arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shengjiu Wang (1): ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame Takashi Iwai (2): usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup ALSA: seq: ump: Skip useless ports for static blocks lei lu (3): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset

9 months, 1 week

1
1
0 0

Linux 6.1.102

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.102 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 - drivers/net/tap.c | 5 +++ drivers/net/tun.c | 3 ++ fs/btrfs/transaction.c | 5 ++- fs/f2fs/super.c | 15 +++++++++- fs/jfs/xattr.c | 23 +++++++++++++--- fs/locks.c | 9 ++---- fs/ntfs3/fslog.c | 6 +++- fs/ocfs2/dir.c | 46 ++++++++++++++++++++------------- sound/core/pcm_dmaengine.c | 6 +++- sound/pci/hda/patch_realtek.c | 2 + 15 files changed, 94 insertions(+), 33 deletions(-) Chao Yu (1): f2fs: avoid dead loop in f2fs_issue_checkpoint() Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Filipe Manana (1): btrfs: do not BUG_ON on failure to get dir index for new snapshot Greg Kroah-Hartman (1): Linux 6.1.102 Jann Horn (1): filelock: Fix fcntl/close race recovery compat path Krishna Kurapati (3): arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shengjiu Wang (1): ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame lei lu (3): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset

9 months, 1 week

1
1
0 0

Linux 5.15.164

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.164 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/filesystem-monitoring.rst | 20 +- Makefile | 2 arch/arm/include/asm/uaccess.h | 14 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 arch/arm64/kernel/armv8_deprecated.c | 3 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 arch/powerpc/kvm/book3s_64_vio.c | 18 +- arch/powerpc/platforms/pseries/setup.c | 4 arch/riscv/kernel/stacktrace.c | 3 drivers/acpi/ec.c | 9 - drivers/acpi/processor_idle.c | 40 +--- drivers/block/null_blk/main.c | 4 drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/vmwgfx/Kconfig | 2 drivers/input/mouse/elantech.c | 31 +++ drivers/input/serio/i8042-acpipnpio.h | 18 +- drivers/input/touchscreen/silead.c | 19 -- drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/tap.c | 5 drivers/net/tun.c | 3 drivers/net/usb/qmi_wwan.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 5 drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 ++-- drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 drivers/nvme/host/core.c | 1 drivers/platform/x86/lg-laptop.c | 89 +++------- drivers/platform/x86/wireless-hotkey.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/device_handler/scsi_dh_alua.c | 31 ++- drivers/scsi/hosts.c | 16 + drivers/scsi/libsas/sas_internal.h | 14 + drivers/scsi/qedf/qedf.h | 1 drivers/scsi/qedf/qedf_main.c | 47 ++++- drivers/scsi/scsi_lib.c | 6 drivers/scsi/scsi_priv.h | 2 drivers/scsi/scsi_scan.c | 1 drivers/scsi/scsi_sysfs.c | 1 drivers/spi/spi-imx.c | 2 drivers/spi/spi-mux.c | 1 fs/btrfs/qgroup.c | 4 fs/dcache.c | 31 +-- fs/file.c | 4 fs/hfsplus/xattr.c | 2 fs/jfs/xattr.c | 23 ++ fs/locks.c | 18 -- fs/ntfs3/fslog.c | 6 fs/ocfs2/dir.c | 46 +++-- include/linux/compiler.h | 6 include/linux/minmax.h | 89 +++++++--- include/linux/overflow.h | 1 include/linux/trace_events.h | 2 include/scsi/scsi_host.h | 2 include/sound/dmaengine_pcm.h | 1 kernel/bpf/ringbuf.c | 30 ++- mm/damon/core.c | 23 ++ net/bluetooth/hci_core.c | 4 net/ipv4/af_inet.c | 4 net/ipv6/ila/ila_lwt.c | 7 net/ipv6/rpl_iptunnel.c | 14 - net/mac80211/ieee80211_i.h | 2 net/mac80211/main.c | 11 + net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 + net/mac80211/util.c | 4 net/mac802154/tx.c | 8 net/wireless/scan.c | 8 samples/Kconfig | 9 + samples/Makefile | 1 samples/fanotify/.gitignore | 1 samples/fanotify/Makefile | 5 samples/fanotify/fs-monitor.c | 142 ++++++++++++++++ scripts/gcc-plugins/gcc-common.h | 4 scripts/kconfig/expr.c | 29 --- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 26 ++ sound/pci/hda/patch_realtek.c | 7 sound/soc/intel/boards/bytcr_rt5640.c | 11 + sound/soc/soc-generic-dmaengine-pcm.c | 8 sound/soc/ti/davinci-mcasp.c | 9 - sound/soc/ti/omap-hdmi.c | 6 tools/power/cpupower/utils/helpers/amd.c | 26 ++ tools/testing/selftests/openat2/openat2_test.c | 1 tools/testing/selftests/vDSO/parse_vdso.c | 16 + tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 +- 102 files changed, 868 insertions(+), 366 deletions(-) Aivaz Latypov (1): ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Alexey Makhalov (1): drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Andreas Hindborg (1): null_blk: fix validation of block size Andy Shevchenko (1): minmax: fix header inclusions Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (6): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler platform/x86: wireless-hotkey: Add support for LG Airplane Button platform/x86: lg-laptop: Remove LGEX0815 hotkey handling platform/x86: lg-laptop: Change ACPI device id platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Ayala Beker (1): wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Bart Van Assche (2): scsi: core: Fix a use-after-free tracing: Define the is_signed_type() macro once Chen Ni (1): can: kvaser_usb: fix return value for hif_usb_send_regout Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Chunguang Xu (1): nvme: avoid double free special payload Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Daniel Borkmann (1): bpf: Fix overrunning reservations in ringbuf Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions David Laight (3): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants David Lechner (1): spi: mux: set ctlr->bits_per_word_mask Dhananjay Ugwekar (1): tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Edward Adam Davis (1): hfsplus: fix uninit-value in copy_name Eric Dumazet (2): net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() ila: block BH in ila_output() Filipe Manana (1): btrfs: qgroup: fix quota root leak after quota disable failure Gabriel Krisman Bertazi (3): samples: Add fs error monitoring example samples: Make fs-monitor depend on libc and headers docs: Fix formatting of literal sections in fanotify docs Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Greg Kroah-Hartman (1): Linux 5.15.164 Hans de Goede (1): Input: silead - Always support 10 fingers Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Jai Luthra (2): ALSA: dmaengine: Synchronize dma channel after drop() ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jann Horn (2): filelock: Remove locks reliably when fcntl/close race is detected filelock: Fix fcntl/close race recovery compat path Jason A. Donenfeld (3): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison wifi: rt2x00: use explicitly signed or unsigned types Johannes Berg (2): wifi: mac80211: handle tasklet frames before stopping wifi: mac80211: disable softirqs for queued frame handling John Hubbard (1): selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Kees Cook (1): gcc-plugins: Rename last_stmt() for GCC 14+ Krishna Kurapati (2): arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Linus Torvalds (1): Add gitignore file for samples/fanotify/ subdirectory Martin Wilck (1): scsi: core: alua: I/O errors for ALUA state transitions Masahiro Yamada (3): ARM: 9324/1: fix get_user() broken with veneer kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() Michael Ellerman (2): selftests/openat2: Fix build warnings on ppc64 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Paolo Abeni (1): net: relax socket state check at accept time. Pierre-Eric Pelloux-Prayer (1): drm/radeon: check bo_va->bo is non-NULL before using it Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Puranjay Mohan (1): riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Saurav Kashyap (3): scsi: qedf: Don't process stag work during unload and recovery scsi: qedf: Wait for stag work during unload scsi: qedf: Set qed_slowpath_params to zero before use SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shengjiu Wang (2): ALSA: dmaengine_pcm: terminate dmaengine before synchronize ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi (1): Input: i8042 - add Ayaneo Kun to i8042 quirk table Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Wei Li (1): arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yedidya Benshimol (2): wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() lei lu (3): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist fs/ntfs3: Validate ff offset

9 months, 1 week

1
1
0 0

Linux 5.10.223

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.223 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/include/asm/uaccess.h | 14 ---- arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 arch/arm64/kernel/armv8_deprecated.c | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++++-- arch/powerpc/platforms/pseries/setup.c | 4 - drivers/acpi/ec.c | 9 ++- drivers/acpi/processor_idle.c | 40 +++++-------- drivers/block/null_blk/main.c | 4 - drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 drivers/input/mouse/elantech.c | 31 ++++++++++ drivers/input/serio/i8042-acpipnpio.h | 18 +++++- drivers/input/touchscreen/silead.c | 19 +----- drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/tap.c | 5 + drivers/net/tun.c | 3 + drivers/net/usb/qmi_wwan.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/hosts.c | 16 ++++- drivers/scsi/libsas/sas_internal.h | 14 ++++ drivers/scsi/qedf/qedf_main.c | 1 drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/scsi_priv.h | 2 drivers/scsi/scsi_scan.c | 1 drivers/scsi/scsi_sysfs.c | 1 drivers/spi/spi-imx.c | 2 drivers/spi/spi-mux.c | 1 fs/btrfs/qgroup.c | 4 - fs/dcache.c | 31 ++++------ fs/ext4/super.c | 9 ++- fs/file.c | 4 - fs/hfsplus/xattr.c | 2 fs/jfs/xattr.c | 23 ++++++-- fs/locks.c | 18 ++---- fs/ocfs2/dir.c | 46 ++++++++++------ include/linux/skmsg.h | 2 include/scsi/scsi_host.h | 2 include/sound/dmaengine_pcm.h | 1 kernel/bpf/ringbuf.c | 30 ++++++++-- net/bluetooth/hci_core.c | 4 + net/ipv4/af_inet.c | 4 + net/ipv6/ila/ila_lwt.c | 7 ++ net/ipv6/rpl_iptunnel.c | 14 ++-- net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 +++- net/mac802154/tx.c | 8 +- net/wireless/scan.c | 8 ++ scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ---------- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 - scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 26 +++++++++ sound/pci/hda/patch_realtek.c | 7 ++ sound/soc/intel/boards/bytcr_rt5640.c | 11 +++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++ sound/soc/ti/davinci-mcasp.c | 9 ++- sound/soc/ti/omap-hdmi.c | 6 -- tools/testing/selftests/openat2/openat2_test.c | 1 tools/testing/selftests/vDSO/parse_vdso.c | 16 +++-- tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 +++++- 64 files changed, 403 insertions(+), 203 deletions(-) Aivaz Latypov (1): ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Andreas Hindborg (1): null_blk: fix validation of block size Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (2): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Bart Van Assche (1): scsi: core: Fix a use-after-free Chen Ni (1): can: kvaser_usb: fix return value for hif_usb_send_regout Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Daniel Borkmann (1): bpf: Fix overrunning reservations in ringbuf Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions David Lechner (1): spi: mux: set ctlr->bits_per_word_mask Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Edward Adam Davis (1): hfsplus: fix uninit-value in copy_name Eric Dumazet (2): net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() ila: block BH in ila_output() Filipe Manana (1): btrfs: qgroup: fix quota root leak after quota disable failure Gabriel Krisman Bertazi (2): ext4: fix error code saved on super block during file system abort ext4: Send notifications on error Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Greg Kroah-Hartman (1): Linux 5.10.223 Hans de Goede (1): Input: silead - Always support 10 fingers Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Jai Luthra (2): ALSA: dmaengine: Synchronize dma channel after drop() ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jann Horn (2): filelock: Remove locks reliably when fcntl/close race is detected filelock: Fix fcntl/close race recovery compat path Jason Xing (1): bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue John Hubbard (1): selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Kees Cook (1): gcc-plugins: Rename last_stmt() for GCC 14+ Krishna Kurapati (1): arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada (3): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() ARM: 9324/1: fix get_user() broken with veneer Michael Ellerman (2): selftests/openat2: Fix build warnings on ppc64 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Paolo Abeni (1): net: relax socket state check at accept time. Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Saurav Kashyap (1): scsi: qedf: Set qed_slowpath_params to zero before use Seunghun Han (1): ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Shengjiu Wang (2): ALSA: dmaengine_pcm: terminate dmaengine before synchronize ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Si-Wei Liu (1): tap: add missing verification for short frame Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi (1): Input: i8042 - add Ayaneo Kun to i8042 quirk table Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Wei Li (1): arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() lei lu (2): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist

9 months, 1 week

1
1
0 0

Linux 5.4.281

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.281 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/include/asm/uaccess.h | 14 ---- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++++-- arch/powerpc/platforms/pseries/setup.c | 4 - drivers/acpi/ec.c | 9 ++- drivers/acpi/processor_idle.c | 40 +++++-------- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 drivers/input/mouse/elantech.c | 31 ++++++++++ drivers/input/touchscreen/silead.c | 19 +----- drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/tap.c | 5 + drivers/net/tun.c | 3 + drivers/net/usb/qmi_wwan.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/libsas/sas_internal.h | 14 ++++ drivers/scsi/qedf/qedf_main.c | 1 drivers/spi/spi-imx.c | 2 fs/dcache.c | 31 ++++------ fs/file.c | 4 - fs/hfsplus/xattr.c | 2 fs/jfs/xattr.c | 23 ++++++-- fs/locks.c | 18 ++---- fs/ocfs2/dir.c | 46 ++++++++++------ net/bluetooth/hci_core.c | 4 + net/ipv4/af_inet.c | 4 + net/ipv6/ila/ila_lwt.c | 7 ++ net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 +++- net/mac802154/tx.c | 8 +- net/wireless/scan.c | 8 ++ scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ---------- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 - scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 12 ++++ sound/pci/hda/patch_realtek.c | 5 + sound/soc/intel/boards/bytcr_rt5640.c | 11 +++ sound/soc/ti/davinci-mcasp.c | 9 ++- sound/soc/ti/omap-hdmi.c | 6 -- tools/testing/selftests/vDSO/parse_vdso.c | 16 +++-- tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 +++++- 45 files changed, 289 insertions(+), 177 deletions(-) Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (2): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Chen Ni (1): can: kvaser_usb: fix return value for hif_usb_send_regout Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Dan Carpenter (1): drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dongli Zhang (1): tun: add missing verification for short frame Edson Juliano Drosdeck (1): ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Edward Adam Davis (1): hfsplus: fix uninit-value in copy_name Eric Dumazet (1): ila: block BH in ila_output() Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Greg Kroah-Hartman (1): Linux 5.4.281 Hans de Goede (1): Input: silead - Always support 10 fingers Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Jai Luthra (1): ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jann Horn (2): filelock: Remove locks reliably when fcntl/close race is detected filelock: Fix fcntl/close race recovery compat path John Hubbard (1): selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Kees Cook (1): gcc-plugins: Rename last_stmt() for GCC 14+ Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada (3): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() ARM: 9324/1: fix get_user() broken with veneer Michael Ellerman (1): KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Paolo Abeni (1): net: relax socket state check at accept time. Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Saurav Kashyap (1): scsi: qedf: Set qed_slowpath_params to zero before use Shengjiu Wang (1): ALSA: dmaengine_pcm: terminate dmaengine before synchronize Si-Wei Liu (1): tap: add missing verification for short frame Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() lei lu (2): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist

9 months, 1 week

1
1
0 0

Linux 4.19.319

by Greg Kroah-Hartman

I'm announcing the release of the 4.19.319 kernel. All users of the 4.19 kernel series must upgrade. The updated 4.19.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-4.19.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/include/asm/uaccess.h | 14 ---- drivers/acpi/ec.c | 9 ++- drivers/acpi/processor_idle.c | 40 +++++-------- drivers/input/mouse/elantech.c | 31 ++++++++++ drivers/input/touchscreen/silead.c | 19 +----- drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/usb/qmi_wwan.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/qedf/qedf_main.c | 1 drivers/spi/spi-imx.c | 2 fs/dcache.c | 31 ++++------ fs/file.c | 4 - fs/hfsplus/xattr.c | 2 fs/jfs/xattr.c | 23 ++++++-- fs/locks.c | 18 ++---- fs/ocfs2/dir.c | 46 ++++++++++------ net/bluetooth/hci_core.c | 4 + net/ipv4/af_inet.c | 4 + net/ipv6/ila/ila_lwt.c | 7 ++ net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 +++- net/mac802154/tx.c | 8 +- net/wireless/scan.c | 8 ++ scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ---------- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 - scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 12 ++++ sound/soc/intel/boards/bytcr_rt5640.c | 11 +++ tools/testing/selftests/vDSO/parse_vdso.c | 16 +++-- tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 +++++- 34 files changed, 232 insertions(+), 159 deletions(-) Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Armin Wolf (2): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler Chen Ni (1): can: kvaser_usb: fix return value for hif_usb_send_regout Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Edward Adam Davis (1): hfsplus: fix uninit-value in copy_name Eric Dumazet (1): ila: block BH in ila_output() Greg Kroah-Hartman (1): Linux 4.19.319 Hans de Goede (1): Input: silead - Always support 10 fingers Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Jann Horn (2): filelock: Remove locks reliably when fcntl/close race is detected filelock: Fix fcntl/close race recovery compat path John Hubbard (1): selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Kees Cook (1): gcc-plugins: Rename last_stmt() for GCC 14+ Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada (3): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() ARM: 9324/1: fix get_user() broken with veneer Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Paolo Abeni (1): net: relax socket state check at accept time. Saurav Kashyap (1): scsi: qedf: Set qed_slowpath_params to zero before use Shengjiu Wang (1): ALSA: dmaengine_pcm: terminate dmaengine before synchronize Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() lei lu (2): ocfs2: add bounds checking to ocfs2_check_dir_entry() jfs: don't walk off the end of ealist

9 months, 1 week

1
1
0 0

[PATCH] arm64: v6.8: cmdline param >= 146 chars kills kernel

by Tj

This is v6.8 specific; v6.9 is reported as not affected (due to extensive code refactoring). Commit dc3f5aae0638 reworked how early cmdline CPU feature parsing is done, and converted to using memcmp() in preparation for the move to the pi minimal C standard library. As a result it caused a regression where-by a parameter >= 146 characters on the kernel command line would cause a silent panic with no console clues as to why. It is due to memcmp() in include/linux/fortify-string.h detecting an attempted out-of-bounds read. The cause itself is subtle. arch/arm64/kernel/idreg-override.c::__parse_cmdline() compares the struct aliases entries with each parameter via memcmp(). #define FTR_ALIAS_NAME_LEN 30 #define FTR_ALIAS_OPTION_LEN 116 ... static const struct { char alias[FTR_ALIAS_NAME_LEN]; char feature[FTR_ALIAS_OPTION_LEN]; } aliases[] Each element is 146 characters. When a parameter is also 146 characters the call looks like memcmp(buf, aliases[i].alias, len+1) where len is the equivalent of strlen(buf) and +1 to compare including the trailing NUL. That triggers the fortified memcmp()'s: if (p_size < size || q_size < size) fortify_panic(__func__); where q_size == 146, size == 147 The solution here is to not call memcmp() at all unless the two strings have the same length. Initially reported in Ubuntu (and confirmed to affect Debian and Mainline): https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2069534 Signed-off-by: Tj <tj.iam.tj(a)proton.me> --- arch/arm64/kernel/idreg-override.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/idreg-override.c b/arch/arm64/kernel/idreg-override.c index e30fd9e32ef3a..9d2c120f378ae 100644 --- a/arch/arm64/kernel/idreg-override.c +++ b/arch/arm64/kernel/idreg-override.c @@ -308,7 +308,8 @@ static __init void __parse_cmdline(const char *cmdline, bool parse_aliases) match_options(buf); for (i = 0; parse_aliases && i < ARRAY_SIZE(aliases); i++) - if (!memcmp(buf, aliases[i].alias, len + 1)) + if (len == strlen(aliases[i].alias) && + !memcmp(buf, aliases[i].alias, len + 1)) __parse_cmdline(aliases[i].feature, false); } while (1); } -- 2.39.2

9 months, 1 week

2
1
0 0

[PATCH 5.15 00/87] 5.15.164-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.164 release. There are 87 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.164-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.164-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Linus Torvalds <torvalds(a)linux-foundation.org> Add gitignore file for samples/fanotify/ subdirectory Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Fix formatting of literal sections in fanotify docs Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Make fs-monitor depend on libc and headers Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Add fs error monitoring example Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: disable softirqs for queued frame handling SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping Bart Van Assche <bvanassche(a)acm.org> tracing: Define the is_signed_type() macro once David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Puranjay Mohan <puranjay(a)kernel.org> riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/radeon: check bo_va->bo is non-NULL before using it Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Change ACPI device id Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: wireless-hotkey: Add support for LG Airplane Button Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Alexey Makhalov <alexey.makhalov(a)broadcom.com> drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Wei Li <liwei391(a)huawei.com> arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Ayala Beker <ayala.beker(a)intel.com> wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: handle tasklet frames before stopping Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Wait for stag work during unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Don't process stag work during unload and recovery Martin Wilck <martin.wilck(a)suse.com> scsi: core: alua: I/O errors for ALUA state transitions Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a use-after-free Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: .../admin-guide/filesystem-monitoring.rst | 20 +-- Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + arch/arm64/kernel/armv8_deprecated.c | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++- arch/powerpc/platforms/pseries/setup.c | 4 +- arch/riscv/kernel/stacktrace.c | 3 +- drivers/acpi/ec.c | 9 +- drivers/acpi/processor_idle.c | 40 +++--- drivers/block/null_blk/main.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/vmwgfx/Kconfig | 2 +- drivers/input/mouse/elantech.c | 31 +++++ drivers/input/serio/i8042-acpipnpio.h | 18 ++- drivers/input/touchscreen/silead.c | 19 +-- drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 5 +- drivers/nvme/host/core.c | 1 + drivers/platform/x86/lg-laptop.c | 89 +++++-------- drivers/platform/x86/wireless-hotkey.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++-- drivers/scsi/hosts.c | 16 ++- drivers/scsi/libsas/sas_internal.h | 14 ++ drivers/scsi/qedf/qedf.h | 1 + drivers/scsi/qedf/qedf_main.c | 47 ++++++- drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_scan.c | 1 + drivers/scsi/scsi_sysfs.c | 1 + drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + fs/btrfs/qgroup.c | 4 +- fs/dcache.c | 31 ++--- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++- fs/locks.c | 18 ++- fs/ntfs3/fslog.c | 6 +- fs/ocfs2/dir.c | 46 ++++--- include/linux/compiler.h | 6 + include/linux/minmax.h | 87 +++++++++---- include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 - include/scsi/scsi_host.h | 2 + include/sound/dmaengine_pcm.h | 1 + kernel/bpf/ringbuf.c | 30 ++++- mm/damon/core.c | 21 ++- net/bluetooth/hci_core.c | 4 + net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +- net/ipv6/rpl_iptunnel.c | 14 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/main.c | 11 +- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +- net/mac80211/util.c | 4 + net/mac802154/tx.c | 8 +- net/wireless/scan.c | 8 +- samples/Kconfig | 9 ++ samples/Makefile | 1 + samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 + samples/fanotify/fs-monitor.c | 142 +++++++++++++++++++++ scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ----- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 26 ++++ sound/pci/hda/patch_realtek.c | 7 + sound/soc/intel/boards/bytcr_rt5640.c | 11 ++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++ sound/soc/ti/davinci-mcasp.c | 9 +- sound/soc/ti/omap-hdmi.c | 6 +- tools/power/cpupower/utils/helpers/amd.c | 26 +++- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/vDSO/parse_vdso.c | 16 ++- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++- 87 files changed, 813 insertions(+), 319 deletions(-)

9 months, 1 week

7
97
0 0

[PATCH] ALSA: firewire-lib: fix wrong value as length of header for CIP_NO_HEADER case

by Takashi Sakamoto

In a commit 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"), DEFINE_FLEX() macro was used to handle variable length of array for header field in struct fw_iso_packet structure. The usage of macro has a side effect that the designated initializer assigns the count of array to the given field. Therefore CIP_HEADER_QUADLETS (=2) is assigned to struct fw_iso_packet.header, while the original designated initializer assigns zero to all fields. With CIP_NO_HEADER flag, the change causes invalid length of header in isochronous packet for 1394 OHCI IT context. This bug affects all of devices supported by ALSA fireface driver; RME Fireface 400, 800, UCX, UFX, and 802. This commit fixes the bug by replacing it with the alternative version of macro which corresponds no initializer. Cc: <stable(a)vger.kernel.org> Fixes: 1d717123bb1a ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning") Reported-by: Edmund Raile <edmund.raile(a)proton.me> Closes: https://lore.kernel.org/r/rrufondjeynlkx2lniot26ablsltnynfaq2gnqvbiso7ds32i… Signed-off-by: Takashi Sakamoto <o-takashi(a)sakamocchi.jp> --- sound/firewire/amdtp-stream.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c index d35d0a420ee0..1a163bbcabd7 100644 --- a/sound/firewire/amdtp-stream.c +++ b/sound/firewire/amdtp-stream.c @@ -1180,8 +1180,7 @@ static void process_rx_packets(struct fw_iso_context *context, u32 tstamp, size_ (void)fw_card_read_cycle_time(fw_parent_device(s->unit)->card, &curr_cycle_time); for (i = 0; i < packets; ++i) { - DEFINE_FLEX(struct fw_iso_packet, template, header, - header_length, CIP_HEADER_QUADLETS); + DEFINE_RAW_FLEX(struct fw_iso_packet, template, header, CIP_HEADER_QUADLETS); bool sched_irq = false; build_it_pkt_header(s, desc->cycle, template, pkt_header_length, -- 2.43.0

9 months, 1 week

3
8
0 0

[PATCH 6.10 00/29] 6.10.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.2 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.2-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Skip useless ports for static blocks Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB PHYs regulators Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix the PHY regulator for PCIe 6a Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix the PHY regulator for PCIe 6a Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB PHYs regulators Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add a check for attr_names and oatbl lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() ------------- Diffstat: Makefile | 4 +-- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 + arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 ++ arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 + arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 13 ++++++++- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 ++++++++- arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 ++ arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 17 +++++++++--- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 17 +++++++++--- arch/s390/mm/fault.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/usb/gadget/function/f_midi2.c | 19 +++++++------ fs/jfs/xattr.c | 23 +++++++++++++--- fs/locks.c | 9 +++--- fs/ntfs3/fslog.c | 44 ++++++++++++++++++++++++----- fs/ocfs2/dir.c | 46 +++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 +++- sound/core/seq/seq_ump_client.c | 16 +++++++++++ sound/pci/hda/patch_realtek.c | 3 ++ 25 files changed, 191 insertions(+), 56 deletions(-)

9 months, 1 week

13
41
0 0

[PATCH] power: supply: qcom_battmgr: return EAGAIN when firmware service is not up

by Neil Armstrong

The driver returns -ENODEV when the firmware battmrg service hasn't started yet, while per-se -ENODEV is fine, we usually use -EAGAIN to tell the user to retry again later. And the power supply core uses -EGAIN when the device isn't initialized, let's use the same return. This notably causes an infinite spam of: thermal thermal_zoneXX: failed to read out thermal zone (-19) because the thermal core doesn't understand -ENODEV, but only considers -EAGAIN as a non-fatal error. While it didn't appear until now, commit [1] fixes thermal core and no more ignores thermal zones returning an error at first temperature update. [1] 5725f40698b9 ("thermal: core: Call monitor_thermal_zone() if zone temperature is invalid") Link: https://lore.kernel.org/all/2ed4c630-204a-4f80-a37f-f2ca838eb455@linaro.org/ Cc: stable(a)vger.kernel.org Fixes: 29e8142b5623 ("power: supply: Introduce Qualcomm PMIC GLINK power supply") Signed-off-by: Neil Armstrong <neil.armstrong(a)linaro.org> --- drivers/power/supply/qcom_battmgr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/power/supply/qcom_battmgr.c b/drivers/power/supply/qcom_battmgr.c index 46f36dcb185c..bde874b5e0e7 100644 --- a/drivers/power/supply/qcom_battmgr.c +++ b/drivers/power/supply/qcom_battmgr.c @@ -486,7 +486,7 @@ static int qcom_battmgr_bat_get_property(struct power_supply *psy, int ret; if (!battmgr->service_up) - return -ENODEV; + return -EAGAIN; if (battmgr->variant == QCOM_BATTMGR_SC8280XP) ret = qcom_battmgr_bat_sc8280xp_update(battmgr, psp); @@ -683,7 +683,7 @@ static int qcom_battmgr_ac_get_property(struct power_supply *psy, int ret; if (!battmgr->service_up) - return -ENODEV; + return -EAGAIN; ret = qcom_battmgr_bat_sc8280xp_update(battmgr, psp); if (ret) @@ -748,7 +748,7 @@ static int qcom_battmgr_usb_get_property(struct power_supply *psy, int ret; if (!battmgr->service_up) - return -ENODEV; + return -EAGAIN; if (battmgr->variant == QCOM_BATTMGR_SC8280XP) ret = qcom_battmgr_bat_sc8280xp_update(battmgr, psp); @@ -867,7 +867,7 @@ static int qcom_battmgr_wls_get_property(struct power_supply *psy, int ret; if (!battmgr->service_up) - return -ENODEV; + return -EAGAIN; if (battmgr->variant == QCOM_BATTMGR_SC8280XP) ret = qcom_battmgr_bat_sc8280xp_update(battmgr, psp); --- base-commit: 91e3b24eb7d297d9d99030800ed96944b8652eaf change-id: 20240715-topic-sm8x50-upstream-fix-battmgr-temp-tz-warn-c5a2f956d28d Best regards, -- Neil Armstrong <neil.armstrong(a)linaro.org>

9 months, 1 week

3
2
0 0

[PATCH 1/2] power: supply: axp288_charger: Fix constant_charge_voltage writes

by Hans de Goede

info->max_cv is in millivolts, divide the microvolt value being written to constant_charge_voltage by 1000 *before* clamping it to info->max_cv. Before this fix the code always tried to set constant_charge_voltage to max_cv / 1000 = 4 millivolt, which ends up in setting it to 4.1V which is the lowest supported value. Fixes: 843735b788a4 ("power: axp288_charger: axp288 charger driver") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/power/supply/axp288_charger.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/power/supply/axp288_charger.c b/drivers/power/supply/axp288_charger.c index b5903193e2f9..aea17289a178 100644 --- a/drivers/power/supply/axp288_charger.c +++ b/drivers/power/supply/axp288_charger.c @@ -337,8 +337,8 @@ static int axp288_charger_usb_set_property(struct power_supply *psy, } break; case POWER_SUPPLY_PROP_CONSTANT_CHARGE_VOLTAGE: - scaled_val = min(val->intval, info->max_cv); - scaled_val = DIV_ROUND_CLOSEST(scaled_val, 1000); + scaled_val = DIV_ROUND_CLOSEST(val->intval, 1000); + scaled_val = min(scaled_val, info->max_cv); ret = axp288_charger_set_cv(info, scaled_val); if (ret < 0) { dev_warn(&info->pdev->dev, "set charge voltage failed\n"); -- 2.45.2

9 months, 1 week

2
2
0 0

[merged mm-hotfixes-stable] nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: nilfs2: handle inconsistent state in nilfs_btnode_create_block() has been removed from the -mm tree. Its filename was nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Date: Thu, 25 Jul 2024 14:20:07 +0900 Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer index of the newly created block) is a virtual block number and has been reallocated due to corruption of the bitmap used to manage its allocation state. So, modify nilfs_btnode_create_block() and its callers to treat it as a possible filesystem error, rather than triggering a kernel bug. Link: https://lkml.kernel.org/r/20240725052007.4562-1-konishi.ryusuke@gmail.com Fixes: a60be987d45d ("nilfs2: B-tree node cache") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+89cc4f2324ed37988b60(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=89cc4f2324ed37988b60 Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/btnode.c | 25 ++++++++++++++++++++----- fs/nilfs2/btree.c | 4 ++-- 2 files changed, 22 insertions(+), 7 deletions(-) --- a/fs/nilfs2/btnode.c~nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block +++ a/fs/nilfs2/btnode.c @@ -51,12 +51,21 @@ nilfs_btnode_create_block(struct address bh = nilfs_grab_buffer(inode, btnc, blocknr, BIT(BH_NILFS_Node)); if (unlikely(!bh)) - return NULL; + return ERR_PTR(-ENOMEM); if (unlikely(buffer_mapped(bh) || buffer_uptodate(bh) || buffer_dirty(bh))) { - brelse(bh); - BUG(); + /* + * The block buffer at the specified new address was already + * in use. This can happen if it is a virtual block number + * and has been reallocated due to corruption of the bitmap + * used to manage its allocation state (if not, the buffer + * clearing of an abandoned b-tree node is missing somewhere). + */ + nilfs_error(inode->i_sb, + "state inconsistency probably due to duplicate use of b-tree node block address %llu (ino=%lu)", + (unsigned long long)blocknr, inode->i_ino); + goto failed; } memset(bh->b_data, 0, i_blocksize(inode)); bh->b_bdev = inode->i_sb->s_bdev; @@ -67,6 +76,12 @@ nilfs_btnode_create_block(struct address folio_unlock(bh->b_folio); folio_put(bh->b_folio); return bh; + +failed: + folio_unlock(bh->b_folio); + folio_put(bh->b_folio); + brelse(bh); + return ERR_PTR(-EIO); } int nilfs_btnode_submit_block(struct address_space *btnc, __u64 blocknr, @@ -217,8 +232,8 @@ retry: } nbh = nilfs_btnode_create_block(btnc, newkey); - if (!nbh) - return -ENOMEM; + if (IS_ERR(nbh)) + return PTR_ERR(nbh); BUG_ON(nbh == obh); ctxt->newbh = nbh; --- a/fs/nilfs2/btree.c~nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block +++ a/fs/nilfs2/btree.c @@ -63,8 +63,8 @@ static int nilfs_btree_get_new_block(con struct buffer_head *bh; bh = nilfs_btnode_create_block(btnc, ptr); - if (!bh) - return -ENOMEM; + if (IS_ERR(bh)) + return PTR_ERR(bh); set_buffer_nilfs_volatile(bh); *bhp = bh; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() has been removed from the -mm tree. Its filename was mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Li Zhijian <lizhijian(a)fujitsu.com> Subject: mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() Date: Tue, 23 Jul 2024 14:44:28 +0800 It's expected that no page should be left in pcp_list after calling zone_pcp_disable() in offline_pages(). Previously, it's observed that offline_pages() gets stuck [1] due to some pages remaining in pcp_list. Cause: There is a race condition between drain_pages_zone() and __rmqueue_pcplist() involving the pcp->count variable. See below scenario: CPU0 CPU1 ---------------- --------------- spin_lock(&pcp->lock); __rmqueue_pcplist() { zone_pcp_disable() { /* list is empty */ if (list_empty(list)) { /* add pages to pcp_list */ alloced = rmqueue_bulk() mutex_lock(&pcp_batch_high_lock) ... __drain_all_pages() { drain_pages_zone() { /* read pcp->count, it's 0 here */ count = READ_ONCE(pcp->count) /* 0 means nothing to drain */ /* update pcp->count */ pcp->count += alloced << order; ... ... spin_unlock(&pcp->lock); In this case, after calling zone_pcp_disable() though, there are still some pages in pcp_list. And these pages in pcp_list are neither movable nor isolated, offline_pages() gets stuck as a result. Solution: Expand the scope of the pcp->lock to also protect pcp->count in drain_pages_zone(), to ensure no pages are left in the pcp list after zone_pcp_disable() [1] https://lore.kernel.org/linux-mm/6a07125f-e720-404c-b2f9-e55f3f166e85@fujit… Link: https://lkml.kernel.org/r/20240723064428.1179519-1-lizhijian@fujitsu.com Fixes: 4b23a68f9536 ("mm/page_alloc: protect PCP lists with a spinlock") Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Reported-by: Yao Xingtao <yaoxt.fnst(a)fujitsu.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist +++ a/mm/page_alloc.c @@ -2343,16 +2343,20 @@ void drain_zone_pages(struct zone *zone, static void drain_pages_zone(unsigned int cpu, struct zone *zone) { struct per_cpu_pages *pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); - int count = READ_ONCE(pcp->count); - - while (count) { - int to_drain = min(count, pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX); - count -= to_drain; + int count; + do { spin_lock(&pcp->lock); - free_pcppages_bulk(zone, to_drain, pcp, 0); + count = pcp->count; + if (count) { + int to_drain = min(count, + pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX); + + free_pcppages_bulk(zone, to_drain, pcp, 0); + count -= to_drain; + } spin_unlock(&pcp->lock); - } + } while (count); } /* _ Patches currently in -mm which might be from lizhijian(a)fujitsu.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] alloc_tag-outline-and-export-free_reserved_page.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: alloc_tag: outline and export free_reserved_page() has been removed from the -mm tree. Its filename was alloc_tag-outline-and-export-free_reserved_page.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Suren Baghdasaryan <surenb(a)google.com> Subject: alloc_tag: outline and export free_reserved_page() Date: Wed, 17 Jul 2024 14:28:44 -0700 Outline and export free_reserved_page() because modules use it and it in turn uses page_ext_{get|put} which should not be exported. The same result could be obtained by outlining {get|put}_page_tag_ref() but that would have higher performance impact as these functions are used in more performance critical paths. Link: https://lkml.kernel.org/r/20240717212844.2749975-1-surenb@google.com Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging") Signed-off-by: Suren Baghdasaryan <surenb(a)google.com> Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202407080044.DWMC9N9I-lkp@intel.com/ Suggested-by: Christoph Hellwig <hch(a)infradead.org> Suggested-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Kees Cook <keescook(a)chromium.org> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Pasha Tatashin <pasha.tatashin(a)soleen.com> Cc: Sourav Panda <souravpanda(a)google.com> Cc: <stable(a)vger.kernel.org> [6.10] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 16 +--------------- mm/page_alloc.c | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 15 deletions(-) --- a/include/linux/mm.h~alloc_tag-outline-and-export-free_reserved_page +++ a/include/linux/mm.h @@ -3130,21 +3130,7 @@ extern void reserve_bootmem_region(phys_ phys_addr_t end, int nid); /* Free the reserved page into the buddy system, so it gets managed. */ -static inline void free_reserved_page(struct page *page) -{ - if (mem_alloc_profiling_enabled()) { - union codetag_ref *ref = get_page_tag_ref(page); - - if (ref) { - set_codetag_empty(ref); - put_page_tag_ref(ref); - } - } - ClearPageReserved(page); - init_page_count(page); - __free_page(page); - adjust_managed_page_count(page, 1); -} +void free_reserved_page(struct page *page); #define free_highmem_page(page) free_reserved_page(page) static inline void mark_page_reserved(struct page *page) --- a/mm/page_alloc.c~alloc_tag-outline-and-export-free_reserved_page +++ a/mm/page_alloc.c @@ -5815,6 +5815,23 @@ unsigned long free_reserved_area(void *s return pages; } +void free_reserved_page(struct page *page) +{ + if (mem_alloc_profiling_enabled()) { + union codetag_ref *ref = get_page_tag_ref(page); + + if (ref) { + set_codetag_empty(ref); + put_page_tag_ref(ref); + } + } + ClearPageReserved(page); + init_page_count(page); + __free_page(page); + adjust_managed_page_count(page, 1); +} +EXPORT_SYMBOL(free_reserved_page); + static int page_alloc_cpu_dead(unsigned int cpu) { struct zone *zone; _ Patches currently in -mm which might be from surenb(a)google.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] decompress_bunzip2-fix-rare-decompression-failure.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: decompress_bunzip2: fix rare decompression failure has been removed from the -mm tree. Its filename was decompress_bunzip2-fix-rare-decompression-failure.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ross Lagerwall <ross.lagerwall(a)citrix.com> Subject: decompress_bunzip2: fix rare decompression failure Date: Wed, 17 Jul 2024 17:20:16 +0100 The decompression code parses a huffman tree and counts the number of symbols for a given bit length. In rare cases, there may be >= 256 symbols with a given bit length, causing the unsigned char to overflow. This causes a decompression failure later when the code tries and fails to find the bit length for a given symbol. Since the maximum number of symbols is 258, use unsigned short instead. Link: https://lkml.kernel.org/r/20240717162016.1514077-1-ross.lagerwall@citrix.com Fixes: bc22c17e12c1 ("bzip2/lzma: library support for gzip, bzip2 and lzma decompression") Signed-off-by: Ross Lagerwall <ross.lagerwall(a)citrix.com> Cc: Alain Knaff <alain(a)knaff.lu> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/decompress_bunzip2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/lib/decompress_bunzip2.c~decompress_bunzip2-fix-rare-decompression-failure +++ a/lib/decompress_bunzip2.c @@ -232,7 +232,8 @@ static int INIT get_next_block(struct bu RUNB) */ symCount = symTotal+2; for (j = 0; j < groupCount; j++) { - unsigned char length[MAX_SYMBOLS], temp[MAX_HUFCODE_BITS+1]; + unsigned char length[MAX_SYMBOLS]; + unsigned short temp[MAX_HUFCODE_BITS+1]; int minLen, maxLen, pp; /* Read Huffman code lengths for each symbol. They're stored in a way similar to mtf; record a starting _ Patches currently in -mm which might be from ross.lagerwall(a)citrix.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/huge_memory: avoid PMD-size page cache if needed has been removed from the -mm tree. Its filename was mm-huge_memory-avoid-pmd-size-page-cache-if-needed.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Gavin Shan <gshan(a)redhat.com> Subject: mm/huge_memory: avoid PMD-size page cache if needed Date: Mon, 15 Jul 2024 10:04:23 +1000 xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as MAX_PAGECACHE_ORDER by commit 099d90642a71 ("mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray"). However, it's possible to have 512MB page cache in the huge memory's collapsing path on ARM64 system whose base page size is 64KB. 512MB page cache is breaking the limitation and a warning is raised when the xarray entry is split as shown in the following example. [root@dhcp-10-26-1-207 ~]# cat /proc/1/smaps | grep KernelPageSize KernelPageSize: 64 kB [root@dhcp-10-26-1-207 ~]# cat /tmp/test.c : int main(int argc, char **argv) { const char *filename = TEST_XFS_FILENAME; int fd = 0; void *buf = (void *)-1, *p; int pgsize = getpagesize(); int ret = 0; if (pgsize != 0x10000) { fprintf(stdout, "System with 64KB base page size is required!\n"); return -EPERM; } system("echo 0 > /sys/devices/virtual/bdi/253:0/read_ahead_kb"); system("echo 1 > /proc/sys/vm/drop_caches"); /* Open the xfs file */ fd = open(filename, O_RDONLY); assert(fd > 0); /* Create VMA */ buf = mmap(NULL, TEST_MEM_SIZE, PROT_READ, MAP_SHARED, fd, 0); assert(buf != (void *)-1); fprintf(stdout, "mapped buffer at 0x%p\n", buf); /* Populate VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_NOHUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_POPULATE_READ); assert(ret == 0); /* Collapse VMA */ ret = madvise(buf, TEST_MEM_SIZE, MADV_HUGEPAGE); assert(ret == 0); ret = madvise(buf, TEST_MEM_SIZE, MADV_COLLAPSE); if (ret) { fprintf(stdout, "Error %d to madvise(MADV_COLLAPSE)\n", errno); goto out; } /* Split xarray entry. Write permission is needed */ munmap(buf, TEST_MEM_SIZE); buf = (void *)-1; close(fd); fd = open(filename, O_RDWR); assert(fd > 0); fallocate(fd, FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE, TEST_MEM_SIZE - pgsize, pgsize); out: if (buf != (void *)-1) munmap(buf, TEST_MEM_SIZE); if (fd > 0) close(fd); return ret; } [root@dhcp-10-26-1-207 ~]# gcc /tmp/test.c -o /tmp/test [root@dhcp-10-26-1-207 ~]# /tmp/test ------------[ cut here ]------------ WARNING: CPU: 25 PID: 7560 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct \ nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 \ ip_set rfkill nf_tables nfnetlink vfat fat virtio_balloon drm fuse \ xfs libcrc32c crct10dif_ce ghash_ce sha2_ce sha256_arm64 virtio_net \ sha1_ce net_failover virtio_blk virtio_console failover dimlib virtio_mmio CPU: 25 PID: 7560 Comm: test Kdump: loaded Not tainted 6.10.0-rc7-gavin+ #9 Hardware name: QEMU KVM Virtual Machine, BIOS edk2-20240524-1.el9 05/24/2024 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : xas_split_alloc+0xf8/0x128 lr : split_huge_page_to_list_to_order+0x1c4/0x780 sp : ffff8000ac32f660 x29: ffff8000ac32f660 x28: ffff0000e0969eb0 x27: ffff8000ac32f6c0 x26: 0000000000000c40 x25: ffff0000e0969eb0 x24: 000000000000000d x23: ffff8000ac32f6c0 x22: ffffffdfc0700000 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffdfc0700000 x18: 0000000000000000 x17: 0000000000000000 x16: ffffd5f3708ffc70 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: ffffffffffffffc0 x10: 0000000000000040 x9 : ffffd5f3708e692c x8 : 0000000000000003 x7 : 0000000000000000 x6 : ffff0000e0969eb8 x5 : ffffd5f37289e378 x4 : 0000000000000000 x3 : 0000000000000c40 x2 : 000000000000000d x1 : 000000000000000c x0 : 0000000000000000 Call trace: xas_split_alloc+0xf8/0x128 split_huge_page_to_list_to_order+0x1c4/0x780 truncate_inode_partial_folio+0xdc/0x160 truncate_inode_pages_range+0x1b4/0x4a8 truncate_pagecache_range+0x84/0xa0 xfs_flush_unmap_range+0x70/0x90 [xfs] xfs_file_fallocate+0xfc/0x4d8 [xfs] vfs_fallocate+0x124/0x2f0 ksys_fallocate+0x4c/0xa0 __arm64_sys_fallocate+0x24/0x38 invoke_syscall.constprop.0+0x7c/0xd8 do_el0_svc+0xb4/0xd0 el0_svc+0x44/0x1d8 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Fix it by correcting the supported page cache orders, different sets for DAX and other files. With it corrected, 512MB page cache becomes disallowed on all non-DAX files on ARM64 system where the base page size is 64KB. After this patch is applied, the test program fails with error -EINVAL returned from __thp_vma_allowable_orders() and the madvise() system call to collapse the page caches. Link: https://lkml.kernel.org/r/20240715000423.316491-1-gshan@redhat.com Fixes: 6b24ca4a1a8d ("mm: Use multi-index entries in the page cache") Signed-off-by: Gavin Shan <gshan(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Don Dutile <ddutile(a)redhat.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: William Kucharski <william.kucharski(a)oracle.com> Cc: <stable(a)vger.kernel.org> [5.17+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/huge_mm.h | 12 +++++++++--- mm/huge_memory.c | 12 ++++++++++-- 2 files changed, 19 insertions(+), 5 deletions(-) --- a/include/linux/huge_mm.h~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/include/linux/huge_mm.h @@ -74,14 +74,20 @@ extern struct kobj_attribute thpsize_shm #define THP_ORDERS_ALL_ANON ((BIT(PMD_ORDER + 1) - 1) & ~(BIT(0) | BIT(1))) /* - * Mask of all large folio orders supported for file THP. + * Mask of all large folio orders supported for file THP. Folios in a DAX + * file is never split and the MAX_PAGECACHE_ORDER limit does not apply to + * it. */ -#define THP_ORDERS_ALL_FILE (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DAX \ + (BIT(PMD_ORDER) | BIT(PUD_ORDER)) +#define THP_ORDERS_ALL_FILE_DEFAULT \ + ((BIT(MAX_PAGECACHE_ORDER + 1) - 1) & ~BIT(0)) /* * Mask of all large folio orders supported for THP. */ -#define THP_ORDERS_ALL (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE) +#define THP_ORDERS_ALL \ + (THP_ORDERS_ALL_ANON | THP_ORDERS_ALL_FILE_DAX | THP_ORDERS_ALL_FILE_DEFAULT) #define TVA_SMAPS (1 << 0) /* Will be used for procfs */ #define TVA_IN_PF (1 << 1) /* Page fault handler */ --- a/mm/huge_memory.c~mm-huge_memory-avoid-pmd-size-page-cache-if-needed +++ a/mm/huge_memory.c @@ -89,9 +89,17 @@ unsigned long __thp_vma_allowable_orders bool smaps = tva_flags & TVA_SMAPS; bool in_pf = tva_flags & TVA_IN_PF; bool enforce_sysfs = tva_flags & TVA_ENFORCE_SYSFS; + unsigned long supported_orders; + /* Check the intersection of requested and supported orders. */ - orders &= vma_is_anonymous(vma) ? - THP_ORDERS_ALL_ANON : THP_ORDERS_ALL_FILE; + if (vma_is_anonymous(vma)) + supported_orders = THP_ORDERS_ALL_ANON; + else if (vma_is_dax(vma)) + supported_orders = THP_ORDERS_ALL_FILE_DAX; + else + supported_orders = THP_ORDERS_ALL_FILE_DEFAULT; + + orders &= supported_orders; if (!orders) return 0; _ Patches currently in -mm which might be from gshan(a)redhat.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines has been removed from the -mm tree. Its filename was mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Yang Shi <yang(a)os.amperecomputing.com> Subject: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Date: Fri, 12 Jul 2024 08:58:55 -0700 Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2… Link: https://lkml.kernel.org/r/20240712155855.1130330-1-yang@os.amperecomputing.… Fixes: 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: Yves-Alexis Perez <corsac(a)debian.org> Tested-by: Yves-Alexis Perez <corsac(a)debian.org> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Ben Hutchings <ben(a)decadent.org.uk> Cc: Christoph Lameter <cl(a)linux.com> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Salvatore Bonaccorso <carnil(a)debian.org> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: <stable(a)vger.kernel.org> [6.8+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/huge_memory.c~mm-huge_memory-use-config_64bit-to-relax-huge-page-alignment-on-32-bit-machines +++ a/mm/huge_memory.c @@ -877,7 +877,7 @@ static unsigned long __thp_get_unmapped_ loff_t off_align = round_up(off, size); unsigned long len_pad, ret, off_sub; - if (IS_ENABLED(CONFIG_32BIT) || in_compat_syscall()) + if (!IS_ENABLED(CONFIG_64BIT) || in_compat_syscall()) return 0; if (off_end <= off_align || (off_end - off_align) < size) _ Patches currently in -mm which might be from yang(a)os.amperecomputing.com are

9 months, 1 week

1
0
0 0

[merged mm-hotfixes-stable] mm-fix-old-young-bit-handling-in-the-faulting-path.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix old/young bit handling in the faulting path has been removed from the -mm tree. Its filename was mm-fix-old-young-bit-handling-in-the-faulting-path.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ram Tummala <rtummala(a)nvidia.com> Subject: mm: fix old/young bit handling in the faulting path Date: Tue, 9 Jul 2024 18:45:39 -0700 Commit 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") replaced do_set_pte() with set_pte_range() and that introduced a regression in the following faulting path of non-anonymous vmas which caused the PTE for the faulting address to be marked as old instead of young. handle_pte_fault() do_pte_missing() do_fault() do_read_fault() || do_cow_fault() || do_shared_fault() finish_fault() set_pte_range() The polarity of prefault calculation is incorrect. This leads to prefault being incorrectly set for the faulting address. The following check will incorrectly mark the PTE old rather than young. On some architectures this will cause a double fault to mark it young when the access is retried. if (prefault && arch_wants_old_prefaulted_pte()) entry = pte_mkold(entry); On a subsequent fault on the same address, the faulting path will see a non NULL vmf->pte and instead of reaching the do_pte_missing() path, PTE will then be correctly marked young in handle_pte_fault() itself. Due to this bug, performance degradation in the fault handling path will be observed due to unnecessary double faulting. Link: https://lkml.kernel.org/r/20240710014539.746200-1-rtummala@nvidia.com Fixes: 3bd786f76de2 ("mm: convert do_set_pte() to set_pte_range()") Signed-off-by: Ram Tummala <rtummala(a)nvidia.com> Reviewed-by: Yin Fengwei <fengwei.yin(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Yin Fengwei <fengwei.yin(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/memory.c~mm-fix-old-young-bit-handling-in-the-faulting-path +++ a/mm/memory.c @@ -4780,7 +4780,7 @@ void set_pte_range(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; bool write = vmf->flags & FAULT_FLAG_WRITE; - bool prefault = in_range(vmf->address, addr, nr * PAGE_SIZE); + bool prefault = !in_range(vmf->address, addr, nr * PAGE_SIZE); pte_t entry; flush_icache_pages(vma, page, nr); _ Patches currently in -mm which might be from rtummala(a)nvidia.com are

9 months, 1 week

1
0
0 0

[PATCH 6.9 00/29] 6.9.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.12 release. There are 29 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.12-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.12-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Skip useless ports for static blocks Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix USB PHYs regulators Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix the PHY regulator for PCIe 6a Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-crd: Fix the PHY regulator for PCIe 6a Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb2210-rb1: switch I2C2 to i2c-gpio Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100-qcp: Fix USB PHYs regulators Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Shenghao Ding <shenghao-ding(a)ti.com> ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add a check for attr_names and oatbl lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() ------------- Diffstat: Makefile | 4 +-- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 + arch/arm64/boot/dts/qcom/ipq8074.dtsi | 2 ++ arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 + arch/arm64/boot/dts/qcom/qrb2210-rb1.dts | 13 ++++++++- arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 ++++++++- arch/arm64/boot/dts/qcom/sc7180.dtsi | 1 + arch/arm64/boot/dts/qcom/sc7280.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 ++ arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 17 +++++++++--- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 17 +++++++++--- arch/s390/mm/fault.c | 3 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/usb/gadget/function/f_midi2.c | 19 +++++++------ fs/jfs/xattr.c | 23 +++++++++++++--- fs/locks.c | 9 +++--- fs/ntfs3/fslog.c | 44 ++++++++++++++++++++++++----- fs/ocfs2/dir.c | 46 +++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 +++- sound/core/seq/seq_ump_client.c | 16 +++++++++++ sound/pci/hda/patch_realtek.c | 3 ++ 25 files changed, 191 insertions(+), 56 deletions(-)

9 months, 1 week

11
39
0 0

[tip: irq/urgent] irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq()

by tip-bot2 for Huacai Chen

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 81a91abab1307d7725fa4620952c0767beae7753 Gitweb: https://git.kernel.org/tip/81a91abab1307d7725fa4620952c0767beae7753 Author: Huacai Chen <chenhuacai(a)loongson.cn> AuthorDate: Tue, 23 Jul 2024 14:45:08 +08:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 26 Jul 2024 21:08:42 +02:00 irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq() lpic_gsi_to_irq() should return a valid Linux interrupt number if acpi_register_gsi() succeeds, and return 0 otherwise. But lpic_gsi_to_irq() converts a negative return value of acpi_register_gsi() to a positive value silently. Convert the return value explicitly. Fixes: e8bba72b396c ("irqchip / ACPI: Introduce ACPI_IRQ_MODEL_LPIC for LoongArch") Reported-by: Miao Wang <shankerwangmiao(a)gmail.com> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Jiaxun Yang <jiaxun.yang(a)flygoat.com> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/20240723064508.35560-1-chenhuacai@loongson.cn --- drivers/irqchip/irq-loongarch-cpu.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-loongarch-cpu.c b/drivers/irqchip/irq-loongarch-cpu.c index 9d8f2c4..b35903a 100644 --- a/drivers/irqchip/irq-loongarch-cpu.c +++ b/drivers/irqchip/irq-loongarch-cpu.c @@ -18,11 +18,13 @@ struct fwnode_handle *cpuintc_handle; static u32 lpic_gsi_to_irq(u32 gsi) { + int irq = 0; + /* Only pch irqdomain transferring is required for LoongArch. */ if (gsi >= GSI_MIN_PCH_IRQ && gsi <= GSI_MAX_PCH_IRQ) - return acpi_register_gsi(NULL, gsi, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_HIGH); + irq = acpi_register_gsi(NULL, gsi, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_HIGH); - return 0; + return (irq > 0) ? irq : 0; } static struct fwnode_handle *lpic_get_gsi_domain_id(u32 gsi)

9 months, 1 week

1
0
0 0

[PATCH 6.6 00/16] 6.6.43-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.43 release. There are 16 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.43-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.43-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Takashi Iwai <tiwai(a)suse.de> ALSA: seq: ump: Skip useless ports for static blocks Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: qrb4210-rb2: switch I2C2 to i2c-gpio Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix incorrect default MIDI2 protocol setup lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add a check for attr_names and oatbl lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() ------------- Diffstat: Makefile | 4 +-- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/qrb4210-rb2.dts | 13 ++++++++- arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 1 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/usb/gadget/function/f_midi2.c | 19 +++++++------ fs/jfs/xattr.c | 23 +++++++++++++--- fs/locks.c | 9 +++---- fs/ntfs3/fslog.c | 44 +++++++++++++++++++++++++----- fs/ocfs2/dir.c | 46 ++++++++++++++++++++------------ sound/core/pcm_dmaengine.c | 6 ++++- sound/core/seq/seq_ump_client.c | 16 +++++++++++ sound/pci/hda/patch_realtek.c | 2 ++ 15 files changed, 142 insertions(+), 46 deletions(-)

9 months, 1 week

11
26
0 0

[PATCH 6.1 00/13] 6.1.102-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.102 release. There are 13 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.102-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.102-rc1 Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON on failure to get dir index for new snapshot Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: ipq6018: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Chao Yu <chao(a)kernel.org> f2fs: avoid dead loop in f2fs_issue_checkpoint() Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() ------------- Diffstat: Makefile | 4 +-- arch/arm64/boot/dts/qcom/ipq6018.dtsi | 1 + arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- fs/btrfs/transaction.c | 5 +++- fs/f2fs/super.c | 15 +++++++++-- fs/jfs/xattr.c | 23 ++++++++++++++--- fs/locks.c | 9 +++---- fs/ntfs3/fslog.c | 6 ++++- fs/ocfs2/dir.c | 46 +++++++++++++++++++++------------- sound/core/pcm_dmaengine.c | 6 ++++- sound/pci/hda/patch_realtek.c | 2 ++ 13 files changed, 87 insertions(+), 34 deletions(-)

9 months, 1 week

10
22
0 0

[PATCH 5.15 00/90] 5.15.164-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.164 release. There are 90 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 28 Jul 2024 07:05:35 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.164-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.164-rc2 Si-Wei Liu <si-wei.liu(a)oracle.com> tap: add missing verification for short frame Dongli Zhang <dongli.zhang(a)oracle.com> tun: add missing verification for short frame Jason A. Donenfeld <Jason(a)zx2c4.com> wifi: rt2x00: use explicitly signed or unsigned types Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: sdm630: Disable SS instance in Parkmode for USB Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> fs/ntfs3: Validate ff offset lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Linus Torvalds <torvalds(a)linux-foundation.org> Add gitignore file for samples/fanotify/ subdirectory Gabriel Krisman Bertazi <krisman(a)collabora.com> docs: Fix formatting of literal sections in fanotify docs Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Make fs-monitor depend on libc and headers Gabriel Krisman Bertazi <krisman(a)collabora.com> samples: Add fs error monitoring example Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: disable softirqs for queued frame handling SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping Bart Van Assche <bvanassche(a)acm.org> tracing: Define the is_signed_type() macro once David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Puranjay Mohan <puranjay(a)kernel.org> riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/radeon: check bo_va->bo is non-NULL before using it Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Change ACPI device id Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: wireless-hotkey: Add support for LG Airplane Button Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Alexey Makhalov <alexey.makhalov(a)broadcom.com> drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Wei Li <liwei391(a)huawei.com> arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Ayala Beker <ayala.beker(a)intel.com> wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: handle tasklet frames before stopping Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Wait for stag work during unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Don't process stag work during unload and recovery Martin Wilck <martin.wilck(a)suse.com> scsi: core: alua: I/O errors for ALUA state transitions Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a use-after-free Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: .../admin-guide/filesystem-monitoring.rst | 20 +-- Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +- arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/boot/dts/qcom/sdm630.dtsi | 1 + arch/arm64/kernel/armv8_deprecated.c | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++- arch/powerpc/platforms/pseries/setup.c | 4 +- arch/riscv/kernel/stacktrace.c | 3 +- drivers/acpi/ec.c | 9 +- drivers/acpi/processor_idle.c | 40 +++--- drivers/block/null_blk/main.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/vmwgfx/Kconfig | 2 +- drivers/input/mouse/elantech.c | 31 +++++ drivers/input/serio/i8042-acpipnpio.h | 18 ++- drivers/input/touchscreen/silead.c | 19 +-- drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/tap.c | 5 + drivers/net/tun.c | 3 + drivers/net/usb/qmi_wwan.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 ++- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 5 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2400pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.c | 8 +- drivers/net/wireless/ralink/rt2x00/rt2500usb.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 36 +++--- drivers/net/wireless/ralink/rt2x00/rt2800lib.h | 8 +- drivers/net/wireless/ralink/rt2x00/rt2x00usb.c | 6 +- drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 +- drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 +- drivers/nvme/host/core.c | 1 + drivers/platform/x86/lg-laptop.c | 89 +++++-------- drivers/platform/x86/wireless-hotkey.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++-- drivers/scsi/hosts.c | 16 ++- drivers/scsi/libsas/sas_internal.h | 14 ++ drivers/scsi/qedf/qedf.h | 1 + drivers/scsi/qedf/qedf_main.c | 47 ++++++- drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_scan.c | 1 + drivers/scsi/scsi_sysfs.c | 1 + drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + fs/btrfs/qgroup.c | 4 +- fs/dcache.c | 31 ++--- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++- fs/locks.c | 18 ++- fs/ntfs3/fslog.c | 6 +- fs/ocfs2/dir.c | 46 ++++--- include/linux/compiler.h | 6 + include/linux/minmax.h | 87 +++++++++---- include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 - include/scsi/scsi_host.h | 2 + include/sound/dmaengine_pcm.h | 1 + kernel/bpf/ringbuf.c | 30 ++++- mm/damon/core.c | 21 ++- net/bluetooth/hci_core.c | 4 + net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +- net/ipv6/rpl_iptunnel.c | 14 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/main.c | 11 +- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +- net/mac80211/util.c | 4 + net/mac802154/tx.c | 8 +- net/wireless/scan.c | 8 +- samples/Kconfig | 9 ++ samples/Makefile | 1 + samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 + samples/fanotify/fs-monitor.c | 142 +++++++++++++++++++++ scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ----- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 26 ++++ sound/pci/hda/patch_realtek.c | 7 + sound/soc/intel/boards/bytcr_rt5640.c | 11 ++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++ sound/soc/ti/davinci-mcasp.c | 9 +- sound/soc/ti/omap-hdmi.c | 6 +- tools/power/cpupower/utils/helpers/amd.c | 26 +++- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/vDSO/parse_vdso.c | 16 ++- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++- 102 files changed, 867 insertions(+), 365 deletions(-)

9 months, 1 week

8
7
0 0

[PATCH 4.19 00/32] 4.19.319-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.319 release. There are 32 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 28 Jul 2024 07:05:18 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.319-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.319-rc2 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +------ drivers/acpi/ec.c | 9 ++++- drivers/acpi/processor_idle.c | 40 ++++++++----------- drivers/input/mouse/elantech.c | 31 +++++++++++++++ drivers/input/touchscreen/silead.c | 19 +++------ drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/spi/spi-imx.c | 2 +- fs/dcache.c | 31 +++++++-------- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++++++++-- fs/locks.c | 18 ++++----- fs/ocfs2/dir.c | 46 ++++++++++++++-------- net/bluetooth/hci_core.c | 4 ++ net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +++- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +++++-- net/mac802154/tx.c | 8 ++-- net/wireless/scan.c | 8 +++- scripts/gcc-plugins/gcc-common.h | 4 ++ scripts/kconfig/expr.c | 29 -------------- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 12 ++++++ sound/soc/intel/boards/bytcr_rt5640.c | 11 ++++++ tools/testing/selftests/vDSO/parse_vdso.c | 16 +++++--- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++++++++- 34 files changed, 233 insertions(+), 160 deletions(-)

9 months, 1 week

4
3
0 0

[PATCH 5.10 00/59] 5.10.223-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.223 release. There are 59 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.223-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.223-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: pcm_dmaengine: Don't synchronize DMA channel when DMA is paused Krishna Kurapati <quic_kriskura(a)quicinc.com> arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB Seunghun Han <kkamagui(a)gmail.com> ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: Send notifications on error Gabriel Krisman Bertazi <krisman(a)collabora.com> ext4: fix error code saved on super block during file system abort Bart Van Assche <bvanassche(a)acm.org> scsi: core: Fix a use-after-free Jason Xing <kernelxing(a)tencent.com> bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix overrunning reservations in ringbuf Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Wei Li <liwei391(a)huawei.com> arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +------ arch/arm64/boot/dts/qcom/msm8996.dtsi | 1 + arch/arm64/kernel/armv8_deprecated.c | 3 ++ arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +++- arch/powerpc/kvm/book3s_64_vio.c | 18 ++++++--- arch/powerpc/platforms/pseries/setup.c | 4 +- drivers/acpi/ec.c | 9 ++++- drivers/acpi/processor_idle.c | 40 ++++++++----------- drivers/block/null_blk/main.c | 4 +- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/input/mouse/elantech.c | 31 +++++++++++++++ drivers/input/serio/i8042-acpipnpio.h | 18 ++++++++- drivers/input/touchscreen/silead.c | 19 +++------ drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/hosts.c | 16 ++++++-- drivers/scsi/libsas/sas_internal.h | 14 +++++++ drivers/scsi/qedf/qedf_main.c | 1 + drivers/scsi/scsi_lib.c | 6 ++- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_scan.c | 1 + drivers/scsi/scsi_sysfs.c | 1 + drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + fs/btrfs/qgroup.c | 4 +- fs/dcache.c | 31 +++++++-------- fs/ext4/super.c | 9 ++++- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++++++++-- fs/locks.c | 18 ++++----- fs/ocfs2/dir.c | 46 ++++++++++++++-------- include/linux/skmsg.h | 2 + include/scsi/scsi_host.h | 2 + include/sound/dmaengine_pcm.h | 1 + kernel/bpf/ringbuf.c | 30 +++++++++++--- net/bluetooth/hci_core.c | 4 ++ net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +++- net/ipv6/rpl_iptunnel.c | 14 +++---- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +++++-- net/mac802154/tx.c | 8 ++-- net/wireless/scan.c | 8 +++- scripts/gcc-plugins/gcc-common.h | 4 ++ scripts/kconfig/expr.c | 29 -------------- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 26 ++++++++++++ sound/pci/hda/patch_realtek.c | 7 ++++ sound/soc/intel/boards/bytcr_rt5640.c | 11 ++++++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++++ sound/soc/ti/davinci-mcasp.c | 9 ++++- sound/soc/ti/omap-hdmi.c | 6 +-- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/vDSO/parse_vdso.c | 16 +++++--- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++++++++- 62 files changed, 396 insertions(+), 204 deletions(-)

9 months, 1 week

7
65
0 0

[PATCH 5.4 00/44] 5.4.281-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.281 release. There are 44 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 28 Jul 2024 07:05:34 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.281-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.281-rc2 Si-Wei Liu <si-wei.liu(a)oracle.com> tap: add missing verification for short frame Dongli Zhang <dongli.zhang(a)oracle.com> tun: add missing verification for short frame Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +------ arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +++- arch/powerpc/kvm/book3s_64_vio.c | 18 ++++++--- arch/powerpc/platforms/pseries/setup.c | 4 +- drivers/acpi/ec.c | 9 ++++- drivers/acpi/processor_idle.c | 40 ++++++++----------- drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/input/mouse/elantech.c | 31 +++++++++++++++ drivers/input/touchscreen/silead.c | 19 +++------ drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/tap.c | 5 +++ drivers/net/tun.c | 3 ++ drivers/net/usb/qmi_wwan.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/libsas/sas_internal.h | 14 +++++++ drivers/scsi/qedf/qedf_main.c | 1 + drivers/spi/spi-imx.c | 2 +- fs/dcache.c | 31 +++++++-------- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++++++++-- fs/locks.c | 18 ++++----- fs/ocfs2/dir.c | 46 ++++++++++++++-------- net/bluetooth/hci_core.c | 4 ++ net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +++- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +++++-- net/mac802154/tx.c | 8 ++-- net/wireless/scan.c | 8 +++- scripts/gcc-plugins/gcc-common.h | 4 ++ scripts/kconfig/expr.c | 29 -------------- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 12 ++++++ sound/pci/hda/patch_realtek.c | 5 +++ sound/soc/intel/boards/bytcr_rt5640.c | 11 ++++++ sound/soc/ti/davinci-mcasp.c | 9 ++++- sound/soc/ti/omap-hdmi.c | 6 +-- tools/testing/selftests/vDSO/parse_vdso.c | 16 +++++--- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++++++++- 45 files changed, 290 insertions(+), 178 deletions(-)

9 months, 1 week

5
4
0 0

[PATCH 4.19 00/33] 4.19.319-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 4.19.319 release. There are 33 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.19.319-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.19.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 4.19.319-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Ian Ray <ian.ray(a)gehealthcare.com> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +------ drivers/acpi/ec.c | 9 ++++- drivers/acpi/processor_idle.c | 40 ++++++++----------- drivers/gpio/gpio-pca953x.c | 2 + drivers/input/mouse/elantech.c | 31 +++++++++++++++ drivers/input/touchscreen/silead.c | 19 +++------ drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/qedf/qedf_main.c | 1 + drivers/spi/spi-imx.c | 2 +- fs/dcache.c | 31 +++++++-------- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++++++++-- fs/locks.c | 18 ++++----- fs/ocfs2/dir.c | 46 ++++++++++++++-------- net/bluetooth/hci_core.c | 4 ++ net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +++- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +++++-- net/mac802154/tx.c | 8 ++-- net/wireless/scan.c | 8 +++- scripts/gcc-plugins/gcc-common.h | 4 ++ scripts/kconfig/expr.c | 29 -------------- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 12 ++++++ sound/soc/intel/boards/bytcr_rt5640.c | 11 ++++++ tools/testing/selftests/vDSO/parse_vdso.c | 16 +++++--- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++++++++- 35 files changed, 235 insertions(+), 160 deletions(-)

9 months, 1 week

5
37
0 0

[PATCH 5.4 00/43] 5.4.281-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.281 release. There are 43 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 27 Jul 2024 14:27:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.281-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.281-rc1 Jann Horn <jannh(a)google.com> filelock: Fix fcntl/close race recovery compat path Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 lei lu <llfamsec(a)gmail.com> jfs: don't walk off the end of ealist lei lu <llfamsec(a)gmail.com> ocfs2: add bounds checking to ocfs2_check_dir_entry() Paolo Abeni <pabeni(a)redhat.com> net: relax socket state check at accept time. Dan Carpenter <dan.carpenter(a)linaro.org> drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Ian Ray <ian.ray(a)gehealthcare.com> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +------ arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +++- arch/powerpc/kvm/book3s_64_vio.c | 18 ++++++--- arch/powerpc/platforms/pseries/setup.c | 4 +- drivers/acpi/ec.c | 9 ++++- drivers/acpi/processor_idle.c | 40 ++++++++----------- drivers/gpio/gpio-pca953x.c | 2 + drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c | 2 +- drivers/input/mouse/elantech.c | 31 +++++++++++++++ drivers/input/touchscreen/silead.c | 19 +++------ drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/libsas/sas_internal.h | 14 +++++++ drivers/scsi/qedf/qedf_main.c | 1 + drivers/spi/spi-imx.c | 2 +- fs/dcache.c | 31 +++++++-------- fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/jfs/xattr.c | 23 +++++++++-- fs/locks.c | 18 ++++----- fs/ocfs2/dir.c | 46 ++++++++++++++-------- net/bluetooth/hci_core.c | 4 ++ net/ipv4/af_inet.c | 4 +- net/ipv6/ila/ila_lwt.c | 7 +++- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +++++-- net/mac802154/tx.c | 8 ++-- net/wireless/scan.c | 8 +++- scripts/gcc-plugins/gcc-common.h | 4 ++ scripts/kconfig/expr.c | 29 -------------- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 12 ++++++ sound/pci/hda/patch_realtek.c | 5 +++ sound/soc/intel/boards/bytcr_rt5640.c | 11 ++++++ sound/soc/ti/davinci-mcasp.c | 9 ++++- sound/soc/ti/omap-hdmi.c | 6 +-- tools/testing/selftests/vDSO/parse_vdso.c | 16 +++++--- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++++++++- 44 files changed, 284 insertions(+), 178 deletions(-)

9 months, 1 week

4
47
0 0

[PATCH v7 4/8] RISC-V: Scalar unaligned access emulated on hotplug CPUs

by Jesse Taube

The check_unaligned_access_emulated() function should have been called during CPU hotplug to ensure that if all CPUs had emulated unaligned accesses, the new CPU also does. This patch adds the call to check_unaligned_access_emulated() in the hotplug path. Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V5 -> V6: - New patch V6 -> V7: - No changes --- arch/riscv/kernel/unaligned_access_speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index a9a6bcb02acf..b67db1fc3740 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int cpu) if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_UNKNOWN) goto exit; + check_unaligned_access_emulated(NULL); buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER); if (!buf) { pr_warn("Allocation failure, not measuring misaligned performance\n"); -- 2.45.2

9 months, 1 week

1
0
0 0

[PATCH v7 3/8] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused V5 -> V6: - Change check_unaligned_access_emulated to extern V6 -> V7: - No changes --- arch/riscv/include/asm/cpufeature.h | 2 ++ arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 347805446151..3b24342c7d2a 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/jump_label.h> +#include <linux/workqueue.h> #include <asm/hwcap.h> #include <asm/alternative-macros.h> #include <asm/errno.h> @@ -35,6 +36,7 @@ void riscv_user_isa_enable(void); #if defined(CONFIG_RISCV_MISALIGNED) bool check_unaligned_access_emulated_all_cpus(void); +void check_unaligned_access_emulated(struct work_struct *work __always_unused); void unaligned_emulation_finish(void); bool unaligned_ctl_available(void); DECLARE_PER_CPU(long, misaligned_access_speed); diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..bb09357778c5 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

9 months, 1 week

1
0
0 0

Re: [PATCH 6.10 00/29] 6.10.2-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

9 months, 1 week

1
0
0 0

[PATCH net v4] net: usb: sr9700: fix uninitialized variable use in sr_mdio_read

by Ma Ke

It could lead to error happen because the variable res is not updated if the call to sr_share_read_word returns an error. In this particular case error code was returned and res stayed uninitialized. Same issue also applies to sr_read_reg. This can be avoided by checking the return value of sr_share_read_word and sr_read_reg, and propagating the error if the read operation failed. Found by code review. Cc: stable(a)vger.kernel.org Fixes: c9b37458e956 ("USB2NET : SR9700 : One chip USB 1.1 USB2NET SR9700Device Driver Support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - added a check for sr_read_reg() as suggestions. Changes in v3: - added Cc stable line as suggestions. Changes in v2: - modified the subject as suggestions. --- drivers/net/usb/sr9700.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/net/usb/sr9700.c b/drivers/net/usb/sr9700.c index 0a662e42ed96..cb7d2f798fb4 100644 --- a/drivers/net/usb/sr9700.c +++ b/drivers/net/usb/sr9700.c @@ -179,6 +179,7 @@ static int sr_mdio_read(struct net_device *netdev, int phy_id, int loc) struct usbnet *dev = netdev_priv(netdev); __le16 res; int rc = 0; + int err; if (phy_id) { netdev_dbg(netdev, "Only internal phy supported\n"); @@ -189,11 +190,17 @@ static int sr_mdio_read(struct net_device *netdev, int phy_id, int loc) if (loc == MII_BMSR) { u8 value; - sr_read_reg(dev, SR_NSR, &value); + err = sr_read_reg(dev, SR_NSR, &value); + if (err < 0) + return err; + if (value & NSR_LINKST) rc = 1; } - sr_share_read_word(dev, 1, loc, &res); + err = sr_share_read_word(dev, 1, loc, &res); + if (err < 0) + return err; + if (rc == 1) res = le16_to_cpu(res) | BMSR_LSTATUS; else -- 2.25.1

9 months, 1 week

4
3
0 0

[PATCH] erofs: fix race in z_erofs_get_gbuf()

by Gao Xiang

In z_erofs_get_gbuf(), the current task may be migrated to another CPU between `z_erofs_gbuf_id()` and `spin_lock(&gbuf->lock)`. Therefore, z_erofs_put_gbuf() will trigger the following issue which was found by stress test: <2>[772156.434168] kernel BUG at fs/erofs/zutil.c:58! .. <4>[772156.435007] <4>[772156.439237] CPU: 0 PID: 3078 Comm: stress Kdump: loaded Tainted: G E 6.10.0-rc7+ #2 <4>[772156.439239] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 1.0.0 01/01/2017 <4>[772156.439241] pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) <4>[772156.439243] pc : z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.439252] lr : z_erofs_lz4_decompress+0x600/0x6a0 [erofs] .. <6>[772156.445958] stress (3127): drop_caches: 1 <4>[772156.446120] Call trace: <4>[772156.446121] z_erofs_put_gbuf+0x64/0x70 [erofs] <4>[772156.446761] z_erofs_lz4_decompress+0x600/0x6a0 [erofs] <4>[772156.446897] z_erofs_decompress_queue+0x740/0xa10 [erofs] <4>[772156.447036] z_erofs_runqueue+0x428/0x8c0 [erofs] <4>[772156.447160] z_erofs_readahead+0x224/0x390 [erofs] .. Fixes: f36f3010f676 ("erofs: rename per-CPU buffers to global buffer pool and make it configurable") Cc: <stable(a)vger.kernel.org> # 6.10+ Cc: Chunhai Guo <guochunhai(a)vivo.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/zutil.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index b80f612867c2..9b53883e5caf 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -38,11 +38,13 @@ void *z_erofs_get_gbuf(unsigned int requiredpages) { struct z_erofs_gbuf *gbuf; + migrate_disable(); gbuf = &z_erofs_gbufpool[z_erofs_gbuf_id()]; spin_lock(&gbuf->lock); /* check if the buffer is too small */ if (requiredpages > gbuf->nrpages) { spin_unlock(&gbuf->lock); + migrate_enable(); /* (for sparse checker) pretend gbuf->lock is still taken */ __acquire(gbuf->lock); return NULL; @@ -57,6 +59,7 @@ void z_erofs_put_gbuf(void *ptr) __releases(gbuf->lock) gbuf = &z_erofs_gbufpool[z_erofs_gbuf_id()]; DBG_BUGON(gbuf->ptr != ptr); spin_unlock(&gbuf->lock); + migrate_enable(); } int z_erofs_gbuf_growsize(unsigned int nrpages) -- 2.43.5

9 months, 1 week

4
3
0 0

[PATCH] drm/lima: Mark simple_ondemand governor as softdep

by Dragan Simic

Lima DRM driver uses devfreq to perform DVFS, while using simple_ondemand devfreq governor by default. This causes driver initialization to fail on boot when simple_ondemand governor isn't built into the kernel statically, as a result of the missing module dependency and, consequently, the required governor module not being included in the initial ramdisk. Thus, let's mark simple_ondemand governor as a softdep for Lima, to have its kernel module included in the initial ramdisk. This is a rather longstanding issue that has forced distributions to build devfreq governors statically into their kernels, [1][2] or may have forced some users to introduce unnecessary workarounds. Having simple_ondemand marked as a softdep for Lima may not resolve this issue for all Linux distributions. In particular, it will remain unresolved for the distributions whose utilities for the initial ramdisk generation do not handle the available softdep information [3] properly yet. However, some Linux distributions already handle softdeps properly while generating their initial ramdisks, [4] and this is a prerequisite step in the right direction for the distributions that don't handle them properly yet. [1] https://gitlab.manjaro.org/manjaro-arm/packages/core/linux-pinephone/-/blob… [2] https://gitlab.com/postmarketOS/pmaports/-/blob/7f64e287e7732c9eaa029653e73… [3] https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=49d8e0… [4] https://github.com/archlinux/mkinitcpio/commit/97ac4d37aae084a050be512f6d8f… Cc: Philip Muller <philm(a)manjaro.org> Cc: Oliver Smith <ollieparanoid(a)postmarketos.org> Cc: Daniel Smith <danct12(a)disroot.org> Cc: stable(a)vger.kernel.org Fixes: 1996970773a3 ("drm/lima: Add optional devfreq and cooling device support") Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- drivers/gpu/drm/lima/lima_drv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/lima/lima_drv.c b/drivers/gpu/drm/lima/lima_drv.c index 739c865b556f..10bce18b7c31 100644 --- a/drivers/gpu/drm/lima/lima_drv.c +++ b/drivers/gpu/drm/lima/lima_drv.c @@ -501,3 +501,4 @@ module_platform_driver(lima_platform_driver); MODULE_AUTHOR("Lima Project Developers"); MODULE_DESCRIPTION("Lima DRM Driver"); MODULE_LICENSE("GPL v2"); +MODULE_SOFTDEP("pre: governor_simpleondemand");

9 months, 1 week

3
14
0 0

[PATCH] drm/scheduler: Fix drm_sched_entity_set_priority()

by Tvrtko Ursulin

From: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Long time ago in commit b3ac17667f11 ("drm/scheduler: rework entity creation") a change was made which prevented priority changes for entities with only one assigned scheduler. The commit reduced drm_sched_entity_set_priority() to simply update the entities priority, but the run queue selection logic in drm_sched_entity_select_rq() was never able to actually change the originally assigned run queue. In practice that only affected amdgpu, being the only driver which can do dynamic priority changes. And that appears was attempted to be rectified there in 2316a86bde49 ("drm/amdgpu: change hw sched list on ctx priority override"). A few unresolved problems however were that this only fixed drm_sched_entity_set_priority() *if* drm_sched_entity_modify_sched() was called first. That was not documented anywhere. Secondly, this only works if drm_sched_entity_modify_sched() is actually called, which in amdgpu's case today is true only for gfx and compute. Priority changes for other engines with only one scheduler assigned, such as jpeg and video decode will still not work. Note that this was also noticed in 981b04d96856 ("drm/sched: improve docs around drm_sched_entity"). Completely different set of non-obvious confusion was that whereas drm_sched_entity_init() was not keeping the passed in list of schedulers (courtesy of 8c23056bdc7a ("drm/scheduler: do not keep a copy of sched list")), drm_sched_entity_modify_sched() was disagreeing with that and would simply assign the single item list. That incosistency appears to be semi-silently fixed in ac4eb83ab255 ("drm/sched: select new rq even if there is only one v3"). What was also not documented is why it was important to not keep the list of schedulers when there is only one. I suspect it could have something to do with the fact the passed in array is on stack for many callers with just one scheduler. With more than one scheduler amdgpu is the only caller, and there the container is not on the stack. Keeping a stack backed list in the entity would obviously be undefined behaviour *if* the list was kept. Amdgpu however did only stop passing in stack backed container for the more than one scheduler case in 977f7e1068be ("drm/amdgpu: allocate entities on demand"). Until then I suspect dereferencing freed stack from drm_sched_entity_select_rq() was still present. In order to untangle all that and fix priority changes this patch is bringing back the entity owned container for storing the passed in scheduler list. Container is now owned by the entity and the pointers are owned by the drivers. List of schedulers is always kept including for the one scheduler case. The patch can therefore also removes the single scheduler special case, which means that priority changes should now work (be able to change the selected run-queue) for all drivers and engines. In other words drm_sched_entity_set_priority() should now just work for all cases. To enable maintaining its own container some API calls needed to grow a capability for returning success/failure, which is a change which percolates mostly through amdgpu source. Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Fixes: b3ac17667f11 ("drm/scheduler: rework entity creation") References: 8c23056bdc7a ("drm/scheduler: do not keep a copy of sched list") References: 977f7e1068be ("drm/amdgpu: allocate entities on demand") References: 2316a86bde49 ("drm/amdgpu: change hw sched list on ctx priority override") References: ac4eb83ab255 ("drm/sched: select new rq even if there is only one v3") References: 981b04d96856 ("drm/sched: improve docs around drm_sched_entity") Cc: Christian König <christian.koenig(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Luben Tuikov <ltuikov89(a)gmail.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Cc: amd-gfx(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v5.6+ --- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c | 31 +++++--- drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c | 13 +-- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 3 +- drivers/gpu/drm/scheduler/sched_entity.c | 96 ++++++++++++++++------- include/drm/gpu_scheduler.h | 16 ++-- 6 files changed, 100 insertions(+), 61 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c index 5cb33ac99f70..387247f8307e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.c @@ -802,15 +802,15 @@ struct dma_fence *amdgpu_ctx_get_fence(struct amdgpu_ctx *ctx, return fence; } -static void amdgpu_ctx_set_entity_priority(struct amdgpu_ctx *ctx, - struct amdgpu_ctx_entity *aentity, - int hw_ip, - int32_t priority) +static int amdgpu_ctx_set_entity_priority(struct amdgpu_ctx *ctx, + struct amdgpu_ctx_entity *aentity, + int hw_ip, + int32_t priority) { struct amdgpu_device *adev = ctx->mgr->adev; - unsigned int hw_prio; struct drm_gpu_scheduler **scheds = NULL; - unsigned num_scheds; + unsigned int hw_prio, num_scheds; + int ret = 0; /* set sw priority */ drm_sched_entity_set_priority(&aentity->entity, @@ -822,16 +822,18 @@ static void amdgpu_ctx_set_entity_priority(struct amdgpu_ctx *ctx, hw_prio = array_index_nospec(hw_prio, AMDGPU_RING_PRIO_MAX); scheds = adev->gpu_sched[hw_ip][hw_prio].sched; num_scheds = adev->gpu_sched[hw_ip][hw_prio].num_scheds; - drm_sched_entity_modify_sched(&aentity->entity, scheds, - num_scheds); + ret = drm_sched_entity_modify_sched(&aentity->entity, scheds, + num_scheds); } + + return ret; } -void amdgpu_ctx_priority_override(struct amdgpu_ctx *ctx, - int32_t priority) +int amdgpu_ctx_priority_override(struct amdgpu_ctx *ctx, int32_t priority) { int32_t ctx_prio; unsigned i, j; + int ret; ctx->override_priority = priority; @@ -842,10 +844,15 @@ void amdgpu_ctx_priority_override(struct amdgpu_ctx *ctx, if (!ctx->entities[i][j]) continue; - amdgpu_ctx_set_entity_priority(ctx, ctx->entities[i][j], - i, ctx_prio); + ret = amdgpu_ctx_set_entity_priority(ctx, + ctx->entities[i][j], + i, ctx_prio); + if (ret) + return ret; } } + + return 0; } int amdgpu_ctx_wait_prev_fence(struct amdgpu_ctx *ctx, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h index 85376baaa92f..835661515e33 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ctx.h @@ -82,7 +82,7 @@ struct dma_fence *amdgpu_ctx_get_fence(struct amdgpu_ctx *ctx, struct drm_sched_entity *entity, uint64_t seq); bool amdgpu_ctx_priority_is_valid(int32_t ctx_prio); -void amdgpu_ctx_priority_override(struct amdgpu_ctx *ctx, int32_t ctx_prio); +int amdgpu_ctx_priority_override(struct amdgpu_ctx *ctx, int32_t ctx_prio); int amdgpu_ctx_ioctl(struct drm_device *dev, void *data, struct drm_file *filp); diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c index 863b2a34b2d6..944edb7f00a2 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_sched.c @@ -54,12 +54,15 @@ static int amdgpu_sched_process_priority_override(struct amdgpu_device *adev, mgr = &fpriv->ctx_mgr; mutex_lock(&mgr->lock); - idr_for_each_entry(&mgr->ctx_handles, ctx, id) - amdgpu_ctx_priority_override(ctx, priority); + idr_for_each_entry(&mgr->ctx_handles, ctx, id) { + r = amdgpu_ctx_priority_override(ctx, priority); + if (r) + break; + } mutex_unlock(&mgr->lock); fdput(f); - return 0; + return r; } static int amdgpu_sched_context_priority_override(struct amdgpu_device *adev, @@ -88,11 +91,11 @@ static int amdgpu_sched_context_priority_override(struct amdgpu_device *adev, return -EINVAL; } - amdgpu_ctx_priority_override(ctx, priority); + r = amdgpu_ctx_priority_override(ctx, priority); amdgpu_ctx_put(ctx); fdput(f); - return 0; + return r; } int amdgpu_sched_ioctl(struct drm_device *dev, void *data, diff --git a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c index 81fb99729f37..2453decc73c7 100644 --- a/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c +++ b/drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c @@ -1362,8 +1362,7 @@ static int vcn_v4_0_5_limit_sched(struct amdgpu_cs_parser *p, scheds = p->adev->gpu_sched[AMDGPU_HW_IP_VCN_ENC] [AMDGPU_RING_PRIO_0].sched; - drm_sched_entity_modify_sched(job->base.entity, scheds, 1); - return 0; + return drm_sched_entity_modify_sched(job->base.entity, scheds, 1); } static int vcn_v4_0_5_dec_msg(struct amdgpu_cs_parser *p, struct amdgpu_job *job, diff --git a/drivers/gpu/drm/scheduler/sched_entity.c b/drivers/gpu/drm/scheduler/sched_entity.c index 58c8161289fe..cb5cc65f461d 100644 --- a/drivers/gpu/drm/scheduler/sched_entity.c +++ b/drivers/gpu/drm/scheduler/sched_entity.c @@ -45,7 +45,12 @@ * @guilty: atomic_t set to 1 when a job on this queue * is found to be guilty causing a timeout * - * Note that the &sched_list must have at least one element to schedule the entity. + * Note that the &sched_list must have at least one element to schedule the + * entity. + * + * The individual drm_gpu_scheduler pointers have borrow semantics, ie. + * they must remain valid during entities lifetime, while the containing + * array can be freed after this call returns. * * For changing @priority later on at runtime see * drm_sched_entity_set_priority(). For changing the set of schedulers @@ -69,27 +74,24 @@ int drm_sched_entity_init(struct drm_sched_entity *entity, INIT_LIST_HEAD(&entity->list); entity->rq = NULL; entity->guilty = guilty; - entity->num_sched_list = num_sched_list; entity->priority = priority; - /* - * It's perfectly valid to initialize an entity without having a valid - * scheduler attached. It's just not valid to use the scheduler before it - * is initialized itself. - */ - entity->sched_list = num_sched_list > 1 ? sched_list : NULL; RCU_INIT_POINTER(entity->last_scheduled, NULL); RB_CLEAR_NODE(&entity->rb_tree_node); - if (num_sched_list && !sched_list[0]->sched_rq) { - /* Since every entry covered by num_sched_list - * should be non-NULL and therefore we warn drivers - * not to do this and to fix their DRM calling order. - */ - pr_warn("%s: called with uninitialized scheduler\n", __func__); - } else if (num_sched_list) { - /* The "priority" of an entity cannot exceed the number of run-queues of a - * scheduler. Protect against num_rqs being 0, by converting to signed. Choose - * the lowest priority available. + if (num_sched_list) { + int ret; + + ret = drm_sched_entity_modify_sched(entity, + sched_list, + num_sched_list); + if (ret) + return ret; + + /* + * The "priority" of an entity cannot exceed the number of + * run-queues of a scheduler. Protect against num_rqs being 0, + * by converting to signed. Choose the lowest priority + * available. */ if (entity->priority >= sched_list[0]->num_rqs) { drm_err(sched_list[0], "entity with out-of-bounds priority:%u num_rqs:%u\n", @@ -122,19 +124,58 @@ EXPORT_SYMBOL(drm_sched_entity_init); * existing entity->sched_list * @num_sched_list: number of drm sched in sched_list * + * The individual drm_gpu_scheduler pointers have borrow semantics, ie. + * they must remain valid during entities lifetime, while the containing + * array can be freed after this call returns. + * * Note that this must be called under the same common lock for @entity as * drm_sched_job_arm() and drm_sched_entity_push_job(), or the driver needs to * guarantee through some other means that this is never called while new jobs * can be pushed to @entity. + * + * Returns zero on success and a negative error code on failure. */ -void drm_sched_entity_modify_sched(struct drm_sched_entity *entity, - struct drm_gpu_scheduler **sched_list, - unsigned int num_sched_list) +int drm_sched_entity_modify_sched(struct drm_sched_entity *entity, + struct drm_gpu_scheduler **sched_list, + unsigned int num_sched_list) { - WARN_ON(!num_sched_list || !sched_list); + struct drm_gpu_scheduler **new, **old; + unsigned int i; - entity->sched_list = sched_list; + if (!(entity && sched_list && (num_sched_list == 0 || sched_list[0]))) + return -EINVAL; + + /* + * It's perfectly valid to initialize an entity without having a valid + * scheduler attached. It's just not valid to use the scheduler before + * it is initialized itself. + * + * Since every entry covered by num_sched_list should be non-NULL and + * therefore we warn drivers not to do this and to fix their DRM calling + * order. + */ + for (i = 0; i < num_sched_list; i++) { + if (!sched_list[i]) { + pr_warn("%s: called with uninitialized scheduler %u!\n", + __func__, i); + return -EINVAL; + } + } + + new = kmemdup_array(sched_list, + num_sched_list, + sizeof(*sched_list), + GFP_KERNEL); + if (!new) + return -ENOMEM; + + old = entity->sched_list; + entity->sched_list = new; entity->num_sched_list = num_sched_list; + + kfree(old); + + return 0; } EXPORT_SYMBOL(drm_sched_entity_modify_sched); @@ -341,6 +382,8 @@ void drm_sched_entity_fini(struct drm_sched_entity *entity) dma_fence_put(rcu_dereference_check(entity->last_scheduled, true)); RCU_INIT_POINTER(entity->last_scheduled, NULL); + + kfree(entity->sched_list); } EXPORT_SYMBOL(drm_sched_entity_fini); @@ -531,10 +574,6 @@ void drm_sched_entity_select_rq(struct drm_sched_entity *entity) struct drm_gpu_scheduler *sched; struct drm_sched_rq *rq; - /* single possible engine and already selected */ - if (!entity->sched_list) - return; - /* queue non-empty, stay on the same engine */ if (spsc_queue_count(&entity->job_queue)) return; @@ -561,9 +600,6 @@ void drm_sched_entity_select_rq(struct drm_sched_entity *entity) entity->rq = rq; } spin_unlock(&entity->rq_lock); - - if (entity->num_sched_list == 1) - entity->sched_list = NULL; } /** diff --git a/include/drm/gpu_scheduler.h b/include/drm/gpu_scheduler.h index 5acc64954a88..09e1d063a5c0 100644 --- a/include/drm/gpu_scheduler.h +++ b/include/drm/gpu_scheduler.h @@ -110,18 +110,12 @@ struct drm_sched_entity { /** * @sched_list: * - * A list of schedulers (struct drm_gpu_scheduler). Jobs from this entity can - * be scheduled on any scheduler on this list. + * A list of schedulers (struct drm_gpu_scheduler). Jobs from this + * entity can be scheduled on any scheduler on this list. * * This can be modified by calling drm_sched_entity_modify_sched(). * Locking is entirely up to the driver, see the above function for more * details. - * - * This will be set to NULL if &num_sched_list equals 1 and @rq has been - * set already. - * - * FIXME: This means priority changes through - * drm_sched_entity_set_priority() will be lost henceforth in this case. */ struct drm_gpu_scheduler **sched_list; @@ -568,9 +562,9 @@ int drm_sched_job_add_implicit_dependencies(struct drm_sched_job *job, bool write); -void drm_sched_entity_modify_sched(struct drm_sched_entity *entity, - struct drm_gpu_scheduler **sched_list, - unsigned int num_sched_list); +int drm_sched_entity_modify_sched(struct drm_sched_entity *entity, + struct drm_gpu_scheduler **sched_list, + unsigned int num_sched_list); void drm_sched_tdr_queue_imm(struct drm_gpu_scheduler *sched); void drm_sched_job_cleanup(struct drm_sched_job *job); -- 2.44.0

9 months, 1 week

6
11
0 0

[PATCH] drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll()

by Nikita Zhandarovich

On the off chance that clock value ends up being too high (by means of skl_ddi_calculate_wrpll() having benn called with big enough value of crtc_state->port_clock * 1000), one possible consequence may be that the result will not be able to fit into signed int. Fix this, albeit unlikely, issue by first casting one of the operands to u32, then to u64, and thus avoid causing an integer overflow. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: fe70b262e781 ("drm/i915: Move a bunch of stuff into rodata from the stack") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> --- Fixes: tag is not entirely correct, as I can't properly identify the origin with all the code movement. I opted out for using the most recent topical commit instead. drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c index 90998b037349..46d4dac6c491 100644 --- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c +++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c @@ -1683,7 +1683,7 @@ skl_ddi_calculate_wrpll(int clock /* in Hz */, }; unsigned int dco, d, i; unsigned int p0, p1, p2; - u64 afe_clock = clock * 5; /* AFE Clock is 5x Pixel clock */ + u64 afe_clock = (u64)(u32)clock * 5; /* AFE Clock is 5x Pixel clock */ for (d = 0; d < ARRAY_SIZE(dividers); d++) { for (dco = 0; dco < ARRAY_SIZE(dco_central_freq); dco++) {

9 months, 1 week

2
3
0 0

[PATCH v5.10.y v2] mtd: spinand: macronix: Add support for serial NAND flash

by Cheng Ming Lin

From: Cheng Ming Lin <chengminglin(a)mxic.com.tw> [ Upstream commit c374839f9b4475173e536d1eaddff45cb481dbdf ] Macronix NAND Flash devices are available in different configurations and densities. MX"35" means SPI NAND MX35"LF"/"UF" , LF means 3V and UF meands 1.8V MX35LF"2G" , 2G means 2Gbits MX35LF2G"E4"/"24"/"14", E4 means internal ECC and Quad I/O(x4) 24 means 8-bit ecc requirement and Quad I/O(x4) 14 means 4-bit ecc requirement and Quad I/O(x4) MX35LF2G14AC is 3V 2Gbit serial NAND flash device (without on-die ECC) https://www.mxic.com.tw/Lists/Datasheet/Attachments/7926/MX35LF2G14AC,%203V… MX35UF4G24AD/MX35UF2G24AD/MX35UF1G24AD is 1.8V 4Gbit serial NAND flash device (without on-die ECC) https://www.mxic.com.tw/Lists/Datasheet/Attachments/7980/MX35UF4G24AD,%201.… MX35UF4GE4AD/MX35UF2GE4AD/MX35UF1GE4AD are 1.8V 4G/2Gbit serial NAND flash device with 8-bit on-die ECC https://www.mxic.com.tw/Lists/Datasheet/Attachments/7983/MX35UF4GE4AD,%201.… MX35UF2GE4AC/MX35UF1GE4AC are 1.8V 2G/1Gbit serial NAND flash device with 8-bit on-die ECC https://www.mxic.com.tw/Lists/Datasheet/Attachments/7974/MX35UF2GE4AC,%201.… MX35UF2G14AC/MX35UF1G14AC are 1.8V 2G/1Gbit serial NAND flash device (without on-die ECC) https://www.mxic.com.tw/Lists/Datasheet/Attachments/7931/MX35UF2G14AC,%201.… Validated via normal(default) and QUAD mode by read, erase, read back, on Xilinx Zynq PicoZed FPGA board which included Macronix SPI Host(drivers/spi/spi-mxic.c). Cc: stable(a)vger.kernel.org # 5.10.y Signed-off-by: Cheng Ming Lin <chengminglin(a)mxic.com.tw> Signed-off-by: Jaime Liao <jaimeliao(a)mxic.com.tw> Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> Link: https://lore.kernel.org/linux-mtd/1621475108-22523-1-git-send-email-jaimeli… --- drivers/mtd/nand/spi/macronix.c | 110 ++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/drivers/mtd/nand/spi/macronix.c b/drivers/mtd/nand/spi/macronix.c index 8bd3f6bf9b10..e42524687b5c 100644 --- a/drivers/mtd/nand/spi/macronix.c +++ b/drivers/mtd/nand/spi/macronix.c @@ -139,6 +139,116 @@ static const struct spinand_info macronix_spinand_table[] = { 0, SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35LF2G14AC", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x20), + NAND_MEMORG(1, 2048, 64, 64, 2048, 40, 2, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF4G24AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xb5), + NAND_MEMORG(1, 4096, 256, 64, 2048, 40, 2, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF4GE4AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xb7), + NAND_MEMORG(1, 4096, 256, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2G14AC", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xa0), + NAND_MEMORG(1, 2048, 64, 64, 2048, 40, 2, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2G24AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xa4), + NAND_MEMORG(1, 2048, 128, 64, 2048, 40, 2, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2GE4AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xa6), + NAND_MEMORG(1, 2048, 128, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF2GE4AC", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xa2), + NAND_MEMORG(1, 2048, 64, 64, 2048, 40, 1, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1G14AC", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x90), + NAND_MEMORG(1, 2048, 64, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1G24AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x94), + NAND_MEMORG(1, 2048, 128, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1GE4AD", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x96), + NAND_MEMORG(1, 2048, 128, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(8, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), + SPINAND_INFO("MX35UF1GE4AC", + SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x92), + NAND_MEMORG(1, 2048, 64, 64, 1024, 20, 1, 1, 1), + NAND_ECCREQ(4, 512), + SPINAND_INFO_OP_VARIANTS(&read_cache_variants, + &write_cache_variants, + &update_cache_variants), + SPINAND_HAS_QE_BIT, + SPINAND_ECCINFO(&mx35lfxge4ab_ooblayout, + mx35lf1ge4ab_ecc_get_status)), SPINAND_INFO("MX31LF1GE4BC", SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0x1e), NAND_MEMORG(1, 2048, 64, 64, 1024, 20, 1, 1, 1), -- 2.25.1

9 months, 1 week

2
4
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror