- Linux-stable-mirror - lists.linaro.org

[PATCH v2] usb: gadget: core: Check for unset descriptor

by crwulff＠gmail.com

From: Chris Wulff <crwulff(a)gmail.com> Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets. Fixes: 54f83b8c8ea9 ("USB: gadget: Reject endpoints with 0 maxpacket value") Cc: stable(a)vger.kernel.org Signed-off-by: Chris Wulff <crwulff(a)gmail.com> --- v2: Added WARN_ONCE message & clarification on causes v1: https://lore.kernel.org/all/20240721192048.3530097-2-crwulff@gmail.com/ --- drivers/usb/gadget/udc/core.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 2dfae7a17b3f..81f9140f3681 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -118,12 +118,10 @@ int usb_ep_enable(struct usb_ep *ep) goto out; /* UDC drivers can't handle endpoints with maxpacket size 0 */ - if (usb_endpoint_maxp(ep->desc) == 0) { - /* - * We should log an error message here, but we can't call - * dev_err() because there's no way to find the gadget - * given only ep. - */ + if (!ep->desc || usb_endpoint_maxp(ep->desc) == 0) { + WARN_ONCE(1, "%s: ep%d (%s) has %s\n", __func__, ep->address, ep->name, + (!ep->desc) ? "NULL descriptor" : "maxpacket 0"); + ret = -EINVAL; goto out; } -- 2.43.0

9 months, 1 week

3
3
0 0

[PATCH v3] ceph: force sending a cap update msg back to MDS for revoke op

by xiubli＠redhat.com

From: Xiubo Li <xiubli(a)redhat.com> If a client sends out a cap update dropping caps with the prior 'seq' just before an incoming cap revoke request, then the client may drop the revoke because it believes it's already released the requested capabilities. This causes the MDS to wait indefinitely for the client to respond to the revoke. It's therefore always a good idea to ack the cap revoke request with the bumped up 'seq'. Currently if the cap->issued equals to the newcaps the check_caps() will do nothing, we should force flush the caps. Cc: stable(a)vger.kernel.org Link: https://tracker.ceph.com/issues/61782 Signed-off-by: Xiubo Li <xiubli(a)redhat.com> --- V3: - Move the force check earlier V2: - Improved the patch to force send the cap update only when no caps being used. fs/ceph/caps.c | 35 ++++++++++++++++++++++++----------- fs/ceph/super.h | 7 ++++--- 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c index 24c31f795938..672c6611d749 100644 --- a/fs/ceph/caps.c +++ b/fs/ceph/caps.c @@ -2024,6 +2024,8 @@ bool __ceph_should_report_size(struct ceph_inode_info *ci) * CHECK_CAPS_AUTHONLY - we should only check the auth cap * CHECK_CAPS_FLUSH - we should flush any dirty caps immediately, without * further delay. + * CHECK_CAPS_FLUSH_FORCE - we should flush any caps immediately, without + * further delay. */ void ceph_check_caps(struct ceph_inode_info *ci, int flags) { @@ -2105,7 +2107,7 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) } doutc(cl, "%p %llx.%llx file_want %s used %s dirty %s " - "flushing %s issued %s revoking %s retain %s %s%s%s\n", + "flushing %s issued %s revoking %s retain %s %s%s%s%s\n", inode, ceph_vinop(inode), ceph_cap_string(file_wanted), ceph_cap_string(used), ceph_cap_string(ci->i_dirty_caps), ceph_cap_string(ci->i_flushing_caps), @@ -2113,7 +2115,8 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) ceph_cap_string(retain), (flags & CHECK_CAPS_AUTHONLY) ? " AUTHONLY" : "", (flags & CHECK_CAPS_FLUSH) ? " FLUSH" : "", - (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : ""); + (flags & CHECK_CAPS_NOINVAL) ? " NOINVAL" : "", + (flags & CHECK_CAPS_FLUSH_FORCE) ? " FLUSH_FORCE" : ""); /* * If we no longer need to hold onto old our caps, and we may @@ -2188,6 +2191,11 @@ void ceph_check_caps(struct ceph_inode_info *ci, int flags) queue_writeback = true; } + if (flags & CHECK_CAPS_FLUSH_FORCE) { + doutc(cl, "force to flush caps\n"); + goto ack; + } + if (cap == ci->i_auth_cap && (cap->issued & CEPH_CAP_FILE_WR)) { /* request larger max_size from MDS? */ @@ -3518,6 +3526,8 @@ static void handle_cap_grant(struct inode *inode, bool queue_invalidate = false; bool deleted_inode = false; bool fill_inline = false; + bool revoke_wait = false; + int flags = 0; /* * If there is at least one crypto block then we'll trust @@ -3713,16 +3723,18 @@ static void handle_cap_grant(struct inode *inode, ceph_cap_string(cap->issued), ceph_cap_string(newcaps), ceph_cap_string(revoking)); if (S_ISREG(inode->i_mode) && - (revoking & used & CEPH_CAP_FILE_BUFFER)) + (revoking & used & CEPH_CAP_FILE_BUFFER)) { writeback = true; /* initiate writeback; will delay ack */ - else if (queue_invalidate && + revoke_wait = true; + } else if (queue_invalidate && revoking == CEPH_CAP_FILE_CACHE && - (newcaps & CEPH_CAP_FILE_LAZYIO) == 0) - ; /* do nothing yet, invalidation will be queued */ - else if (cap == ci->i_auth_cap) + (newcaps & CEPH_CAP_FILE_LAZYIO) == 0) { + revoke_wait = true; /* do nothing yet, invalidation will be queued */ + } else if (cap == ci->i_auth_cap) { check_caps = 1; /* check auth cap only */ - else + } else { check_caps = 2; /* check all caps */ + } /* If there is new caps, try to wake up the waiters */ if (~cap->issued & newcaps) wake = true; @@ -3749,8 +3761,9 @@ static void handle_cap_grant(struct inode *inode, BUG_ON(cap->issued & ~cap->implemented); /* don't let check_caps skip sending a response to MDS for revoke msgs */ - if (le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) { + if (!revoke_wait && le32_to_cpu(grant->op) == CEPH_CAP_OP_REVOKE) { cap->mds_wanted = 0; + flags |= CHECK_CAPS_FLUSH_FORCE; if (cap == ci->i_auth_cap) check_caps = 1; /* check auth cap only */ else @@ -3806,9 +3819,9 @@ static void handle_cap_grant(struct inode *inode, mutex_unlock(&session->s_mutex); if (check_caps == 1) - ceph_check_caps(ci, CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_AUTHONLY | CHECK_CAPS_NOINVAL); else if (check_caps == 2) - ceph_check_caps(ci, CHECK_CAPS_NOINVAL); + ceph_check_caps(ci, flags | CHECK_CAPS_NOINVAL); } /* diff --git a/fs/ceph/super.h b/fs/ceph/super.h index b0b368ed3018..831e8ec4d5da 100644 --- a/fs/ceph/super.h +++ b/fs/ceph/super.h @@ -200,9 +200,10 @@ struct ceph_cap { struct list_head caps_item; }; -#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ -#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ -#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_AUTHONLY 1 /* only check auth cap */ +#define CHECK_CAPS_FLUSH 2 /* flush any dirty caps */ +#define CHECK_CAPS_NOINVAL 4 /* don't invalidate pagecache */ +#define CHECK_CAPS_FLUSH_FORCE 8 /* force flush any caps */ struct ceph_cap_flush { u64 tid; -- 2.45.1

9 months, 1 week

3
5
0 0

+ selftests-mm-add-s390-to-arch-check.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests: mm: add s390 to ARCH check has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-add-s390-to-arch-check.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nico Pache <npache(a)redhat.com> Subject: selftests: mm: add s390 to ARCH check Date: Wed, 24 Jul 2024 15:35:17 -0600 commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") changed the env variable for the architecture from MACHINE to ARCH. This is preventing 3 required TEST_GEN_FILES from being included when cross compiling s390x and errors when trying to run the test suite. This is due to the ARCH variable already being set and the arch folder name being s390. Add "s390" to the filtered list to cover this case and have the 3 files included in the build. Link: https://lkml.kernel.org/r/20240724213517.23918-1-npache@redhat.com Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Nico Pache <npache(a)redhat.com> Cc: Mark Brown <broonie(a)kernel.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-add-s390-to-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -110,7 +110,7 @@ endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64 s390)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from npache(a)redhat.com are selftests-mm-add-s390-to-arch-check.patch

9 months, 1 week

1
0
0 0

+ crash-fix-x86_32-crash-memory-reserve-dead-loop-bug.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: crash: fix x86_32 crash memory reserve dead loop bug has been added to the -mm mm-nonmm-unstable branch. Its filename is crash-fix-x86_32-crash-memory-reserve-dead-loop-bug.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: crash: fix x86_32 crash memory reserve dead loop bug Date: Thu, 18 Jul 2024 11:54:42 +0800 Patch series "crash: Fix x86_32 memory reserve dead loop bug", v3. Fix two bugs for x86_32 crash memory reserve, and prepare to apply generic crashkernel reservation to 32bit system. Then use generic interface to simplify crashkernel reservation for ARM32. This patch (of 3): On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=1G,high" will cause system stall as below: ACPI: Reserving FACP table memory at [mem 0x3ffe18b8-0x3ffe192b] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe18b7] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f] ACPI: Reserving APIC table memory at [mem 0x3ffe192c-0x3ffe19bb] ACPI: Reserving HPET table memory at [mem 0x3ffe19bc-0x3ffe19f3] ACPI: Reserving WAET table memory at [mem 0x3ffe19f4-0x3ffe1a1b] 143MB HIGHMEM available. 879MB LOWMEM available. mapped low ram: 0 - 36ffe000 low ram: 0 - 36ffe000 (stall here) The reason is that the CRASH_ADDR_LOW_MAX is equal to CRASH_ADDR_HIGH_MAX on x86_32, the first high crash kernel memory reservation will fail, then go into the "retry" loop and never came out as below. -> reserve_crashkernel_generic() and high is true -> alloc at [CRASH_ADDR_LOW_MAX, CRASH_ADDR_HIGH_MAX] fail -> alloc at [0, CRASH_ADDR_LOW_MAX] fail and repeatedly (because CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX). Fix it by prevent crashkernel=,high from being parsed successfully on 32bit system with a architecture-defined macro. After this patch, the 'crashkernel=,high' for 32bit system can't succeed, and it has no chance to call reserve_crashkernel_generic(), therefore this issue on x86_32 is solved. Link: https://lkml.kernel.org/r/20240718035444.2977105-1-ruanjinjie@huawei.com Link: https://lkml.kernel.org/r/20240718035444.2977105-2-ruanjinjie@huawei.com Fixes: 9c08a2a139fe ("x86: kdump: use generic interface to simplify crashkernel reservation code") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Signed-off-by: Baoquan He <bhe(a)redhat.com> Tested-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Andrew Davis <afd(a)ti.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Chen Jiahao <chenjiahao16(a)huawei.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Eric DeVolder <eric.devolder(a)oracle.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Hari Bathini <hbathini(a)linux.ibm.com> Cc: Helge Deller <deller(a)gmx.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Rob Herring <robh(a)kernel.org> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: Will Deacon <will(a)kernel.org> Cc: Zhen Lei <thunder.leizhen(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/include/asm/crash_reserve.h | 2 ++ arch/riscv/include/asm/crash_reserve.h | 2 ++ arch/x86/include/asm/crash_reserve.h | 1 + kernel/crash_reserve.c | 2 +- 4 files changed, 6 insertions(+), 1 deletion(-) --- a/arch/arm64/include/asm/crash_reserve.h~crash-fix-x86_32-crash-memory-reserve-dead-loop-bug +++ a/arch/arm64/include/asm/crash_reserve.h @@ -7,4 +7,6 @@ #define CRASH_ADDR_LOW_MAX arm64_dma_phys_limit #define CRASH_ADDR_HIGH_MAX (PHYS_MASK + 1) + +#define HAVE_ARCH_CRASHKERNEL_RESERVATION_HIGH #endif --- a/arch/riscv/include/asm/crash_reserve.h~crash-fix-x86_32-crash-memory-reserve-dead-loop-bug +++ a/arch/riscv/include/asm/crash_reserve.h @@ -7,5 +7,7 @@ #define CRASH_ADDR_LOW_MAX dma32_phys_limit #define CRASH_ADDR_HIGH_MAX memblock_end_of_DRAM() +#define HAVE_ARCH_CRASHKERNEL_RESERVATION_HIGH + extern phys_addr_t memblock_end_of_DRAM(void); #endif --- a/arch/x86/include/asm/crash_reserve.h~crash-fix-x86_32-crash-memory-reserve-dead-loop-bug +++ a/arch/x86/include/asm/crash_reserve.h @@ -26,6 +26,7 @@ extern unsigned long swiotlb_size_or_def #else # define CRASH_ADDR_LOW_MAX SZ_4G # define CRASH_ADDR_HIGH_MAX SZ_64T +#define HAVE_ARCH_CRASHKERNEL_RESERVATION_HIGH #endif # define DEFAULT_CRASH_KERNEL_LOW_SIZE crash_low_size_default() --- a/kernel/crash_reserve.c~crash-fix-x86_32-crash-memory-reserve-dead-loop-bug +++ a/kernel/crash_reserve.c @@ -305,7 +305,7 @@ int __init parse_crashkernel(char *cmdli /* crashkernel=X[@offset] */ ret = __parse_crashkernel(cmdline, system_ram, crash_size, crash_base, NULL); -#ifdef CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION +#ifdef HAVE_ARCH_CRASHKERNEL_RESERVATION_HIGH /* * If non-NULL 'high' passed in and no normal crashkernel * setting detected, try parsing crashkernel=,high|low. _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are crash-fix-x86_32-crash-memory-reserve-dead-loop-bug.patch crash-fix-x86_32-crash-memory-reserve-dead-loop-bug-at-high.patch arm-use-generic-interface-to-simplify-crashkernel-reservation.patch

9 months, 1 week

2
4
0 0

+ mm-let-pte_lockptr-consume-a-pte_t-pointer.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: let pte_lockptr() consume a pte_t pointer has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-let-pte_lockptr-consume-a-pte_t-pointer.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm: let pte_lockptr() consume a pte_t pointer Date: Thu, 25 Jul 2024 20:39:54 +0200 Patch series "mm/hugetlb: fix hugetlb vs. core-mm PT locking". Working on another generic page table walker that tries to avoid special-casing hugetlb, I found a page table locking issue with hugetlb folios that are not mapped using a single PMD/PUD. For some hugetlb folio sizes, GUP will take different page table locks when walking the page tables than hugetlb when modifying the page tables. I did not actually try reproducing an issue, but looking at follow_pmd_mask() where we might be rereading a PMD value multiple times it's rather clear that concurrent modifications are rather unpleasant. In follow_page_pte() we might be better in that regard -- ptep_get() does a READ_ONCE() -- but who knows what else could happen concurrently in some weird corner cases (e.g., hugetlb folio getting unmapped and freed). This patch (of 2): pte_lockptr() is the only *_lockptr() function that doesn't consume what would be expected: it consumes a pmd_t pointer instead of a pte_t pointer. Let's change that. The two callers in pgtable-generic.c are easily adjusted. Adjust khugepaged.c:retract_page_tables() to simply do a pte_offset_map_nolock() to obtain the lock, even though we won't actually be traversing the page table. This makes the code more similar to the other variants and avoids other hacks to make the new pte_lockptr() version happy. pte_lockptr() users reside now only in pgtable-generic.c. Maybe, using pte_offset_map_nolock() is the right thing to do because the PTE table could have been removed in the meantime? At least it sounds more future proof if we ever have other means of page table reclaim. It's not quite clear if holding the PTE table lock is really required: what if someone else obtains the lock just after we unlock it? But we'll leave that as is for now, maybe there are good reasons. This is a preparation for adapting hugetlb page table locking logic to take the same locks as core-mm page table walkers would. Link: https://lkml.kernel.org/r/20240725183955.2268884-1-david@redhat.com Link: https://lkml.kernel.org/r/20240725183955.2268884-2-david@redhat.com Fixes: 9cb28da54643 ("mm/gup: handle hugetlb in the generic follow_page_mask code") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 7 ++++--- mm/khugepaged.c | 21 +++++++++++++++------ mm/pgtable-generic.c | 4 ++-- 3 files changed, 21 insertions(+), 11 deletions(-) --- a/include/linux/mm.h~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/include/linux/mm.h @@ -2915,9 +2915,10 @@ static inline spinlock_t *ptlock_ptr(str } #endif /* ALLOC_SPLIT_PTLOCKS */ -static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) +static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pte_t *pte) { - return ptlock_ptr(page_ptdesc(pmd_page(*pmd))); + /* PTE page tables don't currently exceed a single page. */ + return ptlock_ptr(virt_to_ptdesc(pte)); } static inline bool ptlock_init(struct ptdesc *ptdesc) @@ -2940,7 +2941,7 @@ static inline bool ptlock_init(struct pt /* * We use mm->page_table_lock to guard all pagetable pages of the mm. */ -static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pmd_t *pmd) +static inline spinlock_t *pte_lockptr(struct mm_struct *mm, pte_t *pte) { return &mm->page_table_lock; } --- a/mm/khugepaged.c~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/mm/khugepaged.c @@ -1697,12 +1697,13 @@ static void retract_page_tables(struct a i_mmap_lock_read(mapping); vma_interval_tree_foreach(vma, &mapping->i_mmap, pgoff, pgoff) { struct mmu_notifier_range range; + bool retracted = false; struct mm_struct *mm; unsigned long addr; pmd_t *pmd, pgt_pmd; spinlock_t *pml; spinlock_t *ptl; - bool skipped_uffd = false; + pte_t *pte; /* * Check vma->anon_vma to exclude MAP_PRIVATE mappings that @@ -1739,9 +1740,17 @@ static void retract_page_tables(struct a mmu_notifier_invalidate_range_start(&range); pml = pmd_lock(mm, pmd); - ptl = pte_lockptr(mm, pmd); + + /* + * No need to check the PTE table content, but we'll grab the + * PTE table lock while we zap it. + */ + pte = pte_offset_map_nolock(mm, pmd, addr, &ptl); + if (!pte) + goto unlock_pmd; if (ptl != pml) spin_lock_nested(ptl, SINGLE_DEPTH_NESTING); + pte_unmap(pte); /* * Huge page lock is still held, so normally the page table @@ -1752,20 +1761,20 @@ static void retract_page_tables(struct a * repeating the anon_vma check protects from one category, * and repeating the userfaultfd_wp() check from another. */ - if (unlikely(vma->anon_vma || userfaultfd_wp(vma))) { - skipped_uffd = true; - } else { + if (likely(!vma->anon_vma && !userfaultfd_wp(vma))) { pgt_pmd = pmdp_collapse_flush(vma, addr, pmd); pmdp_get_lockless_sync(); + retracted = true; } if (ptl != pml) spin_unlock(ptl); +unlock_pmd: spin_unlock(pml); mmu_notifier_invalidate_range_end(&range); - if (!skipped_uffd) { + if (retracted) { mm_dec_nr_ptes(mm); page_table_check_pte_clear_range(mm, addr, pgt_pmd); pte_free_defer(mm, pmd_pgtable(pgt_pmd)); --- a/mm/pgtable-generic.c~mm-let-pte_lockptr-consume-a-pte_t-pointer +++ a/mm/pgtable-generic.c @@ -313,7 +313,7 @@ pte_t *pte_offset_map_nolock(struct mm_s pte = __pte_offset_map(pmd, addr, &pmdval); if (likely(pte)) - *ptlp = pte_lockptr(mm, &pmdval); + *ptlp = pte_lockptr(mm, pte); return pte; } @@ -371,7 +371,7 @@ again: pte = __pte_offset_map(pmd, addr, &pmdval); if (unlikely(!pte)) return pte; - ptl = pte_lockptr(mm, &pmdval); + ptl = pte_lockptr(mm, pte); spin_lock(ptl); if (likely(pmd_same(pmdval, pmdp_get_lockless(pmd)))) { *ptlp = ptl; _ Patches currently in -mm which might be from david(a)redhat.com are mm-let-pte_lockptr-consume-a-pte_t-pointer.patch mm-hugetlb-fix-hugetlb-vs-core-mm-pt-locking.patch

9 months, 1 week

1
0
0 0

[PATCH v6 4/8] RISC-V: Scalar unaligned access emulated on hotplug CPUs

by Jesse Taube

The check_unaligned_access_emulated() function should have been called during CPU hotplug to ensure that if all CPUs had emulated unaligned accesses, the new CPU also does. This patch adds the call to check_unaligned_access_emulated() in the hotplug path. Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V5 -> V6: - New patch --- arch/riscv/kernel/unaligned_access_speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index a9a6bcb02acf..b67db1fc3740 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int cpu) if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_UNKNOWN) goto exit; + check_unaligned_access_emulated(NULL); buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER); if (!buf) { pr_warn("Allocation failure, not measuring misaligned performance\n"); -- 2.45.2

9 months, 1 week

2
1
0 0

[PATCH v6 3/8] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused V5 -> V6: - Change check_unaligned_access_emulated to extern --- arch/riscv/include/asm/cpufeature.h | 2 ++ arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 347805446151..3b24342c7d2a 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/jump_label.h> +#include <linux/workqueue.h> #include <asm/hwcap.h> #include <asm/alternative-macros.h> #include <asm/errno.h> @@ -35,6 +36,7 @@ void riscv_user_isa_enable(void); #if defined(CONFIG_RISCV_MISALIGNED) bool check_unaligned_access_emulated_all_cpus(void); +void check_unaligned_access_emulated(struct work_struct *work __always_unused); void unaligned_emulation_finish(void); bool unaligned_ctl_available(void); DECLARE_PER_CPU(long, misaligned_access_speed); diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..bb09357778c5 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

9 months, 1 week

2
1
0 0

[PATCH wireless] wifi: mac80211: use monitor sdata with driver only if desired

by Johannes Berg

From: Johannes Berg <johannes.berg(a)intel.com> In commit 0d9c2beed116 ("wifi: mac80211: fix monitor channel with chanctx emulation") I changed mac80211 to always have an internal monitor_sdata to have something to have the chanctx bound to. However, if the driver didn't also have the WANT_MONITOR flag this would cause mac80211 to allocate it without telling the driver (which was intentional) but also use it for later APIs to the driver without it ever having known about it which was _not_ intentional. Check through the code and only use the monitor_sdata in the relevant places (TX, MU-MIMO follow settings, TX power, and interface iteration) when the WANT_MONITOR flag is set. Cc: stable(a)vger.kernel.org Fixes: 0d9c2beed116 ("wifi: mac80211: fix monitor channel with chanctx emulation") Reported-by: ZeroBeat <ZeroBeat(a)gmx.de> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219086 Tested-by: Lorenzo Bianconi <lorenzo(a)kernel.org> Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> --- net/mac80211/cfg.c | 7 +++++-- net/mac80211/tx.c | 5 +++-- net/mac80211/util.c | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 85cb71de370f..b02b84ce2130 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -114,7 +114,7 @@ static int ieee80211_set_mon_options(struct ieee80211_sub_if_data *sdata, /* apply all changes now - no failures allowed */ - if (monitor_sdata) + if (monitor_sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) ieee80211_set_mu_mimo_follow(monitor_sdata, params); if (params->flags) { @@ -3053,6 +3053,9 @@ static int ieee80211_set_tx_power(struct wiphy *wiphy, sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); if (sdata->vif.type == NL80211_IFTYPE_MONITOR) { + if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) + return -EOPNOTSUPP; + sdata = wiphy_dereference(local->hw.wiphy, local->monitor_sdata); if (!sdata) @@ -3115,7 +3118,7 @@ static int ieee80211_set_tx_power(struct wiphy *wiphy, if (has_monitor) { sdata = wiphy_dereference(local->hw.wiphy, local->monitor_sdata); - if (sdata) { + if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) { sdata->deflink.user_power_level = local->user_power_level; if (txp_type != sdata->vif.bss_conf.txpower_type) update_txp_type = true; diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 72a9ba8bc5fd..edba4a31844f 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -1768,7 +1768,7 @@ static bool __ieee80211_tx(struct ieee80211_local *local, break; } sdata = rcu_dereference(local->monitor_sdata); - if (sdata) { + if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) { vif = &sdata->vif; info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)]; @@ -3957,7 +3957,8 @@ struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, break; } tx.sdata = rcu_dereference(local->monitor_sdata); - if (tx.sdata) { + if (tx.sdata && + ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) { vif = &tx.sdata->vif; info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)]; diff --git a/net/mac80211/util.c b/net/mac80211/util.c index ced19ce7c51a..c7ad9bc5973a 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c @@ -776,7 +776,7 @@ static void __iterate_interfaces(struct ieee80211_local *local, sdata = rcu_dereference_check(local->monitor_sdata, lockdep_is_held(&local->iflist_mtx) || lockdep_is_held(&local->hw.wiphy->mtx)); - if (sdata && + if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) && (iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL || !active_only || sdata->flags & IEEE80211_SDATA_IN_DRIVER)) iterator(data, sdata->vif.addr, &sdata->vif); -- 2.45.2

9 months, 1 week

2
1
0 0

[PATCH] tools/nolibc: include arch.h from string.h

by Thomas Weißschuh

string.h tests for the macros NOLIBC_ARCH_HAS_$FUNC to use the architecture-optimized function variants. However if string.h is included before arch.h header than that check does not work, leading to duplicate function definitions. Fixes: 553845eebd60 ("tools/nolibc: x86-64: Use `rep movsb` for `memcpy()` and `memmove()`") Fixes: 12108aa8c1a1 ("tools/nolibc: x86-64: Use `rep stosb` for `memset()`") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- If nobody complains I'll apply this after v6.11-rc1 is released. --- tools/include/nolibc/string.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index f9ab28421e6d..9ec9c24f38c0 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -7,6 +7,7 @@ #ifndef _NOLIBC_STRING_H #define _NOLIBC_STRING_H +#include "arch.h" #include "std.h" static void *malloc(size_t len); --- base-commit: 6ca8f2e20bd1ced8a7cd12b3ae4b1ceca85cfc2b change-id: 20240725-arch-has-func-59b6c92ce935 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

9 months, 1 week

2
1
0 0

[PATCH 2/3] spmi: pmic-arb: Pass the correct of_node to irq_domain_add_tree

by Stephen Boyd

From: Konrad Dybcio <konrad.dybcio(a)linaro.org> Currently, irqchips for all of the subnodes (which represent a given bus master) point to the parent wrapper node. This is no bueno, as no interrupts arrive, ever (because nothing references that node). Fix that by passing a reference to the respective master's of_node. Worth noting, this is a NOP for devices with only a single master described. Signed-off-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240522-topic-spmi_multi_master_irqfix-v2-1-7ec9… Reviewed-by: Abel Vesa <abel.vesa(a)linaro.org> Tested-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Fixes: 02922ccbb330 ("spmi: pmic-arb: Register controller for bus instead of arbiter") Cc: stable(a)vger.kernel.org Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> --- drivers/spmi/spmi-pmic-arb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/spmi/spmi-pmic-arb.c b/drivers/spmi/spmi-pmic-arb.c index f240fcc5a4e1..b6880c13163c 100644 --- a/drivers/spmi/spmi-pmic-arb.c +++ b/drivers/spmi/spmi-pmic-arb.c @@ -1737,8 +1737,7 @@ static int spmi_pmic_arb_bus_init(struct platform_device *pdev, dev_dbg(&pdev->dev, "adding irq domain for bus %d\n", bus_index); - bus->domain = irq_domain_add_tree(dev->of_node, - &pmic_arb_irq_domain_ops, bus); + bus->domain = irq_domain_add_tree(node, &pmic_arb_irq_domain_ops, bus); if (!bus->domain) { dev_err(&pdev->dev, "unable to create irq_domain\n"); return -ENOMEM; -- https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/ https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

9 months, 1 week

1
0
0 0

[PATCH 6.1.y] udf: Convert udf_mkdir() to new directory iteration code

by Sergio González Collado

From: Jan Kara <jack(a)suse.cz> [ Upstream commit 00bce6f792caccefa73daeaf9bde82d24d50037f ] Convert udf_mkdir() to new directory iteration code. Signed-off-by: Jan Kara <jack(a)suse.cz> (cherry picked from commit 00bce6f792caccefa73daeaf9bde82d24d50037f) Signed-off-by: Sergio González Collado <sergio.collado(a)gmail.com> Reported-by: syzbot+600a32676df180ebc4af(a)syzkaller.appspotmail.com --- fs/udf/namei.c | 48 +++++++++++++++++++++--------------------------- 1 file changed, 21 insertions(+), 27 deletions(-) diff --git a/fs/udf/namei.c b/fs/udf/namei.c index 7c95c549dd64..a33e6d762716 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c @@ -665,8 +665,7 @@ static int udf_mkdir(struct user_namespace *mnt_userns, struct inode *dir, struct dentry *dentry, umode_t mode) { struct inode *inode; - struct udf_fileident_bh fibh; - struct fileIdentDesc cfi, *fi; + struct udf_fileident_iter iter; int err; struct udf_inode_info *dinfo = UDF_I(dir); struct udf_inode_info *iinfo; @@ -678,47 +677,42 @@ static int udf_mkdir(struct user_namespace *mnt_userns, struct inode *dir, iinfo = UDF_I(inode); inode->i_op = &udf_dir_inode_operations; inode->i_fop = &udf_dir_operations; - fi = udf_add_entry(inode, NULL, &fibh, &cfi, &err); - if (!fi) { - inode_dec_link_count(inode); + err = udf_fiiter_add_entry(inode, NULL, &iter); + if (err) { + clear_nlink(inode); discard_new_inode(inode); - goto out; + return err; } set_nlink(inode, 2); - cfi.icb.extLength = cpu_to_le32(inode->i_sb->s_blocksize); - cfi.icb.extLocation = cpu_to_lelb(dinfo->i_location); - *(__le32 *)((struct allocDescImpUse *)cfi.icb.impUse)->impUse = + iter.fi.icb.extLength = cpu_to_le32(inode->i_sb->s_blocksize); + iter.fi.icb.extLocation = cpu_to_lelb(dinfo->i_location); + *(__le32 *)((struct allocDescImpUse *)iter.fi.icb.impUse)->impUse = cpu_to_le32(dinfo->i_unique & 0x00000000FFFFFFFFUL); - cfi.fileCharacteristics = + iter.fi.fileCharacteristics = FID_FILE_CHAR_DIRECTORY | FID_FILE_CHAR_PARENT; - udf_write_fi(inode, &cfi, fi, &fibh, NULL, NULL); - brelse(fibh.sbh); + udf_fiiter_write_fi(&iter, NULL); + udf_fiiter_release(&iter); mark_inode_dirty(inode); - fi = udf_add_entry(dir, dentry, &fibh, &cfi, &err); - if (!fi) { + err = udf_fiiter_add_entry(dir, dentry, &iter); + if (err) { clear_nlink(inode); - mark_inode_dirty(inode); discard_new_inode(inode); - goto out; + return err; } - cfi.icb.extLength = cpu_to_le32(inode->i_sb->s_blocksize); - cfi.icb.extLocation = cpu_to_lelb(iinfo->i_location); - *(__le32 *)((struct allocDescImpUse *)cfi.icb.impUse)->impUse = + iter.fi.icb.extLength = cpu_to_le32(inode->i_sb->s_blocksize); + iter.fi.icb.extLocation = cpu_to_lelb(iinfo->i_location); + *(__le32 *)((struct allocDescImpUse *)iter.fi.icb.impUse)->impUse = cpu_to_le32(iinfo->i_unique & 0x00000000FFFFFFFFUL); - cfi.fileCharacteristics |= FID_FILE_CHAR_DIRECTORY; - udf_write_fi(dir, &cfi, fi, &fibh, NULL, NULL); + iter.fi.fileCharacteristics |= FID_FILE_CHAR_DIRECTORY; + udf_fiiter_write_fi(&iter, NULL); + udf_fiiter_release(&iter); inc_nlink(dir); dir->i_ctime = dir->i_mtime = current_time(dir); mark_inode_dirty(dir); d_instantiate_new(dentry, inode); - if (fibh.sbh != fibh.ebh) - brelse(fibh.ebh); - brelse(fibh.sbh); - err = 0; -out: - return err; + return 0; } static int empty_dir(struct inode *dir) -- 2.39.2

9 months, 1 week

2
3
0 0

[REGRESSION] ALSA: firewire-lib: heavy digital distortion with Fireface 800

by edmund.raile

Bisection revealed that the bitcrushing distortion with RME FireFace 800 was caused by 1d717123bb1a7555 ("ALSA: firewire-lib: Avoid -Wflex-array-member-not-at-end warning"). Reverting this commit yields restoration of clear audio output. I will send in a patch reverting this commit for now, soonTM. #regzbot introduced: 1d717123bb1a7555

9 months, 1 week

4
6
0 0

FAILED: patch "[PATCH] s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x df39038cd89525d465c2c8827eb64116873f141a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072535-synergy-struggle-8ecc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: df39038cd895 ("s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception()") b20c8216c1e0 ("s390/mm,fault: move VM_FAULT_ERROR handling to do_exception()") 7c194d84a9ce ("s390/mm,fault: remove VM_FAULT_BADMAP and VM_FAULT_BADACCESS") b61a0922b6dc ("s390/mm,fault: remove VM_FAULT_SIGNAL") 0f86ac4ba713 ("s390/mm,fault: remove VM_FAULT_BADCONTEXT") 0f1a14e0348e ("s390/mm,fault: simplify kfence fault handling") 64ea33fb09f8 ("s390/mm,fault: call do_fault_error() only from do_exception()") 5db06565cad6 ("s390/mm,fault: get rid of do_low_address()") cca12b427d43 ("s390/mm,fault: remove VM_FAULT_PFAULT") 5be05c35e72f ("s390/mm,fault: improve readability by using teid union") 4416d2ed8166 ("s390/mm,fault: use static key for store indication") 9641613f48bb ("s390/mm,fault: use get_fault_address() everywhere") 5c845de331d9 ("s390/mm,fault: remove noinline attribute from all functions") 8dbc33dc8163 ("s390/mm,fault: have balanced braces, remove unnecessary blanks") 7c915a84e5e2 ("s390/mm,fault: reverse x-mas tree coding style") 3aad8c044297 ("s390/mm,fault: remove and improve comments, adjust whitespace") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From df39038cd89525d465c2c8827eb64116873f141a Mon Sep 17 00:00:00 2001 From: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Date: Mon, 15 Jul 2024 20:04:16 +0200 Subject: [PATCH] s390/mm: Fix VM_FAULT_HWPOISON handling in do_exception() There is no support for HWPOISON, MEMORY_FAILURE, or ARCH_HAS_COPY_MC on s390. Therefore we do not expect to see VM_FAULT_HWPOISON in do_exception(). However, since commit af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more general"), it is possible to see VM_FAULT_HWPOISON in combination with PTE_MARKER_POISONED, even on architectures that do not support HWPOISON otherwise. In this case, we will end up on the BUG() in do_exception(). Fix this by treating VM_FAULT_HWPOISON the same as VM_FAULT_SIGBUS, similar to x86 when MEMORY_FAILURE is not configured. Also print unexpected fault flags, for easier debugging. Note that VM_FAULT_HWPOISON_LARGE is not expected, because s390 cannot support swap entries on other levels than PTE level. Cc: stable(a)vger.kernel.org # 6.6+ Fixes: af19487f00f3 ("mm: make PTE_MARKER_SWAPIN_ERROR more general") Reported-by: Yunseong Kim <yskelg(a)gmail.com> Tested-by: Yunseong Kim <yskelg(a)gmail.com> Acked-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Signed-off-by: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> Message-ID: <20240715180416.3632453-1-gerald.schaefer(a)linux.ibm.com> Signed-off-by: Vasily Gorbik <gor(a)linux.ibm.com> diff --git a/arch/s390/mm/fault.c b/arch/s390/mm/fault.c index 6b19a33c49c2..8e149ef5e89b 100644 --- a/arch/s390/mm/fault.c +++ b/arch/s390/mm/fault.c @@ -433,12 +433,13 @@ static void do_exception(struct pt_regs *regs, int access) handle_fault_error_nolock(regs, 0); else do_sigsegv(regs, SEGV_MAPERR); - } else if (fault & VM_FAULT_SIGBUS) { + } else if (fault & (VM_FAULT_SIGBUS | VM_FAULT_HWPOISON)) { if (!user_mode(regs)) handle_fault_error_nolock(regs, 0); else do_sigbus(regs); } else { + pr_emerg("Unexpected fault flags: %08x\n", fault); BUG(); } }

9 months, 1 week

2
1
0 0

[PATCH net v2] gve: Fix an edge case for TSO skb validity check

by Praveen Kaligineedi

From: Bailey Forrest <bcf(a)google.com> The NIC requires each TSO segment to not span more than 10 descriptors. NIC further requires each descriptor to not exceed 16KB - 1 (GVE_TX_MAX_BUF_SIZE_DQO). The descriptors for an skb are generated by gve_tx_add_skb_no_copy_dqo() for DQO RDA queue format. gve_tx_add_skb_no_copy_dqo() loops through each skb frag and generates a descriptor for the entire frag if the frag size is not greater than GVE_TX_MAX_BUF_SIZE_DQO. If the frag size is greater than GVE_TX_MAX_BUF_SIZE_DQO, it is split into descriptor(s) of size GVE_TX_MAX_BUF_SIZE_DQO and a descriptor is generated for the remainder (frag size % GVE_TX_MAX_BUF_SIZE_DQO). gve_can_send_tso() checks if the descriptors thus generated for an skb would meet the requirement that each TSO-segment not span more than 10 descriptors. However, the current code misses an edge case when a TSO segment spans multiple descriptors within a large frag. This change fixes the edge case. gve_can_send_tso() relies on the assumption that max gso size (9728) is less than GVE_TX_MAX_BUF_SIZE_DQO and therefore within an skb fragment a TSO segment can never span more than 2 descriptors. Fixes: a57e5de476be ("gve: DQO: Add TX path") Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Signed-off-by: Bailey Forrest <bcf(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> Cc: stable(a)vger.kernel.org --- Changes from v1: - Added 'stable tag' - Added more explanation in the commit message - Modified comments to clarify the changes made - Changed variable names 'last_frag_size' to 'prev_frag_size' and 'last_frag_remain' to 'prev_frag_remain' - Removed parentheses around single line statement drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_tx_dqo.c b/drivers/net/ethernet/google/gve/gve_tx_dqo.c index 0b3cca3fc792..f879426cb552 100644 --- a/drivers/net/ethernet/google/gve/gve_tx_dqo.c +++ b/drivers/net/ethernet/google/gve/gve_tx_dqo.c @@ -866,22 +866,42 @@ static bool gve_can_send_tso(const struct sk_buff *skb) const int header_len = skb_tcp_all_headers(skb); const int gso_size = shinfo->gso_size; int cur_seg_num_bufs; + int prev_frag_size; int cur_seg_size; int i; cur_seg_size = skb_headlen(skb) - header_len; + prev_frag_size = skb_headlen(skb); cur_seg_num_bufs = cur_seg_size > 0; for (i = 0; i < shinfo->nr_frags; i++) { if (cur_seg_size >= gso_size) { cur_seg_size %= gso_size; cur_seg_num_bufs = cur_seg_size > 0; + + if (prev_frag_size > GVE_TX_MAX_BUF_SIZE_DQO) { + int prev_frag_remain = prev_frag_size % + GVE_TX_MAX_BUF_SIZE_DQO; + + /* If the last descriptor of the previous frag + * is less than cur_seg_size, the segment will + * span two descriptors in the previous frag. + * Since max gso size (9728) is less than + * GVE_TX_MAX_BUF_SIZE_DQO, it is impossible + * for the segment to span more than two + * descriptors. + */ + if (prev_frag_remain && + cur_seg_size > prev_frag_remain) + cur_seg_num_bufs++; + } } if (unlikely(++cur_seg_num_bufs > max_bufs_per_seg)) return false; - cur_seg_size += skb_frag_size(&shinfo->frags[i]); + prev_frag_size = skb_frag_size(&shinfo->frags[i]); + cur_seg_size += prev_frag_size; } return true; -- 2.45.2.1089.g2a221341d9-goog

9 months, 1 week

3
2
0 0

[PATCH 6.1.y] bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func

by Sergio González Collado

From: Jiri Olsa <jolsa(a)kernel.org> [ Upstream commit 4121d4481b72501aa4d22680be4ea1096d69d133 ] Hao Sun reported crash in dispatcher image [1]. Currently we don't have any sync between bpf_dispatcher_update and bpf_dispatcher_xdp_func, so following race is possible: cpu 0: cpu 1: bpf_prog_run_xdp ... bpf_dispatcher_xdp_func in image at offset 0x0 bpf_dispatcher_update update image at offset 0x800 bpf_dispatcher_update update image at offset 0x0 in image at offset 0x0 -> crash Fixing this by synchronizing dispatcher image update (which is done in bpf_dispatcher_update function) with bpf_dispatcher_xdp_func that reads and execute the dispatcher image. Calling synchronize_rcu after updating and installing new image ensures that readers leave old image before it's changed in the next dispatcher update. The update itself is locked with dispatcher's mutex. The bpf_prog_run_xdp is called under local_bh_disable and synchronize_rcu will wait for it to leave [2]. [1] https://lore.kernel.org/bpf/Y5SFho7ZYXr9ifRn@krava/T/#m00c29ece654bc9f332a1… [2] https://lore.kernel.org/bpf/0B62D35A-E695-4B7A-A0D4-774767544C1A@gmail.com/… Reported-by: Hao Sun <sunhao.th(a)gmail.com> Signed-off-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Yonghong Song <yhs(a)fb.com> Acked-by: Paul E. McKenney <paulmck(a)kernel.org> Link: https://lore.kernel.org/r/20221214123542.1389719-1-jolsa@kernel.org Signed-off-by: Martin KaFai Lau <martin.lau(a)kernel.org> (cherry picked from commit 4121d4481b72501aa4d22680be4ea1096d69d133) Signed-off-by: Sergio González Collado <sergio.collado(a)gmail.com> Reported-by: syzbot+08ba1e474d350b613604(a)syzkaller.appspotmail.com --- kernel/bpf/dispatcher.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/kernel/bpf/dispatcher.c b/kernel/bpf/dispatcher.c index c19719f48ce0..fa3e9225aedc 100644 --- a/kernel/bpf/dispatcher.c +++ b/kernel/bpf/dispatcher.c @@ -125,6 +125,11 @@ static void bpf_dispatcher_update(struct bpf_dispatcher *d, int prev_num_progs) __BPF_DISPATCHER_UPDATE(d, new ?: (void *)&bpf_dispatcher_nop_func); + /* Make sure all the callers executing the previous/old half of the + * image leave it, so following update call can modify it safely. + */ + synchronize_rcu(); + if (new) d->image_off = noff; } -- 2.39.2

9 months, 1 week

1
0
0 0

[PATCH 6.1.y] btrfs: do not BUG_ON on failure to get dir index for new snapshot

by Sergio González Collado

From: Filipe Manana <fdmanana(a)suse.com> [ Upstream commit df9f278239046719c91aeb59ec0afb1a99ee8b2b ] During the transaction commit path, at create_pending_snapshot(), there is no need to BUG_ON() in case we fail to get a dir index for the snapshot in the parent directory. This should fail very rarely because the parent inode should be loaded in memory already, with the respective delayed inode created and the parent inode's index_cnt field already initialized. However if it fails, it may be -ENOMEM like the comment at create_pending_snapshot() says or any error returned by btrfs_search_slot() through btrfs_set_inode_index_count(), which can be pretty much anything such as -EIO or -EUCLEAN for example. So the comment is not correct when it says it can only be -ENOMEM. However doing a BUG_ON() here is overkill, since we can instead abort the transaction and return the error. Note that any error returned by create_pending_snapshot() will eventually result in a transaction abort at cleanup_transaction(), called from btrfs_commit_transaction(), but we can explicitly abort the transaction at this point instead so that we get a stack trace to tell us that the call to btrfs_set_inode_index() failed. So just abort the transaction and return in case btrfs_set_inode_index() returned an error at create_pending_snapshot(). Reviewed-by: Johannes Thumshirn <johannes.thumshirn(a)wdc.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> (cherry picked from commit df9f278239046719c91aeb59ec0afb1a99ee8b2b) Signed-off-by: Sergio González Collado <sergio.collado(a)gmail.com> Reported-by: syzbot+c56033c8c15c08286062(a)syzkaller.appspotmail.com --- fs/btrfs/transaction.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c index a7853a3a5719..604241e6e2c1 100644 --- a/fs/btrfs/transaction.c +++ b/fs/btrfs/transaction.c @@ -1701,7 +1701,10 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, * insert the directory item */ ret = btrfs_set_inode_index(BTRFS_I(parent_inode), &index); - BUG_ON(ret); /* -ENOMEM */ + if (ret) { + btrfs_abort_transaction(trans, ret); + goto fail; + } /* check if there is a file/dir which has the same name. */ dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, -- 2.39.2

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 074992a1163295d717faa21d1818c4c19ef6e676 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072522-properly-jackpot-9fed@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 074992a11632 ("arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB") a06a2f12f9e2 ("arm64: dts: qcom: qrb4210-rb2: enable USB-C port handling") 7e3a1f6470f7 ("arm64: dts: qcom: sm6115: drop pipe clock selection") b3eaa47395b9 ("arm64: dts: qcom: sm6115: Hook up interconnects") f6874706e311 ("arm64: dts: qcom: sm6115: switch UFS QMP PHY to new style of bindings") ff753723bf39 ("arm64: dts: qcom: qrb4210-rb2: Enable MPSS and Wi-Fi") cab60b166575 ("arm64: dts: qcom: qrb4210-rb2: Enable bluetooth") ba5f5610841f ("arm64: dts: qcom: sm6115: Add UART3") 27c2ca90e2f3 ("arm64: dts: qcom: qrb4210-rb2: don't force usb peripheral mode") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 074992a1163295d717faa21d1818c4c19ef6e676 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:45 +0530 Subject: [PATCH] arm64: dts: qcom: sm6115: Disable SS instance in Parkmode for USB For Gen-1 targets like SM6115, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SM6115 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 97e563bf5ba1 ("arm64: dts: qcom: sm6115: Add basic soc dtsi") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-6-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm6115.dtsi b/arch/arm64/boot/dts/qcom/sm6115.dtsi index ac5f071a8db3..aec6ca5941c2 100644 --- a/arch/arm64/boot/dts/qcom/sm6115.dtsi +++ b/arch/arm64/boot/dts/qcom/sm6115.dtsi @@ -1659,6 +1659,7 @@ usb_dwc3: usb@4e00000 { snps,has-lpm-erratum; snps,hird-threshold = /bits/ 8 <0x10>; snps,usb3_lpm_capable; + snps,parkmode-disable-ss-quirk; usb-role-switch;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072513-cardinal-snowcap-d711@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") 8fe25ba3ffec ("arm64: dts: qcom: sdm845: rename labels for DSI nodes") 8721e18ca696 ("arm64: dts: qcom: enable dual ("bonded") DSI mode for DB845c") 39e0f8076f6f ("arm64: dts: qcom: sdm845-tama: Enable remoteprocs") 5dcc6587fde2 ("arm64: dts: qcom: sdm845-tama: Add display nodes") e12482e68830 ("arm64: dts: qcom: sdm845-xiaomi-beryllium: drop invalid panel properties") 9f3c858ecde0 ("arm64: dts: qcom: sdm845-oneplus: drop invalid panel properties") 4ce03bb80fae ("arm64: dts: qcom: sdm845-tama: Add volume up and camera GPIO keys") a1a685c312f5 ("arm64: dts: qcom: sdm845: Add compat qcom,sdm845-dsi-ctrl") ea25d61b448a ("arm64: dts: qcom: Use plural _gpios node label for PMIC gpios") 67e75cfea375 ("arm64: dts: qcom: Add Lenovo Tab P11 (J606F/XiaoXin Pad) dts") cb3920b50b4d ("arm64: dts: qcom: align LED node names with dtschema") f86ae6f23a9e ("arm64: dts: qcom: sagit: add initial device tree for sagit") 0d97fdf380b4 ("arm64: dts: qcom: Add configuration for PMI8950 peripheral") e07f41b0e1db ("arm64: dts: qcom: Add configuration for PM8950 peripheral") 108162894a5d ("arm64: dts: qcom: sdm845-*: Fix up comments") 4ba146dd8897 ("arm64: dts: qcom: sm6125-seine: Configure additional trinket thermistors") 7401035f2ef8 ("arm64: dts: qcom: sm6125-seine: Include PM6125 and configure PON") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072511-taco-reveler-c562@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") 8fe25ba3ffec ("arm64: dts: qcom: sdm845: rename labels for DSI nodes") 8721e18ca696 ("arm64: dts: qcom: enable dual ("bonded") DSI mode for DB845c") 39e0f8076f6f ("arm64: dts: qcom: sdm845-tama: Enable remoteprocs") 5dcc6587fde2 ("arm64: dts: qcom: sdm845-tama: Add display nodes") e12482e68830 ("arm64: dts: qcom: sdm845-xiaomi-beryllium: drop invalid panel properties") 9f3c858ecde0 ("arm64: dts: qcom: sdm845-oneplus: drop invalid panel properties") 4ce03bb80fae ("arm64: dts: qcom: sdm845-tama: Add volume up and camera GPIO keys") a1a685c312f5 ("arm64: dts: qcom: sdm845: Add compat qcom,sdm845-dsi-ctrl") ea25d61b448a ("arm64: dts: qcom: Use plural _gpios node label for PMIC gpios") 67e75cfea375 ("arm64: dts: qcom: Add Lenovo Tab P11 (J606F/XiaoXin Pad) dts") cb3920b50b4d ("arm64: dts: qcom: align LED node names with dtschema") f86ae6f23a9e ("arm64: dts: qcom: sagit: add initial device tree for sagit") 0d97fdf380b4 ("arm64: dts: qcom: Add configuration for PMI8950 peripheral") e07f41b0e1db ("arm64: dts: qcom: Add configuration for PM8950 peripheral") 108162894a5d ("arm64: dts: qcom: sdm845-*: Fix up comments") 4ba146dd8897 ("arm64: dts: qcom: sm6125-seine: Configure additional trinket thermistors") 7401035f2ef8 ("arm64: dts: qcom: sm6125-seine: Include PM6125 and configure PON") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072512-saline-founder-7ebe@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") 8fe25ba3ffec ("arm64: dts: qcom: sdm845: rename labels for DSI nodes") 8721e18ca696 ("arm64: dts: qcom: enable dual ("bonded") DSI mode for DB845c") 39e0f8076f6f ("arm64: dts: qcom: sdm845-tama: Enable remoteprocs") 5dcc6587fde2 ("arm64: dts: qcom: sdm845-tama: Add display nodes") e12482e68830 ("arm64: dts: qcom: sdm845-xiaomi-beryllium: drop invalid panel properties") 9f3c858ecde0 ("arm64: dts: qcom: sdm845-oneplus: drop invalid panel properties") 4ce03bb80fae ("arm64: dts: qcom: sdm845-tama: Add volume up and camera GPIO keys") a1a685c312f5 ("arm64: dts: qcom: sdm845: Add compat qcom,sdm845-dsi-ctrl") ea25d61b448a ("arm64: dts: qcom: Use plural _gpios node label for PMIC gpios") 67e75cfea375 ("arm64: dts: qcom: Add Lenovo Tab P11 (J606F/XiaoXin Pad) dts") cb3920b50b4d ("arm64: dts: qcom: align LED node names with dtschema") f86ae6f23a9e ("arm64: dts: qcom: sagit: add initial device tree for sagit") 0d97fdf380b4 ("arm64: dts: qcom: Add configuration for PMI8950 peripheral") e07f41b0e1db ("arm64: dts: qcom: Add configuration for PM8950 peripheral") 108162894a5d ("arm64: dts: qcom: sdm845-*: Fix up comments") 4ba146dd8897 ("arm64: dts: qcom: sm6125-seine: Configure additional trinket thermistors") 7401035f2ef8 ("arm64: dts: qcom: sm6125-seine: Include PM6125 and configure PON") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072511-kinetic-stumbling-e918@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") 8fe25ba3ffec ("arm64: dts: qcom: sdm845: rename labels for DSI nodes") 8721e18ca696 ("arm64: dts: qcom: enable dual ("bonded") DSI mode for DB845c") 39e0f8076f6f ("arm64: dts: qcom: sdm845-tama: Enable remoteprocs") 5dcc6587fde2 ("arm64: dts: qcom: sdm845-tama: Add display nodes") e12482e68830 ("arm64: dts: qcom: sdm845-xiaomi-beryllium: drop invalid panel properties") 9f3c858ecde0 ("arm64: dts: qcom: sdm845-oneplus: drop invalid panel properties") 4ce03bb80fae ("arm64: dts: qcom: sdm845-tama: Add volume up and camera GPIO keys") a1a685c312f5 ("arm64: dts: qcom: sdm845: Add compat qcom,sdm845-dsi-ctrl") ea25d61b448a ("arm64: dts: qcom: Use plural _gpios node label for PMIC gpios") 67e75cfea375 ("arm64: dts: qcom: Add Lenovo Tab P11 (J606F/XiaoXin Pad) dts") cb3920b50b4d ("arm64: dts: qcom: align LED node names with dtschema") f86ae6f23a9e ("arm64: dts: qcom: sagit: add initial device tree for sagit") 0d97fdf380b4 ("arm64: dts: qcom: Add configuration for PMI8950 peripheral") e07f41b0e1db ("arm64: dts: qcom: Add configuration for PM8950 peripheral") 108162894a5d ("arm64: dts: qcom: sdm845-*: Fix up comments") 4ba146dd8897 ("arm64: dts: qcom: sm6125-seine: Configure additional trinket thermistors") 7401035f2ef8 ("arm64: dts: qcom: sm6125-seine: Include PM6125 and configure PON") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072510-await-likely-827c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") 8fe25ba3ffec ("arm64: dts: qcom: sdm845: rename labels for DSI nodes") 8721e18ca696 ("arm64: dts: qcom: enable dual ("bonded") DSI mode for DB845c") 39e0f8076f6f ("arm64: dts: qcom: sdm845-tama: Enable remoteprocs") 5dcc6587fde2 ("arm64: dts: qcom: sdm845-tama: Add display nodes") e12482e68830 ("arm64: dts: qcom: sdm845-xiaomi-beryllium: drop invalid panel properties") 9f3c858ecde0 ("arm64: dts: qcom: sdm845-oneplus: drop invalid panel properties") 4ce03bb80fae ("arm64: dts: qcom: sdm845-tama: Add volume up and camera GPIO keys") a1a685c312f5 ("arm64: dts: qcom: sdm845: Add compat qcom,sdm845-dsi-ctrl") ea25d61b448a ("arm64: dts: qcom: Use plural _gpios node label for PMIC gpios") 67e75cfea375 ("arm64: dts: qcom: Add Lenovo Tab P11 (J606F/XiaoXin Pad) dts") cb3920b50b4d ("arm64: dts: qcom: align LED node names with dtschema") f86ae6f23a9e ("arm64: dts: qcom: sagit: add initial device tree for sagit") 0d97fdf380b4 ("arm64: dts: qcom: Add configuration for PMI8950 peripheral") e07f41b0e1db ("arm64: dts: qcom: Add configuration for PM8950 peripheral") 108162894a5d ("arm64: dts: qcom: sdm845-*: Fix up comments") 4ba146dd8897 ("arm64: dts: qcom: sm6125-seine: Configure additional trinket thermistors") 7401035f2ef8 ("arm64: dts: qcom: sm6125-seine: Include PM6125 and configure PON") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072509-chive-tabby-a6f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cf4d6d54eadb ("arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB") ca5ca568d738 ("arm64: dts: qcom: sdm845: switch USB QMP PHY to new style of bindings") a9ecdec45a3a ("arm64: dts: qcom: sdm845: switch USB+DP QMP PHY to new style of bindings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cf4d6d54eadb60d2ee4d31c9d92299f5e8dcb55c Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:48 +0530 Subject: [PATCH] arm64: dts: qcom: sdm845: Disable SS instance in Parkmode for USB For Gen-1 targets like SDM845, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SDM845 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-9-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi index 23b101bb3842..54077549b9da 100644 --- a/arch/arm64/boot/dts/qcom/sdm845.dtsi +++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi @@ -4138,6 +4138,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x740 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; @@ -4213,6 +4214,7 @@ usb_2_dwc3: usb@a800000 { iommus = <&apps_smmu 0x760 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_2_hsphy>, <&usb_2_qmpphy>; phy-names = "usb2-phy", "usb3-phy"; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072552-victory-unpaid-afda@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: dc6ba95c6c44 ("arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB") d412786ab86b ("arm64: dts: qcom: ipq8074: remove USB tx-fifo-resize property") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:42 +0530 Subject: [PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB For Gen-1 targets like IPQ8074, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ8074 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi index 92682d3c9478..284a4553070f 100644 --- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi @@ -666,6 +666,7 @@ dwc_0: usb@8a00000 { interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_0>, <&ssphy_0>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; @@ -715,6 +716,7 @@ dwc_1: usb@8c00000 { interrupts = <GIC_SPI 99 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_1>, <&ssphy_1>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072552-twisty-harvest-26cd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: dc6ba95c6c44 ("arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:42 +0530 Subject: [PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB For Gen-1 targets like IPQ8074, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ8074 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi index 92682d3c9478..284a4553070f 100644 --- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi @@ -666,6 +666,7 @@ dwc_0: usb@8a00000 { interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_0>, <&ssphy_0>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; @@ -715,6 +716,7 @@ dwc_1: usb@8c00000 { interrupts = <GIC_SPI 99 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_1>, <&ssphy_1>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072551-chain-finalist-0cb0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: dc6ba95c6c44 ("arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:42 +0530 Subject: [PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB For Gen-1 targets like IPQ8074, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ8074 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi index 92682d3c9478..284a4553070f 100644 --- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi @@ -666,6 +666,7 @@ dwc_0: usb@8a00000 { interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_0>, <&ssphy_0>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; @@ -715,6 +716,7 @@ dwc_1: usb@8c00000 { interrupts = <GIC_SPI 99 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_1>, <&ssphy_1>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072550-editor-edging-bfb4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: dc6ba95c6c44 ("arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dc6ba95c6c4400a84cca5b419b34ae852a08cfb5 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:42 +0530 Subject: [PATCH] arm64: dts: qcom: ipq8074: Disable SS instance in Parkmode for USB For Gen-1 targets like IPQ8074, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for IPQ8074 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/ipq8074.dtsi b/arch/arm64/boot/dts/qcom/ipq8074.dtsi index 92682d3c9478..284a4553070f 100644 --- a/arch/arm64/boot/dts/qcom/ipq8074.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq8074.dtsi @@ -666,6 +666,7 @@ dwc_0: usb@8a00000 { interrupts = <GIC_SPI 140 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_0>, <&ssphy_0>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk; @@ -715,6 +716,7 @@ dwc_1: usb@8c00000 { interrupts = <GIC_SPI 99 IRQ_TYPE_LEVEL_HIGH>; phys = <&qusb_phy_1>, <&ssphy_1>; phy-names = "usb2-phy", "usb3-phy"; + snps,parkmode-disable-ss-quirk; snps,is-utmi-l1-suspend; snps,hird-threshold = /bits/ 8 <0x0>; snps,dis_u2_susphy_quirk;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072511-underfeed-acclaim-5e48@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0046325ae520 ("arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB") b7efebfeb2e8 ("arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings") ed9cbbcb8c6a ("arm64: dts: qcom: msm8998: drop USB PHY clock index") 1351512f29b4 ("arm64: dts: qcom: Correct QMP PHY child node name") 82d61e19fccb ("arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node") 095bbdd9a5c3 ("arm64: dts: qcom: ipq6018: Add pcie support") 63fa43224696 ("arm64: dts: qcom: sm8250: fix usb2 qmp phy node") dc2f86369b15 ("arm64: dts: qcom: sm8250: Fix pcie2_lane unit address") 59c7cf814783 ("arm64: dts: qcom: sm8350: Add UFS nodes") e780fb318fe5 ("arm64: dts: qcom: sm8350: add USB and PHY device nodes") e53bdfc00977 ("arm64: dts: qcom: sm8250: Add PCIe support") b7e8f433a673 ("arm64: dts: qcom: Add basic devicetree support for SM8350 SoC") 46a6f297d7dd ("arm64: dts: qcom: sm8250: Add USB and PHY device nodes") 0c9dde0d2015 ("arm64: dts: qcom: sm8150: Add secondary USB and PHY nodes") e7e41a207a3e ("arm64: dts: qcom: sm8250: add interconnect nodes") 71a2fc6e7b30 ("arm64: dts: qcom: sm8150: add interconnect nodes") dff0f49cda84 ("arm64: dts: qcom: sm8250: Drop tcsr_mutex syscon") 5e09bc51d07b ("arm64: dts: ipq8074: enable USB support") 23a8903785b9 ("arm64: dts: qcom: sm8250: Add remoteprocs") 16951b490b20 ("arm64: dts: qcom: sm8250: Add TLMM pinctrl node") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:43 +0530 Subject: [PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-4-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 99f811a57ac5..7f44807b1b97 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072510-blade-spousal-6659@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0046325ae520 ("arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB") b7efebfeb2e8 ("arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings") ed9cbbcb8c6a ("arm64: dts: qcom: msm8998: drop USB PHY clock index") 1351512f29b4 ("arm64: dts: qcom: Correct QMP PHY child node name") 82d61e19fccb ("arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node") 095bbdd9a5c3 ("arm64: dts: qcom: ipq6018: Add pcie support") 63fa43224696 ("arm64: dts: qcom: sm8250: fix usb2 qmp phy node") dc2f86369b15 ("arm64: dts: qcom: sm8250: Fix pcie2_lane unit address") 59c7cf814783 ("arm64: dts: qcom: sm8350: Add UFS nodes") e780fb318fe5 ("arm64: dts: qcom: sm8350: add USB and PHY device nodes") e53bdfc00977 ("arm64: dts: qcom: sm8250: Add PCIe support") b7e8f433a673 ("arm64: dts: qcom: Add basic devicetree support for SM8350 SoC") 46a6f297d7dd ("arm64: dts: qcom: sm8250: Add USB and PHY device nodes") 0c9dde0d2015 ("arm64: dts: qcom: sm8150: Add secondary USB and PHY nodes") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:43 +0530 Subject: [PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-4-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 99f811a57ac5..7f44807b1b97 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072508-musty-divisive-4413@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0046325ae520 ("arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB") b7efebfeb2e8 ("arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:43 +0530 Subject: [PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-4-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 99f811a57ac5..7f44807b1b97 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072509-coach-bronzing-2797@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0046325ae520 ("arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB") b7efebfeb2e8 ("arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings") ed9cbbcb8c6a ("arm64: dts: qcom: msm8998: drop USB PHY clock index") 1351512f29b4 ("arm64: dts: qcom: Correct QMP PHY child node name") 82d61e19fccb ("arm64: dts: qcom: msm8996: Move '#clock-cells' to QMP PHY child node") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:43 +0530 Subject: [PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-4-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 99f811a57ac5..7f44807b1b97 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072508-equipment-maturely-32e1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 0046325ae520 ("arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB") b7efebfeb2e8 ("arm64: dts: qcom: msm8998: switch USB QMP PHY to new style of bindings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0046325ae52079b46da13a7f84dd7b2a6f7c38f8 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:43 +0530 Subject: [PATCH] arm64: dts: qcom: msm8998: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8998, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8998 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 026dad8f5873 ("arm64: dts: qcom: msm8998: Add USB-related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-4-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8998.dtsi b/arch/arm64/boot/dts/qcom/msm8998.dtsi index 99f811a57ac5..7f44807b1b97 100644 --- a/arch/arm64/boot/dts/qcom/msm8998.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8998.dtsi @@ -2144,6 +2144,7 @@ usb3_dwc3: usb@a800000 { interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&qusb2phy>, <&usb3phy>; phy-names = "usb2-phy", "usb3-phy"; snps,has-lpm-erratum;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c5d57eb7d06df16c07037cea5dacfd74d49d1833 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072552-smock-demeanor-6259@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c5d57eb7d06d ("arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB") 5ed2b6388b31 ("arm64: dts: qcom: sm6350: Use specific qmpphy compatible") 347b9491c595 ("arm64: dts: qcom: sm6350: fix USB-DP PHY registers") 95fade4016cb ("arm64: dts: qcom: sm6350: drop bogus DP PHY clock") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c5d57eb7d06df16c07037cea5dacfd74d49d1833 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:46 +0530 Subject: [PATCH] arm64: dts: qcom: sm6350: Disable SS instance in Parkmode for USB For Gen-1 targets like SM6350, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for SM6350 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 23737b9557fe ("arm64: dts: qcom: sm6350: Add USB1 nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-7-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sm6350.dtsi b/arch/arm64/boot/dts/qcom/sm6350.dtsi index 46e122c4421c..84009b74aee7 100644 --- a/arch/arm64/boot/dts/qcom/sm6350.dtsi +++ b/arch/arm64/boot/dts/qcom/sm6350.dtsi @@ -1921,6 +1921,7 @@ usb_1_dwc3: usb@a600000 { snps,dis_enblslpm_quirk; snps,has-lpm-erratum; snps,hird-threshold = /bits/ 8 <0x10>; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; usb-role-switch;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8996: Disable SS instance in Parkmode" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 44ea1ae3cf95db97e10d6ce17527948121f1dd4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072534-unguarded-atonable-f64d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 44ea1ae3cf95 ("arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB") d0af0537e28f ("arm64: dts: qcom: msm8996: Add missing DWC3 quirks") 50aa72ccb30b ("arm64: dts: qcom: msm8996: Sort all nodes in msm8996.dtsi") 86f6d6225e5e ("arm64: dts: qcom: msm8996: Pad addresses") 808844314309 ("arm64: dts: qcom: msm8996: Move regulator consumers to db820c") 75b77d6492eb ("arm64: dts: qcom: msm8996: Use node references in db820c") f978d45b4aab ("arm64: dts: qcom: db820c: Move non-soc entries out of /soc") d026c96b25b7 ("arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core") 4e300e439af3 ("arm64: dts: qcom: msm8996: Add Venus video codec DT node") d98de8efa19f ("arm64: dts: qcom: msm8996: Add Coresight support") 887e54218183 ("arm64: dts: qcom: msm8996: Rename smmu nodes") 72825e7f4a63 ("arm64: dts: qcom: msm8996: Enable SMMUs") 64a68a736068 ("arm64: dts: qcom: msm8996: Correct apr-domain property") 693e824452e5 ("arm64: dts: qcom: msm8996: Stop using legacy clock names") 3a2b37b09f74 ("arm64: dts: msm8996: Add UFS PHY reset controller") f3eb39a55a1f ("arm64: dts: db820c: Add sound card support") 1ad69b695582 ("arm64: dts: apq8096-db820c: Add HDMI display support") 69cc3114ab0f ("arm64: dts: Add Adreno GPU definitions") 3a4547c1fc2f ("arm64: qcom: msm8996.dtsi: Add Display nodes") 953f65737006 ("arm64: dts: msm8996: Add display smmu node") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44ea1ae3cf95db97e10d6ce17527948121f1dd4b Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:47 +0530 Subject: [PATCH] arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8996, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8996 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 1e39255ed29d ("arm64: dts: msm8996: Add device node for qcom,dwc3") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-8-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi index 2b20cedfe26c..0fd2b1b944a5 100644 --- a/arch/arm64/boot/dts/qcom/msm8996.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi @@ -3101,6 +3101,7 @@ usb3_dwc3: usb@6a00000 { snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; snps,is-utmi-l1-suspend; + snps,parkmode-disable-ss-quirk; tx-fifo-resize; }; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: msm8996: Disable SS instance in Parkmode" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 44ea1ae3cf95db97e10d6ce17527948121f1dd4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072533-splurge-kung-54fa@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 44ea1ae3cf95 ("arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB") d0af0537e28f ("arm64: dts: qcom: msm8996: Add missing DWC3 quirks") 50aa72ccb30b ("arm64: dts: qcom: msm8996: Sort all nodes in msm8996.dtsi") 86f6d6225e5e ("arm64: dts: qcom: msm8996: Pad addresses") 808844314309 ("arm64: dts: qcom: msm8996: Move regulator consumers to db820c") 75b77d6492eb ("arm64: dts: qcom: msm8996: Use node references in db820c") f978d45b4aab ("arm64: dts: qcom: db820c: Move non-soc entries out of /soc") d026c96b25b7 ("arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 44ea1ae3cf95db97e10d6ce17527948121f1dd4b Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Thu, 4 Jul 2024 20:58:47 +0530 Subject: [PATCH] arm64: dts: qcom: msm8996: Disable SS instance in Parkmode for USB For Gen-1 targets like MSM8996, it is seen that stressing out the controller in host mode results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instance in park mode for MSM8996 to mitigate this issue. Cc: stable(a)vger.kernel.org Fixes: 1e39255ed29d ("arm64: dts: msm8996: Add device node for qcom,dwc3") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240704152848.3380602-8-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi index 2b20cedfe26c..0fd2b1b944a5 100644 --- a/arch/arm64/boot/dts/qcom/msm8996.dtsi +++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi @@ -3101,6 +3101,7 @@ usb3_dwc3: usb@6a00000 { snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; snps,is-utmi-l1-suspend; + snps,parkmode-disable-ss-quirk; tx-fifo-resize; }; };

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072515-shifting-impulse-0512@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 3d930f1750ce ("arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode") 36888ed83f99 ("arm64: dts: qcom: sc7280: switch USB+DP QMP PHY to new style of bindings") 70c4a1ca13b3 ("arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk") 531c738fb360 ("arm64: dts: qcom: sc7280: drop PCIe PHY clock index") fc6b1225d20d ("arm64: dts: qcom: sc7280: Add Display Port node") 25940788d170 ("arm64: dts: qcom: sc7280: add edp display dt nodes") 43137272f0bc ("arm64: dts: qcom: sc7280: Add DSI display nodes") fcb68dfda5cb ("arm64: dts: qcom: sc7280: add display dt nodes") bd7d507935ca ("arm64: dts: qcom: sc7280: Add pcie clock support") 92e0ee9f83b3 ("arm64: dts: qcom: sc7280: Add PCIe and PHY related nodes") 6b3207dfebdf ("arm64: dts: qcom: sc7280: Use QMP property to control load state") 7720ea001b52 ("arm64: dts: qcom: sc7280: Add QSPI node") 425f30cc843c ("arm64: dts: qcom: sc7280: fix display port phy reg property") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Tue, 4 Jun 2024 11:36:59 +0530 Subject: [PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode On SC7280, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7280 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240604060659.1449278-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index c3aaa09b8187..ba43fba2c551 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4232,6 +4232,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072514-hunter-transpose-6f5e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 3d930f1750ce ("arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode") 36888ed83f99 ("arm64: dts: qcom: sc7280: switch USB+DP QMP PHY to new style of bindings") 70c4a1ca13b3 ("arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Tue, 4 Jun 2024 11:36:59 +0530 Subject: [PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode On SC7280, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7280 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240604060659.1449278-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index c3aaa09b8187..ba43fba2c551 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4232,6 +4232,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072513-magnify-deputize-f818@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 3d930f1750ce ("arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode") 36888ed83f99 ("arm64: dts: qcom: sc7280: switch USB+DP QMP PHY to new style of bindings") 70c4a1ca13b3 ("arm64: dts: qcom: sc7280: link usb3_phy_wrapper_gcc_usb30_pipe_clk") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3d930f1750ce30a6c36dbc71f8ff7e20322b94d7 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Tue, 4 Jun 2024 11:36:59 +0530 Subject: [PATCH] arm64: dts: qcom: sc7280: Disable SuperSpeed instances in park mode On SC7280, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7280 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: stable(a)vger.kernel.org Fixes: bb9efa59c665 ("arm64: dts: qcom: sc7280: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240604060659.1449278-3-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi index c3aaa09b8187..ba43fba2c551 100644 --- a/arch/arm64/boot/dts/qcom/sc7280.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi @@ -4232,6 +4232,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0xe0 0x0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7180: Disable SuperSpeed instances in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 5b8baed4b88132c12010ce6ca1b56f00d122e376 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072546-saddled-unselect-6d9b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 5b8baed4b881 ("arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode") ebb840b00b7f ("arm64: dts: qcom: sc7180: switch USB+DP QMP PHY to new style of bindings") 2b616f86d51b ("arm64: dts: qcom: sc7180: rename labels for DSI nodes") 4a9f8f8f2ada ("arm64: dts: qcom: Add Acer Aspire 1") 39238382c499 ("arm64: dts: qcom: sc7180: Drop redundant disable in mdp") 43926a3cb191 ("arm64: dts: qcom: sc7180: Don't enable lpass clocks by default") c28d9029f3b6 ("arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel") 88904a12fbcb ("arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel") 746bda7d9dd9 ("arm64: dts: qcom: sc7180-idp: use just "port" in panel") 603f96d4c9d0 ("arm64: dts: qcom: add initial support for qcom sa8775p-ride") a45d0641d110 ("arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl") f5b4811e8758 ("arm64: dts: qcom: sc7180: Add trogdor eDP/touchscreen regulator off-on-time") 6be310347c9c ("arm64: dts: qcom: add SA8540P ride(Qdrive-3)") 2372bd2d5be6 ("arm64: dts: qcom: sc7180: change DSI PHY node name to generic one") 95dc5fd99972 ("arm64: dts: qcom: sc7180: Drop redundant phy-names from DSI controller") a10b760b7402 ("arm64: dts: qcom: sc7180-trogdor: Split out keyboard node and describe detachables") 6afcee78b4a4 ("arm64: dts: qcom: sc7180: Add kingoftown dts files") fb69f6adaf88 ("arm64: dts: qcom: sc7180: Add pazquel dts files") 9520fef90049 ("arm64: dts: qcom: sc7180: Add mrbland dts files") c77a3d4a2bfa ("arm64: dts: qcom: sc7180: Add quackingstick dts files") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b8baed4b88132c12010ce6ca1b56f00d122e376 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Tue, 4 Jun 2024 11:36:58 +0530 Subject: [PATCH] arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode On SC7180, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7180 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 0b766e7fe5a2 ("arm64: dts: qcom: sc7180: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240604060659.1449278-2-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi index 52d074a4fbf3..9ab0c98cac05 100644 --- a/arch/arm64/boot/dts/qcom/sc7180.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi @@ -3066,6 +3066,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x540 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sc7180: Disable SuperSpeed instances in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 5b8baed4b88132c12010ce6ca1b56f00d122e376 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072545-supermom-stinky-b4f9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 5b8baed4b881 ("arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode") ebb840b00b7f ("arm64: dts: qcom: sc7180: switch USB+DP QMP PHY to new style of bindings") 2b616f86d51b ("arm64: dts: qcom: sc7180: rename labels for DSI nodes") 4a9f8f8f2ada ("arm64: dts: qcom: Add Acer Aspire 1") 39238382c499 ("arm64: dts: qcom: sc7180: Drop redundant disable in mdp") 43926a3cb191 ("arm64: dts: qcom: sc7180: Don't enable lpass clocks by default") c28d9029f3b6 ("arm64: dts: qcom: sc7180-trogdor-wormdingler: use just "port" in panel") 88904a12fbcb ("arm64: dts: qcom: sc7180-trogdor-quackingstick: use just "port" in panel") 746bda7d9dd9 ("arm64: dts: qcom: sc7180-idp: use just "port" in panel") 603f96d4c9d0 ("arm64: dts: qcom: add initial support for qcom sa8775p-ride") a45d0641d110 ("arm64: dts: qcom: sc7180: Add compat qcom,sc7180-dsi-ctrl") f5b4811e8758 ("arm64: dts: qcom: sc7180: Add trogdor eDP/touchscreen regulator off-on-time") 6be310347c9c ("arm64: dts: qcom: add SA8540P ride(Qdrive-3)") 2372bd2d5be6 ("arm64: dts: qcom: sc7180: change DSI PHY node name to generic one") 95dc5fd99972 ("arm64: dts: qcom: sc7180: Drop redundant phy-names from DSI controller") a10b760b7402 ("arm64: dts: qcom: sc7180-trogdor: Split out keyboard node and describe detachables") 6afcee78b4a4 ("arm64: dts: qcom: sc7180: Add kingoftown dts files") fb69f6adaf88 ("arm64: dts: qcom: sc7180: Add pazquel dts files") 9520fef90049 ("arm64: dts: qcom: sc7180: Add mrbland dts files") c77a3d4a2bfa ("arm64: dts: qcom: sc7180: Add quackingstick dts files") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5b8baed4b88132c12010ce6ca1b56f00d122e376 Mon Sep 17 00:00:00 2001 From: Krishna Kurapati <quic_kriskura(a)quicinc.com> Date: Tue, 4 Jun 2024 11:36:58 +0530 Subject: [PATCH] arm64: dts: qcom: sc7180: Disable SuperSpeed instances in park mode On SC7180, in host mode, it is observed that stressing out controller results in HC died error: xhci-hcd.12.auto: xHCI host not responding to stop endpoint command xhci-hcd.12.auto: xHCI host controller not responding, assume dead xhci-hcd.12.auto: HC died; cleaning up And at this instant only restarting the host mode fixes it. Disable SuperSpeed instances in park mode for SC7180 to mitigate this issue. Reported-by: Doug Anderson <dianders(a)google.com> Cc: stable(a)vger.kernel.org Fixes: 0b766e7fe5a2 ("arm64: dts: qcom: sc7180: Add USB related nodes") Signed-off-by: Krishna Kurapati <quic_kriskura(a)quicinc.com> Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240604060659.1449278-2-quic_kriskura@quicinc.com Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sc7180.dtsi b/arch/arm64/boot/dts/qcom/sc7180.dtsi index 52d074a4fbf3..9ab0c98cac05 100644 --- a/arch/arm64/boot/dts/qcom/sc7180.dtsi +++ b/arch/arm64/boot/dts/qcom/sc7180.dtsi @@ -3066,6 +3066,7 @@ usb_1_dwc3: usb@a600000 { iommus = <&apps_smmu 0x540 0>; snps,dis_u2_susphy_quirk; snps,dis_enblslpm_quirk; + snps,parkmode-disable-ss-quirk; phys = <&usb_1_hsphy>, <&usb_1_qmpphy QMP_USB43DP_USB3_PHY>; phy-names = "usb2-phy", "usb3-phy"; maximum-speed = "super-speed";

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072558-waving-discharge-31eb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072557-handlebar-underpass-54f1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072556-gumminess-desecrate-6e7c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072555-hubcap-monetary-01bc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072554-renovate-snippet-1b35@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072553-viewing-trapped-d0a4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072553-arena-chute-8609@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] ocfs2: strict bound check before memcmp in" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x af77c4fc1871847b528d58b7fdafb4aa1f6a9262 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072552-willed-overturn-c270@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: af77c4fc1871 ("ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From af77c4fc1871847b528d58b7fdafb4aa1f6a9262 Mon Sep 17 00:00:00 2001 From: Ferry Meng <mengferry(a)linux.alibaba.com> Date: Mon, 20 May 2024 10:40:24 +0800 Subject: [PATCH] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Link: https://lkml.kernel.org/r/20240520024024.1976129-2-joseph.qi@linux.alibaba.… Signed-off-by: Ferry Meng <mengferry(a)linux.alibaba.com> Signed-off-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Reported-by: lei lu <llfamsec(a)gmail.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Gang He <ghe(a)suse.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Jun Piao <piaojun(a)huawei.com> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Mark Fasheh <mark(a)fasheh.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c index 8aea94c90739..35c0cc2a51af 100644 --- a/fs/ocfs2/xattr.c +++ b/fs/ocfs2/xattr.c @@ -1068,7 +1068,7 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, { struct ocfs2_xattr_entry *entry; size_t name_len; - int i, cmp = 1; + int i, name_offset, cmp = 1; if (name == NULL) return -EINVAL; @@ -1083,10 +1083,15 @@ static int ocfs2_xattr_find_entry(struct inode *inode, int name_index, cmp = name_index - ocfs2_xattr_get_type(entry); if (!cmp) cmp = name_len - entry->xe_name_len; - if (!cmp) - cmp = memcmp(name, (xs->base + - le16_to_cpu(entry->xe_name_offset)), - name_len); + if (!cmp) { + name_offset = le16_to_cpu(entry->xe_name_offset); + if ((xs->base + name_offset + name_len) > xs->end) { + ocfs2_error(inode->i_sb, + "corrupted xattr entries"); + return -EFSCORRUPTED; + } + cmp = memcmp(name, (xs->base + name_offset), name_len); + } if (cmp == 0) break; entry += 1;

9 months, 1 week

1
0
0 0

[PATCH] arm64: mm: Fix lockless walks with static and dynamic page-table folding

by Will Deacon

Lina reports random oopsen originating from the fast GUP code when 16K pages are used with 4-level page-tables, the fourth level being folded at runtime due to lack of LPA2. In this configuration, the generic implementation of p4d_offset_lockless() will return a 'p4d_t *' corresponding to the 'pgd_t' allocated on the stack of the caller, gup_fast_pgd_range(). This is normally fine, but when the fourth level of page-table is folded at runtime, pud_offset_lockless() will offset from the address of the 'p4d_t' to calculate the address of the PUD in the same page-table page. This results in a stray stack read when the 'p4d_t' has been allocated on the stack and can send the walker into the weeds. Fix the problem by providing our own definition of p4d_offset_lockless() when CONFIG_PGTABLE_LEVELS <= 4 which returns the real page-table pointer rather than the address of the local stack variable. Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Ard Biesheuvel <ardb(a)kernel.org> Cc: <stable(a)vger.kernel.org> Link: https://lore.kernel.org/r/50360968-13fb-4e6f-8f52-1725b3177215@asahilina.net Fixes: 0dd4f60a2c76 ("arm64: mm: Add support for folding PUDs at runtime") Reported-by: Asahi Lina <lina(a)asahilina.net> Signed-off-by: Will Deacon <will(a)kernel.org> --- arch/arm64/include/asm/pgtable.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/arch/arm64/include/asm/pgtable.h b/arch/arm64/include/asm/pgtable.h index f8efbc128446..7a4f5604be3f 100644 --- a/arch/arm64/include/asm/pgtable.h +++ b/arch/arm64/include/asm/pgtable.h @@ -1065,6 +1065,28 @@ static inline bool pgtable_l5_enabled(void) { return false; } #define p4d_offset_kimg(dir,addr) ((p4d_t *)dir) +static inline +p4d_t *p4d_offset_lockless_folded(pgd_t *pgdp, pgd_t pgd, unsigned long addr) +{ + /* + * With runtime folding of the pud, pud_offset_lockless() passes + * the 'pgd_t *' we return here to p4d_to_folded_pud(), which + * will offset the pointer assuming that it points into + * a page-table page. However, the fast GUP path passes us a + * pgd_t allocated on the stack and so we must use the original + * pointer in 'pgdp' to construct the p4d pointer instead of + * using the generic p4d_offset_lockless() implementation. + * + * Note: reusing the original pointer means that we may + * dereference the same (live) page-table entry multiple times. + * This is safe because it is still only loaded once in the + * context of each level and the CPU guarantees same-address + * read-after-read ordering. + */ + return p4d_offset(pgdp, addr); +} +#define p4d_offset_lockless p4d_offset_lockless_folded + #endif /* CONFIG_PGTABLE_LEVELS > 4 */ #define pgd_ERROR(e) \ -- 2.45.2.1089.g2a221341d9-goog

9 months, 1 week

2
2
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072511-deskbound-riding-5c98@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") 069f534247bb ("bluetooth: Add device 13d3:3571 to device tables") 730a1d1a93a3 ("bluetooth: Add device 0bda:887b to device tables") 393b4916b7b5 ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559") 33bfd94a05ab ("Bluetooth: btusb: add Realtek 8822CE to usb_device_id table") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072510-grove-resent-a6fc@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") 069f534247bb ("bluetooth: Add device 13d3:3571 to device tables") 730a1d1a93a3 ("bluetooth: Add device 0bda:887b to device tables") 393b4916b7b5 ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559") 33bfd94a05ab ("Bluetooth: btusb: add Realtek 8822CE to usb_device_id table") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072509-slacking-prowling-76a4@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") 069f534247bb ("bluetooth: Add device 13d3:3571 to device tables") 730a1d1a93a3 ("bluetooth: Add device 0bda:887b to device tables") 393b4916b7b5 ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072507-corridor-graceful-9eac@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") 069f534247bb ("bluetooth: Add device 13d3:3571 to device tables") 730a1d1a93a3 ("bluetooth: Add device 0bda:887b to device tables") 393b4916b7b5 ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072506-sloped-overhand-cc26@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") 069f534247bb ("bluetooth: Add device 13d3:3571 to device tables") 730a1d1a93a3 ("bluetooth: Add device 0bda:887b to device tables") 393b4916b7b5 ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072505-extradite-thus-9a5c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") 3600860a7193 ("Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 6.9-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.9-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.9.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072504-bunkmate-disliking-eccc@gregkh' --subject-prefix 'PATCH 6.9.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

FAILED: patch "[PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072503-karma-crewman-5be4@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 473a89b4ed7f ("Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591") 295ef07a9dae ("Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 From: WangYuli <wangyuli(a)uniontech.com> Date: Sat, 22 Jun 2024 12:09:59 +0800 Subject: [PATCH] Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Add the support ID(0x13d3, 0x3591) to usb_device_id table for Realtek RTL8852BE. The device table is as follows: T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3591 Rev= 0.00 S: Manufacturer=Realtek S: Product=Bluetooth Radio S: SerialNumber=00e04c000001 C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms Cc: stable(a)vger.kernel.org Signed-off-by: Wentao Guan <guanwentao(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c index 2d7d47f9d007..2d5c971a59ad 100644 --- a/drivers/bluetooth/btusb.c +++ b/drivers/bluetooth/btusb.c @@ -555,6 +555,8 @@ static const struct usb_device_id quirks_table[] = { BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x13d3, 0x3572), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | BTUSB_WIDEBAND_SPEECH },

9 months, 1 week

1
0
0 0

[PATCH 6.1.y] f2fs: avoid dead loop in f2fs_issue_checkpoint()

by Sergio González Collado

From: Chao Yu <chao(a)kernel.org> [ Upstream commit 5079e1c0c879311668b77075de3e701869804adf ] generic/082 reports a bug as below: __schedule+0x332/0xf60 schedule+0x6f/0xf0 schedule_timeout+0x23b/0x2a0 wait_for_completion+0x8f/0x140 f2fs_issue_checkpoint+0xfe/0x1b0 f2fs_sync_fs+0x9d/0xb0 sync_filesystem+0x87/0xb0 dquot_load_quota_sb+0x41b/0x460 dquot_load_quota_inode+0xa5/0x130 dquot_quota_on+0x4b/0x60 f2fs_quota_on+0xe3/0x1b0 do_quotactl+0x483/0x700 __x64_sys_quotactl+0x15c/0x310 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc The root casue is race case as below: Thread A Kworker IRQ - write() : write data to quota.user file - writepages - f2fs_submit_page_write - __is_cp_guaranteed return false - inc_page_count(F2FS_WB_DATA) - submit_bio - quotactl(Q_QUOTAON) - f2fs_quota_on - dquot_quota_on - dquot_load_quota_inode - vfs_setup_quota_inode : inode->i_flags |= S_NOQUOTA - f2fs_write_end_io - __is_cp_guaranteed return true - dec_page_count(F2FS_WB_CP_DATA) - dquot_load_quota_sb - f2fs_sync_fs - f2fs_issue_checkpoint - do_checkpoint - f2fs_wait_on_all_pages(F2FS_WB_CP_DATA) : loop due to F2FS_WB_CP_DATA count is negative Calling filemap_fdatawrite() and filemap_fdatawait() to keep all data clean before quota file setup. Signed-off-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> (cherry picked from commit 5079e1c0c879311668b77075de3e701869804adf) Signed-off-by: Sergio González Collado <sergio.collado(a)gmail.com> Reported-by: syzbot+d0ab8746c920a592aeab(a)syzkaller.appspotmail.com --- fs/f2fs/super.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c index 6bd8c231069a..2d586a6bfe5f 100644 --- a/fs/f2fs/super.c +++ b/fs/f2fs/super.c @@ -2824,15 +2824,26 @@ static int f2fs_quota_on(struct super_block *sb, int type, int format_id, return -EBUSY; } + if (path->dentry->d_sb != sb) + return -EXDEV; + err = f2fs_quota_sync(sb, type); if (err) return err; - err = dquot_quota_on(sb, type, format_id, path); + inode = d_inode(path->dentry); + + err = filemap_fdatawrite(inode->i_mapping); if (err) return err; - inode = d_inode(path->dentry); + err = filemap_fdatawait(inode->i_mapping); + if (err) + return err; + + err = dquot_quota_on(sb, type, format_id, path); + if (err) + return err; inode_lock(inode); F2FS_I(inode)->i_flags |= F2FS_NOATIME_FL | F2FS_IMMUTABLE_FL; -- 2.39.2

9 months, 1 week

2
1
0 0

[PATCH v2 4.19 5.4 5.10 5.15] net: relax socket state check at accept time.

by Nikolay Kuratov

[ Upstream commit 26afda78cda3da974fd4c287962c169e9462c495 ] Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 RIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759 Code: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd <0f> 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80 RSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293 RAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64 R10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000 R13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800 FS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786 do_accept+0x435/0x620 net/socket.c:1929 __sys_accept4_file net/socket.c:1969 [inline] __sys_accept4+0x9b/0x110 net/socket.c:1999 __do_sys_accept net/socket.c:2016 [inline] __se_sys_accept net/socket.c:2013 [inline] __x64_sys_accept+0x7d/0x90 net/socket.c:2013 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x4315f9 Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b RAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300 R10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055 </TASK> The reproducer invokes shutdown() before entering the listener status. After commit 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"), the above causes the child to reach the accept syscall in FIN_WAIT1 status. Eric noted we can relax the existing assertion in __inet_accept() Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/490 Suggested-by: Eric Dumazet <edumazet(a)google.com> Fixes: 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets") Link: https://lore.kernel.org/r/23ab880a44d8cfd967e84de8b93dbf48848e3d8c.17162996… Link: https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36484-375b@g… Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- Changes in v2: - restore Signed-off-by tag with original author Paolo Abeni <pabeni(a)redhat.com> --- net/ipv4/af_inet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 475a19db3713..ce42626663de 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -758,7 +758,9 @@ int inet_accept(struct socket *sock, struct socket *newsock, int flags, sock_rps_record_flow(sk2); WARN_ON(!((1 << sk2->sk_state) & (TCPF_ESTABLISHED | TCPF_SYN_RECV | - TCPF_CLOSE_WAIT | TCPF_CLOSE))); + TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | + TCPF_CLOSING | TCPF_CLOSE_WAIT | + TCPF_CLOSE))); sock_graft(sk2, newsock); -- 2.34.1

9 months, 1 week

2
1
0 0

[PATCH v5.15.y 0/4] Apply fanotify-related documentation changes

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> These extra commits were requested by Amir Goldstein <amir73il(a)gmail.com>. Note that c0baf9ac0b05 ("docs: Document the FAN_FS_ERROR event") is already applied to v5.15.y. Gabriel Krisman Bertazi (3): samples: Add fs error monitoring example samples: Make fs-monitor depend on libc and headers docs: Fix formatting of literal sections in fanotify docs Linus Torvalds (1): Add gitignore file for samples/fanotify/ subdirectory .../admin-guide/filesystem-monitoring.rst | 20 ++- samples/Kconfig | 9 ++ samples/Makefile | 1 + samples/fanotify/.gitignore | 1 + samples/fanotify/Makefile | 5 + samples/fanotify/fs-monitor.c | 142 ++++++++++++++++++ 6 files changed, 170 insertions(+), 8 deletions(-) create mode 100644 samples/fanotify/.gitignore create mode 100644 samples/fanotify/Makefile create mode 100644 samples/fanotify/fs-monitor.c -- 2.45.2

9 months, 1 week

2
5
0 0

[PATCH] drm/panfrost: Mark simple_ondemand governor as softdep

by Dragan Simic

Panfrost DRM driver uses devfreq to perform DVFS, while using simple_ondemand devfreq governor by default. This causes driver initialization to fail on boot when simple_ondemand governor isn't built into the kernel statically, as a result of the missing module dependency and, consequently, the required governor module not being included in the initial ramdisk. Thus, let's mark simple_ondemand governor as a softdep for Panfrost, to have its kernel module included in the initial ramdisk. This is a rather longstanding issue that has forced distributions to build devfreq governors statically into their kernels, [1][2] or has forced users to introduce some unnecessary workarounds. [3] For future reference, not having support for the simple_ondemand governor in the initial ramdisk produces errors in the kernel log similar to these below, which were taken from a Pine64 RockPro64: panfrost ff9a0000.gpu: [drm:panfrost_devfreq_init [panfrost]] *ERROR* Couldn't initialize GPU devfreq panfrost ff9a0000.gpu: Fatal error during GPU init panfrost: probe of ff9a0000.gpu failed with error -22 Having simple_ondemand marked as a softdep for Panfrost may not resolve this issue for all Linux distributions. In particular, it will remain unresolved for the distributions whose utilities for the initial ramdisk generation do not handle the available softdep information [4] properly yet. However, some Linux distributions already handle softdeps properly while generating their initial ramdisks, [5] and this is a prerequisite step in the right direction for the distributions that don't handle them properly yet. [1] https://gitlab.manjaro.org/manjaro-arm/packages/core/linux/-/blob/linux61/c… [2] https://salsa.debian.org/kernel-team/linux/-/merge_requests/1066 [3] https://forum.pine64.org/showthread.php?tid=15458 [4] https://git.kernel.org/pub/scm/utils/kernel/kmod/kmod.git/commit/?id=49d8e0… [5] https://github.com/archlinux/mkinitcpio/commit/97ac4d37aae084a050be512f6d8f… Cc: Diederik de Haas <didi.debian(a)cknow.org> Cc: Furkan Kardame <f.kardame(a)manjaro.org> Cc: stable(a)vger.kernel.org Fixes: f3ba91228e8e ("drm/panfrost: Add initial panfrost driver") Signed-off-by: Dragan Simic <dsimic(a)manjaro.org> --- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/panfrost/panfrost_drv.c b/drivers/gpu/drm/panfrost/panfrost_drv.c index ef9f6c0716d5..149737d7a07e 100644 --- a/drivers/gpu/drm/panfrost/panfrost_drv.c +++ b/drivers/gpu/drm/panfrost/panfrost_drv.c @@ -828,3 +828,4 @@ module_platform_driver(panfrost_driver); MODULE_AUTHOR("Panfrost Project Developers"); MODULE_DESCRIPTION("Panfrost DRM Driver"); MODULE_LICENSE("GPL v2"); +MODULE_SOFTDEP("pre: governor_simpleondemand");

9 months, 1 week

4
10
0 0

[PATCH 4.19 5.4 5.10 5.15] net: relax socket state check at accept time.

by Nikolay Kuratov

[ Upstream commit 26afda78cda3da974fd4c287962c169e9462c495 ] Christoph reported the following splat: WARNING: CPU: 1 PID: 772 at net/ipv4/af_inet.c:761 __inet_accept+0x1f4/0x4a0 Modules linked in: CPU: 1 PID: 772 Comm: syz-executor510 Not tainted 6.9.0-rc7-g7da7119fe22b #56 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 RIP: 0010:__inet_accept+0x1f4/0x4a0 net/ipv4/af_inet.c:759 Code: 04 38 84 c0 0f 85 87 00 00 00 41 c7 04 24 03 00 00 00 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 ec b7 da fd <0f> 0b e9 7f fe ff ff e8 e0 b7 da fd 0f 0b e9 fe fe ff ff 89 d9 80 RSP: 0018:ffffc90000c2fc58 EFLAGS: 00010293 RAX: ffffffff836bdd14 RBX: 0000000000000000 RCX: ffff888104668000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff836bdb89 R09: fffff52000185f64 R10: dffffc0000000000 R11: fffff52000185f64 R12: dffffc0000000000 R13: 1ffff92000185f98 R14: ffff88810754d880 R15: ffff8881007b7800 FS: 000000001c772880(0000) GS:ffff88811b280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb9fcf2e178 CR3: 00000001045d2002 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> inet_accept+0x138/0x1d0 net/ipv4/af_inet.c:786 do_accept+0x435/0x620 net/socket.c:1929 __sys_accept4_file net/socket.c:1969 [inline] __sys_accept4+0x9b/0x110 net/socket.c:1999 __do_sys_accept net/socket.c:2016 [inline] __se_sys_accept net/socket.c:2013 [inline] __x64_sys_accept+0x7d/0x90 net/socket.c:2013 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x58/0x100 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x4315f9 Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 ab b4 fd ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007ffdb26d9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002b RAX: ffffffffffffffda RBX: 0000000000400300 RCX: 00000000004315f9 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 RBP: 00000000006e1018 R08: 0000000000400300 R09: 0000000000400300 R10: 0000000000400300 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000040cdf0 R14: 000000000040ce80 R15: 0000000000000055 </TASK> The reproducer invokes shutdown() before entering the listener status. After commit 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"), the above causes the child to reach the accept syscall in FIN_WAIT1 status. Eric noted we can relax the existing assertion in __inet_accept() Reported-by: Christoph Paasch <cpaasch(a)apple.com> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/490 Suggested-by: Eric Dumazet <edumazet(a)google.com> Fixes: 94062790aedb ("tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets") Link: https://lore.kernel.org/r/23ab880a44d8cfd967e84de8b93dbf48848e3d8c.17162996… Link: https://lore.kernel.org/linux-cve-announce/2024062136-CVE-2024-36484-375b@g… Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> --- net/ipv4/af_inet.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 475a19db3713..ce42626663de 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -758,7 +758,9 @@ int inet_accept(struct socket *sock, struct socket *newsock, int flags, sock_rps_record_flow(sk2); WARN_ON(!((1 << sk2->sk_state) & (TCPF_ESTABLISHED | TCPF_SYN_RECV | - TCPF_CLOSE_WAIT | TCPF_CLOSE))); + TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | + TCPF_CLOSING | TCPF_CLOSE_WAIT | + TCPF_CLOSE))); sock_graft(sk2, newsock); -- 2.34.1

9 months, 1 week

2
1
0 0

Linux 6.9.11

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.11 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/cdrom/cdrom-standard.rst | 4 Makefile | 2 arch/arm64/kernel/armv8_deprecated.c | 3 arch/loongarch/boot/dts/loongson-2k0500-ref.dts | 4 arch/loongarch/boot/dts/loongson-2k1000-ref.dts | 4 arch/loongarch/boot/dts/loongson-2k2000-ref.dts | 2 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 arch/powerpc/kvm/book3s_64_vio.c | 18 arch/powerpc/platforms/pseries/setup.c | 4 arch/riscv/kernel/stacktrace.c | 3 drivers/acpi/ac.c | 4 drivers/acpi/ec.c | 9 drivers/acpi/sbs.c | 4 drivers/block/loop.c | 23 drivers/block/null_blk/main.c | 4 drivers/bluetooth/btnxpuart.c | 2 drivers/clk/qcom/apss-ipq-pll.c | 2 drivers/firmware/efi/libstub/zboot.lds | 1 drivers/gpio/gpio-pca953x.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 15 drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 5 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 52 + drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn351/dcn351_fpu.c | 2 drivers/gpu/drm/amd/display/dc/dml2/dml2_translation_helper.c | 1 drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 2 drivers/gpu/drm/amd/include/pptable.h | 91 +-- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 13 drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 5 drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu_v14_0_0_ppsmc.h | 4 drivers/gpu/drm/amd/pm/swsmu/inc/smu_types.h | 4 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 73 ++ drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/exynos/exynos_dp.c | 1 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 8 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/renesas/shmobile/shmob_drm_drv.c | 8 drivers/gpu/drm/vmwgfx/Kconfig | 2 drivers/hid/hid-debug.c | 2 drivers/hid/hid-ids.h | 2 drivers/hid/hid-input.c | 13 drivers/input/joystick/xpad.c | 1 drivers/input/mouse/elantech.c | 31 + drivers/input/serio/i8042-acpipnpio.h | 18 drivers/input/touchscreen/ads7846.c | 12 drivers/input/touchscreen/silead.c | 19 drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 55 +- drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 3 drivers/net/usb/qmi_wwan.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 47 + drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 13 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 5 drivers/nvme/host/core.c | 1 drivers/nvme/host/fabrics.c | 6 drivers/nvme/host/nvme.h | 2 drivers/nvme/target/core.c | 1 drivers/nvme/target/fabrics-cmd-auth.c | 3 drivers/nvme/target/fabrics-cmd.c | 6 drivers/of/irq.c | 143 ++--- drivers/of/of_private.h | 3 drivers/parport/parport_amiga.c | 8 drivers/perf/riscv_pmu_sbi.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 5 drivers/platform/x86/amd/hsmp.c | 50 + drivers/platform/x86/lg-laptop.c | 89 +-- drivers/platform/x86/wireless-hotkey.c | 2 drivers/pnp/base.h | 1 drivers/s390/char/sclp.c | 1 drivers/scsi/device_handler/scsi_dh_alua.c | 31 - drivers/scsi/libsas/sas_internal.h | 14 drivers/scsi/qedf/qedf.h | 1 drivers/scsi/qedf/qedf_main.c | 47 + drivers/scsi/sr.h | 2 drivers/scsi/sr_ioctl.c | 5 drivers/spi/spi-davinci.c | 6 drivers/spi/spi-imx.c | 2 drivers/spi/spi-mux.c | 1 drivers/spi/spi.c | 6 drivers/tee/optee/ffa_abi.c | 12 drivers/vfio/device_cdev.c | 7 drivers/vfio/group.c | 7 drivers/vfio/pci/vfio_pci_core.c | 271 ++-------- drivers/vfio/vfio_main.c | 44 + fs/btrfs/btrfs_inode.h | 10 fs/btrfs/file.c | 16 fs/btrfs/ordered-data.c | 31 + fs/btrfs/qgroup.c | 4 fs/btrfs/ref-verify.c | 9 fs/btrfs/scrub.c | 24 fs/cachefiles/cache.c | 45 + fs/cachefiles/ondemand.c | 74 +- fs/cachefiles/volume.c | 1 fs/dcache.c | 31 - fs/erofs/zmap.c | 2 fs/file.c | 4 fs/hfsplus/xattr.c | 2 fs/iomap/buffered-io.c | 3 fs/netfs/buffered_write.c | 4 fs/netfs/fscache_volume.c | 14 fs/netfs/internal.h | 2 fs/nfs/dir.c | 27 fs/nfs/nfs4proc.c | 1 fs/nfs/pagelist.c | 5 fs/nfs/symlink.c | 2 fs/smb/client/cifsfs.c | 2 fs/smb/client/file.c | 4 fs/smb/common/smb2pdu.h | 34 + fs/smb/server/smb2pdu.c | 9 include/linux/cdrom.h | 2 include/linux/fscache-cache.h | 6 include/linux/page_ref.h | 49 - include/linux/pnp.h | 2 include/linux/spi/spi.h | 5 include/linux/vfio.h | 1 include/linux/vfio_pci_core.h | 2 include/net/bluetooth/hci_sync.h | 2 include/sound/dmaengine_pcm.h | 1 include/trace/events/fscache.h | 4 include/uapi/linux/input-event-codes.h | 2 io_uring/register.c | 4 kernel/workqueue.c | 51 + lib/Kconfig | 8 lib/closure.c | 10 mm/filemap.c | 10 mm/gup.c | 2 net/bluetooth/hci_core.c | 76 -- net/bluetooth/hci_sync.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/l2cap_sock.c | 14 net/ipv6/ila/ila_lwt.c | 7 net/ipv6/rpl_iptunnel.c | 14 net/mac80211/cfg.c | 5 net/mac80211/ieee80211_i.h | 2 net/mac80211/main.c | 11 net/mac80211/mesh.c | 1 net/mac80211/scan.c | 31 - net/mac80211/util.c | 4 net/mac802154/tx.c | 8 net/wireless/rdev-ops.h | 6 net/wireless/scan.c | 59 +- scripts/kconfig/expr.c | 29 - scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 22 sound/core/pcm_native.c | 2 sound/pci/hda/Kconfig | 2 sound/pci/hda/cs35l41_hda_property.c | 8 sound/pci/hda/cs35l56_hda.c | 5 sound/pci/hda/patch_realtek.c | 9 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/cs35l56-shared.c | 4 sound/soc/codecs/es8326.c | 8 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/intel/avs/topology.c | 19 sound/soc/intel/boards/bytcr_rt5640.c | 11 sound/soc/soc-generic-dmaengine-pcm.c | 8 sound/soc/soc-topology.c | 29 - sound/soc/sof/intel/hda-pcm.c | 6 sound/soc/sof/sof-audio.c | 2 sound/soc/ti/davinci-mcasp.c | 9 sound/soc/ti/omap-hdmi.c | 6 tools/power/cpupower/utils/helpers/amd.c | 26 tools/testing/selftests/bpf/config | 3 tools/testing/selftests/bpf/prog_tests/tc_links.c | 61 ++ tools/testing/selftests/cachestat/test_cachestat.c | 1 tools/testing/selftests/filesystems/overlayfs/dev_in_maps.c | 1 tools/testing/selftests/futex/functional/Makefile | 2 tools/testing/selftests/net/openvswitch/ovs-dpctl.py | 2 tools/testing/selftests/openat2/openat2_test.c | 1 tools/testing/selftests/timens/exec.c | 6 tools/testing/selftests/timens/timer.c | 2 tools/testing/selftests/timens/timerfd.c | 2 tools/testing/selftests/timens/vfork_exec.c | 4 tools/testing/selftests/vDSO/parse_vdso.c | 16 tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 188 files changed, 1713 insertions(+), 879 deletions(-) Adrian Moreno (1): selftests: openvswitch: Set value to nla flags. Aivaz Latypov (1): ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Alex Williamson (3): vfio: Create vfio_fs_type with inode per device vfio/pci: Use unmap_mapping_range() vfio/pci: Insert full vma on mmap'd MMIO fault Alexander Stein (1): Input: ads7846 - use spi_device_id table Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Alexey Makhalov (1): drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Alvin Lee (1): drm/amd/display: Account for cursor prefetch BW in DML1 mode support Amadeusz Sławiński (3): ASoC: topology: Fix references to freed memory ASoC: Intel: avs: Fix route override ASoC: topology: Do not assign fields that are already set Andreas Hindborg (1): null_blk: fix validation of block size Andy Shevchenko (1): PNP: Hide pnp_bus_type from the non-PNP code Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (6): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler platform/x86: wireless-hotkey: Add support for LG Airplane Button platform/x86: lg-laptop: Remove LGEX0815 hotkey handling platform/x86: lg-laptop: Change ACPI device id platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Aryan Srivastava (1): net: mvpp2: fill-in dev_port attribute Aseda Aboagye (2): input: Add event code for accessibility key input: Add support for "Do Not Disturb" Ayala Beker (1): wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Baokun Li (5): cachefiles: add consistency check for copen/cread cachefiles: make on-demand read killable netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() cachefiles: fix slab-use-after-free in fscache_withdraw_volume() cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Bastien Curutchet (1): spi: davinci: Unset POWERDOWN bit when releasing resources Benjamin Berg (1): wifi: iwlwifi: mvm: remove stale STA link data during restart Boyang Yu (1): nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA. Chen Ni (2): can: kvaser_usb: fix return value for hif_usb_send_regout platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Chunguang Xu (2): nvme-fabrics: use reserved tag for reg read/write command nvme: avoid double free special payload Cyril Hrubis (1): loop: Disable fallocate() zero and discard if not supported Daniel Borkmann (1): selftests/bpf: Extend tcx tests to cover late tcx_entry release Daniel Gabay (1): wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Daniel Miess (1): drm/amd/display: Change dram_clock_latency to 34us for dcn351 Daniel Wagner (1): nvmet: always initialize cqe.result Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions David Lechner (1): spi: mux: set ctlr->bits_per_word_mask Dhananjay Ugwekar (1): tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dmitry Mastykin (1): NFSv4: Fix memory leak in nfs4_set_security_label Dmitry Savin (1): ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 Douglas Anderson (2): drm: renesas: shmobile: Call drm_atomic_helper_shutdown() at shutdown time drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time Edward Adam Davis (2): bluetooth/l2cap: sync sock recv cb and release hfsplus: fix uninit-value in copy_name Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't wake up rx_sync_waitq upon RFKILL Eric Dumazet (2): net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() ila: block BH in ila_output() Fangzhi Zuo (1): drm/amd/display: Update efficiency bandwidth for dcn351 Filipe Manana (3): btrfs: ensure fast fsync waits for ordered extents after a write failure btrfs: qgroup: fix quota root leak after quota disable failure btrfs: fix uninitialized return value in the ref-verify tool Gabor Juhos (1): clk: qcom: apss-ipq-pll: remove 'config_ctl_hi_val' from Stromer pll configs Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Gao Xiang (1): erofs: ensure m_llen is reset to 0 if metadata is invalid Greg Kroah-Hartman (1): Linux 6.9.11 Hagar Hemdan (1): io_uring: fix possible deadlock in io_register_iowq_max_workers() Hans de Goede (1): Input: silead - Always support 10 fingers Harish Kasiviswanathan (1): drm/amdgpu: Indicate CU havest info to CP Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Huacai Chen (1): LoongArch: Fix GMAC's phy-mode definitions in dts Ian Ray (1): gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ilan Peer (1): wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Jack Yu (2): ASoC: rt722-sdca-sdw: add silence detection register as volatile ASoC: rt722-sdca-sdw: add debounce time for type detection Jai Luthra (2): ALSA: dmaengine: Synchronize dma channel after drop() ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jan Kara (1): nfs: Avoid flushing many pages with NFS_FILE_SYNC Johannes Berg (6): wifi: mac80211: apply mcast rate only if interface is up wifi: mac80211: handle tasklet frames before stopping wifi: cfg80211: fix 6 GHz scan request building wifi: iwlwifi: mvm: handle BA session teardown in RF-kill wifi: cfg80211: wext: set ssids=NULL for passive scans wifi: mac80211: disable softirqs for queued frame handling John Hubbard (3): selftests/futex: pass _GNU_SOURCE without a value to the compiler selftest/timerns: fix clang build failures for abs() calls selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Justin Stitt (1): scsi: sr: Fix unintentional arithmetic wraparound Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Kent Overstreet (1): closures: Change BUG_ON() to WARN_ON() Kenton Groombridge (1): wifi: mac80211: Avoid address calculations via out of bounds array indexing Krzysztof Kozlowski (1): drm/exynos: dp: drop driver owner initialization Li Ma (1): drm/amd/swsmu: add MALL init support workaround for smu_v14_0_1 Likun Gao (1): drm/amdgpu: init TA fw for psp v14 Linus Torvalds (1): cpumask: limit FORCE_NR_CPUS to just the UP case Louis Dalibard (1): HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix deadlock Luke D. Jones (1): Input: xpad - add support for ASUS ROG RAIKIRI PRO Marc Zyngier (1): of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Mark-PK Tsai (1): tee: optee: ffa: Fix missing-field-initializers warning Martin Wilck (1): scsi: core: alua: I/O errors for ALUA state transitions Masahiro Yamada (2): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() Michael Ellerman (4): selftests: cachestat: Fix build warnings on ppc64 selftests/openat2: Fix build warnings on ppc64 selftests/overlayfs: Fix build error on ppc64 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Namjae Jeon (1): ksmbd: return FILE_DEVICE_DISK instead of super magic Nathan Chancellor (1): efi/libstub: zboot.lds: Discard .discard sections Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Enable Power Save feature on startup Nick Child (1): ibmvnic: Add tx check to prevent skb leak Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Patrice Chotard (1): spi: Fix OCTAL mode support Paul Hsieh (1): drm/amd/display: change dram_clock_latency to 34us for dcn35 Peter Ujfalusi (2): ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES Pierre-Eric Pelloux-Prayer (1): drm/radeon: check bo_va->bo is non-NULL before using it Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Puranjay Mohan (1): riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Qu Wenruo (1): btrfs: scrub: handle RST lookup error correctly Ratheesh Kannoth (1): octeontx2-pf: Fix coverity and klockwork issues in octeon PF driver Richard Fitzgerald (1): ASoC: cs35l56: Disconnect ASP1 TX sources when ASP1 DAI is hooked up Ritesh Harjani (IBM) (1): iomap: Fix iomap_adjust_read_range for plen calculation Rob Herring (Arm) (1): of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() Roman Li (1): drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport Sagi Grimberg (1): nfs: propagate readlink errors in nfs_symlink_filler Samuel Holland (1): drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Saurav Kashyap (3): scsi: qedf: Don't process stag work during unload and recovery scsi: qedf: Wait for stag work during unload scsi: qedf: Set qed_slowpath_params to zero before use Scott Mayhew (1): nfs: don't invalidate dentries on transient errors Shengjiu Wang (1): ALSA: dmaengine_pcm: terminate dmaengine before synchronize Simon Trimmer (2): ALSA: hda: cs35l56: Fix lifecycle of codec pointer ALSA: hda: cs35l56: Select SERIAL_MULTI_INSTANTIATE Stefan Binding (4): ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5 ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4 ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4 Steve French (1): cifs: fix noisy message on copy_file_range Suma Hegde (1): platform/x86/amd/hsmp: Check HSMP support on AMD family of processors Takashi Iwai (2): ALSA: PCM: Allow resume only for suspended streams ALSA: hda: Use imply for suggesting CONFIG_SERIAL_MULTI_INSTANTIATE Tasos Sahanidis (1): drm/amdgpu/pptable: Fix UBSAN array-index-out-of-bounds Tejun Heo (1): workqueue: Refactor worker ID formatting and make wq_worker_comm() use full ID string Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Thomas Weißschuh (1): ACPI: AC: Properly notify powermanagement core about changes Tobias Jakobi (2): drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Input: i8042 - add Ayaneo Kun to i8042 quirk table Tom Chung (2): drm/amd/display: Add refresh rate range check drm/amd/display: Fix refresh rate range for some panel Uwe Kleine-König (2): parport: amiga: Mark driver struct with __refdata to prevent section mismatch spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Vyacheslav Frantsishko (1): ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Wei Li (1): arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yang Shi (1): mm: page_ref: remove folio_try_get_rcu() Yedidya Benshimol (2): wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() Zhang Yi (1): ASoC: codecs: ES8326: Solve headphone detection issue Zizhi Wo (1): cachefiles: Set object to close if ondemand_id < 0 in copen

9 months, 1 week

1
1
0 0

Linux 6.6.42

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.42 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/cdrom/cdrom-standard.rst | 4 Makefile | 2 arch/arm/include/asm/uaccess.h | 14 arch/arm64/kernel/armv8_deprecated.c | 3 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 arch/powerpc/kvm/book3s_64_vio.c | 18 - arch/powerpc/platforms/pseries/setup.c | 4 arch/riscv/kernel/stacktrace.c | 3 drivers/acpi/ec.c | 9 drivers/block/null_blk/main.c | 4 drivers/bluetooth/btnxpuart.c | 2 drivers/firmware/efi/libstub/zboot.lds | 1 drivers/gpio/gpio-pca953x.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 15 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 52 +++ drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/exynos/exynos_dp.c | 1 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 8 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/vmwgfx/Kconfig | 2 drivers/hid/hid-debug.c | 2 drivers/hid/hid-ids.h | 2 drivers/hid/hid-input.c | 13 drivers/input/joystick/xpad.c | 1 drivers/input/mouse/elantech.c | 31 ++ drivers/input/serio/i8042-acpipnpio.h | 18 + drivers/input/touchscreen/ads7846.c | 12 drivers/input/touchscreen/silead.c | 19 - drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c | 10 drivers/net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 55 +-- drivers/net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 3 drivers/net/usb/qmi_wwan.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 47 ++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 13 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 12 drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 5 drivers/nvme/host/core.c | 1 drivers/nvme/host/nvme.h | 2 drivers/nvme/target/core.c | 1 drivers/nvme/target/fabrics-cmd-auth.c | 3 drivers/nvme/target/fabrics-cmd.c | 6 drivers/of/irq.c | 143 +++++----- drivers/of/of_private.h | 3 drivers/perf/riscv_pmu_sbi.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 5 drivers/platform/x86/lg-laptop.c | 89 ++---- drivers/platform/x86/wireless-hotkey.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/device_handler/scsi_dh_alua.c | 31 +- drivers/scsi/libsas/sas_internal.h | 14 drivers/scsi/qedf/qedf.h | 1 drivers/scsi/qedf/qedf_main.c | 47 +++ drivers/scsi/sr.h | 2 drivers/scsi/sr_ioctl.c | 5 drivers/spi/spi-imx.c | 2 drivers/spi/spi-mux.c | 1 drivers/spi/spi.c | 6 drivers/tee/optee/ffa_abi.c | 12 fs/afs/write.c | 2 fs/btrfs/qgroup.c | 4 fs/cachefiles/cache.c | 45 +++ fs/cachefiles/ondemand.c | 74 +++-- fs/cachefiles/volume.c | 1 fs/dcache.c | 31 -- fs/erofs/zmap.c | 2 fs/file.c | 4 fs/fscache/internal.h | 2 fs/fscache/volume.c | 14 fs/hfsplus/xattr.c | 2 fs/iomap/buffered-io.c | 3 fs/locks.c | 9 fs/nfs/dir.c | 27 - fs/nfs/nfs4proc.c | 1 fs/nfs/pagelist.c | 5 fs/nfs/symlink.c | 2 fs/smb/client/cifsfs.c | 2 fs/smb/client/file.c | 4 fs/smb/common/smb2pdu.h | 34 ++ fs/smb/server/smb2pdu.c | 9 include/linux/cdrom.h | 2 include/linux/fscache-cache.h | 6 include/linux/page_ref.h | 49 --- include/linux/spi/spi.h | 5 include/net/bluetooth/hci_sync.h | 2 include/sound/dmaengine_pcm.h | 1 include/trace/events/fscache.h | 4 include/uapi/linux/input-event-codes.h | 2 lib/Kconfig | 8 mm/filemap.c | 10 mm/gup.c | 2 net/bluetooth/hci_core.c | 76 +---- net/bluetooth/hci_sync.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/l2cap_sock.c | 14 net/ipv6/ila/ila_lwt.c | 7 net/ipv6/rpl_iptunnel.c | 14 net/mac80211/cfg.c | 5 net/mac80211/ieee80211_i.h | 2 net/mac80211/main.c | 11 net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 net/mac80211/util.c | 4 net/mac802154/tx.c | 8 net/wireless/rdev-ops.h | 6 net/wireless/scan.c | 59 ++-- scripts/kconfig/expr.c | 29 -- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 22 + sound/core/pcm_native.c | 2 sound/pci/hda/Kconfig | 2 sound/pci/hda/cs35l56_hda.c | 5 sound/pci/hda/patch_realtek.c | 7 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/codecs/rt722-sdca-sdw.c | 4 sound/soc/intel/boards/bytcr_rt5640.c | 11 sound/soc/soc-generic-dmaengine-pcm.c | 8 sound/soc/soc-topology.c | 29 +- sound/soc/sof/intel/hda-pcm.c | 6 sound/soc/sof/sof-audio.c | 2 sound/soc/ti/davinci-mcasp.c | 9 sound/soc/ti/omap-hdmi.c | 6 tools/power/cpupower/utils/helpers/amd.c | 26 + tools/testing/selftests/bpf/config | 3 tools/testing/selftests/bpf/prog_tests/tc_links.c | 61 ++++ tools/testing/selftests/cachestat/test_cachestat.c | 1 tools/testing/selftests/futex/functional/Makefile | 2 tools/testing/selftests/net/openvswitch/ovs-dpctl.py | 2 tools/testing/selftests/openat2/openat2_test.c | 1 tools/testing/selftests/timens/exec.c | 6 tools/testing/selftests/timens/timer.c | 2 tools/testing/selftests/timens/timerfd.c | 2 tools/testing/selftests/timens/vfork_exec.c | 4 tools/testing/selftests/vDSO/parse_vdso.c | 16 - tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 + 144 files changed, 1167 insertions(+), 567 deletions(-) Adrian Moreno (1): selftests: openvswitch: Set value to nla flags. Aivaz Latypov (1): ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Alexander Stein (1): Input: ads7846 - use spi_device_id table Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Alexey Makhalov (1): drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Alvin Lee (1): drm/amd/display: Account for cursor prefetch BW in DML1 mode support Amadeusz Sławiński (2): ASoC: topology: Fix references to freed memory ASoC: topology: Do not assign fields that are already set Andreas Hindborg (1): null_blk: fix validation of block size Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (6): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler platform/x86: wireless-hotkey: Add support for LG Airplane Button platform/x86: lg-laptop: Remove LGEX0815 hotkey handling platform/x86: lg-laptop: Change ACPI device id platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Aseda Aboagye (2): input: Add event code for accessibility key input: Add support for "Do Not Disturb" Ayala Beker (1): wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Baokun Li (5): cachefiles: add consistency check for copen/cread cachefiles: make on-demand read killable netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() cachefiles: fix slab-use-after-free in fscache_withdraw_volume() cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Benjamin Berg (1): wifi: iwlwifi: mvm: remove stale STA link data during restart Boyang Yu (1): nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA. Chen Ni (2): can: kvaser_usb: fix return value for hif_usb_send_regout platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Chunguang Xu (1): nvme: avoid double free special payload Daniel Borkmann (1): selftests/bpf: Extend tcx tests to cover late tcx_entry release Daniel Gabay (1): wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Daniel Wagner (1): nvmet: always initialize cqe.result Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions David Lechner (1): spi: mux: set ctlr->bits_per_word_mask Dhananjay Ugwekar (1): tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dmitry Mastykin (1): NFSv4: Fix memory leak in nfs4_set_security_label Douglas Anderson (1): drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time Edward Adam Davis (2): bluetooth/l2cap: sync sock recv cb and release hfsplus: fix uninit-value in copy_name Emmanuel Grumbach (1): wifi: iwlwifi: mvm: don't wake up rx_sync_waitq upon RFKILL Eric Dumazet (2): net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() ila: block BH in ila_output() Filipe Manana (1): btrfs: qgroup: fix quota root leak after quota disable failure Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Gao Xiang (1): erofs: ensure m_llen is reset to 0 if metadata is invalid Greg Kroah-Hartman (1): Linux 6.6.42 Hans de Goede (1): Input: silead - Always support 10 fingers Harish Kasiviswanathan (1): drm/amdgpu: Indicate CU havest info to CP Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Ian Ray (1): gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ilan Peer (1): wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Jack Yu (2): ASoC: rt722-sdca-sdw: add silence detection register as volatile ASoC: rt722-sdca-sdw: add debounce time for type detection Jai Luthra (2): ALSA: dmaengine: Synchronize dma channel after drop() ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jan Kara (1): nfs: Avoid flushing many pages with NFS_FILE_SYNC Jann Horn (1): filelock: Remove locks reliably when fcntl/close race is detected Johannes Berg (6): wifi: mac80211: apply mcast rate only if interface is up wifi: mac80211: handle tasklet frames before stopping wifi: cfg80211: fix 6 GHz scan request building wifi: iwlwifi: mvm: handle BA session teardown in RF-kill wifi: cfg80211: wext: set ssids=NULL for passive scans wifi: mac80211: disable softirqs for queued frame handling John Hubbard (3): selftests/futex: pass _GNU_SOURCE without a value to the compiler selftest/timerns: fix clang build failures for abs() calls selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Justin Stitt (1): scsi: sr: Fix unintentional arithmetic wraparound Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Krzysztof Kozlowski (1): drm/exynos: dp: drop driver owner initialization Linus Torvalds (1): cpumask: limit FORCE_NR_CPUS to just the UP case Louis Dalibard (1): HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix deadlock Luke D. Jones (1): Input: xpad - add support for ASUS ROG RAIKIRI PRO Marc Zyngier (1): of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Mark-PK Tsai (1): tee: optee: ffa: Fix missing-field-initializers warning Martin Wilck (1): scsi: core: alua: I/O errors for ALUA state transitions Masahiro Yamada (3): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() ARM: 9324/1: fix get_user() broken with veneer Michael Ellerman (3): selftests: cachestat: Fix build warnings on ppc64 selftests/openat2: Fix build warnings on ppc64 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Namjae Jeon (1): ksmbd: return FILE_DEVICE_DISK instead of super magic Nathan Chancellor (1): efi/libstub: zboot.lds: Discard .discard sections Neeraj Sanjay Kale (1): Bluetooth: btnxpuart: Enable Power Save feature on startup Nick Child (1): ibmvnic: Add tx check to prevent skb leak Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Patrice Chotard (1): spi: Fix OCTAL mode support Peter Ujfalusi (2): ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES Pierre-Eric Pelloux-Prayer (1): drm/radeon: check bo_va->bo is non-NULL before using it Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Puranjay Mohan (1): riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Ratheesh Kannoth (1): octeontx2-pf: Fix coverity and klockwork issues in octeon PF driver Ritesh Harjani (IBM) (1): iomap: Fix iomap_adjust_read_range for plen calculation Rob Herring (Arm) (1): of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() Sagi Grimberg (1): nfs: propagate readlink errors in nfs_symlink_filler Samuel Holland (1): drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Saurav Kashyap (3): scsi: qedf: Don't process stag work during unload and recovery scsi: qedf: Wait for stag work during unload scsi: qedf: Set qed_slowpath_params to zero before use Scott Mayhew (1): nfs: don't invalidate dentries on transient errors Shengjiu Wang (1): ALSA: dmaengine_pcm: terminate dmaengine before synchronize Simon Trimmer (2): ALSA: hda: cs35l56: Fix lifecycle of codec pointer ALSA: hda: cs35l56: Select SERIAL_MULTI_INSTANTIATE Stefan Binding (1): ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 Steve French (1): cifs: fix noisy message on copy_file_range Takashi Iwai (2): ALSA: PCM: Allow resume only for suspended streams ALSA: hda: Use imply for suggesting CONFIG_SERIAL_MULTI_INSTANTIATE Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi (2): drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Input: i8042 - add Ayaneo Kun to i8042 quirk table Tom Chung (2): drm/amd/display: Add refresh rate range check drm/amd/display: Fix refresh rate range for some panel Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Vyacheslav Frantsishko (1): ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Wei Li (1): arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yang Shi (1): mm: page_ref: remove folio_try_get_rcu() Yedidya Benshimol (2): wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() Zizhi Wo (1): cachefiles: Set object to close if ondemand_id < 0 in copen

9 months, 1 week

1
1
0 0

Linux 6.1.101

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.101 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/include/asm/uaccess.h | 14 arch/mips/kernel/syscalls/syscall_o32.tbl | 2 arch/powerpc/kernel/eeh_pe.c | 7 arch/powerpc/kvm/book3s_64_vio.c | 18 - arch/powerpc/platforms/pseries/setup.c | 4 arch/riscv/kernel/stacktrace.c | 3 drivers/acpi/ec.c | 9 drivers/block/null_blk/main.c | 4 drivers/firmware/efi/libstub/zboot.lds | 1 drivers/gpio/gpio-pca953x.c | 2 drivers/gpu/drm/amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 drivers/gpu/drm/radeon/radeon_gem.c | 2 drivers/gpu/drm/vmwgfx/Kconfig | 2 drivers/hid/hid-ids.h | 2 drivers/hid/hid-input.c | 4 drivers/input/mouse/elantech.c | 31 ++ drivers/input/serio/i8042-acpipnpio.h | 18 + drivers/input/touchscreen/silead.c | 19 - drivers/misc/mei/main.c | 2 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 drivers/net/ethernet/ibm/ibmvnic.c | 12 drivers/net/usb/qmi_wwan.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 - drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 drivers/nvme/host/core.c | 1 drivers/nvme/target/core.c | 1 drivers/nvme/target/fabrics-cmd-auth.c | 3 drivers/nvme/target/fabrics-cmd.c | 6 drivers/of/irq.c | 143 +++++----- drivers/of/of_private.h | 3 drivers/perf/riscv_pmu_sbi.c | 2 drivers/platform/mellanox/nvsw-sn2201.c | 5 drivers/platform/x86/lg-laptop.c | 89 ++---- drivers/platform/x86/wireless-hotkey.c | 2 drivers/s390/char/sclp.c | 1 drivers/scsi/device_handler/scsi_dh_alua.c | 31 +- drivers/scsi/libsas/sas_internal.h | 14 drivers/scsi/qedf/qedf.h | 1 drivers/scsi/qedf/qedf_main.c | 47 +++ drivers/spi/spi-imx.c | 2 drivers/spi/spi-mux.c | 1 drivers/tee/optee/ffa_abi.c | 12 fs/btrfs/qgroup.c | 4 fs/cachefiles/cache.c | 45 +++ fs/cachefiles/ondemand.c | 74 +++-- fs/cachefiles/volume.c | 1 fs/dcache.c | 31 -- fs/erofs/zmap.c | 2 fs/file.c | 4 fs/fscache/internal.h | 2 fs/fscache/volume.c | 14 fs/hfsplus/xattr.c | 2 fs/iomap/buffered-io.c | 3 fs/locks.c | 9 fs/nfs/dir.c | 27 - fs/nfs/nfs4proc.c | 1 fs/nfs/symlink.c | 2 fs/smb/client/cifsfs.c | 2 fs/smb/common/smb2pdu.h | 34 ++ fs/smb/server/smb2pdu.c | 9 include/linux/fscache-cache.h | 6 include/linux/minmax.h | 89 ++++-- include/net/bluetooth/hci_sync.h | 2 include/sound/dmaengine_pcm.h | 1 include/trace/events/fscache.h | 4 mm/damon/core.c | 21 + net/bluetooth/hci_core.c | 76 +---- net/bluetooth/hci_sync.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/l2cap_sock.c | 14 net/ipv6/ila/ila_lwt.c | 7 net/ipv6/rpl_iptunnel.c | 14 net/mac80211/cfg.c | 5 net/mac80211/ieee80211_i.h | 2 net/mac80211/main.c | 11 net/mac80211/mesh.c | 1 net/mac80211/scan.c | 14 net/mac80211/util.c | 4 net/mac802154/tx.c | 8 net/wireless/rdev-ops.h | 6 net/wireless/scan.c | 59 ++-- scripts/gcc-plugins/gcc-common.h | 4 scripts/kconfig/expr.c | 29 -- scripts/kconfig/expr.h | 1 scripts/kconfig/gconf.c | 3 scripts/kconfig/menu.c | 2 sound/core/pcm_dmaengine.c | 22 + sound/core/pcm_native.c | 2 sound/pci/hda/patch_realtek.c | 5 sound/soc/amd/yc/acp6x-mach.c | 7 sound/soc/intel/boards/bytcr_rt5640.c | 11 sound/soc/soc-generic-dmaengine-pcm.c | 8 sound/soc/soc-topology.c | 29 +- sound/soc/sof/sof-audio.c | 2 sound/soc/ti/davinci-mcasp.c | 9 sound/soc/ti/omap-hdmi.c | 6 tools/power/cpupower/utils/helpers/amd.c | 26 + tools/testing/selftests/futex/functional/Makefile | 2 tools/testing/selftests/openat2/openat2_test.c | 1 tools/testing/selftests/vDSO/parse_vdso.c | 16 - tools/testing/selftests/vDSO/vdso_standalone_test_x86.c | 18 + 104 files changed, 934 insertions(+), 456 deletions(-) Aivaz Latypov (1): ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Alexander Usyskin (1): mei: demote client disconnect warning on suspend to debug Alexey Makhalov (1): drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Alvin Lee (1): drm/amd/display: Account for cursor prefetch BW in DML1 mode support Amadeusz Sławiński (2): ASoC: topology: Fix references to freed memory ASoC: topology: Do not assign fields that are already set Andreas Hindborg (1): null_blk: fix validation of block size Andy Shevchenko (1): minmax: fix header inclusions Anjali K (1): powerpc/pseries: Whitelist dtl slub object for copying to userspace Armin Wolf (6): ACPI: EC: Abort address space access upon error ACPI: EC: Avoid returning AE_OK on errors in address space handler platform/x86: wireless-hotkey: Add support for LG Airplane Button platform/x86: lg-laptop: Remove LGEX0815 hotkey handling platform/x86: lg-laptop: Change ACPI device id platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Arnd Bergmann (1): mips: fix compat_sys_lseek syscall Ayala Beker (1): wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Baokun Li (5): cachefiles: add consistency check for copen/cread cachefiles: make on-demand read killable netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() cachefiles: fix slab-use-after-free in fscache_withdraw_volume() cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Chen Ni (2): can: kvaser_usb: fix return value for hif_usb_send_regout platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Christian Brauner (1): fs: better handle deep ancestor chains in is_subdir() Chunguang Xu (1): nvme: avoid double free special payload Daniel Gabay (1): wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Daniel Wagner (1): nvmet: always initialize cqe.result Daniele Palmas (1): net: usb: qmi_wwan: add Telit FN912 compositions David Laight (3): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants David Lechner (1): spi: mux: set ctlr->bits_per_word_mask Dhananjay Ugwekar (1): tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Dmitry Antipov (2): wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Dmitry Mastykin (1): NFSv4: Fix memory leak in nfs4_set_security_label Edward Adam Davis (2): bluetooth/l2cap: sync sock recv cb and release hfsplus: fix uninit-value in copy_name Eric Dumazet (2): net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() ila: block BH in ila_output() Filipe Manana (1): btrfs: qgroup: fix quota root leak after quota disable failure Ganesh Goudar (1): powerpc/eeh: avoid possible crash when edev->pdev changes Gao Xiang (1): erofs: ensure m_llen is reset to 0 if metadata is invalid Greg Kroah-Hartman (1): Linux 6.1.101 Hans de Goede (1): Input: silead - Always support 10 fingers Heiko Carstens (1): s390/sclp: Fix sclp_init() cleanup on failure Ian Ray (1): gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ilan Peer (1): wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Jai Luthra (2): ALSA: dmaengine: Synchronize dma channel after drop() ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jann Horn (1): filelock: Remove locks reliably when fcntl/close race is detected Jason A. Donenfeld (2): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison Johannes Berg (5): wifi: mac80211: apply mcast rate only if interface is up wifi: mac80211: handle tasklet frames before stopping wifi: cfg80211: fix 6 GHz scan request building wifi: cfg80211: wext: set ssids=NULL for passive scans wifi: mac80211: disable softirqs for queued frame handling John Hubbard (2): selftests/futex: pass _GNU_SOURCE without a value to the compiler selftests/vDSO: fix clang build errors and warnings Jonathan Denose (1): Input: elantech - fix touchpad state on resume for Lenovo N24 Kailang Yang (1): ALSA: hda/realtek: Add more codec ID to no shutup pins list Kees Cook (1): gcc-plugins: Rename last_stmt() for GCC 14+ Louis Dalibard (1): HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Luiz Augusto von Dentz (1): Bluetooth: L2CAP: Fix deadlock Marc Zyngier (1): of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Mark-PK Tsai (1): tee: optee: ffa: Fix missing-field-initializers warning Martin Wilck (1): scsi: core: alua: I/O errors for ALUA state transitions Masahiro Yamada (3): kconfig: gconf: give a proper initial state to the Save button kconfig: remove wrong expr_trans_bool() ARM: 9324/1: fix get_user() broken with veneer Michael Ellerman (2): selftests/openat2: Fix build warnings on ppc64 KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Namjae Jeon (1): ksmbd: return FILE_DEVICE_DISK instead of super magic Nathan Chancellor (1): efi/libstub: zboot.lds: Discard .discard sections Nick Child (1): ibmvnic: Add tx check to prevent skb leak Nicolas Escande (1): wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Peter Ujfalusi (1): ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback Pierre-Eric Pelloux-Prayer (1): drm/radeon: check bo_va->bo is non-NULL before using it Primoz Fiser (1): ASoC: ti: omap-hdmi: Fix too long driver name Puranjay Mohan (1): riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Ritesh Harjani (IBM) (1): iomap: Fix iomap_adjust_read_range for plen calculation Rob Herring (Arm) (1): of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() Sagi Grimberg (1): nfs: propagate readlink errors in nfs_symlink_filler Samuel Holland (1): drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Saurav Kashyap (3): scsi: qedf: Don't process stag work during unload and recovery scsi: qedf: Wait for stag work during unload scsi: qedf: Set qed_slowpath_params to zero before use Scott Mayhew (1): nfs: don't invalidate dentries on transient errors SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet Shengjiu Wang (1): ALSA: dmaengine_pcm: terminate dmaengine before synchronize Steve French (1): cifs: fix noisy message on copy_file_range Takashi Iwai (1): ALSA: PCM: Allow resume only for suspended streams Tetsuo Handa (1): Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Thomas GENTY (1): bytcr_rt5640 : inverse jack detect for Archos 101 cesium Tobias Jakobi (2): drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Input: i8042 - add Ayaneo Kun to i8042 quirk table Uwe Kleine-König (1): spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Vyacheslav Frantsishko (1): ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Xingui Yang (1): scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Yedidya Benshimol (2): wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yunshui Jiang (1): net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Yuntao Wang (1): fs/file: fix the check in find_next_fd() Zizhi Wo (1): cachefiles: Set object to close if ondemand_id < 0 in copen

9 months, 1 week

1
1
0 0

+ nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: handle inconsistent state in nilfs_btnode_create_block() has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Date: Thu, 25 Jul 2024 14:20:07 +0900 Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer index of the newly created block) is a virtual block number and has been reallocated due to corruption of the bitmap used to manage its allocation state. So, modify nilfs_btnode_create_block() and its callers to treat it as a possible filesystem error, rather than triggering a kernel bug. Link: https://lkml.kernel.org/r/20240725052007.4562-1-konishi.ryusuke@gmail.com Fixes: a60be987d45d ("nilfs2: B-tree node cache") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: syzbot+89cc4f2324ed37988b60(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=89cc4f2324ed37988b60 Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/btnode.c | 25 ++++++++++++++++++++----- fs/nilfs2/btree.c | 4 ++-- 2 files changed, 22 insertions(+), 7 deletions(-) --- a/fs/nilfs2/btnode.c~nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block +++ a/fs/nilfs2/btnode.c @@ -51,12 +51,21 @@ nilfs_btnode_create_block(struct address bh = nilfs_grab_buffer(inode, btnc, blocknr, BIT(BH_NILFS_Node)); if (unlikely(!bh)) - return NULL; + return ERR_PTR(-ENOMEM); if (unlikely(buffer_mapped(bh) || buffer_uptodate(bh) || buffer_dirty(bh))) { - brelse(bh); - BUG(); + /* + * The block buffer at the specified new address was already + * in use. This can happen if it is a virtual block number + * and has been reallocated due to corruption of the bitmap + * used to manage its allocation state (if not, the buffer + * clearing of an abandoned b-tree node is missing somewhere). + */ + nilfs_error(inode->i_sb, + "state inconsistency probably due to duplicate use of b-tree node block address %llu (ino=%lu)", + (unsigned long long)blocknr, inode->i_ino); + goto failed; } memset(bh->b_data, 0, i_blocksize(inode)); bh->b_bdev = inode->i_sb->s_bdev; @@ -67,6 +76,12 @@ nilfs_btnode_create_block(struct address folio_unlock(bh->b_folio); folio_put(bh->b_folio); return bh; + +failed: + folio_unlock(bh->b_folio); + folio_put(bh->b_folio); + brelse(bh); + return ERR_PTR(-EIO); } int nilfs_btnode_submit_block(struct address_space *btnc, __u64 blocknr, @@ -217,8 +232,8 @@ retry: } nbh = nilfs_btnode_create_block(btnc, newkey); - if (!nbh) - return -ENOMEM; + if (IS_ERR(nbh)) + return PTR_ERR(nbh); BUG_ON(nbh == obh); ctxt->newbh = nbh; --- a/fs/nilfs2/btree.c~nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block +++ a/fs/nilfs2/btree.c @@ -63,8 +63,8 @@ static int nilfs_btree_get_new_block(con struct buffer_head *bh; bh = nilfs_btnode_create_block(btnc, ptr); - if (!bh) - return -ENOMEM; + if (IS_ERR(bh)) + return PTR_ERR(bh); set_buffer_nilfs_volatile(bh); *bhp = bh; _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch

9 months, 1 week

1
0
0 0

[PATCH 6.1 000/105] 6.1.101-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.101 release. There are 105 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Jul 2024 18:03:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.101-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.101-rc1 Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in fscache_withdraw_volume() Baokun Li <libaokun1(a)huawei.com> netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: disable softirqs for queued frame handling Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: wext: set ssids=NULL for passive scans Marc Zyngier <maz(a)kernel.org> of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix deadlock Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Steve French <stfrench(a)microsoft.com> cifs: fix noisy message on copy_file_range David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return FILE_DEVICE_DISK instead of super magic Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Puranjay Mohan <puranjay(a)kernel.org> riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Samuel Holland <samuel.holland(a)sifive.com> drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/radeon: check bo_va->bo is non-NULL before using it Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Account for cursor prefetch BW in DML1 mode support Gao Xiang <xiang(a)kernel.org> erofs: ensure m_llen is reset to 0 if metadata is invalid Edward Adam Davis <eadavis(a)qq.com> bluetooth/l2cap: sync sock recv cb and release Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tee: optee: ffa: Fix missing-field-initializers warning Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Vyacheslav Frantsishko <itmymaill(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Takashi Iwai <tiwai(a)suse.de> ALSA: PCM: Allow resume only for suspended streams Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add tx check to prevent skb leak Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Change ACPI device id Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: wireless-hotkey: Add support for LG Airplane Button Chen Ni <nichen(a)iscas.ac.cn> platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Ian Ray <ian.ray(a)gehealthcare.com> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Do not assign fields that are already set Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Fix references to freed memory Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Alexey Makhalov <alexey.makhalov(a)broadcom.com> drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Daniel Wagner <dwagner(a)suse.de> nvmet: always initialize cqe.result Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> iomap: Fix iomap_adjust_read_range for plen calculation Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Baokun Li <libaokun1(a)huawei.com> cachefiles: make on-demand read killable Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Set object to close if ondemand_id < 0 in copen Baokun Li <libaokun1(a)huawei.com> cachefiles: add consistency check for copen/cread Scott Mayhew <smayhew(a)redhat.com> nfs: don't invalidate dentries on transient errors Sagi Grimberg <sagi(a)grimberg.me> nfs: propagate readlink errors in nfs_symlink_filler Dmitry Mastykin <mastichi(a)gmail.com> NFSv4: Fix memory leak in nfs4_set_security_label Louis Dalibard <ontake(a)ontake.dev> HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Rob Herring (Arm) <robh(a)kernel.org> of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() John Hubbard <jhubbard(a)nvidia.com> selftests/futex: pass _GNU_SOURCE without a value to the compiler Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Ayala Beker <ayala.beker(a)intel.com> wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix 6 GHz scan request building Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: handle tasklet frames before stopping Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: apply mcast rate only if interface is up Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Nathan Chancellor <nathan(a)kernel.org> efi/libstub: zboot.lds: Discard .discard sections Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Wait for stag work during unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Don't process stag work during unload and recovery Martin Wilck <martin.wilck(a)suse.com> scsi: core: alua: I/O errors for ALUA state transitions Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected Kees Cook <keescook(a)chromium.org> gcc-plugins: Rename last_stmt() for GCC 14+ SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet David Laight <David.Laight(a)ACULAB.COM> minmax: relax check to allow comparison between unsigned arguments and signed constants David Laight <David.Laight(a)ACULAB.COM> minmax: allow comparisons of 'int' against 'unsigned char/short' David Laight <David.Laight(a)ACULAB.COM> minmax: allow min()/max()/clamp() if the arguments have the same signedness. Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> minmax: fix header inclusions Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: clamp more efficiently by avoiding extra comparison Jason A. Donenfeld <Jason(a)zx2c4.com> minmax: sanity check constant bounds when clamping ------------- Diffstat: Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++- arch/powerpc/platforms/pseries/setup.c | 4 +- arch/riscv/kernel/stacktrace.c | 3 +- drivers/acpi/ec.c | 9 +- drivers/block/null_blk/main.c | 4 +- drivers/firmware/efi/libstub/zboot.lds | 1 + drivers/gpio/gpio-pca953x.c | 2 + .../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/vmwgfx/Kconfig | 2 +- drivers/hid/hid-ids.h | 2 + drivers/hid/hid-input.c | 4 + drivers/input/mouse/elantech.c | 31 +++++ drivers/input/serio/i8042-acpipnpio.h | 18 ++- drivers/input/touchscreen/silead.c | 19 +-- drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 ++ drivers/net/usb/qmi_wwan.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 ++- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 +- drivers/nvme/host/core.c | 1 + drivers/nvme/target/core.c | 1 + drivers/nvme/target/fabrics-cmd-auth.c | 3 - drivers/nvme/target/fabrics-cmd.c | 6 - drivers/of/irq.c | 143 +++++++++++---------- drivers/of/of_private.h | 3 + drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 5 +- drivers/platform/x86/lg-laptop.c | 89 +++++-------- drivers/platform/x86/wireless-hotkey.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++-- drivers/scsi/libsas/sas_internal.h | 14 ++ drivers/scsi/qedf/qedf.h | 1 + drivers/scsi/qedf/qedf_main.c | 47 ++++++- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + drivers/tee/optee/ffa_abi.c | 12 +- fs/btrfs/qgroup.c | 4 +- fs/cachefiles/cache.c | 45 ++++++- fs/cachefiles/ondemand.c | 74 ++++++++--- fs/cachefiles/volume.c | 1 - fs/dcache.c | 31 ++--- fs/erofs/zmap.c | 2 + fs/file.c | 4 +- fs/fscache/internal.h | 2 - fs/fscache/volume.c | 14 ++ fs/hfsplus/xattr.c | 2 +- fs/iomap/buffered-io.c | 3 +- fs/locks.c | 9 +- fs/nfs/dir.c | 27 ++-- fs/nfs/nfs4proc.c | 1 + fs/nfs/symlink.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/common/smb2pdu.h | 34 +++++ fs/smb/server/smb2pdu.c | 9 +- include/linux/fscache-cache.h | 6 + include/linux/minmax.h | 87 +++++++++---- include/net/bluetooth/hci_sync.h | 2 + include/sound/dmaengine_pcm.h | 1 + include/trace/events/fscache.h | 4 + mm/damon/core.c | 21 ++- net/bluetooth/hci_core.c | 76 ++++------- net/bluetooth/hci_sync.c | 13 ++ net/bluetooth/l2cap_core.c | 3 + net/bluetooth/l2cap_sock.c | 14 +- net/ipv6/ila/ila_lwt.c | 7 +- net/ipv6/rpl_iptunnel.c | 14 +- net/mac80211/cfg.c | 5 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/main.c | 11 +- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +- net/mac80211/util.c | 4 + net/mac802154/tx.c | 8 +- net/wireless/rdev-ops.h | 6 +- net/wireless/scan.c | 59 ++++++--- scripts/gcc-plugins/gcc-common.h | 4 + scripts/kconfig/expr.c | 29 ----- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 22 ++++ sound/core/pcm_native.c | 2 + sound/pci/hda/patch_realtek.c | 5 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/intel/boards/bytcr_rt5640.c | 11 ++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++ sound/soc/soc-topology.c | 29 +++-- sound/soc/sof/sof-audio.c | 2 +- sound/soc/ti/davinci-mcasp.c | 9 +- sound/soc/ti/omap-hdmi.c | 6 +- tools/power/cpupower/utils/helpers/amd.c | 26 +++- tools/testing/selftests/futex/functional/Makefile | 2 +- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/vDSO/parse_vdso.c | 16 ++- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++- 104 files changed, 934 insertions(+), 456 deletions(-)

9 months, 1 week

11
115
0 0

[PATCH 6.6 000/129] 6.6.42-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.42 release. There are 129 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Jul 2024 18:03:23 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.42-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.42-rc1 Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in fscache_withdraw_volume() Baokun Li <libaokun1(a)huawei.com> netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wake up rx_sync_waitq upon RFKILL Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: disable softirqs for queued frame handling Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: wext: set ssids=NULL for passive scans Marc Zyngier <maz(a)kernel.org> of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix deadlock Yang Shi <yang(a)os.amperecomputing.com> mm: page_ref: remove folio_try_get_rcu() Masahiro Yamada <masahiroy(a)kernel.org> ARM: 9324/1: fix get_user() broken with veneer Steve French <stfrench(a)microsoft.com> cifs: fix noisy message on copy_file_range Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Use imply for suggesting CONFIG_SERIAL_MULTI_INSTANTIATE David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Extend tcx tests to cover late tcx_entry release Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings John Hubbard <jhubbard(a)nvidia.com> selftest/timerns: fix clang build failures for abs() calls Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return FILE_DEVICE_DISK instead of super magic Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Puranjay Mohan <puranjay(a)kernel.org> riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Samuel Holland <samuel.holland(a)sifive.com> drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/radeon: check bo_va->bo is non-NULL before using it Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix refresh rate range for some panel Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Account for cursor prefetch BW in DML1 mode support Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Add refresh rate range check Gao Xiang <xiang(a)kernel.org> erofs: ensure m_llen is reset to 0 if metadata is invalid Edward Adam Davis <eadavis(a)qq.com> bluetooth/l2cap: sync sock recv cb and release Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Enable Power Save feature on startup Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tee: optee: ffa: Fix missing-field-initializers warning Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Vyacheslav Frantsishko <itmymaill(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Takashi Iwai <tiwai(a)suse.de> ALSA: PCM: Allow resume only for suspended streams Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add tx check to prevent skb leak Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Change ACPI device id Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: wireless-hotkey: Add support for LG Airplane Button Chen Ni <nichen(a)iscas.ac.cn> platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: Fix coverity and klockwork issues in octeon PF driver Ian Ray <ian.ray(a)gehealthcare.com> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Alexander Stein <alexander.stein(a)ew.tq-group.com> Input: ads7846 - use spi_device_id table Boyang Yu <yuboyang(a)dapustor.com> nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA. Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca-sdw: add debounce time for type detection Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Do not assign fields that are already set Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Fix references to freed memory Luke D. Jones <luke(a)ljones.dev> Input: xpad - add support for ASUS ROG RAIKIRI PRO Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca-sdw: add silence detection register as volatile Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Select SERIAL_MULTI_INSTANTIATE Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdgpu: Indicate CU havest info to CP Adrian Moreno <amorenoz(a)redhat.com> selftests: openvswitch: Set value to nla flags. Linus Torvalds <torvalds(a)linux-foundation.org> cpumask: limit FORCE_NR_CPUS to just the UP case Patrice Chotard <patrice.chotard(a)foss.st.com> spi: Fix OCTAL mode support Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Alexey Makhalov <alexey.makhalov(a)broadcom.com> drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Fix lifecycle of codec pointer Daniel Wagner <dwagner(a)suse.de> nvmet: always initialize cqe.result Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Douglas Anderson <dianders(a)chromium.org> drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/exynos: dp: drop driver owner initialization Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> iomap: Fix iomap_adjust_read_range for plen calculation Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Baokun Li <libaokun1(a)huawei.com> cachefiles: make on-demand read killable Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Set object to close if ondemand_id < 0 in copen Baokun Li <libaokun1(a)huawei.com> cachefiles: add consistency check for copen/cread Scott Mayhew <smayhew(a)redhat.com> nfs: don't invalidate dentries on transient errors Jan Kara <jack(a)suse.cz> nfs: Avoid flushing many pages with NFS_FILE_SYNC Sagi Grimberg <sagi(a)grimberg.me> nfs: propagate readlink errors in nfs_symlink_filler Dmitry Mastykin <mastichi(a)gmail.com> NFSv4: Fix memory leak in nfs4_set_security_label Louis Dalibard <ontake(a)ontake.dev> HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Aseda Aboagye <aaboagye(a)chromium.org> input: Add support for "Do Not Disturb" Aseda Aboagye <aaboagye(a)chromium.org> input: Add event code for accessibility key Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Wei Li <liwei391(a)huawei.com> arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Rob Herring (Arm) <robh(a)kernel.org> of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() John Hubbard <jhubbard(a)nvidia.com> selftests/futex: pass _GNU_SOURCE without a value to the compiler Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Michael Ellerman <mpe(a)ellerman.id.au> selftests: cachestat: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Ayala Beker <ayala.beker(a)intel.com> wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle BA session teardown in RF-kill Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: remove stale STA link data during restart Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix 6 GHz scan request building Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: handle tasklet frames before stopping Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: apply mcast rate only if interface is up Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Nathan Chancellor <nathan(a)kernel.org> efi/libstub: zboot.lds: Discard .discard sections Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Wait for stag work during unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Don't process stag work during unload and recovery Justin Stitt <justinstitt(a)google.com> scsi: sr: Fix unintentional arithmetic wraparound Martin Wilck <martin.wilck(a)suse.com> scsi: core: alua: I/O errors for ALUA state transitions Jann Horn <jannh(a)google.com> filelock: Remove locks reliably when fcntl/close race is detected ------------- Diffstat: Documentation/cdrom/cdrom-standard.rst | 4 +- Makefile | 4 +- arch/arm/include/asm/uaccess.h | 14 +- arch/arm64/kernel/armv8_deprecated.c | 3 + arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 ++- arch/powerpc/platforms/pseries/setup.c | 4 +- arch/riscv/kernel/stacktrace.c | 3 +- drivers/acpi/ec.c | 9 +- drivers/block/null_blk/main.c | 4 +- drivers/bluetooth/btnxpuart.c | 2 +- drivers/firmware/efi/libstub/zboot.lds | 1 + drivers/gpio/gpio-pca953x.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 15 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 52 +++++++- .../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/exynos/exynos_dp.c | 1 - drivers/gpu/drm/mediatek/mtk_drm_drv.c | 8 ++ drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/vmwgfx/Kconfig | 2 +- drivers/hid/hid-debug.c | 2 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-input.c | 13 ++ drivers/input/joystick/xpad.c | 1 + drivers/input/mouse/elantech.c | 31 +++++ drivers/input/serio/i8042-acpipnpio.h | 18 ++- drivers/input/touchscreen/ads7846.c | 12 +- drivers/input/touchscreen/silead.c | 19 +-- drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 ++ .../ethernet/marvell/octeontx2/nic/otx2_common.c | 10 +- .../net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 55 ++++---- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 2 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 3 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 ++- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 47 ++++++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 13 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 5 + drivers/nvme/host/core.c | 1 + drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/core.c | 1 + drivers/nvme/target/fabrics-cmd-auth.c | 3 - drivers/nvme/target/fabrics-cmd.c | 6 - drivers/of/irq.c | 143 +++++++++++---------- drivers/of/of_private.h | 3 + drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 5 +- drivers/platform/x86/lg-laptop.c | 89 +++++-------- drivers/platform/x86/wireless-hotkey.c | 2 + drivers/s390/char/sclp.c | 1 + drivers/scsi/device_handler/scsi_dh_alua.c | 31 +++-- drivers/scsi/libsas/sas_internal.h | 14 ++ drivers/scsi/qedf/qedf.h | 1 + drivers/scsi/qedf/qedf_main.c | 47 ++++++- drivers/scsi/sr.h | 2 +- drivers/scsi/sr_ioctl.c | 5 +- drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + drivers/spi/spi.c | 6 +- drivers/tee/optee/ffa_abi.c | 12 +- fs/afs/write.c | 2 +- fs/btrfs/qgroup.c | 4 +- fs/cachefiles/cache.c | 45 ++++++- fs/cachefiles/ondemand.c | 74 ++++++++--- fs/cachefiles/volume.c | 1 - fs/dcache.c | 31 ++--- fs/erofs/zmap.c | 2 + fs/file.c | 4 +- fs/fscache/internal.h | 2 - fs/fscache/volume.c | 14 ++ fs/hfsplus/xattr.c | 2 +- fs/iomap/buffered-io.c | 3 +- fs/locks.c | 9 +- fs/nfs/dir.c | 27 ++-- fs/nfs/nfs4proc.c | 1 + fs/nfs/pagelist.c | 5 + fs/nfs/symlink.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/file.c | 4 +- fs/smb/common/smb2pdu.h | 34 +++++ fs/smb/server/smb2pdu.c | 9 +- include/linux/cdrom.h | 2 +- include/linux/fscache-cache.h | 6 + include/linux/page_ref.h | 49 +------ include/linux/spi/spi.h | 5 +- include/net/bluetooth/hci_sync.h | 2 + include/sound/dmaengine_pcm.h | 1 + include/trace/events/fscache.h | 4 + include/uapi/linux/input-event-codes.h | 2 + lib/Kconfig | 8 +- mm/filemap.c | 10 +- mm/gup.c | 2 +- net/bluetooth/hci_core.c | 76 ++++------- net/bluetooth/hci_sync.c | 13 ++ net/bluetooth/l2cap_core.c | 3 + net/bluetooth/l2cap_sock.c | 14 +- net/ipv6/ila/ila_lwt.c | 7 +- net/ipv6/rpl_iptunnel.c | 14 +- net/mac80211/cfg.c | 5 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/main.c | 11 +- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 14 +- net/mac80211/util.c | 4 + net/mac802154/tx.c | 8 +- net/wireless/rdev-ops.h | 6 +- net/wireless/scan.c | 59 ++++++--- scripts/kconfig/expr.c | 29 ----- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 22 ++++ sound/core/pcm_native.c | 2 + sound/pci/hda/Kconfig | 2 + sound/pci/hda/cs35l56_hda.c | 5 + sound/pci/hda/patch_realtek.c | 7 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/intel/boards/bytcr_rt5640.c | 11 ++ sound/soc/soc-generic-dmaengine-pcm.c | 8 ++ sound/soc/soc-topology.c | 29 +++-- sound/soc/sof/intel/hda-pcm.c | 6 + sound/soc/sof/sof-audio.c | 2 +- sound/soc/ti/davinci-mcasp.c | 9 +- sound/soc/ti/omap-hdmi.c | 6 +- tools/power/cpupower/utils/helpers/amd.c | 26 +++- tools/testing/selftests/bpf/config | 3 + tools/testing/selftests/bpf/prog_tests/tc_links.c | 61 +++++++++ tools/testing/selftests/cachestat/test_cachestat.c | 1 + tools/testing/selftests/futex/functional/Makefile | 2 +- .../testing/selftests/net/openvswitch/ovs-dpctl.py | 2 +- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/timens/exec.c | 6 +- tools/testing/selftests/timens/timer.c | 2 +- tools/testing/selftests/timens/timerfd.c | 2 +- tools/testing/selftests/timens/vfork_exec.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 16 ++- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 ++- 144 files changed, 1168 insertions(+), 568 deletions(-)

9 months, 1 week

14
143
0 0

[PATCH 6.9 000/163] 6.9.11-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.11 release. There are 163 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Jul 2024 18:01:03 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.11-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.11-rc1 Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() Baokun Li <libaokun1(a)huawei.com> cachefiles: fix slab-use-after-free in fscache_withdraw_volume() Baokun Li <libaokun1(a)huawei.com> netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wake up rx_sync_waitq upon RFKILL Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: disable softirqs for queued frame handling Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: wext: set ssids=NULL for passive scans Marc Zyngier <maz(a)kernel.org> of/irq: Disable "interrupt-map" parsing for PASEMI Nemo Dmitry Savin <envelsavinds(a)gmail.com> ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix deadlock Yang Shi <yang(a)os.amperecomputing.com> mm: page_ref: remove folio_try_get_rcu() Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Use imply for suggesting CONFIG_SERIAL_MULTI_INSTANTIATE David Lechner <dlechner(a)baylibre.com> spi: mux: set ctlr->bits_per_word_mask Daniel Borkmann <daniel(a)iogearbox.net> selftests/bpf: Extend tcx tests to cover late tcx_entry release Edward Adam Davis <eadavis(a)qq.com> hfsplus: fix uninit-value in copy_name John Hubbard <jhubbard(a)nvidia.com> selftests/vDSO: fix clang build errors and warnings John Hubbard <jhubbard(a)nvidia.com> selftest/timerns: fix clang build failures for abs() calls Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: return FILE_DEVICE_DISK instead of super magic Bastien Curutchet <bastien.curutchet(a)bootlin.com> spi: davinci: Unset POWERDOWN bit when releasing resources Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> spi: imx: Don't expect DMA for i.MX{25,35,50,51,53} cspi devices Puranjay Mohan <puranjay(a)kernel.org> riscv: stacktrace: fix usage of ftrace_graph_ret_addr() Samuel Holland <samuel.holland(a)sifive.com> drivers/perf: riscv: Reset the counter to hpmevent mapping while starting cpus Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK Christian Brauner <brauner(a)kernel.org> fs: better handle deep ancestor chains in is_subdir() Filipe Manana <fdmanana(a)suse.com> btrfs: fix uninitialized return value in the ref-verify tool Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer(a)amd.com> drm/radeon: check bo_va->bo is non-NULL before using it Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Update efficiency bandwidth for dcn351 Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix refresh rate range for some panel Alvin Lee <alvin.lee2(a)amd.com> drm/amd/display: Account for cursor prefetch BW in DML1 mode support Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Add refresh rate range check Gao Xiang <xiang(a)kernel.org> erofs: ensure m_llen is reset to 0 if metadata is invalid Edward Adam Davis <eadavis(a)qq.com> bluetooth/l2cap: sync sock recv cb and release Neeraj Sanjay Kale <neeraj.sanjaykale(a)nxp.com> Bluetooth: btnxpuart: Enable Power Save feature on startup Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Bluetooth: hci_core: cancel all works upon hci_unregister_dev() Mark-PK Tsai <mark-pk.tsai(a)mediatek.com> tee: optee: ffa: Fix missing-field-initializers warning Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed Ganesh Goudar <ganeshgr(a)linux.ibm.com> powerpc/eeh: avoid possible crash when edev->pdev changes Anjali K <anjalik(a)linux.ibm.com> powerpc/pseries: Whitelist dtl slub object for copying to userspace Yunshui Jiang <jiangyunshui(a)kylinos.cn> net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: apss-ipq-pll: remove 'config_ctl_hi_val' from Stromer pll configs Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: add Telit FN912 compositions Vyacheslav Frantsishko <itmymaill(a)gmail.com> ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA Li Ma <li.ma(a)amd.com> drm/amd/swsmu: add MALL init support workaround for smu_v14_0_1 Shengjiu Wang <shengjiu.wang(a)nxp.com> ALSA: dmaengine_pcm: terminate dmaengine before synchronize Aivaz Latypov <reichaivaz(a)gmail.com> ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx Takashi Iwai <tiwai(a)suse.de> ALSA: PCM: Allow resume only for suspended streams Nick Child <nnac123(a)linux.ibm.com> ibmvnic: Add tx check to prevent skb leak Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix quota root leak after quota disable failure Qu Wenruo <wqu(a)suse.com> btrfs: scrub: handle RST lookup error correctly Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Change ACPI device id Armin Wolf <W_Armin(a)gmx.de> platform/x86: lg-laptop: Remove LGEX0815 hotkey handling Armin Wolf <W_Armin(a)gmx.de> platform/x86: wireless-hotkey: Add support for LG Airplane Button Chen Ni <nichen(a)iscas.ac.cn> platform/mellanox: nvsw-sn2201: Add check for platform_device_add_resources Heiko Carstens <hca(a)linux.ibm.com> s390/sclp: Fix sclp_init() cleanup on failure Ratheesh Kannoth <rkannoth(a)marvell.com> octeontx2-pf: Fix coverity and klockwork issues in octeon PF driver Ian Ray <ian.ray(a)gehealthcare.com> gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Aryan Srivastava <aryan.srivastava(a)alliedtelesis.co.nz> net: mvpp2: fill-in dev_port attribute Chen Ni <nichen(a)iscas.ac.cn> can: kvaser_usb: fix return value for hif_usb_send_regout Alexander Stein <alexander.stein(a)ew.tq-group.com> Input: ads7846 - use spi_device_id table Boyang Yu <yuboyang(a)dapustor.com> nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA. Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Disconnect ASP1 TX sources when ASP1 DAI is hooked up Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca-sdw: add debounce time for type detection Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback Primoz Fiser <primoz.fiser(a)norik.com> ASoC: ti: omap-hdmi: Fix too long driver name Jai Luthra <j-luthra(a)ti.com> ASoC: ti: davinci-mcasp: Set min period size using FIFO config Jai Luthra <j-luthra(a)ti.com> ALSA: dmaengine: Synchronize dma channel after drop() Thomas GENTY <tomlohave(a)gmail.com> bytcr_rt5640 : inverse jack detect for Archos 101 cesium Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Do not assign fields that are already set Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: Intel: avs: Fix route override Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> ASoC: topology: Fix references to freed memory Luke D. Jones <luke(a)ljones.dev> Input: xpad - add support for ASUS ROG RAIKIRI PRO Zhang Yi <zhangyi(a)everest-semi.com> ASoC: codecs: ES8326: Solve headphone detection issue Jack Yu <jack.yu(a)realtek.com> ASoC: rt722-sdca-sdw: add silence detection register as volatile Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> Input: i8042 - add Ayaneo Kun to i8042 quirk table Jonathan Denose <jdenose(a)google.com> Input: elantech - fix touchpad state on resume for Lenovo N24 Tejun Heo <tj(a)kernel.org> workqueue: Refactor worker ID formatting and make wq_worker_comm() use full ID string Kent Overstreet <kent.overstreet(a)linux.dev> closures: Change BUG_ON() to WARN_ON() Arnd Bergmann <arnd(a)arndb.de> mips: fix compat_sys_lseek syscall Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Select SERIAL_MULTI_INSTANTIATE Likun Gao <Likun.Gao(a)amd.com> drm/amdgpu: init TA fw for psp v14 Paul Hsieh <paul.hsieh(a)amd.com> drm/amd/display: change dram_clock_latency to 34us for dcn35 Daniel Miess <daniel.miess(a)amd.com> drm/amd/display: Change dram_clock_latency to 34us for dcn351 Harish Kasiviswanathan <Harish.Kasiviswanathan(a)amd.com> drm/amdgpu: Indicate CU havest info to CP Adrian Moreno <amorenoz(a)redhat.com> selftests: openvswitch: Set value to nla flags. Linus Torvalds <torvalds(a)linux-foundation.org> cpumask: limit FORCE_NR_CPUS to just the UP case Patrice Chotard <patrice.chotard(a)foss.st.com> spi: Fix OCTAL mode support Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek: Add more codec ID to no shutup pins list Alexey Makhalov <alexey.makhalov(a)broadcom.com> drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency Michael Ellerman <mpe(a)ellerman.id.au> KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Kenton Groombridge <concord(a)gentoo.org> wifi: mac80211: Avoid address calculations via out of bounds array indexing Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4 Stefan Binding <sbinding(a)opensource.cirrus.com> ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: wext: add extra SIOCSIWSCAN data check Simon Trimmer <simont(a)opensource.cirrus.com> ALSA: hda: cs35l56: Fix lifecycle of codec pointer Cyril Hrubis <chrubis(a)suse.cz> loop: Disable fallocate() zero and discard if not supported Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Insert full vma on mmap'd MMIO fault Daniel Wagner <dwagner(a)suse.de> nvmet: always initialize cqe.result Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Douglas Anderson <dianders(a)chromium.org> drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time Douglas Anderson <dianders(a)chromium.org> drm: renesas: shmobile: Call drm_atomic_helper_shutdown() at shutdown time Tobias Jakobi <tjakobi(a)math.uni-bielefeld.de> drm: panel-orientation-quirks: Add quirk for Aya Neo KUN Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> drm/exynos: dp: drop driver owner initialization Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> iomap: Fix iomap_adjust_read_range for plen calculation Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> parport: amiga: Mark driver struct with __refdata to prevent section mismatch Alexander Usyskin <alexander.usyskin(a)intel.com> mei: demote client disconnect warning on suspend to debug Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Use unmap_mapping_range() Alex Williamson <alex.williamson(a)redhat.com> vfio: Create vfio_fs_type with inode per device Yuntao Wang <yuntao.wang(a)linux.dev> fs/file: fix the check in find_next_fd() Baokun Li <libaokun1(a)huawei.com> cachefiles: make on-demand read killable Zizhi Wo <wozizhi(a)huawei.com> cachefiles: Set object to close if ondemand_id < 0 in copen Baokun Li <libaokun1(a)huawei.com> cachefiles: add consistency check for copen/cread Scott Mayhew <smayhew(a)redhat.com> nfs: don't invalidate dentries on transient errors Jan Kara <jack(a)suse.cz> nfs: Avoid flushing many pages with NFS_FILE_SYNC Sagi Grimberg <sagi(a)grimberg.me> nfs: propagate readlink errors in nfs_symlink_filler Dmitry Mastykin <mastichi(a)gmail.com> NFSv4: Fix memory leak in nfs4_set_security_label Louis Dalibard <ontake(a)ontake.dev> HID: Ignore battery for ELAN touchscreens 2F2C and 4116 Aseda Aboagye <aaboagye(a)chromium.org> input: Add support for "Do Not Disturb" Aseda Aboagye <aaboagye(a)chromium.org> input: Add event code for accessibility key Masahiro Yamada <masahiroy(a)kernel.org> kconfig: remove wrong expr_trans_bool() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: give a proper initial state to the Save button Andreas Hindborg <a.hindborg(a)samsung.com> null_blk: fix validation of block size Tasos Sahanidis <tasos(a)tasossah.com> drm/amdgpu/pptable: Fix UBSAN array-index-out-of-bounds Wei Li <liwei391(a)huawei.com> arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process Hagar Hemdan <hagarhem(a)amazon.com> io_uring: fix possible deadlock in io_register_iowq_max_workers() Eric Dumazet <edumazet(a)google.com> ila: block BH in ila_output() Eric Dumazet <edumazet(a)google.com> net: ipv6: rpl_iptunnel: block BH in rpl_output() and rpl_input() Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Check HSMP support on AMD family of processors Hans de Goede <hdegoede(a)redhat.com> Input: silead - Always support 10 fingers Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix GMAC's phy-mode definitions in dts Chunguang Xu <chunguang.xu(a)shopee.com> nvme-fabrics: use reserved tag for reg read/write command Rob Herring (Arm) <robh(a)kernel.org> of/irq: Factor out parsing of interrupt-map parent phandle+args from of_irq_parse_raw() John Hubbard <jhubbard(a)nvidia.com> selftests/futex: pass _GNU_SOURCE without a value to the compiler Michael Ellerman <mpe(a)ellerman.id.au> selftests/overlayfs: Fix build error on ppc64 Michael Ellerman <mpe(a)ellerman.id.au> selftests/openat2: Fix build warnings on ppc64 Michael Ellerman <mpe(a)ellerman.id.au> selftests: cachestat: Fix build warnings on ppc64 Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() Ilan Peer <ilan.peer(a)intel.com> wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill Ayala Beker <ayala.beker(a)intel.com> wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: mvm: handle BA session teardown in RF-kill Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: mvm: remove stale STA link data during restart Yedidya Benshimol <yedidya.ben.shimol(a)intel.com> wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: fix 6 GHz scan request building Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: handle tasklet frames before stopping Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: apply mcast rate only if interface is up Nicolas Escande <nico.escande(a)gmail.com> wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata Thomas Weißschuh <linux(a)weissschuh.net> ACPI: AC: Properly notify powermanagement core about changes Andy Shevchenko <andy.shevchenko(a)gmail.com> PNP: Hide pnp_bus_type from the non-PNP code Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs Filipe Manana <fdmanana(a)suse.com> btrfs: ensure fast fsync waits for ordered extents after a write failure Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Avoid returning AE_OK on errors in address space handler Armin Wolf <W_Armin(a)gmx.de> ACPI: EC: Abort address space access upon error Nathan Chancellor <nathan(a)kernel.org> efi/libstub: zboot.lds: Discard .discard sections Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Set qed_slowpath_params to zero before use Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Wait for stag work during unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qedf: Don't process stag work during unload and recovery Justin Stitt <justinstitt(a)google.com> scsi: sr: Fix unintentional arithmetic wraparound Martin Wilck <martin.wilck(a)suse.com> scsi: core: alua: I/O errors for ALUA state transitions Steve French <stfrench(a)microsoft.com> cifs: fix noisy message on copy_file_range ------------- Diffstat: Documentation/cdrom/cdrom-standard.rst | 4 +- Makefile | 4 +- arch/arm64/kernel/armv8_deprecated.c | 3 + arch/loongarch/boot/dts/loongson-2k0500-ref.dts | 4 +- arch/loongarch/boot/dts/loongson-2k1000-ref.dts | 4 +- arch/loongarch/boot/dts/loongson-2k2000-ref.dts | 2 +- arch/mips/kernel/syscalls/syscall_o32.tbl | 2 +- arch/powerpc/kernel/eeh_pe.c | 7 +- arch/powerpc/kvm/book3s_64_vio.c | 18 +- arch/powerpc/platforms/pseries/setup.c | 4 +- arch/riscv/kernel/stacktrace.c | 3 +- drivers/acpi/ac.c | 4 +- drivers/acpi/ec.c | 9 +- drivers/acpi/sbs.c | 4 +- drivers/block/loop.c | 23 ++ drivers/block/null_blk/main.c | 4 +- drivers/bluetooth/btnxpuart.c | 2 +- drivers/clk/qcom/apss-ipq-pll.c | 2 - drivers/firmware/efi/libstub/zboot.lds | 1 + drivers/gpio/gpio-pca953x.c | 2 + drivers/gpu/drm/amd/amdgpu/gfx_v9_4_3.c | 15 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 5 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 52 +++- .../amd/display/dc/dml/dcn32/display_mode_vba_32.c | 3 + .../gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 2 +- .../gpu/drm/amd/display/dc/dml/dcn351/dcn351_fpu.c | 2 +- .../amd/display/dc/dml2/dml2_translation_helper.c | 1 + drivers/gpu/drm/amd/display/dc/dml2/dml2_utils.c | 2 +- drivers/gpu/drm/amd/include/pptable.h | 91 +++---- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 13 + drivers/gpu/drm/amd/pm/swsmu/inc/amdgpu_smu.h | 5 + .../amd/pm/swsmu/inc/pmfw_if/smu_v14_0_0_ppsmc.h | 4 +- drivers/gpu/drm/amd/pm/swsmu/inc/smu_types.h | 4 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_0_ppt.c | 73 ++++++ drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 + drivers/gpu/drm/exynos/exynos_dp.c | 1 - drivers/gpu/drm/mediatek/mtk_drm_drv.c | 8 + drivers/gpu/drm/radeon/radeon_gem.c | 2 +- drivers/gpu/drm/renesas/shmobile/shmob_drm_drv.c | 8 + drivers/gpu/drm/vmwgfx/Kconfig | 2 +- drivers/hid/hid-debug.c | 2 + drivers/hid/hid-ids.h | 2 + drivers/hid/hid-input.c | 13 + drivers/input/joystick/xpad.c | 1 + drivers/input/mouse/elantech.c | 31 +++ drivers/input/serio/i8042-acpipnpio.h | 18 +- drivers/input/touchscreen/ads7846.c | 12 +- drivers/input/touchscreen/silead.c | 19 +- drivers/misc/mei/main.c | 2 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 2 +- drivers/net/ethernet/ibm/ibmvnic.c | 12 + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 1 + .../ethernet/marvell/octeontx2/nic/otx2_common.c | 10 +- .../net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 55 ++-- .../net/ethernet/marvell/octeontx2/nic/otx2_txrx.c | 2 +- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 3 +- drivers/net/usb/qmi_wwan.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 16 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 47 +++- drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c | 13 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 6 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 8 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 12 +- drivers/net/wireless/intel/iwlwifi/mvm/sta.h | 5 + drivers/nvme/host/core.c | 1 + drivers/nvme/host/fabrics.c | 6 +- drivers/nvme/host/nvme.h | 2 +- drivers/nvme/target/core.c | 1 + drivers/nvme/target/fabrics-cmd-auth.c | 3 - drivers/nvme/target/fabrics-cmd.c | 6 - drivers/of/irq.c | 143 ++++++----- drivers/of/of_private.h | 3 + drivers/parport/parport_amiga.c | 8 +- drivers/perf/riscv_pmu_sbi.c | 2 +- drivers/platform/mellanox/nvsw-sn2201.c | 5 +- drivers/platform/x86/amd/hsmp.c | 50 +++- drivers/platform/x86/lg-laptop.c | 89 +++---- drivers/platform/x86/wireless-hotkey.c | 2 + drivers/pnp/base.h | 1 + drivers/s390/char/sclp.c | 1 + drivers/scsi/device_handler/scsi_dh_alua.c | 31 ++- drivers/scsi/libsas/sas_internal.h | 14 ++ drivers/scsi/qedf/qedf.h | 1 + drivers/scsi/qedf/qedf_main.c | 47 +++- drivers/scsi/sr.h | 2 +- drivers/scsi/sr_ioctl.c | 5 +- drivers/spi/spi-davinci.c | 6 + drivers/spi/spi-imx.c | 2 +- drivers/spi/spi-mux.c | 1 + drivers/spi/spi.c | 6 +- drivers/tee/optee/ffa_abi.c | 12 +- drivers/vfio/device_cdev.c | 7 + drivers/vfio/group.c | 7 + drivers/vfio/pci/vfio_pci_core.c | 277 +++++---------------- drivers/vfio/vfio_main.c | 44 ++++ fs/btrfs/btrfs_inode.h | 10 + fs/btrfs/file.c | 16 ++ fs/btrfs/ordered-data.c | 31 +++ fs/btrfs/qgroup.c | 4 +- fs/btrfs/ref-verify.c | 9 +- fs/btrfs/scrub.c | 26 +- fs/cachefiles/cache.c | 45 +++- fs/cachefiles/ondemand.c | 74 ++++-- fs/cachefiles/volume.c | 1 - fs/dcache.c | 31 ++- fs/erofs/zmap.c | 2 + fs/file.c | 4 +- fs/hfsplus/xattr.c | 2 +- fs/iomap/buffered-io.c | 3 +- fs/netfs/buffered_write.c | 4 +- fs/netfs/fscache_volume.c | 14 ++ fs/netfs/internal.h | 2 - fs/nfs/dir.c | 27 +- fs/nfs/nfs4proc.c | 1 + fs/nfs/pagelist.c | 5 + fs/nfs/symlink.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/file.c | 4 +- fs/smb/common/smb2pdu.h | 34 +++ fs/smb/server/smb2pdu.c | 9 +- include/linux/cdrom.h | 2 +- include/linux/fscache-cache.h | 6 + include/linux/page_ref.h | 49 +--- include/linux/pnp.h | 2 - include/linux/spi/spi.h | 5 +- include/linux/vfio.h | 1 + include/linux/vfio_pci_core.h | 2 - include/net/bluetooth/hci_sync.h | 2 + include/sound/dmaengine_pcm.h | 1 + include/trace/events/fscache.h | 4 + include/uapi/linux/input-event-codes.h | 2 + io_uring/register.c | 4 + kernel/workqueue.c | 51 ++-- lib/Kconfig | 8 +- lib/closure.c | 10 +- mm/filemap.c | 10 +- mm/gup.c | 2 +- net/bluetooth/hci_core.c | 76 ++---- net/bluetooth/hci_sync.c | 13 + net/bluetooth/l2cap_core.c | 3 + net/bluetooth/l2cap_sock.c | 14 +- net/ipv6/ila/ila_lwt.c | 7 +- net/ipv6/rpl_iptunnel.c | 14 +- net/mac80211/cfg.c | 5 +- net/mac80211/ieee80211_i.h | 2 + net/mac80211/main.c | 11 +- net/mac80211/mesh.c | 1 + net/mac80211/scan.c | 31 ++- net/mac80211/util.c | 4 + net/mac802154/tx.c | 8 +- net/wireless/rdev-ops.h | 6 +- net/wireless/scan.c | 59 +++-- scripts/kconfig/expr.c | 29 --- scripts/kconfig/expr.h | 1 - scripts/kconfig/gconf.c | 3 +- scripts/kconfig/menu.c | 2 - sound/core/pcm_dmaengine.c | 22 ++ sound/core/pcm_native.c | 2 + sound/pci/hda/Kconfig | 2 + sound/pci/hda/cs35l41_hda_property.c | 8 + sound/pci/hda/cs35l56_hda.c | 5 + sound/pci/hda/patch_realtek.c | 9 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs35l56-shared.c | 4 + sound/soc/codecs/es8326.c | 8 +- sound/soc/codecs/rt722-sdca-sdw.c | 4 +- sound/soc/intel/avs/topology.c | 19 +- sound/soc/intel/boards/bytcr_rt5640.c | 11 + sound/soc/soc-generic-dmaengine-pcm.c | 8 + sound/soc/soc-topology.c | 29 ++- sound/soc/sof/intel/hda-pcm.c | 6 + sound/soc/sof/sof-audio.c | 2 +- sound/soc/ti/davinci-mcasp.c | 9 +- sound/soc/ti/omap-hdmi.c | 6 +- tools/power/cpupower/utils/helpers/amd.c | 26 +- tools/testing/selftests/bpf/config | 3 + tools/testing/selftests/bpf/prog_tests/tc_links.c | 61 +++++ tools/testing/selftests/cachestat/test_cachestat.c | 1 + .../selftests/filesystems/overlayfs/dev_in_maps.c | 1 + tools/testing/selftests/futex/functional/Makefile | 2 +- .../testing/selftests/net/openvswitch/ovs-dpctl.py | 2 +- tools/testing/selftests/openat2/openat2_test.c | 1 + tools/testing/selftests/timens/exec.c | 6 +- tools/testing/selftests/timens/timer.c | 2 +- tools/testing/selftests/timens/timerfd.c | 2 +- tools/testing/selftests/timens/vfork_exec.c | 4 +- tools/testing/selftests/vDSO/parse_vdso.c | 16 +- .../selftests/vDSO/vdso_standalone_test_x86.c | 18 +- 188 files changed, 1718 insertions(+), 884 deletions(-)

9 months, 1 week

13
176
0 0

[PATCH v3] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH v4] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - modified patch, set ret and break to handle error rightly. Changes in v3: - modified patch as suggestions, returned error directly when failing to get modeset->mode. Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cee5eafbfb81 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,11 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) { + ret = -ENOMEM; + break; + } + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH v3] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified patch as suggestions, returned error directly when failing to get modeset->mode. Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..750b8dce0f90 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) + return 0; + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

9 months, 2 weeks

2
4
0 0

Re: [PATCH 6.9 000/250] 6.9.7-rc1 review

by Pavel Machek

On Wed 2024-07-24 18:48:20, DAVIETTE wrote: > Afternoon: > > Has any test on incorporation of muti platform data been seen using the PATCH file ? > > Will the install cause support default models to reset. > > Any other information is welcomed and appreciated, Thanks. > > D.Lauricella Has spam gotten smart with use of AI, or is this real? Can you fix your mailer to to generate in-reply-to headers and try again stating your question? BR, Pavel -- DENX Software Engineering GmbH, Managing Director: Erika Unter HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany

9 months, 2 weeks

1
0
0 0

[PATCH v2 RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..db23887b2d81 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { -- 2.25.1

9 months, 2 weeks

3
2
0 0

[PATCH] Bluetooth: hci_core: fix suspicious RCU usage in hci_conn_drop()

by Yunseong Kim

Protection from the queuing operation is achieved with an RCU read lock to avoid calling 'queue_delayed_work()' after 'cancel_delayed_work()', but this does not apply to 'hci_conn_drop()'. commit deee93d13d38 ("Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works") The situation described raises concerns about suspicious RCU usage in a corrupted context. CPU 1 CPU 2 hci_dev_do_reset() synchronize_rcu() hci_conn_drop() drain_workqueue() <-- no RCU read protection during queuing. --> queue_delayed_work() It displays a warning message like the following Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 ============================= WARNING: suspicious RCU usage 6.10.0-rc6-01340-gf14c0bb78769 #5 Not tainted ----------------------------- net/mac80211/util.c:4000 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor/798: #0: ffff800089a3de50 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_lock+0x28/0x40 net/core/rtnetlink.c:79 stack backtrace: CPU: 0 PID: 798 Comm: syz-executor Not tainted 6.10.0-rc6-01340-gf14c0bb78769 #5 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace.part.0+0x1b8/0x1d0 arch/arm64/kernel/stacktrace.c:317 dump_backtrace arch/arm64/kernel/stacktrace.c:323 [inline] show_stack+0x34/0x50 arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xf0/0x170 lib/dump_stack.c:114 dump_stack+0x20/0x30 lib/dump_stack.c:123 lockdep_rcu_suspicious+0x204/0x2f8 kernel/locking/lockdep.c:6712 ieee80211_check_combinations+0x71c/0x828 [mac80211] ieee80211_check_concurrent_iface+0x494/0x700 [mac80211] ieee80211_open+0x140/0x238 [mac80211] __dev_open+0x270/0x498 net/core/dev.c:1474 __dev_change_flags+0x47c/0x610 net/core/dev.c:8837 dev_change_flags+0x98/0x170 net/core/dev.c:8909 devinet_ioctl+0xdf0/0x18d0 net/ipv4/devinet.c:1177 inet_ioctl+0x34c/0x388 net/ipv4/af_inet.c:1003 sock_do_ioctl+0xe4/0x240 net/socket.c:1222 sock_ioctl+0x4cc/0x740 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x184/0x218 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:34 [inline] invoke_syscall+0x90/0x2e8 arch/arm64/kernel/syscall.c:48 el0_svc_common.constprop.0+0x200/0x2a8 arch/arm64/kernel/syscall.c:131 el0_svc+0x48/0xc0 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x120/0x130 arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x198 arch/arm64/kernel/entry.S:598 This patch attempts to fix that issue with the same convention. Cc: stable(a)vger.kernel.org # v6.1+ Fixes: deee93d13d38 ("Bluetooth: use hdev->workqueue when queuing hdev-> {cmd,ncmd}_timer works") Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> Tested-by: Yunseong Kim <yskelg(a)gmail.com> Signed-off-by: Yunseong Kim <yskelg(a)gmail.com> --- include/net/bluetooth/hci_core.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h index 31020891fc68..111509dc1a23 100644 --- a/include/net/bluetooth/hci_core.h +++ b/include/net/bluetooth/hci_core.h @@ -1572,8 +1572,13 @@ static inline void hci_conn_drop(struct hci_conn *conn) } cancel_delayed_work(&conn->disc_work); - queue_delayed_work(conn->hdev->workqueue, - &conn->disc_work, timeo); + + rcu_read_lock(); + if (!hci_dev_test_flag(conn->hdev, HCI_CMD_DRAIN_WORKQUEUE)) { + queue_delayed_work(conn->hdev->workqueue, + &conn->disc_work, timeo); + } + rcu_read_unlock(); } } -- 2.45.2

9 months, 2 weeks

2
1
0 0

[RESEND PATCH] rtc: ds1343: Force SPI chip select to be active high

by Ian Abbott

Commit 3b52093dc917 ("rtc: ds1343: Do not hardcode SPI mode flags") bit-flips (^=) the existing SPI_CS_HIGH setting in the SPI mode during device probe. This will set it to the wrong value if the spi-cs-high property has been set in the devicetree node. Just force it to be set active high and get rid of some commentary that attempted to explain why flipping the bit was the correct choice. Fixes: 3b52093dc917 ("rtc: ds1343: Do not hardcode SPI mode flags") Cc: <stable(a)vger.kernel.org> # 5.6+ Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- drivers/rtc/rtc-ds1343.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/rtc/rtc-ds1343.c b/drivers/rtc/rtc-ds1343.c index ed5a6ba89a3e..484b5756b55c 100644 --- a/drivers/rtc/rtc-ds1343.c +++ b/drivers/rtc/rtc-ds1343.c @@ -361,13 +361,10 @@ static int ds1343_probe(struct spi_device *spi) if (!priv) return -ENOMEM; - /* RTC DS1347 works in spi mode 3 and - * its chip select is active high. Active high should be defined as - * "inverse polarity" as GPIO-based chip selects can be logically - * active high but inverted by the GPIO library. + /* + * RTC DS1347 works in spi mode 3 and its chip select is active high. */ - spi->mode |= SPI_MODE_3; - spi->mode ^= SPI_CS_HIGH; + spi->mode |= SPI_MODE_3 | SPI_CS_HIGH; spi->bits_per_word = 8; res = spi_setup(spi); if (res) -- 2.43.0

9 months, 2 weeks

3
6
0 0

[PATCH v3] block: fix deadlock between sd_remove & sd_release

by Yang Yang

Our test report the following hung task: [ 2538.459400] INFO: task "kworker/0:0":7 blocked for more than 188 seconds. [ 2538.459427] Call trace: [ 2538.459430] __switch_to+0x174/0x338 [ 2538.459436] __schedule+0x628/0x9c4 [ 2538.459442] schedule+0x7c/0xe8 [ 2538.459447] schedule_preempt_disabled+0x24/0x40 [ 2538.459453] __mutex_lock+0x3ec/0xf04 [ 2538.459456] __mutex_lock_slowpath+0x14/0x24 [ 2538.459459] mutex_lock+0x30/0xd8 [ 2538.459462] del_gendisk+0xdc/0x350 [ 2538.459466] sd_remove+0x30/0x60 [ 2538.459470] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459474] device_release_driver+0x18/0x28 [ 2538.459478] bus_remove_device+0x15c/0x174 [ 2538.459483] device_del+0x1d0/0x358 [ 2538.459488] __scsi_remove_device+0xa8/0x198 [ 2538.459493] scsi_forget_host+0x50/0x70 [ 2538.459497] scsi_remove_host+0x80/0x180 [ 2538.459502] usb_stor_disconnect+0x68/0xf4 [ 2538.459506] usb_unbind_interface+0xd4/0x280 [ 2538.459510] device_release_driver_internal+0x1c4/0x2c4 [ 2538.459514] device_release_driver+0x18/0x28 [ 2538.459518] bus_remove_device+0x15c/0x174 [ 2538.459523] device_del+0x1d0/0x358 [ 2538.459528] usb_disable_device+0x84/0x194 [ 2538.459532] usb_disconnect+0xec/0x300 [ 2538.459537] hub_event+0xb80/0x1870 [ 2538.459541] process_scheduled_works+0x248/0x4dc [ 2538.459545] worker_thread+0x244/0x334 [ 2538.459549] kthread+0x114/0x1bc [ 2538.461001] INFO: task "fsck.":15415 blocked for more than 188 seconds. [ 2538.461014] Call trace: [ 2538.461016] __switch_to+0x174/0x338 [ 2538.461021] __schedule+0x628/0x9c4 [ 2538.461025] schedule+0x7c/0xe8 [ 2538.461030] blk_queue_enter+0xc4/0x160 [ 2538.461034] blk_mq_alloc_request+0x120/0x1d4 [ 2538.461037] scsi_execute_cmd+0x7c/0x23c [ 2538.461040] ioctl_internal_command+0x5c/0x164 [ 2538.461046] scsi_set_medium_removal+0x5c/0xb0 [ 2538.461051] sd_release+0x50/0x94 [ 2538.461054] blkdev_put+0x190/0x28c [ 2538.461058] blkdev_release+0x28/0x40 [ 2538.461063] __fput+0xf8/0x2a8 [ 2538.461066] __fput_sync+0x28/0x5c [ 2538.461070] __arm64_sys_close+0x84/0xe8 [ 2538.461073] invoke_syscall+0x58/0x114 [ 2538.461078] el0_svc_common+0xac/0xe0 [ 2538.461082] do_el0_svc+0x1c/0x28 [ 2538.461087] el0_svc+0x38/0x68 [ 2538.461090] el0t_64_sync_handler+0x68/0xbc [ 2538.461093] el0t_64_sync+0x1a8/0x1ac T1: T2: sd_remove del_gendisk __blk_mark_disk_dead blk_freeze_queue_start ++q->mq_freeze_depth bdev_release mutex_lock(&disk->open_mutex) sd_release scsi_execute_cmd blk_queue_enter wait_event(!q->mq_freeze_depth) mutex_lock(&disk->open_mutex) SCSI does not set GD_OWNS_QUEUE, so QUEUE_FLAG_DYING is not set in this scenario. This is a classic ABBA deadlock. To fix the deadlock, make sure we don't try to acquire disk->open_mutex after freezing the queue. Cc: stable(a)vger.kernel.org Fixes: eec1be4c30df ("block: delete partitions later in del_gendisk") Signed-off-by: Yang Yang <yang.yang(a)vivo.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes from v2: - Add Fixes: and Cc: stable by suggestion Changes from v1: - Modify commit message by suggestion --- block/genhd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/genhd.c b/block/genhd.c index 8f1f3c6b4d67..c5fca3e893a0 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -663,12 +663,12 @@ void del_gendisk(struct gendisk *disk) */ if (!test_bit(GD_DEAD, &disk->state)) blk_report_disk_dead(disk, false); - __blk_mark_disk_dead(disk); /* * Drop all partitions now that the disk is marked dead. */ mutex_lock(&disk->open_mutex); + __blk_mark_disk_dead(disk); xa_for_each_start(&disk->part_tbl, idx, part, 1) drop_partition(part); mutex_unlock(&disk->open_mutex); -- 2.34.1

9 months, 2 weeks

3
2
0 0

[PATCH 6.10 00/11] 6.10.1-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.1 release. There are 11 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Jul 2024 12:28:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.1-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.1-rc2 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Allow thermal zones to tell the core to ignore them Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix error pbuf checking Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Limit Speaker Volume to +12dB maximum Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Use header defines for Speaker Volume control definition Hao Ge <gehao(a)kylinos.cn> tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() David Howells <dhowells(a)redhat.com> cifs: Fix setting of zero_point after DIO write David Howells <dhowells(a)redhat.com> cifs: Fix server re-repick on subrequest retry Steve French <stfrench(a)microsoft.com> cifs: fix noisy message on copy_file_range David Howells <dhowells(a)redhat.com> cifs: Fix missing fscache invalidation David Howells <dhowells(a)redhat.com> cifs: Fix missing error code set Kees Cook <kees(a)kernel.org> ext4: use memtostr_pad() for s_volume_name ------------- Diffstat: Makefile | 4 +-- drivers/char/tpm/tpm2-sessions.c | 5 +-- drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 7 +++- drivers/thermal/thermal_core.c | 51 ++++++++++++++--------------- drivers/thermal/thermal_core.h | 3 ++ drivers/thermal/thermal_helpers.c | 2 ++ fs/ext4/ext4.h | 2 +- fs/ext4/ioctl.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/file.c | 21 +++++++++--- fs/smb/client/smb2pdu.c | 3 -- include/sound/cs35l56.h | 2 +- io_uring/kbuf.c | 4 ++- sound/soc/codecs/cs35l56.c | 6 +++- 14 files changed, 69 insertions(+), 45 deletions(-)

9 months, 2 weeks

8
7
0 0

Linux 6.10.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.1 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/char/tpm/tpm2-sessions.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 7 +++ drivers/thermal/thermal_core.c | 51 +++++++++++++--------------- drivers/thermal/thermal_core.h | 3 + drivers/thermal/thermal_helpers.c | 2 + fs/ext4/ext4.h | 2 - fs/ext4/ioctl.c | 2 - fs/smb/client/cifsfs.c | 2 - fs/smb/client/file.c | 21 +++++++++-- fs/smb/client/smb2pdu.c | 3 - include/sound/cs35l56.h | 2 - io_uring/kbuf.c | 4 +- sound/soc/codecs/cs35l56.c | 6 ++- 14 files changed, 68 insertions(+), 44 deletions(-) David Howells (4): cifs: Fix missing error code set cifs: Fix missing fscache invalidation cifs: Fix server re-repick on subrequest retry cifs: Fix setting of zero_point after DIO write Greg Kroah-Hartman (1): Linux 6.10.1 Hao Ge (1): tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Kees Cook (1): ext4: use memtostr_pad() for s_volume_name Pavel Begunkov (1): io_uring: fix error pbuf checking Rafael J. Wysocki (1): thermal: core: Allow thermal zones to tell the core to ignore them Richard Fitzgerald (2): ASoC: cs35l56: Use header defines for Speaker Volume control definition ASoC: cs35l56: Limit Speaker Volume to +12dB maximum Steve French (1): cifs: fix noisy message on copy_file_range

9 months, 2 weeks

1
1
0 0

Linux 6.10.1

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.1 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 - drivers/char/tpm/tpm2-sessions.c | 5 +- drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 7 +++ drivers/thermal/thermal_core.c | 51 +++++++++++++--------------- drivers/thermal/thermal_core.h | 3 + drivers/thermal/thermal_helpers.c | 2 + fs/ext4/ext4.h | 2 - fs/ext4/ioctl.c | 2 - fs/smb/client/cifsfs.c | 2 - fs/smb/client/file.c | 21 +++++++++-- fs/smb/client/smb2pdu.c | 3 - include/sound/cs35l56.h | 2 - io_uring/kbuf.c | 4 +- sound/soc/codecs/cs35l56.c | 6 ++- 14 files changed, 68 insertions(+), 44 deletions(-) David Howells (4): cifs: Fix missing error code set cifs: Fix missing fscache invalidation cifs: Fix server re-repick on subrequest retry cifs: Fix setting of zero_point after DIO write Greg Kroah-Hartman (1): Linux 6.10.1 Hao Ge (1): tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Kees Cook (1): ext4: use memtostr_pad() for s_volume_name Pavel Begunkov (1): io_uring: fix error pbuf checking Rafael J. Wysocki (1): thermal: core: Allow thermal zones to tell the core to ignore them Richard Fitzgerald (2): ASoC: cs35l56: Use header defines for Speaker Volume control definition ASoC: cs35l56: Limit Speaker Volume to +12dB maximum Steve French (1): cifs: fix noisy message on copy_file_range

9 months, 2 weeks

1
1
0 0

[PATCH] drm/nouveau: fix a possible null pointer dereference

by Ma Ke

In ch7006_encoder_get_modes(), the return value of drm_mode_duplicate() is used directly in drm_mode_probed_add(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6ee738610f41 ("drm/nouveau: Add DRM driver for NVIDIA GPUs") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/i2c/ch7006_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i2c/ch7006_drv.c b/drivers/gpu/drm/i2c/ch7006_drv.c index 131512a5f3bd..48bf6e4e8bdb 100644 --- a/drivers/gpu/drm/i2c/ch7006_drv.c +++ b/drivers/gpu/drm/i2c/ch7006_drv.c @@ -229,6 +229,7 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, { struct ch7006_priv *priv = to_ch7006_priv(encoder); const struct ch7006_mode *mode; + struct drm_display_mode *encoder_mode = NULL; int n = 0; for (mode = ch7006_modes; mode->mode.clock; mode++) { @@ -236,8 +237,11 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, ~mode->valid_norms & 1<<priv->norm) continue; - drm_mode_probed_add(connector, - drm_mode_duplicate(encoder->dev, &mode->mode)); + encoder_mode = drm_mode_duplicate(encoder->dev, &mode->mode); + if (!encoder_mode) + return 0; + + drm_mode_probed_add(connector, encoder_mode); n++; } -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH fro 6.11 0/2] ASoC SOF: ipc4-topology: Fix LinkID handling for ChainDMA

by Peter Ujfalusi

Hi, A recent patch available in 6.10 [1] uncovered two issues on how the DMA Link ID is tracked with ChainDMA and can cause under specific conditions [2] to cause a DSP panic. The issue is not academic as we have one user report of it: https://github.com/thesofproject/linux/issues/5116 The patches have been marked for stable backport to made there way to 6.10. The first patch is fixing a code move patch, for older than 6.9 we would need different patch to fix the original code, but since the issue is only valid for 6.10, I will do that at a later time. Mark, can you please schedule these as fixes for 6.11 to get them fast to 6.10? Thank you. [1] ebd3b3014eeb ("ASoC: SOF: pcm: reset all PCM sources in case of xruns") [2] https://github.com/thesofproject/linux/pull/5119#issuecomment-2244770449 Regards, Peter --- Peter Ujfalusi (2): ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare sound/soc/sof/ipc4-topology.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) -- 2.45.2

9 months, 2 weeks

2
3
0 0

Re: CVE-2024-39471: drm/amdgpu: add error handle to avoid out-of-bounds

by Siddh Raman Pant

(Mail V2: Send to correct mailing list and CCing relevant people.) On Tue, 25 Jun 2024 16:29:04 +0200, Greg Kroah-Hartman wrote: > In the Linux kernel, the following vulnerability has been resolved: > > drm/amdgpu: add error handle to avoid out-of-bounds > > if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should > be stop to avoid out-of-bounds read, so directly return -EINVAL. > > The Linux kernel CVE team has assigned CVE-2024-39471 to this issue. This commit has a bug which was fixed by 6769a23697f1. It should be immediately backported, otherwise this "fix" doesn't do anything since gcc will optimise out the check. Thanks, Siddh

9 months, 2 weeks

1
0
0 0

[PATCH v2 RESEND] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cca37b225385 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) + continue; + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

9 months, 2 weeks

2
1
0 0

[PATCH v2] spi: ppc4xx: handle irq_of_parse_and_map() errors

by Ma Ke

Zero and negative number is not a valid IRQ for in-kernel code and the irq_of_parse_and_map() function returns zero on error. So this check for valid IRQs should only accept values > 0. Cc: stable(a)vger.kernel.org Fixes: 44dab88e7cc9 ("spi: add spi_ppc4xx driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line; - added Fixes line. --- drivers/spi/spi-ppc4xx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/spi/spi-ppc4xx.c b/drivers/spi/spi-ppc4xx.c index 942c3117ab3a..01fdecbf132d 100644 --- a/drivers/spi/spi-ppc4xx.c +++ b/drivers/spi/spi-ppc4xx.c @@ -413,6 +413,9 @@ static int spi_ppc4xx_of_probe(struct platform_device *op) /* Request IRQ */ hw->irqnum = irq_of_parse_and_map(np, 0); + if (hw->irqnum <= 0) + goto free_host; + ret = request_irq(hw->irqnum, spi_ppc4xx_int, 0, "spi_ppc4xx_of", (void *)hw); if (ret) { -- 2.25.1

9 months, 2 weeks

3
2
0 0

[PATCH RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..d6bf0eebeb41 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (!sdram_addr) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH 5.10 000/770] 5.10.220-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.220 release. There are 770 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 20 Jun 2024 12:32:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.220-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.220-rc1 Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a regression in nfsd_setattr() NeilBrown <neilb(a)suse.de> nfsd: don't call locks_release_private() twice concurrently NeilBrown <neilb(a)suse.de> nfsd: don't take fi_lock in nfsd_break_deleg_cb() NeilBrown <neilb(a)suse.de> nfsd: fix RELEASE_LOCKOWNER Jeff Layton <jlayton(a)kernel.org> nfsd: drop the nfsd_put helper NeilBrown <neilb(a)suse.de> nfsd: call nfsd_last_thread() before final nfsd_put() NeilBrown <neilb(a)suse.de> NFSD: fix possible oops when nfsd/pool_stats is closed. Chuck Lever <chuck.lever(a)oracle.com> Documentation: Add missing documentation for EXPORT_OP flags NeilBrown <neilb(a)suse.de> nfsd: separate nfsd_last_thread() from nfsd_put() NeilBrown <neilb(a)suse.de> nfsd: Simplify code around svc_exit_thread() call in nfsd() Chuck Lever <chuck.lever(a)oracle.com> nfsd: don't allow nfsd threads to be signalled. Tavian Barnes <tavianator(a)tavianator.com> nfsd: Fix creation time serialization order Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_encode_nfstime4() helper NeilBrown <neilb(a)suse.de> lockd: drop inappropriate svc_get() from locked_get() Dan Carpenter <dan.carpenter(a)linaro.org> nfsd: fix double fget() bug in __write_ports_addfd() Jeff Layton <jlayton(a)kernel.org> nfsd: make a copy of struct iattr before calling notify_change Dai Ngo <dai.ngo(a)oracle.com> NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop Jeff Layton <jlayton(a)kernel.org> nfsd: simplify the delayed disposal list code Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert filecache to rhltable Jeff Layton <jlayton(a)kernel.org> nfsd: allow reaping files still under writeback Jeff Layton <jlayton(a)kernel.org> nfsd: update comment over __nfsd_file_cache_purge Jeff Layton <jlayton(a)kernel.org> nfsd: don't take/put an extra reference when putting a file Jeff Layton <jlayton(a)kernel.org> nfsd: add some comments to nfsd_file_do_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: don't kill nfsd_files because of lease break error Jeff Layton <jlayton(a)kernel.org> nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator Jeff Layton <jlayton(a)kernel.org> nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries Jeff Layton <jlayton(a)kernel.org> nfsd: don't open-code clear_and_wake_up_bit Jeff Layton <jlayton(a)kernel.org> nfsd: call op_release, even when op_func returns an error Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL Jeff Layton <jlayton(a)kernel.org> nfsd: don't replace page in rq_pages if it's a continuation of last page Jeff Layton <jlayton(a)kernel.org> lockd: set file_lock start and end when decoding nlm4 testargs Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against filesystem freezing Chuck Lever <chuck.lever(a)oracle.com> NFSD: copy the whole verifier in nfsd_copy_write_verifier Jeff Layton <jlayton(a)kernel.org> nfsd: don't fsync nfsd_files on last close Jeff Layton <jlayton(a)kernel.org> nfsd: fix courtesy client with deny mode handling in nfs4_upgrade_open Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix problems with cleanup on errors in nfsd4_copy Jeff Layton <jlayton(a)kernel.org> nfsd: don't hand out delegation on setuid files being opened for write Dai Ngo <dai.ngo(a)oracle.com> NFSD: fix leaked reference count of nfsd4_ssc_umount_item Jeff Layton <jlayton(a)kernel.org> nfsd: clean up potential nfsd_file refcount leaks in COPY codepath Jeff Layton <jlayton(a)kernel.org> nfsd: allow nfsd_file_get to sanely handle a NULL pointer Dai Ngo <dai.ngo(a)oracle.com> NFSD: enhance inter-server copy cleanup Jeff Layton <jlayton(a)kernel.org> nfsd: don't destroy global nfs4_file table in per-net shutdown Jeff Layton <jlayton(a)kernel.org> nfsd: don't free files unconditionally in __nfsd_file_cache_purge Dai Ngo <dai.ngo(a)oracle.com> NFSD: replace delayed_work with work_struct for nfsd_client_shrinker Dai Ngo <dai.ngo(a)oracle.com> NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time Xingyuan Mo <hdthky0(a)gmail.com> NFSD: fix use-after-free in nfsd4_ssc_setup_dul() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use set_bit(RQ_DROPME) Chuck Lever <chuck.lever(a)oracle.com> Revert "SUNRPC: Use RMW bitops in single-threaded hot paths" Jeff Layton <jlayton(a)kernel.org> nfsd: fix handling of cached open files in nfsd4_open codepath Jeff Layton <jlayton(a)kernel.org> nfsd: rework refcounting in filecache Kees Cook <keescook(a)chromium.org> NFSD: Avoid clashing function prototypes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use only RQ_DROPME to signal the need to drop a reply Dai Ngo <dai.ngo(a)oracle.com> NFSD: add delegation reaper to react to low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for sending CB_RECALL_ANY Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker Brian Foster <bfoster(a)redhat.com> NFSD: pass range end to vfs_fsync_range() instead of count Jeff Layton <jlayton(a)kernel.org> lockd: fix file selection in nlmsvc_cancel_blocked Jeff Layton <jlayton(a)kernel.org> lockd: ensure we use the correct file descriptor when unlocking Jeff Layton <jlayton(a)kernel.org> lockd: set missing fl_flags field when retrieving args Xiu Jianfeng <xiujianfeng(a)huawei.com> NFSD: Use struct_size() helper in alloc_session() Jeff Layton <jlayton(a)kernel.org> nfsd: return error if nfs4_setacl fails Trond Myklebust <trond.myklebust(a)hammerspace.com> lockd: set other missing fields when unlocking files Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_file_fsync tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix up the filecache laundrette scheduling Jeff Layton <jlayton(a)kernel.org> nfsd: reorganize filecache.c Jeff Layton <jlayton(a)kernel.org> nfsd: remove the pages_flushed statistic from filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix licensing header in filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use rhashtable for managing nfs4_file objects Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor find_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up find_or_add_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a nfsd4_file_hash_remove() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_init_file() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update file_hashtbl() helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use const pointers as parameters to fh_ helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace delegation revocations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace stateids returned via DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4_preprocess_stateid_op() call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Flesh out a documenting comment for filecache.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection Chuck Lever <chuck.lever(a)oracle.com> NFSD: Revert "NFSD: NFSv4 CLOSE should release an nfsd_file immediately" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pass the target nfsd_file to nfsd_commit() David Disseldorp <ddiss(a)suse.de> exportfs: use pr_debug for unreachable debug statements Jeff Layton <jlayton(a)kernel.org> nfsd: allow disabling NFSv2 at compile time Jeff Layton <jlayton(a)kernel.org> nfsd: move nfserrno() to vfs.c Jeff Layton <jlayton(a)kernel.org> nfsd: ignore requests to disable unsupported versions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv3 GETACL result encoder Chuck Lever <chuck.lever(a)oracle.com> NFSD: Finish converting the NFSv2 GETACL result encoder Colin Ian King <colin.i.king(a)gmail.com> NFSD: Remove redundant assignment to variable host_err Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFSD: Simplify READ_PLUS Jeff Layton <jlayton(a)kernel.org> nfsd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> lockd: use locks_inode_context helper Jeff Layton <jlayton(a)kernel.org> filelock: add a new locks_inode_context accessor function Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix reads with a non-zero offset that don't end on a page boundary Jeff Layton <jlayton(a)kernel.org> nfsd: put the export reference in nfsd4_verify_deleg_dentry Jeff Layton <jlayton(a)kernel.org> nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint Jeff Layton <jlayton(a)kernel.org> nfsd: fix net-namespace logic in __nfsd_file_cache_purge Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> NFSD: unregister shrinker when nfsd_init_net() fails Jeff Layton <jlayton(a)kernel.org> nfsd: rework hashtable handling in nfsd_do_file_acquire Jeff Layton <jlayton(a)kernel.org> nfsd: fix nfsd_file_unhash_and_dispose Gaosheng Cui <cuigaosheng1(a)huawei.com> fanotify: Remove obsoleted fanotify_event_has_path() Gaosheng Cui <cuigaosheng1(a)huawei.com> fsnotify: remove unused declaration Al Viro <viro(a)zeniv.linux.org.uk> fs/notify: constify path Jeff Layton <jlayton(a)kernel.org> nfsd: extra checks when freeing delegation stateids Jeff Layton <jlayton(a)kernel.org> nfsd: make nfsd4_run_cb a bool return function Jeff Layton <jlayton(a)kernel.org> nfsd: fix comments about spinlock handling with delegations Jeff Layton <jlayton(a)kernel.org> nfsd: only fill out return pointer on success in nfsd4_lookup_stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Cap rsize_bop result based on send buffer size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename the fields in copy_stateid_t ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_file_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define nfsd_reply_cache_stats_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define client_info_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_SHOW_ATTRIBUTE to define export_features_fops and supported_enctypes_fops ChenXiaoSong <chenxiaosong2(a)huawei.com> nfsd: use DEFINE_PROC_SHOW_ATTRIBUTE to define nfsd_proc_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Pack struct nfsd4_compoundres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused nfsd4_compoundargs::cachetype field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove "inline" directives on op_rsize_bop helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfs4svc_encode_compoundres() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up WRITE arg decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_inline_decode() to decode NFSv3 symlinks Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor common code out of dirlist helpers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce amount of struct nfsd4_compoundargs that needs clearing Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Parametrize how much of argsize should be zeroed Dai Ngo <dai.ngo(a)oracle.com> NFSD: add shrinker to reap courtesy clients on low memory condition Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of courtesy clients in the system Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_remove() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_rename() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_setattr() wait before returning NFS4ERR_DELAY Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a mechanism to wait for a DELEGRETURN Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints to report NFSv4 callback completions Gaosheng Cui <cuigaosheng1(a)huawei.com> nfsd: remove nfsd4_prepare_cb_recall() declaration Jeff Layton <jlayton(a)kernel.org> nfsd: clean up mounted_on_fileid handling Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix handling of oversized NFSv4 COMPOUND requests NeilBrown <neilb(a)suse.de> NFSD: drop fname and flen args from nfsd_create_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READ Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv3 READDIR Chuck Lever <chuck.lever(a)oracle.com> NFSD: Protect against send buffer overflow in NFSv2 READDIR Chuck Lever <chuck.lever(a)oracle.com> NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Propagate some error code returned by memdup_user() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> nfsd: Avoid some useless tests Jinpeng Cui <cui.jinpeng2(a)zte.com.cn> NFSD: remove redundant variable status Olga Kornievskaia <kolga(a)netapp.com> NFSD enforce filehandle check for source file in COPY Wolfram Sang <wsa+renesas(a)sang-engineering.com> lockd: move from strlcpy with unused retval to strscpy Wolfram Sang <wsa+renesas(a)sang-engineering.com> NFSD: move from strlcpy with unused retval to strscpy Al Viro <viro(a)zeniv.linux.org.uk> nfsd_splice_actor(): handle compound pages NeilBrown <neilb(a)suse.de> NFSD: fix regression with setting ACLs. Jeff Layton <jlayton(a)kernel.org> lockd: detect and reject lock arguments that overflow NeilBrown <neilb(a)suse.de> NFSD: discard fh_locked flag and fh_lock/fh_unlock NeilBrown <neilb(a)suse.de> NFSD: use (un)lock_inode instead of fh_(un)lock for file operations NeilBrown <neilb(a)suse.de> NFSD: use explicit lock/unlock for directory ops NeilBrown <neilb(a)suse.de> NFSD: reduce locking in nfsd_lookup() NeilBrown <neilb(a)suse.de> NFSD: only call fh_unlock() once in nfsd_link() NeilBrown <neilb(a)suse.de> NFSD: always drop directory lock in nfsd_unlink() NeilBrown <neilb(a)suse.de> NFSD: change nfsd_create()/nfsd_symlink() to unlock directory before returning. NeilBrown <neilb(a)suse.de> NFSD: add posix ACLs to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: add security label to struct nfsd_attrs NeilBrown <neilb(a)suse.de> NFSD: set attributes when creating symlinks NeilBrown <neilb(a)suse.de> NFSD: introduce struct nfsd_attrs Jeff Layton <jlayton(a)kernel.org> NFSD: verify the opened dentry after setting a delegation Jeff Layton <jlayton(a)kernel.org> NFSD: drop fh argument from alloc_init_deleg Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move copy offload callback arguments into a separate structure Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd4_send_cb_offload() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove kmalloc from nfsd4_do_async_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_do_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (2/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd4_cleanup_inter_ssc() (1/2) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace boolean fields in struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfs4_put_copy() static Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reorder the fields in struct nfsd4_op Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy Chuck Lever <chuck.lever(a)oracle.com> NFSD: Shrink size of struct nfsd4_copy_notify Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfserrno(-ENOMEM) is nfserr_jukebox Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix strncpy() fortify warning Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd4_encode_readlink() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Use xdr_pad_size() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Simplify starting_len Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_readv() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd4_read::rd_eof field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up SPLICE_OK in nfsd4_encode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize nfsd4_encode_operation() Jeff Layton <jlayton(a)kernel.org> nfsd: silence extraneous printk on nfsd.ko insertion Dai Ngo <dai.ngo(a)oracle.com> NFSD: limit the number of v4 clients to 1024 per 1GB of system memory Dai Ngo <dai.ngo(a)oracle.com> NFSD: keep track of the number of v4 clients in the system Dai Ngo <dai.ngo(a)oracle.com> NFSD: refactoring v4 specific code to a helper in nfs4state.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Ensure nf_inode is never dereferenced Chuck Lever <chuck.lever(a)oracle.com> NFSD: NFSv4 CLOSE should release an nfsd_file immediately Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move nfsd_file_trace_alloc() tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Separate tracepoints for acquire and create Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up unused code after rhashtable conversion Chuck Lever <chuck.lever(a)oracle.com> NFSD: Convert the filecache to use rhashtable Chuck Lever <chuck.lever(a)oracle.com> NFSD: Set up an rhashtable for the filecache Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the "init once" mechanism Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove nfsd_file::nf_hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_hash_remove can compute hashval Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor __nfsd_file_close_inode() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove lockdep assertion from unhash_and_release_locked() Chuck Lever <chuck.lever(a)oracle.com> NFSD: No longer record nf_hashval in the trace log Chuck Lever <chuck.lever(a)oracle.com> NFSD: Never call nfsd_file_gc() in foreground paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the filecache LRU shrinker Chuck Lever <chuck.lever(a)oracle.com> NFSD: Leave open files out of the filecache LRU Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache LRU activity Chuck Lever <chuck.lever(a)oracle.com> NFSD: WARN when freeing an item still linked via nf_lru Chuck Lever <chuck.lever(a)oracle.com> NFSD: Hook up the filecache stat file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Zero counters when the filecache is re-initialized Chuck Lever <chuck.lever(a)oracle.com> NFSD: Record number of flush calls Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report the number of items evicted by the LRU walk Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_lru_scan() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_file_gc() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_file_lru_dispose_list() helper Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report average age of filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of freed filecache items Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report count of calls to nfsd_file_acquire() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Report filecache LRU size Chuck Lever <chuck.lever(a)oracle.com> NFSD: Demote a WARN to a pr_warn() Colin Ian King <colin.i.king(a)gmail.com> nfsd: remove redundant assignment to variable len Zhang Jiaming <jiaming(a)nfschina.com> NFSD: Fix space and spelling mistake Benjamin Coddington <bcodding(a)redhat.com> NLM: Defend against file_lock changes after vfs_test_lock() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Fix xdr_encode_bool() Jeff Layton <jlayton(a)kernel.org> nfsd: eliminate the NFSD_FILE_BREAK_* flags Xin Gao <gaoxin(a)cdjrlc.com> fsnotify: Fix comment typo Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce FAN_MARK_IGNORE Amir Goldstein <amir73il(a)gmail.com> fanotify: cleanups for fanotify_mark() input validations Amir Goldstein <amir73il(a)gmail.com> fanotify: prepare for setting event flags in ignore mask Oliver Ford <ojford(a)gmail.com> fs: inotify: Fix typo in inotify comment Jeff Layton <jlayton(a)kernel.org> lockd: fix nlm_close_files Jeff Layton <jlayton(a)kernel.org> lockd: set fl_owner when unlocking files Chuck Lever <chuck.lever(a)oracle.com> NFSD: Decode NFSv4 birth time attribute NeilBrown <neilb(a)suse.de> NFS: restore module put when manager exits. Amir Goldstein <amir73il(a)gmail.com> fanotify: refine the validation checks on non-dir inode mask Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Optimize xdr_reserve_space() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix potential use-after-free in nfsd_file_put() Chuck Lever <chuck.lever(a)oracle.com> NFSD: nfsd_file_put() can sleep Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add documenting comment for nfsd4_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Modernize nfsd4_release_lockowner() Julian Schroeder <jumaco(a)amazon.com> nfsd: destroy percpu stats counters after reply cache shutdown Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Fix null-ptr-deref in nfsd_fill_super() Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> nfsd: Unregister the cld notifier when laundry_wq create failed Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Use RMW bitops in single-threaded hot paths Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the show_nf_flags() macro Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace filecache opens Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move documenting comment for nfsd4_process_open2() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix whitespace Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove dprintk call sites from tail of nfsd4_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Instantiate a struct file when creating a regular NFSv4 file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_open_verified() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv4 OPEN(CREATE) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor NFSv3 CREATE Chuck Lever <chuck.lever(a)oracle.com> NFSD: Refactor nfsd_create_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd3_proc_create() Dai Ngo <dai.ngo(a)oracle.com> NFSD: Show state of courtesy client in client info Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for lock conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add 2 callbacks to lock_manager_operations to resolve conflict Dai Ngo <dai.ngo(a)oracle.com> fs/lock: add helper locks_owner_has_blockers to check for blockers Dai Ngo <dai.ngo(a)oracle.com> NFSD: move create/destroy of laundry_wq to init_nfsd and exit_nfsd Dai Ngo <dai.ngo(a)oracle.com> NFSD: add support for share reservation conflict to courteous server Dai Ngo <dai.ngo(a)oracle.com> NFSD: add courteous server support for thread with only delegation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_splice_actor() Vasily Averin <vvs(a)openvz.org> fanotify: fix incorrect fmode_t casts Amir Goldstein <amir73il(a)gmail.com> fsnotify: consistent behavior for parent not watching children Amir Goldstein <amir73il(a)gmail.com> fsnotify: introduce mark type iterator Amir Goldstein <amir73il(a)gmail.com> fanotify: enable "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fanotify: implement "evictable" inode marks Amir Goldstein <amir73il(a)gmail.com> fanotify: factor out helper fanotify_mark_update_flags() Amir Goldstein <amir73il(a)gmail.com> fanotify: create helper fanotify_mark_user_flags() Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow adding an inode mark without pinning inode Amir Goldstein <amir73il(a)gmail.com> dnotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> nfsd: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> inotify: use fsnotify group lock helpers Amir Goldstein <amir73il(a)gmail.com> fsnotify: create helpers for group mark_mutex lock Amir Goldstein <amir73il(a)gmail.com> fsnotify: make allow_dups a property of the group Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass flags argument to fsnotify_alloc_group() Amir Goldstein <amir73il(a)gmail.com> inotify: move control flags from mask to mark flags Dai Ngo <dai.ngo(a)oracle.com> fs/lock: documentation cleanup. Replace inode->i_lock with flc_lock. Amir Goldstein <amir73il(a)gmail.com> fanotify: do not allow setting dirent events in mask of non-dir Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Clean up nfsd_file_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a write performance regression Haowen Bai <baihaowen(a)meizu.com> SUNRPC: Return true/false (not 1/0) from bool functions Bang Li <libang.linuxer(a)gmail.com> fsnotify: remove redundant parameter judgment Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize FS_MODIFY events with no ignored masks Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix merge with parent's ignored mask Jakob Koschel <jakobkoschel(a)gmail.com> nfsd: fix using the correct variable for sizeof() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up _lm_ operation names Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove CONFIG_NFSD_V3 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move svc_serv_ops::svo_function into struct svc_serv Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove svc_serv_ops::svo_module Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svc_shutdown_net() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_close_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_create_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove svo_shutdown method Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Merge svc_do_enqueue_xprt() into svc_enqueue_xprt() Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Remove the .svo_enqueue_xprt method Chuck Lever <chuck.lever(a)oracle.com> NFSD: Streamline the rare "found" case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Skip extra computation for RC_NOCACHE case Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate hash bucket indexing Ondrej Valousek <ondrej.valousek.xm(a)renesas.com> nfsd: Add support for the birth time attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Deprecate NFS_OFFSET_MAX Chuck Lever <chuck.lever(a)oracle.com> NFSD: COMMIT operations must not return NFS?ERR_INVAL Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix ia_size underflow Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix the behavior of READ near OFFSET_MAX J. Bruce Fields <bfields(a)redhat.com> lockd: fix failure to cleanup client locks J. Bruce Fields <bfields(a)redhat.com> lockd: fix server crash on reboot of client holding lock Yang Li <yang.lee(a)linux.alibaba.com> fanotify: remove variable set but not used J. Bruce Fields <bfields(a)redhat.com> nfsd: fix crash on COPY_NOTIFY with special stateid Chuck Lever <chuck.lever(a)oracle.com> NFSD: Move fill_pre_wcc() and fill_post_wcc() Chuck Lever <chuck.lever(a)oracle.com> Revert "nfsd: skip some unnecessary stats in the v4 case" Chuck Lever <chuck.lever(a)oracle.com> NFSD: Trace boot verifier resets Chuck Lever <chuck.lever(a)oracle.com> NFSD: Rename boot verifier functions Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the nfsd_net::nfssvc_boot field Chuck Lever <chuck.lever(a)oracle.com> NFSD: Write verifier might go backwards Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Add a tracepoint for errors in nfsd4_clone_file_range() Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate net_generic(SVC_NET(rqstp), nfsd_net_id) Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up nfsd_vfs_write() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Retry once in nfsd_open on an -EOPENSTALE return Jeff Layton <jeff.layton(a)primarydata.com> nfsd: Add errno mapping for EREMOTEIO Peng Tao <tao.peng(a)primarydata.com> nfsd: map EBADF Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix zero-length NFSv3 WRITEs Vasily Averin <vvs(a)virtuozzo.com> nfsd4: add refcount for nfsd4_blocked_lock J. Bruce Fields <bfields(a)redhat.com> nfs: block notification on fs with its own ->lock Chuck Lever <chuck.lever(a)oracle.com> NFSD: De-duplicate nfsd4_decode_bitmap4() J. Bruce Fields <bfields(a)redhat.com> nfsd: improve stateid access bitmask documentation Chuck Lever <chuck.lever(a)oracle.com> NFSD: Combine XDR error tracepoints NeilBrown <neilb(a)suse.de> NFSD: simplify per-net file cache management Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> NFSD: Fix inconsistent indenting Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove be32_to_cpu() from DRC hash function NeilBrown <neilb(a)suse.de> NFS: switch the callback service back to non-pooled. NeilBrown <neilb(a)suse.de> lockd: use svc_set_num_threads() for thread start and stop NeilBrown <neilb(a)suse.de> SUNRPC: always treat sv_nrpools==1 as "not pooled" NeilBrown <neilb(a)suse.de> SUNRPC: move the pool_map definitions (back) into svc.c NeilBrown <neilb(a)suse.de> lockd: rename lockd_create_svc() to lockd_get() NeilBrown <neilb(a)suse.de> lockd: introduce lockd_put() NeilBrown <neilb(a)suse.de> lockd: move svc_exit_thread() into the thread NeilBrown <neilb(a)suse.de> lockd: move lockd_start_svc() call into lockd_create_svc() NeilBrown <neilb(a)suse.de> lockd: simplify management of network status notifiers NeilBrown <neilb(a)suse.de> lockd: introduce nlmsvc_serv NeilBrown <neilb(a)suse.de> NFSD: simplify locking for network notifier. NeilBrown <neilb(a)suse.de> SUNRPC: discard svo_setup and rename svc_set_num_threads_sync() NeilBrown <neilb(a)suse.de> NFSD: Make it possible to use svc_set_num_threads_sync NeilBrown <neilb(a)suse.de> NFSD: narrow nfsd_mutex protection in nfsd thread NeilBrown <neilb(a)suse.de> SUNRPC: use sv_lock to protect updates to sv_nrthreads. NeilBrown <neilb(a)suse.de> nfsd: make nfsd_stats.th_cnt atomic_t NeilBrown <neilb(a)suse.de> SUNRPC: stop using ->sv_nrthreads as a refcount NeilBrown <neilb(a)suse.de> SUNRPC/NFSD: clean up get/put functions. NeilBrown <neilb(a)suse.de> SUNRPC: change svc_get() to return the svc. NeilBrown <neilb(a)suse.de> NFSD: handle errors better in write_ports_addfd() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix sparse warning Eric W. Biederman <ebiederm(a)xmission.com> exit: Rename module_put_and_exit to module_put_and_kthread_exit Eric W. Biederman <ebiederm(a)xmission.com> exit: Implement kthread_exit Amir Goldstein <amir73il(a)gmail.com> fanotify: wire up FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: report old and/or new parent+name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: record either old name new name or both for FAN_RENAME Amir Goldstein <amir73il(a)gmail.com> fanotify: record old and new parent and name in FAN_RENAME event Amir Goldstein <amir73il(a)gmail.com> fanotify: support secondary dir fh and name in fanotify_info Amir Goldstein <amir73il(a)gmail.com> fanotify: use helpers to parcel fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fanotify: use macros to get the offset to fanotify_info buffer Amir Goldstein <amir73il(a)gmail.com> fsnotify: generate FS_RENAME event with rich information Amir Goldstein <amir73il(a)gmail.com> fanotify: introduce group flag FAN_REPORT_TARGET_FID Amir Goldstein <amir73il(a)gmail.com> fsnotify: separate mark iterator type from object type enum Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify object type argument Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix READDIR buffer overflow Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix exposure in nfsd4_decode_bitmap() J. Bruce Fields <bfields(a)redhat.com> nfsd4: remove obselete comment Changcheng Deng <deng.changcheng(a)zte.com.cn> NFSD:fix boolreturn.cocci warning J. Bruce Fields <bfields(a)redhat.com> nfsd: update create verifier comment Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_encode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_encode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Save location of NFSv4 COMPOUND status Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Change return value type of .pc_decode Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Replace the "__be32 *p" parameter to .pc_decode Chuck Lever <chuck.lever(a)oracle.com> NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() Colin Ian King <colin.king(a)canonical.com> NFSD: Initialize pointer ni with NULL and not plain integer 0 NeilBrown <neilb(a)suse.de> NFSD: simplify struct nfsfh NeilBrown <neilb(a)suse.de> NFSD: drop support for ancient filehandles NeilBrown <neilb(a)suse.de> NFSD: move filehandle format declarations out of "uapi". Chuck Lever <chuck.lever(a)oracle.com> NFSD: Optimize DRC bucket pruning Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Trace calls to .rpc_call_done Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow users to request FAN_FS_ERROR events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Emit generic error info for error event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Report fid info for file related file system errors Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: WARN_ON against too large file handles Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Add helpers to decide whether to report FID/DFID Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Wrap object_fh inline space in a creator macro Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support merging of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support enqueueing of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Pre-allocate pool of error events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Reserve UAPI bits for FAN_FS_ERROR Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Support FS_ERROR event type Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Require fid_mode for any non-fd event Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Encode empty file handle when no inode is provided Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Allow file handle encoding for unhashed events Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Support null inode event in fanotify_dfid_inode Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Pass group argument to free_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Protect fsnotify_handle_inode_event from no-inode events Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Retrieve super block from the data field Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add wrapper around fsnotify_add_event Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Add helper to detect overflow_event Gabriel Krisman Bertazi <krisman(a)collabora.com> inotify: Don't force FS_IN_IGNORED Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Split fsid check from other fid mode checks Gabriel Krisman Bertazi <krisman(a)collabora.com> fanotify: Fold event size calculation to its own function Gabriel Krisman Bertazi <krisman(a)collabora.com> fsnotify: Don't insert unmergeable events in hashtable Amir Goldstein <amir73il(a)gmail.com> fsnotify: clarify contract for create event hooks Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass dentry instead of inode data Amir Goldstein <amir73il(a)gmail.com> fsnotify: pass data_type to fsnotify_name() Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix a warning for nfsd_file_close_inode Chuck Lever <chuck.lever(a)oracle.com> NLM: Fix svcxdr_encode_owner() Amir Goldstein <amir73il(a)gmail.com> fsnotify: fix sb_connectors leak Chuck Lever <chuck.lever(a)oracle.com> NFS: Remove unused callback void decoder Chuck Lever <chuck.lever(a)oracle.com> NFS: Add a private local dispatcher for NFSv4 callback operations Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Eliminate the RQ_AUTHERR flag Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Set rq_auth_stat in the pg_authenticate() callout Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Add svc_rqst::rq_auth_stat J. Bruce Fields <bfields(a)redhat.com> nfs: don't allow reexport reclaims J. Bruce Fields <bfields(a)redhat.com> lockd: don't attempt blocking locks on nfs reexports J. Bruce Fields <bfields(a)redhat.com> nfs: don't atempt blocking locks on nfs reexports J. Bruce Fields <bfields(a)redhat.com> Keep read and write fds with each nlm_file J. Bruce Fields <bfields(a)redhat.com> lockd: update nlm_lookup_file reexport comment J. Bruce Fields <bfields(a)redhat.com> nlm: minor refactoring J. Bruce Fields <bfields(a)redhat.com> nlm: minor nlm_lookup_file argument change Jia He <hejianet(a)gmail.com> lockd: change the proc_handler for nsm_use_hostnames Jia He <hejianet(a)gmail.com> sysctl: introduce new proc handler proc_dobool NeilBrown <neilb(a)suse.de> NFSD: remove vanity comments Chuck Lever <chuck.lever(a)oracle.com> NFSD: Batch release pages during splice read Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Add svc_rqst_replace_page() API Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up splice actor Amir Goldstein <amir73il(a)gmail.com> fsnotify: optimize the case of no marks of any type Amir Goldstein <amir73il(a)gmail.com> fsnotify: count all objects with attached connectors Amir Goldstein <amir73il(a)gmail.com> fsnotify: count s_fsnotify_inode_refs for attached connectors Amir Goldstein <amir73il(a)gmail.com> fsnotify: replace igrab() with ihold() on attach connector Matthew Bobrowski <repnop(a)google.com> fanotify: add pidfd support to the fanotify API Matthew Bobrowski <repnop(a)google.com> fanotify: introduce a generic info record copying helper Matthew Bobrowski <repnop(a)google.com> fanotify: minor cosmetic adjustments to fid labels Matthew Bobrowski <repnop(a)google.com> kernel/pid.c: implement additional checks upon pidfd_create() parameters Matthew Bobrowski <repnop(a)google.com> kernel/pid.c: remove static qualifier from pidfd_create() J. Bruce Fields <bfields(a)redhat.com> nfsd: fix NULL dereference in nfs3svc_encode_getaclres Chuck Lever <chuck.lever(a)oracle.com> NFSD: Prevent a possible oops in the nfs_dirent() tracepoint Colin Ian King <colin.king(a)canonical.com> nfsd: remove redundant assignment to pointer 'this' Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 SHARE results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 nlm_res results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 TEST results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 void results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 FREE_ALL arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 SHARE arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 SM_NOTIFY arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 nlm_res arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 UNLOCK arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 CANCEL arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 LOCK arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 TEST arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv4 void arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 SHARE results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 nlm_res results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 TEST results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 void results encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 FREE_ALL arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 SHARE arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 SM_NOTIFY arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 nlm_res arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 UNLOCK arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 CANCEL arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 LOCK arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 TEST arguments decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Update the NLMv1 void argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> lockd: Common NLM XDR helpers Chuck Lever <chuck.lever(a)oracle.com> lockd: Create a simplified .vs_dispatch method for NLM requests Chuck Lever <chuck.lever(a)oracle.com> lockd: Remove stale comments J. Bruce Fields <bfields(a)redhat.com> nfsd: rpc_peeraddr2str needs rcu lock Wei Yongjun <weiyongjun1(a)huawei.com> NFSD: Fix error return code in nfsd4_interssc_connect() Dai Ngo <dai.ngo(a)oracle.com> nfsd: fix kernel test robot warning in SSC code Dave Wysochanski <dwysocha(a)redhat.com> nfsd4: Expose the callback address and state of each NFS4 client J. Bruce Fields <bfields(a)redhat.com> nfsd: move fsnotify on client creation outside spinlock Dai Ngo <dai.ngo(a)oracle.com> NFSD: delay unmount source's export after inter-server copy completed. Olga Kornievskaia <kolga(a)netapp.com> NFSD add vfs_fsync after async copy is done J. Bruce Fields <bfields(a)redhat.com> nfsd: move some commit_metadata()s outside the inode lock Yu Hsiang Huang <nickhuang(a)synology.com> nfsd: Prevent truncation of an unlinked inode from blocking access to its directory Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update nfsd_cb_args tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove the nfsd_cb_work and nfsd_cb_done tracepoints Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_cb_probe tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the nfsd_deleg_break tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_cb_offload tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an nfsd_cb_lm_notify tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Enhance the nfsd_cb_setup tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Adjust cb_shutdown tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add cb_lost tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Drop TRACE_DEFINE_ENUM for NFSD4_CB_<state> macros Chuck Lever <chuck.lever(a)oracle.com> NFSD: Capture every CB state transition Chuck Lever <chuck.lever(a)oracle.com> NFSD: Constify @fh argument of knfsd_fh_hash() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints for EXCHANGEID edge cases Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints for SETCLIENTID edge cases Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a couple more nfsd_clid_expired call sites Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_clid_destroyed tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_clid_reclaim_complete tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_clid_confirmed tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove trace_nfsd_clid_inuse_err Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_clid_verf_mismatch tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add nfsd_clid_cred_mismatch tracepoint Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an RPC authflavor tracepoint display helper Amir Goldstein <amir73il(a)gmail.com> fanotify: fix permission model of unprivileged group Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: fix nfs_fetch_iversion() Dai Ngo <dai.ngo(a)oracle.com> NFSv4.2: Remove ifdef CONFIG_NFSD from NFSv4.2 client SSC code. Gustavo A. R. Silva <gustavoars(a)kernel.org> nfsd: Fix fall-through warnings for Clang J. Bruce Fields <bfields(a)redhat.com> nfsd: grant read delegations to clients holding writes J. Bruce Fields <bfields(a)redhat.com> nfsd: reshuffle some code J. Bruce Fields <bfields(a)redhat.com> nfsd: track filehandle aliasing in nfs4_files J. Bruce Fields <bfields(a)redhat.com> nfsd: hash nfs4_files by inode number Vasily Averin <vvs(a)virtuozzo.com> nfsd: removed unused argument in nfsd_startup_generic() Jiapeng Chong <jiapeng.chong(a)linux.alibaba.com> nfsd: remove unused function Christian Brauner <christian.brauner(a)ubuntu.com> fanotify_user: use upper_32_bits() to verify mask Amir Goldstein <amir73il(a)gmail.com> fanotify: support limited functionality for unprivileged users Amir Goldstein <amir73il(a)gmail.com> fanotify: configurable limits via sysfs Amir Goldstein <amir73il(a)gmail.com> fanotify: limit number of event merge attempts Amir Goldstein <amir73il(a)gmail.com> fsnotify: use hash table for faster events merge Amir Goldstein <amir73il(a)gmail.com> fanotify: mix event info and pid into merge key hash Amir Goldstein <amir73il(a)gmail.com> fanotify: reduce event objectid to 29-bit hash Chuck Lever <chuck.lever(a)oracle.com> Revert "fanotify: limit number of event merge attempts" Amir Goldstein <amir73il(a)gmail.com> fsnotify: allow fsnotify_{peek,remove}_first_event with empty queue Guobin Huang <huangguobin4(a)huawei.com> NFSD: Use DEFINE_SPINLOCK() for spinlock Gustavo A. R. Silva <gustavoars(a)kernel.org> UAPI: nfsfh.h: Replace one-element array with flexible-array member Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Export svc_xprt_received() NeilBrown <neilb(a)suse.de> nfsd: report client confirmation status in "info" file J. Bruce Fields <bfields(a)redhat.com> nfsd: don't ignore high bits of copy count J. Bruce Fields <bfields(a)redhat.com> nfsd: COPY with length 0 should copy to end of file Ricardo Ribalda <ribalda(a)chromium.org> nfsd: Fix typo "accesible" Paul Menzel <pmenzel(a)molgen.mpg.de> nfsd: Log client tracking type log message as info instead of warning J. Bruce Fields <bfields(a)redhat.com> nfsd: helper for laundromat expiry calculations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up NFSDDBG_FACILITY macro Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a tracepoint to record directory entry encoding Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up after updating NFSv3 ACL encoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 SETACL result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 GETACL result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up after updating NFSv2 ACL encoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 ACL ACCESS result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 ACL GETATTR result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 SETACL result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 GETACL result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an xdr_stream-based encoder for NFSv2/3 ACLs Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused NFSv2 directory entry encoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READDIR entry encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READDIR result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Count bytes instead of pages in the NFSv2 READDIR encoder Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a helper that encodes NFSv3 directory offset cookies, again Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 STATFS result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READ result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READLINK result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 diropres encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 attrstat encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 stat encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Reduce svc_rqst::rq_pages churn during READDIR operations Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove unused NFSv3 directory entry encoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update NFSv3 READDIR entry encoders to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 READDIR3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Count bytes instead of pages in the NFSv3 READDIR encoder Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a helper that encodes NFSv3 directory offset cookies Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 COMMIT3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 PATHCONF3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 FSINFO3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 FSSTAT3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 LINK3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 RENAMEv3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 CREATE family of encoders to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 WRITE3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 READ3res encode to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 READLINK3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 wccstat result encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 LOOKUP3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 ACCESS3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the GETATTR3res encoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Extract the svcxdr_init_encode() helper Christian Brauner <christian.brauner(a)ubuntu.com> namei: introduce struct renamedata Christian Brauner <christian.brauner(a)ubuntu.com> fs: add file and path permissions helpers Christoph Hellwig <hch(a)lst.de> kallsyms: only build {,module_}kallsyms_on_each_symbol when required Christoph Hellwig <hch(a)lst.de> kallsyms: refactor {,module_}kallsyms_on_each_symbol Christoph Hellwig <hch(a)lst.de> module: use RCU to synchronize find_module Christoph Hellwig <hch(a)lst.de> module: unexport find_module and module_mutex Shakeel Butt <shakeelb(a)google.com> inotify, memcg: account inotify instances to kmemcg J. Bruce Fields <bfields(a)redhat.com> nfsd: skip some unnecessary stats in the v4 case J. Bruce Fields <bfields(a)redhat.com> nfs: use change attribute for NFS re-exports Dai Ngo <dai.ngo(a)oracle.com> NFSv4_2: SSC helper should use its own config. J. Bruce Fields <bfields(a)redhat.com> nfsd: cstate->session->se_client -> cstate->clp J. Bruce Fields <bfields(a)redhat.com> nfsd: simplify nfsd4_check_open_reclaim J. Bruce Fields <bfields(a)redhat.com> nfsd: remove unused set_client argument J. Bruce Fields <bfields(a)redhat.com> nfsd: find_cpntf_state cleanup J. Bruce Fields <bfields(a)redhat.com> nfsd: refactor set_client J. Bruce Fields <bfields(a)redhat.com> nfsd: rename lookup_clientid->set_client J. Bruce Fields <bfields(a)redhat.com> nfsd: simplify nfsd_renew J. Bruce Fields <bfields(a)redhat.com> nfsd: simplify process_lock J. Bruce Fields <bfields(a)redhat.com> nfsd4: simplify process_lookup1 Amir Goldstein <amir73il(a)gmail.com> nfsd: report per-export stats Amir Goldstein <amir73il(a)gmail.com> nfsd: protect concurrent access to nfsd stats counters Amir Goldstein <amir73il(a)gmail.com> nfsd: remove unused stats counters Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up after updating NFSv3 ACL decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream, again Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 GETACL argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up after updating NFSv2 ACL decoders Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 ACL ACCESS argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 ACL GETATTR argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 SETACL argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add an xdr_stream-based decoder for NFSv2/3 ACLs Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 GETACL argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove argument length checking in nfsd_dispatch() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 SYMLINK argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 CREATE argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 SETATTR argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 LINK argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 RENAME argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update NFSv2 diropargs decoding to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READDIR argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to set up the pages where the dirlist is encoded, again Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READLINK argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 WRITE argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 READ argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv2 GETATTR argument decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the MKNOD3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the SYMLINK3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the MKDIR3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the CREATE3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the SETATTR3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the LINK3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the RENAME3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update the NFSv3 DIROPargs decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update COMMIT3arg decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update READDIR3args decoders to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to set up the pages where the dirlist is encoded Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix returned READDIR offset cookie Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update READLINK3arg decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update WRITE3arg decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update READ3arg decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update ACCESS3arg decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> NFSD: Update GETATTR3args decoder to use struct xdr_stream Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Move definition of XDR_UNIT Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Display RPC procedure names instead of proc numbers Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Make trace_svc_process() display the RPC procedure symbolically Chuck Lever <chuck.lever(a)oracle.com> NFSD: Restore NFSv4 decoding's SAVEMEM functionality Chuck Lever <chuck.lever(a)oracle.com> NFSD: Fix sparse warning in nfssvc.c Zheng Yongjun <zhengyongjun3(a)huawei.com> fs/lockd: convert comma to semicolon Waiman Long <longman(a)redhat.com> inotify: Increase default inotify.max_user_watches limit to 1048576 Eric W. Biederman <ebiederm(a)xmission.com> file: Replace ksys_close with close_fd Eric W. Biederman <ebiederm(a)xmission.com> file: Rename __close_fd to close_fd and remove the files parameter Eric W. Biederman <ebiederm(a)xmission.com> file: Merge __alloc_fd into alloc_fd Eric W. Biederman <ebiederm(a)xmission.com> file: In f_dupfd read RLIMIT_NOFILE once. Eric W. Biederman <ebiederm(a)xmission.com> file: Merge __fd_install into fd_install Eric W. Biederman <ebiederm(a)xmission.com> proc/fd: In fdinfo seq_show don't use get_files_struct Eric W. Biederman <ebiederm(a)xmission.com> proc/fd: In proc_readfd_common use task_lookup_next_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> file: Implement task_lookup_next_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> kcmp: In get_file_raw_ptr use task_lookup_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> proc/fd: In tid_fd_mode use task_lookup_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> file: Implement task_lookup_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> file: Rename fcheck lookup_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> file: Replace fcheck_files with files_lookup_fd_rcu Eric W. Biederman <ebiederm(a)xmission.com> file: Factor files_lookup_fd_locked out of fcheck_files Eric W. Biederman <ebiederm(a)xmission.com> file: Rename __fcheck_files to files_lookup_fd_raw Chuck Lever <chuck.lever(a)oracle.com> Revert "fget: clarify and improve __fget_files() implementation" Eric W. Biederman <ebiederm(a)xmission.com> proc/fd: In proc_fd_link use fget_task Eric W. Biederman <ebiederm(a)xmission.com> bpf: In bpf_task_fd_query use fget_task Eric W. Biederman <ebiederm(a)xmission.com> kcmp: In kcmp_epoll_target use fget_task Eric W. Biederman <ebiederm(a)xmission.com> exec: Remove reset_files_struct Eric W. Biederman <ebiederm(a)xmission.com> exec: Simplify unshare_files Eric W. Biederman <ebiederm(a)xmission.com> exec: Move unshare_files to fix posix file locking during exec Eric W. Biederman <ebiederm(a)xmission.com> exec: Don't open code get_close_on_exec Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Record NFSv4 pre/post-op attributes as non-atomic Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Set PF_LOCAL_THROTTLE on local filesystems only Trond Myklebust <trond.myklebust(a)hammerspace.com> nfsd: Fix up nfsd to ensure that timeout errors don't result in ESTALE Trond Myklebust <trond.myklebust(a)hammerspace.com> exportfs: Add a function to return the raw output from fh_to_dentry() Jeff Layton <jeff.layton(a)primarydata.com> nfsd: close cached files prior to a REMOVE or RENAME that would replace target Jeff Layton <jeff.layton(a)primarydata.com> nfsd: allow filesystems to opt out of subtree checking Jeff Layton <jeff.layton(a)primarydata.com> nfsd: add a new EXPORT_OP_NOWCC flag to struct export_operations J. Bruce Fields <bfields(a)redhat.com> Revert "nfsd4: support change_attr_type attribute" J. Bruce Fields <bfields(a)redhat.com> nfsd4: don't query change attribute in v2/v3 case J. Bruce Fields <bfields(a)redhat.com> nfsd: minor nfsd4_change_attribute cleanup J. Bruce Fields <bfields(a)redhat.com> nfsd: simplify nfsd4_change_info J. Bruce Fields <bfields(a)redhat.com> nfsd: only call inode_query_iversion in the I_VERSION case Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove macros that are no longer used Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_compound() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Make nfsd4_ops::opnum a u32 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_listxattrs() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_setxattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_xattr_name() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_clone() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_seek() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_offload_status() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_copy_notify() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_copy() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_nl4_server() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_fallocate() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_reclaim_complete() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_destroy_clientid() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_test_stateid() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_sequence() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_secinfo_no_name() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_layoutreturn() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_layoutget() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_layoutcommit() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_getdeviceinfo() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_free_stateid() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_destroy_session() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_create_session() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a helper to decode channel_attrs4 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a helper to decode nfs_impl_id4 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a helper to decode state_protect4_a Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a separate decoder for ssv_sp_parms Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add a separate decoder to handle state_protect_ops Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_bind_conn_to_session() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_backchannel_ctl() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_cb_sec() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_release_lockowner() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_write() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_verify() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_setclientid_confirm() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_setclientid() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_setattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_secinfo() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_renew() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_rename() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_remove() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_readdir() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_read() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_putfh() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_open_downgrade() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_open_confirm() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_open() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to decode OPEN's open_claim4 argument Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_share_deny() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_share_access() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to decode OPEN's openflag4 argument Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to decode OPEN's createhow4 argument Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper to decode NFSv4 verifiers Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_lookup() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_locku() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_lockt() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_lock() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helper for decoding locker4 Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add helpers to decode a clientid4 and an NFSv4 state owner Chuck Lever <chuck.lever(a)oracle.com> NFSD: Relocate nfsd4_decode_opaque() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_link() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_getattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_delegreturn() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_create() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_fattr() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 umask attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 security label attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 time_set attributes Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 owner_group attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 owner attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 mode attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 acl attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros that decode the fattr4 size attribute Chuck Lever <chuck.lever(a)oracle.com> NFSD: Change the way the expected length of a fattr4 is checked Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_commit() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_close() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace READ* macros in nfsd4_decode_access() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace the internals of the READ_BUF() macro Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints in nfsd4_decode/encode_compound() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add tracepoints in nfsd_dispatch() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add common helpers to decode void args and encode void results Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Prepare for xdr_stream-style decoding on the server-side Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Add xdr_set_scratch_page() and xdr_reset_scratch_buffer() Huang Guobin <huangguobin4(a)huawei.com> nfsd: Fix error return code in nfsd_file_cache_init() Chuck Lever <chuck.lever(a)oracle.com> NFSD: Add SPDX header for fs/nfsd/trace.c Chuck Lever <chuck.lever(a)oracle.com> NFSD: Remove extra "0x" in tracepoint format specifier Chuck Lever <chuck.lever(a)oracle.com> NFSD: Clean up the show_nf_may macro Alex Shi <alex.shi(a)linux.alibaba.com> nfsd/nfs3: remove unused macro nfsd3_fhandleres Tom Rix <trix(a)redhat.com> NFSD: A semicolon is not needed after a switch statement. Chuck Lever <chuck.lever(a)oracle.com> NFSD: Invoke svc_encode_result_payload() in "read" NFSD encoders Chuck Lever <chuck.lever(a)oracle.com> SUNRPC: Rename svc_encode_read_payload() ------------- Diffstat: Documentation/filesystems/files.rst | 8 +- Documentation/filesystems/locking.rst | 10 +- Documentation/filesystems/nfs/exporting.rst | 78 + Makefile | 4 +- arch/powerpc/platforms/cell/spufs/coredump.c | 2 +- crypto/algboss.c | 4 +- fs/Kconfig | 6 +- fs/autofs/dev-ioctl.c | 5 +- fs/cachefiles/namei.c | 9 +- fs/cifs/connect.c | 2 +- fs/coredump.c | 5 +- fs/ecryptfs/inode.c | 10 +- fs/exec.c | 29 +- fs/exportfs/expfs.c | 40 +- fs/file.c | 177 +- fs/init.c | 6 +- fs/lockd/clnt4xdr.c | 9 +- fs/lockd/clntproc.c | 3 - fs/lockd/host.c | 4 +- fs/lockd/svc.c | 262 +- fs/lockd/svc4proc.c | 70 +- fs/lockd/svclock.c | 67 +- fs/lockd/svcproc.c | 62 +- fs/lockd/svcsubs.c | 123 +- fs/lockd/svcxdr.h | 142 + fs/lockd/xdr.c | 448 +-- fs/lockd/xdr4.c | 472 ++-- fs/locks.c | 102 +- fs/namei.c | 21 +- fs/nfs/blocklayout/blocklayout.c | 2 +- fs/nfs/blocklayout/dev.c | 2 +- fs/nfs/callback.c | 111 +- fs/nfs/callback_xdr.c | 33 +- fs/nfs/dir.c | 2 +- fs/nfs/export.c | 17 + fs/nfs/file.c | 3 + fs/nfs/filelayout/filelayout.c | 4 +- fs/nfs/filelayout/filelayoutdev.c | 2 +- fs/nfs/flexfilelayout/flexfilelayout.c | 4 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 +- fs/nfs/nfs42xdr.c | 2 +- fs/nfs/nfs4state.c | 2 +- fs/nfs/nfs4xdr.c | 6 +- fs/nfs/pagelist.c | 3 - fs/nfs/super.c | 8 + fs/nfs/write.c | 3 - fs/nfs_common/Makefile | 2 +- fs/nfs_common/nfs_ssc.c | 2 - fs/nfs_common/nfsacl.c | 123 + fs/nfsd/Kconfig | 36 +- fs/nfsd/Makefile | 8 +- fs/nfsd/acl.h | 6 +- fs/nfsd/blocklayout.c | 1 + fs/nfsd/blocklayoutxdr.c | 1 + fs/nfsd/cache.h | 2 +- fs/nfsd/export.c | 74 +- fs/nfsd/export.h | 16 +- fs/nfsd/filecache.c | 1229 +++++---- fs/nfsd/filecache.h | 23 +- fs/nfsd/flexfilelayout.c | 3 +- fs/nfsd/lockd.c | 10 +- fs/nfsd/netns.h | 63 +- fs/nfsd/nfs2acl.c | 214 +- fs/nfsd/nfs3acl.c | 140 +- fs/nfsd/nfs3proc.c | 396 ++- fs/nfsd/nfs3xdr.c | 1763 ++++++------ fs/nfsd/nfs4acl.c | 45 +- fs/nfsd/nfs4callback.c | 168 +- fs/nfsd/nfs4idmap.c | 9 +- fs/nfsd/nfs4layouts.c | 4 +- fs/nfsd/nfs4proc.c | 1111 +++++--- fs/nfsd/nfs4recover.c | 20 +- fs/nfsd/nfs4state.c | 1725 ++++++++---- fs/nfsd/nfs4xdr.c | 3763 ++++++++++++++------------ fs/nfsd/nfscache.c | 115 +- fs/nfsd/nfsctl.c | 169 +- fs/nfsd/nfsd.h | 50 +- fs/nfsd/nfsfh.c | 291 +- fs/nfsd/nfsfh.h | 179 +- fs/nfsd/nfsproc.c | 262 +- fs/nfsd/nfssvc.c | 356 ++- fs/nfsd/nfsxdr.c | 834 +++--- fs/nfsd/state.h | 69 +- fs/nfsd/stats.c | 126 +- fs/nfsd/stats.h | 96 +- fs/nfsd/trace.c | 1 + fs/nfsd/trace.h | 894 +++++- fs/nfsd/vfs.c | 931 +++---- fs/nfsd/vfs.h | 60 +- fs/nfsd/xdr.h | 68 +- fs/nfsd/xdr3.h | 116 +- fs/nfsd/xdr4.h | 127 +- fs/nfsd/xdr4cb.h | 6 + fs/notify/dnotify/dnotify.c | 17 +- fs/notify/fanotify/fanotify.c | 487 +++- fs/notify/fanotify/fanotify.h | 252 +- fs/notify/fanotify/fanotify_user.c | 882 ++++-- fs/notify/fdinfo.c | 19 +- fs/notify/fsnotify.c | 183 +- fs/notify/fsnotify.h | 19 +- fs/notify/group.c | 38 +- fs/notify/inotify/inotify.h | 11 +- fs/notify/inotify/inotify_fsnotify.c | 12 +- fs/notify/inotify/inotify_user.c | 87 +- fs/notify/mark.c | 172 +- fs/notify/notification.c | 78 +- fs/open.c | 49 +- fs/overlayfs/overlayfs.h | 9 +- fs/proc/fd.c | 48 +- fs/udf/file.c | 2 +- fs/verity/enable.c | 2 +- include/linux/dnotify.h | 2 +- include/linux/errno.h | 1 + include/linux/exportfs.h | 15 + include/linux/fanotify.h | 74 +- include/linux/fdtable.h | 37 +- include/linux/fs.h | 54 +- include/linux/fsnotify.h | 77 +- include/linux/fsnotify_backend.h | 372 ++- include/linux/iversion.h | 13 + include/linux/kallsyms.h | 17 +- include/linux/kthread.h | 1 + include/linux/lockd/bind.h | 3 +- include/linux/lockd/lockd.h | 17 +- include/linux/lockd/xdr.h | 35 +- include/linux/lockd/xdr4.h | 33 +- include/linux/module.h | 24 +- include/linux/nfs.h | 8 - include/linux/nfs4.h | 21 +- include/linux/nfs_ssc.h | 14 + include/linux/nfsacl.h | 6 + include/linux/pid.h | 1 + include/linux/sched/user.h | 3 - include/linux/sunrpc/msg_prot.h | 3 - include/linux/sunrpc/svc.h | 151 +- include/linux/sunrpc/svc_rdma.h | 4 +- include/linux/sunrpc/svc_xprt.h | 16 +- include/linux/sunrpc/svcauth.h | 4 +- include/linux/sunrpc/svcsock.h | 7 +- include/linux/sunrpc/xdr.h | 153 +- include/linux/syscalls.h | 12 - include/linux/sysctl.h | 2 + include/linux/user_namespace.h | 4 + include/trace/events/sunrpc.h | 26 +- include/uapi/linux/fanotify.h | 42 + include/uapi/linux/nfs3.h | 6 + include/uapi/linux/nfsd/nfsfh.h | 105 - kernel/audit_fsnotify.c | 8 +- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 5 +- kernel/bpf/inode.c | 2 +- kernel/bpf/syscall.c | 20 +- kernel/bpf/task_iter.c | 2 +- kernel/fork.c | 12 +- kernel/kallsyms.c | 8 +- kernel/kcmp.c | 29 +- kernel/kthread.c | 23 +- kernel/livepatch/core.c | 7 +- kernel/module.c | 26 +- kernel/pid.c | 15 +- kernel/sys.c | 2 +- kernel/sysctl.c | 54 +- kernel/trace/trace_kprobe.c | 4 +- kernel/ucount.c | 4 + mm/madvise.c | 2 +- mm/memcontrol.c | 2 +- mm/mincore.c | 2 +- net/bluetooth/bnep/core.c | 2 +- net/bluetooth/cmtp/core.c | 2 +- net/bluetooth/hidp/core.c | 2 +- net/sunrpc/auth_gss/gss_rpc_xdr.c | 2 +- net/sunrpc/auth_gss/svcauth_gss.c | 47 +- net/sunrpc/sched.c | 1 + net/sunrpc/svc.c | 314 ++- net/sunrpc/svc_xprt.c | 104 +- net/sunrpc/svcauth.c | 8 +- net/sunrpc/svcauth_unix.c | 18 +- net/sunrpc/svcsock.c | 32 +- net/sunrpc/xdr.c | 112 +- net/sunrpc/xprtrdma/svc_rdma_backchannel.c | 2 +- net/sunrpc/xprtrdma/svc_rdma_sendto.c | 32 +- net/sunrpc/xprtrdma/svc_rdma_transport.c | 2 +- net/unix/af_unix.c | 2 +- tools/objtool/check.c | 3 +- 184 files changed, 13912 insertions(+), 8825 deletions(-)

9 months, 2 weeks

15
800
0 0

[PATCH net v3] net: usb: sr9700: fix uninitialized variable use in sr_mdio_read

by Ma Ke

It could lead to error happen because the variable res is not updated if the call to sr_share_read_word returns an error. In this particular case error code was returned and res stayed uninitialized. This can be avoided by checking the return value of sr_share_read_word and propagating the error if the read operation failed. Found by code review. Cc: stable(a)vger.kernel.org Fixes: c9b37458e956 ("USB2NET : SR9700 : One chip USB 1.1 USB2NET SR9700Device Driver Support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added Cc stable line as suggestions. Changes in v2: - modified the subject as suggestions. --- drivers/net/usb/sr9700.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/usb/sr9700.c b/drivers/net/usb/sr9700.c index 0a662e42ed96..d5bc596f4521 100644 --- a/drivers/net/usb/sr9700.c +++ b/drivers/net/usb/sr9700.c @@ -179,6 +179,7 @@ static int sr_mdio_read(struct net_device *netdev, int phy_id, int loc) struct usbnet *dev = netdev_priv(netdev); __le16 res; int rc = 0; + int err; if (phy_id) { netdev_dbg(netdev, "Only internal phy supported\n"); @@ -193,7 +194,10 @@ static int sr_mdio_read(struct net_device *netdev, int phy_id, int loc) if (value & NSR_LINKST) rc = 1; } - sr_share_read_word(dev, 1, loc, &res); + err = sr_share_read_word(dev, 1, loc, &res); + if (err < 0) + return err; + if (rc == 1) res = le16_to_cpu(res) | BMSR_LSTATUS; else -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH] mm: fix maxnode for mbind(), set_mempolicy() and migrate_pages()

by Jerome Glisse

Because maxnode bug there is no way to bind or migrate_pages to the last node in multi-node NUMA system unless you lie about maxnodes when making the mbind, set_mempolicy or migrate_pages syscall. Manpage for those syscall describe maxnodes as the number of bits in the node bitmap ("bit mask of nodes containing up to maxnode bits"). Thus if maxnode is n then we expect to have a n bit(s) bitmap which means that the mask of valid bits is ((1 << n) - 1). The get_nodes() decrement lead to the mask being ((1 << (n - 1)) - 1). The three syscalls use a common helper get_nodes() and first things this helper do is decrement maxnode by 1 which leads to using n-1 bits in the provided mask of nodes (see get_bitmap() an helper function to get_nodes()). The lead to two bugs, either the last node in the bitmap provided will not be use in either of the three syscalls, or the syscalls will error out and return EINVAL if the only bit set in the bitmap was the last bit in the mask of nodes (which is ignored because of the bug and an empty mask of nodes is an invalid argument). I am surprised this bug was never caught ... it has been in the kernel since forever. People can use the following function to detect if the kernel has the bug: bool kernel_has_maxnodes_bug(void) { unsigned long nodemask = 1; bool has_bug; long res; res = set_mempolicy(MPOL_BIND, &nodemask, 1); has_bug = res && (errno == EINVAL); set_mempolicy(MPOL_DEFAULT, NULL, 0); return has_bug; } You can tested with any of the three program below: gcc mbind.c -o mbind -lnuma gcc set_mempolicy.c -o set_mempolicy -lnuma gcc migrate_pages.c -o migrate_pages -lnuma First argument is maxnode, second argument is the bit index to set in the mask of node (0 set the first bit, 1 the second bit, ...). ./mbind 2 1 & sleep 2 && numastat -n -p `pidof mbind` && fg ./set_mempolicy 2 1 & sleep 2 && numastat -n -p `pidof set_mempolicy` && fg ./migrate_pages 2 1 & sleep 2 && numastat -n -p `pidof migrate_pages` && fg mbind.c %< ---------------------------------------------------------- void *anon_mem(size_t size) { void *ret; ret = mmap(NULL, size, PROT_READ| PROT_WRITE, MAP_PRIVATE| MAP_ANON, -1, 0); return ret == MAP_FAILED ? NULL : ret; } unsigned long mround(unsigned long v, unsigned long m) { if (m == 0) { return v; } return v + m - (v % m); } void bitmap_set(void *_bitmap, unsigned long b) { uint8_t *bitmap = _bitmap; bitmap[b >> 3] |= (1 << (b & 7)); } int main(int argc, char *argv[]) { unsigned long *nodemask, maxnode, node, i; size_t bytes; int8_t *mem; long res; if (argv[1] == NULL || argv[2] == NULL) { printf("missing argument: %s maxnodes node\n", argv[0]); return -1; } maxnode = atoi(argv[1]); node = atoi(argv[2]); bytes = mround(mround(maxnode, 8) >> 3, sizeof(unsigned long)); nodemask = calloc(bytes, 1); mem = anon_mem(NPAGES << 12); if (!mem || !nodemask) { return -1; } // Try to bind memory to node bitmap_set(nodemask, node); res = mbind(mem, NPAGES << 12, MPOL_BIND, nodemask, maxnode, 0); if (res) { printf("mbind(mem, NPAGES << 12, MPOL_BIND, " "nodemask, %d, 0) failed with %d\n", maxnode, errno); return -1; } // Write something to breakup from the zero page for (unsigned i = 0; i < NPAGES; i++) { mem[i << 12] = i + 1; } // Allow numastats to gather statistics getchar(); return 0; } set_mempolicy %< ---------------------------------------------------- void *anon_mem(size_t size) { void *ret; ret = mmap(NULL, size, PROT_READ| PROT_WRITE, MAP_PRIVATE| MAP_ANON, -1, 0); return ret == MAP_FAILED ? NULL : ret; } unsigned long mround(unsigned long v, unsigned long m) { if (m == 0) { return v; } return v + m - (v % m); } void bitmap_set(void *_bitmap, unsigned long b) { uint8_t *bitmap = _bitmap; bitmap[b >> 3] |= (1 << (b & 7)); } int main(int argc, char *argv[]) { unsigned long *nodemask, maxnode, node, i; size_t bytes; int8_t *mem; long res; if (argv[1] == NULL || argv[2] == NULL) { printf("missing argument: %s maxnodes node\n", argv[0]); return -1; } maxnode = atoi(argv[1]); node = atoi(argv[2]); // bind memory to node 0 ... i = 1; res = set_mempolicy(MPOL_BIND, i, 2); if (res) { printf("set_mempolicy(MPOL_BIND, []=1, %d) " "failed with %d\n", maxnode, errno); return -1; } bytes = mround(mround(maxnode, 8) >> 3, sizeof(unsigned long)); nodemask = calloc(bytes, 1); mem = anon_mem(NPAGES << 12); if (!mem || !nodemask) { return -1; } // Try to bind memory to node bitmap_set(nodemask, node); res = set_mempolicy(MPOL_BIND, nodemask, maxnode); if (res) { printf("set_mempolicy(MPOL_BIND, nodemask, %d) " "failed with %d\n", maxnode, errno); return -1; } // Write something to breakup from the zero page for (unsigned i = 0; i < NPAGES; i++) { mem[i << 12] = i + 1; } // Allow numastats to gather statistics getchar(); return 0; } migrate_pages %< ---------------------------------------------------- void *anon_mem(size_t size) { void *ret; ret = mmap(NULL, size, PROT_READ| PROT_WRITE, MAP_PRIVATE| MAP_ANON, -1, 0); return ret == MAP_FAILED ? NULL : ret; } unsigned long mround(unsigned long v, unsigned long m) { if (m == 0) { return v; } return v + m - (v % m); } void bitmap_set(void *_bitmap, unsigned long b) { uint8_t *bitmap = _bitmap; bitmap[b >> 3] |= (1 << (b & 7)); } int main(int argc, char *argv[]) { unsigned long *old_nodes, *new_nodes, maxnode, node, i; size_t bytes; int8_t *mem; long res; if (argv[1] == NULL || argv[2] == NULL) { printf("missing argument: %s maxnodes node\n", argv[0]); return -1; } maxnode = atoi(argv[1]); node = atoi(argv[2]); // bind memory to node 0 ... i = 1; res = set_mempolicy(MPOL_BIND, &i, 2); if (res) { printf("set_mempolicy(MPOL_BIND, []=1, %d) " "failed with %d\n", maxnode, errno); return -1; } bytes = mround(mround(maxnode, 8) >> 3, sizeof(unsigned long)); old_nodes = calloc(bytes, 1); new_nodes = calloc(bytes, 1); mem = anon_mem(NPAGES << 12); if (!mem || !new_nodes || !old_nodes) { return -1; } // Write something to breakup from the zero page for (unsigned i = 0; i < NPAGES; i++) { mem[i << 12] = i + 1; } // Try to bind memory to node bitmap_set(old_nodes, 0); bitmap_set(new_nodes, node); res = migrate_pages(getpid(), maxnode, old_nodes, new_nodes); if (res) { printf("migrate_pages(pid, %d, old_nodes, " "new_nodes) failed with %d\n", maxnode, errno); return -1; } // Allow numastats to gather statistics getchar(); return 0; } Signed-off-by: Jérôme Glisse <jglisse(a)google.com> To: Andrew Morton <akpm(a)linux-foundation.org> To: linux-mm(a)kvack.org Cc: linux-kernel(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- mm/mempolicy.c | 1 - 1 file changed, 1 deletion(-) diff --git a/mm/mempolicy.c b/mm/mempolicy.c index aec756ae5637..658e5366d266 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -1434,7 +1434,6 @@ static int get_bitmap(unsigned long *mask, const unsigned long __user *nmask, static int get_nodes(nodemask_t *nodes, const unsigned long __user *nmask, unsigned long maxnode) { - --maxnode; nodes_clear(*nodes); if (maxnode == 0 || !nmask) return 0; -- 2.45.2.1089.g2a221341d9-goog

9 months, 2 weeks

4
8
0 0

+ crash-fix-x86_32-crash-memory-reserve-dead-loop-bug-at-high.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: crash: fix x86_32 crash memory reserve dead loop bug at high has been added to the -mm mm-nonmm-unstable branch. Its filename is crash-fix-x86_32-crash-memory-reserve-dead-loop-bug-at-high.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Jinjie Ruan <ruanjinjie(a)huawei.com> Subject: crash: fix x86_32 crash memory reserve dead loop bug at high Date: Thu, 18 Jul 2024 11:54:43 +0800 On x86_32 Qemu machine with 1GB memory, the cmdline "crashkernel=512M" will also cause system stall as below: ACPI: Reserving FACP table memory at [mem 0x3ffe18b8-0x3ffe192b] ACPI: Reserving DSDT table memory at [mem 0x3ffe0040-0x3ffe18b7] ACPI: Reserving FACS table memory at [mem 0x3ffe0000-0x3ffe003f] ACPI: Reserving APIC table memory at [mem 0x3ffe192c-0x3ffe19bb] ACPI: Reserving HPET table memory at [mem 0x3ffe19bc-0x3ffe19f3] ACPI: Reserving WAET table memory at [mem 0x3ffe19f4-0x3ffe1a1b] 143MB HIGHMEM available. 879MB LOWMEM available. mapped low ram: 0 - 36ffe000 low ram: 0 - 36ffe000 (stall here) The reason is that the CRASH_ADDR_LOW_MAX is equal to CRASH_ADDR_HIGH_MAX on x86_32, the first "low" crash kernel memory reservation for 512M fails, then it go into the "retry" loop and never came out as below (consider CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX = 512M): -> reserve_crashkernel_generic() and high is false -> alloc at [0, 0x20000000] fail -> alloc at [0x20000000, 0x20000000] fail and repeatedly (because CRASH_ADDR_LOW_MAX = CRASH_ADDR_HIGH_MAX). Fix it by skipping meaningless calls of memblock_phys_alloc_range() with `start = end` After this patch, the retry dead loop is avoided and print below info: cannot allocate crashkernel (size:0x20000000) And apply generic crashkernel reservation to 32bit system will be ready. Link: https://lkml.kernel.org/r/20240718035444.2977105-3-ruanjinjie@huawei.com Fixes: 9c08a2a139fe ("x86: kdump: use generic interface to simplify crashkernel reservation code") Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Signed-off-by: Baoquan He <bhe(a)redhat.com> Tested-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Andrew Davis <afd(a)ti.com> Cc: Arnd Bergmann <arnd(a)arndb.de> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Chen Jiahao <chenjiahao16(a)huawei.com> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Eric DeVolder <eric.devolder(a)oracle.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Hari Bathini <hbathini(a)linux.ibm.com> Cc: Helge Deller <deller(a)gmx.de> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Linus Walleij <linus.walleij(a)linaro.org> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Rob Herring <robh(a)kernel.org> Cc: Russell King <linux(a)armlinux.org.uk> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: Will Deacon <will(a)kernel.org> Cc: Zhen Lei <thunder.leizhen(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/crash_reserve.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/kernel/crash_reserve.c~crash-fix-x86_32-crash-memory-reserve-dead-loop-bug-at-high +++ a/kernel/crash_reserve.c @@ -413,7 +413,8 @@ retry: search_end = CRASH_ADDR_HIGH_MAX; search_base = CRASH_ADDR_LOW_MAX; crash_low_size = DEFAULT_CRASH_KERNEL_LOW_SIZE; - goto retry; + if (search_base != search_end) + goto retry; } /* _ Patches currently in -mm which might be from ruanjinjie(a)huawei.com are crash-fix-x86_32-crash-memory-reserve-dead-loop-bug.patch crash-fix-x86_32-crash-memory-reserve-dead-loop-bug-at-high.patch arm-use-generic-interface-to-simplify-crashkernel-reservation.patch

9 months, 2 weeks

1
0
0 0

[PATCH v2 4.19 0/4] ext4: improve delalloc buffer write performance

by WangYuli

Changes since v1: Fixed some formatting errors to make the patchset less confusing. A patchset from linux-5.15 should be backported to 4.19 that can significantly improve ext4 fs read and write performance. Unixbench test results for linux-4.19.318 on Phytium D2000 CPU are shown below. Test cmd: (Phytium D2000 only has 8 cores) ./Run fs -c 8 Before this patch set: File Copy 1024 bufsize 2000 maxblocks 1124181 File Copy 256 bufsize 500 maxblocks 281885 File Copy 4096 bufsize 8000 maxblocks 3383785 File Read 1024 bufsize 2000 maxblocks 8702173 File Read 256 bufsize 500 maxblocks 3869384 File Read 4096 bufsize 8000 maxblocks 13043151 File Write 1024 bufsize 2000 maxblocks 1107185 File Write 256 bufsize 500 maxblocks 270493 File Write 4096 bufsize 8000 maxblocks 4018084 After this patch set: File Copy 1024 bufsize 2000 maxblocks 2026206 File Copy 256 bufsize 500 maxblocks 829534 File Copy 4096 bufsize 8000 maxblocks 4066659 File Read 1024 bufsize 2000 maxblocks 8877219 File Read 256 bufsize 500 maxblocks 3997445 File Read 4096 bufsize 8000 maxblocks 13179885 File Write 1024 bufsize 2000 maxblocks 4256929 File Write 256 bufsize 500 maxblocks 1305320 File Write 4096 bufsize 8000 maxblocks 10721052 We can observe a quantum leap in the test results as a consequence of applying this patchset Link: https://lore.kernel.org/all/20210716122024.1105856-1-yi.zhang@huawei.com/ Original description: This patchset address to improve buffer write performance with delalloc. The first patch reduce the unnecessary update i_disksize, the second two patch refactor the inline data write procedure and also do some small fix, the last patch do improve by remove all unnecessary journal handle in the delalloc write procedure. After this patch set, we could get a lot of performance improvement. Below is the Unixbench comparison data test on my machine with 'Intel Xeon Gold 5120' CPU and nvme SSD backend. Test cmd: ./Run -c 56 -i 3 fstime fsbuffer fsdisk Before this patch set: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 422965.0 1068.1 File Copy 256 bufsize 500 maxblocks 1655.0 105077.0 634.9 File Copy 4096 bufsize 8000 maxblocks 5800.0 1429092.0 2464.0 ======== System Benchmarks Index Score (Partial Only) 1186.6 After this patch set: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 732716.0 1850.3 File Copy 256 bufsize 500 maxblocks 1655.0 184940.0 1117.5 File Copy 4096 bufsize 8000 maxblocks 5800.0 2427152.0 4184.7 ======== System Benchmarks Index Score (Partial Only) 2053.0 Zhang Yi (4): ext4: check and update i_disksize properly ext4: correct the error path of ext4_write_inline_data_end() ext4: factor out write end code of inline file ext4: drop unnecessary journal handle in delalloc write fs/ext4/ext4.h | 3 - fs/ext4/inline.c | 120 ++++++++++++++++++------------------- fs/ext4/inode.c | 150 ++++++++++++----------------------------------- 3 files changed, 99 insertions(+), 174 deletions(-) -- 2.31.1

9 months, 2 weeks

2
4
0 0

+ mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Li Zhijian <lizhijian(a)fujitsu.com> Subject: mm/page_alloc: fix pcp->count race between drain_pages_zone() vs __rmqueue_pcplist() Date: Tue, 23 Jul 2024 14:44:28 +0800 It's expected that no page should be left in pcp_list after calling zone_pcp_disable() in offline_pages(). Previously, it's observed that offline_pages() gets stuck [1] due to some pages remaining in pcp_list. Cause: There is a race condition between drain_pages_zone() and __rmqueue_pcplist() involving the pcp->count variable. See below scenario: CPU0 CPU1 ---------------- --------------- spin_lock(&pcp->lock); __rmqueue_pcplist() { zone_pcp_disable() { /* list is empty */ if (list_empty(list)) { /* add pages to pcp_list */ alloced = rmqueue_bulk() mutex_lock(&pcp_batch_high_lock) ... __drain_all_pages() { drain_pages_zone() { /* read pcp->count, it's 0 here */ count = READ_ONCE(pcp->count) /* 0 means nothing to drain */ /* update pcp->count */ pcp->count += alloced << order; ... ... spin_unlock(&pcp->lock); In this case, after calling zone_pcp_disable() though, there are still some pages in pcp_list. And these pages in pcp_list are neither movable nor isolated, offline_pages() gets stuck as a result. Solution: Expand the scope of the pcp->lock to also protect pcp->count in drain_pages_zone(), to ensure no pages are left in the pcp list after zone_pcp_disable() [1] https://lore.kernel.org/linux-mm/6a07125f-e720-404c-b2f9-e55f3f166e85@fujit… Link: https://lkml.kernel.org/r/20240723064428.1179519-1-lizhijian@fujitsu.com Fixes: 4b23a68f9536 ("mm/page_alloc: protect PCP lists with a spinlock") Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Reported-by: Yao Xingtao <yaoxt.fnst(a)fujitsu.com> Reviewed-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/page_alloc.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) --- a/mm/page_alloc.c~mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist +++ a/mm/page_alloc.c @@ -2343,16 +2343,20 @@ void drain_zone_pages(struct zone *zone, static void drain_pages_zone(unsigned int cpu, struct zone *zone) { struct per_cpu_pages *pcp = per_cpu_ptr(zone->per_cpu_pageset, cpu); - int count = READ_ONCE(pcp->count); - - while (count) { - int to_drain = min(count, pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX); - count -= to_drain; + int count; + do { spin_lock(&pcp->lock); - free_pcppages_bulk(zone, to_drain, pcp, 0); + count = pcp->count; + if (count) { + int to_drain = min(count, + pcp->batch << CONFIG_PCP_BATCH_SCALE_MAX); + + free_pcppages_bulk(zone, to_drain, pcp, 0); + count -= to_drain; + } spin_unlock(&pcp->lock); - } + } while (count); } /* _ Patches currently in -mm which might be from lizhijian(a)fujitsu.com are mm-page_alloc-fix-pcp-count-race-between-drain_pages_zone-vs-__rmqueue_pcplist.patch

9 months, 2 weeks

1
0
0 0

+ scripts-gdb-fix-lx-mounts-command-error.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix lx-mounts command error has been added to the -mm mm-nonmm-unstable branch. Its filename is scripts-gdb-fix-lx-mounts-command-error.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: fix lx-mounts command error Date: Tue, 23 Jul 2024 14:48:59 +0800 (gdb) lx-mounts mount super_block devname pathname fstype options Python Exception <class 'gdb.error'>: There is no member named list. Error occurred in Python: There is no member named list. We encounter the above issue after commit 2eea9ce4310d ("mounts: keep list of mounts in an rbtree"). The commit move a mount from list into rbtree. So we can instead use rbtree to iterate all mounts information. Link: https://lkml.kernel.org/r/20240723064902.124154-4-kuan-ying.lee@canonical.c… Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/proc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/scripts/gdb/linux/proc.py~scripts-gdb-fix-lx-mounts-command-error +++ a/scripts/gdb/linux/proc.py @@ -18,6 +18,7 @@ from linux import utils from linux import tasks from linux import lists from linux import vfs +from linux import rbtree from struct import * @@ -172,8 +173,7 @@ values of that process namespace""" gdb.write("{:^18} {:^15} {:>9} {} {} options\n".format( "mount", "super_block", "devname", "pathname", "fstype")) - for mnt in lists.list_for_each_entry(namespace['list'], - mount_ptr_type, "mnt_list"): + for mnt in rbtree.rb_inorder_for_each_entry(namespace['mounts'], mount_ptr_type, "mnt_node"): devname = mnt['mnt_devname'].string() devname = devname if devname else "none" _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are scripts-gdb-fix-timerlist-parsing-issue.patch scripts-gdb-add-iteration-function-for-rbtree.patch scripts-gdb-fix-lx-mounts-command-error.patch scripts-gdb-add-lx-stack_depot_lookup-command.patch scripts-gdb-add-lx-kasan_mem_to_shadow-command.patch

9 months, 2 weeks

1
0
0 0

+ scripts-gdb-add-iteration-function-for-rbtree.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: add iteration function for rbtree has been added to the -mm mm-nonmm-unstable branch. Its filename is scripts-gdb-add-iteration-function-for-rbtree.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: add iteration function for rbtree Date: Tue, 23 Jul 2024 14:48:58 +0800 Add inorder iteration function for rbtree usage. This is a preparation patch for the next patch to fix the gdb mounts issue. Link: https://lkml.kernel.org/r/20240723064902.124154-3-kuan-ying.lee@canonical.c… Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/rbtree.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) --- a/scripts/gdb/linux/rbtree.py~scripts-gdb-add-iteration-function-for-rbtree +++ a/scripts/gdb/linux/rbtree.py @@ -9,6 +9,18 @@ from linux import utils rb_root_type = utils.CachedType("struct rb_root") rb_node_type = utils.CachedType("struct rb_node") +def rb_inorder_for_each(root): + def inorder(node): + if node: + yield from inorder(node['rb_left']) + yield node + yield from inorder(node['rb_right']) + + yield from inorder(root['rb_node']) + +def rb_inorder_for_each_entry(root, gdbtype, member): + for node in rb_inorder_for_each(root): + yield utils.container_of(node, gdbtype, member) def rb_first(root): if root.type == rb_root_type.get_type(): _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are scripts-gdb-fix-timerlist-parsing-issue.patch scripts-gdb-add-iteration-function-for-rbtree.patch scripts-gdb-fix-lx-mounts-command-error.patch scripts-gdb-add-lx-stack_depot_lookup-command.patch scripts-gdb-add-lx-kasan_mem_to_shadow-command.patch

9 months, 2 weeks

1
0
0 0

+ scripts-gdb-fix-timerlist-parsing-issue.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix timerlist parsing issue has been added to the -mm mm-nonmm-unstable branch. Its filename is scripts-gdb-fix-timerlist-parsing-issue.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Subject: scripts/gdb: fix timerlist parsing issue Date: Tue, 23 Jul 2024 14:48:57 +0800 Patch series "Fix some GDB command error and add some GDB commands", v3. Fix some GDB command errors and add some useful GDB commands. This patch (of 5): Commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") and commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") move 'tick_stopped' and 'nohz_mode' to flags field which will break the gdb lx-mounts command: (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named nohz_mode. Error occurred in Python: There is no member named nohz_mode. (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named tick_stopped. Error occurred in Python: There is no member named tick_stopped. We move 'tick_stopped' and 'nohz_mode' to flags field instead. Link: https://lkml.kernel.org/r/20240723064902.124154-1-kuan-ying.lee@canonical.c… Link: https://lkml.kernel.org/r/20240723064902.124154-2-kuan-ying.lee@canonical.c… Fixes: a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") Fixes: 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/timerlist.py | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) --- a/scripts/gdb/linux/timerlist.py~scripts-gdb-fix-timerlist-parsing-issue +++ a/scripts/gdb/linux/timerlist.py @@ -87,21 +87,22 @@ def print_cpu(hrtimer_bases, cpu, max_cl text += "\n" if constants.LX_CONFIG_TICK_ONESHOT: - fmts = [(" .{} : {}", 'nohz_mode'), - (" .{} : {} nsecs", 'last_tick'), - (" .{} : {}", 'tick_stopped'), - (" .{} : {}", 'idle_jiffies'), - (" .{} : {}", 'idle_calls'), - (" .{} : {}", 'idle_sleeps'), - (" .{} : {} nsecs", 'idle_entrytime'), - (" .{} : {} nsecs", 'idle_waketime'), - (" .{} : {} nsecs", 'idle_exittime'), - (" .{} : {} nsecs", 'idle_sleeptime'), - (" .{}: {} nsecs", 'iowait_sleeptime'), - (" .{} : {}", 'last_jiffies'), - (" .{} : {}", 'next_timer'), - (" .{} : {} nsecs", 'idle_expires')] - text += "\n".join([s.format(f, ts[f]) for s, f in fmts]) + TS_FLAG_STOPPED = 1 << 1 + TS_FLAG_NOHZ = 1 << 4 + text += f" .{'nohz':15s}: {int(bool(ts['flags'] & TS_FLAG_NOHZ))}\n" + text += f" .{'last_tick':15s}: {ts['last_tick']}\n" + text += f" .{'tick_stopped':15s}: {int(bool(ts['flags'] & TS_FLAG_STOPPED))}\n" + text += f" .{'idle_jiffies':15s}: {ts['idle_jiffies']}\n" + text += f" .{'idle_calls':15s}: {ts['idle_calls']}\n" + text += f" .{'idle_sleeps':15s}: {ts['idle_sleeps']}\n" + text += f" .{'idle_entrytime':15s}: {ts['idle_entrytime']} nsecs\n" + text += f" .{'idle_waketime':15s}: {ts['idle_waketime']} nsecs\n" + text += f" .{'idle_exittime':15s}: {ts['idle_exittime']} nsecs\n" + text += f" .{'idle_sleeptime':15s}: {ts['idle_sleeptime']} nsecs\n" + text += f" .{'iowait_sleeptime':15s}: {ts['iowait_sleeptime']} nsecs\n" + text += f" .{'last_jiffies':15s}: {ts['last_jiffies']}\n" + text += f" .{'next_timer':15s}: {ts['next_timer']}\n" + text += f" .{'idle_expires':15s}: {ts['idle_expires']} nsecs\n" text += "\njiffies: {}\n".format(jiffies) text += "\n" _ Patches currently in -mm which might be from kuan-ying.lee(a)canonical.com are scripts-gdb-fix-timerlist-parsing-issue.patch scripts-gdb-add-iteration-function-for-rbtree.patch scripts-gdb-fix-lx-mounts-command-error.patch scripts-gdb-add-lx-stack_depot_lookup-command.patch scripts-gdb-add-lx-kasan_mem_to_shadow-command.patch

9 months, 2 weeks

1
0
0 0

[PATCH net 1/2] ice: Add a per-VF limit on number of FDIR filters

by Tony Nguyen

From: Ahmed Zaki <ahmed.zaki(a)intel.com> While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. CC: stable(a)vger.kernel.org Fixes: 1f7ea1cd6a37 ("ice: Enable FDIR Configure for AVF") Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Suggested-by: Sridhar Samudrala <sridhar.samudrala(a)intel.com> Signed-off-by: Ahmed Zaki <ahmed.zaki(a)intel.com> Reviewed-by: Wojciech Drewek <wojciech.drewek(a)intel.com> Tested-by: Rafal Romanowski <rafal.romanowski(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- .../net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 +++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 ++++++++++++++++ .../net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c index e3cab8e98f52..5412eff8ef23 100644 --- a/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c +++ b/drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c @@ -534,7 +534,7 @@ ice_parse_rx_flow_user_data(struct ethtool_rx_flow_spec *fsp, * * Returns the number of available flow director filters to this VSI */ -static int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi) +int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi) { u16 vsi_num = ice_get_hw_vsi_num(hw, vsi->idx); u16 num_guar; diff --git a/drivers/net/ethernet/intel/ice/ice_fdir.h b/drivers/net/ethernet/intel/ice/ice_fdir.h index 021ecbac7848..ab5b118daa2d 100644 --- a/drivers/net/ethernet/intel/ice/ice_fdir.h +++ b/drivers/net/ethernet/intel/ice/ice_fdir.h @@ -207,6 +207,8 @@ struct ice_fdir_base_pkt { const u8 *tun_pkt; }; +struct ice_vsi; + int ice_alloc_fd_res_cntr(struct ice_hw *hw, u16 *cntr_id); int ice_free_fd_res_cntr(struct ice_hw *hw, u16 cntr_id); int ice_alloc_fd_guar_item(struct ice_hw *hw, u16 *cntr_id, u16 num_fltr); @@ -218,6 +220,7 @@ int ice_fdir_get_gen_prgm_pkt(struct ice_hw *hw, struct ice_fdir_fltr *input, u8 *pkt, bool frag, bool tun); int ice_get_fdir_cnt_all(struct ice_hw *hw); +int ice_fdir_num_avail_fltr(struct ice_hw *hw, struct ice_vsi *vsi); bool ice_fdir_is_dup_fltr(struct ice_hw *hw, struct ice_fdir_fltr *input); bool ice_fdir_has_frag(enum ice_fltr_ptype flow); struct ice_fdir_fltr * diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c index 8e4ff3af86c6..b4feb0927687 100644 --- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c +++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c @@ -536,6 +536,8 @@ static void ice_vc_fdir_reset_cnt_all(struct ice_vf_fdir *fdir) fdir->fdir_fltr_cnt[flow][0] = 0; fdir->fdir_fltr_cnt[flow][1] = 0; } + + fdir->fdir_fltr_cnt_total = 0; } /** @@ -1560,6 +1562,7 @@ ice_vc_add_fdir_fltr_post(struct ice_vf *vf, struct ice_vf_fdir_ctx *ctx, resp->status = status; resp->flow_id = conf->flow_id; vf->fdir.fdir_fltr_cnt[conf->input.flow_type][is_tun]++; + vf->fdir.fdir_fltr_cnt_total++; ret = ice_vc_send_msg_to_vf(vf, ctx->v_opcode, v_ret, (u8 *)resp, len); @@ -1624,6 +1627,7 @@ ice_vc_del_fdir_fltr_post(struct ice_vf *vf, struct ice_vf_fdir_ctx *ctx, resp->status = status; ice_vc_fdir_remove_entry(vf, conf, conf->flow_id); vf->fdir.fdir_fltr_cnt[conf->input.flow_type][is_tun]--; + vf->fdir.fdir_fltr_cnt_total--; ret = ice_vc_send_msg_to_vf(vf, ctx->v_opcode, v_ret, (u8 *)resp, len); @@ -1790,6 +1794,7 @@ int ice_vc_add_fdir_fltr(struct ice_vf *vf, u8 *msg) struct virtchnl_fdir_add *stat = NULL; struct virtchnl_fdir_fltr_conf *conf; enum virtchnl_status_code v_ret; + struct ice_vsi *vf_vsi; struct device *dev; struct ice_pf *pf; int is_tun = 0; @@ -1798,6 +1803,17 @@ int ice_vc_add_fdir_fltr(struct ice_vf *vf, u8 *msg) pf = vf->pf; dev = ice_pf_to_dev(pf); + vf_vsi = ice_get_vf_vsi(vf); + +#define ICE_VF_MAX_FDIR_FILTERS 128 + if (!ice_fdir_num_avail_fltr(&pf->hw, vf_vsi) || + vf->fdir.fdir_fltr_cnt_total >= ICE_VF_MAX_FDIR_FILTERS) { + v_ret = VIRTCHNL_STATUS_ERR_PARAM; + dev_err(dev, "Max number of FDIR filters for VF %d is reached\n", + vf->vf_id); + goto err_exit; + } + ret = ice_vc_fdir_param_check(vf, fltr->vsi_id); if (ret) { v_ret = VIRTCHNL_STATUS_ERR_PARAM; diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h index c5bcc8d7481c..ac6dcab454b4 100644 --- a/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h +++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h @@ -29,6 +29,7 @@ struct ice_vf_fdir_ctx { struct ice_vf_fdir { u16 fdir_fltr_cnt[ICE_FLTR_PTYPE_MAX][ICE_FD_HW_SEG_MAX]; int prof_entry_cnt[ICE_FLTR_PTYPE_MAX][ICE_FD_HW_SEG_MAX]; + u16 fdir_fltr_cnt_total; struct ice_fd_hw_prof **fdir_prof; struct idr fdir_rule_idr; -- 2.41.0

9 months, 2 weeks

1
0
0 0

Re: [PATCH 6.9 000/163] 6.9.11-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

9 months, 2 weeks

1
0
0 0

[PATCH] clk: samsung: fix getting Exynos4 fin_pll rate from external clocks

by Krzysztof Kozlowski

Commit 0dc83ad8bfc9 ("clk: samsung: Don't register clkdev lookup for the fixed rate clocks") claimed registering clkdev lookup is not necessary anymore, but that was not entirely true: Exynos4210/4212/4412 clock code still relied on it to get the clock rate of xxti or xusbxti external clocks. Drop that requirement by accessing already registered clk_hw when looking up the xxti/xusbxti rate. Reported-by: Artur Weber <aweber.kernel(a)gmail.com> Closes: https://lore.kernel.org/all/6227c1fb-d769-462a-b79b-abcc15d3db8e@gmail.com/ Fixes: 0dc83ad8bfc9 ("clk: samsung: Don't register clkdev lookup for the fixed rate clocks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/clk/samsung/clk-exynos4.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/drivers/clk/samsung/clk-exynos4.c b/drivers/clk/samsung/clk-exynos4.c index a026ccca7315..28945b6b0ee1 100644 --- a/drivers/clk/samsung/clk-exynos4.c +++ b/drivers/clk/samsung/clk-exynos4.c @@ -1040,19 +1040,20 @@ static unsigned long __init exynos4_get_xom(void) static void __init exynos4_clk_register_finpll(struct samsung_clk_provider *ctx) { struct samsung_fixed_rate_clock fclk; - struct clk *clk; - unsigned long finpll_f = 24000000; + unsigned long finpll_f; + unsigned int parent; char *parent_name; unsigned int xom = exynos4_get_xom(); parent_name = xom & 1 ? "xusbxti" : "xxti"; - clk = clk_get(NULL, parent_name); - if (IS_ERR(clk)) { + parent = xom & 1 ? CLK_XUSBXTI : CLK_XXTI; + + finpll_f = clk_hw_get_rate(ctx->clk_data.hws[parent]); + if (!finpll_f) { pr_err("%s: failed to lookup parent clock %s, assuming " "fin_pll clock frequency is 24MHz\n", __func__, parent_name); - } else { - finpll_f = clk_get_rate(clk); + finpll_f = 24000000; } fclk.id = CLK_FIN_PLL; -- 2.43.0

9 months, 2 weeks

3
2
0 0

[PATCH v2 4.19 1/4] ext4: check and update i_disksize properly

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> commit 4df031ff5876d94b48dd9ee486ba5522382a06b2 upstream After commit 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize"), i_disksize could always be updated to i_size in ext4_setattr(), and we could sure that i_disksize <= i_size since holding inode lock and if i_disksize < i_size there are delalloc writes pending in the range upto i_size. If the end of the current write is <= i_size, there's no need to touch i_disksize since writeback will push i_disksize upto i_size eventually. So we can switch to check i_size instead of i_disksize in ext4_da_write_end() when write to the end of the file. we also could remove ext4_mark_inode_dirty() together because we defer inode dirtying to generic_write_end() or ext4_da_write_inline_data_end(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-2-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inode.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 646285fbc9fc..d8a8e4ee5ff8 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3207,35 +3207,37 @@ static int ext4_da_write_end(struct file *file, end = start + copied - 1; /* - * generic_write_end() will run mark_inode_dirty() if i_size - * changes. So let's piggyback the i_disksize mark_inode_dirty - * into that. + * Since we are holding inode lock, we are sure i_disksize <= + * i_size. We also know that if i_disksize < i_size, there are + * delalloc writes pending in the range upto i_size. If the end of + * the current write is <= i_size, there's no need to touch + * i_disksize since writeback will push i_disksize upto i_size + * eventually. If the end of the current write is > i_size and + * inside an allocated block (ext4_da_should_update_i_disksize() + * check), we need to update i_disksize here as neither + * ext4_writepage() nor certain ext4_writepages() paths not + * allocating blocks update i_disksize. + * + * Note that we defer inode dirtying to generic_write_end() / + * ext4_da_write_inline_data_end(). */ new_i_size = pos + copied; - if (copied && new_i_size > EXT4_I(inode)->i_disksize) { + if (copied && new_i_size > inode->i_size) { if (ext4_has_inline_data(inode) || - ext4_da_should_update_i_disksize(page, end)) { + ext4_da_should_update_i_disksize(page, end)) ext4_update_i_disksize(inode, new_i_size); - /* We need to mark inode dirty even if - * new_i_size is less that inode->i_size - * bu greater than i_disksize.(hint delalloc) - */ - ext4_mark_inode_dirty(handle, inode); - } } if (write_mode != CONVERT_INLINE_DATA && ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && ext4_has_inline_data(inode)) - ret2 = ext4_da_write_inline_data_end(inode, pos, len, copied, + ret = ext4_da_write_inline_data_end(inode, pos, len, copied, page); else - ret2 = generic_write_end(file, mapping, pos, len, copied, + ret = generic_write_end(file, mapping, pos, len, copied, page, fsdata); - copied = ret2; - if (ret2 < 0) - ret = ret2; + copied = ret; ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; -- 2.43.4

9 months, 2 weeks

2
1
0 0

[PATCH 6.1 1/3] netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume()

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 85b08b31a22b481ec6528130daf94eee4452e23f ] Export fscache_put_volume() and add fscache_try_get_volume() helper function to allow cachefiles to get/put fscache_volume via linux/fscache-cache.h. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240628062930.2467993-2-libaokun@huaweicloud.com Signed-off-by: Christian Brauner <brauner(a)kernel.org> Stable-dep-of: 522018a0de6b ("cachefiles: fix slab-use-after-free in fscache_withdraw_volume()") Stable-dep-of: 5d8f80578907 ("cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/fscache/internal.h | 2 -- fs/fscache/volume.c | 14 ++++++++++++++ include/linux/fscache-cache.h | 6 ++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h index 1336f517e9b1..4799a722bc28 100644 --- a/fs/fscache/internal.h +++ b/fs/fscache/internal.h @@ -145,8 +145,6 @@ extern const struct seq_operations fscache_volumes_seq_ops; struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, enum fscache_volume_trace where); -void fscache_put_volume(struct fscache_volume *volume, - enum fscache_volume_trace where); bool fscache_begin_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); diff --git a/fs/fscache/volume.c b/fs/fscache/volume.c index cdf991bdd9de..cb75c07b5281 100644 --- a/fs/fscache/volume.c +++ b/fs/fscache/volume.c @@ -27,6 +27,19 @@ struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, return volume; } +struct fscache_volume *fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where) +{ + int ref; + + if (!__refcount_inc_not_zero(&volume->ref, &ref)) + return NULL; + + trace_fscache_volume(volume->debug_id, ref + 1, where); + return volume; +} +EXPORT_SYMBOL(fscache_try_get_volume); + static void fscache_see_volume(struct fscache_volume *volume, enum fscache_volume_trace where) { @@ -420,6 +433,7 @@ void fscache_put_volume(struct fscache_volume *volume, fscache_free_volume(volume); } } +EXPORT_SYMBOL(fscache_put_volume); /* * Relinquish a volume representation cookie. diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h index a174cedf4d90..35e86d2f2887 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h @@ -19,6 +19,7 @@ enum fscache_cache_trace; enum fscache_cookie_trace; enum fscache_access_trace; +enum fscache_volume_trace; enum fscache_cache_state { FSCACHE_CACHE_IS_NOT_PRESENT, /* No cache is present for this name */ @@ -97,6 +98,11 @@ extern void fscache_withdraw_cookie(struct fscache_cookie *cookie); extern void fscache_io_error(struct fscache_cache *cache); +extern struct fscache_volume * +fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); +extern void fscache_put_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); extern void fscache_end_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); -- 2.39.2

9 months, 2 weeks

2
3
0 0

[PATCH v2] usb: typec: ucsi: Fix NULL pointer dereference in ucsi_displayport_vdm()

by Ma Ke

When dp->con->partner is an error, a NULL pointer dereference may occur. Add a check for dp->con->partner to avoid dereferencing a NULL pointer. Cc: stable(a)vger.kernel.org Fixes: 372adf075a43 ("usb: typec: ucsi: Determine common SVDM Version") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line; - fixed a typo. --- drivers/usb/typec/ucsi/displayport.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index 420af5139c70..ecc706e0800d 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -222,6 +222,8 @@ static int ucsi_displayport_vdm(struct typec_altmode *alt, switch (cmd_type) { case CMDT_INIT: if (PD_VDO_SVDM_VER(header) < svdm_version) { + if (IS_ERR_OR_NULL(dp->con->partner)) + break; typec_partner_set_svdm_version(dp->con->partner, PD_VDO_SVDM_VER(header)); svdm_version = PD_VDO_SVDM_VER(header); } -- 2.25.1

9 months, 2 weeks

3
2
0 0

[PATCH stable 4.19-6.6] filelock: Remove locks reliably when fcntl/close race is detected

by Jann Horn

commit 3cad1bc010416c6dd780643476bc59ed742436b9 upstream. When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. In theory (but AFAIK not in practice), posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the middle). After the bug has been triggered, use-after-free reads will occur in lock_get_status() when userspace reads /proc/locks. This can likely be used to read arbitrary kernel memory, but can't corrupt kernel memory. This only affects systems with SELinux / Smack / AppArmor / BPF-LSM in enforcing mode and only works from some security contexts. Fix it by calling locks_remove_posix() instead, which is designed to reliably get rid of POSIX locks associated with the given file and files_struct and is also used by filp_flush(). Fixes: c293621bbf67 ("[PATCH] stale POSIX lock handling") Cc: stable(a)kernel.org Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2563 Signed-off-by: Jann Horn <jannh(a)google.com> Link: https://lore.kernel.org/r/20240702-fs-lock-recover-2-v1-1-edd456f63789@goog… Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Christian Brauner <brauner(a)kernel.org> [stable fixup: ->c.flc_type was ->fl_type in older kernels] Signed-off-by: Jann Horn <jannh(a)google.com> --- fs/locks.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/locks.c b/fs/locks.c index fb717dae9029..31659a2d9862 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2381,8 +2381,9 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, error = do_lock_file_wait(filp, cmd, file_lock); /* - * Attempt to detect a close/fcntl race and recover by releasing the - * lock that was just acquired. There is no need to do that when we're + * Detect close/fcntl races and recover by zapping all POSIX locks + * associated with this file and our files_struct, just like on + * filp_flush(). There is no need to do that when we're * unlocking though, or for OFD locks. */ if (!error && file_lock->fl_type != F_UNLCK && @@ -2397,9 +2398,7 @@ int fcntl_setlk(unsigned int fd, struct file *filp, unsigned int cmd, f = files_lookup_fd_locked(files, fd); spin_unlock(&files->file_lock); if (f != filp) { - file_lock->fl_type = F_UNLCK; - error = do_lock_file_wait(filp, cmd, file_lock); - WARN_ON_ONCE(error); + locks_remove_posix(filp, files); error = -EBADF; } } base-commit: 2eaf5c0d81911ba05bace3a722cbcd708fdbbcba -- 2.45.2.1089.g2a221341d9-goog

9 months, 2 weeks

2
8
0 0

[PATCH] mm: Fix endless reclaim on machines with unaccepted memory.

by Kirill A. Shutemov

Unaccepted memory is considered unusable free memory, which is not counted as free on the zone watermark check. This causes get_page_from_freelist() to accept more memory to hit the high watermark, but it creates problems in the reclaim path. The reclaim path encounters a failed zone watermark check and attempts to reclaim memory. This is usually successful, but if there is little or no reclaimable memory, it can result in endless reclaim with little to no progress. This can occur early in the boot process, just after start of the init process when the only reclaimable memory is the page cache of the init executable and its libraries. To address this issue, teach shrink_node() and shrink_zones() to accept memory before attempting to reclaim. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Jianxiong Gao <jxgao(a)google.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Cc: stable(a)vger.kernel.org # v6.5+ --- mm/internal.h | 9 +++++++++ mm/page_alloc.c | 8 +------- mm/vmscan.c | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 7 deletions(-) diff --git a/mm/internal.h b/mm/internal.h index cc2c5e07fad3..ea55cbad061f 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1515,4 +1515,13 @@ static inline void shrinker_debugfs_remove(struct dentry *debugfs_entry, void workingset_update_node(struct xa_node *node); extern struct list_lru shadow_nodes; +#ifdef CONFIG_UNACCEPTED_MEMORY +bool try_to_accept_memory(struct zone *zone, unsigned int order); +#else +static inline bool try_to_accept_memory(struct zone *zone, unsigned int order) +{ + return false; +} +#endif /* CONFIG_UNACCEPTED_MEMORY */ + #endif /* __MM_INTERNAL_H */ diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 9ecf99190ea2..9a108c92245f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -287,7 +287,6 @@ EXPORT_SYMBOL(nr_online_nodes); static bool page_contains_unaccepted(struct page *page, unsigned int order); static void accept_page(struct page *page, unsigned int order); -static bool try_to_accept_memory(struct zone *zone, unsigned int order); static inline bool has_unaccepted_memory(void); static bool __free_unaccepted(struct page *page); @@ -6940,7 +6939,7 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) +bool try_to_accept_memory(struct zone *zone, unsigned int order) { long to_accept; int ret = false; @@ -6999,11 +6998,6 @@ static void accept_page(struct page *page, unsigned int order) { } -static bool try_to_accept_memory(struct zone *zone, unsigned int order) -{ - return false; -} - static inline bool has_unaccepted_memory(void) { return false; diff --git a/mm/vmscan.c b/mm/vmscan.c index 2e34de9cd0d4..b2af1263b1bc 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c @@ -5900,12 +5900,44 @@ static void shrink_node_memcgs(pg_data_t *pgdat, struct scan_control *sc) } while ((memcg = mem_cgroup_iter(target_memcg, memcg, NULL))); } +#ifdef CONFIG_UNACCEPTED_MEMORY +static bool node_try_to_accept_memory(pg_data_t *pgdat, struct scan_control *sc) +{ + bool progress = false; + struct zone *zone; + int z; + + for (z = 0; z <= sc->reclaim_idx; z++) { + zone = pgdat->node_zones + z; + if (!managed_zone(zone)) + continue; + + if (try_to_accept_memory(zone, sc->order)) + progress = true; + } + + return progress; +} +#else +static inline bool node_try_to_accept_memory(pg_data_t *pgdat, + struct scan_control *sc) +{ + return false; +} +#endif /* CONFIG_UNACCEPTED_MEMORY */ + static void shrink_node(pg_data_t *pgdat, struct scan_control *sc) { unsigned long nr_reclaimed, nr_scanned, nr_node_reclaimed; struct lruvec *target_lruvec; bool reclaimable = false; + /* Try to accept memory before going for reclaim */ + if (node_try_to_accept_memory(pgdat, sc)) { + if (!should_continue_reclaim(pgdat, 0, sc)) + return; + } + if (lru_gen_enabled() && root_reclaim(sc)) { lru_gen_shrink_node(pgdat, sc); return; @@ -6118,6 +6150,10 @@ static void shrink_zones(struct zonelist *zonelist, struct scan_control *sc) GFP_KERNEL | __GFP_HARDWALL)) continue; + /* Try to accept memory before going for reclaim */ + if (try_to_accept_memory(zone, sc->order)) + continue; + /* * If we already have plenty of memory free for * compaction in this zone, don't free any more. -- 2.43.0

9 months, 2 weeks

4
9
0 0

[PATCH v5.10] ext4: fix error code saved on super block during file system abort

by Ajay Kaher

From: Gabriel Krisman Bertazi <krisman(a)collabora.com> [ Upstream commit 124e7c61deb27d758df5ec0521c36cf08d417f7a ] ext4_abort will eventually call ext4_errno_to_code, which translates the errno to an EXT4_ERR specific error. This means that ext4_abort expects an errno. By using EXT4_ERR_ here, it gets misinterpreted (as an errno), and ends up saving EXT4_ERR_EBUSY on the superblock during an abort, which makes no sense. ESHUTDOWN will get properly translated to EXT4_ERR_SHUTDOWN, so use that instead. Signed-off-by: Gabriel Krisman Bertazi <krisman(a)collabora.com> Link: https://lore.kernel.org/r/20211026173302.84000-1-krisman@collabora.com Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Signed-off-by: Ajay Kaher <ajay.kaher(a)broadcom.com> --- fs/ext4/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 160e5824948270..0e8406f5bf0aa0 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -5820,7 +5820,7 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) } if (ext4_test_mount_flag(sb, EXT4_MF_FS_ABORTED)) - ext4_abort(sb, EXT4_ERR_ESHUTDOWN, "Abort forced by user"); + ext4_abort(sb, ESHUTDOWN, "Abort forced by user"); sb->s_flags = (sb->s_flags & ~SB_POSIXACL) | (test_opt(sb, POSIX_ACL) ? SB_POSIXACL : 0); -- cgit 1.2.3-korg

9 months, 2 weeks

2
2
0 0

[PATCH 5.10] scsi: core: Fix a use-after-free

by Maximilian Heyne

From: Bart Van Assche <bvanassche(a)acm.org> [ Upstream commit 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 ] There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Link: https://lore.kernel.org/r/20220826002635.919423-1-bvanassche@acm.org Fixes: 65ca846a5314 ("scsi: core: Introduce {init,exit}_cmd_priv()") Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Mike Christie <michael.christie(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.de> Cc: John Garry <john.garry(a)huawei.com> Cc: Li Zhijian <lizhijian(a)fujitsu.com> Reported-by: Li Zhijian <lizhijian(a)fujitsu.com> Tested-by: Li Zhijian <lizhijian(a)fujitsu.com> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> [mheyne: fixed contextual conflicts: - drivers/scsi/hosts.c: due to missing commit 973dac8a8a14 ("scsi: core: Refine how we set tag_set NUMA node") - drivers/scsi/scsi_sysfs.c: due to missing commit 6f8191fdf41d ("block: simplify disk shutdown") - drivers/scsi/scsi_scan.c: due to missing commit 59506abe5e34 ("scsi: core: Inline scsi_mq_alloc_queue()")] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Cc: stable(a)vger.kernel.org # v5.10 --- drivers/scsi/hosts.c | 16 +++++++++++++--- drivers/scsi/scsi_lib.c | 6 +++++- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_scan.c | 1 + drivers/scsi/scsi_sysfs.c | 1 + include/scsi/scsi_host.h | 2 ++ 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c index 297f2b412d07..17fa1cd91da6 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -182,6 +182,15 @@ void scsi_remove_host(struct Scsi_Host *shost) scsi_proc_host_rm(shost); scsi_proc_hostdir_rm(shost->hostt); + /* + * New SCSI devices cannot be attached anymore because of the SCSI host + * state so drop the tag set refcnt. Wait until the tag set refcnt drops + * to zero because .exit_cmd_priv implementations may need the host + * pointer. + */ + kref_put(&shost->tagset_refcnt, scsi_mq_free_tags); + wait_for_completion(&shost->tagset_freed); + spin_lock_irqsave(shost->host_lock, flags); if (scsi_host_set_state(shost, SHOST_DEL)) BUG_ON(scsi_host_set_state(shost, SHOST_DEL_RECOVERY)); @@ -240,6 +249,9 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, shost->dma_dev = dma_dev; + kref_init(&shost->tagset_refcnt); + init_completion(&shost->tagset_freed); + /* * Increase usage count temporarily here so that calling * scsi_autopm_put_host() will trigger runtime idle if there is @@ -312,6 +324,7 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, pm_runtime_disable(&shost->shost_gendev); pm_runtime_set_suspended(&shost->shost_gendev); pm_runtime_put_noidle(&shost->shost_gendev); + kref_put(&shost->tagset_refcnt, scsi_mq_free_tags); fail: return error; } @@ -344,9 +357,6 @@ static void scsi_host_dev_release(struct device *dev) kfree(dev_name(&shost->shost_dev)); } - if (shost->tag_set.tags) - scsi_mq_destroy_tags(shost); - kfree(shost->shost_data); ida_simple_remove(&host_index_ida, shost->host_no); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 14dec86ff749..64ae7bc2de60 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1923,9 +1923,13 @@ int scsi_mq_setup_tags(struct Scsi_Host *shost) return blk_mq_alloc_tag_set(tag_set); } -void scsi_mq_destroy_tags(struct Scsi_Host *shost) +void scsi_mq_free_tags(struct kref *kref) { + struct Scsi_Host *shost = container_of(kref, typeof(*shost), + tagset_refcnt); + blk_mq_free_tag_set(&shost->tag_set); + complete(&shost->tagset_freed); } /** diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h index 1183dbed687c..3fee9af05925 100644 --- a/drivers/scsi/scsi_priv.h +++ b/drivers/scsi/scsi_priv.h @@ -93,7 +93,7 @@ extern void scsi_requeue_run_queue(struct work_struct *work); extern struct request_queue *scsi_mq_alloc_queue(struct scsi_device *sdev); extern void scsi_start_queue(struct scsi_device *sdev); extern int scsi_mq_setup_tags(struct Scsi_Host *shost); -extern void scsi_mq_destroy_tags(struct Scsi_Host *shost); +extern void scsi_mq_free_tags(struct kref *kref); extern void scsi_exit_queue(void); extern void scsi_evt_thread(struct work_struct *work); struct request_queue; diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c index 6f7c4d41c51d..e8703b043805 100644 --- a/drivers/scsi/scsi_scan.c +++ b/drivers/scsi/scsi_scan.c @@ -273,6 +273,7 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget, kfree(sdev); goto out; } + kref_get(&sdev->host->tagset_refcnt); WARN_ON_ONCE(!blk_get_queue(sdev->request_queue)); sdev->request_queue->queuedata = sdev; diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 6cc4d0792e3d..bb37d698da1a 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -1481,6 +1481,7 @@ void __scsi_remove_device(struct scsi_device *sdev) mutex_unlock(&sdev->state_mutex); blk_cleanup_queue(sdev->request_queue); + kref_put(&sdev->host->tagset_refcnt, scsi_mq_free_tags); cancel_work_sync(&sdev->requeue_work); if (sdev->host->hostt->slave_destroy) diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h index 4a9f1e6e3aac..3979e946c3fd 100644 --- a/include/scsi/scsi_host.h +++ b/include/scsi/scsi_host.h @@ -548,6 +548,8 @@ struct Scsi_Host { struct scsi_host_template *hostt; struct scsi_transport_template *transportt; + struct kref tagset_refcnt; + struct completion tagset_freed; /* Area to keep a shared tag map */ struct blk_mq_tag_set tag_set; -- 2.40.1 Amazon Web Services Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

9 months, 2 weeks

2
1
0 0

[PATCH v5.10] bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

by Ashwin Kamat

From: Jason Xing <kernelxing(a)tencent.com> [ Upstream commit 6648e613226e18897231ab5e42ffc29e63fa3365 ] Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1: sk_psock_stop_verdict net/core/skmsg.c:1257 [inline] sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843 sk_psock_put include/linux/skmsg.h:459 [inline] sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648 unix_release+0x4b/0x80 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0x68/0x150 net/socket.c:1421 __fput+0x2c1/0x660 fs/file_table.c:422 __fput_sync+0x44/0x60 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close+0x101/0x1b0 fs/open.c:1541 __x64_sys_close+0x1f/0x30 fs/open.c:1541 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0: sk_psock_data_ready include/linux/skmsg.h:464 [inline] sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555 sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606 sk_psock_verdict_apply net/core/skmsg.c:1008 [inline] sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202 unix_read_skb net/unix/af_unix.c:2546 [inline] unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682 sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223 unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x140/0x180 net/socket.c:745 ____sys_sendmsg+0x312/0x410 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x1e9/0x280 net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 value changed: 0xffffffff83d7feb0 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Prior to this, commit 4cd12c6065df ("bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()") fixed one NULL pointer similarly due to no protection of saved_data_ready. Here is another different caller causing the same issue because of the same reason. So we should protect it with sk_callback_lock read lock because the writer side in the sk_psock_drop() uses "write_lock_bh(&sk->sk_callback_lock);". To avoid errors that could happen in future, I move those two pairs of lock into the sk_psock_data_ready(), which is suggested by John Fastabend. Fixes: 604326b41a6f ("bpf, sockmap: convert to generic sk_msg interface") Reported-by: syzbot+aa8c8ec2538929f18f2d(a)syzkaller.appspotmail.com Signed-off-by: Jason Xing <kernelxing(a)tencent.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Reviewed-by: John Fastabend <john.fastabend(a)gmail.com> Closes: https://syzkaller.appspot.com/bug?extid=aa8c8ec2538929f18f2d Link: https://lore.kernel.org/all/20240329134037.92124-1-kerneljasonxing@gmail.com Link: https://lore.kernel.org/bpf/20240404021001.94815-1-kerneljasonxing@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> [Ashwin: Regenerated the patch for v5.10] Signed-off-by: Ashwin Dayanand Kamat <ashwin.kamat(a)broadcom.com> --- include/linux/skmsg.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/skmsg.h b/include/linux/skmsg.h index 1138dd3071db..a197c9a49e97 100644 --- a/include/linux/skmsg.h +++ b/include/linux/skmsg.h @@ -406,10 +406,12 @@ static inline void sk_psock_put(struct sock *sk, struct sk_psock *psock) static inline void sk_psock_data_ready(struct sock *sk, struct sk_psock *psock) { + read_lock_bh(&sk->sk_callback_lock); if (psock->parser.enabled) psock->parser.saved_data_ready(sk); else sk->sk_data_ready(sk); + read_unlock_bh(&sk->sk_callback_lock); } static inline void psock_set_prog(struct bpf_prog **pprog, -- 2.45.1

9 months, 2 weeks

2
1
0 0

[PATCH 5.10] bpf: Fix overrunning reservations in ringbuf

by Dominique Martinet

From: Daniel Borkmann <daniel(a)iogearbox.net> [ Upstream commit cfa1a2329a691ffd991fcf7248a57d752e712881 ] The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the record will successfully advance producer counter. In user space each time a record is read, the consumer of the data advanced the consumer counter once it finished processing. Both counters are stored in separate pages so that from user space, the producer counter is read-only and the consumer counter is read-write. One aspect that simplifies and thus speeds up the implementation of both producers and consumers is how the data area is mapped twice contiguously back-to-back in the virtual memory, allowing to not take any special measures for samples that have to wrap around at the end of the circular buffer data area, because the next page after the last data page would be first data page again, and thus the sample will still appear completely contiguous in virtual memory. Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for book-keeping the length and offset, and is inaccessible to the BPF program. Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ` for the BPF program to use. Bing-Jhong and Muhammad reported that it is however possible to make a second allocated memory chunk overlapping with the first chunk and as a result, the BPF program is now able to edit first chunk's header. For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in [0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets allocate a chunk B with size 0x3000. This will succeed because consumer_pos was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask` check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data pages. This means that chunk B at [0x4000,0x4008] is chunk A's header. bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong page and could cause a crash. Fix it by calculating the oldest pending_pos and check whether the range from the oldest outstanding record to the newest would span beyond the ring buffer size. If that is the case, then reject the request. We've tested with the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh) before/after the fix and while it seems a bit slower on some benchmarks, it is still not significantly enough to matter. Fixes: 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") Reported-by: Bing-Jhong Billy Jheng <billy(a)starlabs.sg> Reported-by: Muhammad Ramdhan <ramdhan(a)starlabs.sg> Co-developed-by: Bing-Jhong Billy Jheng <billy(a)starlabs.sg> Co-developed-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Bing-Jhong Billy Jheng <billy(a)starlabs.sg> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240621140828.18238-1-daniel@iogearbox.net Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> --- The only conflict with the patch was in the comment at top of the patch (the commit that had changed this comment, 583c1f420173 ("bpf: Define new BPF_MAP_TYPE_USER_RINGBUF map type"), has nothing to do with this fix), so I went ahead with it. I'm not familiar with the ringbuf code but it doesn't look too wrong to me at first glance; and with this all stable branches are covered. kernel/bpf/ringbuf.c | 30 +++++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/kernel/bpf/ringbuf.c b/kernel/bpf/ringbuf.c index 1e4bf23528a3..eac0026e2fa6 100644 --- a/kernel/bpf/ringbuf.c +++ b/kernel/bpf/ringbuf.c @@ -41,9 +41,12 @@ struct bpf_ringbuf { * mapping consumer page as r/w, but restrict producer page to r/o. * This protects producer position from being modified by user-space * application and ruining in-kernel position tracking. + * Note that the pending counter is placed in the same + * page as the producer, so that it shares the same cache line. */ unsigned long consumer_pos __aligned(PAGE_SIZE); unsigned long producer_pos __aligned(PAGE_SIZE); + unsigned long pending_pos; char data[] __aligned(PAGE_SIZE); }; @@ -145,6 +148,7 @@ static struct bpf_ringbuf *bpf_ringbuf_alloc(size_t data_sz, int numa_node) rb->mask = data_sz - 1; rb->consumer_pos = 0; rb->producer_pos = 0; + rb->pending_pos = 0; return rb; } @@ -323,9 +327,9 @@ bpf_ringbuf_restore_from_rec(struct bpf_ringbuf_hdr *hdr) static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) { - unsigned long cons_pos, prod_pos, new_prod_pos, flags; - u32 len, pg_off; + unsigned long cons_pos, prod_pos, new_prod_pos, pend_pos, flags; struct bpf_ringbuf_hdr *hdr; + u32 len, pg_off, tmp_size, hdr_len; if (unlikely(size > RINGBUF_MAX_RECORD_SZ)) return NULL; @@ -343,13 +347,29 @@ static void *__bpf_ringbuf_reserve(struct bpf_ringbuf *rb, u64 size) spin_lock_irqsave(&rb->spinlock, flags); } + pend_pos = rb->pending_pos; prod_pos = rb->producer_pos; new_prod_pos = prod_pos + len; - /* check for out of ringbuf space by ensuring producer position - * doesn't advance more than (ringbuf_size - 1) ahead + while (pend_pos < prod_pos) { + hdr = (void *)rb->data + (pend_pos & rb->mask); + hdr_len = READ_ONCE(hdr->len); + if (hdr_len & BPF_RINGBUF_BUSY_BIT) + break; + tmp_size = hdr_len & ~BPF_RINGBUF_DISCARD_BIT; + tmp_size = round_up(tmp_size + BPF_RINGBUF_HDR_SZ, 8); + pend_pos += tmp_size; + } + rb->pending_pos = pend_pos; + + /* check for out of ringbuf space: + * - by ensuring producer position doesn't advance more than + * (ringbuf_size - 1) ahead + * - by ensuring oldest not yet committed record until newest + * record does not span more than (ringbuf_size - 1) */ - if (new_prod_pos - cons_pos > rb->mask) { + if (new_prod_pos - cons_pos > rb->mask || + new_prod_pos - pend_pos > rb->mask) { spin_unlock_irqrestore(&rb->spinlock, flags); return NULL; } -- 2.39.2

9 months, 2 weeks

2
2
0 0

[v6.9-stable PATCH] mm: page_ref: remove folio_try_get_rcu()

by Yang Shi

commit fa2690af573dfefb47ba6eef888797a64b6b5f3c upstream The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 275.270679][ T4335] RIP: 0010:try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.272813][ T4335] RSP: 0018:ffffc90005dcf650 EFLAGS: 00010202 [ 275.273346][ T4335] RAX: 0000000000000246 RBX: ffffea00066e0000 RCX: 0000000000000000 [ 275.274032][ T4335] RDX: fffff94000cdc007 RSI: 0000000000000004 RDI: ffffea00066e0034 [ 275.274719][ T4335] RBP: ffffea00066e0000 R08: 0000000000000000 R09: fffff94000cdc006 [ 275.275404][ T4335] R10: ffffea00066e0037 R11: 0000000000000000 R12: 0000000000000136 [ 275.276106][ T4335] R13: ffffea00066e0034 R14: dffffc0000000000 R15: ffffea00066e0008 [ 275.276790][ T4335] FS: 00007fa2f9b61740(0000) GS:ffffffff89d0d000(0000) knlGS:0000000000000000 [ 275.277570][ T4335] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 275.278143][ T4335] CR2: 00007fa2f6c00000 CR3: 0000000134b04000 CR4: 00000000000406f0 [ 275.278833][ T4335] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 275.279521][ T4335] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 275.280201][ T4335] Call Trace: [ 275.280499][ T4335] <TASK> [ 275.280751][ T4335] ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) [ 275.281087][ T4335] ? do_trap (arch/x86/kernel/traps.c:112 arch/x86/kernel/traps.c:153) [ 275.281463][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.281884][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.282300][ T4335] ? do_error_trap (arch/x86/kernel/traps.c:174) [ 275.282711][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283129][ T4335] ? handle_invalid_op (arch/x86/kernel/traps.c:212) [ 275.283561][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.283990][ T4335] ? exc_invalid_op (arch/x86/kernel/traps.c:264) [ 275.284415][ T4335] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:568) [ 275.284859][ T4335] ? try_get_folio (include/linux/page_ref.h:275 (discriminator 3) mm/gup.c:79 (discriminator 3)) [ 275.285278][ T4335] try_grab_folio (mm/gup.c:148) [ 275.285684][ T4335] __get_user_pages (mm/gup.c:1297 (discriminator 1)) [ 275.286111][ T4335] ? __pfx___get_user_pages (mm/gup.c:1188) [ 275.286579][ T4335] ? __pfx_validate_chain (kernel/locking/lockdep.c:3825) [ 275.287034][ T4335] ? mark_lock (kernel/locking/lockdep.c:4656 (discriminator 1)) [ 275.287416][ T4335] __gup_longterm_locked (mm/gup.c:1509 mm/gup.c:2209) [ 275.288192][ T4335] ? __pfx___gup_longterm_locked (mm/gup.c:2204) [ 275.288697][ T4335] ? __pfx_lock_acquire (kernel/locking/lockdep.c:5722) [ 275.289135][ T4335] ? __pfx___might_resched (kernel/sched/core.c:10106) [ 275.289595][ T4335] pin_user_pages_remote (mm/gup.c:3350) [ 275.290041][ T4335] ? __pfx_pin_user_pages_remote (mm/gup.c:3350) [ 275.290545][ T4335] ? find_held_lock (kernel/locking/lockdep.c:5244 (discriminator 1)) [ 275.290961][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.291353][ T4335] process_vm_rw_single_vec+0x142/0x360 [ 275.291900][ T4335] ? __pfx_process_vm_rw_single_vec+0x10/0x10 [ 275.292471][ T4335] ? mm_access (kernel/fork.c:1573) [ 275.292859][ T4335] process_vm_rw_core+0x272/0x4e0 [ 275.293384][ T4335] ? hlock_class (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:228) [ 275.293780][ T4335] ? __pfx_process_vm_rw_core+0x10/0x10 [ 275.294350][ T4335] process_vm_rw (mm/process_vm_access.c:284) [ 275.294748][ T4335] ? __pfx_process_vm_rw (mm/process_vm_access.c:259) [ 275.295197][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.295634][ T4335] __x64_sys_process_vm_readv (mm/process_vm_access.c:291) [ 275.296139][ T4335] ? syscall_enter_from_user_mode (kernel/entry/common.c:94 kernel/entry/common.c:112) [ 275.296642][ T4335] do_syscall_64 (arch/x86/entry/common.c:51 (discriminator 1) arch/x86/entry/common.c:82 (discriminator 1)) [ 275.297032][ T4335] ? __task_pid_nr_ns (include/linux/rcupdate.h:306 (discriminator 1) include/linux/rcupdate.h:780 (discriminator 1) kernel/pid.c:504 (discriminator 1)) [ 275.297470][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.297988][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.298389][ T4335] ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4300 kernel/locking/lockdep.c:4359) [ 275.298906][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299304][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.299703][ T4335] ? do_syscall_64 (arch/x86/include/asm/cpufeature.h:171 arch/x86/entry/common.c:97) [ 275.300115][ T4335] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) This BUG is the VM_BUG_ON(!in_atomic() && !irqs_disabled()) assertion in folio_ref_try_add_rcu() for non-SMP kernel. The process_vm_readv() calls GUP to pin the THP. An optimization for pinning THP instroduced by commit 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") calls try_grab_folio() to pin the THP, but try_grab_folio() is supposed to be called in atomic context for non-SMP kernel, for example, irq disabled or preemption disabled, due to the optimization introduced by commit e286781d5f2e ("mm: speculative page references"). The commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") is not actually the root cause although it was bisected to. It just makes the problem exposed more likely. The follow up discussion suggested the optimization for non-SMP kernel may be out-dated and not worth it anymore [1]. So removing the optimization to silence the BUG. However calling try_grab_folio() in GUP slow path actually is unnecessary, so the following patch will clean this up. [1] https://lore.kernel.org/linux-mm/821cf1d6-92b9-4ac4-bacc-d8f2364ac14f@paulm… Link: https://lkml.kernel.org/r/20240625205350.1777481-1-yang@os.amperecomputing.… Fixes: 57edfcfd3419 ("mm/gup: accelerate thp gup even for "pages != NULL"") Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> Reported-by: kernel test robot <oliver.sang(a)intel.com> Tested-by: Oliver Sang <oliver.sang(a)intel.com> Acked-by: Peter Xu <peterx(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Paul E. McKenney <paulmck(a)kernel.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vivek Kasireddy <vivek.kasireddy(a)intel.com> Cc: <stable(a)vger.kernel.org> [6.6+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/netfs/buffered_write.c | 4 ++-- fs/smb/client/file.c | 4 ++-- include/linux/page_ref.h | 49 ++------------------------------------- mm/filemap.c | 10 ++++---- mm/gup.c | 2 +- 5 files changed, 12 insertions(+), 57 deletions(-) diff --git a/fs/netfs/buffered_write.c b/fs/netfs/buffered_write.c index d2ce0849bb53..e6066ddbb3ac 100644 --- a/fs/netfs/buffered_write.c +++ b/fs/netfs/buffered_write.c @@ -811,7 +811,7 @@ static void netfs_extend_writeback(struct address_space *mapping, break; } - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } @@ -1028,7 +1028,7 @@ static ssize_t netfs_writepages_begin(struct address_space *mapping, if (!folio) break; - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 9be37d0fe724..4784fece4d99 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2753,7 +2753,7 @@ static void cifs_extend_writeback(struct address_space *mapping, break; } - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } @@ -2989,7 +2989,7 @@ static ssize_t cifs_writepages_begin(struct address_space *mapping, if (!folio) break; - if (!folio_try_get_rcu(folio)) { + if (!folio_try_get(folio)) { xas_reset(xas); continue; } diff --git a/include/linux/page_ref.h b/include/linux/page_ref.h index d7c2d33baa7f..fdd2a75adb03 100644 --- a/include/linux/page_ref.h +++ b/include/linux/page_ref.h @@ -263,54 +263,9 @@ static inline bool folio_try_get(struct folio *folio) return folio_ref_add_unless(folio, 1, 0); } -static inline bool folio_ref_try_add_rcu(struct folio *folio, int count) -{ -#ifdef CONFIG_TINY_RCU - /* - * The caller guarantees the folio will not be freed from interrupt - * context, so (on !SMP) we only need preemption to be disabled - * and TINY_RCU does that for us. - */ -# ifdef CONFIG_PREEMPT_COUNT - VM_BUG_ON(!in_atomic() && !irqs_disabled()); -# endif - VM_BUG_ON_FOLIO(folio_ref_count(folio) == 0, folio); - folio_ref_add(folio, count); -#else - if (unlikely(!folio_ref_add_unless(folio, count, 0))) { - /* Either the folio has been freed, or will be freed. */ - return false; - } -#endif - return true; -} - -/** - * folio_try_get_rcu - Attempt to increase the refcount on a folio. - * @folio: The folio. - * - * This is a version of folio_try_get() optimised for non-SMP kernels. - * If you are still holding the rcu_read_lock() after looking up the - * page and know that the page cannot have its refcount decreased to - * zero in interrupt context, you can use this instead of folio_try_get(). - * - * Example users include get_user_pages_fast() (as pages are not unmapped - * from interrupt context) and the page cache lookups (as pages are not - * truncated from interrupt context). We also know that pages are not - * frozen in interrupt context for the purposes of splitting or migration. - * - * You can also use this function if you're holding a lock that prevents - * pages being frozen & removed; eg the i_pages lock for the page cache - * or the mmap_lock or page table lock for page tables. In this case, - * it will always succeed, and you could have used a plain folio_get(), - * but it's sometimes more convenient to have a common function called - * from both locked and RCU-protected contexts. - * - * Return: True if the reference count was successfully incremented. - */ -static inline bool folio_try_get_rcu(struct folio *folio) +static inline bool folio_ref_try_add(struct folio *folio, int count) { - return folio_ref_try_add_rcu(folio, 1); + return folio_ref_add_unless(folio, count, 0); } static inline int page_ref_freeze(struct page *page, int count) diff --git a/mm/filemap.c b/mm/filemap.c index 30de18c4fd28..367ea201468d 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1823,7 +1823,7 @@ void *filemap_get_entry(struct address_space *mapping, pgoff_t index) if (!folio || xa_is_value(folio)) goto out; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto repeat; if (unlikely(folio != xas_reload(&xas))) { @@ -1977,7 +1977,7 @@ static inline struct folio *find_get_entry(struct xa_state *xas, pgoff_t max, if (!folio || xa_is_value(folio)) return folio; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto reset; if (unlikely(folio != xas_reload(xas))) { @@ -2157,7 +2157,7 @@ unsigned filemap_get_folios_contig(struct address_space *mapping, if (xa_is_value(folio)) goto update_start; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -2289,7 +2289,7 @@ static void filemap_get_read_batch(struct address_space *mapping, break; if (xa_is_sibling(folio)) break; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) goto retry; if (unlikely(folio != xas_reload(&xas))) @@ -3448,7 +3448,7 @@ static struct folio *next_uptodate_folio(struct xa_state *xas, continue; if (folio_test_locked(folio)) continue; - if (!folio_try_get_rcu(folio)) + if (!folio_try_get(folio)) continue; /* Has the page moved or been split? */ if (unlikely(folio != xas_reload(xas))) diff --git a/mm/gup.c b/mm/gup.c index 1611e73b1121..ec8570d25a6c 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -76,7 +76,7 @@ static inline struct folio *try_get_folio(struct page *page, int refs) folio = page_folio(page); if (WARN_ON_ONCE(folio_ref_count(folio) < 0)) return NULL; - if (unlikely(!folio_ref_try_add_rcu(folio, refs))) + if (unlikely(!folio_ref_try_add(folio, refs))) return NULL; /* -- 2.41.0

9 months, 2 weeks

2
1
0 0

FAILED: patch "[PATCH] ACPI: processor_idle: Fix invalid comparison with insertion" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 233323f9b9f828cd7cd5145ad811c1990b692542 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024071528-foothill-overdraft-d69a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 233323f9b9f8 ("ACPI: processor_idle: Fix invalid comparison with insertion sort for latency") 0e6078c3c673 ("ACPI: processor idle: Use swap() instead of open coding it") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 233323f9b9f828cd7cd5145ad811c1990b692542 Mon Sep 17 00:00:00 2001 From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Date: Tue, 2 Jul 2024 04:56:39 +0800 Subject: [PATCH] ACPI: processor_idle: Fix invalid comparison with insertion sort for latency The acpi_cst_latency_cmp() comparison function currently used for sorting C-state latencies does not satisfy transitivity, causing incorrect sorting results. Specifically, if there are two valid acpi_processor_cx elements A and B and one invalid element C, it may occur that A < B, A = C, and B = C. Sorting algorithms assume that if A < B and A = C, then C < B, leading to incorrect ordering. Given the small size of the array (<=8), we replace the library sort function with a simple insertion sort that properly ignores invalid elements and sorts valid ones based on latency. This change ensures correct ordering of the C-state latencies. Fixes: 65ea8f2c6e23 ("ACPI: processor idle: Fix up C-state latency if not ordered") Reported-by: Julian Sikorski <belegdol(a)gmail.com> Closes: https://lore.kernel.org/lkml/70674dc7-5586-4183-8953-8095567e73df@gmail.com Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Tested-by: Julian Sikorski <belegdol(a)gmail.com> Cc: All applicable <stable(a)vger.kernel.org> Link: https://patch.msgid.link/20240701205639.117194-1-visitorckw@gmail.com Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c index bd6a7857ce05..831fa4a12159 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c @@ -16,7 +16,6 @@ #include <linux/acpi.h> #include <linux/dmi.h> #include <linux/sched.h> /* need_resched() */ -#include <linux/sort.h> #include <linux/tick.h> #include <linux/cpuidle.h> #include <linux/cpu.h> @@ -386,25 +385,24 @@ static void acpi_processor_power_verify_c3(struct acpi_processor *pr, acpi_write_bit_register(ACPI_BITREG_BUS_MASTER_RLD, 1); } -static int acpi_cst_latency_cmp(const void *a, const void *b) +static void acpi_cst_latency_sort(struct acpi_processor_cx *states, size_t length) { - const struct acpi_processor_cx *x = a, *y = b; + int i, j, k; - if (!(x->valid && y->valid)) - return 0; - if (x->latency > y->latency) - return 1; - if (x->latency < y->latency) - return -1; - return 0; -} -static void acpi_cst_latency_swap(void *a, void *b, int n) -{ - struct acpi_processor_cx *x = a, *y = b; + for (i = 1; i < length; i++) { + if (!states[i].valid) + continue; - if (!(x->valid && y->valid)) - return; - swap(x->latency, y->latency); + for (j = i - 1, k = i; j >= 0; j--) { + if (!states[j].valid) + continue; + + if (states[j].latency > states[k].latency) + swap(states[j].latency, states[k].latency); + + k = j; + } + } } static int acpi_processor_power_verify(struct acpi_processor *pr) @@ -449,10 +447,7 @@ static int acpi_processor_power_verify(struct acpi_processor *pr) if (buggy_latency) { pr_notice("FW issue: working around C-state latencies out of order\n"); - sort(&pr->power.states[1], max_cstate, - sizeof(struct acpi_processor_cx), - acpi_cst_latency_cmp, - acpi_cst_latency_swap); + acpi_cst_latency_sort(&pr->power.states[1], max_cstate); } lapic_timer_propagate_broadcast(pr);

9 months, 2 weeks

3
2
0 0

Missing writer side af_unix annotations in 4.19.317

by syphyr

Several commits were made in v4.19.317 for af_unix to fix race conditions. Most of the READ_ONCE commits were added to v4.19.317, but the WRITE_ONCE on the writer side did not get added. For example, https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=…

9 months, 2 weeks

2
1
0 0

Re: [PATCH] ARM: fix get_user() broken with veneer

by John Stultz

On Tue, Sep 26, 2023 at 9:09 AM Masahiro Yamada <masahiroy(a)kernel.org> wrote: > > The 32-bit ARM kernel stops working if the kernel grows to the point > where veneers for __get_user_* are created. > > AAPCS32 [1] states, "Register r12 (IP) may be used by a linker as a > scratch register between a routine and any subroutine it calls. It > can also be used within a routine to hold intermediate values between > subroutine calls." > > However, bl instructions buried within the inline asm are unpredictable > for compilers; hence, "ip" must be added to the clobber list. > > This becomes critical when veneers for __get_user_* are created because > veneers use the ip register since commit 02e541db0540 ("ARM: 8323/1: > force linker to use PIC veneers"). > > [1]: https://github.com/ARM-software/abi-aa/blob/2023Q1/aapcs32/aapcs32.rst > > Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> > Reviewed-by: Ard Biesheuvel <ardb(a)kernel.org> + stable(a)vger.kernel.org It seems like this (commit 24d3ba0a7b44c1617c27f5045eecc4f34752ab03 upstream) would be a good candidate for -stable? The issue it fixes can manifest in lots of very strange ways, so it would be good to avoid others getting tripped up by it on -stable branches. (Apologies for being a bit verbose in the following, I've included a lot of details and breadcrumbs so others might find this if they run into the same issues.) I was recently looking into an arm32 issue, and found getting a custom built kernel consistently working in qemu-system-arm to bisect issues in the range of 5.15-6.6 was a bit difficult, as I would hit a couple different odd errors. For 5.15 I was seeing systemd fail to start in a fairly opaque way: starting systemd-udevd.service - Rule-based Manager for Device Events and Files. systemd-udevd.service: Main process exited, code=exited, status=1/FAILURE systemd-udevd.service: Failed with result 'exit-code'. Failed to start systemd-udevd.service - Rule-based Manager for Device Events and Files. But further looking through the logs I found: systemd[1]: Failed to open netlink: Operation not permitted Despite lots of digging to try to understand what was going wrong, the one thing that worked was switching to CONFIG_CC_OPTIMIZE_FOR_SIZE (which I only tried as I came across this old thread: https://lists.yoctoproject.org/g/linux-yocto/message/8035 ), this seemed very suspicious, but I didn't have a lot of time to dig further. That resolved things until ~6.1, where I started seeing crashes at init: [ 16.982562] Run /init as init process [ 16.989311] Failed to execute /init (error -22) [ 16.990017] Run /sbin/init as init process [ 16.994737] Starting init: /sbin/init exists but couldn't execute it (error -22) That I bisected that failure down to being supposedly caused by commit 5750121ae738 ("kbuild: list sub-directories in ./Kbuild") https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… And searching around that commit luckily led me to this change, which finally seems to resolve the different issues I saw for 6.6, 6.1 and 5.15! Now, In my rush to get something booting with qemu, I started with the debian config but disabled modules, and didn't put much time into getting rid of config options or drivers I wouldn't need. So the kernel is pretty large. So maybe not super common, but I definitely wouldn't want others to have to go down this debugging rabbit hole. thanks -john

9 months, 2 weeks

3
2
0 0

[PATCH 2/2] serial: sc16is7xx: fix invalid FIFO access with special register set

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. Fixes: dfeae619d781 ("serial: sc16is7xx") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/tty/serial/sc16is7xx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index 58696e05492c..b4c1798a1df2 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -592,6 +592,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) SC16IS7XX_MCR_CLKSEL_BIT, prescaler == 1 ? 0 : SC16IS7XX_MCR_CLKSEL_BIT); + mutex_lock(&one->efr_lock); + /* Backup LCR and access special register set (DLL/DLH) */ lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, @@ -606,6 +608,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) /* Restore LCR and access to general register set */ sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); + mutex_unlock(&one->efr_lock); + return DIV_ROUND_CLOSEST((clk / prescaler) / 16, div); } -- 2.39.2

9 months, 2 weeks

1
0
0 0

[PATCH 1/2] serial: sc16is7xx: fix TX fifo corruption

by Hugo Villeneuve

From: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B. In other words, the Tx buffer data on channel B is corrupted with data from channel A. The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change EFR lock to operate on each channels"), which changed the EFR locking to operate on each channel instead of chip-wise. This commit has introduced a regression, because the EFR lock is used not only to protect the EFR registers access, but also, in a very obscure and undocumented way, to protect access to the data buffer, which is shared by the Tx and Rx handlers, but also by each channel of the IC. Fix this regression first by switching to kfifo_out_linear_ptr() in sc16is7xx_handle_tx() to eliminate the need for a shared Rx/Tx buffer. Secondly, replace the chip-wise Rx buffer with a separate Rx buffer for each channel. Fixes: 4409df5866b7 ("serial: sc16is7xx: change EFR lock to operate on each channels") Cc: <stable(a)vger.kernel.org> Signed-off-by: Hugo Villeneuve <hvilleneuve(a)dimonoff.com> --- drivers/tty/serial/sc16is7xx.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c index c79dcd7c8d1a..58696e05492c 100644 --- a/drivers/tty/serial/sc16is7xx.c +++ b/drivers/tty/serial/sc16is7xx.c @@ -327,6 +327,7 @@ struct sc16is7xx_one { struct kthread_work reg_work; struct kthread_delayed_work ms_work; struct sc16is7xx_one_config config; + unsigned char buf[SC16IS7XX_FIFO_SIZE]; /* Rx buffer. */ unsigned int old_mctrl; u8 old_lcr; /* Value before EFR access. */ bool irda_mode; @@ -340,7 +341,6 @@ struct sc16is7xx_port { unsigned long gpio_valid_mask; #endif u8 mctrl_mask; - unsigned char buf[SC16IS7XX_FIFO_SIZE]; struct kthread_worker kworker; struct task_struct *kworker_task; struct sc16is7xx_one p[]; @@ -612,18 +612,18 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, unsigned int iir) { - struct sc16is7xx_port *s = dev_get_drvdata(port->dev); + struct sc16is7xx_one *one = to_sc16is7xx_one(port, port); unsigned int lsr = 0, bytes_read, i; bool read_lsr = (iir == SC16IS7XX_IIR_RLSE_SRC) ? true : false; u8 ch, flag; - if (unlikely(rxlen >= sizeof(s->buf))) { + if (unlikely(rxlen >= sizeof(one->buf))) { dev_warn_ratelimited(port->dev, "ttySC%i: Possible RX FIFO overrun: %d\n", port->line, rxlen); port->icount.buf_overrun++; /* Ensure sanity of RX level */ - rxlen = sizeof(s->buf); + rxlen = sizeof(one->buf); } while (rxlen) { @@ -636,10 +636,10 @@ static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, lsr = 0; if (read_lsr) { - s->buf[0] = sc16is7xx_port_read(port, SC16IS7XX_RHR_REG); + one->buf[0] = sc16is7xx_port_read(port, SC16IS7XX_RHR_REG); bytes_read = 1; } else { - sc16is7xx_fifo_read(port, s->buf, rxlen); + sc16is7xx_fifo_read(port, one->buf, rxlen); bytes_read = rxlen; } @@ -672,7 +672,7 @@ static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, } for (i = 0; i < bytes_read; ++i) { - ch = s->buf[i]; + ch = one->buf[i]; if (uart_handle_sysrq_char(port, ch)) continue; @@ -690,10 +690,10 @@ static void sc16is7xx_handle_rx(struct uart_port *port, unsigned int rxlen, static void sc16is7xx_handle_tx(struct uart_port *port) { - struct sc16is7xx_port *s = dev_get_drvdata(port->dev); struct tty_port *tport = &port->state->port; unsigned long flags; unsigned int txlen; + unsigned char *tail; if (unlikely(port->x_char)) { sc16is7xx_port_write(port, SC16IS7XX_THR_REG, port->x_char); @@ -718,8 +718,9 @@ static void sc16is7xx_handle_tx(struct uart_port *port) txlen = 0; } - txlen = uart_fifo_out(port, s->buf, txlen); - sc16is7xx_fifo_write(port, s->buf, txlen); + txlen = kfifo_out_linear_ptr(&tport->xmit_fifo, &tail, txlen); + sc16is7xx_fifo_write(port, tail, txlen); + uart_xmit_advance(port, txlen); uart_port_lock_irqsave(port, &flags); if (kfifo_len(&tport->xmit_fifo) < WAKEUP_CHARS) -- 2.39.2

9 months, 2 weeks

1
0
0 0

FAILED: patch "[PATCH] thermal: core: Allow thermal zones to tell the core to ignore" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x e528be3c87be953b73e7826a2d7e4b837cbad39d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024072302-policy-spleen-3156@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: e528be3c87be ("thermal: core: Allow thermal zones to tell the core to ignore them") 7c8267275de6 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e528be3c87be953b73e7826a2d7e4b837cbad39d Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Wed, 17 Jul 2024 21:45:02 +0200 Subject: [PATCH] thermal: core: Allow thermal zones to tell the core to ignore them The iwlwifi wireless driver registers a thermal zone that is only needed when the network interface handled by it is up and it wants that thermal zone to be effectively ignored by the core otherwise. Before commit a8a261774466 ("thermal: core: Call monitor_thermal_zone() if zone temperature is invalid") that could be achieved by returning an error code from the thermal zone's .get_temp() callback because the core did not really handle errors returned by it almost at all. However, commit a8a261774466 made the core attempt to recover from the situation in which the temperature of a thermal zone cannot be determined due to errors returned by its .get_temp() and is always invalid from the core's perspective. That was done because there are thermal zones in which .get_temp() returns errors to start with due to some difficulties related to the initialization ordering, but then it will start to produce valid temperature values at one point. Unfortunately, the simple approach taken by commit a8a261774466, which is to poll the thermal zone periodically until its .get_temp() callback starts to return valid temperature values, is at odds with the special thermal zone in iwlwifi in which .get_temp() may always return an error because its network interface may always be down. If that happens, every attempt to invoke the thermal zone's .get_temp() callback resulting in an error causes the thermal core to print a dev_warn() message to the kernel log which is super-noisy. To address this problem, make the core handle the case in which .get_temp() returns 0, but the temperature value returned by it is not actually valid, in a special way. Namely, make the core completely ignore the invalid temperature value coming from .get_temp() in that case, which requires folding in update_temperature() into its caller and a few related changes. On the iwlwifi side, modify iwl_mvm_tzone_get_temp() to return 0 and put THERMAL_TEMP_INVALID into the temperature return memory location instead of returning an error when the firmware is not running or it is not of the right type. Also, to clearly separate the handling of invalid temperature values from the thermal zone initialization, introduce a special THERMAL_TEMP_INIT value specifically for the latter purpose. Fixes: a8a261774466 ("thermal: core: Call monitor_thermal_zone() if zone temperature is invalid") Closes: https://lore.kernel.org/linux-pm/20240715044527.GA1544@sol.localdomain/ Reported-by: Eric Biggers <ebiggers(a)kernel.org> Reported-by: Stefan Lippers-Hollmann <s.l-h(a)gmx.de> Link: https://bugzilla.kernel.org/show_bug.cgi?id=201761 Tested-by: Oleksandr Natalenko <oleksandr(a)natalenko.name> Tested-by: Stefan Lippers-Hollmann <s.l-h(a)gmx.de> Cc: 6.10+ <stable(a)vger.kernel.org> # 6.10+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Link: https://patch.msgid.link/4950004.31r3eYUQgx@rjwysocki.net [ rjw: Rebased on top of the current mainline ] Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/tt.c b/drivers/net/wireless/intel/iwlwifi/mvm/tt.c index ed0796aff722..d92470960b38 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/tt.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/tt.c @@ -621,8 +621,14 @@ static int iwl_mvm_tzone_get_temp(struct thermal_zone_device *device, guard(mvm)(mvm); if (!iwl_mvm_firmware_running(mvm) || - mvm->fwrt.cur_fw_img != IWL_UCODE_REGULAR) - return -ENODATA; + mvm->fwrt.cur_fw_img != IWL_UCODE_REGULAR) { + /* + * Tell the core that there is no valid temperature value to + * return, but it need not worry about this. + */ + *temperature = THERMAL_TEMP_INVALID; + return 0; + } ret = iwl_mvm_get_temp(mvm, &temp); if (ret) diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c index 8795187fbc52..f6e700e48aad 100644 --- a/drivers/thermal/thermal_core.c +++ b/drivers/thermal/thermal_core.c @@ -300,8 +300,6 @@ static void monitor_thermal_zone(struct thermal_zone_device *tz) thermal_zone_device_set_polling(tz, tz->passive_delay_jiffies); else if (tz->polling_delay_jiffies) thermal_zone_device_set_polling(tz, tz->polling_delay_jiffies); - else if (tz->temperature == THERMAL_TEMP_INVALID) - thermal_zone_device_set_polling(tz, msecs_to_jiffies(THERMAL_RECHECK_DELAY_MS)); } static struct thermal_governor *thermal_get_tz_governor(struct thermal_zone_device *tz) @@ -382,7 +380,7 @@ static void handle_thermal_trip(struct thermal_zone_device *tz, td->threshold = trip->temperature; if (tz->last_temperature >= old_threshold && - tz->last_temperature != THERMAL_TEMP_INVALID) { + tz->last_temperature != THERMAL_TEMP_INIT) { /* * Mitigation is under way, so it needs to stop if the zone * temperature falls below the low temperature of the trip. @@ -417,27 +415,6 @@ static void handle_thermal_trip(struct thermal_zone_device *tz, } } -static void update_temperature(struct thermal_zone_device *tz) -{ - int temp, ret; - - ret = __thermal_zone_get_temp(tz, &temp); - if (ret) { - if (ret != -EAGAIN) - dev_warn(&tz->device, - "failed to read out thermal zone (%d)\n", - ret); - return; - } - - tz->last_temperature = tz->temperature; - tz->temperature = temp; - - trace_thermal_temperature(tz); - - thermal_genl_sampling_temp(tz->id, temp); -} - static void thermal_zone_device_check(struct work_struct *work) { struct thermal_zone_device *tz = container_of(work, struct @@ -452,7 +429,7 @@ static void thermal_zone_device_init(struct thermal_zone_device *tz) INIT_DELAYED_WORK(&tz->poll_queue, thermal_zone_device_check); - tz->temperature = THERMAL_TEMP_INVALID; + tz->temperature = THERMAL_TEMP_INIT; tz->passive = 0; tz->prev_low_trip = -INT_MAX; tz->prev_high_trip = INT_MAX; @@ -504,6 +481,7 @@ void __thermal_zone_device_update(struct thermal_zone_device *tz, struct thermal_trip_desc *td; LIST_HEAD(way_down_list); LIST_HEAD(way_up_list); + int temp, ret; if (tz->suspended) return; @@ -511,10 +489,29 @@ void __thermal_zone_device_update(struct thermal_zone_device *tz, if (!thermal_zone_device_is_enabled(tz)) return; - update_temperature(tz); + ret = __thermal_zone_get_temp(tz, &temp); + if (ret) { + if (ret != -EAGAIN) + dev_info(&tz->device, "Temperature check failed (%d)\n", ret); - if (tz->temperature == THERMAL_TEMP_INVALID) + thermal_zone_device_set_polling(tz, msecs_to_jiffies(THERMAL_RECHECK_DELAY_MS)); + return; + } else if (temp <= THERMAL_TEMP_INVALID) { + /* + * Special case: No valid temperature value is available, but + * the zone owner does not want the core to do anything about + * it. Continue regular zone polling if needed, so that this + * function can be called again, but skip everything else. + */ goto monitor; + } + + tz->last_temperature = tz->temperature; + tz->temperature = temp; + + trace_thermal_temperature(tz); + + thermal_genl_sampling_temp(tz->id, temp); tz->notify_event = event; diff --git a/drivers/thermal/thermal_core.h b/drivers/thermal/thermal_core.h index 30c0e78859a7..ba8e6fc807ca 100644 --- a/drivers/thermal/thermal_core.h +++ b/drivers/thermal/thermal_core.h @@ -133,6 +133,9 @@ struct thermal_zone_device { struct thermal_trip_desc trips[] __counted_by(num_trips); }; +/* Initial thermal zone temperature. */ +#define THERMAL_TEMP_INIT INT_MIN + /* * Default delay after a failing thermal zone temperature check before * attempting to check it again. diff --git a/drivers/thermal/thermal_helpers.c b/drivers/thermal/thermal_helpers.c index 81e019493557..aedb8369e2aa 100644 --- a/drivers/thermal/thermal_helpers.c +++ b/drivers/thermal/thermal_helpers.c @@ -163,6 +163,8 @@ int thermal_zone_get_temp(struct thermal_zone_device *tz, int *temp) } ret = __thermal_zone_get_temp(tz, temp); + if (!ret && *temp <= THERMAL_TEMP_INVALID) + ret = -ENODATA; unlock: mutex_unlock(&tz->lock);

9 months, 2 weeks

2
1
0 0

[PATCH 5.15.y 0/8] Backport patches for DAMON merge regions fix

by SeongJae Park

Commit 310d6c15e910 ("mm/damon/core: merge regions aggressively when max_nr_regions") causes a build warning and a build failure [1] on 5.15.y. Those are due to 1) unnecessarily strict type check from max(), and 2) use of not-yet-introduced damon_ctx->attrs field, respectively. Fix the warning by backporting a minmax.h upstream commit that made the type check less strict for unnecessary case, and upstream commits that it depends on. Note that all patches except the fourth one ("minmax: fix header inclusions") are clean cherry-picks of upstream commit. For the fourth one, minor conflict resolving was needed. Also, the last patch, which is the backport of the DAMON fix, was cleanly cherry-picked, but added manual fix for the build failure. [1] https://lore.kernel.org/2024071532-pebble-jailhouse-48b2@gregkh Andy Shevchenko (1): minmax: fix header inclusions Bart Van Assche (1): tracing: Define the is_signed_type() macro once David Laight (3): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants Jason A. Donenfeld (2): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet include/linux/compiler.h | 6 +++ include/linux/minmax.h | 89 ++++++++++++++++++++++++++---------- include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 - mm/damon/core.c | 23 ++++++++-- 5 files changed, 90 insertions(+), 31 deletions(-) base-commit: 4d1b7f1bf3858ed48a98c004bda5fdff2cdf13c8 -- 2.39.2

9 months, 2 weeks

2
9
0 0

[PATCH 6.1.y 0/7] Backport patches for DAMON merge regions fix

by SeongJae Park

Commit 310d6c15e910 ("mm/damon/core: merge regions aggressively when max_nr_regions") causes a build warning [1] on 6.1.y. That was due to unnecessarily strict type check from max(). Fix the warning by backporting a minmax.h upstream commit that made the type check less strict for unnecessary case, and upstream commits that it depends on. Note that all patches except the third one ("minmax: fix header inclusions") are clean cherry-picks of upstream commit. For the third one, a minor conflict fix was needed. [1] https://lore.kernel.org/2024071519-janitor-robe-779f@gregkh Andy Shevchenko (1): minmax: fix header inclusions David Laight (3): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants Jason A. Donenfeld (2): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet include/linux/minmax.h | 89 ++++++++++++++++++++++++++++++------------ mm/damon/core.c | 21 +++++++++- 2 files changed, 83 insertions(+), 27 deletions(-) base-commit: 291e563ecab1ea89c70172ecf0d6bff7b725d3cb -- 2.39.2

9 months, 2 weeks

2
9
0 0

[PATCH 6.10 0/9] 6.10.1-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.1 release. There are 9 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 25 Jul 2024 11:40:39 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.1-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.1-rc1 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Limit Speaker Volume to +12dB maximum Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Use header defines for Speaker Volume control definition Hao Ge <gehao(a)kylinos.cn> tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() David Howells <dhowells(a)redhat.com> cifs: Fix setting of zero_point after DIO write David Howells <dhowells(a)redhat.com> cifs: Fix server re-repick on subrequest retry Steve French <stfrench(a)microsoft.com> cifs: fix noisy message on copy_file_range David Howells <dhowells(a)redhat.com> cifs: Fix missing fscache invalidation David Howells <dhowells(a)redhat.com> cifs: Fix missing error code set Kees Cook <kees(a)kernel.org> ext4: use memtostr_pad() for s_volume_name ------------- Diffstat: Makefile | 4 ++-- drivers/char/tpm/tpm2-sessions.c | 5 +++-- fs/ext4/ext4.h | 2 +- fs/ext4/ioctl.c | 2 +- fs/smb/client/cifsfs.c | 2 +- fs/smb/client/file.c | 21 +++++++++++++++++---- fs/smb/client/smb2pdu.c | 3 --- include/sound/cs35l56.h | 2 +- sound/soc/codecs/cs35l56.c | 6 +++++- 9 files changed, 31 insertions(+), 16 deletions(-)

9 months, 2 weeks

1
9
0 0

[PATCH for-6.10 0/2] ASoC: cs35l56: Set correct upper volume limit

by Richard Fitzgerald

Patch series to limit the upper range of the CS35L56 volume control to +12 dB. These commits were not marked 'Fixes' because they were thought to be only a cosmetic issue. The user could reduce the volume to a usable value. But for some complex audio topologies with SOF Audio DSP + CS42L43 + multiple CS35L56 it has turned out to be not obvious to the user what the problem actually is and what to do to fix it. As support for these topologies went into 6.10 we would like this series to be applied to 6.10. Richard Fitzgerald (2): ASoC: cs35l56: Use header defines for Speaker Volume control definition ASoC: cs35l56: Limit Speaker Volume to +12dB maximum include/sound/cs35l56.h | 2 +- sound/soc/codecs/cs35l56.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) -- 2.39.2

9 months, 2 weeks

2
3
0 0

[PATCH 5.15] scsi: core: Fix a use-after-free

by Maximilian Heyne

From: Bart Van Assche <bvanassche(a)acm.org> [ Upstream commit 8fe4ce5836e932f5766317cb651c1ff2a4cd0506 ] There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0 Link: https://lore.kernel.org/r/20220826002635.919423-1-bvanassche@acm.org Fixes: 65ca846a5314 ("scsi: core: Introduce {init,exit}_cmd_priv()") Cc: Ming Lei <ming.lei(a)redhat.com> Cc: Christoph Hellwig <hch(a)lst.de> Cc: Mike Christie <michael.christie(a)oracle.com> Cc: Hannes Reinecke <hare(a)suse.de> Cc: John Garry <john.garry(a)huawei.com> Cc: Li Zhijian <lizhijian(a)fujitsu.com> Reported-by: Li Zhijian <lizhijian(a)fujitsu.com> Tested-by: Li Zhijian <lizhijian(a)fujitsu.com> Signed-off-by: Bart Van Assche <bvanassche(a)acm.org> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> [mheyne: fixed contextual conflicts: - drivers/scsi/hosts.c: due to missing commit 973dac8a8a14 ("scsi: core: Refine how we set tag_set NUMA node") - drivers/scsi/scsi_sysfs.c: due to missing commit 6f8191fdf41d ("block: simplify disk shutdown")] Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> Cc: stable(a)vger.kernel.org # v5.15 --- drivers/scsi/hosts.c | 16 +++++++++++++--- drivers/scsi/scsi_lib.c | 6 +++++- drivers/scsi/scsi_priv.h | 2 +- drivers/scsi/scsi_scan.c | 1 + drivers/scsi/scsi_sysfs.c | 1 + include/scsi/scsi_host.h | 2 ++ 6 files changed, 23 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c index 4caee4e32461..eb3e8b41adb1 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -182,6 +182,15 @@ void scsi_remove_host(struct Scsi_Host *shost) scsi_proc_host_rm(shost); scsi_proc_hostdir_rm(shost->hostt); + /* + * New SCSI devices cannot be attached anymore because of the SCSI host + * state so drop the tag set refcnt. Wait until the tag set refcnt drops + * to zero because .exit_cmd_priv implementations may need the host + * pointer. + */ + kref_put(&shost->tagset_refcnt, scsi_mq_free_tags); + wait_for_completion(&shost->tagset_freed); + spin_lock_irqsave(shost->host_lock, flags); if (scsi_host_set_state(shost, SHOST_DEL)) BUG_ON(scsi_host_set_state(shost, SHOST_DEL_RECOVERY)); @@ -240,6 +249,9 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, shost->dma_dev = dma_dev; + kref_init(&shost->tagset_refcnt); + init_completion(&shost->tagset_freed); + /* * Increase usage count temporarily here so that calling * scsi_autopm_put_host() will trigger runtime idle if there is @@ -312,6 +324,7 @@ int scsi_add_host_with_dma(struct Scsi_Host *shost, struct device *dev, pm_runtime_disable(&shost->shost_gendev); pm_runtime_set_suspended(&shost->shost_gendev); pm_runtime_put_noidle(&shost->shost_gendev); + kref_put(&shost->tagset_refcnt, scsi_mq_free_tags); fail: return error; } @@ -344,9 +357,6 @@ static void scsi_host_dev_release(struct device *dev) kfree(dev_name(&shost->shost_dev)); } - if (shost->tag_set.tags) - scsi_mq_destroy_tags(shost); - kfree(shost->shost_data); ida_simple_remove(&host_index_ida, shost->host_no); diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c index 0389bf281f4b..2d3779032163 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c @@ -1949,9 +1949,13 @@ int scsi_mq_setup_tags(struct Scsi_Host *shost) return blk_mq_alloc_tag_set(tag_set); } -void scsi_mq_destroy_tags(struct Scsi_Host *shost) +void scsi_mq_free_tags(struct kref *kref) { + struct Scsi_Host *shost = container_of(kref, typeof(*shost), + tagset_refcnt); + blk_mq_free_tag_set(&shost->tag_set); + complete(&shost->tagset_freed); } /** diff --git a/drivers/scsi/scsi_priv.h b/drivers/scsi/scsi_priv.h index b650407690a8..b531dec3d420 100644 --- a/drivers/scsi/scsi_priv.h +++ b/drivers/scsi/scsi_priv.h @@ -95,7 +95,7 @@ extern void scsi_run_host_queues(struct Scsi_Host *shost); extern void scsi_requeue_run_queue(struct work_struct *work); extern void scsi_start_queue(struct scsi_device *sdev); extern int scsi_mq_setup_tags(struct Scsi_Host *shost); -extern void scsi_mq_destroy_tags(struct Scsi_Host *shost); +extern void scsi_mq_free_tags(struct kref *kref); extern void scsi_exit_queue(void); extern void scsi_evt_thread(struct work_struct *work); diff --git a/drivers/scsi/scsi_scan.c b/drivers/scsi/scsi_scan.c index 86c10edbb5f1..9c155d576814 100644 --- a/drivers/scsi/scsi_scan.c +++ b/drivers/scsi/scsi_scan.c @@ -324,6 +324,7 @@ static struct scsi_device *scsi_alloc_sdev(struct scsi_target *starget, kfree(sdev); goto out; } + kref_get(&sdev->host->tagset_refcnt); sdev->request_queue = q; q->queuedata = sdev; __scsi_init_queue(sdev->host, q); diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c index 774864b54b97..4c72116c8693 100644 --- a/drivers/scsi/scsi_sysfs.c +++ b/drivers/scsi/scsi_sysfs.c @@ -1490,6 +1490,7 @@ void __scsi_remove_device(struct scsi_device *sdev) mutex_unlock(&sdev->state_mutex); blk_cleanup_queue(sdev->request_queue); + kref_put(&sdev->host->tagset_refcnt, scsi_mq_free_tags); cancel_work_sync(&sdev->requeue_work); if (sdev->host->hostt->slave_destroy) diff --git a/include/scsi/scsi_host.h b/include/scsi/scsi_host.h index f50861e4e88a..3ed93982dbf0 100644 --- a/include/scsi/scsi_host.h +++ b/include/scsi/scsi_host.h @@ -565,6 +565,8 @@ struct Scsi_Host { struct scsi_host_template *hostt; struct scsi_transport_template *transportt; + struct kref tagset_refcnt; + struct completion tagset_freed; /* Area to keep a shared tag map */ struct blk_mq_tag_set tag_set; -- 2.40.1 Amazon Web Services Development Center Germany GmbH Krausenstr. 38 10117 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

9 months, 2 weeks

1
0
0 0

Re: Linux 6.10 regression resulting in a crash when using an ext4 filesystem

by Thorsten Leemhuis

On 23.07.24 06:11, Theodore Ts'o wrote: > On Mon, Jul 22, 2024 at 12:06:59AM -0700, Kees Cook wrote: >>> Is strscpy_pad appropriate if the @src parameter itself is a fixed >>> length char[16] which isn't null terminated when the label itself is 16 >>> chars long? >> >> Nope; it needed memtostr_pad(). I sent the fix back at the end of May, but it only just recently landed: >> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… > > Yeah, sorry, I was on vacation for 3.5 weeks starting just before > Memorial day, and it took me a while to get caught up. Unfortunately, > I missed the bug in the strncpy extirpation patch, and it was't > something that our regression tests caught. (Sometimes, the > old/deprecated ways are just more reliable; all of ext4's strncpy() > calls were working and had been correct for decades. :-P ) > > Anyway, Kees's bugfix is in Linus's tree, and it should be shortly be > making its way to -stable. Adding Greg and the stable list to the list of recipients: given that we already have two reports about trouble due to this[1] he might want to fast-track the fix (be27cd64461c45 ("ext4: use memtostr_pad() for s_volume_name")) to 6.10.y, as it's not queued yet -- at least afaics from looking at https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tre… Ciao, Thorsten [1] https://bugzilla.kernel.org/show_bug.cgi?id=219072 and https://bugzilla.kernel.org/show_bug.cgi?id=219078

9 months, 2 weeks

2
1
0 0

[PATCH net] gve: Fix an edge case for TSO skb validity check

by Praveen Kaligineedi

From: Bailey Forrest <bcf(a)google.com> The NIC requires each TSO segment to not span more than 10 descriptors. gve_can_send_tso() performs this check. However, the current code misses an edge case when a TSO skb has a large frag that needs to be split into multiple descriptors, causing the 10 descriptor limit per TSO-segment to be exceeded. This change fixes the edge case. Fixes: a57e5de476be ("gve: DQO: Add TX path") Signed-off-by: Praveen Kaligineedi <pkaligineedi(a)google.com> Signed-off-by: Bailey Forrest <bcf(a)google.com> Reviewed-by: Jeroen de Borst <jeroendb(a)google.com> --- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/google/gve/gve_tx_dqo.c b/drivers/net/ethernet/google/gve/gve_tx_dqo.c index 0b3cca3fc792..dc39dc481f21 100644 --- a/drivers/net/ethernet/google/gve/gve_tx_dqo.c +++ b/drivers/net/ethernet/google/gve/gve_tx_dqo.c @@ -866,22 +866,42 @@ static bool gve_can_send_tso(const struct sk_buff *skb) const int header_len = skb_tcp_all_headers(skb); const int gso_size = shinfo->gso_size; int cur_seg_num_bufs; + int last_frag_size; int cur_seg_size; int i; cur_seg_size = skb_headlen(skb) - header_len; + last_frag_size = skb_headlen(skb); cur_seg_num_bufs = cur_seg_size > 0; for (i = 0; i < shinfo->nr_frags; i++) { if (cur_seg_size >= gso_size) { cur_seg_size %= gso_size; cur_seg_num_bufs = cur_seg_size > 0; + + /* If the last buffer is split in the middle of a TSO + * segment, then it will count as two descriptors. + */ + if (last_frag_size > GVE_TX_MAX_BUF_SIZE_DQO) { + int last_frag_remain = last_frag_size % + GVE_TX_MAX_BUF_SIZE_DQO; + + /* If the last frag was evenly divisible by + * GVE_TX_MAX_BUF_SIZE_DQO, then it will not be + * split in the current segment. + */ + if (last_frag_remain && + cur_seg_size > last_frag_remain) { + cur_seg_num_bufs++; + } + } } if (unlikely(++cur_seg_num_bufs > max_bufs_per_seg)) return false; - cur_seg_size += skb_frag_size(&shinfo->frags[i]); + last_frag_size = skb_frag_size(&shinfo->frags[i]); + cur_seg_size += last_frag_size; } return true; -- 2.45.2.993.g49e7a77208-goog

9 months, 2 weeks

5
10
0 0

[PATCH v2] arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent

by Qingqing Zhou

The SMMUs on sa8775p are cache-coherent. GPU SMMU is marked as such, mark the APPS and PCIe ones as well. Fixes: 603f96d4c9d0 ("arm64: dts: qcom: add initial support for qcom sa8775p-ride") Fixes: 2dba7a613a6e ("arm64: dts: qcom: sa8775p: add the pcie smmu node") Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Signed-off-by: Qingqing Zhou <quic_qqzhou(a)quicinc.com> --- Changes in v2: - Add the Fixes tags. - Update the commit message. - Link to v1: https://lore.kernel.org/lkml/20240715071649.25738-1-quic_qqzhou@quicinc.com/ --- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/sa8775p.dtsi b/arch/arm64/boot/dts/qcom/sa8775p.dtsi index 23f1b2e5e624..95691ab58a23 100644 --- a/arch/arm64/boot/dts/qcom/sa8775p.dtsi +++ b/arch/arm64/boot/dts/qcom/sa8775p.dtsi @@ -3070,6 +3070,7 @@ reg = <0x0 0x15000000 0x0 0x100000>; #iommu-cells = <2>; #global-interrupts = <2>; + dma-coherent; interrupts = <GIC_SPI 119 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 120 IRQ_TYPE_LEVEL_HIGH>, @@ -3208,6 +3209,7 @@ reg = <0x0 0x15200000 0x0 0x80000>; #iommu-cells = <2>; #global-interrupts = <2>; + dma-coherent; interrupts = <GIC_SPI 920 IRQ_TYPE_LEVEL_HIGH>, <GIC_SPI 921 IRQ_TYPE_LEVEL_HIGH>, -- 2.17.1

9 months, 2 weeks

3
3
0 0

[PATCH net 1/1] igc: Fix double reset adapter triggered from a single taprio cmd

by Faizal Rahim

Following the implementation of "igc: Add TransmissionOverrun counter" patch, when a taprio command is triggered by user, igc processes two commands: TAPRIO_CMD_REPLACE followed by TAPRIO_CMD_STATS. However, both commands unconditionally pass through igc_tsn_offload_apply() which evaluates and triggers reset adapter. The double reset causes issues in the calculation of adapter->qbv_count in igc. TAPRIO_CMD_REPLACE command is expected to reset the adapter since it activates qbv. It's unexpected for TAPRIO_CMD_STATS to do the same because it doesn't configure any driver-specific TSN settings. So, the evaluation in igc_tsn_offload_apply() isn't needed for TAPRIO_CMD_STATS. To address this, commands parsing are relocated to igc_tsn_enable_qbv_scheduling(). Commands that don't require an adapter reset will exit after processing, thus avoiding igc_tsn_offload_apply(). Fixes: d3750076d464 ("igc: Add TransmissionOverrun counter") Signed-off-by: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> --- drivers/net/ethernet/intel/igc/igc_main.c | 33 ++++++++++++----------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/drivers/net/ethernet/intel/igc/igc_main.c b/drivers/net/ethernet/intel/igc/igc_main.c index 87b655b839c1..33069880c86c 100644 --- a/drivers/net/ethernet/intel/igc/igc_main.c +++ b/drivers/net/ethernet/intel/igc/igc_main.c @@ -6310,21 +6310,6 @@ static int igc_save_qbv_schedule(struct igc_adapter *adapter, size_t n; int i; - switch (qopt->cmd) { - case TAPRIO_CMD_REPLACE: - break; - case TAPRIO_CMD_DESTROY: - return igc_tsn_clear_schedule(adapter); - case TAPRIO_CMD_STATS: - igc_taprio_stats(adapter->netdev, &qopt->stats); - return 0; - case TAPRIO_CMD_QUEUE_STATS: - igc_taprio_queue_stats(adapter->netdev, &qopt->queue_stats); - return 0; - default: - return -EOPNOTSUPP; - } - if (qopt->base_time < 0) return -ERANGE; @@ -6433,7 +6418,23 @@ static int igc_tsn_enable_qbv_scheduling(struct igc_adapter *adapter, if (hw->mac.type != igc_i225) return -EOPNOTSUPP; - err = igc_save_qbv_schedule(adapter, qopt); + switch (qopt->cmd) { + case TAPRIO_CMD_REPLACE: + err = igc_save_qbv_schedule(adapter, qopt); + break; + case TAPRIO_CMD_DESTROY: + err = igc_tsn_clear_schedule(adapter); + break; + case TAPRIO_CMD_STATS: + igc_taprio_stats(adapter->netdev, &qopt->stats); + return 0; + case TAPRIO_CMD_QUEUE_STATS: + igc_taprio_queue_stats(adapter->netdev, &qopt->queue_stats); + return 0; + default: + return -EOPNOTSUPP; + } + if (err) return err; -- 2.25.1

9 months, 2 weeks

6
5
0 0

[PATCH v3 3/5] scripts/gdb: fix lx-mounts command error

by Kuan-Ying Lee

(gdb) lx-mounts mount super_block devname pathname fstype options Python Exception <class 'gdb.error'>: There is no member named list. Error occurred in Python: There is no member named list. We encoutner the above issue after commit 2eea9ce4310d ("mounts: keep list of mounts in an rbtree"). The commit move a mount from list into rbtree. So we can instead use rbtree to iterate all mounts information. Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> --- scripts/gdb/linux/proc.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/gdb/linux/proc.py b/scripts/gdb/linux/proc.py index 43c687e7a69d..65dd1bd12964 100644 --- a/scripts/gdb/linux/proc.py +++ b/scripts/gdb/linux/proc.py @@ -18,6 +18,7 @@ from linux import utils from linux import tasks from linux import lists from linux import vfs +from linux import rbtree from struct import * @@ -172,8 +173,7 @@ values of that process namespace""" gdb.write("{:^18} {:^15} {:>9} {} {} options\n".format( "mount", "super_block", "devname", "pathname", "fstype")) - for mnt in lists.list_for_each_entry(namespace['list'], - mount_ptr_type, "mnt_list"): + for mnt in rbtree.rb_inorder_for_each_entry(namespace['mounts'], mount_ptr_type, "mnt_node"): devname = mnt['mnt_devname'].string() devname = devname if devname else "none" -- 2.34.1

9 months, 2 weeks

1
0
0 0

[PATCH v3 2/5] scripts/gdb: add iteration function for rbtree

by Kuan-Ying Lee

Add inorder iteration function for rbtree usage. This is a preparation patch for the next patch to fix the gdb mounts issue. Fixes: 2eea9ce4310d ("mounts: keep list of mounts in an rbtree") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> --- scripts/gdb/linux/rbtree.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/gdb/linux/rbtree.py b/scripts/gdb/linux/rbtree.py index fe462855eefd..fcbcc5f4153c 100644 --- a/scripts/gdb/linux/rbtree.py +++ b/scripts/gdb/linux/rbtree.py @@ -9,6 +9,18 @@ from linux import utils rb_root_type = utils.CachedType("struct rb_root") rb_node_type = utils.CachedType("struct rb_node") +def rb_inorder_for_each(root): + def inorder(node): + if node: + yield from inorder(node['rb_left']) + yield node + yield from inorder(node['rb_right']) + + yield from inorder(root['rb_node']) + +def rb_inorder_for_each_entry(root, gdbtype, member): + for node in rb_inorder_for_each(root): + yield utils.container_of(node, gdbtype, member) def rb_first(root): if root.type == rb_root_type.get_type(): -- 2.34.1

9 months, 2 weeks

1
0
0 0

[PATCH v3 1/5] scripts/gdb: fix timerlist parsing issue

by Kuan-Ying Lee

Commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") and commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") move 'tick_stopped' and 'nohz_mode' to flags field which will break the gdb lx-mounts command: (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named nohz_mode. Error occurred in Python: There is no member named nohz_mode. (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named tick_stopped. Error occurred in Python: There is no member named tick_stopped. We move 'tick_stopped' and 'nohz_mode' to flags field instead. Fixes: a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") Fixes: 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> --- scripts/gdb/linux/timerlist.py | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/scripts/gdb/linux/timerlist.py b/scripts/gdb/linux/timerlist.py index 64bc87191003..98445671fe83 100644 --- a/scripts/gdb/linux/timerlist.py +++ b/scripts/gdb/linux/timerlist.py @@ -87,21 +87,22 @@ def print_cpu(hrtimer_bases, cpu, max_clock_bases): text += "\n" if constants.LX_CONFIG_TICK_ONESHOT: - fmts = [(" .{} : {}", 'nohz_mode'), - (" .{} : {} nsecs", 'last_tick'), - (" .{} : {}", 'tick_stopped'), - (" .{} : {}", 'idle_jiffies'), - (" .{} : {}", 'idle_calls'), - (" .{} : {}", 'idle_sleeps'), - (" .{} : {} nsecs", 'idle_entrytime'), - (" .{} : {} nsecs", 'idle_waketime'), - (" .{} : {} nsecs", 'idle_exittime'), - (" .{} : {} nsecs", 'idle_sleeptime'), - (" .{}: {} nsecs", 'iowait_sleeptime'), - (" .{} : {}", 'last_jiffies'), - (" .{} : {}", 'next_timer'), - (" .{} : {} nsecs", 'idle_expires')] - text += "\n".join([s.format(f, ts[f]) for s, f in fmts]) + TS_FLAG_STOPPED = 1 << 1 + TS_FLAG_NOHZ = 1 << 4 + text += f" .{'nohz':15s}: {int(bool(ts['flags'] & TS_FLAG_NOHZ))}\n" + text += f" .{'last_tick':15s}: {ts['last_tick']}\n" + text += f" .{'tick_stopped':15s}: {int(bool(ts['flags'] & TS_FLAG_STOPPED))}\n" + text += f" .{'idle_jiffies':15s}: {ts['idle_jiffies']}\n" + text += f" .{'idle_calls':15s}: {ts['idle_calls']}\n" + text += f" .{'idle_sleeps':15s}: {ts['idle_sleeps']}\n" + text += f" .{'idle_entrytime':15s}: {ts['idle_entrytime']} nsecs\n" + text += f" .{'idle_waketime':15s}: {ts['idle_waketime']} nsecs\n" + text += f" .{'idle_exittime':15s}: {ts['idle_exittime']} nsecs\n" + text += f" .{'idle_sleeptime':15s}: {ts['idle_sleeptime']} nsecs\n" + text += f" .{'iowait_sleeptime':15s}: {ts['iowait_sleeptime']} nsecs\n" + text += f" .{'last_jiffies':15s}: {ts['last_jiffies']}\n" + text += f" .{'next_timer':15s}: {ts['next_timer']}\n" + text += f" .{'idle_expires':15s}: {ts['idle_expires']} nsecs\n" text += "\njiffies: {}\n".format(jiffies) text += "\n" -- 2.34.1

9 months, 2 weeks

1
0
0 0

[PATCH RFC v3 0/6] phy: mvebu-cp110-utmi: add support for armada-380 utmi phys

by Josua Mayer

Armada 380 has smilar USB-2.0 PHYs as CP-110 (Armada 8K). Add support for Armada 380 to cp110 utmi phy driver, and enable it for armada-388-clearfog boards. Additionally add a small bugfix for armada-388 clearfog: Enable Clearfog Base M.2 connector for cellular modems with USB-2.0/3.0 interface. This is not separated out to avoid future merge conflicts. Signed-off-by: Josua Mayer <josua(a)solid-run.com> --- Changes in v3: - updated bindings with additional comments, tested with dtbs_check: used anyOf for the newly-added optional regs - added fix for clearfog base m.2 connector / enable third usb - dropped unnecessary syscon node using invalid compatible (Reported-by: Krzysztof Kozlowski <krzk(a)kernel.org>) - Link to v2: https://lore.kernel.org/r/20240716-a38x-utmi-phy-v2-0-dae3a9c6ca3e@solid-ru… Changes in v2: - add support for optional regs / make syscon use optional - add device-tree changes for armada-388-clearfog - attempted to fix warning reported by krobot (untested) - tested on actual hardware - drafted dt-bindings - Link to v1: https://lore.kernel.org/r/20240715-a38x-utmi-phy-v1-0-d57250f53cf2@solid-ru… --- Josua Mayer (6): arm: dts: marvell: armada-388-clearfog: enable third usb on m.2/mpcie arm: dts: marvell: armada-388-clearfog-base: add rfkill for m.2 dt-bindings: phy: cp110-utmi-phy: add compatible string for armada-38x arm: dts: marvell: armada-38x: add description for usb phys phy: mvebu-cp110-utmi: add support for armada-380 utmi phys arm: dts: marvell: armada-388-clearfog: add description for usb phys .../phy/marvell,armada-cp110-utmi-phy.yaml | 34 +++- .../boot/dts/marvell/armada-388-clearfog-base.dts | 41 ++++ arch/arm/boot/dts/marvell/armada-388-clearfog.dts | 8 + arch/arm/boot/dts/marvell/armada-388-clearfog.dtsi | 30 ++- arch/arm/boot/dts/marvell/armada-38x.dtsi | 24 +++ drivers/phy/marvell/phy-mvebu-cp110-utmi.c | 209 ++++++++++++++++----- 6 files changed, 288 insertions(+), 58 deletions(-) --- base-commit: 1613e604df0cd359cf2a7fbd9be7a0bcfacfabd0 change-id: 20240715-a38x-utmi-phy-02e8059afe35 Sincerely, -- Josua Mayer <josua(a)solid-run.com>

9 months, 2 weeks

2
2
0 0

[PATCH v2] ufs: core: fix deadlock when rtc update

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> There is a deadlock when runtime suspend waits for the flush of RTC work, and the RTC work calls ufshcd_rpm_get_sync to wait for runtime resume. Here is deadlock backtrace kworker/0:1 D 4892.876354 10 10971 4859 0x4208060 0x8 10 0 120 670730152367 ptr f0ffff80c2e40000 0 1 0x00000001 0x000000ff 0x000000ff 0x000000ff <ffffffee5e71ddb0> __switch_to+0x1a8/0x2d4 <ffffffee5e71e604> __schedule+0x684/0xa98 <ffffffee5e71ea60> schedule+0x48/0xc8 <ffffffee5e725f78> schedule_timeout+0x48/0x170 <ffffffee5e71fb74> do_wait_for_common+0x108/0x1b0 <ffffffee5e71efe0> wait_for_completion+0x44/0x60 <ffffffee5d6de968> __flush_work+0x39c/0x424 <ffffffee5d6decc0> __cancel_work_sync+0xd8/0x208 <ffffffee5d6dee2c> cancel_delayed_work_sync+0x14/0x28 <ffffffee5e2551b8> __ufshcd_wl_suspend+0x19c/0x480 <ffffffee5e255fb8> ufshcd_wl_runtime_suspend+0x3c/0x1d4 <ffffffee5dffd80c> scsi_runtime_suspend+0x78/0xc8 <ffffffee5df93580> __rpm_callback+0x94/0x3e0 <ffffffee5df90b0c> rpm_suspend+0x2d4/0x65c <ffffffee5df91448> __pm_runtime_suspend+0x80/0x114 <ffffffee5dffd95c> scsi_runtime_idle+0x38/0x6c <ffffffee5df912f4> rpm_idle+0x264/0x338 <ffffffee5df90f14> __pm_runtime_idle+0x80/0x110 <ffffffee5e24ce44> ufshcd_rtc_work+0x128/0x1e4 <ffffffee5d6e3a40> process_one_work+0x26c/0x650 <ffffffee5d6e65c8> worker_thread+0x260/0x3d8 <ffffffee5d6edec8> kthread+0x110/0x134 <ffffffee5d616b18> ret_from_fork+0x10/0x20 Fixes: 6bf999e0eb41 ("scsi: ufs: core: Add UFS RTC support") Cc: <stable(a)vger.kernel.org> 6.9.x Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd-priv.h | 5 +++++ drivers/ufs/core/ufshcd.c | 5 ++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd-priv.h b/drivers/ufs/core/ufshcd-priv.h index f42d99ce5bf1..81d6f0cfb148 100644 --- a/drivers/ufs/core/ufshcd-priv.h +++ b/drivers/ufs/core/ufshcd-priv.h @@ -329,6 +329,11 @@ static inline int ufshcd_rpm_get_sync(struct ufs_hba *hba) return pm_runtime_get_sync(&hba->ufs_device_wlun->sdev_gendev); } +static inline int ufshcd_rpm_get_if_active(struct ufs_hba *hba) +{ + return pm_runtime_get_if_active(&hba->ufs_device_wlun->sdev_gendev); +} + static inline int ufshcd_rpm_put_sync(struct ufs_hba *hba) { return pm_runtime_put_sync(&hba->ufs_device_wlun->sdev_gendev); diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 46433ecf0c4d..2e5adfa0f757 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -8171,7 +8171,10 @@ static void ufshcd_update_rtc(struct ufs_hba *hba) */ val = ts64.tv_sec - hba->dev_info.rtc_time_baseline; - ufshcd_rpm_get_sync(hba); + /* Skip update RTC if RPM state is not RPM_ACTIVE */ + if (ufshcd_rpm_get_if_active(hba) <= 0) + return; + err = ufshcd_query_attr(hba, UPIU_QUERY_OPCODE_WRITE_ATTR, QUERY_ATTR_IDN_SECONDS_PASSED, 0, 0, &val); ufshcd_rpm_put_sync(hba); -- 2.18.0

9 months, 2 weeks

5
8
0 0

[PATCH] scsi: ufs: core: Do not set link to OFF state while waking up from hibernation

by Manivannan Sadhasivam

UFS link is just put into hibern8 state during the 'freeze' process of the hibernation. Afterwards, the system may get powered down. But that doesn't matter during wakeup. Because during wakeup from hibernation, UFS link is again put into hibern8 state by the restore kernel and then the control is handed over to the to image kernel. So in both the places, UFS link is never turned OFF. But ufshcd_system_restore() just assumes that the link will be in OFF state and sets the link state accordingly. And this breaks hibernation wakeup: [ 2445.371335] phy phy-1d87000.phy.3: phy_power_on was called before phy_init [ 2445.427883] ufshcd-qcom 1d84000.ufshc: Controller enable failed [ 2445.427890] ufshcd-qcom 1d84000.ufshc: ufshcd_host_reset_and_restore: Host init failed -5 [ 2445.427906] ufs_device_wlun 0:0:0:49488: ufshcd_wl_resume failed: -5 [ 2445.427918] ufs_device_wlun 0:0:0:49488: PM: dpm_run_callback(): scsi_bus_restore returns -5 [ 2445.427973] ufs_device_wlun 0:0:0:49488: PM: failed to restore async: error -5 So fix the issue by removing the code that sets the link to OFF state. Cc: Anjana Hari <quic_ahari(a)quicinc.com> Cc: stable(a)vger.kernel.org # 6.3 Fixes: 88441a8d355d ("scsi: ufs: core: Add hibernation callbacks") Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/ufs/core/ufshcd.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 9f037a40316a..a9dfa82adac9 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -10261,9 +10261,6 @@ int ufshcd_system_restore(struct device *dev) */ ufshcd_readl(hba, REG_UTP_TASK_REQ_LIST_BASE_H); - /* Resuming from hibernate, assume that link was OFF */ - ufshcd_set_link_off(hba); - return 0; } -- 2.25.1

9 months, 2 weeks

3
2
0 0

[PATCH] Revert "scsi: sd: Do not repeat the starting disk message"

by Johan Hovold

This reverts commit 7a6bbc2829d4ab592c7e440a6f6f5deb3cd95db4. The offending commit tried to suppress a double "Starting disk" message for some drivers, but instead started spamming the log with bogus messages every five seconds: [ 311.798956] sd 0:0:0:0: [sda] Starting disk [ 316.919103] sd 0:0:0:0: [sda] Starting disk [ 322.040775] sd 0:0:0:0: [sda] Starting disk [ 327.161140] sd 0:0:0:0: [sda] Starting disk [ 332.281352] sd 0:0:0:0: [sda] Starting disk [ 337.401878] sd 0:0:0:0: [sda] Starting disk [ 342.521527] sd 0:0:0:0: [sda] Starting disk [ 345.850401] sd 0:0:0:0: [sda] Starting disk [ 350.967132] sd 0:0:0:0: [sda] Starting disk [ 356.090454] sd 0:0:0:0: [sda] Starting disk ... on machines that do not actually stop the disk on runtime suspend (e.g. the Qualcomm sc8280xp CRD with UFS). Let's just revert for now to address the regression. Fixes: 7a6bbc2829d4 ("scsi: sd: Do not repeat the starting disk message") Cc: stable(a)vger.kernel.org Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/scsi/sd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) Hi, I just noticed this regression that snuck into 6.10-final and tracked it down to 7a6bbc2829d4 ("scsi: sd: Do not repeat the starting disk message"). I wanted to get this out ASAP to address the immediate regression while someone who cares enough can work out a proper fix for the double start message (which seems less annoying). Note that the offending commit is marked for stable. Johan diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index 1b7561abe05d..6b64af7d4927 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -4119,6 +4119,8 @@ static int sd_resume(struct device *dev) { struct scsi_disk *sdkp = dev_get_drvdata(dev); + sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); + if (opal_unlock_from_suspend(sdkp->opal_dev)) { sd_printk(KERN_NOTICE, sdkp, "OPAL unlock failed\n"); return -EIO; @@ -4135,13 +4137,12 @@ static int sd_resume_common(struct device *dev, bool runtime) if (!sdkp) /* E.g.: runtime resume at the start of sd_probe() */ return 0; - sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); - if (!sd_do_start_stop(sdkp->device, runtime)) { sdkp->suspended = false; return 0; } + sd_printk(KERN_NOTICE, sdkp, "Starting disk\n"); ret = sd_start_stop_device(sdkp, 1); if (!ret) { sd_resume(dev); -- 2.44.2

9 months, 2 weeks

5
8
0 0

[PATCH 2/7] drm/i915/pmu: Fix crash due to use-after-free

by Lucas De Marchi

When an i915 PMU counter is enabled and the driver is then unbound, the PMU will be unregistered via perf_pmu_unregister(), however the event will still be alive. i915 currently tries to deal with this situation by: a) Marking the pmu as "closed" and shortcut the calls from perf b) Taking a reference from i915, that is put back when the event is destroyed. c) Setting event_init to NULL to avoid any further event (a) is ugly, but may be left as is since it protects not trying to access the HW that is now gone. Unless a pmu driver can call perf_pmu_unregister() and not receive any more calls, it's a necessary ugliness. (b) doesn't really work: when the event is destroyed and the i915 ref is put it may free the i915 object, that contains the pmu, not only the event. After event->destroy() callback, perf still expects the pmu object to be alive. Instead of pigging back on the event->destroy() to take and put the device reference, implement the new get()/put() on the pmu object for that purpose. (c) is not entirely correct as from the perf POV it's not an optional call: perf would just dereference the NULL pointer. However this also protects other entrypoints in i915_pmu. A new event creation from perf after the pmu has been unregistered should not be possible anyway: perf_init_event() bails out when not finding the pmu. This may be cleaned up later. Cc: <stable(a)vger.kernel.org> # 5.11+ Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> --- drivers/gpu/drm/i915/i915_pmu.c | 34 +++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_pmu.c b/drivers/gpu/drm/i915/i915_pmu.c index 21eb0c5b320d..cb5f6471ec6e 100644 --- a/drivers/gpu/drm/i915/i915_pmu.c +++ b/drivers/gpu/drm/i915/i915_pmu.c @@ -514,15 +514,6 @@ static enum hrtimer_restart i915_sample(struct hrtimer *hrtimer) return HRTIMER_RESTART; } -static void i915_pmu_event_destroy(struct perf_event *event) -{ - struct i915_pmu *pmu = event_to_pmu(event); - struct drm_i915_private *i915 = pmu_to_i915(pmu); - - drm_WARN_ON(&i915->drm, event->parent); - - drm_dev_put(&i915->drm); -} static int engine_event_status(struct intel_engine_cs *engine, @@ -628,11 +619,6 @@ static int i915_pmu_event_init(struct perf_event *event) if (ret) return ret; - if (!event->parent) { - drm_dev_get(&i915->drm); - event->destroy = i915_pmu_event_destroy; - } - return 0; } @@ -872,6 +858,24 @@ static int i915_pmu_event_event_idx(struct perf_event *event) return 0; } +static struct pmu *i915_pmu_get(struct pmu *base) +{ + struct i915_pmu *pmu = container_of(base, struct i915_pmu, base); + struct drm_i915_private *i915 = pmu_to_i915(pmu); + + drm_dev_get(&i915->drm); + + return base; +} + +static void i915_pmu_put(struct pmu *base) +{ + struct i915_pmu *pmu = container_of(base, struct i915_pmu, base); + struct drm_i915_private *i915 = pmu_to_i915(pmu); + + drm_dev_put(&i915->drm); +} + struct i915_str_attribute { struct device_attribute attr; const char *str; @@ -1299,6 +1303,8 @@ void i915_pmu_register(struct drm_i915_private *i915) pmu->base.stop = i915_pmu_event_stop; pmu->base.read = i915_pmu_event_read; pmu->base.event_idx = i915_pmu_event_event_idx; + pmu->base.get = i915_pmu_get; + pmu->base.put = i915_pmu_put; ret = perf_pmu_register(&pmu->base, pmu->name, -1); if (ret) -- 2.43.0

9 months, 2 weeks

1
0
0 0

[PATCH v5 3/4] drm/vmwgfx: Fix handling of dumb buffers

by Zack Rusin

Dumb buffers can be used in kms but also through prime with gallium's resource_from_handle. In the second case the dumb buffers can be rendered by the GPU where with the regular DRM kms interfaces they are mapped and written to by the CPU. Because the same buffer can be written to by the GPU and CPU vmwgfx needs to use vmw_surface (object which properly tracks dirty state of the guest and gpu memory) instead of vmw_bo (which is just guest side memory). Furthermore the dumb buffer handles are expected to be gem objects by a lot of userspace. Make vmwgfx accept gem handles in prime and kms but internally switch to vmw_surface's to properly track the dirty state of the objects between the GPU and CPU. Fixes new kwin and kde on wayland. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: b32233acceff ("drm/vmwgfx: Fix prime import/export") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmw_surface_cache.h | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 127 +++--- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 40 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 502 +++++++++------------ drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 32 +- drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 27 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 33 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 145 +++--- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 280 +++++++++++- 12 files changed, 740 insertions(+), 502 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h index b0d87c5f58d8..1ac3cb151b11 100644 --- a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h +++ b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h @@ -1,6 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0 OR MIT */ /********************************************************** - * Copyright 2021 VMware, Inc. - * SPDX-License-Identifier: GPL-2.0 OR MIT + * + * Copyright (c) 2021-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -31,6 +33,10 @@ #include <drm/vmwgfx_drm.h> +#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) ((svga3d_flags) >> 32) +#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ + ((svga3d_flags) & ((uint64_t)U32_MAX)) + static inline u32 clamped_umul32(u32 a, u32 b) { uint64_t tmp = (uint64_t) a*b; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 00144632c600..f42ebc4a7c22 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -1,8 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright © 2011-2023 VMware, Inc., Palo Alto, CA., USA - * All Rights Reserved. + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -28,15 +28,39 @@ #include "vmwgfx_bo.h" #include "vmwgfx_drv.h" - +#include "vmwgfx_resource_priv.h" #include <drm/ttm/ttm_placement.h> static void vmw_bo_release(struct vmw_bo *vbo) { + struct vmw_resource *res; + WARN_ON(vbo->tbo.base.funcs && kref_read(&vbo->tbo.base.refcount) != 0); vmw_bo_unmap(vbo); + + xa_destroy(&vbo->detached_resources); + WARN_ON(vbo->is_dumb && !vbo->dumb_surface); + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + WARN_ON(vbo != res->guest_memory_bo); + WARN_ON(!res->guest_memory_bo); + if (res->guest_memory_bo) { + /* Reserve and switch the backing mob. */ + mutex_lock(&res->dev_priv->cmdbuf_mutex); + (void)vmw_resource_reserve(res, false, true); + vmw_resource_mob_detach(res); + if (res->coherent) + vmw_bo_dirty_release(res->guest_memory_bo); + res->guest_memory_bo = NULL; + res->guest_memory_offset = 0; + vmw_resource_unreserve(res, false, false, false, NULL, + 0); + mutex_unlock(&res->dev_priv->cmdbuf_mutex); + } + vmw_surface_unreference(&vbo->dumb_surface); + } drm_gem_object_release(&vbo->tbo.base); } @@ -325,6 +349,11 @@ void vmw_bo_pin_reserved(struct vmw_bo *vbo, bool pin) * */ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) +{ + return vmw_bo_map_and_cache_size(vbo, vbo->tbo.base.size); +} + +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size) { struct ttm_buffer_object *bo = &vbo->tbo; bool not_used; @@ -335,9 +364,10 @@ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) if (virtual) return virtual; - ret = ttm_bo_kmap(bo, 0, PFN_UP(bo->base.size), &vbo->map); + ret = ttm_bo_kmap(bo, 0, PFN_UP(size), &vbo->map); if (ret) - DRM_ERROR("Buffer object map failed: %d.\n", ret); + DRM_ERROR("Buffer object map failed: %d (size: bo = %zu, map = %zu).\n", + ret, bo->base.size, size); return ttm_kmap_obj_virtual(&vbo->map, &not_used); } @@ -390,6 +420,7 @@ static int vmw_bo_init(struct vmw_private *dev_priv, BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3); vmw_bo->tbo.priority = 3; vmw_bo->res_tree = RB_ROOT; + xa_init(&vmw_bo->detached_resources); params->size = ALIGN(params->size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->tbo.base, params->size); @@ -654,52 +685,6 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, dma_fence_put(&fence->base); } - -/** - * vmw_dumb_create - Create a dumb kms buffer - * - * @file_priv: Pointer to a struct drm_file identifying the caller. - * @dev: Pointer to the drm device. - * @args: Pointer to a struct drm_mode_create_dumb structure - * Return: Zero on success, negative error code on failure. - * - * This is a driver callback for the core drm create_dumb functionality. - * Note that this is very similar to the vmw_bo_alloc ioctl, except - * that the arguments have a different format. - */ -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args) -{ - struct vmw_private *dev_priv = vmw_priv(dev); - struct vmw_bo *vbo; - int cpp = DIV_ROUND_UP(args->bpp, 8); - int ret; - - switch (cpp) { - case 1: /* DRM_FORMAT_C8 */ - case 2: /* DRM_FORMAT_RGB565 */ - case 4: /* DRM_FORMAT_XRGB8888 */ - break; - default: - /* - * Dumb buffers don't allow anything else. - * This is tested via IGT's dumb_buffers - */ - return -EINVAL; - } - - args->pitch = args->width * cpp; - args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); - - ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, - args->size, &args->handle, - &vbo); - /* drop reference from allocate - handle holds it now */ - drm_gem_object_put(&vbo->tbo.base); - return ret; -} - /** * vmw_bo_swap_notify - swapout notify callback. * @@ -853,3 +838,43 @@ void vmw_bo_placement_set_default_accelerated(struct vmw_bo *bo) vmw_bo_placement_set(bo, domain, domain); } + +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_store(&vbo->detached_resources, (unsigned long)res, res, GFP_KERNEL); +} + +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_erase(&vbo->detached_resources, (unsigned long)res); +} + +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo) +{ + unsigned long index; + struct vmw_resource *res = NULL; + struct vmw_surface *surf = NULL; + struct rb_node *rb_itr = vbo->res_tree.rb_node; + + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + goto out; + } + + xa_for_each(&vbo->detached_resources, index, res) { + if (res->func->res_type == vmw_res_surface) + goto out; + } + + for (rb_itr = rb_first(&vbo->res_tree); rb_itr; + rb_itr = rb_next(rb_itr)) { + res = rb_entry(rb_itr, struct vmw_resource, mob_node); + if (res->func->res_type == vmw_res_surface) + goto out; + } + +out: + if (res) + surf = vmw_res_to_srf(res); + return surf; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index f349642e6190..62b4342d5f7c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2023-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -35,11 +36,13 @@ #include <linux/rbtree_types.h> #include <linux/types.h> +#include <linux/xarray.h> struct vmw_bo_dirty; struct vmw_fence_obj; struct vmw_private; struct vmw_resource; +struct vmw_surface; enum vmw_bo_domain { VMW_BO_DOMAIN_SYS = BIT(0), @@ -85,11 +88,15 @@ struct vmw_bo { struct rb_root res_tree; u32 res_prios[TTM_MAX_BO_PRIORITY]; + struct xarray detached_resources; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; struct vmw_bo_dirty *dirty; + + bool is_dumb; + struct vmw_surface *dumb_surface; }; void vmw_bo_placement_set(struct vmw_bo *bo, u32 domain, u32 busy_domain); @@ -124,15 +131,21 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, struct vmw_fence_obj *fence); void *vmw_bo_map_and_cache(struct vmw_bo *vbo); +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size); void vmw_bo_unmap(struct vmw_bo *vbo); void vmw_bo_move_notify(struct ttm_buffer_object *bo, struct ttm_resource *mem); void vmw_bo_swap_notify(struct ttm_buffer_object *bo); +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo); + int vmw_user_bo_lookup(struct drm_file *filp, u32 handle, struct vmw_bo **out); + /** * vmw_bo_adjust_prio - Adjust the buffer object eviction priority * according to attached resources diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index 4ecaea0026fc..8de973549b5e 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -762,6 +763,26 @@ extern int vmw_gmr_bind(struct vmw_private *dev_priv, int gmr_id); extern void vmw_gmr_unbind(struct vmw_private *dev_priv, int gmr_id); +/** + * User handles + */ +struct vmw_user_object { + struct vmw_surface *surface; + struct vmw_bo *buffer; +}; + +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, + u32 handle, struct vmw_user_object *uo); +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo); +void vmw_user_object_unref(struct vmw_user_object *uo); +bool vmw_user_object_is_null(struct vmw_user_object *uo); +struct vmw_surface *vmw_user_object_surface(struct vmw_user_object *uo); +struct vmw_bo *vmw_user_object_buffer(struct vmw_user_object *uo); +void *vmw_user_object_map(struct vmw_user_object *uo); +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size); +void vmw_user_object_unmap(struct vmw_user_object *uo); +bool vmw_user_object_is_mapped(struct vmw_user_object *uo); + /** * Resource utilities - vmwgfx_resource.c */ @@ -776,11 +797,6 @@ extern int vmw_resource_validate(struct vmw_resource *res, bool intr, extern int vmw_resource_reserve(struct vmw_resource *res, bool interruptible, bool no_backup); extern bool vmw_resource_needs_backup(const struct vmw_resource *res); -extern int vmw_user_lookup_handle(struct vmw_private *dev_priv, - struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf); extern int vmw_user_resource_lookup_handle( struct vmw_private *dev_priv, struct ttm_object_file *tfile, @@ -1060,9 +1076,6 @@ int vmw_kms_suspend(struct drm_device *dev); int vmw_kms_resume(struct drm_device *dev); void vmw_kms_lost_device(struct drm_device *dev); -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args); extern int vmw_resource_pin(struct vmw_resource *res, bool interruptible); extern void vmw_resource_unpin(struct vmw_resource *res); extern enum vmw_res_type vmw_res_type(const struct vmw_resource *res); @@ -1179,6 +1192,15 @@ extern int vmw_gb_surface_reference_ext_ioctl(struct drm_device *dev, int vmw_gb_surface_define(struct vmw_private *dev_priv, const struct vmw_surface_metadata *req, struct vmw_surface **srf_out); +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args); /* * Shader management - vmwgfx_shader.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index 13b2820cae51..d2cfaa040eaf 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -193,13 +194,16 @@ static u32 vmw_du_cursor_mob_size(u32 w, u32 h) */ static u32 *vmw_du_cursor_plane_acquire_image(struct vmw_plane_state *vps) { - if (vps->surf) { - if (vps->surf_mapped) - return vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - return vps->surf->snooper.image; - } else if (vps->bo) - return vmw_bo_map_and_cache(vps->bo); - return NULL; + struct vmw_surface *surf; + + if (vmw_user_object_is_null(&vps->uo)) + return NULL; + + surf = vmw_user_object_surface(&vps->uo); + if (surf && !vmw_user_object_is_mapped(&vps->uo)) + return surf->snooper.image; + + return vmw_user_object_map(&vps->uo); } static bool vmw_du_cursor_plane_has_changed(struct vmw_plane_state *old_vps, @@ -536,22 +540,16 @@ void vmw_du_primary_plane_destroy(struct drm_plane *plane) * vmw_du_plane_unpin_surf - unpins resource associated with a framebuffer surface * * @vps: plane state associated with the display surface - * @unreference: true if we also want to unreference the display. */ -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference) +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps) { - if (vps->surf) { + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); + + if (surf) { if (vps->pinned) { - vmw_resource_unpin(&vps->surf->res); + vmw_resource_unpin(&surf->res); vps->pinned--; } - - if (unreference) { - if (vps->pinned) - DRM_ERROR("Surface still pinned\n"); - vmw_surface_unreference(&vps->surf); - } } } @@ -572,7 +570,7 @@ vmw_du_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - vmw_du_plane_unpin_surf(vps, false); + vmw_du_plane_unpin_surf(vps); } @@ -661,25 +659,14 @@ vmw_du_cursor_plane_cleanup_fb(struct drm_plane *plane, struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } + if (!vmw_user_object_is_null(&vps->uo)) + vmw_user_object_unmap(&vps->uo); vmw_du_cursor_plane_unmap_cm(vps); vmw_du_put_cursor_mob(vcp, vps); - vmw_du_plane_unpin_surf(vps, false); - - if (vps->surf) { - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; - } + vmw_du_plane_unpin_surf(vps); + vmw_user_object_unref(&vps->uo); } @@ -698,64 +685,48 @@ vmw_du_cursor_plane_prepare_fb(struct drm_plane *plane, struct drm_framebuffer *fb = new_state->fb; struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); + struct vmw_bo *bo = NULL; int ret = 0; - if (vps->surf) { - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; + if (!vmw_user_object_is_null(&vps->uo)) { + vmw_user_object_unmap(&vps->uo); + vmw_user_object_unref(&vps->uo); } if (fb) { if (vmw_framebuffer_to_vfb(fb)->bo) { - vps->bo = vmw_framebuffer_to_vfbd(fb)->buffer; - vmw_bo_reference(vps->bo); + vps->uo.buffer = vmw_framebuffer_to_vfbd(fb)->buffer; + vps->uo.surface = NULL; } else { - vps->surf = vmw_framebuffer_to_vfbs(fb)->surface; - vmw_surface_reference(vps->surf); + memcpy(&vps->uo, &vmw_framebuffer_to_vfbs(fb)->uo, sizeof(vps->uo)); } + vmw_user_object_ref(&vps->uo); } - if (!vps->surf && vps->bo) { - const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { + struct ttm_operation_ctx ctx = {false, false}; - /* - * Not using vmw_bo_map_and_cache() helper here as we need to - * reserve the ttm_buffer_object first which - * vmw_bo_map_and_cache() omits. - */ - ret = ttm_bo_reserve(&vps->bo->tbo, true, false, NULL); - - if (unlikely(ret != 0)) + ret = ttm_bo_reserve(&bo->tbo, true, false, NULL); + if (ret != 0) return -ENOMEM; - ret = ttm_bo_kmap(&vps->bo->tbo, 0, PFN_UP(size), &vps->bo->map); - - ttm_bo_unreserve(&vps->bo->tbo); - - if (unlikely(ret != 0)) + ret = ttm_bo_validate(&bo->tbo, &bo->placement, &ctx); + if (ret != 0) return -ENOMEM; - } else if (vps->surf && !vps->bo && vps->surf->res.guest_memory_bo) { - WARN_ON(vps->surf->snooper.image); - ret = ttm_bo_reserve(&vps->surf->res.guest_memory_bo->tbo, true, false, - NULL); - if (unlikely(ret != 0)) - return -ENOMEM; - vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - ttm_bo_unreserve(&vps->surf->res.guest_memory_bo->tbo); - vps->surf_mapped = true; + vmw_bo_pin_reserved(bo, true); + if (vmw_framebuffer_to_vfb(fb)->bo) { + const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + + (void)vmw_bo_map_and_cache_size(bo, size); + } else { + vmw_bo_map_and_cache(bo); + } + ttm_bo_unreserve(&bo->tbo); } - if (vps->surf || vps->bo) { + if (!vmw_user_object_is_null(&vps->uo)) { vmw_du_get_cursor_mob(vcp, vps); vmw_du_cursor_plane_map_cm(vps); } @@ -777,14 +748,17 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, struct vmw_display_unit *du = vmw_crtc_to_du(crtc); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); struct vmw_plane_state *old_vps = vmw_plane_state_to_vps(old_state); + struct vmw_bo *old_bo = NULL; + struct vmw_bo *new_bo = NULL; s32 hotspot_x, hotspot_y; + int ret; hotspot_x = du->hotspot_x + new_state->hotspot_x; hotspot_y = du->hotspot_y + new_state->hotspot_y; - du->cursor_surface = vps->surf; + du->cursor_surface = vmw_user_object_surface(&vps->uo); - if (!vps->surf && !vps->bo) { + if (vmw_user_object_is_null(&vps->uo)) { vmw_cursor_update_position(dev_priv, false, 0, 0); return; } @@ -792,10 +766,26 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, vps->cursor.hotspot_x = hotspot_x; vps->cursor.hotspot_y = hotspot_y; - if (vps->surf) { + if (du->cursor_surface) du->cursor_age = du->cursor_surface->snooper.age; + + if (!vmw_user_object_is_null(&old_vps->uo)) { + old_bo = vmw_user_object_buffer(&old_vps->uo); + ret = ttm_bo_reserve(&old_bo->tbo, false, false, NULL); + if (ret != 0) + return; } + if (!vmw_user_object_is_null(&vps->uo)) { + new_bo = vmw_user_object_buffer(&vps->uo); + if (old_bo != new_bo) { + ret = ttm_bo_reserve(&new_bo->tbo, false, false, NULL); + if (ret != 0) + return; + } else { + new_bo = NULL; + } + } if (!vmw_du_cursor_plane_has_changed(old_vps, vps)) { /* * If it hasn't changed, avoid making the device do extra @@ -813,6 +803,11 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, hotspot_x, hotspot_y); } + if (old_bo) + ttm_bo_unreserve(&old_bo->tbo); + if (new_bo) + ttm_bo_unreserve(&new_bo->tbo); + du->cursor_x = new_state->crtc_x + du->set_gui_x; du->cursor_y = new_state->crtc_y + du->set_gui_y; @@ -913,7 +908,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, } if (!vmw_framebuffer_to_vfb(fb)->bo) { - surface = vmw_framebuffer_to_vfbs(fb)->surface; + surface = vmw_user_object_surface(&vmw_framebuffer_to_vfbs(fb)->uo); WARN_ON(!surface); @@ -1074,12 +1069,7 @@ vmw_du_plane_duplicate_state(struct drm_plane *plane) memset(&vps->cursor, 0, sizeof(vps->cursor)); /* Each ref counted resource needs to be acquired again */ - if (vps->surf) - (void) vmw_surface_reference(vps->surf); - - if (vps->bo) - (void) vmw_bo_reference(vps->bo); - + vmw_user_object_ref(&vps->uo); state = &vps->base; __drm_atomic_helper_plane_duplicate_state(plane, state); @@ -1128,11 +1118,7 @@ vmw_du_plane_destroy_state(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(state); /* Should have been freed by cleanup_fb */ - if (vps->surf) - vmw_surface_unreference(&vps->surf); - - if (vps->bo) - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); drm_atomic_helper_plane_destroy_state(plane, state); } @@ -1227,7 +1213,7 @@ static void vmw_framebuffer_surface_destroy(struct drm_framebuffer *framebuffer) vmw_framebuffer_to_vfbs(framebuffer); drm_framebuffer_cleanup(framebuffer); - vmw_surface_unreference(&vfbs->surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); } @@ -1272,29 +1258,41 @@ int vmw_kms_readback(struct vmw_private *dev_priv, return -ENOSYS; } +static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb, + struct drm_file *file_priv, + unsigned int *handle) +{ + struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb); + struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo); + + return drm_gem_handle_create(file_priv, &bo->tbo.base, handle); +} static const struct drm_framebuffer_funcs vmw_framebuffer_surface_funcs = { + .create_handle = vmw_framebuffer_surface_create_handle, .destroy = vmw_framebuffer_surface_destroy, .dirty = drm_atomic_helper_dirtyfb, }; static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, - struct vmw_surface *surface, + struct vmw_user_object *uo, struct vmw_framebuffer **out, const struct drm_mode_fb_cmd2 - *mode_cmd, - bool is_bo_proxy) + *mode_cmd) { struct drm_device *dev = &dev_priv->drm; struct vmw_framebuffer_surface *vfbs; enum SVGA3dSurfaceFormat format; + struct vmw_surface *surface; int ret; /* 3D is only supported on HWv8 and newer hosts */ if (dev_priv->active_display_unit == vmw_du_legacy) return -ENOSYS; + surface = vmw_user_object_surface(uo); + /* * Sanity checks. */ @@ -1357,8 +1355,8 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, } drm_helper_mode_fill_fb_struct(dev, &vfbs->base.base, mode_cmd); - vfbs->surface = vmw_surface_reference(surface); - vfbs->is_bo_proxy = is_bo_proxy; + memcpy(&vfbs->uo, uo, sizeof(vfbs->uo)); + vmw_user_object_ref(&vfbs->uo); *out = &vfbs->base; @@ -1370,7 +1368,7 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, return 0; out_err2: - vmw_surface_unreference(&surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); out_err1: return ret; @@ -1386,7 +1384,6 @@ static int vmw_framebuffer_bo_create_handle(struct drm_framebuffer *fb, { struct vmw_framebuffer_bo *vfbd = vmw_framebuffer_to_vfbd(fb); - return drm_gem_handle_create(file_priv, &vfbd->buffer->tbo.base, handle); } @@ -1407,86 +1404,6 @@ static const struct drm_framebuffer_funcs vmw_framebuffer_bo_funcs = { .dirty = drm_atomic_helper_dirtyfb, }; -/** - * vmw_create_bo_proxy - create a proxy surface for the buffer object - * - * @dev: DRM device - * @mode_cmd: parameters for the new surface - * @bo_mob: MOB backing the buffer object - * @srf_out: newly created surface - * - * When the content FB is a buffer object, we create a surface as a proxy to the - * same buffer. This way we can do a surface copy rather than a surface DMA. - * This is a more efficient approach - * - * RETURNS: - * 0 on success, error code otherwise - */ -static int vmw_create_bo_proxy(struct drm_device *dev, - const struct drm_mode_fb_cmd2 *mode_cmd, - struct vmw_bo *bo_mob, - struct vmw_surface **srf_out) -{ - struct vmw_surface_metadata metadata = {0}; - uint32_t format; - struct vmw_resource *res; - unsigned int bytes_pp; - int ret; - - switch (mode_cmd->pixel_format) { - case DRM_FORMAT_ARGB8888: - case DRM_FORMAT_XRGB8888: - format = SVGA3D_X8R8G8B8; - bytes_pp = 4; - break; - - case DRM_FORMAT_RGB565: - case DRM_FORMAT_XRGB1555: - format = SVGA3D_R5G6B5; - bytes_pp = 2; - break; - - case 8: - format = SVGA3D_P8; - bytes_pp = 1; - break; - - default: - DRM_ERROR("Invalid framebuffer format %p4cc\n", - &mode_cmd->pixel_format); - return -EINVAL; - } - - metadata.format = format; - metadata.mip_levels[0] = 1; - metadata.num_sizes = 1; - metadata.base_size.width = mode_cmd->pitches[0] / bytes_pp; - metadata.base_size.height = mode_cmd->height; - metadata.base_size.depth = 1; - metadata.scanout = true; - - ret = vmw_gb_surface_define(vmw_priv(dev), &metadata, srf_out); - if (ret) { - DRM_ERROR("Failed to allocate proxy content buffer\n"); - return ret; - } - - res = &(*srf_out)->res; - - /* Reserve and switch the backing mob. */ - mutex_lock(&res->dev_priv->cmdbuf_mutex); - (void) vmw_resource_reserve(res, false, true); - vmw_user_bo_unref(&res->guest_memory_bo); - res->guest_memory_bo = vmw_user_bo_ref(bo_mob); - res->guest_memory_offset = 0; - vmw_resource_unreserve(res, false, false, false, NULL, 0); - mutex_unlock(&res->dev_priv->cmdbuf_mutex); - - return 0; -} - - - static int vmw_kms_new_framebuffer_bo(struct vmw_private *dev_priv, struct vmw_bo *bo, struct vmw_framebuffer **out, @@ -1565,55 +1482,24 @@ vmw_kms_srf_ok(struct vmw_private *dev_priv, uint32_t width, uint32_t height) * vmw_kms_new_framebuffer - Create a new framebuffer. * * @dev_priv: Pointer to device private struct. - * @bo: Pointer to buffer object to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @surface: Pointer to a surface to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @only_2d: No presents will occur to this buffer object based framebuffer. - * This helps the code to do some important optimizations. + * @uo: Pointer to user object to wrap the kms framebuffer around. + * Either the buffer or surface inside the user object must be NULL. * @mode_cmd: Frame-buffer metadata. */ struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd) { struct vmw_framebuffer *vfb = NULL; - bool is_bo_proxy = false; int ret; - /* - * We cannot use the SurfaceDMA command in an non-accelerated VM, - * therefore, wrap the buffer object in a surface so we can use the - * SurfaceCopy command. - */ - if (vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height) && - bo && only_2d && - mode_cmd->width > 64 && /* Don't create a proxy for cursor */ - dev_priv->active_display_unit == vmw_du_screen_target) { - ret = vmw_create_bo_proxy(&dev_priv->drm, mode_cmd, - bo, &surface); - if (ret) - return ERR_PTR(ret); - - is_bo_proxy = true; - } - /* Create the new framebuffer depending one what we have */ - if (surface) { - ret = vmw_kms_new_framebuffer_surface(dev_priv, surface, &vfb, - mode_cmd, - is_bo_proxy); - /* - * vmw_create_bo_proxy() adds a reference that is no longer - * needed - */ - if (is_bo_proxy) - vmw_surface_unreference(&surface); - } else if (bo) { - ret = vmw_kms_new_framebuffer_bo(dev_priv, bo, &vfb, + if (vmw_user_object_surface(uo)) { + ret = vmw_kms_new_framebuffer_surface(dev_priv, uo, &vfb, + mode_cmd); + } else if (uo->buffer) { + ret = vmw_kms_new_framebuffer_bo(dev_priv, uo->buffer, &vfb, mode_cmd); } else { BUG(); @@ -1635,14 +1521,12 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, { struct vmw_private *dev_priv = vmw_priv(dev); struct vmw_framebuffer *vfb = NULL; - struct vmw_surface *surface = NULL; - struct vmw_bo *bo = NULL; + struct vmw_user_object uo = {0}; int ret; /* returns either a bo or surface */ - ret = vmw_user_lookup_handle(dev_priv, file_priv, - mode_cmd->handles[0], - &surface, &bo); + ret = vmw_user_object_lookup(dev_priv, file_priv, mode_cmd->handles[0], + &uo); if (ret) { DRM_ERROR("Invalid buffer object handle %u (0x%x).\n", mode_cmd->handles[0], mode_cmd->handles[0]); @@ -1650,7 +1534,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - if (!bo && + if (vmw_user_object_surface(&uo) && !vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height)) { DRM_ERROR("Surface size cannot exceed %dx%d\n", dev_priv->texture_max_width, @@ -1659,20 +1543,15 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - vfb = vmw_kms_new_framebuffer(dev_priv, bo, surface, - !(dev_priv->capabilities & SVGA_CAP_3D), - mode_cmd); + vfb = vmw_kms_new_framebuffer(dev_priv, &uo, mode_cmd); if (IS_ERR(vfb)) { ret = PTR_ERR(vfb); goto err_out; } err_out: - /* vmw_user_lookup_handle takes one ref so does new_fb */ - if (bo) - vmw_user_bo_unref(&bo); - if (surface) - vmw_surface_unreference(&surface); + /* vmw_user_object_lookup takes one ref so does new_fb */ + vmw_user_object_unref(&uo); if (ret) { DRM_ERROR("failed to create vmw_framebuffer: %i\n", ret); @@ -2585,72 +2464,6 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv, vmw_fence_obj_unreference(&fence); } -/** - * vmw_kms_update_proxy - Helper function to update a proxy surface from - * its backing MOB. - * - * @res: Pointer to the surface resource - * @clips: Clip rects in framebuffer (surface) space. - * @num_clips: Number of clips in @clips. - * @increment: Integer with which to increment the clip counter when looping. - * Used to skip a predetermined number of clip rects. - * - * This function makes sure the proxy surface is updated from its backing MOB - * using the region given by @clips. The surface resource @res and its backing - * MOB needs to be reserved and validated on call. - */ -int vmw_kms_update_proxy(struct vmw_resource *res, - const struct drm_clip_rect *clips, - unsigned num_clips, - int increment) -{ - struct vmw_private *dev_priv = res->dev_priv; - struct drm_vmw_size *size = &vmw_res_to_srf(res)->metadata.base_size; - struct { - SVGA3dCmdHeader header; - SVGA3dCmdUpdateGBImage body; - } *cmd; - SVGA3dBox *box; - size_t copy_size = 0; - int i; - - if (!clips) - return 0; - - cmd = VMW_CMD_RESERVE(dev_priv, sizeof(*cmd) * num_clips); - if (!cmd) - return -ENOMEM; - - for (i = 0; i < num_clips; ++i, clips += increment, ++cmd) { - box = &cmd->body.box; - - cmd->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd->header.size = sizeof(cmd->body); - cmd->body.image.sid = res->id; - cmd->body.image.face = 0; - cmd->body.image.mipmap = 0; - - if (clips->x1 > size->width || clips->x2 > size->width || - clips->y1 > size->height || clips->y2 > size->height) { - DRM_ERROR("Invalid clips outsize of framebuffer.\n"); - return -EINVAL; - } - - box->x = clips->x1; - box->y = clips->y1; - box->z = 0; - box->w = clips->x2 - clips->x1; - box->h = clips->y2 - clips->y1; - box->d = 1; - - copy_size += sizeof(*cmd); - } - - vmw_cmd_commit(dev_priv, copy_size); - - return 0; -} - /** * vmw_kms_create_implicit_placement_property - Set up the implicit placement * property. @@ -2785,8 +2598,9 @@ int vmw_du_helper_plane_update(struct vmw_du_update_plane *update) } else { struct vmw_framebuffer_surface *vfbs = container_of(update->vfb, typeof(*vfbs), base); + struct vmw_surface *surf = vmw_user_object_surface(&vfbs->uo); - ret = vmw_validation_add_resource(&val_ctx, &vfbs->surface->res, + ret = vmw_validation_add_resource(&val_ctx, &surf->res, 0, VMW_RES_DIRTY_NONE, NULL, NULL); } @@ -2949,3 +2763,93 @@ int vmw_connector_get_modes(struct drm_connector *connector) return num_modes; } + +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_ref(uo->buffer); + else if (uo->surface) + vmw_surface_reference(uo->surface); + return uo; +} + +void vmw_user_object_unref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_unref(&uo->buffer); + else if (uo->surface) + vmw_surface_unreference(&uo->surface); +} + +struct vmw_bo * +vmw_user_object_buffer(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer; + else if (uo->surface) + return uo->surface->res.guest_memory_bo; + return NULL; +} + +struct vmw_surface * +vmw_user_object_surface(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer->dumb_surface; + return uo->surface; +} + +void *vmw_user_object_map(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache(bo); +} + +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache_size(bo, size); +} + +void vmw_user_object_unmap(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + int ret; + + WARN_ON(!bo); + + /* Fence the mob creation so we are guarateed to have the mob */ + ret = ttm_bo_reserve(&bo->tbo, false, false, NULL); + if (ret != 0) + return; + + vmw_bo_unmap(bo); + vmw_bo_pin_reserved(bo, false); + + ttm_bo_unreserve(&bo->tbo); +} + +bool vmw_user_object_is_mapped(struct vmw_user_object *uo) +{ + struct vmw_bo *bo; + + if (!uo || vmw_user_object_is_null(uo)) + return false; + + bo = vmw_user_object_buffer(uo); + + if (WARN_ON(!bo)) + return false; + + WARN_ON(bo->map.bo && !bo->map.virtual); + return bo->map.virtual; +} + +bool vmw_user_object_is_null(struct vmw_user_object *uo) +{ + return !uo->buffer && !uo->surface; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf24f2f0dcfc..6141fadf81ef 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -221,11 +222,9 @@ struct vmw_framebuffer { struct vmw_framebuffer_surface { struct vmw_framebuffer base; - struct vmw_surface *surface; - bool is_bo_proxy; /* true if this is proxy surface for DMA buf */ + struct vmw_user_object uo; }; - struct vmw_framebuffer_bo { struct vmw_framebuffer base; struct vmw_bo *buffer; @@ -277,8 +276,7 @@ struct vmw_cursor_plane_state { */ struct vmw_plane_state { struct drm_plane_state base; - struct vmw_surface *surf; - struct vmw_bo *bo; + struct vmw_user_object uo; int content_fb_type; unsigned long bo_size; @@ -457,9 +455,7 @@ int vmw_kms_readback(struct vmw_private *dev_priv, uint32_t num_clips); struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd); void vmw_guess_mode_timing(struct drm_display_mode *mode); void vmw_kms_update_implicit_fb(struct vmw_private *dev_priv); @@ -486,8 +482,7 @@ void vmw_du_plane_reset(struct drm_plane *plane); struct drm_plane_state *vmw_du_plane_duplicate_state(struct drm_plane *plane); void vmw_du_plane_destroy_state(struct drm_plane *plane, struct drm_plane_state *state); -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference); +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps); int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c index 5befc2719a49..39949e0a493f 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -147,8 +148,9 @@ static int vmw_ldu_fb_pin(struct vmw_framebuffer *vfb) struct vmw_bo *buf; int ret; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); if (!buf) return 0; @@ -169,8 +171,10 @@ static int vmw_ldu_fb_unpin(struct vmw_framebuffer *vfb) struct vmw_private *dev_priv = vmw_priv(vfb->base.dev); struct vmw_bo *buf; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); + if (WARN_ON(!buf)) return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index c99cad444991..598b90ac7590 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2013 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2013-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -31,6 +32,7 @@ */ #include "vmwgfx_drv.h" +#include "vmwgfx_bo.h" #include "ttm_object.h" #include <linux/dma-buf.h> @@ -88,13 +90,35 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, uint32_t handle, uint32_t flags, int *prime_fd) { + struct vmw_private *vmw = vmw_priv(dev); struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo; int ret; + int surf_handle; - if (handle > VMWGFX_NUM_MOB) + if (handle > VMWGFX_NUM_MOB) { ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); - else - ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + } else { + ret = vmw_user_bo_lookup(file_priv, handle, &vbo); + if (ret) + return ret; + if (vbo && vbo->is_dumb) { + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, + flags, prime_fd); + } else { + surf_handle = vmw_lookup_surface_handle_for_buffer(vmw, + vbo, + handle); + if (surf_handle > 0) + ret = ttm_prime_handle_to_fd(tfile, surf_handle, + flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, + handle, flags, + prime_fd); + } + vmw_user_bo_unref(&vbo); + } return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c index 848dba09981b..a73af8a355fb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -58,6 +59,7 @@ void vmw_resource_mob_attach(struct vmw_resource *res) rb_link_node(&res->mob_node, parent, new); rb_insert_color(&res->mob_node, &gbo->res_tree); + vmw_bo_del_detached_resource(gbo, res); vmw_bo_prio_add(gbo, res->used_prio); } @@ -287,28 +289,35 @@ int vmw_user_resource_lookup_handle(struct vmw_private *dev_priv, * * The pointer this pointed at by out_surf and out_buf needs to be null. */ -int vmw_user_lookup_handle(struct vmw_private *dev_priv, +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf) + u32 handle, + struct vmw_user_object *uo) { struct ttm_object_file *tfile = vmw_fpriv(filp)->tfile; struct vmw_resource *res; int ret; - BUG_ON(*out_surf || *out_buf); + WARN_ON(uo->surface || uo->buffer); ret = vmw_user_resource_lookup_handle(dev_priv, tfile, handle, user_surface_converter, &res); if (!ret) { - *out_surf = vmw_res_to_srf(res); + uo->surface = vmw_res_to_srf(res); return 0; } - *out_surf = NULL; - ret = vmw_user_bo_lookup(filp, handle, out_buf); + uo->surface = NULL; + ret = vmw_user_bo_lookup(filp, handle, &uo->buffer); + if (!ret && !uo->buffer->is_dumb) { + uo->surface = vmw_lookup_surface_for_buffer(dev_priv, + uo->buffer, + handle); + if (uo->surface) + vmw_user_bo_unref(&uo->buffer); + } + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c index df0039a8ef29..0f4bfd98480a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2011-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -240,7 +241,7 @@ static void vmw_sou_crtc_mode_set_nofb(struct drm_crtc *crtc) struct vmw_connector_state *vmw_conn_state; int x, y; - sou->buffer = vps->bo; + sou->buffer = vmw_user_object_buffer(&vps->uo); conn_state = sou->base.connector.state; vmw_conn_state = vmw_connector_state_to_vcs(conn_state); @@ -376,10 +377,11 @@ vmw_sou_primary_plane_cleanup_fb(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); struct drm_crtc *crtc = plane->state->crtc ? plane->state->crtc : old_state->crtc; + struct vmw_bo *bo = vmw_user_object_buffer(&vps->uo); - if (vps->bo) - vmw_bo_unpin(vmw_priv(crtc->dev), vps->bo, false); - vmw_bo_unreference(&vps->bo); + if (bo) + vmw_bo_unpin(vmw_priv(crtc->dev), bo, false); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; vmw_du_plane_cleanup_fb(plane, old_state); @@ -411,9 +413,10 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, .bo_type = ttm_bo_type_device, .pin = true }; + struct vmw_bo *bo = NULL; if (!new_fb) { - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; return 0; @@ -422,17 +425,17 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, bo_params.size = new_state->crtc_w * new_state->crtc_h * 4; dev_priv = vmw_priv(crtc->dev); - if (vps->bo) { + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { if (vps->bo_size == bo_params.size) { /* * Note that this might temporarily up the pin-count * to 2, until cleanup_fb() is called. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, - true); + return vmw_bo_pin_in_vram(dev_priv, bo, true); } - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; } @@ -442,7 +445,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * resume the overlays, this is preferred to failing to alloc. */ vmw_overlay_pause_all(dev_priv); - ret = vmw_bo_create(dev_priv, &bo_params, &vps->bo); + ret = vmw_gem_object_create(dev_priv, &bo_params, &vps->uo.buffer); vmw_overlay_resume_all(dev_priv); if (ret) return ret; @@ -453,7 +456,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * TTM already thinks the buffer is pinned, but make sure the * pin_count is upped. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, true); + return vmw_bo_pin_in_vram(dev_priv, vps->uo.buffer, true); } static uint32_t vmw_sou_bo_fifo_size(struct vmw_du_update_plane *update, @@ -580,6 +583,7 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, { struct vmw_kms_sou_dirty_cmd *blit = cmd; struct vmw_framebuffer_surface *vfbs; + struct vmw_surface *surf = NULL; vfbs = container_of(update->vfb, typeof(*vfbs), base); @@ -587,7 +591,8 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, blit->header.size = sizeof(blit->body) + sizeof(SVGASignedRect) * num_hits; - blit->body.srcImage.sid = vfbs->surface->res.id; + surf = vmw_user_object_surface(&vfbs->uo); + blit->body.srcImage.sid = surf->res.id; blit->body.destScreenId = update->du->unit; /* Update the source and destination bounding box later in post_clip */ @@ -1104,7 +1109,7 @@ int vmw_kms_sou_do_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c index 2041c4d48daa..398a4ad0dbf0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /****************************************************************************** * - * COPYRIGHT (C) 2014-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2014-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -29,6 +30,7 @@ #include "vmwgfx_kms.h" #include "vmwgfx_vkms.h" #include "vmw_surface_cache.h" +#include <linux/fsnotify.h> #include <drm/drm_atomic.h> #include <drm/drm_atomic_helper.h> @@ -723,7 +725,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); @@ -734,12 +736,6 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, if (ret) goto out_unref; - if (vfbs->is_bo_proxy) { - ret = vmw_kms_update_proxy(srf, clips, num_clips, inc); - if (ret) - goto out_finish; - } - sdirty.base.fifo_commit = vmw_kms_stdu_surface_fifo_commit; sdirty.base.clip = vmw_kms_stdu_surface_clip; sdirty.base.fifo_reserve_size = sizeof(struct vmw_stdu_surface_copy) + @@ -753,7 +749,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, ret = vmw_kms_helper_dirty(dev_priv, framebuffer, clips, vclips, dest_x, dest_y, num_clips, inc, &sdirty.base); -out_finish: + vmw_kms_helper_validation_finish(dev_priv, NULL, &val_ctx, out_fence, NULL); @@ -872,9 +868,8 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf) + if (vmw_user_object_surface(&vps->uo)) WARN_ON(!vps->pinned); - vmw_du_plane_cleanup_fb(plane, old_state); vps->content_fb_type = SAME_AS_DISPLAY; @@ -882,7 +877,6 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, } - /** * vmw_stdu_primary_plane_prepare_fb - Readies the display surface * @@ -906,13 +900,15 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, enum stdu_content_type new_content_type; struct vmw_framebuffer_surface *new_vfbs; uint32_t hdisplay = new_state->crtc_w, vdisplay = new_state->crtc_h; + struct drm_plane_state *old_state = plane->state; + struct drm_rect rect; int ret; /* No FB to prepare */ if (!new_fb) { - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } return 0; @@ -922,8 +918,8 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, new_vfbs = (vfb->bo) ? NULL : vmw_framebuffer_to_vfbs(new_fb); if (new_vfbs && - new_vfbs->surface->metadata.base_size.width == hdisplay && - new_vfbs->surface->metadata.base_size.height == vdisplay) + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.width == hdisplay && + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.height == vdisplay) new_content_type = SAME_AS_DISPLAY; else if (vfb->bo) new_content_type = SEPARATE_BO; @@ -961,29 +957,29 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, metadata.num_sizes = 1; metadata.scanout = true; } else { - metadata = new_vfbs->surface->metadata; + metadata = vmw_user_object_surface(&new_vfbs->uo)->metadata; } metadata.base_size.width = hdisplay; metadata.base_size.height = vdisplay; metadata.base_size.depth = 1; - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { struct drm_vmw_size cur_base_size = - vps->surf->metadata.base_size; + vmw_user_object_surface(&vps->uo)->metadata.base_size; if (cur_base_size.width != metadata.base_size.width || cur_base_size.height != metadata.base_size.height || - vps->surf->metadata.format != metadata.format) { + vmw_user_object_surface(&vps->uo)->metadata.format != metadata.format) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } } - if (!vps->surf) { + if (!vmw_user_object_surface(&vps->uo)) { ret = vmw_gb_surface_define(dev_priv, &metadata, - &vps->surf); + &vps->uo.surface); if (ret != 0) { DRM_ERROR("Couldn't allocate STDU surface.\n"); return ret; @@ -996,18 +992,19 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, * The only time we add a reference in prepare_fb is if the * state object doesn't have a reference to begin with */ - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } - vps->surf = vmw_surface_reference(new_vfbs->surface); + memcpy(&vps->uo, &new_vfbs->uo, sizeof(vps->uo)); + vmw_user_object_ref(&vps->uo); } - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { /* Pin new surface before flipping */ - ret = vmw_resource_pin(&vps->surf->res, false); + ret = vmw_resource_pin(&vmw_user_object_surface(&vps->uo)->res, false); if (ret) goto out_srf_unref; @@ -1016,6 +1013,34 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, vps->content_fb_type = new_content_type; + /* + * The drm fb code will do blit's via the vmap interface, which doesn't + * trigger vmw_bo page dirty tracking due to being kernel side (and thus + * doesn't require mmap'ing) so we have to update the surface's dirty + * regions by hand but we want to be careful to not overwrite the + * resource if it has been written to by the gpu (res_dirty). + */ + if (vps->uo.buffer && vps->uo.buffer->is_dumb) { + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); + struct vmw_resource *res = &surf->res; + + if (!res->res_dirty && drm_atomic_helper_damage_merged(old_state, + new_state, + &rect)) { + /* + * At some point it might be useful to actually translate + * (rect.x1, rect.y1) => start, and (rect.x2, rect.y2) => end, + * but currently the fb code will just report the entire fb + * dirty so in practice it doesn't matter. + */ + pgoff_t start = res->guest_memory_offset >> PAGE_SHIFT; + pgoff_t end = __KERNEL_DIV_ROUND_UP(res->guest_memory_offset + + res->guest_memory_size, + PAGE_SIZE); + vmw_resource_dirty_update(res, start, end); + } + } + /* * This should only happen if the buffer object is too large to create a * proxy surface for. @@ -1026,7 +1051,7 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, return 0; out_srf_unref: - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); return ret; } @@ -1168,14 +1193,8 @@ static uint32_t vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_update); return size; @@ -1184,61 +1203,14 @@ vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, static uint32_t vmw_stdu_surface_fifo_size(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_surface_copy) + sizeof(SVGA3dCopyBox) * num_hits + sizeof(struct vmw_stdu_update); return size; } -static uint32_t -vmw_stdu_surface_update_proxy(struct vmw_du_update_plane *update, void *cmd) -{ - struct vmw_framebuffer_surface *vfbs; - struct drm_plane_state *state = update->plane->state; - struct drm_plane_state *old_state = update->old_state; - struct vmw_stdu_update_gb_image *cmd_update = cmd; - struct drm_atomic_helper_damage_iter iter; - struct drm_rect clip; - uint32_t copy_size = 0; - - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - /* - * proxy surface is special where a buffer object type fb is wrapped - * in a surface and need an update gb image command to sync with device. - */ - drm_atomic_helper_damage_iter_init(&iter, old_state, state); - drm_atomic_for_each_plane_damage(&iter, &clip) { - SVGA3dBox *box = &cmd_update->body.box; - - cmd_update->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd_update->header.size = sizeof(cmd_update->body); - cmd_update->body.image.sid = vfbs->surface->res.id; - cmd_update->body.image.face = 0; - cmd_update->body.image.mipmap = 0; - - box->x = clip.x1; - box->y = clip.y1; - box->z = 0; - box->w = drm_rect_width(&clip); - box->h = drm_rect_height(&clip); - box->d = 1; - - copy_size += sizeof(*cmd_update); - cmd_update++; - } - - return copy_size; -} - static uint32_t vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, uint32_t num_hits) @@ -1253,7 +1225,7 @@ vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, cmd_copy->header.id = SVGA_3D_CMD_SURFACE_COPY; cmd_copy->header.size = sizeof(cmd_copy->body) + sizeof(SVGA3dCopyBox) * num_hits; - cmd_copy->body.src.sid = vfbs->surface->res.id; + cmd_copy->body.src.sid = vmw_user_object_surface(&vfbs->uo)->res.id; cmd_copy->body.dest.sid = stdu->display_srf->res.id; return sizeof(*cmd_copy); @@ -1324,10 +1296,7 @@ static int vmw_stdu_plane_update_surface(struct vmw_private *dev_priv, srf_update.mutex = &dev_priv->cmdbuf_mutex; srf_update.intr = true; - if (vfbs->is_bo_proxy) - srf_update.post_prepare = vmw_stdu_surface_update_proxy; - - if (vfbs->surface->res.id != stdu->display_srf->res.id) { + if (vmw_user_object_surface(&vfbs->uo)->res.id != stdu->display_srf->res.id) { srf_update.calc_fifo_size = vmw_stdu_surface_fifo_size; srf_update.pre_clip = vmw_stdu_surface_populate_copy; srf_update.clip = vmw_stdu_surface_populate_clip; @@ -1371,7 +1340,7 @@ vmw_stdu_primary_plane_atomic_update(struct drm_plane *plane, stdu = vmw_crtc_to_stdu(crtc); dev_priv = vmw_priv(crtc->dev); - stdu->display_srf = vps->surf; + stdu->display_srf = vmw_user_object_surface(&vps->uo); stdu->content_fb_type = vps->content_fb_type; stdu->cpp = vps->cpp; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index e7a744dfcecf..8ae6a761c900 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -36,9 +37,6 @@ #include <drm/ttm/ttm_placement.h> #define SVGA3D_FLAGS_64(upper32, lower32) (((uint64_t)upper32 << 32) | lower32) -#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) (svga3d_flags >> 32) -#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ - (svga3d_flags & ((uint64_t)U32_MAX)) /** * struct vmw_user_surface - User-space visible surface resource @@ -686,6 +684,14 @@ static void vmw_user_surface_base_release(struct ttm_base_object **p_base) struct vmw_resource *res = &user_srf->srf.res; *p_base = NULL; + + /* + * Dumb buffers own the resource and they'll unref the + * resource themselves + */ + if (res && res->guest_memory_bo && res->guest_memory_bo->is_dumb) + return; + vmw_resource_unreference(&res); } @@ -812,7 +818,8 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, } } res->guest_memory_size = cur_bo_offset; - if (metadata->scanout && + if (!file_priv->atomic && + metadata->scanout && metadata->num_sizes == 1 && metadata->sizes[0].width == VMW_CURSOR_SNOOP_WIDTH && metadata->sizes[0].height == VMW_CURSOR_SNOOP_HEIGHT && @@ -864,6 +871,7 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, vmw_resource_unreference(&res); goto out_unlock; } + vmw_bo_add_detached_resource(res->guest_memory_bo, res); } tmp = vmw_resource_reference(&srf->res); @@ -892,6 +900,113 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, return ret; } +static struct vmw_user_surface * +vmw_lookup_user_surface_for_buffer(struct vmw_private *vmw, struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = NULL; + struct vmw_surface *surf; + struct ttm_base_object *base; + + surf = vmw_bo_surface(bo); + if (surf) { + rcu_read_lock(); + user_srf = container_of(surf, struct vmw_user_surface, srf); + base = &user_srf->prime.base; + if (base && !kref_get_unless_zero(&base->refcount)) { + drm_dbg_driver(&vmw->drm, + "%s: referencing a stale surface handle %d\n", + __func__, handle); + base = NULL; + user_srf = NULL; + } + rcu_read_unlock(); + } + + return user_srf; +} + +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + struct vmw_surface *surf = NULL; + struct ttm_base_object *base; + + if (user_srf) { + surf = vmw_surface_reference(&user_srf->srf); + base = &user_srf->prime.base; + ttm_base_object_unref(&base); + } + return surf; +} + +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + int surf_handle = 0; + struct ttm_base_object *base; + + if (user_srf) { + base = &user_srf->prime.base; + surf_handle = (u32)base->handle; + ttm_base_object_unref(&base); + } + return surf_handle; +} + +static int vmw_buffer_prime_to_surface_base(struct vmw_private *dev_priv, + struct drm_file *file_priv, + u32 fd, u32 *handle, + struct ttm_base_object **base_p) +{ + struct ttm_base_object *base; + struct vmw_bo *bo; + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_user_surface *user_srf; + int ret; + + ret = drm_gem_prime_fd_to_handle(&dev_priv->drm, file_priv, fd, handle); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to find user buffer for fd = %u.\n", fd); + return ret; + } + + ret = vmw_user_bo_lookup(file_priv, *handle, &bo); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to lookup user buffer for handle = %u.\n", *handle); + return ret; + } + + user_srf = vmw_lookup_user_surface_for_buffer(dev_priv, bo, *handle); + if (WARN_ON(!user_srf)) { + drm_warn(&dev_priv->drm, + "User surface fd %d (handle %d) is null.\n", fd, *handle); + ret = -EINVAL; + goto out; + } + + base = &user_srf->prime.base; + ret = ttm_ref_object_add(tfile, base, NULL, false); + if (ret) { + drm_warn(&dev_priv->drm, + "Couldn't add an object ref for the buffer (%d).\n", *handle); + goto out; + } + + *base_p = base; +out: + vmw_user_bo_unref(&bo); + + return ret; +} static int vmw_surface_handle_reference(struct vmw_private *dev_priv, @@ -901,15 +1016,19 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, struct ttm_base_object **base_p) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - struct vmw_user_surface *user_srf; + struct vmw_user_surface *user_srf = NULL; uint32_t handle; struct ttm_base_object *base; int ret; if (handle_type == DRM_VMW_HANDLE_PRIME) { ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle); - if (unlikely(ret != 0)) - return ret; + if (ret) + return vmw_buffer_prime_to_surface_base(dev_priv, + file_priv, + u_handle, + &handle, + base_p); } else { handle = u_handle; } @@ -1503,7 +1622,12 @@ vmw_gb_surface_define_internal(struct drm_device *dev, ret = vmw_user_bo_lookup(file_priv, req->base.buffer_handle, &res->guest_memory_bo); if (ret == 0) { - if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { + if (res->guest_memory_bo->is_dumb) { + VMW_DEBUG_USER("Can't backup surface with a dumb buffer.\n"); + vmw_user_bo_unref(&res->guest_memory_bo); + ret = -EINVAL; + goto out_unlock; + } else if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { VMW_DEBUG_USER("Surface backup buffer too small.\n"); vmw_user_bo_unref(&res->guest_memory_bo); ret = -EINVAL; @@ -1560,6 +1684,7 @@ vmw_gb_surface_define_internal(struct drm_device *dev, rep->handle = user_srf->prime.base.handle; rep->backup_size = res->guest_memory_size; if (res->guest_memory_bo) { + vmw_bo_add_detached_resource(res->guest_memory_bo, res); rep->buffer_map_handle = drm_vma_node_offset_addr(&res->guest_memory_bo->tbo.base.vma_node); rep->buffer_size = res->guest_memory_bo->tbo.base.size; @@ -2100,3 +2225,140 @@ int vmw_gb_surface_define(struct vmw_private *dev_priv, out_unlock: return ret; } + +static SVGA3dSurfaceFormat vmw_format_bpp_to_svga(struct vmw_private *vmw, + int bpp) +{ + switch (bpp) { + case 8: /* DRM_FORMAT_C8 */ + return SVGA3D_P8; + case 16: /* DRM_FORMAT_RGB565 */ + return SVGA3D_R5G6B5; + case 32: /* DRM_FORMAT_XRGB8888 */ + if (has_sm4_context(vmw)) + return SVGA3D_B8G8R8X8_UNORM; + return SVGA3D_X8R8G8B8; + default: + drm_warn(&vmw->drm, "Unsupported format bpp: %d\n", bpp); + return SVGA3D_X8R8G8B8; + } +} + +/** + * vmw_dumb_create - Create a dumb kms buffer + * + * @file_priv: Pointer to a struct drm_file identifying the caller. + * @dev: Pointer to the drm device. + * @args: Pointer to a struct drm_mode_create_dumb structure + * Return: Zero on success, negative error code on failure. + * + * This is a driver callback for the core drm create_dumb functionality. + * Note that this is very similar to the vmw_bo_alloc ioctl, except + * that the arguments have a different format. + */ +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args) +{ + struct vmw_private *dev_priv = vmw_priv(dev); + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo = NULL; + struct vmw_resource *res = NULL; + union drm_vmw_gb_surface_create_ext_arg arg = { 0 }; + struct drm_vmw_gb_surface_create_ext_req *req = &arg.req; + int ret; + struct drm_vmw_size drm_size = { + .width = args->width, + .height = args->height, + .depth = 1, + }; + SVGA3dSurfaceFormat format = vmw_format_bpp_to_svga(dev_priv, args->bpp); + const struct SVGA3dSurfaceDesc *desc = vmw_surface_get_desc(format); + SVGA3dSurfaceAllFlags flags = SVGA3D_SURFACE_HINT_TEXTURE | + SVGA3D_SURFACE_HINT_RENDERTARGET | + SVGA3D_SURFACE_SCREENTARGET | + SVGA3D_SURFACE_BIND_SHADER_RESOURCE | + SVGA3D_SURFACE_BIND_RENDER_TARGET; + + /* + * Without mob support we're just going to use raw memory buffer + * because we wouldn't be able to support full surface coherency + * without mobs + */ + if (!dev_priv->has_mob) { + int cpp = DIV_ROUND_UP(args->bpp, 8); + + switch (cpp) { + case 1: /* DRM_FORMAT_C8 */ + case 2: /* DRM_FORMAT_RGB565 */ + case 4: /* DRM_FORMAT_XRGB8888 */ + break; + default: + /* + * Dumb buffers don't allow anything else. + * This is tested via IGT's dumb_buffers + */ + return -EINVAL; + } + + args->pitch = args->width * cpp; + args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); + + ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, + args->size, &args->handle, + &vbo); + /* drop reference from allocate - handle holds it now */ + drm_gem_object_put(&vbo->tbo.base); + return ret; + } + + req->version = drm_vmw_gb_surface_v1; + req->multisample_pattern = SVGA3D_MS_PATTERN_NONE; + req->quality_level = SVGA3D_MS_QUALITY_NONE; + req->buffer_byte_stride = 0; + req->must_be_zero = 0; + req->base.svga3d_flags = SVGA3D_FLAGS_LOWER_32(flags); + req->svga3d_flags_upper_32_bits = SVGA3D_FLAGS_UPPER_32(flags); + req->base.format = (uint32_t)format; + req->base.drm_surface_flags = drm_vmw_surface_flag_scanout; + req->base.drm_surface_flags |= drm_vmw_surface_flag_shareable; + req->base.drm_surface_flags |= drm_vmw_surface_flag_create_buffer; + req->base.drm_surface_flags |= drm_vmw_surface_flag_coherent; + req->base.base_size.width = args->width; + req->base.base_size.height = args->height; + req->base.base_size.depth = 1; + req->base.array_size = 0; + req->base.mip_levels = 1; + req->base.multisample_count = 0; + req->base.buffer_handle = SVGA3D_INVALID_ID; + req->base.autogen_filter = SVGA3D_TEX_FILTER_NONE; + ret = vmw_gb_surface_define_ext_ioctl(dev, &arg, file_priv); + if (ret) { + drm_warn(dev, "Unable to create a dumb buffer\n"); + return ret; + } + + args->handle = arg.rep.buffer_handle; + args->size = arg.rep.buffer_size; + args->pitch = vmw_surface_calculate_pitch(desc, &drm_size); + + ret = vmw_user_resource_lookup_handle(dev_priv, tfile, arg.rep.handle, + user_surface_converter, + &res); + if (ret) { + drm_err(dev, "Created resource handle doesn't exist!\n"); + goto err; + } + + vbo = res->guest_memory_bo; + vbo->is_dumb = true; + vbo->dumb_surface = vmw_res_to_srf(res); + +err: + if (res) + vmw_resource_unreference(&res); + if (ret) + ttm_ref_object_base_unref(tfile, arg.rep.handle); + + return ret; +} -- 2.43.0

9 months, 2 weeks

1
0
0 0

[PATCH v5 1/4] drm/vmwgfx: Fix a deadlock in dma buf fence polling

by Zack Rusin

Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv, -- 2.43.0

9 months, 2 weeks

1
0
0 0

[PATCH] usb: gadget: core: Check for unset descriptor

by crwulff＠gmail.com

From: Chris Wulff <crwulff(a)gmail.com> Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. Fixes: 54f83b8c8ea9 ("USB: gadget: Reject endpoints with 0 maxpacket value") Cc: stable(a)vger.kernel.org Signed-off-by: Chris Wulff <crwulff(a)gmail.com> --- drivers/usb/gadget/udc/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/gadget/udc/core.c b/drivers/usb/gadget/udc/core.c index 2dfae7a17b3f..36a5d5935889 100644 --- a/drivers/usb/gadget/udc/core.c +++ b/drivers/usb/gadget/udc/core.c @@ -118,7 +118,7 @@ int usb_ep_enable(struct usb_ep *ep) goto out; /* UDC drivers can't handle endpoints with maxpacket size 0 */ - if (usb_endpoint_maxp(ep->desc) == 0) { + if (!ep->desc || usb_endpoint_maxp(ep->desc) == 0) { /* * We should log an error message here, but we can't call * dev_err() because there's no way to find the gadget -- 2.43.0

9 months, 2 weeks

3
5
0 0

[PATCH] binder: fix descriptor lookup for context manager

by Carlos Llamas

In commit 15d9da3f818c ("binder: use bitmap for faster descriptor lookup"), it was incorrectly assumed that references to the context manager node should always get descriptor zero assigned to them. However, if the context manager dies and a new process takes its place, then assigning descriptor zero to the new context manager might lead to collisions, as there could still be references to the older node. This issue was reported by syzbot with the following trace: kernel BUG at drivers/android/binder.c:1173! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 1 PID: 447 Comm: binder-util Not tainted 6.10.0-rc6-00348-g31643d84b8c3 #10 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : binder_inc_ref_for_node+0x500/0x544 lr : binder_inc_ref_for_node+0x1e4/0x544 sp : ffff80008112b940 x29: ffff80008112b940 x28: ffff0e0e40310780 x27: 0000000000000000 x26: 0000000000000001 x25: ffff0e0e40310738 x24: ffff0e0e4089ba34 x23: ffff0e0e40310b00 x22: ffff80008112bb50 x21: ffffaf7b8f246970 x20: ffffaf7b8f773f08 x19: ffff0e0e4089b800 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 000000002de4aa60 x14: 0000000000000000 x13: 2de4acf000000000 x12: 0000000000000020 x11: 0000000000000018 x10: 0000000000000020 x9 : ffffaf7b90601000 x8 : ffff0e0e48739140 x7 : 0000000000000000 x6 : 000000000000003f x5 : ffff0e0e40310b28 x4 : 0000000000000000 x3 : ffff0e0e40310720 x2 : ffff0e0e40310728 x1 : 0000000000000000 x0 : ffff0e0e40310710 Call trace: binder_inc_ref_for_node+0x500/0x544 binder_transaction+0xf68/0x2620 binder_thread_write+0x5bc/0x139c binder_ioctl+0xef4/0x10c8 [...] This patch adds back the previous behavior of assigning the next non-zero descriptor if references to previous context managers still exist. It amends both strategies, the newer dbitmap code and also the legacy slow_desc_lookup_olocked(), by allowing them to start looking for available descriptors at a given offset. Fixes: 15d9da3f818c ("binder: use bitmap for faster descriptor lookup") Cc: stable(a)vger.kernel.org Reported-and-tested-by: syzbot+3dae065ca76952a67257(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000c1c0a0061d1e6979@google.com/ Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder.c | 15 ++++++--------- drivers/android/dbitmap.h | 16 ++++++---------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index f26286e3713e..905290c98c3c 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -1044,13 +1044,13 @@ static struct binder_ref *binder_get_ref_olocked(struct binder_proc *proc, } /* Find the smallest unused descriptor the "slow way" */ -static u32 slow_desc_lookup_olocked(struct binder_proc *proc) +static u32 slow_desc_lookup_olocked(struct binder_proc *proc, u32 offset) { struct binder_ref *ref; struct rb_node *n; u32 desc; - desc = 1; + desc = offset; for (n = rb_first(&proc->refs_by_desc); n; n = rb_next(n)) { ref = rb_entry(n, struct binder_ref, rb_node_desc); if (ref->data.desc > desc) @@ -1071,21 +1071,18 @@ static int get_ref_desc_olocked(struct binder_proc *proc, u32 *desc) { struct dbitmap *dmap = &proc->dmap; + unsigned int nbits, offset; unsigned long *new, bit; - unsigned int nbits; /* 0 is reserved for the context manager */ - if (node == proc->context->binder_context_mgr_node) { - *desc = 0; - return 0; - } + offset = (node == proc->context->binder_context_mgr_node) ? 0 : 1; if (!dbitmap_enabled(dmap)) { - *desc = slow_desc_lookup_olocked(proc); + *desc = slow_desc_lookup_olocked(proc, offset); return 0; } - if (dbitmap_acquire_first_zero_bit(dmap, &bit) == 0) { + if (dbitmap_acquire_next_zero_bit(dmap, offset, &bit) == 0) { *desc = bit; return 0; } diff --git a/drivers/android/dbitmap.h b/drivers/android/dbitmap.h index b8ac7b4764fd..1d58c2e7abd6 100644 --- a/drivers/android/dbitmap.h +++ b/drivers/android/dbitmap.h @@ -6,8 +6,7 @@ * * Used by the binder driver to optimize the allocation of the smallest * available descriptor ID. Each bit in the bitmap represents the state - * of an ID, with the exception of BIT(0) which is used exclusively to - * reference binder's context manager. + * of an ID. * * A dbitmap can grow or shrink as needed. This part has been designed * considering that users might need to briefly release their locks in @@ -132,16 +131,17 @@ dbitmap_grow(struct dbitmap *dmap, unsigned long *new, unsigned int nbits) } /* - * Finds and sets the first zero bit in the bitmap. Upon success @bit + * Finds and sets the next zero bit in the bitmap. Upon success @bit * is populated with the index and 0 is returned. Otherwise, -ENOSPC * is returned to indicate that a dbitmap_grow() is needed. */ static inline int -dbitmap_acquire_first_zero_bit(struct dbitmap *dmap, unsigned long *bit) +dbitmap_acquire_next_zero_bit(struct dbitmap *dmap, unsigned long offset, + unsigned long *bit) { unsigned long n; - n = find_first_zero_bit(dmap->map, dmap->nbits); + n = find_next_zero_bit(dmap->map, dmap->nbits, offset); if (n == dmap->nbits) return -ENOSPC; @@ -154,9 +154,7 @@ dbitmap_acquire_first_zero_bit(struct dbitmap *dmap, unsigned long *bit) static inline void dbitmap_clear_bit(struct dbitmap *dmap, unsigned long bit) { - /* BIT(0) should always set for the context manager */ - if (bit) - clear_bit(bit, dmap->map); + clear_bit(bit, dmap->map); } static inline int dbitmap_init(struct dbitmap *dmap) @@ -168,8 +166,6 @@ static inline int dbitmap_init(struct dbitmap *dmap) } dmap->nbits = NBITS_MIN; - /* BIT(0) is reserved for the context manager */ - set_bit(0, dmap->map); return 0; } -- 2.45.2.993.g49e7a77208-goog

9 months, 2 weeks

3
8
0 0

[PATCH v2] media: uvcvideo: Fix custom control mapping probing

by Ricardo Ribalda

Custom control mapping introduced a bug, where the filter function was applied to every single control. Fix it so it is only applied to the matching controls. The following dmesg errors during probe are now fixed: usb 1-5: Found UVC 1.00 device Integrated_Webcam_HD (0c45:670c) usb 1-5: Failed to query (GET_CUR) UVC control 2 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 3 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 6 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 7 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 8 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 9 on unit 2: -75 (exp. 1). usb 1-5: Failed to query (GET_CUR) UVC control 10 on unit 2: -75 (exp. 1). Reported-by: Paul Menzen <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/linux-media/518cd6b4-68a8-4895-b8fc-97d4dae1ddc4@mo… Cc: stable(a)vger.kernel.org Fixes: 8f4362a8d42b ("media: uvcvideo: Allow custom control mapping") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Paul, could you check if this fixes your issue, thanks! --- Changes in v2: - Replace !(A && B) with (!A || !B) - Add error message to commit message - Link to v1: https://lore.kernel.org/r/20240722-fix-filter-mapping-v1-1-07cc9c6bf4e3@chr… --- drivers/media/usb/uvc/uvc_ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0136df5732ba..4fe26e82e3d1 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2680,6 +2680,10 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); ++i) { const struct uvc_control_mapping *mapping = &uvc_ctrl_mappings[i]; + if (!uvc_entity_match_guid(ctrl->entity, mapping->entity) || + ctrl->info.selector != mapping->selector) + continue; + /* Let the device provide a custom mapping. */ if (mapping->filter_mapping) { mapping = mapping->filter_mapping(chain, ctrl); @@ -2687,9 +2691,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, continue; } - if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && - ctrl->info.selector == mapping->selector) - __uvc_ctrl_add_mapping(chain, ctrl, mapping); + __uvc_ctrl_add_mapping(chain, ctrl, mapping); } } --- base-commit: 68a72104cbcf38ad16500216e213fa4eb21c4be2 change-id: 20240722-fix-filter-mapping-18477dc69048 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

9 months, 2 weeks

3
3
0 0

[PATCH AUTOSEL 6.8 01/24] usb: gadget: uvc: configfs: ensure guid to be valid before set

by Sasha Levin

From: Michael Grzeschik <m.grzeschik(a)pengutronix.de> [ Upstream commit f7a7f80ccc8df017507e2b1e1dd652361374d25b ] When setting the guid via configfs it is possible to test if its value is one of the kernel supported ones by calling uvc_format_by_guid on it. If the result is NULL, we know the guid is unsupported and can be ignored. Signed-off-by: Michael Grzeschik <m.grzeschik(a)pengutronix.de> Link: https://lore.kernel.org/r/20240221-uvc-gadget-configfs-guid-v1-1-f0678ca62e… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/usb/gadget/function/uvc_configfs.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/drivers/usb/gadget/function/uvc_configfs.c b/drivers/usb/gadget/function/uvc_configfs.c index a4377df612f51..6fac696ea8463 100644 --- a/drivers/usb/gadget/function/uvc_configfs.c +++ b/drivers/usb/gadget/function/uvc_configfs.c @@ -13,6 +13,7 @@ #include "uvc_configfs.h" #include <linux/sort.h> +#include <linux/usb/uvc.h> #include <linux/usb/video.h> /* ----------------------------------------------------------------------------- @@ -2260,6 +2261,8 @@ static ssize_t uvcg_uncompressed_guid_format_store(struct config_item *item, struct f_uvc_opts *opts; struct config_item *opts_item; struct mutex *su_mutex = &ch->fmt.group.cg_subsys->su_mutex; + const struct uvc_format_desc *format; + u8 tmpguidFormat[sizeof(ch->desc.guidFormat)]; int ret; mutex_lock(su_mutex); /* for navigating configfs hierarchy */ @@ -2273,7 +2276,16 @@ static ssize_t uvcg_uncompressed_guid_format_store(struct config_item *item, goto end; } - memcpy(ch->desc.guidFormat, page, + memcpy(tmpguidFormat, page, + min(sizeof(tmpguidFormat), len)); + + format = uvc_format_by_guid(tmpguidFormat); + if (!format) { + ret = -EINVAL; + goto end; + } + + memcpy(ch->desc.guidFormat, tmpguidFormat, min(sizeof(ch->desc.guidFormat), len)); ret = sizeof(ch->desc.guidFormat); -- 2.43.0

9 months, 2 weeks

2
25
0 0

[PATCH AUTOSEL 6.1 01/14] nvme-multipath: find NUMA path only for online numa-node

by Sasha Levin

From: Nilay Shroff <nilay(a)linux.ibm.com> [ Upstream commit d3a043733f25d743f3aa617c7f82dbcb5ee2211a ] In current native multipath design when a shared namespace is created, we loop through each possible numa-node, calculate the NUMA distance of that node from each nvme controller and then cache the optimal IO path for future reference while sending IO. The issue with this design is that we may refer to the NUMA distance table for an offline node which may not be populated at the time and so we may inadvertently end up finding and caching a non-optimal path for IO. Then latter when the corresponding numa-node becomes online and hence the NUMA distance table entry for that node is created, ideally we should re-calculate the multipath node distance for the newly added node however that doesn't happen unless we rescan/reset the controller. So essentially, we may keep using non-optimal IO path for a node which is made online after namespace is created. This patch helps fix this issue ensuring that when a shared namespace is created, we calculate the multipath node distance for each online numa-node instead of each possible numa-node. Then latter when a node becomes online and we receive any IO on that newly added node, we would calculate the multipath node distance for newly added node but this time NUMA distance table would have been already populated for newly added node. Hence we would be able to correctly calculate the multipath node distance and choose the optimal path for the IO. Signed-off-by: Nilay Shroff <nilay(a)linux.ibm.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Keith Busch <kbusch(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/nvme/host/multipath.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c index f96d330d39641..ead42a81cb352 100644 --- a/drivers/nvme/host/multipath.c +++ b/drivers/nvme/host/multipath.c @@ -558,7 +558,7 @@ static void nvme_mpath_set_live(struct nvme_ns *ns) int node, srcu_idx; srcu_idx = srcu_read_lock(&head->srcu); - for_each_node(node) + for_each_online_node(node) __nvme_find_path(head, node); srcu_read_unlock(&head->srcu, srcu_idx); } -- 2.43.0

9 months, 2 weeks

3
16
0 0

[PATCH AUTOSEL 6.6 01/12] ALSA: hda: cs35l56: Fix lifecycle of codec pointer

by Sasha Levin

From: Simon Trimmer <simont(a)opensource.cirrus.com> [ Upstream commit d339131bf02d4ed918415574082caf5e8af6e664 ] The codec should be cleared when the amp driver is unbound and when resuming it should be tested to prevent loading firmware into the device and ALSA in a partially configured system state. Signed-off-by: Simon Trimmer <simont(a)opensource.cirrus.com> Link: https://lore.kernel.org/r/20240531112716.25323-1-simont@opensource.cirrus.c… Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/pci/hda/cs35l56_hda.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sound/pci/hda/cs35l56_hda.c b/sound/pci/hda/cs35l56_hda.c index 15e20d9261393..77e8da7dffc6a 100644 --- a/sound/pci/hda/cs35l56_hda.c +++ b/sound/pci/hda/cs35l56_hda.c @@ -702,6 +702,8 @@ static void cs35l56_hda_unbind(struct device *dev, struct device *master, void * if (comps[cs35l56->index].dev == dev) memset(&comps[cs35l56->index], 0, sizeof(*comps)); + cs35l56->codec = NULL; + dev_dbg(cs35l56->base.dev, "Unbound\n"); } @@ -807,6 +809,9 @@ static int cs35l56_hda_system_resume(struct device *dev) cs35l56->suspended = false; + if (!cs35l56->codec) + return 0; + ret = cs35l56_is_fw_reload_needed(&cs35l56->base); dev_dbg(cs35l56->base.dev, "fw_reload_needed: %d\n", ret); if (ret > 0) { -- 2.43.0

9 months, 2 weeks

2
13
0 0

[PATCH AUTOSEL 6.9 01/40] workqueue: Refactor worker ID formatting and make wq_worker_comm() use full ID string

by Sasha Levin

From: Tejun Heo <tj(a)kernel.org> [ Upstream commit 2a1b02bcba78f8498ab00d6142e1238d85b01591 ] Currently, worker ID formatting is open coded in create_worker(), init_rescuer() and worker_thread() (for %WORKER_DIE case). The formatted ID is saved into task->comm and wq_worker_comm() uses it as the base name to append extra information to when generating the name to be shown to userspace. However, TASK_COMM_LEN is only 16 leading to badly truncated names for rescuers. For example, the rescuer for the inet_frag_wq workqueue becomes: $ ps -ef | grep '[k]worker/R-inet' root 483 2 0 Apr26 ? 00:00:00 [kworker/R-inet_] Even for non-rescue workers, it's easy to run over 15 characters on moderately large machines. Fit it by consolidating worker ID formatting into a new helper format_worker_id() and calling it from wq_worker_comm() to obtain the untruncated worker ID string. $ ps -ef | grep '[k]worker/R-inet' root 60 2 0 12:10 ? 00:00:00 [kworker/R-inet_frag_wq] Signed-off-by: Tejun Heo <tj(a)kernel.org> Reported-and-tested-by: Jan Engelhardt <jengelh(a)inai.de> Suggested-by: Linus Torvalds <torvalds(a)linux-foundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/workqueue.c | 51 ++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/kernel/workqueue.c b/kernel/workqueue.c index d2dbe099286b9..7634fc32ee05a 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -124,6 +124,7 @@ enum wq_internal_consts { HIGHPRI_NICE_LEVEL = MIN_NICE, WQ_NAME_LEN = 32, + WORKER_ID_LEN = 10 + WQ_NAME_LEN, /* "kworker/R-" + WQ_NAME_LEN */ }; /* @@ -2778,6 +2779,26 @@ static void worker_detach_from_pool(struct worker *worker) complete(detach_completion); } +static int format_worker_id(char *buf, size_t size, struct worker *worker, + struct worker_pool *pool) +{ + if (worker->rescue_wq) + return scnprintf(buf, size, "kworker/R-%s", + worker->rescue_wq->name); + + if (pool) { + if (pool->cpu >= 0) + return scnprintf(buf, size, "kworker/%d:%d%s", + pool->cpu, worker->id, + pool->attrs->nice < 0 ? "H" : ""); + else + return scnprintf(buf, size, "kworker/u%d:%d", + pool->id, worker->id); + } else { + return scnprintf(buf, size, "kworker/dying"); + } +} + /** * create_worker - create a new workqueue worker * @pool: pool the new worker will belong to @@ -2794,7 +2815,6 @@ static struct worker *create_worker(struct worker_pool *pool) { struct worker *worker; int id; - char id_buf[23]; /* ID is needed to determine kthread name */ id = ida_alloc(&pool->worker_ida, GFP_KERNEL); @@ -2813,17 +2833,14 @@ static struct worker *create_worker(struct worker_pool *pool) worker->id = id; if (!(pool->flags & POOL_BH)) { - if (pool->cpu >= 0) - snprintf(id_buf, sizeof(id_buf), "%d:%d%s", pool->cpu, id, - pool->attrs->nice < 0 ? "H" : ""); - else - snprintf(id_buf, sizeof(id_buf), "u%d:%d", pool->id, id); + char id_buf[WORKER_ID_LEN]; + format_worker_id(id_buf, sizeof(id_buf), worker, pool); worker->task = kthread_create_on_node(worker_thread, worker, - pool->node, "kworker/%s", id_buf); + pool->node, "%s", id_buf); if (IS_ERR(worker->task)) { if (PTR_ERR(worker->task) == -EINTR) { - pr_err("workqueue: Interrupted when creating a worker thread \"kworker/%s\"\n", + pr_err("workqueue: Interrupted when creating a worker thread \"%s\"\n", id_buf); } else { pr_err_once("workqueue: Failed to create a worker thread: %pe", @@ -3386,7 +3403,6 @@ static int worker_thread(void *__worker) raw_spin_unlock_irq(&pool->lock); set_pf_worker(false); - set_task_comm(worker->task, "kworker/dying"); ida_free(&pool->worker_ida, worker->id); worker_detach_from_pool(worker); WARN_ON_ONCE(!list_empty(&worker->entry)); @@ -5430,6 +5446,7 @@ static int wq_clamp_max_active(int max_active, unsigned int flags, static int init_rescuer(struct workqueue_struct *wq) { struct worker *rescuer; + char id_buf[WORKER_ID_LEN]; int ret; if (!(wq->flags & WQ_MEM_RECLAIM)) @@ -5443,7 +5460,9 @@ static int init_rescuer(struct workqueue_struct *wq) } rescuer->rescue_wq = wq; - rescuer->task = kthread_create(rescuer_thread, rescuer, "kworker/R-%s", wq->name); + format_worker_id(id_buf, sizeof(id_buf), rescuer, NULL); + + rescuer->task = kthread_create(rescuer_thread, rescuer, "%s", id_buf); if (IS_ERR(rescuer->task)) { ret = PTR_ERR(rescuer->task); pr_err("workqueue: Failed to create a rescuer kthread for wq \"%s\": %pe", @@ -6272,19 +6291,15 @@ void show_freezable_workqueues(void) /* used to show worker information through /proc/PID/{comm,stat,status} */ void wq_worker_comm(char *buf, size_t size, struct task_struct *task) { - int off; - - /* always show the actual comm */ - off = strscpy(buf, task->comm, size); - if (off < 0) - return; - /* stabilize PF_WQ_WORKER and worker pool association */ mutex_lock(&wq_pool_attach_mutex); if (task->flags & PF_WQ_WORKER) { struct worker *worker = kthread_data(task); struct worker_pool *pool = worker->pool; + int off; + + off = format_worker_id(buf, size, worker, pool); if (pool) { raw_spin_lock_irq(&pool->lock); @@ -6303,6 +6318,8 @@ void wq_worker_comm(char *buf, size_t size, struct task_struct *task) } raw_spin_unlock_irq(&pool->lock); } + } else { + strscpy(buf, task->comm, size); } mutex_unlock(&wq_pool_attach_mutex); -- 2.43.0

9 months, 2 weeks

3
42
0 0

[PATCH AUTOSEL 5.4 01/11] Input: elantech - fix touchpad state on resume for Lenovo N24

by Sasha Levin

From: Jonathan Denose <jdenose(a)google.com> [ Upstream commit a69ce592cbe0417664bc5a075205aa75c2ec1273 ] The Lenovo N24 on resume becomes stuck in a state where it sends incorrect packets, causing elantech_packet_check_v4 to fail. The only way for the device to resume sending the correct packets is for it to be disabled and then re-enabled. This change adds a dmi check to trigger this behavior on resume. Signed-off-by: Jonathan Denose <jdenose(a)google.com> Link: https://lore.kernel.org/r/20240503155020.v2.1.Ifa0e25ebf968d8f307f58d678036… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/input/mouse/elantech.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/drivers/input/mouse/elantech.c b/drivers/input/mouse/elantech.c index 9ff89bfda7a24..8e286e023916f 100644 --- a/drivers/input/mouse/elantech.c +++ b/drivers/input/mouse/elantech.c @@ -1476,16 +1476,47 @@ static void elantech_disconnect(struct psmouse *psmouse) psmouse->private = NULL; } +/* + * Some hw_version 4 models fail to properly activate absolute mode on + * resume without going through disable/enable cycle. + */ +static const struct dmi_system_id elantech_needs_reenable[] = { +#if defined(CONFIG_DMI) && defined(CONFIG_X86) + { + /* Lenovo N24 */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), + DMI_MATCH(DMI_PRODUCT_NAME, "81AF"), + }, + }, +#endif + { } +}; + /* * Put the touchpad back into absolute mode when reconnecting */ static int elantech_reconnect(struct psmouse *psmouse) { + int err; + psmouse_reset(psmouse); if (elantech_detect(psmouse, 0)) return -1; + if (dmi_check_system(elantech_needs_reenable)) { + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_DISABLE); + if (err) + psmouse_warn(psmouse, "failed to deactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + + err = ps2_command(&psmouse->ps2dev, NULL, PSMOUSE_CMD_ENABLE); + if (err) + psmouse_warn(psmouse, "failed to reactivate mouse on %s: %d\n", + psmouse->ps2dev.serio->phys, err); + } + if (elantech_set_absolute_mode(psmouse)) { psmouse_err(psmouse, "failed to put touchpad back into absolute mode.\n"); -- 2.43.0

9 months, 2 weeks

2
13
0 0

[PATCH AUTOSEL 6.9 01/22] clk: qcom: apss-ipq-pll: remove 'config_ctl_hi_val' from Stromer pll configs

by Sasha Levin

From: Gabor Juhos <j4g8y7(a)gmail.com> [ Upstream commit 2ba8425678af422da37b6c9b50e9ce66f0f55cae ] Since the CONFIG_CTL register is only 32 bits wide in the Stromer and Stromer Plus PLLs , the 'config_ctl_hi_val' values from the IPQ5018 and IPQ5332 configurations are not used so remove those. No functional changes. Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> Reviewed-by: Kathiravan Thirumoorthy <quic_kathirav(a)quicinc.com> Acked-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Link: https://lore.kernel.org/r/20240509-stromer-config-ctl-v1-1-6034e17b28d5@gma… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/clk/qcom/apss-ipq-pll.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/clk/qcom/apss-ipq-pll.c b/drivers/clk/qcom/apss-ipq-pll.c index d7ab5bd5d4b41..e12bb9abf6b6a 100644 --- a/drivers/clk/qcom/apss-ipq-pll.c +++ b/drivers/clk/qcom/apss-ipq-pll.c @@ -100,7 +100,6 @@ static struct clk_alpha_pll ipq_pll_stromer_plus = { static const struct alpha_pll_config ipq5018_pll_config = { .l = 0x2a, .config_ctl_val = 0x4001075b, - .config_ctl_hi_val = 0x304, .main_output_mask = BIT(0), .aux_output_mask = BIT(1), .early_output_mask = BIT(3), @@ -114,7 +113,6 @@ static const struct alpha_pll_config ipq5018_pll_config = { static const struct alpha_pll_config ipq5332_pll_config = { .l = 0x2d, .config_ctl_val = 0x4001075b, - .config_ctl_hi_val = 0x304, .main_output_mask = BIT(0), .aux_output_mask = BIT(1), .early_output_mask = BIT(3), -- 2.43.0

9 months, 2 weeks

4
26
0 0

[PATCH v2] dmaengine: moxart: handle irq_of_parse_and_map() errors

by Ma Ke

Zero and negative number is not a valid IRQ for in-kernel code and the irq_of_parse_and_map() function returns zero on error. So this check for valid IRQs should only accept values > 0. Cc: stable(a)vger.kernel.org Fixes: 2d9e31b9412c ("dmaengine: moxart: remove NO_IRQ") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line; - added Fixes line. --- drivers/dma/moxart-dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/dma/moxart-dma.c b/drivers/dma/moxart-dma.c index c48d68cbff92..0690ccab431d 100644 --- a/drivers/dma/moxart-dma.c +++ b/drivers/dma/moxart-dma.c @@ -573,7 +573,7 @@ static int moxart_probe(struct platform_device *pdev) return -ENOMEM; irq = irq_of_parse_and_map(node, 0); - if (!irq) { + if (irq <= 0) { dev_err(dev, "no IRQ resource\n"); return -EINVAL; } -- 2.25.1

9 months, 2 weeks

1
0
0 0

5.15.x: randomize_layout_plugin.c: 'last_stmt' was not declared in this scope?

by Thomas Meyer

Good day, I wanted to upgrade my kernel to the latest 5.15.162 but it seems to fail with this error message after upgrading to fedora 40, any ideas what could be the problem? $ make HOSTCXX scripts/gcc-plugins/randomize_layout_plugin.so scripts/gcc-plugins/randomize_layout_plugin.c: In function 'bool dominated_by_is_err(const_tree, basic_block)': scripts/gcc-plugins/randomize_layout_plugin.c:693:20: error: 'last_stmt' was not declared in this scope; did you mean 'call_stmt'? 693 | dom_stmt = last_stmt(dom); | ^~~~~~~~~ | call_stmt make[2]: *** [scripts/gcc-plugins/Makefile:48: scripts/gcc-plugins/randomize_layout_plugin.so] Error 1 make[1]: *** [scripts/Makefile.build:552: scripts/gcc-plugins] Error 2 make: *** [Makefile:1246: scripts] Error 2 Maybe a problem with gcc 14? My current kernel was compiled with gcc 13: [ 0.000000] [ T0] Linux version 5.15.160 (thomas2(a)localhost.localdomain) (gcc (GCC) 13.3.1 20240522 (Red Hat 13.3.1-1), GNU ld version 2.40-14.fc39) #15 PREEMPT Sat Jun 1 16:54:27 CEST 2024 $ gcc --version gcc (GCC) 14.1.1 20240522 (Red Hat 14.1.1-4) any help appreciated. with kind regards thomas PS: please cc my as I'm not subscribed to the list.

9 months, 2 weeks

2
3
0 0

[PATCH] media: uvcvideo: Fix custom control mapping probing

by Ricardo Ribalda

Custom control mapping introduced a bug, where the filter function was applied to every single control. Fix it so it is only applied to the matching controls. Reported-by: Paul Menzen <pmenzel(a)molgen.mpg.de> Closes: https://lore.kernel.org/linux-media/518cd6b4-68a8-4895-b8fc-97d4dae1ddc4@mo… Cc: stable(a)vger.kernel.org Fixes: 8f4362a8d42b ("media: uvcvideo: Allow custom control mapping") Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Paul, could you check if this fixes your issue, thanks! --- drivers/media/usb/uvc/uvc_ctrl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c index 0136df5732ba..06fede57bf36 100644 --- a/drivers/media/usb/uvc/uvc_ctrl.c +++ b/drivers/media/usb/uvc/uvc_ctrl.c @@ -2680,6 +2680,10 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, for (i = 0; i < ARRAY_SIZE(uvc_ctrl_mappings); ++i) { const struct uvc_control_mapping *mapping = &uvc_ctrl_mappings[i]; + if (!(uvc_entity_match_guid(ctrl->entity, mapping->entity) && + ctrl->info.selector == mapping->selector)) + continue; + /* Let the device provide a custom mapping. */ if (mapping->filter_mapping) { mapping = mapping->filter_mapping(chain, ctrl); @@ -2687,9 +2691,7 @@ static void uvc_ctrl_init_ctrl(struct uvc_video_chain *chain, continue; } - if (uvc_entity_match_guid(ctrl->entity, mapping->entity) && - ctrl->info.selector == mapping->selector) - __uvc_ctrl_add_mapping(chain, ctrl, mapping); + __uvc_ctrl_add_mapping(chain, ctrl, mapping); } } --- base-commit: 68a72104cbcf38ad16500216e213fa4eb21c4be2 change-id: 20240722-fix-filter-mapping-18477dc69048 Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

9 months, 2 weeks

3
4
0 0

[PATCH v2 3/8] arm64: dts: qcom: x1e80100: add missing PCIe minimum OPP

by Johan Hovold

Add the missing PCIe CX performance level votes to avoid relying on other drivers (e.g. USB) to maintain the nominal performance level required for Gen3 speeds. Fixes: 5eb83fc10289 ("arm64: dts: qcom: x1e80100: Add PCIe nodes") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 07e00f1d1768..2c10532d4f60 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -2974,6 +2974,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, "link_down"; power-domains = <&gcc GCC_PCIE_6A_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie6a_phy>; phy-names = "pciephy"; @@ -3095,6 +3096,7 @@ &mc_virt SLAVE_EBI1 QCOM_ICC_TAG_ALWAYS>, "link_down"; power-domains = <&gcc GCC_PCIE_4_GDSC>; + required-opps = <&rpmhpd_opp_nom>; phys = <&pcie4_phy>; phy-names = "pciephy"; -- 2.44.2

9 months, 2 weeks

2
1
0 0

[PATCH 04/12] arm64: dts: qcom: x1e80100-qcp: fix missing PCIe4 gpios

by Johan Hovold

Add the missing PCIe4 perst, wake and clkreq GPIOs and pin config. Fixes: f9a9c11471da ("arm64: dts: qcom: x1e80100-qcp: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts index 998e5ea2f52e..786285af9f33 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts @@ -572,6 +572,12 @@ &mdss_dp3_phy { }; &pcie4 { + perst-gpios = <&tlmm 146 GPIO_ACTIVE_LOW>; + wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; + + pinctrl-0 = <&pcie4_default>; + pinctrl-names = "default"; + status = "okay"; }; @@ -665,6 +671,29 @@ nvme_reg_en: nvme-reg-en-state { bias-disable; }; + pcie4_default: pcie4-default-state { + clkreq-n-pins { + pins = "gpio147"; + function = "pcie4_clk"; + drive-strength = <2>; + bias-pull-up; + }; + + perst-n-pins { + pins = "gpio146"; + function = "gpio"; + drive-strength = <2>; + bias-disable; + }; + + wake-n-pins { + pins = "gpio148"; + function = "gpio"; + drive-strength = <2>; + bias-pull-up; + }; + }; + pcie6a_default: pcie6a-default-state { clkreq-n-pins { pins = "gpio153"; -- 2.44.2

9 months, 2 weeks

2
1
0 0

[PATCH 01/12] arm64: dts: qcom: x1e80100-qcp: fix PCIe4 PHY supply

by Johan Hovold

The PCIe4 PHY is powered by vreg_l3i (not vreg_l3j) on the CRD so assume the same applies to the QCP. Fixes: f9a9c11471da ("arm64: dts: qcom: x1e80100-qcp: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts index e7758f172d0d..212ed20b3369 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-qcp.dts @@ -576,7 +576,7 @@ &pcie4 { }; &pcie4_phy { - vdda-phy-supply = <&vreg_l3j_0p8>; + vdda-phy-supply = <&vreg_l3i_0p8>; vdda-pll-supply = <&vreg_l3e_1p2>; status = "okay"; -- 2.44.2

9 months, 2 weeks

3
2
0 0

[PATCH v2 1/8] arm64: dts: qcom: x1e80100-crd: fix PCIe4 PHY supply

by Johan Hovold

The PCIe4 PHY is powered by vreg_l3i (not vreg_l3j). Fixes: d7e03cce0400 ("arm64: dts: qcom: x1e80100-crd: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts index f97c80b4077c..6aa2ec1e7919 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts @@ -788,7 +788,7 @@ &pcie4 { }; &pcie4_phy { - vdda-phy-supply = <&vreg_l3j_0p8>; + vdda-phy-supply = <&vreg_l3i_0p8>; vdda-pll-supply = <&vreg_l3e_1p2>; status = "okay"; -- 2.44.2

9 months, 2 weeks

2
1
0 0

[PATCH v2 6/8] arm64: dts: qcom: x1e80100-crd: fix missing PCIe4 gpios

by Johan Hovold

Add the missing PCIe4 perst, wake and clkreq GPIOs and pin config. Fixes: d7e03cce0400 ("arm64: dts: qcom: x1e80100-crd: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts index 7406f1ad9c55..caae0c3d8c7a 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts @@ -784,6 +784,12 @@ &mdss_dp3_phy { }; &pcie4 { + perst-gpios = <&tlmm 146 GPIO_ACTIVE_LOW>; + wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; + + pinctrl-0 = <&pcie4_default>; + pinctrl-names = "default"; + status = "okay"; }; @@ -975,6 +981,29 @@ nvme_reg_en: nvme-reg-en-state { bias-disable; }; + pcie4_default: pcie4-default-state { + clkreq-n-pins { + pins = "gpio147"; + function = "pcie4_clk"; + drive-strength = <2>; + bias-pull-up; + }; + + perst-n-pins { + pins = "gpio146"; + function = "gpio"; + drive-strength = <2>; + bias-disable; + }; + + wake-n-pins { + pins = "gpio148"; + function = "gpio"; + drive-strength = <2>; + bias-pull-up; + }; + }; + pcie6a_default: pcie6a-default-state { clkreq-n-pins { pins = "gpio153"; -- 2.44.2

9 months, 2 weeks

1
0
0 0

[PATCH v2 2/8] arm64: dts: qcom: x1e80100: fix PCIe domain numbers

by Johan Hovold

The current PCIe domain numbers are off by one and do not match the numbers that the UEFI firmware (and Windows) uses. Fixes: 5eb83fc10289 ("arm64: dts: qcom: x1e80100: Add PCIe nodes") Cc: stable(a)vger.kernel.org # 6.9 Reviewed-by: Konrad Dybcio <konrad.dybcio(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index c7aec564a318..07e00f1d1768 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -2916,7 +2916,7 @@ pcie6a: pci@1bf8000 { dma-coherent; - linux,pci-domain = <7>; + linux,pci-domain = <6>; num-lanes = <2>; interrupts = <GIC_SPI 773 IRQ_TYPE_LEVEL_HIGH>, @@ -3037,7 +3037,7 @@ pcie4: pci@1c08000 { dma-coherent; - linux,pci-domain = <5>; + linux,pci-domain = <4>; num-lanes = <2>; interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>, -- 2.44.2

9 months, 2 weeks

1
0
0 0

[PATCH v2 1/5] scripts/gdb: fix timerlist parsing issue

by Kuan-Ying Lee

Commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") and commit 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") move 'tick_stopped' and 'nohz_mode' to flags field which will break the gdb lx-mounts command: (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named nohz_mode. Error occurred in Python: There is no member named nohz_mode. (gdb) lx-timerlist Python Exception <class 'gdb.error'>: There is no member named tick_stopped. Error occurred in Python: There is no member named tick_stopped. We move 'tick_stopped' and 'nohz_mode' to flags field instead. Fixes: a478ffb2ae23 ("tick: Move individual bit features to debuggable mask accesses") Fixes: 7988e5ae2be7 ("tick: Split nohz and highres features from nohz_mode") Cc: <stable(a)vger.kernel.org> Signed-off-by: Kuan-Ying Lee <kuan-ying.lee(a)canonical.com> --- scripts/gdb/linux/timerlist.py | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/scripts/gdb/linux/timerlist.py b/scripts/gdb/linux/timerlist.py index 64bc87191003..98445671fe83 100644 --- a/scripts/gdb/linux/timerlist.py +++ b/scripts/gdb/linux/timerlist.py @@ -87,21 +87,22 @@ def print_cpu(hrtimer_bases, cpu, max_clock_bases): text += "\n" if constants.LX_CONFIG_TICK_ONESHOT: - fmts = [(" .{} : {}", 'nohz_mode'), - (" .{} : {} nsecs", 'last_tick'), - (" .{} : {}", 'tick_stopped'), - (" .{} : {}", 'idle_jiffies'), - (" .{} : {}", 'idle_calls'), - (" .{} : {}", 'idle_sleeps'), - (" .{} : {} nsecs", 'idle_entrytime'), - (" .{} : {} nsecs", 'idle_waketime'), - (" .{} : {} nsecs", 'idle_exittime'), - (" .{} : {} nsecs", 'idle_sleeptime'), - (" .{}: {} nsecs", 'iowait_sleeptime'), - (" .{} : {}", 'last_jiffies'), - (" .{} : {}", 'next_timer'), - (" .{} : {} nsecs", 'idle_expires')] - text += "\n".join([s.format(f, ts[f]) for s, f in fmts]) + TS_FLAG_STOPPED = 1 << 1 + TS_FLAG_NOHZ = 1 << 4 + text += f" .{'nohz':15s}: {int(bool(ts['flags'] & TS_FLAG_NOHZ))}\n" + text += f" .{'last_tick':15s}: {ts['last_tick']}\n" + text += f" .{'tick_stopped':15s}: {int(bool(ts['flags'] & TS_FLAG_STOPPED))}\n" + text += f" .{'idle_jiffies':15s}: {ts['idle_jiffies']}\n" + text += f" .{'idle_calls':15s}: {ts['idle_calls']}\n" + text += f" .{'idle_sleeps':15s}: {ts['idle_sleeps']}\n" + text += f" .{'idle_entrytime':15s}: {ts['idle_entrytime']} nsecs\n" + text += f" .{'idle_waketime':15s}: {ts['idle_waketime']} nsecs\n" + text += f" .{'idle_exittime':15s}: {ts['idle_exittime']} nsecs\n" + text += f" .{'idle_sleeptime':15s}: {ts['idle_sleeptime']} nsecs\n" + text += f" .{'iowait_sleeptime':15s}: {ts['iowait_sleeptime']} nsecs\n" + text += f" .{'last_jiffies':15s}: {ts['last_jiffies']}\n" + text += f" .{'next_timer':15s}: {ts['next_timer']}\n" + text += f" .{'idle_expires':15s}: {ts['idle_expires']} nsecs\n" text += "\njiffies: {}\n".format(jiffies) text += "\n" -- 2.34.1

9 months, 2 weeks

1
1
0 0

[PATCH 5/7] arm64: dts: qcom: x1e80100-crd: fix missing PCIe4 gpios

by Johan Hovold

Add the missing PCIe4 perst, wake and clkreq GPIOs. Fixes: d7e03cce0400 ("arm64: dts: qcom: x1e80100-crd: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 29 +++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts index 7406f1ad9c55..72d9feec907b 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts @@ -784,6 +784,12 @@ &mdss_dp3_phy { }; &pcie4 { + perst-gpios = <&tlmm 146 GPIO_ACTIVE_LOW>; + wake-gpios = <&tlmm 148 GPIO_ACTIVE_LOW>; + + pinctrl-names = "default"; + pinctrl-0 = <&pcie4_default>; + status = "okay"; }; @@ -975,6 +981,29 @@ nvme_reg_en: nvme-reg-en-state { bias-disable; }; + pcie4_default: pcie4-default-state { + clkreq-n-pins { + pins = "gpio147"; + function = "pcie4_clk"; + drive-strength = <2>; + bias-pull-up; + }; + + perst-n-pins { + pins = "gpio146"; + function = "gpio"; + drive-strength = <2>; + bias-disable; + }; + + wake-n-pins { + pins = "gpio148"; + function = "gpio"; + drive-strength = <2>; + bias-pull-up; + }; + }; + pcie6a_default: pcie6a-default-state { clkreq-n-pins { pins = "gpio153"; -- 2.44.2

9 months, 2 weeks

3
2
0 0

[PATCH 1/7] arm64: dts: qcom: x1e80100-crd: fix PCIe4 PHY supply

by Johan Hovold

The PCIe4 PHY is powered by vreg_l3i (not vreg_l3j). Fixes: d7e03cce0400 ("arm64: dts: qcom: x1e80100-crd: Enable more support") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts index f97c80b4077c..6aa2ec1e7919 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100-crd.dts +++ b/arch/arm64/boot/dts/qcom/x1e80100-crd.dts @@ -788,7 +788,7 @@ &pcie4 { }; &pcie4_phy { - vdda-phy-supply = <&vreg_l3j_0p8>; + vdda-phy-supply = <&vreg_l3i_0p8>; vdda-pll-supply = <&vreg_l3e_1p2>; status = "okay"; -- 2.44.2

9 months, 2 weeks

3
2
0 0

[PATCH] usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed.

by crwulff＠gmail.com

From: Chris Wulff <crwulff(a)gmail.com> These functions can fail if descriptors are malformed, or missing, for the selected USB speed. Fixes: eb9fecb9e69b ("usb: gadget: f_uac2: split out audio core") Fixes: 24f779dac8f3 ("usb: gadget: f_uac2/u_audio: add feedback endpoint support") Cc: stable(a)vger.kernel.org Signed-off-by: Chris Wulff <crwulff(a)gmail.com> --- drivers/usb/gadget/function/u_audio.c | 42 ++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 8 deletions(-) diff --git a/drivers/usb/gadget/function/u_audio.c b/drivers/usb/gadget/function/u_audio.c index 89af0feb7512..24299576972f 100644 --- a/drivers/usb/gadget/function/u_audio.c +++ b/drivers/usb/gadget/function/u_audio.c @@ -592,16 +592,25 @@ int u_audio_start_capture(struct g_audio *audio_dev) struct usb_ep *ep, *ep_fback; struct uac_rtd_params *prm; struct uac_params *params = &audio_dev->params; - int req_len, i; + int req_len, i, ret; prm = &uac->c_prm; dev_dbg(dev, "start capture with rate %d\n", prm->srate); ep = audio_dev->out_ep; - config_ep_by_speed(gadget, &audio_dev->func, ep); + ret = config_ep_by_speed(gadget, &audio_dev->func, ep); + if (ret < 0) { + dev_err(dev, "config_ep_by_speed for out_ep failed (%d)\n", ret); + return ret; + } + req_len = ep->maxpacket; prm->ep_enabled = true; - usb_ep_enable(ep); + ret = usb_ep_enable(ep); + if (ret < 0) { + dev_err(dev, "usb_ep_enable failed for out_ep (%d)\n", ret); + return ret; + } for (i = 0; i < params->req_number; i++) { if (!prm->reqs[i]) { @@ -629,9 +638,18 @@ int u_audio_start_capture(struct g_audio *audio_dev) return 0; /* Setup feedback endpoint */ - config_ep_by_speed(gadget, &audio_dev->func, ep_fback); + ret = config_ep_by_speed(gadget, &audio_dev->func, ep_fback); + if (ret < 0) { + dev_err(dev, "config_ep_by_speed in_ep_fback failed (%d)\n", ret); + return ret; // TODO: Clean up out_ep + } + prm->fb_ep_enabled = true; - usb_ep_enable(ep_fback); + ret = usb_ep_enable(ep_fback); + if (ret < 0) { + dev_err(dev, "usb_ep_enable failed for in_ep_fback (%d)\n", ret); + return ret; // TODO: Clean up out_ep + } req_len = ep_fback->maxpacket; req_fback = usb_ep_alloc_request(ep_fback, GFP_ATOMIC); @@ -687,13 +705,17 @@ int u_audio_start_playback(struct g_audio *audio_dev) struct uac_params *params = &audio_dev->params; unsigned int factor; const struct usb_endpoint_descriptor *ep_desc; - int req_len, i; + int req_len, i, ret; unsigned int p_pktsize; prm = &uac->p_prm; dev_dbg(dev, "start playback with rate %d\n", prm->srate); ep = audio_dev->in_ep; - config_ep_by_speed(gadget, &audio_dev->func, ep); + ret = config_ep_by_speed(gadget, &audio_dev->func, ep); + if (ret < 0) { + dev_err(dev, "config_ep_by_speed for in_ep failed (%d)\n", ret); + return ret; + } ep_desc = ep->desc; /* @@ -720,7 +742,11 @@ int u_audio_start_playback(struct g_audio *audio_dev) uac->p_residue_mil = 0; prm->ep_enabled = true; - usb_ep_enable(ep); + ret = usb_ep_enable(ep); + if (ret < 0) { + dev_err(dev, "usb_ep_enable failed for in_ep (%d)\n", ret); + return ret; + } for (i = 0; i < params->req_number; i++) { if (!prm->reqs[i]) { -- 2.43.0

9 months, 2 weeks

1
0
0 0

[PATCH] media: atomisp: Fix streaming no longer working on BYT / ISP2400 devices

by Hans de Goede

Commit a0821ca14bb8 ("media: atomisp: Remove test pattern generator (TPG) support") broke BYT support because it removed a seemingly unused field from struct sh_css_sp_config and a seemingly unused value from enum ia_css_input_mode. But these are part of the ABI between the kernel and firmware on ISP2400 and this part of the TPG support removal changes broke ISP2400 support. ISP2401 support was not affected because on ISP2401 only a part of struct sh_css_sp_config is used. Restore the removed field and enum value to fix this. Fixes: a0821ca14bb8 ("media: atomisp: Remove test pattern generator (TPG) support") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- .../media/atomisp/pci/ia_css_stream_public.h | 8 ++++++-- .../media/atomisp/pci/sh_css_internal.h | 19 ++++++++++++++++--- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/drivers/staging/media/atomisp/pci/ia_css_stream_public.h b/drivers/staging/media/atomisp/pci/ia_css_stream_public.h index 961c61288083..aad860e54d3a 100644 --- a/drivers/staging/media/atomisp/pci/ia_css_stream_public.h +++ b/drivers/staging/media/atomisp/pci/ia_css_stream_public.h @@ -27,12 +27,16 @@ #include "ia_css_prbs.h" #include "ia_css_input_port.h" -/* Input modes, these enumerate all supported input modes. - * Note that not all ISP modes support all input modes. +/* + * Input modes, these enumerate all supported input modes. + * This enum is part of the atomisp firmware ABI and must + * NOT be changed! + * Note that not all ISP modes support all input modes. */ enum ia_css_input_mode { IA_CSS_INPUT_MODE_SENSOR, /** data from sensor */ IA_CSS_INPUT_MODE_FIFO, /** data from input-fifo */ + IA_CSS_INPUT_MODE_TPG, /** data from test-pattern generator */ IA_CSS_INPUT_MODE_PRBS, /** data from pseudo-random bit stream */ IA_CSS_INPUT_MODE_MEMORY, /** data from a frame in memory */ IA_CSS_INPUT_MODE_BUFFERED_SENSOR /** data is sent through mipi buffer */ diff --git a/drivers/staging/media/atomisp/pci/sh_css_internal.h b/drivers/staging/media/atomisp/pci/sh_css_internal.h index a2d972ea3fa0..959e7f549641 100644 --- a/drivers/staging/media/atomisp/pci/sh_css_internal.h +++ b/drivers/staging/media/atomisp/pci/sh_css_internal.h @@ -344,7 +344,14 @@ struct sh_css_sp_input_formatter_set { #define IA_CSS_MIPI_SIZE_CHECK_MAX_NOF_ENTRIES_PER_PORT (3) -/* SP configuration information */ +/* + * SP configuration information + * + * This struct is part of the atomisp firmware ABI and is directly copied + * to ISP DRAM by sh_css_store_sp_group_to_ddr() + * + * Do NOT change this struct's layout or remove seemingly unused fields! + */ struct sh_css_sp_config { u8 no_isp_sync; /* Signal host immediately after start */ u8 enable_raw_pool_locking; /** Enable Raw Buffer Locking for HALv3 Support */ @@ -354,6 +361,10 @@ struct sh_css_sp_config { host (true) or when they are passed to the preview/video pipe (false). */ + /* + * Note the fields below are only used on the ISP2400 not on the ISP2401, + * sh_css_store_sp_group_to_ddr() skip copying these when run on the ISP2401. + */ struct { u8 a_changed; u8 b_changed; @@ -363,11 +374,13 @@ struct sh_css_sp_config { } input_formatter; sync_generator_cfg_t sync_gen; + tpg_cfg_t tpg; prbs_cfg_t prbs; input_system_cfg_t input_circuit; u8 input_circuit_cfg_changed; - u32 mipi_sizes_for_check[N_CSI_PORTS][IA_CSS_MIPI_SIZE_CHECK_MAX_NOF_ENTRIES_PER_PORT]; - u8 enable_isys_event_queue; + u32 mipi_sizes_for_check[N_CSI_PORTS][IA_CSS_MIPI_SIZE_CHECK_MAX_NOF_ENTRIES_PER_PORT]; + /* These last 2 fields are used on both the ISP2400 and the ISP2401 */ + u8 enable_isys_event_queue; u8 disable_cont_vf; }; -- 2.45.2

9 months, 2 weeks

1
0
0 0

[PATCH] thermal/drivers/qcom/lmh: remove false lockdep backtrace

by Dmitry Baryshkov

Annotate LMH IRQs with lockdep classes so that the lockdep doesn't report possible recursive locking issue between LMH and GIC interrupts. For the reference: CPU0 ---- lock(&irq_desc_lock_class); lock(&irq_desc_lock_class); *** DEADLOCK *** Call trace: dump_backtrace+0x98/0xf0 show_stack+0x18/0x24 dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x24 print_deadlock_bug+0x258/0x348 __lock_acquire+0x1078/0x1f44 lock_acquire+0x1fc/0x32c _raw_spin_lock_irqsave+0x60/0x88 __irq_get_desc_lock+0x58/0x98 enable_irq+0x38/0xa0 lmh_enable_interrupt+0x2c/0x38 irq_enable+0x40/0x8c __irq_startup+0x78/0xa4 irq_startup+0x78/0x168 __enable_irq+0x70/0x7c enable_irq+0x4c/0xa0 qcom_cpufreq_ready+0x20/0x2c cpufreq_online+0x2a8/0x988 cpufreq_add_dev+0x80/0x98 subsys_interface_register+0x104/0x134 cpufreq_register_driver+0x150/0x234 qcom_cpufreq_hw_driver_probe+0x2a8/0x388 platform_probe+0x68/0xc0 really_probe+0xbc/0x298 __driver_probe_device+0x78/0x12c driver_probe_device+0x3c/0x160 __device_attach_driver+0xb8/0x138 bus_for_each_drv+0x84/0xe0 __device_attach+0x9c/0x188 device_initial_probe+0x14/0x20 bus_probe_device+0xac/0xb0 deferred_probe_work_func+0x8c/0xc8 process_one_work+0x20c/0x62c worker_thread+0x1bc/0x36c kthread+0x120/0x124 ret_from_fork+0x10/0x20 Fixes: 53bca371cdf7 ("thermal/drivers/qcom: Add support for LMh driver") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> --- drivers/thermal/qcom/lmh.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/thermal/qcom/lmh.c b/drivers/thermal/qcom/lmh.c index 5225b3621a56..d2d49264cf83 100644 --- a/drivers/thermal/qcom/lmh.c +++ b/drivers/thermal/qcom/lmh.c @@ -73,7 +73,14 @@ static struct irq_chip lmh_irq_chip = { static int lmh_irq_map(struct irq_domain *d, unsigned int irq, irq_hw_number_t hw) { struct lmh_hw_data *lmh_data = d->host_data; + static struct lock_class_key lmh_lock_key; + static struct lock_class_key lmh_request_key; + /* + * This lock class tells lockdep that GPIO irqs are in a different + * category than their parents, so it won't report false recursion. + */ + irq_set_lockdep_class(irq, &lmh_lock_key, &lmh_request_key); irq_set_chip_and_handler(irq, &lmh_irq_chip, handle_simple_irq); irq_set_chip_data(irq, lmh_data); --- base-commit: 797012914d2d031430268fe512af0ccd7d8e46ef change-id: 20240721-lmh-lockdep-88de09e77089 Best regards, -- Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org>

9 months, 2 weeks

1
0
0 0

[PATCH v2 4.19 4/4] ext4: drop unnecessary journal handle in delalloc write

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> commit cc883236b79297f6266ca6f4e7f24f3fd3c736c1 upstream After we factor out the inline data write procedure from ext4_da_write_end(), we don't need to start journal handle for the cases of both buffer overwrite and append-write. If we need to update i_disksize, mark_inode_dirty() do start handle and update inode buffer. So we could just remove all the journal handle codes in the delalloc write procedure. After this patch, we could get a lot of performance improvement. Below is the Unixbench comparison data test on my machine with 'Intel Xeon Gold 5120' CPU and nvme SSD backend. Test cmd: ./Run -c 56 -i 3 fstime fsbuffer fsdisk Before this patch: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 422965.0 1068.1 File Copy 256 bufsize 500 maxblocks 1655.0 105077.0 634.9 File Copy 4096 bufsize 8000 maxblocks 5800.0 1429092.0 2464.0 ====== System Benchmarks Index Score (Partial Only) 1186.6 After this patch: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 732716.0 1850.3 File Copy 256 bufsize 500 maxblocks 1655.0 184940.0 1117.5 File Copy 4096 bufsize 8000 maxblocks 5800.0 2427152.0 4184.7 ====== System Benchmarks Index Score (Partial Only) 2053.0 Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-5-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inode.c | 60 +++++-------------------------------------------- 1 file changed, 5 insertions(+), 55 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 1e6753084a00..597c2f49c889 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3032,19 +3032,6 @@ static int ext4_nonda_switch(struct super_block *sb) return 0; } -/* We always reserve for an inode update; the superblock could be there too */ -static int ext4_da_write_credits(struct inode *inode, loff_t pos, unsigned len) -{ - if (likely(ext4_has_feature_large_file(inode->i_sb))) - return 1; - - if (pos + len <= 0x7fffffffULL) - return 1; - - /* We might need to update the superblock to set LARGE_FILE */ - return 2; -} - static int ext4_da_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) @@ -3053,7 +3040,6 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, struct page *page; pgoff_t index; struct inode *inode = mapping->host; - handle_t *handle; if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) return -EIO; @@ -3079,41 +3065,11 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, return 0; } - /* - * grab_cache_page_write_begin() can take a long time if the - * system is thrashing due to memory pressure, or if the page - * is being written back. So grab it first before we start - * the transaction handle. This also allows us to allocate - * the page (if needed) without using GFP_NOFS. - */ -retry_grab: +retry: page = grab_cache_page_write_begin(mapping, index, flags); if (!page) return -ENOMEM; - unlock_page(page); - - /* - * With delayed allocation, we don't log the i_disksize update - * if there is delayed block allocation. But we still need - * to journalling the i_disksize update if writes to the end - * of file which has an already mapped buffer. - */ -retry_journal: - handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, - ext4_da_write_credits(inode, pos, len)); - if (IS_ERR(handle)) { - put_page(page); - return PTR_ERR(handle); - } - lock_page(page); - if (page->mapping != mapping) { - /* The page got truncated from under us */ - unlock_page(page); - put_page(page); - ext4_journal_stop(handle); - goto retry_grab; - } /* In case writeback began while the page was unlocked */ wait_for_stable_page(page); @@ -3125,20 +3081,18 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, #endif if (ret < 0) { unlock_page(page); - ext4_journal_stop(handle); + put_page(page); /* * block_write_begin may have instantiated a few blocks * outside i_size. Trim these off again. Don't need - * i_size_read because we hold i_mutex. + * i_size_read because we hold inode lock. */ if (pos + len > inode->i_size) ext4_truncate_failed_write(inode); if (ret == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) - goto retry_journal; - - put_page(page); + goto retry; return ret; } @@ -3175,8 +3129,6 @@ static int ext4_da_write_end(struct file *file, struct page *page, void *fsdata) { struct inode *inode = mapping->host; - int ret; - handle_t *handle = ext4_journal_current_handle(); loff_t new_i_size; unsigned long start, end; int write_mode = (int)(unsigned long)fsdata; @@ -3215,9 +3167,7 @@ static int ext4_da_write_end(struct file *file, ext4_da_should_update_i_disksize(page, end)) ext4_update_i_disksize(inode, new_i_size); - copied = generic_write_end(file, mapping, pos, len, copied, page, fsdata); - ret = ext4_journal_stop(handle); - return ret ? ret : copied; + return generic_write_end(file, mapping, pos, len, copied, page, fsdata); } static void ext4_da_invalidatepage(struct page *page, unsigned int offset, -- 2.43.4

9 months, 2 weeks

1
0
0 0

[PATCH v2 4.19 3/4] ext4: factor out write end code of inline file

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> commit 6984aef59814fb5c47b0e30c56e101186b5ebf8c upstream Now that the inline_data file write end procedure are falled into the common write end functions, it is not clear. Factor them out and do some cleanup. This patch also drop ext4_da_write_inline_data_end() and switch to use ext4_write_inline_data_end() instead because we also need to do the same error processing if we failed to write data into inline entry. Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-4-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/ext4.h | 3 -- fs/ext4/inline.c | 127 ++++++++++++++++++++++++----------------------- fs/ext4/inode.c | 74 +++++++++------------------ 3 files changed, 89 insertions(+), 115 deletions(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index fa2579abea7d..6394c8a3803c 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -3083,9 +3083,6 @@ extern int ext4_da_write_inline_data_begin(struct address_space *mapping, unsigned flags, struct page **pagep, void **fsdata); -extern int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos, - unsigned len, unsigned copied, - struct page *page); extern int ext4_try_add_inline_entry(handle_t *handle, struct ext4_filename *fname, struct inode *dir, struct inode *inode); diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index de04bd5fb551..eeb696c85a61 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -741,40 +741,82 @@ int ext4_try_to_write_inline_data(struct address_space *mapping, int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, unsigned copied, struct page *page) { - int ret, no_expand; + handle_t *handle = ext4_journal_current_handle(); + int no_expand; void *kaddr; struct ext4_iloc iloc; + int ret = 0, ret2; if (unlikely(copied < len) && !PageUptodate(page)) - return 0; + copied = 0; - ret = ext4_get_inode_loc(inode, &iloc); - if (ret) { - ext4_std_error(inode->i_sb, ret); - return ret; - } + if (likely(copied)) { + ret = ext4_get_inode_loc(inode, &iloc); + if (ret) { + unlock_page(page); + put_page(page); + ext4_std_error(inode->i_sb, ret); + goto out; + } + ext4_write_lock_xattr(inode, &no_expand); + BUG_ON(!ext4_has_inline_data(inode)); - ext4_write_lock_xattr(inode, &no_expand); - BUG_ON(!ext4_has_inline_data(inode)); + kaddr = kmap_atomic(page); + ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); + kunmap_atomic(kaddr); + SetPageUptodate(page); + /* clear page dirty so that writepages wouldn't work for us. */ + ClearPageDirty(page); - /* - * ei->i_inline_off may have changed since ext4_write_begin() - * called ext4_try_to_write_inline_data() - */ - (void) ext4_find_inline_data_nolock(inode); + /* + * ei->i_inline_off may have changed since ext4_write_begin() + * called ext4_try_to_write_inline_data() + */ + (void) ext4_find_inline_data_nolock(inode); - kaddr = kmap_atomic(page); - ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); - kunmap_atomic(kaddr); - SetPageUptodate(page); - /* clear page dirty so that writepages wouldn't work for us. */ - ClearPageDirty(page); + ext4_write_unlock_xattr(inode, &no_expand); + brelse(iloc.bh); - ext4_write_unlock_xattr(inode, &no_expand); - brelse(iloc.bh); - mark_inode_dirty(inode); + /* + * It's important to update i_size while still holding page + * lock: page writeout could otherwise come in and zero + * beyond i_size. + */ + ext4_update_inode_size(inode, pos + copied); + } + unlock_page(page); + put_page(page); - return copied; + /* + * Don't mark the inode dirty under page lock. First, it unnecessarily + * makes the holding time of page lock longer. Second, it forces lock + * ordering of page lock and transaction start for journaling + * filesystems. + */ + if (likely(copied)) + mark_inode_dirty(inode); +out: + /* + * If we didn't copy as much data as expected, we need to trim back + * size of xattr containing inline data. + */ + if (pos + len > inode->i_size && ext4_can_truncate(inode)) + ext4_orphan_add(handle, inode); + + ret2 = ext4_journal_stop(handle); + if (!ret) + ret = ret2; + if (pos + len > inode->i_size) { + ext4_truncate_failed_write(inode); + /* + * If truncate failed early the inode might still be + * on the orphan list; we need to make sure the inode + * is removed from the orphan list in that case. + */ + if (inode->i_nlink) + ext4_orphan_del(NULL, inode); + } + return ret ? ret : copied; } struct buffer_head * @@ -955,43 +997,6 @@ int ext4_da_write_inline_data_begin(struct address_space *mapping, return ret; } -int ext4_da_write_inline_data_end(struct inode *inode, loff_t pos, - unsigned len, unsigned copied, - struct page *page) -{ - int ret; - - ret = ext4_write_inline_data_end(inode, pos, len, copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - return ret; - } - copied = ret; - - /* - * No need to use i_size_read() here, the i_size - * cannot change under us because we hold i_mutex. - * - * But it's important to update i_size while still holding page lock: - * page writeout could otherwise come in and zero beyond i_size. - */ - if (pos+copied > inode->i_size) - i_size_write(inode, pos+copied); - unlock_page(page); - put_page(page); - - /* - * Don't mark the inode dirty under page lock. First, it unnecessarily - * makes the holding time of page lock longer. Second, it forces lock - * ordering of page lock and transaction start for journaling - * filesystems. - */ - mark_inode_dirty(inode); - - return copied; -} - #ifdef INLINE_DIR_DEBUG void ext4_show_inline_dir(struct inode *dir, struct buffer_head *bh, void *inline_start, int inline_size) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 44a715e6aae1..1e6753084a00 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1415,23 +1415,13 @@ static int ext4_write_end(struct file *file, loff_t old_size = inode->i_size; int ret = 0, ret2; int i_size_changed = 0; - int inline_data = ext4_has_inline_data(inode); trace_ext4_write_end(inode, pos, len, copied); - if (inline_data && - ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA)) { - ret = ext4_write_inline_data_end(inode, pos, len, - copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - goto errout; - } - copied = ret; - ret = 0; - } else - copied = block_write_end(file, mapping, pos, - len, copied, page, fsdata); + + if (ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + + copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); /* * it's important to update i_size while still holding page lock: * page writeout could otherwise come in and zero beyond i_size. @@ -1448,10 +1438,9 @@ static int ext4_write_end(struct file *file, * ordering of page lock and transaction start for journaling * filesystems. */ - if (i_size_changed || inline_data) + if (i_size_changed) ext4_mark_inode_dirty(handle, inode); -errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -1523,7 +1512,6 @@ static int ext4_journalled_write_end(struct file *file, int partial = 0; unsigned from, to; int size_changed = 0; - int inline_data = ext4_has_inline_data(inode); trace_ext4_journalled_write_end(inode, pos, len, copied); from = pos & (PAGE_SIZE - 1); @@ -1531,17 +1519,10 @@ static int ext4_journalled_write_end(struct file *file, BUG_ON(!ext4_handle_valid(handle)); - if (inline_data) { - ret = ext4_write_inline_data_end(inode, pos, len, - copied, page); - if (ret < 0) { - unlock_page(page); - put_page(page); - goto errout; - } - copied = ret; - ret = 0; - } else if (unlikely(copied < len) && !PageUptodate(page)) { + if (ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + + if (unlikely(copied < len) && !PageUptodate(page)) { copied = 0; ext4_journalled_zero_new_buffers(handle, page, from, to); } else { @@ -1563,13 +1544,12 @@ static int ext4_journalled_write_end(struct file *file, if (old_size < pos) pagecache_isize_extended(inode, old_size, pos); - if (size_changed || inline_data) { + if (size_changed) { ret2 = ext4_mark_inode_dirty(handle, inode); if (!ret) ret = ret2; } -errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -3195,7 +3175,7 @@ static int ext4_da_write_end(struct file *file, struct page *page, void *fsdata) { struct inode *inode = mapping->host; - int ret = 0, ret2; + int ret; handle_t *handle = ext4_journal_current_handle(); loff_t new_i_size; unsigned long start, end; @@ -3206,6 +3186,12 @@ static int ext4_da_write_end(struct file *file, len, copied, page, fsdata); trace_ext4_da_write_end(inode, pos, len, copied); + + if (write_mode != CONVERT_INLINE_DATA && + ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && + ext4_has_inline_data(inode)) + return ext4_write_inline_data_end(inode, pos, len, copied, page); + start = pos & (PAGE_SIZE - 1); end = start + copied - 1; @@ -3225,26 +3211,12 @@ static int ext4_da_write_end(struct file *file, * ext4_da_write_inline_data_end(). */ new_i_size = pos + copied; - if (copied && new_i_size > inode->i_size) { - if (ext4_has_inline_data(inode) || - ext4_da_should_update_i_disksize(page, end)) - ext4_update_i_disksize(inode, new_i_size); - } - - if (write_mode != CONVERT_INLINE_DATA && - ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && - ext4_has_inline_data(inode)) - ret = ext4_da_write_inline_data_end(inode, pos, len, copied, - page); - else - ret = generic_write_end(file, mapping, pos, len, copied, - page, fsdata); - - copied = ret; - ret2 = ext4_journal_stop(handle); - if (!ret) - ret = ret2; + if (copied && new_i_size > inode->i_size && + ext4_da_should_update_i_disksize(page, end)) + ext4_update_i_disksize(inode, new_i_size); + copied = generic_write_end(file, mapping, pos, len, copied, page, fsdata); + ret = ext4_journal_stop(handle); return ret ? ret : copied; } -- 2.43.4

9 months, 2 weeks

1
0
0 0

[PATCH v2 4.19 2/4] ext4: correct the error path of ext4_write_inline_data_end()

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> commit 55ce2f649b9e88111270333a8127e23f4f8f42d7 upstream Current error path of ext4_write_inline_data_end() is not correct. Firstly, it should pass out the error value if ext4_get_inode_loc() return fail, or else it could trigger infinite loop if we inject error here. And then it's better to add inode to orphan list if it return fail in ext4_journal_stop(), otherwise we could not restore inline xattr entry after power failure. Finally, we need to reset the 'ret' value if ext4_write_inline_data_end() return success in ext4_write_end() and ext4_journalled_write_end(), otherwise we could not get the error return value of ext4_journal_stop(). Cc: stable(a)vger.kernel.org Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-3-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inline.c | 15 +++++---------- fs/ext4/inode.c | 7 +++++-- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 71bb3cfc5933..de04bd5fb551 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -745,18 +745,13 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, void *kaddr; struct ext4_iloc iloc; - if (unlikely(copied < len)) { - if (!PageUptodate(page)) { - copied = 0; - goto out; - } - } + if (unlikely(copied < len) && !PageUptodate(page)) + return 0; ret = ext4_get_inode_loc(inode, &iloc); if (ret) { ext4_std_error(inode->i_sb, ret); - copied = 0; - goto out; + return ret; } ext4_write_lock_xattr(inode, &no_expand); @@ -769,7 +764,7 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, (void) ext4_find_inline_data_nolock(inode); kaddr = kmap_atomic(page); - ext4_write_inline_data(inode, &iloc, kaddr, pos, len); + ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); kunmap_atomic(kaddr); SetPageUptodate(page); /* clear page dirty so that writepages wouldn't work for us. */ @@ -778,7 +773,7 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, ext4_write_unlock_xattr(inode, &no_expand); brelse(iloc.bh); mark_inode_dirty(inode); -out: + return copied; } diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index d8a8e4ee5ff8..44a715e6aae1 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1428,6 +1428,7 @@ static int ext4_write_end(struct file *file, goto errout; } copied = ret; + ret = 0; } else copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); @@ -1450,13 +1451,14 @@ static int ext4_write_end(struct file *file, if (i_size_changed || inline_data) ext4_mark_inode_dirty(handle, inode); +errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside * inode->i_size. So truncate them */ ext4_orphan_add(handle, inode); -errout: + ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; @@ -1538,6 +1540,7 @@ static int ext4_journalled_write_end(struct file *file, goto errout; } copied = ret; + ret = 0; } else if (unlikely(copied < len) && !PageUptodate(page)) { copied = 0; ext4_journalled_zero_new_buffers(handle, page, from, to); @@ -1566,6 +1569,7 @@ static int ext4_journalled_write_end(struct file *file, ret = ret2; } +errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -1573,7 +1577,6 @@ static int ext4_journalled_write_end(struct file *file, */ ext4_orphan_add(handle, inode); -errout: ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; -- 2.43.4

9 months, 2 weeks

1
0
0 0

[PATCH 1/4] ext4: check and update i_disksize properly

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> After commit 3da40c7b0898 ("ext4: only call ext4_truncate when size <= isize"), i_disksize could always be updated to i_size in ext4_setattr(), and we could sure that i_disksize <= i_size since holding inode lock and if i_disksize < i_size there are delalloc writes pending in the range upto i_size. If the end of the current write is <= i_size, there's no need to touch i_disksize since writeback will push i_disksize upto i_size eventually. So we can switch to check i_size instead of i_disksize in ext4_da_write_end() when write to the end of the file. we also could remove ext4_mark_inode_dirty() together because we defer inode dirtying to generic_write_end() or ext4_da_write_inline_data_end(). Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-2-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inode.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 646285fbc9fc..d8a8e4ee5ff8 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3207,35 +3207,37 @@ static int ext4_da_write_end(struct file *file, end = start + copied - 1; /* - * generic_write_end() will run mark_inode_dirty() if i_size - * changes. So let's piggyback the i_disksize mark_inode_dirty - * into that. + * Since we are holding inode lock, we are sure i_disksize <= + * i_size. We also know that if i_disksize < i_size, there are + * delalloc writes pending in the range upto i_size. If the end of + * the current write is <= i_size, there's no need to touch + * i_disksize since writeback will push i_disksize upto i_size + * eventually. If the end of the current write is > i_size and + * inside an allocated block (ext4_da_should_update_i_disksize() + * check), we need to update i_disksize here as neither + * ext4_writepage() nor certain ext4_writepages() paths not + * allocating blocks update i_disksize. + * + * Note that we defer inode dirtying to generic_write_end() / + * ext4_da_write_inline_data_end(). */ new_i_size = pos + copied; - if (copied && new_i_size > EXT4_I(inode)->i_disksize) { + if (copied && new_i_size > inode->i_size) { if (ext4_has_inline_data(inode) || - ext4_da_should_update_i_disksize(page, end)) { + ext4_da_should_update_i_disksize(page, end)) ext4_update_i_disksize(inode, new_i_size); - /* We need to mark inode dirty even if - * new_i_size is less that inode->i_size - * bu greater than i_disksize.(hint delalloc) - */ - ext4_mark_inode_dirty(handle, inode); - } } if (write_mode != CONVERT_INLINE_DATA && ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) && ext4_has_inline_data(inode)) - ret2 = ext4_da_write_inline_data_end(inode, pos, len, copied, + ret = ext4_da_write_inline_data_end(inode, pos, len, copied, page); else - ret2 = generic_write_end(file, mapping, pos, len, copied, + ret = generic_write_end(file, mapping, pos, len, copied, page, fsdata); - copied = ret2; - if (ret2 < 0) - ret = ret2; + copied = ret; ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; -- 2.43.4

9 months, 2 weeks

2
1
0 0

[PATCH 4/4] ext4: drop unnecessary journal handle in delalloc write

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> After we factor out the inline data write procedure from ext4_da_write_end(), we don't need to start journal handle for the cases of both buffer overwrite and append-write. If we need to update i_disksize, mark_inode_dirty() do start handle and update inode buffer. So we could just remove all the journal handle codes in the delalloc write procedure. After this patch, we could get a lot of performance improvement. Below is the Unixbench comparison data test on my machine with 'Intel Xeon Gold 5120' CPU and nvme SSD backend. Test cmd: ./Run -c 56 -i 3 fstime fsbuffer fsdisk Before this patch: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 422965.0 1068.1 File Copy 256 bufsize 500 maxblocks 1655.0 105077.0 634.9 File Copy 4096 bufsize 8000 maxblocks 5800.0 1429092.0 2464.0 ====== System Benchmarks Index Score (Partial Only) 1186.6 After this patch: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 732716.0 1850.3 File Copy 256 bufsize 500 maxblocks 1655.0 184940.0 1117.5 File Copy 4096 bufsize 8000 maxblocks 5800.0 2427152.0 4184.7 ====== System Benchmarks Index Score (Partial Only) 2053.0 Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-5-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inode.c | 60 +++++-------------------------------------------- 1 file changed, 5 insertions(+), 55 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 1e6753084a00..597c2f49c889 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3032,19 +3032,6 @@ static int ext4_nonda_switch(struct super_block *sb) return 0; } -/* We always reserve for an inode update; the superblock could be there too */ -static int ext4_da_write_credits(struct inode *inode, loff_t pos, unsigned len) -{ - if (likely(ext4_has_feature_large_file(inode->i_sb))) - return 1; - - if (pos + len <= 0x7fffffffULL) - return 1; - - /* We might need to update the superblock to set LARGE_FILE */ - return 2; -} - static int ext4_da_write_begin(struct file *file, struct address_space *mapping, loff_t pos, unsigned len, unsigned flags, struct page **pagep, void **fsdata) @@ -3053,7 +3040,6 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, struct page *page; pgoff_t index; struct inode *inode = mapping->host; - handle_t *handle; if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) return -EIO; @@ -3079,41 +3065,11 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, return 0; } - /* - * grab_cache_page_write_begin() can take a long time if the - * system is thrashing due to memory pressure, or if the page - * is being written back. So grab it first before we start - * the transaction handle. This also allows us to allocate - * the page (if needed) without using GFP_NOFS. - */ -retry_grab: +retry: page = grab_cache_page_write_begin(mapping, index, flags); if (!page) return -ENOMEM; - unlock_page(page); - - /* - * With delayed allocation, we don't log the i_disksize update - * if there is delayed block allocation. But we still need - * to journalling the i_disksize update if writes to the end - * of file which has an already mapped buffer. - */ -retry_journal: - handle = ext4_journal_start(inode, EXT4_HT_WRITE_PAGE, - ext4_da_write_credits(inode, pos, len)); - if (IS_ERR(handle)) { - put_page(page); - return PTR_ERR(handle); - } - lock_page(page); - if (page->mapping != mapping) { - /* The page got truncated from under us */ - unlock_page(page); - put_page(page); - ext4_journal_stop(handle); - goto retry_grab; - } /* In case writeback began while the page was unlocked */ wait_for_stable_page(page); @@ -3125,20 +3081,18 @@ static int ext4_da_write_begin(struct file *file, struct address_space *mapping, #endif if (ret < 0) { unlock_page(page); - ext4_journal_stop(handle); + put_page(page); /* * block_write_begin may have instantiated a few blocks * outside i_size. Trim these off again. Don't need - * i_size_read because we hold i_mutex. + * i_size_read because we hold inode lock. */ if (pos + len > inode->i_size) ext4_truncate_failed_write(inode); if (ret == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) - goto retry_journal; - - put_page(page); + goto retry; return ret; } @@ -3175,8 +3129,6 @@ static int ext4_da_write_end(struct file *file, struct page *page, void *fsdata) { struct inode *inode = mapping->host; - int ret; - handle_t *handle = ext4_journal_current_handle(); loff_t new_i_size; unsigned long start, end; int write_mode = (int)(unsigned long)fsdata; @@ -3215,9 +3167,7 @@ static int ext4_da_write_end(struct file *file, ext4_da_should_update_i_disksize(page, end)) ext4_update_i_disksize(inode, new_i_size); - copied = generic_write_end(file, mapping, pos, len, copied, page, fsdata); - ret = ext4_journal_stop(handle); - return ret ? ret : copied; + return generic_write_end(file, mapping, pos, len, copied, page, fsdata); } static void ext4_da_invalidatepage(struct page *page, unsigned int offset, -- 2.43.4

9 months, 2 weeks

1
0
0 0

[PATCH 2/4] ext4: correct the error path of ext4_write_inline_data_end()

by WangYuli

From: Zhang Yi <yi.zhang(a)huawei.com> Current error path of ext4_write_inline_data_end() is not correct. Firstly, it should pass out the error value if ext4_get_inode_loc() return fail, or else it could trigger infinite loop if we inject error here. And then it's better to add inode to orphan list if it return fail in ext4_journal_stop(), otherwise we could not restore inline xattr entry after power failure. Finally, we need to reset the 'ret' value if ext4_write_inline_data_end() return success in ext4_write_end() and ext4_journalled_write_end(), otherwise we could not get the error return value of ext4_journal_stop(). Signed-off-by: Zhang Yi <yi.zhang(a)huawei.com> Reviewed-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Theodore Ts'o <tytso(a)mit.edu> Link: https://lore.kernel.org/r/20210716122024.1105856-3-yi.zhang@huawei.com Reviewed-by: Cheng Nie <niecheng1(a)uniontech.com> Signed-off-by: Dandan Zhang <zhangdandan(a)uniontech.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- fs/ext4/inline.c | 15 +++++---------- fs/ext4/inode.c | 7 +++++-- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 71bb3cfc5933..de04bd5fb551 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -745,18 +745,13 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, void *kaddr; struct ext4_iloc iloc; - if (unlikely(copied < len)) { - if (!PageUptodate(page)) { - copied = 0; - goto out; - } - } + if (unlikely(copied < len) && !PageUptodate(page)) + return 0; ret = ext4_get_inode_loc(inode, &iloc); if (ret) { ext4_std_error(inode->i_sb, ret); - copied = 0; - goto out; + return ret; } ext4_write_lock_xattr(inode, &no_expand); @@ -769,7 +764,7 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, (void) ext4_find_inline_data_nolock(inode); kaddr = kmap_atomic(page); - ext4_write_inline_data(inode, &iloc, kaddr, pos, len); + ext4_write_inline_data(inode, &iloc, kaddr, pos, copied); kunmap_atomic(kaddr); SetPageUptodate(page); /* clear page dirty so that writepages wouldn't work for us. */ @@ -778,7 +773,7 @@ int ext4_write_inline_data_end(struct inode *inode, loff_t pos, unsigned len, ext4_write_unlock_xattr(inode, &no_expand); brelse(iloc.bh); mark_inode_dirty(inode); -out: + return copied; } diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index d8a8e4ee5ff8..44a715e6aae1 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -1428,6 +1428,7 @@ static int ext4_write_end(struct file *file, goto errout; } copied = ret; + ret = 0; } else copied = block_write_end(file, mapping, pos, len, copied, page, fsdata); @@ -1450,13 +1451,14 @@ static int ext4_write_end(struct file *file, if (i_size_changed || inline_data) ext4_mark_inode_dirty(handle, inode); +errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside * inode->i_size. So truncate them */ ext4_orphan_add(handle, inode); -errout: + ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; @@ -1538,6 +1540,7 @@ static int ext4_journalled_write_end(struct file *file, goto errout; } copied = ret; + ret = 0; } else if (unlikely(copied < len) && !PageUptodate(page)) { copied = 0; ext4_journalled_zero_new_buffers(handle, page, from, to); @@ -1566,6 +1569,7 @@ static int ext4_journalled_write_end(struct file *file, ret = ret2; } +errout: if (pos + len > inode->i_size && ext4_can_truncate(inode)) /* if we have allocated more blocks and copied * less. We will have blocks allocated outside @@ -1573,7 +1577,6 @@ static int ext4_journalled_write_end(struct file *file, */ ext4_orphan_add(handle, inode); -errout: ret2 = ext4_journal_stop(handle); if (!ret) ret = ret2; -- 2.43.4

9 months, 2 weeks

1
0
0 0

[PATCH 4.19 0/4] ext4: improve delalloc buffer write performance

by WangYuli

A patchset from linux-5.15 should be backported to 4.19 that can significantly improve ext4 fs read and write performance. Unixbench test results for linux-4.19.318 on Phytium D2000 CPU are shown below. Test cmd: (Phytium D2000 only has 8 cores) ./Run fs -c 8 Before this patch set: File Copy 1024 bufsize 2000 maxblocks 1124181 File Copy 256 bufsize 500 maxblocks 281885 File Copy 4096 bufsize 8000 maxblocks 3383785 File Read 1024 bufsize 2000 maxblocks 8702173 File Read 256 bufsize 500 maxblocks 3869384 File Read 4096 bufsize 8000 maxblocks 13043151 File Write 1024 bufsize 2000 maxblocks 1107185 File Write 256 bufsize 500 maxblocks 270493 File Write 4096 bufsize 8000 maxblocks 4018084 After this patch set: File Copy 1024 bufsize 2000 maxblocks 2026206 File Copy 256 bufsize 500 maxblocks 829534 File Copy 4096 bufsize 8000 maxblocks 4066659 File Read 1024 bufsize 2000 maxblocks 8877219 File Read 256 bufsize 500 maxblocks 3997445 File Read 4096 bufsize 8000 maxblocks 13179885 File Write 1024 bufsize 2000 maxblocks 4256929 File Write 256 bufsize 500 maxblocks 1305320 File Write 4096 bufsize 8000 maxblocks 10721052 We can observe a quantum leap in the test results as a consequence of applying this patchset Link: https://lore.kernel.org/all/20210716122024.1105856-1-yi.zhang@huawei.com/ Original description: This patchset address to improve buffer write performance with delalloc. The first patch reduce the unnecessary update i_disksize, the second two patch refactor the inline data write procedure and also do some small fix, the last patch do improve by remove all unnecessary journal handle in the delalloc write procedure. After this patch set, we could get a lot of performance improvement. Below is the Unixbench comparison data test on my machine with 'Intel Xeon Gold 5120' CPU and nvme SSD backend. Test cmd: ./Run -c 56 -i 3 fstime fsbuffer fsdisk Before this patch set: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 422965.0 1068.1 File Copy 256 bufsize 500 maxblocks 1655.0 105077.0 634.9 File Copy 4096 bufsize 8000 maxblocks 5800.0 1429092.0 2464.0 ======== System Benchmarks Index Score (Partial Only) 1186.6 After this patch set: System Benchmarks Partial Index BASELINE RESULT INDEX File Copy 1024 bufsize 2000 maxblocks 3960.0 732716.0 1850.3 File Copy 256 bufsize 500 maxblocks 1655.0 184940.0 1117.5 File Copy 4096 bufsize 8000 maxblocks 5800.0 2427152.0 4184.7 ======== System Benchmarks Index Score (Partial Only) 2053.0 Zhang Yi (4): ext4: check and update i_disksize properly ext4: correct the error path of ext4_write_inline_data_end() ext4: factor out write end code of inline file ext4: drop unnecessary journal handle in delalloc write fs/ext4/ext4.h | 3 - fs/ext4/inline.c | 120 ++++++++++++++++++------------------- fs/ext4/inode.c | 150 ++++++++++++----------------------------------- 3 files changed, 99 insertions(+), 174 deletions(-) -- 2.31.1

9 months, 2 weeks

1
0
0 0

Re:

by Jackson Jikarjo

Hello, I sent you a message a few hours ago but no reply yet, or you didn't receive it? Kindly read my letter and reply back. I want to make an inquiry Thanks. Dr.Allen Cheng Human Resource Manager | Product Research Assistant FC Industrial Laboratories Ltd

9 months, 2 weeks

1
0
0 0

[PATCH] mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines

by Yang Shi

Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2… Fixes: 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") Reported-by: Yves-Alexis Perez <corsac(a)debian.org> Tested-By: Yves-Alexis Perez <corsac(a)debian.org> Cc: <stable(a)vger.kernel.org> [6.8+] Signed-off-by: Yang Shi <yang(a)os.amperecomputing.com> --- mm/huge_memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2120f7478e55..64f00aedf9af 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -857,7 +857,7 @@ static unsigned long __thp_get_unmapped_area(struct file *filp, loff_t off_align = round_up(off, size); unsigned long len_pad, ret, off_sub; - if (IS_ENABLED(CONFIG_32BIT) || in_compat_syscall()) + if (!IS_ENABLED(CONFIG_64BIT) || in_compat_syscall()) return 0; if (off_end <= off_align || (off_end - off_align) < size) -- 2.41.0

9 months, 2 weeks

4
3
0 0

[PATCH v5 3/7] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused --- arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index b62d5a2f4541..9a1e94383d6d 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +static void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

9 months, 2 weeks

2
1
0 0

[PATCH 2/7] arm64: dts: qcom: x1e80100: fix PCIe domain numbers

by Johan Hovold

The current PCIe domain numbers are off by one and do not match the numbers that the UEFI firmware (and Windows) uses. Fixes: 5eb83fc10289 ("arm64: dts: qcom: x1e80100: Add PCIe nodes") Cc: stable(a)vger.kernel.org # 6.9 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index c7aec564a318..07e00f1d1768 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -2916,7 +2916,7 @@ pcie6a: pci@1bf8000 { dma-coherent; - linux,pci-domain = <7>; + linux,pci-domain = <6>; num-lanes = <2>; interrupts = <GIC_SPI 773 IRQ_TYPE_LEVEL_HIGH>, @@ -3037,7 +3037,7 @@ pcie4: pci@1c08000 { dma-coherent; - linux,pci-domain = <5>; + linux,pci-domain = <4>; num-lanes = <2>; interrupts = <GIC_SPI 141 IRQ_TYPE_LEVEL_HIGH>, -- 2.44.2

9 months, 2 weeks

2
1
0 0

[PATCH v4 3/4] drm/vmwgfx: Fix handling of dumb buffers

by Zack Rusin

Dumb buffers can be used in kms but also through prime with gallium's resource_from_handle. In the second case the dumb buffers can be rendered by the GPU where with the regular DRM kms interfaces they are mapped and written to by the CPU. Because the same buffer can be written to by the GPU and CPU vmwgfx needs to use vmw_surface (object which properly tracks dirty state of the guest and gpu memory) instead of vmw_bo (which is just guest side memory). Furthermore the dumb buffer handles are expected to be gem objects by a lot of userspace. Make vmwgfx accept gem handles in prime and kms but internally switch to vmw_surface's to properly track the dirty state of the objects between the GPU and CPU. Fixes new kwin and kde on wayland. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: b32233acceff ("drm/vmwgfx: Fix prime import/export") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ Reviewed-by: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Reviewed-by: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmw_surface_cache.h | 10 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 127 +++--- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 40 +- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 499 +++++++++------------ drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c | 14 +- drivers/gpu/drm/vmwgfx/vmwgfx_prime.c | 32 +- drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 27 +- drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c | 33 +- drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c | 145 +++--- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 280 +++++++++++- 12 files changed, 737 insertions(+), 502 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h index b0d87c5f58d8..1ac3cb151b11 100644 --- a/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h +++ b/drivers/gpu/drm/vmwgfx/vmw_surface_cache.h @@ -1,6 +1,8 @@ +/* SPDX-License-Identifier: GPL-2.0 OR MIT */ /********************************************************** - * Copyright 2021 VMware, Inc. - * SPDX-License-Identifier: GPL-2.0 OR MIT + * + * Copyright (c) 2021-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation @@ -31,6 +33,10 @@ #include <drm/vmwgfx_drm.h> +#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) ((svga3d_flags) >> 32) +#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ + ((svga3d_flags) & ((uint64_t)U32_MAX)) + static inline u32 clamped_umul32(u32 a, u32 b) { uint64_t tmp = (uint64_t) a*b; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c index 00144632c600..f42ebc4a7c22 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.c @@ -1,8 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright © 2011-2023 VMware, Inc., Palo Alto, CA., USA - * All Rights Reserved. + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -28,15 +28,39 @@ #include "vmwgfx_bo.h" #include "vmwgfx_drv.h" - +#include "vmwgfx_resource_priv.h" #include <drm/ttm/ttm_placement.h> static void vmw_bo_release(struct vmw_bo *vbo) { + struct vmw_resource *res; + WARN_ON(vbo->tbo.base.funcs && kref_read(&vbo->tbo.base.refcount) != 0); vmw_bo_unmap(vbo); + + xa_destroy(&vbo->detached_resources); + WARN_ON(vbo->is_dumb && !vbo->dumb_surface); + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + WARN_ON(vbo != res->guest_memory_bo); + WARN_ON(!res->guest_memory_bo); + if (res->guest_memory_bo) { + /* Reserve and switch the backing mob. */ + mutex_lock(&res->dev_priv->cmdbuf_mutex); + (void)vmw_resource_reserve(res, false, true); + vmw_resource_mob_detach(res); + if (res->coherent) + vmw_bo_dirty_release(res->guest_memory_bo); + res->guest_memory_bo = NULL; + res->guest_memory_offset = 0; + vmw_resource_unreserve(res, false, false, false, NULL, + 0); + mutex_unlock(&res->dev_priv->cmdbuf_mutex); + } + vmw_surface_unreference(&vbo->dumb_surface); + } drm_gem_object_release(&vbo->tbo.base); } @@ -325,6 +349,11 @@ void vmw_bo_pin_reserved(struct vmw_bo *vbo, bool pin) * */ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) +{ + return vmw_bo_map_and_cache_size(vbo, vbo->tbo.base.size); +} + +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size) { struct ttm_buffer_object *bo = &vbo->tbo; bool not_used; @@ -335,9 +364,10 @@ void *vmw_bo_map_and_cache(struct vmw_bo *vbo) if (virtual) return virtual; - ret = ttm_bo_kmap(bo, 0, PFN_UP(bo->base.size), &vbo->map); + ret = ttm_bo_kmap(bo, 0, PFN_UP(size), &vbo->map); if (ret) - DRM_ERROR("Buffer object map failed: %d.\n", ret); + DRM_ERROR("Buffer object map failed: %d (size: bo = %zu, map = %zu).\n", + ret, bo->base.size, size); return ttm_kmap_obj_virtual(&vbo->map, &not_used); } @@ -390,6 +420,7 @@ static int vmw_bo_init(struct vmw_private *dev_priv, BUILD_BUG_ON(TTM_MAX_BO_PRIORITY <= 3); vmw_bo->tbo.priority = 3; vmw_bo->res_tree = RB_ROOT; + xa_init(&vmw_bo->detached_resources); params->size = ALIGN(params->size, PAGE_SIZE); drm_gem_private_object_init(vdev, &vmw_bo->tbo.base, params->size); @@ -654,52 +685,6 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, dma_fence_put(&fence->base); } - -/** - * vmw_dumb_create - Create a dumb kms buffer - * - * @file_priv: Pointer to a struct drm_file identifying the caller. - * @dev: Pointer to the drm device. - * @args: Pointer to a struct drm_mode_create_dumb structure - * Return: Zero on success, negative error code on failure. - * - * This is a driver callback for the core drm create_dumb functionality. - * Note that this is very similar to the vmw_bo_alloc ioctl, except - * that the arguments have a different format. - */ -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args) -{ - struct vmw_private *dev_priv = vmw_priv(dev); - struct vmw_bo *vbo; - int cpp = DIV_ROUND_UP(args->bpp, 8); - int ret; - - switch (cpp) { - case 1: /* DRM_FORMAT_C8 */ - case 2: /* DRM_FORMAT_RGB565 */ - case 4: /* DRM_FORMAT_XRGB8888 */ - break; - default: - /* - * Dumb buffers don't allow anything else. - * This is tested via IGT's dumb_buffers - */ - return -EINVAL; - } - - args->pitch = args->width * cpp; - args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); - - ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, - args->size, &args->handle, - &vbo); - /* drop reference from allocate - handle holds it now */ - drm_gem_object_put(&vbo->tbo.base); - return ret; -} - /** * vmw_bo_swap_notify - swapout notify callback. * @@ -853,3 +838,43 @@ void vmw_bo_placement_set_default_accelerated(struct vmw_bo *bo) vmw_bo_placement_set(bo, domain, domain); } + +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_store(&vbo->detached_resources, (unsigned long)res, res, GFP_KERNEL); +} + +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res) +{ + xa_erase(&vbo->detached_resources, (unsigned long)res); +} + +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo) +{ + unsigned long index; + struct vmw_resource *res = NULL; + struct vmw_surface *surf = NULL; + struct rb_node *rb_itr = vbo->res_tree.rb_node; + + if (vbo->is_dumb && vbo->dumb_surface) { + res = &vbo->dumb_surface->res; + goto out; + } + + xa_for_each(&vbo->detached_resources, index, res) { + if (res->func->res_type == vmw_res_surface) + goto out; + } + + for (rb_itr = rb_first(&vbo->res_tree); rb_itr; + rb_itr = rb_next(rb_itr)) { + res = rb_entry(rb_itr, struct vmw_resource, mob_node); + if (res->func->res_type == vmw_res_surface) + goto out; + } + +out: + if (res) + surf = vmw_res_to_srf(res); + return surf; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h index f349642e6190..62b4342d5f7c 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_bo.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2023-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -35,11 +36,13 @@ #include <linux/rbtree_types.h> #include <linux/types.h> +#include <linux/xarray.h> struct vmw_bo_dirty; struct vmw_fence_obj; struct vmw_private; struct vmw_resource; +struct vmw_surface; enum vmw_bo_domain { VMW_BO_DOMAIN_SYS = BIT(0), @@ -85,11 +88,15 @@ struct vmw_bo { struct rb_root res_tree; u32 res_prios[TTM_MAX_BO_PRIORITY]; + struct xarray detached_resources; atomic_t cpu_writers; /* Not ref-counted. Protected by binding_mutex */ struct vmw_resource *dx_query_ctx; struct vmw_bo_dirty *dirty; + + bool is_dumb; + struct vmw_surface *dumb_surface; }; void vmw_bo_placement_set(struct vmw_bo *bo, u32 domain, u32 busy_domain); @@ -124,15 +131,21 @@ void vmw_bo_fence_single(struct ttm_buffer_object *bo, struct vmw_fence_obj *fence); void *vmw_bo_map_and_cache(struct vmw_bo *vbo); +void *vmw_bo_map_and_cache_size(struct vmw_bo *vbo, size_t size); void vmw_bo_unmap(struct vmw_bo *vbo); void vmw_bo_move_notify(struct ttm_buffer_object *bo, struct ttm_resource *mem); void vmw_bo_swap_notify(struct ttm_buffer_object *bo); +void vmw_bo_add_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +void vmw_bo_del_detached_resource(struct vmw_bo *vbo, struct vmw_resource *res); +struct vmw_surface *vmw_bo_surface(struct vmw_bo *vbo); + int vmw_user_bo_lookup(struct drm_file *filp, u32 handle, struct vmw_bo **out); + /** * vmw_bo_adjust_prio - Adjust the buffer object eviction priority * according to attached resources diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h index 4ecaea0026fc..8de973549b5e 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -762,6 +763,26 @@ extern int vmw_gmr_bind(struct vmw_private *dev_priv, int gmr_id); extern void vmw_gmr_unbind(struct vmw_private *dev_priv, int gmr_id); +/** + * User handles + */ +struct vmw_user_object { + struct vmw_surface *surface; + struct vmw_bo *buffer; +}; + +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, + u32 handle, struct vmw_user_object *uo); +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo); +void vmw_user_object_unref(struct vmw_user_object *uo); +bool vmw_user_object_is_null(struct vmw_user_object *uo); +struct vmw_surface *vmw_user_object_surface(struct vmw_user_object *uo); +struct vmw_bo *vmw_user_object_buffer(struct vmw_user_object *uo); +void *vmw_user_object_map(struct vmw_user_object *uo); +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size); +void vmw_user_object_unmap(struct vmw_user_object *uo); +bool vmw_user_object_is_mapped(struct vmw_user_object *uo); + /** * Resource utilities - vmwgfx_resource.c */ @@ -776,11 +797,6 @@ extern int vmw_resource_validate(struct vmw_resource *res, bool intr, extern int vmw_resource_reserve(struct vmw_resource *res, bool interruptible, bool no_backup); extern bool vmw_resource_needs_backup(const struct vmw_resource *res); -extern int vmw_user_lookup_handle(struct vmw_private *dev_priv, - struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf); extern int vmw_user_resource_lookup_handle( struct vmw_private *dev_priv, struct ttm_object_file *tfile, @@ -1060,9 +1076,6 @@ int vmw_kms_suspend(struct drm_device *dev); int vmw_kms_resume(struct drm_device *dev); void vmw_kms_lost_device(struct drm_device *dev); -int vmw_dumb_create(struct drm_file *file_priv, - struct drm_device *dev, - struct drm_mode_create_dumb *args); extern int vmw_resource_pin(struct vmw_resource *res, bool interruptible); extern void vmw_resource_unpin(struct vmw_resource *res); extern enum vmw_res_type vmw_res_type(const struct vmw_resource *res); @@ -1179,6 +1192,15 @@ extern int vmw_gb_surface_reference_ext_ioctl(struct drm_device *dev, int vmw_gb_surface_define(struct vmw_private *dev_priv, const struct vmw_surface_metadata *req, struct vmw_surface **srf_out); +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle); +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args); /* * Shader management - vmwgfx_shader.c diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index 13b2820cae51..e8c2a04c6045 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -193,13 +194,16 @@ static u32 vmw_du_cursor_mob_size(u32 w, u32 h) */ static u32 *vmw_du_cursor_plane_acquire_image(struct vmw_plane_state *vps) { - if (vps->surf) { - if (vps->surf_mapped) - return vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - return vps->surf->snooper.image; - } else if (vps->bo) - return vmw_bo_map_and_cache(vps->bo); - return NULL; + struct vmw_surface *surf; + + if (vmw_user_object_is_null(&vps->uo)) + return NULL; + + surf = vmw_user_object_surface(&vps->uo); + if (surf && !vmw_user_object_is_mapped(&vps->uo)) + return surf->snooper.image; + + return vmw_user_object_map(&vps->uo); } static bool vmw_du_cursor_plane_has_changed(struct vmw_plane_state *old_vps, @@ -536,22 +540,16 @@ void vmw_du_primary_plane_destroy(struct drm_plane *plane) * vmw_du_plane_unpin_surf - unpins resource associated with a framebuffer surface * * @vps: plane state associated with the display surface - * @unreference: true if we also want to unreference the display. */ -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference) +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps) { - if (vps->surf) { + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); + + if (surf) { if (vps->pinned) { - vmw_resource_unpin(&vps->surf->res); + vmw_resource_unpin(&surf->res); vps->pinned--; } - - if (unreference) { - if (vps->pinned) - DRM_ERROR("Surface still pinned\n"); - vmw_surface_unreference(&vps->surf); - } } } @@ -572,7 +570,7 @@ vmw_du_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - vmw_du_plane_unpin_surf(vps, false); + vmw_du_plane_unpin_surf(vps); } @@ -661,25 +659,14 @@ vmw_du_cursor_plane_cleanup_fb(struct drm_plane *plane, struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } + if (!vmw_user_object_is_null(&vps->uo)) + vmw_user_object_unmap(&vps->uo); vmw_du_cursor_plane_unmap_cm(vps); vmw_du_put_cursor_mob(vcp, vps); - vmw_du_plane_unpin_surf(vps, false); - - if (vps->surf) { - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; - } + vmw_du_plane_unpin_surf(vps); + vmw_user_object_unref(&vps->uo); } @@ -698,64 +685,48 @@ vmw_du_cursor_plane_prepare_fb(struct drm_plane *plane, struct drm_framebuffer *fb = new_state->fb; struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); + struct vmw_bo *bo = NULL; int ret = 0; - if (vps->surf) { - if (vps->surf_mapped) { - vmw_bo_unmap(vps->surf->res.guest_memory_bo); - vps->surf_mapped = false; - } - vmw_surface_unreference(&vps->surf); - vps->surf = NULL; - } - - if (vps->bo) { - vmw_bo_unreference(&vps->bo); - vps->bo = NULL; + if (!vmw_user_object_is_null(&vps->uo)) { + vmw_user_object_unmap(&vps->uo); + vmw_user_object_unref(&vps->uo); } if (fb) { if (vmw_framebuffer_to_vfb(fb)->bo) { - vps->bo = vmw_framebuffer_to_vfbd(fb)->buffer; - vmw_bo_reference(vps->bo); + vps->uo.buffer = vmw_framebuffer_to_vfbd(fb)->buffer; + vps->uo.surface = NULL; } else { - vps->surf = vmw_framebuffer_to_vfbs(fb)->surface; - vmw_surface_reference(vps->surf); + memcpy(&vps->uo, &vmw_framebuffer_to_vfbs(fb)->uo, sizeof(vps->uo)); } + vmw_user_object_ref(&vps->uo); } - if (!vps->surf && vps->bo) { - const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { + struct ttm_operation_ctx ctx = {false, false}; - /* - * Not using vmw_bo_map_and_cache() helper here as we need to - * reserve the ttm_buffer_object first which - * vmw_bo_map_and_cache() omits. - */ - ret = ttm_bo_reserve(&vps->bo->tbo, true, false, NULL); - - if (unlikely(ret != 0)) + ret = ttm_bo_reserve(&bo->tbo, true, false, NULL); + if (ret != 0) return -ENOMEM; - ret = ttm_bo_kmap(&vps->bo->tbo, 0, PFN_UP(size), &vps->bo->map); - - ttm_bo_unreserve(&vps->bo->tbo); - - if (unlikely(ret != 0)) + ret = ttm_bo_validate(&bo->tbo, &bo->placement, &ctx); + if (ret != 0) return -ENOMEM; - } else if (vps->surf && !vps->bo && vps->surf->res.guest_memory_bo) { - WARN_ON(vps->surf->snooper.image); - ret = ttm_bo_reserve(&vps->surf->res.guest_memory_bo->tbo, true, false, - NULL); - if (unlikely(ret != 0)) - return -ENOMEM; - vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo); - ttm_bo_unreserve(&vps->surf->res.guest_memory_bo->tbo); - vps->surf_mapped = true; + vmw_bo_pin_reserved(bo, true); + if (vmw_framebuffer_to_vfb(fb)->bo) { + const u32 size = new_state->crtc_w * new_state->crtc_h * sizeof(u32); + + (void)vmw_bo_map_and_cache_size(bo, size); + } else { + vmw_bo_map_and_cache(bo); + } + ttm_bo_unreserve(&bo->tbo); } - if (vps->surf || vps->bo) { + if (!vmw_user_object_is_null(&vps->uo)) { vmw_du_get_cursor_mob(vcp, vps); vmw_du_cursor_plane_map_cm(vps); } @@ -777,14 +748,17 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, struct vmw_display_unit *du = vmw_crtc_to_du(crtc); struct vmw_plane_state *vps = vmw_plane_state_to_vps(new_state); struct vmw_plane_state *old_vps = vmw_plane_state_to_vps(old_state); + struct vmw_bo *old_bo = NULL; + struct vmw_bo *new_bo = NULL; s32 hotspot_x, hotspot_y; + int ret; hotspot_x = du->hotspot_x + new_state->hotspot_x; hotspot_y = du->hotspot_y + new_state->hotspot_y; - du->cursor_surface = vps->surf; + du->cursor_surface = vmw_user_object_surface(&vps->uo); - if (!vps->surf && !vps->bo) { + if (vmw_user_object_is_null(&vps->uo)) { vmw_cursor_update_position(dev_priv, false, 0, 0); return; } @@ -792,10 +766,26 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, vps->cursor.hotspot_x = hotspot_x; vps->cursor.hotspot_y = hotspot_y; - if (vps->surf) { + if (du->cursor_surface) du->cursor_age = du->cursor_surface->snooper.age; + + if (!vmw_user_object_is_null(&old_vps->uo)) { + old_bo = vmw_user_object_buffer(&old_vps->uo); + ret = ttm_bo_reserve(&old_bo->tbo, false, false, NULL); + if (ret != 0) + return; } + if (!vmw_user_object_is_null(&vps->uo)) { + new_bo = vmw_user_object_buffer(&vps->uo); + if (old_bo != new_bo) { + ret = ttm_bo_reserve(&new_bo->tbo, false, false, NULL); + if (ret != 0) + return; + } else { + new_bo = NULL; + } + } if (!vmw_du_cursor_plane_has_changed(old_vps, vps)) { /* * If it hasn't changed, avoid making the device do extra @@ -813,6 +803,11 @@ vmw_du_cursor_plane_atomic_update(struct drm_plane *plane, hotspot_x, hotspot_y); } + if (old_bo) + ttm_bo_unreserve(&old_bo->tbo); + if (new_bo) + ttm_bo_unreserve(&new_bo->tbo); + du->cursor_x = new_state->crtc_x + du->set_gui_x; du->cursor_y = new_state->crtc_y + du->set_gui_y; @@ -913,7 +908,7 @@ int vmw_du_cursor_plane_atomic_check(struct drm_plane *plane, } if (!vmw_framebuffer_to_vfb(fb)->bo) { - surface = vmw_framebuffer_to_vfbs(fb)->surface; + surface = vmw_user_object_surface(&vmw_framebuffer_to_vfbs(fb)->uo); WARN_ON(!surface); @@ -1074,12 +1069,7 @@ vmw_du_plane_duplicate_state(struct drm_plane *plane) memset(&vps->cursor, 0, sizeof(vps->cursor)); /* Each ref counted resource needs to be acquired again */ - if (vps->surf) - (void) vmw_surface_reference(vps->surf); - - if (vps->bo) - (void) vmw_bo_reference(vps->bo); - + vmw_user_object_ref(&vps->uo); state = &vps->base; __drm_atomic_helper_plane_duplicate_state(plane, state); @@ -1128,11 +1118,7 @@ vmw_du_plane_destroy_state(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(state); /* Should have been freed by cleanup_fb */ - if (vps->surf) - vmw_surface_unreference(&vps->surf); - - if (vps->bo) - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); drm_atomic_helper_plane_destroy_state(plane, state); } @@ -1227,7 +1213,7 @@ static void vmw_framebuffer_surface_destroy(struct drm_framebuffer *framebuffer) vmw_framebuffer_to_vfbs(framebuffer); drm_framebuffer_cleanup(framebuffer); - vmw_surface_unreference(&vfbs->surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); } @@ -1272,29 +1258,41 @@ int vmw_kms_readback(struct vmw_private *dev_priv, return -ENOSYS; } +static int vmw_framebuffer_surface_create_handle(struct drm_framebuffer *fb, + struct drm_file *file_priv, + unsigned int *handle) +{ + struct vmw_framebuffer_surface *vfbs = vmw_framebuffer_to_vfbs(fb); + struct vmw_bo *bo = vmw_user_object_buffer(&vfbs->uo); + + return drm_gem_handle_create(file_priv, &bo->tbo.base, handle); +} static const struct drm_framebuffer_funcs vmw_framebuffer_surface_funcs = { + .create_handle = vmw_framebuffer_surface_create_handle, .destroy = vmw_framebuffer_surface_destroy, .dirty = drm_atomic_helper_dirtyfb, }; static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, - struct vmw_surface *surface, + struct vmw_user_object *uo, struct vmw_framebuffer **out, const struct drm_mode_fb_cmd2 - *mode_cmd, - bool is_bo_proxy) + *mode_cmd) { struct drm_device *dev = &dev_priv->drm; struct vmw_framebuffer_surface *vfbs; enum SVGA3dSurfaceFormat format; + struct vmw_surface *surface; int ret; /* 3D is only supported on HWv8 and newer hosts */ if (dev_priv->active_display_unit == vmw_du_legacy) return -ENOSYS; + surface = vmw_user_object_surface(uo); + /* * Sanity checks. */ @@ -1357,8 +1355,8 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, } drm_helper_mode_fill_fb_struct(dev, &vfbs->base.base, mode_cmd); - vfbs->surface = vmw_surface_reference(surface); - vfbs->is_bo_proxy = is_bo_proxy; + memcpy(&vfbs->uo, uo, sizeof(vfbs->uo)); + vmw_user_object_ref(&vfbs->uo); *out = &vfbs->base; @@ -1370,7 +1368,7 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, return 0; out_err2: - vmw_surface_unreference(&surface); + vmw_user_object_unref(&vfbs->uo); kfree(vfbs); out_err1: return ret; @@ -1386,7 +1384,6 @@ static int vmw_framebuffer_bo_create_handle(struct drm_framebuffer *fb, { struct vmw_framebuffer_bo *vfbd = vmw_framebuffer_to_vfbd(fb); - return drm_gem_handle_create(file_priv, &vfbd->buffer->tbo.base, handle); } @@ -1407,86 +1404,6 @@ static const struct drm_framebuffer_funcs vmw_framebuffer_bo_funcs = { .dirty = drm_atomic_helper_dirtyfb, }; -/** - * vmw_create_bo_proxy - create a proxy surface for the buffer object - * - * @dev: DRM device - * @mode_cmd: parameters for the new surface - * @bo_mob: MOB backing the buffer object - * @srf_out: newly created surface - * - * When the content FB is a buffer object, we create a surface as a proxy to the - * same buffer. This way we can do a surface copy rather than a surface DMA. - * This is a more efficient approach - * - * RETURNS: - * 0 on success, error code otherwise - */ -static int vmw_create_bo_proxy(struct drm_device *dev, - const struct drm_mode_fb_cmd2 *mode_cmd, - struct vmw_bo *bo_mob, - struct vmw_surface **srf_out) -{ - struct vmw_surface_metadata metadata = {0}; - uint32_t format; - struct vmw_resource *res; - unsigned int bytes_pp; - int ret; - - switch (mode_cmd->pixel_format) { - case DRM_FORMAT_ARGB8888: - case DRM_FORMAT_XRGB8888: - format = SVGA3D_X8R8G8B8; - bytes_pp = 4; - break; - - case DRM_FORMAT_RGB565: - case DRM_FORMAT_XRGB1555: - format = SVGA3D_R5G6B5; - bytes_pp = 2; - break; - - case 8: - format = SVGA3D_P8; - bytes_pp = 1; - break; - - default: - DRM_ERROR("Invalid framebuffer format %p4cc\n", - &mode_cmd->pixel_format); - return -EINVAL; - } - - metadata.format = format; - metadata.mip_levels[0] = 1; - metadata.num_sizes = 1; - metadata.base_size.width = mode_cmd->pitches[0] / bytes_pp; - metadata.base_size.height = mode_cmd->height; - metadata.base_size.depth = 1; - metadata.scanout = true; - - ret = vmw_gb_surface_define(vmw_priv(dev), &metadata, srf_out); - if (ret) { - DRM_ERROR("Failed to allocate proxy content buffer\n"); - return ret; - } - - res = &(*srf_out)->res; - - /* Reserve and switch the backing mob. */ - mutex_lock(&res->dev_priv->cmdbuf_mutex); - (void) vmw_resource_reserve(res, false, true); - vmw_user_bo_unref(&res->guest_memory_bo); - res->guest_memory_bo = vmw_user_bo_ref(bo_mob); - res->guest_memory_offset = 0; - vmw_resource_unreserve(res, false, false, false, NULL, 0); - mutex_unlock(&res->dev_priv->cmdbuf_mutex); - - return 0; -} - - - static int vmw_kms_new_framebuffer_bo(struct vmw_private *dev_priv, struct vmw_bo *bo, struct vmw_framebuffer **out, @@ -1565,55 +1482,24 @@ vmw_kms_srf_ok(struct vmw_private *dev_priv, uint32_t width, uint32_t height) * vmw_kms_new_framebuffer - Create a new framebuffer. * * @dev_priv: Pointer to device private struct. - * @bo: Pointer to buffer object to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @surface: Pointer to a surface to wrap the kms framebuffer around. - * Either @bo or @surface must be NULL. - * @only_2d: No presents will occur to this buffer object based framebuffer. - * This helps the code to do some important optimizations. + * @uo: Pointer to user object to wrap the kms framebuffer around. + * Either the buffer or surface inside the user object must be NULL. * @mode_cmd: Frame-buffer metadata. */ struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd) { struct vmw_framebuffer *vfb = NULL; - bool is_bo_proxy = false; int ret; - /* - * We cannot use the SurfaceDMA command in an non-accelerated VM, - * therefore, wrap the buffer object in a surface so we can use the - * SurfaceCopy command. - */ - if (vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height) && - bo && only_2d && - mode_cmd->width > 64 && /* Don't create a proxy for cursor */ - dev_priv->active_display_unit == vmw_du_screen_target) { - ret = vmw_create_bo_proxy(&dev_priv->drm, mode_cmd, - bo, &surface); - if (ret) - return ERR_PTR(ret); - - is_bo_proxy = true; - } - /* Create the new framebuffer depending one what we have */ - if (surface) { - ret = vmw_kms_new_framebuffer_surface(dev_priv, surface, &vfb, - mode_cmd, - is_bo_proxy); - /* - * vmw_create_bo_proxy() adds a reference that is no longer - * needed - */ - if (is_bo_proxy) - vmw_surface_unreference(&surface); - } else if (bo) { - ret = vmw_kms_new_framebuffer_bo(dev_priv, bo, &vfb, + if (vmw_user_object_surface(uo)) { + ret = vmw_kms_new_framebuffer_surface(dev_priv, uo, &vfb, + mode_cmd); + } else if (uo->buffer) { + ret = vmw_kms_new_framebuffer_bo(dev_priv, uo->buffer, &vfb, mode_cmd); } else { BUG(); @@ -1635,14 +1521,12 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, { struct vmw_private *dev_priv = vmw_priv(dev); struct vmw_framebuffer *vfb = NULL; - struct vmw_surface *surface = NULL; - struct vmw_bo *bo = NULL; + struct vmw_user_object uo = {0}; int ret; /* returns either a bo or surface */ - ret = vmw_user_lookup_handle(dev_priv, file_priv, - mode_cmd->handles[0], - &surface, &bo); + ret = vmw_user_object_lookup(dev_priv, file_priv, mode_cmd->handles[0], + &uo); if (ret) { DRM_ERROR("Invalid buffer object handle %u (0x%x).\n", mode_cmd->handles[0], mode_cmd->handles[0]); @@ -1650,7 +1534,7 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - if (!bo && + if (vmw_user_object_surface(&uo) && !vmw_kms_srf_ok(dev_priv, mode_cmd->width, mode_cmd->height)) { DRM_ERROR("Surface size cannot exceed %dx%d\n", dev_priv->texture_max_width, @@ -1659,20 +1543,15 @@ static struct drm_framebuffer *vmw_kms_fb_create(struct drm_device *dev, } - vfb = vmw_kms_new_framebuffer(dev_priv, bo, surface, - !(dev_priv->capabilities & SVGA_CAP_3D), - mode_cmd); + vfb = vmw_kms_new_framebuffer(dev_priv, &uo, mode_cmd); if (IS_ERR(vfb)) { ret = PTR_ERR(vfb); goto err_out; } err_out: - /* vmw_user_lookup_handle takes one ref so does new_fb */ - if (bo) - vmw_user_bo_unref(&bo); - if (surface) - vmw_surface_unreference(&surface); + /* vmw_user_object_lookup takes one ref so does new_fb */ + vmw_user_object_unref(&uo); if (ret) { DRM_ERROR("failed to create vmw_framebuffer: %i\n", ret); @@ -2585,72 +2464,6 @@ void vmw_kms_helper_validation_finish(struct vmw_private *dev_priv, vmw_fence_obj_unreference(&fence); } -/** - * vmw_kms_update_proxy - Helper function to update a proxy surface from - * its backing MOB. - * - * @res: Pointer to the surface resource - * @clips: Clip rects in framebuffer (surface) space. - * @num_clips: Number of clips in @clips. - * @increment: Integer with which to increment the clip counter when looping. - * Used to skip a predetermined number of clip rects. - * - * This function makes sure the proxy surface is updated from its backing MOB - * using the region given by @clips. The surface resource @res and its backing - * MOB needs to be reserved and validated on call. - */ -int vmw_kms_update_proxy(struct vmw_resource *res, - const struct drm_clip_rect *clips, - unsigned num_clips, - int increment) -{ - struct vmw_private *dev_priv = res->dev_priv; - struct drm_vmw_size *size = &vmw_res_to_srf(res)->metadata.base_size; - struct { - SVGA3dCmdHeader header; - SVGA3dCmdUpdateGBImage body; - } *cmd; - SVGA3dBox *box; - size_t copy_size = 0; - int i; - - if (!clips) - return 0; - - cmd = VMW_CMD_RESERVE(dev_priv, sizeof(*cmd) * num_clips); - if (!cmd) - return -ENOMEM; - - for (i = 0; i < num_clips; ++i, clips += increment, ++cmd) { - box = &cmd->body.box; - - cmd->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd->header.size = sizeof(cmd->body); - cmd->body.image.sid = res->id; - cmd->body.image.face = 0; - cmd->body.image.mipmap = 0; - - if (clips->x1 > size->width || clips->x2 > size->width || - clips->y1 > size->height || clips->y2 > size->height) { - DRM_ERROR("Invalid clips outsize of framebuffer.\n"); - return -EINVAL; - } - - box->x = clips->x1; - box->y = clips->y1; - box->z = 0; - box->w = clips->x2 - clips->x1; - box->h = clips->y2 - clips->y1; - box->d = 1; - - copy_size += sizeof(*cmd); - } - - vmw_cmd_commit(dev_priv, copy_size); - - return 0; -} - /** * vmw_kms_create_implicit_placement_property - Set up the implicit placement * property. @@ -2785,8 +2598,9 @@ int vmw_du_helper_plane_update(struct vmw_du_update_plane *update) } else { struct vmw_framebuffer_surface *vfbs = container_of(update->vfb, typeof(*vfbs), base); + struct vmw_surface *surf = vmw_user_object_surface(&vfbs->uo); - ret = vmw_validation_add_resource(&val_ctx, &vfbs->surface->res, + ret = vmw_validation_add_resource(&val_ctx, &surf->res, 0, VMW_RES_DIRTY_NONE, NULL, NULL); } @@ -2949,3 +2763,90 @@ int vmw_connector_get_modes(struct drm_connector *connector) return num_modes; } + +struct vmw_user_object *vmw_user_object_ref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_ref(uo->buffer); + else if (uo->surface) + vmw_surface_reference(uo->surface); + return uo; +} + +void vmw_user_object_unref(struct vmw_user_object *uo) +{ + if (uo->buffer) + vmw_user_bo_unref(&uo->buffer); + else if (uo->surface) + vmw_surface_unreference(&uo->surface); +} + +struct vmw_bo * +vmw_user_object_buffer(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer; + else if (uo->surface) + return uo->surface->res.guest_memory_bo; + return NULL; +} + +struct vmw_surface * +vmw_user_object_surface(struct vmw_user_object *uo) +{ + if (uo->buffer) + return uo->buffer->dumb_surface; + return uo->surface; +} + +void *vmw_user_object_map(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache(bo); +} + +void *vmw_user_object_map_size(struct vmw_user_object *uo, size_t size) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + + WARN_ON(!bo); + return vmw_bo_map_and_cache_size(bo, size); +} + +void vmw_user_object_unmap(struct vmw_user_object *uo) +{ + struct vmw_bo *bo = vmw_user_object_buffer(uo); + int ret; + + WARN_ON(!bo); + + /* Fence the mob creation so we are guarateed to have the mob */ + ret = ttm_bo_reserve(&bo->tbo, false, false, NULL); + if (ret != 0) + return; + + vmw_bo_unmap(bo); + vmw_bo_pin_reserved(bo, false); + + ttm_bo_unreserve(&bo->tbo); +} + +bool vmw_user_object_is_mapped(struct vmw_user_object *uo) +{ + struct vmw_bo *bo; + + if (!uo || vmw_user_object_is_null(uo)) + return false; + + bo = vmw_user_object_buffer(uo); + WARN_ON(!bo); + + return (bo && bo->map.bo); +} + +bool vmw_user_object_is_null(struct vmw_user_object *uo) +{ + return !uo->buffer && !uo->surface; +} diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h index bf24f2f0dcfc..6141fadf81ef 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.h @@ -1,7 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 OR MIT */ /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -221,11 +222,9 @@ struct vmw_framebuffer { struct vmw_framebuffer_surface { struct vmw_framebuffer base; - struct vmw_surface *surface; - bool is_bo_proxy; /* true if this is proxy surface for DMA buf */ + struct vmw_user_object uo; }; - struct vmw_framebuffer_bo { struct vmw_framebuffer base; struct vmw_bo *buffer; @@ -277,8 +276,7 @@ struct vmw_cursor_plane_state { */ struct vmw_plane_state { struct drm_plane_state base; - struct vmw_surface *surf; - struct vmw_bo *bo; + struct vmw_user_object uo; int content_fb_type; unsigned long bo_size; @@ -457,9 +455,7 @@ int vmw_kms_readback(struct vmw_private *dev_priv, uint32_t num_clips); struct vmw_framebuffer * vmw_kms_new_framebuffer(struct vmw_private *dev_priv, - struct vmw_bo *bo, - struct vmw_surface *surface, - bool only_2d, + struct vmw_user_object *uo, const struct drm_mode_fb_cmd2 *mode_cmd); void vmw_guess_mode_timing(struct drm_display_mode *mode); void vmw_kms_update_implicit_fb(struct vmw_private *dev_priv); @@ -486,8 +482,7 @@ void vmw_du_plane_reset(struct drm_plane *plane); struct drm_plane_state *vmw_du_plane_duplicate_state(struct drm_plane *plane); void vmw_du_plane_destroy_state(struct drm_plane *plane, struct drm_plane_state *state); -void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps, - bool unreference); +void vmw_du_plane_unpin_surf(struct vmw_plane_state *vps); int vmw_du_crtc_atomic_check(struct drm_crtc *crtc, struct drm_atomic_state *state); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c index 5befc2719a49..39949e0a493f 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ldu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -147,8 +148,9 @@ static int vmw_ldu_fb_pin(struct vmw_framebuffer *vfb) struct vmw_bo *buf; int ret; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); if (!buf) return 0; @@ -169,8 +171,10 @@ static int vmw_ldu_fb_unpin(struct vmw_framebuffer *vfb) struct vmw_private *dev_priv = vmw_priv(vfb->base.dev); struct vmw_bo *buf; - buf = vfb->bo ? vmw_framebuffer_to_vfbd(&vfb->base)->buffer : - vmw_framebuffer_to_vfbs(&vfb->base)->surface->res.guest_memory_bo; + buf = vfb->bo ? + vmw_framebuffer_to_vfbd(&vfb->base)->buffer : + vmw_user_object_buffer(&vmw_framebuffer_to_vfbs(&vfb->base)->uo); + if (WARN_ON(!buf)) return 0; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c index c99cad444991..598b90ac7590 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_prime.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2013 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2013-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -31,6 +32,7 @@ */ #include "vmwgfx_drv.h" +#include "vmwgfx_bo.h" #include "ttm_object.h" #include <linux/dma-buf.h> @@ -88,13 +90,35 @@ int vmw_prime_handle_to_fd(struct drm_device *dev, uint32_t handle, uint32_t flags, int *prime_fd) { + struct vmw_private *vmw = vmw_priv(dev); struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo; int ret; + int surf_handle; - if (handle > VMWGFX_NUM_MOB) + if (handle > VMWGFX_NUM_MOB) { ret = ttm_prime_handle_to_fd(tfile, handle, flags, prime_fd); - else - ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, flags, prime_fd); + } else { + ret = vmw_user_bo_lookup(file_priv, handle, &vbo); + if (ret) + return ret; + if (vbo && vbo->is_dumb) { + ret = drm_gem_prime_handle_to_fd(dev, file_priv, handle, + flags, prime_fd); + } else { + surf_handle = vmw_lookup_surface_handle_for_buffer(vmw, + vbo, + handle); + if (surf_handle > 0) + ret = ttm_prime_handle_to_fd(tfile, surf_handle, + flags, prime_fd); + else + ret = drm_gem_prime_handle_to_fd(dev, file_priv, + handle, flags, + prime_fd); + } + vmw_user_bo_unref(&vbo); + } return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c index 848dba09981b..a73af8a355fb 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_resource.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -58,6 +59,7 @@ void vmw_resource_mob_attach(struct vmw_resource *res) rb_link_node(&res->mob_node, parent, new); rb_insert_color(&res->mob_node, &gbo->res_tree); + vmw_bo_del_detached_resource(gbo, res); vmw_bo_prio_add(gbo, res->used_prio); } @@ -287,28 +289,35 @@ int vmw_user_resource_lookup_handle(struct vmw_private *dev_priv, * * The pointer this pointed at by out_surf and out_buf needs to be null. */ -int vmw_user_lookup_handle(struct vmw_private *dev_priv, +int vmw_user_object_lookup(struct vmw_private *dev_priv, struct drm_file *filp, - uint32_t handle, - struct vmw_surface **out_surf, - struct vmw_bo **out_buf) + u32 handle, + struct vmw_user_object *uo) { struct ttm_object_file *tfile = vmw_fpriv(filp)->tfile; struct vmw_resource *res; int ret; - BUG_ON(*out_surf || *out_buf); + WARN_ON(uo->surface || uo->buffer); ret = vmw_user_resource_lookup_handle(dev_priv, tfile, handle, user_surface_converter, &res); if (!ret) { - *out_surf = vmw_res_to_srf(res); + uo->surface = vmw_res_to_srf(res); return 0; } - *out_surf = NULL; - ret = vmw_user_bo_lookup(filp, handle, out_buf); + uo->surface = NULL; + ret = vmw_user_bo_lookup(filp, handle, &uo->buffer); + if (!ret && !uo->buffer->is_dumb) { + uo->surface = vmw_lookup_surface_for_buffer(dev_priv, + uo->buffer, + handle); + if (uo->surface) + vmw_user_bo_unref(&uo->buffer); + } + return ret; } diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c index df0039a8ef29..0f4bfd98480a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_scrn.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2011-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2011-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -240,7 +241,7 @@ static void vmw_sou_crtc_mode_set_nofb(struct drm_crtc *crtc) struct vmw_connector_state *vmw_conn_state; int x, y; - sou->buffer = vps->bo; + sou->buffer = vmw_user_object_buffer(&vps->uo); conn_state = sou->base.connector.state; vmw_conn_state = vmw_connector_state_to_vcs(conn_state); @@ -376,10 +377,11 @@ vmw_sou_primary_plane_cleanup_fb(struct drm_plane *plane, struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); struct drm_crtc *crtc = plane->state->crtc ? plane->state->crtc : old_state->crtc; + struct vmw_bo *bo = vmw_user_object_buffer(&vps->uo); - if (vps->bo) - vmw_bo_unpin(vmw_priv(crtc->dev), vps->bo, false); - vmw_bo_unreference(&vps->bo); + if (bo) + vmw_bo_unpin(vmw_priv(crtc->dev), bo, false); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; vmw_du_plane_cleanup_fb(plane, old_state); @@ -411,9 +413,10 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, .bo_type = ttm_bo_type_device, .pin = true }; + struct vmw_bo *bo = NULL; if (!new_fb) { - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; return 0; @@ -422,17 +425,17 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, bo_params.size = new_state->crtc_w * new_state->crtc_h * 4; dev_priv = vmw_priv(crtc->dev); - if (vps->bo) { + bo = vmw_user_object_buffer(&vps->uo); + if (bo) { if (vps->bo_size == bo_params.size) { /* * Note that this might temporarily up the pin-count * to 2, until cleanup_fb() is called. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, - true); + return vmw_bo_pin_in_vram(dev_priv, bo, true); } - vmw_bo_unreference(&vps->bo); + vmw_user_object_unref(&vps->uo); vps->bo_size = 0; } @@ -442,7 +445,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * resume the overlays, this is preferred to failing to alloc. */ vmw_overlay_pause_all(dev_priv); - ret = vmw_bo_create(dev_priv, &bo_params, &vps->bo); + ret = vmw_gem_object_create(dev_priv, &bo_params, &vps->uo.buffer); vmw_overlay_resume_all(dev_priv); if (ret) return ret; @@ -453,7 +456,7 @@ vmw_sou_primary_plane_prepare_fb(struct drm_plane *plane, * TTM already thinks the buffer is pinned, but make sure the * pin_count is upped. */ - return vmw_bo_pin_in_vram(dev_priv, vps->bo, true); + return vmw_bo_pin_in_vram(dev_priv, vps->uo.buffer, true); } static uint32_t vmw_sou_bo_fifo_size(struct vmw_du_update_plane *update, @@ -580,6 +583,7 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, { struct vmw_kms_sou_dirty_cmd *blit = cmd; struct vmw_framebuffer_surface *vfbs; + struct vmw_surface *surf = NULL; vfbs = container_of(update->vfb, typeof(*vfbs), base); @@ -587,7 +591,8 @@ static uint32_t vmw_sou_surface_pre_clip(struct vmw_du_update_plane *update, blit->header.size = sizeof(blit->body) + sizeof(SVGASignedRect) * num_hits; - blit->body.srcImage.sid = vfbs->surface->res.id; + surf = vmw_user_object_surface(&vfbs->uo); + blit->body.srcImage.sid = surf->res.id; blit->body.destScreenId = update->du->unit; /* Update the source and destination bounding box later in post_clip */ @@ -1104,7 +1109,7 @@ int vmw_kms_sou_do_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c index 2041c4d48daa..398a4ad0dbf0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_stdu.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /****************************************************************************** * - * COPYRIGHT (C) 2014-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2014-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -29,6 +30,7 @@ #include "vmwgfx_kms.h" #include "vmwgfx_vkms.h" #include "vmw_surface_cache.h" +#include <linux/fsnotify.h> #include <drm/drm_atomic.h> #include <drm/drm_atomic_helper.h> @@ -723,7 +725,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, int ret; if (!srf) - srf = &vfbs->surface->res; + srf = &vmw_user_object_surface(&vfbs->uo)->res; ret = vmw_validation_add_resource(&val_ctx, srf, 0, VMW_RES_DIRTY_NONE, NULL, NULL); @@ -734,12 +736,6 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, if (ret) goto out_unref; - if (vfbs->is_bo_proxy) { - ret = vmw_kms_update_proxy(srf, clips, num_clips, inc); - if (ret) - goto out_finish; - } - sdirty.base.fifo_commit = vmw_kms_stdu_surface_fifo_commit; sdirty.base.clip = vmw_kms_stdu_surface_clip; sdirty.base.fifo_reserve_size = sizeof(struct vmw_stdu_surface_copy) + @@ -753,7 +749,7 @@ int vmw_kms_stdu_surface_dirty(struct vmw_private *dev_priv, ret = vmw_kms_helper_dirty(dev_priv, framebuffer, clips, vclips, dest_x, dest_y, num_clips, inc, &sdirty.base); -out_finish: + vmw_kms_helper_validation_finish(dev_priv, NULL, &val_ctx, out_fence, NULL); @@ -872,9 +868,8 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, { struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state); - if (vps->surf) + if (vmw_user_object_surface(&vps->uo)) WARN_ON(!vps->pinned); - vmw_du_plane_cleanup_fb(plane, old_state); vps->content_fb_type = SAME_AS_DISPLAY; @@ -882,7 +877,6 @@ vmw_stdu_primary_plane_cleanup_fb(struct drm_plane *plane, } - /** * vmw_stdu_primary_plane_prepare_fb - Readies the display surface * @@ -906,13 +900,15 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, enum stdu_content_type new_content_type; struct vmw_framebuffer_surface *new_vfbs; uint32_t hdisplay = new_state->crtc_w, vdisplay = new_state->crtc_h; + struct drm_plane_state *old_state = plane->state; + struct drm_rect rect; int ret; /* No FB to prepare */ if (!new_fb) { - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } return 0; @@ -922,8 +918,8 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, new_vfbs = (vfb->bo) ? NULL : vmw_framebuffer_to_vfbs(new_fb); if (new_vfbs && - new_vfbs->surface->metadata.base_size.width == hdisplay && - new_vfbs->surface->metadata.base_size.height == vdisplay) + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.width == hdisplay && + vmw_user_object_surface(&new_vfbs->uo)->metadata.base_size.height == vdisplay) new_content_type = SAME_AS_DISPLAY; else if (vfb->bo) new_content_type = SEPARATE_BO; @@ -961,29 +957,29 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, metadata.num_sizes = 1; metadata.scanout = true; } else { - metadata = new_vfbs->surface->metadata; + metadata = vmw_user_object_surface(&new_vfbs->uo)->metadata; } metadata.base_size.width = hdisplay; metadata.base_size.height = vdisplay; metadata.base_size.depth = 1; - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { struct drm_vmw_size cur_base_size = - vps->surf->metadata.base_size; + vmw_user_object_surface(&vps->uo)->metadata.base_size; if (cur_base_size.width != metadata.base_size.width || cur_base_size.height != metadata.base_size.height || - vps->surf->metadata.format != metadata.format) { + vmw_user_object_surface(&vps->uo)->metadata.format != metadata.format) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } } - if (!vps->surf) { + if (!vmw_user_object_surface(&vps->uo)) { ret = vmw_gb_surface_define(dev_priv, &metadata, - &vps->surf); + &vps->uo.surface); if (ret != 0) { DRM_ERROR("Couldn't allocate STDU surface.\n"); return ret; @@ -996,18 +992,19 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, * The only time we add a reference in prepare_fb is if the * state object doesn't have a reference to begin with */ - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { WARN_ON(vps->pinned != 0); - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); } - vps->surf = vmw_surface_reference(new_vfbs->surface); + memcpy(&vps->uo, &new_vfbs->uo, sizeof(vps->uo)); + vmw_user_object_ref(&vps->uo); } - if (vps->surf) { + if (vmw_user_object_surface(&vps->uo)) { /* Pin new surface before flipping */ - ret = vmw_resource_pin(&vps->surf->res, false); + ret = vmw_resource_pin(&vmw_user_object_surface(&vps->uo)->res, false); if (ret) goto out_srf_unref; @@ -1016,6 +1013,34 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, vps->content_fb_type = new_content_type; + /* + * The drm fb code will do blit's via the vmap interface, which doesn't + * trigger vmw_bo page dirty tracking due to being kernel side (and thus + * doesn't require mmap'ing) so we have to update the surface's dirty + * regions by hand but we want to be careful to not overwrite the + * resource if it has been written to by the gpu (res_dirty). + */ + if (vps->uo.buffer && vps->uo.buffer->is_dumb) { + struct vmw_surface *surf = vmw_user_object_surface(&vps->uo); + struct vmw_resource *res = &surf->res; + + if (!res->res_dirty && drm_atomic_helper_damage_merged(old_state, + new_state, + &rect)) { + /* + * At some point it might be useful to actually translate + * (rect.x1, rect.y1) => start, and (rect.x2, rect.y2) => end, + * but currently the fb code will just report the entire fb + * dirty so in practice it doesn't matter. + */ + pgoff_t start = res->guest_memory_offset >> PAGE_SHIFT; + pgoff_t end = __KERNEL_DIV_ROUND_UP(res->guest_memory_offset + + res->guest_memory_size, + PAGE_SIZE); + vmw_resource_dirty_update(res, start, end); + } + } + /* * This should only happen if the buffer object is too large to create a * proxy surface for. @@ -1026,7 +1051,7 @@ vmw_stdu_primary_plane_prepare_fb(struct drm_plane *plane, return 0; out_srf_unref: - vmw_surface_unreference(&vps->surf); + vmw_user_object_unref(&vps->uo); return ret; } @@ -1168,14 +1193,8 @@ static uint32_t vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_update); return size; @@ -1184,61 +1203,14 @@ vmw_stdu_surface_fifo_size_same_display(struct vmw_du_update_plane *update, static uint32_t vmw_stdu_surface_fifo_size(struct vmw_du_update_plane *update, uint32_t num_hits) { - struct vmw_framebuffer_surface *vfbs; uint32_t size = 0; - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - if (vfbs->is_bo_proxy) - size += sizeof(struct vmw_stdu_update_gb_image) * num_hits; - size += sizeof(struct vmw_stdu_surface_copy) + sizeof(SVGA3dCopyBox) * num_hits + sizeof(struct vmw_stdu_update); return size; } -static uint32_t -vmw_stdu_surface_update_proxy(struct vmw_du_update_plane *update, void *cmd) -{ - struct vmw_framebuffer_surface *vfbs; - struct drm_plane_state *state = update->plane->state; - struct drm_plane_state *old_state = update->old_state; - struct vmw_stdu_update_gb_image *cmd_update = cmd; - struct drm_atomic_helper_damage_iter iter; - struct drm_rect clip; - uint32_t copy_size = 0; - - vfbs = container_of(update->vfb, typeof(*vfbs), base); - - /* - * proxy surface is special where a buffer object type fb is wrapped - * in a surface and need an update gb image command to sync with device. - */ - drm_atomic_helper_damage_iter_init(&iter, old_state, state); - drm_atomic_for_each_plane_damage(&iter, &clip) { - SVGA3dBox *box = &cmd_update->body.box; - - cmd_update->header.id = SVGA_3D_CMD_UPDATE_GB_IMAGE; - cmd_update->header.size = sizeof(cmd_update->body); - cmd_update->body.image.sid = vfbs->surface->res.id; - cmd_update->body.image.face = 0; - cmd_update->body.image.mipmap = 0; - - box->x = clip.x1; - box->y = clip.y1; - box->z = 0; - box->w = drm_rect_width(&clip); - box->h = drm_rect_height(&clip); - box->d = 1; - - copy_size += sizeof(*cmd_update); - cmd_update++; - } - - return copy_size; -} - static uint32_t vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, uint32_t num_hits) @@ -1253,7 +1225,7 @@ vmw_stdu_surface_populate_copy(struct vmw_du_update_plane *update, void *cmd, cmd_copy->header.id = SVGA_3D_CMD_SURFACE_COPY; cmd_copy->header.size = sizeof(cmd_copy->body) + sizeof(SVGA3dCopyBox) * num_hits; - cmd_copy->body.src.sid = vfbs->surface->res.id; + cmd_copy->body.src.sid = vmw_user_object_surface(&vfbs->uo)->res.id; cmd_copy->body.dest.sid = stdu->display_srf->res.id; return sizeof(*cmd_copy); @@ -1324,10 +1296,7 @@ static int vmw_stdu_plane_update_surface(struct vmw_private *dev_priv, srf_update.mutex = &dev_priv->cmdbuf_mutex; srf_update.intr = true; - if (vfbs->is_bo_proxy) - srf_update.post_prepare = vmw_stdu_surface_update_proxy; - - if (vfbs->surface->res.id != stdu->display_srf->res.id) { + if (vmw_user_object_surface(&vfbs->uo)->res.id != stdu->display_srf->res.id) { srf_update.calc_fifo_size = vmw_stdu_surface_fifo_size; srf_update.pre_clip = vmw_stdu_surface_populate_copy; srf_update.clip = vmw_stdu_surface_populate_clip; @@ -1371,7 +1340,7 @@ vmw_stdu_primary_plane_atomic_update(struct drm_plane *plane, stdu = vmw_crtc_to_stdu(crtc); dev_priv = vmw_priv(crtc->dev); - stdu->display_srf = vps->surf; + stdu->display_srf = vmw_user_object_surface(&vps->uo); stdu->content_fb_type = vps->content_fb_type; stdu->cpp = vps->cpp; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index e7a744dfcecf..8ae6a761c900 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -1,7 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 OR MIT /************************************************************************** * - * Copyright 2009-2023 VMware, Inc., Palo Alto, CA., USA + * Copyright (c) 2009-2024 Broadcom. All Rights Reserved. The term + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * * Permission is hereby granted, free of charge, to any person obtaining a * copy of this software and associated documentation files (the @@ -36,9 +37,6 @@ #include <drm/ttm/ttm_placement.h> #define SVGA3D_FLAGS_64(upper32, lower32) (((uint64_t)upper32 << 32) | lower32) -#define SVGA3D_FLAGS_UPPER_32(svga3d_flags) (svga3d_flags >> 32) -#define SVGA3D_FLAGS_LOWER_32(svga3d_flags) \ - (svga3d_flags & ((uint64_t)U32_MAX)) /** * struct vmw_user_surface - User-space visible surface resource @@ -686,6 +684,14 @@ static void vmw_user_surface_base_release(struct ttm_base_object **p_base) struct vmw_resource *res = &user_srf->srf.res; *p_base = NULL; + + /* + * Dumb buffers own the resource and they'll unref the + * resource themselves + */ + if (res && res->guest_memory_bo && res->guest_memory_bo->is_dumb) + return; + vmw_resource_unreference(&res); } @@ -812,7 +818,8 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, } } res->guest_memory_size = cur_bo_offset; - if (metadata->scanout && + if (!file_priv->atomic && + metadata->scanout && metadata->num_sizes == 1 && metadata->sizes[0].width == VMW_CURSOR_SNOOP_WIDTH && metadata->sizes[0].height == VMW_CURSOR_SNOOP_HEIGHT && @@ -864,6 +871,7 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, vmw_resource_unreference(&res); goto out_unlock; } + vmw_bo_add_detached_resource(res->guest_memory_bo, res); } tmp = vmw_resource_reference(&srf->res); @@ -892,6 +900,113 @@ int vmw_surface_define_ioctl(struct drm_device *dev, void *data, return ret; } +static struct vmw_user_surface * +vmw_lookup_user_surface_for_buffer(struct vmw_private *vmw, struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = NULL; + struct vmw_surface *surf; + struct ttm_base_object *base; + + surf = vmw_bo_surface(bo); + if (surf) { + rcu_read_lock(); + user_srf = container_of(surf, struct vmw_user_surface, srf); + base = &user_srf->prime.base; + if (base && !kref_get_unless_zero(&base->refcount)) { + drm_dbg_driver(&vmw->drm, + "%s: referencing a stale surface handle %d\n", + __func__, handle); + base = NULL; + user_srf = NULL; + } + rcu_read_unlock(); + } + + return user_srf; +} + +struct vmw_surface *vmw_lookup_surface_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + struct vmw_surface *surf = NULL; + struct ttm_base_object *base; + + if (user_srf) { + surf = vmw_surface_reference(&user_srf->srf); + base = &user_srf->prime.base; + ttm_base_object_unref(&base); + } + return surf; +} + +u32 vmw_lookup_surface_handle_for_buffer(struct vmw_private *vmw, + struct vmw_bo *bo, + u32 handle) +{ + struct vmw_user_surface *user_srf = + vmw_lookup_user_surface_for_buffer(vmw, bo, handle); + int surf_handle = 0; + struct ttm_base_object *base; + + if (user_srf) { + base = &user_srf->prime.base; + surf_handle = (u32)base->handle; + ttm_base_object_unref(&base); + } + return surf_handle; +} + +static int vmw_buffer_prime_to_surface_base(struct vmw_private *dev_priv, + struct drm_file *file_priv, + u32 fd, u32 *handle, + struct ttm_base_object **base_p) +{ + struct ttm_base_object *base; + struct vmw_bo *bo; + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_user_surface *user_srf; + int ret; + + ret = drm_gem_prime_fd_to_handle(&dev_priv->drm, file_priv, fd, handle); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to find user buffer for fd = %u.\n", fd); + return ret; + } + + ret = vmw_user_bo_lookup(file_priv, *handle, &bo); + if (ret) { + drm_warn(&dev_priv->drm, + "Wasn't able to lookup user buffer for handle = %u.\n", *handle); + return ret; + } + + user_srf = vmw_lookup_user_surface_for_buffer(dev_priv, bo, *handle); + if (WARN_ON(!user_srf)) { + drm_warn(&dev_priv->drm, + "User surface fd %d (handle %d) is null.\n", fd, *handle); + ret = -EINVAL; + goto out; + } + + base = &user_srf->prime.base; + ret = ttm_ref_object_add(tfile, base, NULL, false); + if (ret) { + drm_warn(&dev_priv->drm, + "Couldn't add an object ref for the buffer (%d).\n", *handle); + goto out; + } + + *base_p = base; +out: + vmw_user_bo_unref(&bo); + + return ret; +} static int vmw_surface_handle_reference(struct vmw_private *dev_priv, @@ -901,15 +1016,19 @@ vmw_surface_handle_reference(struct vmw_private *dev_priv, struct ttm_base_object **base_p) { struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; - struct vmw_user_surface *user_srf; + struct vmw_user_surface *user_srf = NULL; uint32_t handle; struct ttm_base_object *base; int ret; if (handle_type == DRM_VMW_HANDLE_PRIME) { ret = ttm_prime_fd_to_handle(tfile, u_handle, &handle); - if (unlikely(ret != 0)) - return ret; + if (ret) + return vmw_buffer_prime_to_surface_base(dev_priv, + file_priv, + u_handle, + &handle, + base_p); } else { handle = u_handle; } @@ -1503,7 +1622,12 @@ vmw_gb_surface_define_internal(struct drm_device *dev, ret = vmw_user_bo_lookup(file_priv, req->base.buffer_handle, &res->guest_memory_bo); if (ret == 0) { - if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { + if (res->guest_memory_bo->is_dumb) { + VMW_DEBUG_USER("Can't backup surface with a dumb buffer.\n"); + vmw_user_bo_unref(&res->guest_memory_bo); + ret = -EINVAL; + goto out_unlock; + } else if (res->guest_memory_bo->tbo.base.size < res->guest_memory_size) { VMW_DEBUG_USER("Surface backup buffer too small.\n"); vmw_user_bo_unref(&res->guest_memory_bo); ret = -EINVAL; @@ -1560,6 +1684,7 @@ vmw_gb_surface_define_internal(struct drm_device *dev, rep->handle = user_srf->prime.base.handle; rep->backup_size = res->guest_memory_size; if (res->guest_memory_bo) { + vmw_bo_add_detached_resource(res->guest_memory_bo, res); rep->buffer_map_handle = drm_vma_node_offset_addr(&res->guest_memory_bo->tbo.base.vma_node); rep->buffer_size = res->guest_memory_bo->tbo.base.size; @@ -2100,3 +2225,140 @@ int vmw_gb_surface_define(struct vmw_private *dev_priv, out_unlock: return ret; } + +static SVGA3dSurfaceFormat vmw_format_bpp_to_svga(struct vmw_private *vmw, + int bpp) +{ + switch (bpp) { + case 8: /* DRM_FORMAT_C8 */ + return SVGA3D_P8; + case 16: /* DRM_FORMAT_RGB565 */ + return SVGA3D_R5G6B5; + case 32: /* DRM_FORMAT_XRGB8888 */ + if (has_sm4_context(vmw)) + return SVGA3D_B8G8R8X8_UNORM; + return SVGA3D_X8R8G8B8; + default: + drm_warn(&vmw->drm, "Unsupported format bpp: %d\n", bpp); + return SVGA3D_X8R8G8B8; + } +} + +/** + * vmw_dumb_create - Create a dumb kms buffer + * + * @file_priv: Pointer to a struct drm_file identifying the caller. + * @dev: Pointer to the drm device. + * @args: Pointer to a struct drm_mode_create_dumb structure + * Return: Zero on success, negative error code on failure. + * + * This is a driver callback for the core drm create_dumb functionality. + * Note that this is very similar to the vmw_bo_alloc ioctl, except + * that the arguments have a different format. + */ +int vmw_dumb_create(struct drm_file *file_priv, + struct drm_device *dev, + struct drm_mode_create_dumb *args) +{ + struct vmw_private *dev_priv = vmw_priv(dev); + struct ttm_object_file *tfile = vmw_fpriv(file_priv)->tfile; + struct vmw_bo *vbo = NULL; + struct vmw_resource *res = NULL; + union drm_vmw_gb_surface_create_ext_arg arg = { 0 }; + struct drm_vmw_gb_surface_create_ext_req *req = &arg.req; + int ret; + struct drm_vmw_size drm_size = { + .width = args->width, + .height = args->height, + .depth = 1, + }; + SVGA3dSurfaceFormat format = vmw_format_bpp_to_svga(dev_priv, args->bpp); + const struct SVGA3dSurfaceDesc *desc = vmw_surface_get_desc(format); + SVGA3dSurfaceAllFlags flags = SVGA3D_SURFACE_HINT_TEXTURE | + SVGA3D_SURFACE_HINT_RENDERTARGET | + SVGA3D_SURFACE_SCREENTARGET | + SVGA3D_SURFACE_BIND_SHADER_RESOURCE | + SVGA3D_SURFACE_BIND_RENDER_TARGET; + + /* + * Without mob support we're just going to use raw memory buffer + * because we wouldn't be able to support full surface coherency + * without mobs + */ + if (!dev_priv->has_mob) { + int cpp = DIV_ROUND_UP(args->bpp, 8); + + switch (cpp) { + case 1: /* DRM_FORMAT_C8 */ + case 2: /* DRM_FORMAT_RGB565 */ + case 4: /* DRM_FORMAT_XRGB8888 */ + break; + default: + /* + * Dumb buffers don't allow anything else. + * This is tested via IGT's dumb_buffers + */ + return -EINVAL; + } + + args->pitch = args->width * cpp; + args->size = ALIGN(args->pitch * args->height, PAGE_SIZE); + + ret = vmw_gem_object_create_with_handle(dev_priv, file_priv, + args->size, &args->handle, + &vbo); + /* drop reference from allocate - handle holds it now */ + drm_gem_object_put(&vbo->tbo.base); + return ret; + } + + req->version = drm_vmw_gb_surface_v1; + req->multisample_pattern = SVGA3D_MS_PATTERN_NONE; + req->quality_level = SVGA3D_MS_QUALITY_NONE; + req->buffer_byte_stride = 0; + req->must_be_zero = 0; + req->base.svga3d_flags = SVGA3D_FLAGS_LOWER_32(flags); + req->svga3d_flags_upper_32_bits = SVGA3D_FLAGS_UPPER_32(flags); + req->base.format = (uint32_t)format; + req->base.drm_surface_flags = drm_vmw_surface_flag_scanout; + req->base.drm_surface_flags |= drm_vmw_surface_flag_shareable; + req->base.drm_surface_flags |= drm_vmw_surface_flag_create_buffer; + req->base.drm_surface_flags |= drm_vmw_surface_flag_coherent; + req->base.base_size.width = args->width; + req->base.base_size.height = args->height; + req->base.base_size.depth = 1; + req->base.array_size = 0; + req->base.mip_levels = 1; + req->base.multisample_count = 0; + req->base.buffer_handle = SVGA3D_INVALID_ID; + req->base.autogen_filter = SVGA3D_TEX_FILTER_NONE; + ret = vmw_gb_surface_define_ext_ioctl(dev, &arg, file_priv); + if (ret) { + drm_warn(dev, "Unable to create a dumb buffer\n"); + return ret; + } + + args->handle = arg.rep.buffer_handle; + args->size = arg.rep.buffer_size; + args->pitch = vmw_surface_calculate_pitch(desc, &drm_size); + + ret = vmw_user_resource_lookup_handle(dev_priv, tfile, arg.rep.handle, + user_surface_converter, + &res); + if (ret) { + drm_err(dev, "Created resource handle doesn't exist!\n"); + goto err; + } + + vbo = res->guest_memory_bo; + vbo->is_dumb = true; + vbo->dumb_surface = vmw_res_to_srf(res); + +err: + if (res) + vmw_resource_unreference(&res); + if (ret) + ttm_ref_object_base_unref(tfile, arg.rep.handle); + + return ret; +} -- 2.43.0

9 months, 2 weeks

2
1
0 0

[RFC PATCH v1 2/3] selftests/landlock: Add test for socket's domain

by Mickaël Salaün

This new ipv4_tcp.socket_domain test checks that the restrictions are tied to the socket at creation time, but not tied to the thread requesting a bind action. Properly close file descriptor in ipv4.with_fs test. Cc: Günther Noack <gnoack(a)google.com> Cc: Ivanov Mikhail <ivanov.mikhail1(a)huawei-partners.com> Cc: Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: Tahera Fahimi <fahimitahera(a)gmail.com> Cc: stable(a)vger.kernel.org Fixes: a549d055a22e ("selftests/landlock: Add network tests") Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20240719150618.197991-3-mic@digikod.net --- tools/testing/selftests/landlock/net_test.c | 29 +++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tools/testing/selftests/landlock/net_test.c b/tools/testing/selftests/landlock/net_test.c index f21cfbbc3638..79251e27d26d 100644 --- a/tools/testing/selftests/landlock/net_test.c +++ b/tools/testing/selftests/landlock/net_test.c @@ -1579,6 +1579,35 @@ TEST_F(ipv4_tcp, with_fs) bind_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); ASSERT_LE(0, bind_fd); EXPECT_EQ(-EACCES, bind_variant(bind_fd, &self->srv1)); + EXPECT_EQ(0, close(bind_fd)); +} + +TEST_F(ipv4_tcp, socket_domain) +{ + const struct landlock_ruleset_attr ruleset_attr = { + .handled_access_net = LANDLOCK_ACCESS_NET_BIND_TCP, + }; + int ruleset_fd, bind_fd; + + /* Creates socket before sandboxing. */ + bind_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + ASSERT_LE(0, bind_fd); + + ruleset_fd = + landlock_create_ruleset(&ruleset_attr, sizeof(ruleset_attr), 0); + ASSERT_LE(0, ruleset_fd); + enforce_ruleset(_metadata, ruleset_fd); + EXPECT_EQ(0, close(ruleset_fd)); + + /* Tests port binding with unsandboxed socket. */ + EXPECT_EQ(0, bind_variant(bind_fd, &self->srv1)); + EXPECT_EQ(0, close(bind_fd)); + + /* Tests port binding with new sandboxed socket. */ + bind_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0); + ASSERT_LE(0, bind_fd); + EXPECT_EQ(-EACCES, bind_variant(bind_fd, &self->srv1)); + EXPECT_EQ(0, close(bind_fd)); } FIXTURE(port_specific) -- 2.45.2

9 months, 2 weeks

1
0
0 0

[RFC PATCH v1 1/3] landlock: Use socket's domain instead of current's domain

by Mickaël Salaün

Before this change, network restrictions were enforced according to the calling thread's Landlock domain, leading to potential inconsistent results when the same socket was used by different threads or processes (with different domains). This change fixes such access control inconsistency by enforcing the socket's Landlock domain instead of the caller's Landlock domain. Socket's Landlock domain is inherited from the thread that created this socket. This means that a socket created without sandboxing will be free to connect and bind without limitation. This also means that a socket created by a sandboxed thread will inherit the thread's policy, which will be enforced on this socket even when used by another thread or passed to another process. The initial rationale [1] was that a socket does not directly grants access to data, but it is an object used to define an access (e.g. connection to a peer). Contrary to my initial assumption, we can identify to which protocol/port a newly created socket can give access to with the socket's file->f_cred inherited from its creator. Moreover, from a kernel point of view, especially for shared objects, we need a more consistent access model. This means that the same action on the same socket performed by different threads will have the same effect. This follows the same approach as for file descriptors tied to the file system (e.g. LANDLOCK_ACCESS_FS_TRUNCATE). One potential risk of this change is for unsandboxed processes to send socket file descriptors to sandboxed processes, which could give unrestricted network access to the sandboxed process (by reconfigure the socket). While it makes sense for processes to transfer (AF_UNIX) socketpairs, which is OK because they can only exchange data between themselves, it should be rare for processes to legitimately pass other kind of sockets (e.g. AF_INET). Another potential risk of this approach is socket file descriptor leaks. This is the same risk as with regular file descriptor leaks giving access to the content of a file, which is well known and documented. This could be mitigated with a future complementary restriction on received or inherited file descriptors. One interesting side effect of this new approach is that a process can create a socket that will only allow to connect to a set of ports. This can be done by creating a thread, sandboxing it, creating a socket, and using the related file descriptor (in the same process). Passing this restricted socket to a more sandboxed process makes it possible to have a more dynamic security policy. This new approach aligns with SELinux and Smack instead of AppArmor and Tomoyo. It is also in line with capability-based security mechanisms such as Capsicum. This slight semantic change is important for current and future Landlock's consistency, and it must be backported. Current tests are still OK because this behavior wasn't covered. A following commit adds new tests. Cc: Günther Noack <gnoack(a)google.com> Cc: Ivanov Mikhail <ivanov.mikhail1(a)huawei-partners.com> Cc: Konstantin Meskhidze <konstantin.meskhidze(a)huawei.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: Tahera Fahimi <fahimitahera(a)gmail.com> Cc: <stable(a)vger.kernel.org> # 6.7.x: 088e2efaf3d2: landlock: Simplify current_check_access_socket() Fixes: fff69fb03dde ("landlock: Support network rules with TCP bind and connect") Link: https://lore.kernel.org/r/263c1eb3-602f-57fe-8450-3f138581bee7@digikod.net [1] Signed-off-by: Mickaël Salaün <mic(a)digikod.net> Link: https://lore.kernel.org/r/20240719150618.197991-2-mic@digikod.net --- security/landlock/net.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/security/landlock/net.c b/security/landlock/net.c index c8bcd29bde09..78e027a74819 100644 --- a/security/landlock/net.c +++ b/security/landlock/net.c @@ -50,10 +50,11 @@ get_raw_handled_net_accesses(const struct landlock_ruleset *const domain) return access_dom; } -static const struct landlock_ruleset *get_current_net_domain(void) +static const struct landlock_ruleset * +get_socket_net_domain(const struct socket *const sock) { const struct landlock_ruleset *const dom = - landlock_get_current_domain(); + landlock_cred(sock->file->f_cred)->domain; if (!dom || !get_raw_handled_net_accesses(dom)) return NULL; @@ -61,10 +62,9 @@ static const struct landlock_ruleset *get_current_net_domain(void) return dom; } -static int current_check_access_socket(struct socket *const sock, - struct sockaddr *const address, - const int addrlen, - access_mask_t access_request) +static int check_access_socket(struct socket *const sock, + struct sockaddr *const address, + const int addrlen, access_mask_t access_request) { __be16 port; layer_mask_t layer_masks[LANDLOCK_NUM_ACCESS_NET] = {}; @@ -72,7 +72,7 @@ static int current_check_access_socket(struct socket *const sock, struct landlock_id id = { .type = LANDLOCK_KEY_NET_PORT, }; - const struct landlock_ruleset *const dom = get_current_net_domain(); + const struct landlock_ruleset *const dom = get_socket_net_domain(sock); if (!dom) return 0; @@ -175,16 +175,16 @@ static int current_check_access_socket(struct socket *const sock, static int hook_socket_bind(struct socket *const sock, struct sockaddr *const address, const int addrlen) { - return current_check_access_socket(sock, address, addrlen, - LANDLOCK_ACCESS_NET_BIND_TCP); + return check_access_socket(sock, address, addrlen, + LANDLOCK_ACCESS_NET_BIND_TCP); } static int hook_socket_connect(struct socket *const sock, struct sockaddr *const address, const int addrlen) { - return current_check_access_socket(sock, address, addrlen, - LANDLOCK_ACCESS_NET_CONNECT_TCP); + return check_access_socket(sock, address, addrlen, + LANDLOCK_ACCESS_NET_CONNECT_TCP); } static struct security_hook_list landlock_hooks[] __ro_after_init = { -- 2.45.2

9 months, 2 weeks

1
0
0 0

[PATCH 6.6 1/3] netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume()

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 85b08b31a22b481ec6528130daf94eee4452e23f ] Export fscache_put_volume() and add fscache_try_get_volume() helper function to allow cachefiles to get/put fscache_volume via linux/fscache-cache.h. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240628062930.2467993-2-libaokun@huaweicloud.com Signed-off-by: Christian Brauner <brauner(a)kernel.org> Stable-dep-of: 522018a0de6b ("cachefiles: fix slab-use-after-free in fscache_withdraw_volume()") Stable-dep-of: 5d8f80578907 ("cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/fscache/internal.h | 2 -- fs/fscache/volume.c | 14 ++++++++++++++ include/linux/fscache-cache.h | 6 ++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h index 1336f517e9b1..4799a722bc28 100644 --- a/fs/fscache/internal.h +++ b/fs/fscache/internal.h @@ -145,8 +145,6 @@ extern const struct seq_operations fscache_volumes_seq_ops; struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, enum fscache_volume_trace where); -void fscache_put_volume(struct fscache_volume *volume, - enum fscache_volume_trace where); bool fscache_begin_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); diff --git a/fs/fscache/volume.c b/fs/fscache/volume.c index cdf991bdd9de..cb75c07b5281 100644 --- a/fs/fscache/volume.c +++ b/fs/fscache/volume.c @@ -27,6 +27,19 @@ struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, return volume; } +struct fscache_volume *fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where) +{ + int ref; + + if (!__refcount_inc_not_zero(&volume->ref, &ref)) + return NULL; + + trace_fscache_volume(volume->debug_id, ref + 1, where); + return volume; +} +EXPORT_SYMBOL(fscache_try_get_volume); + static void fscache_see_volume(struct fscache_volume *volume, enum fscache_volume_trace where) { @@ -420,6 +433,7 @@ void fscache_put_volume(struct fscache_volume *volume, fscache_free_volume(volume); } } +EXPORT_SYMBOL(fscache_put_volume); /* * Relinquish a volume representation cookie. diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h index a174cedf4d90..35e86d2f2887 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h @@ -19,6 +19,7 @@ enum fscache_cache_trace; enum fscache_cookie_trace; enum fscache_access_trace; +enum fscache_volume_trace; enum fscache_cache_state { FSCACHE_CACHE_IS_NOT_PRESENT, /* No cache is present for this name */ @@ -97,6 +98,11 @@ extern void fscache_withdraw_cookie(struct fscache_cookie *cookie); extern void fscache_io_error(struct fscache_cache *cache); +extern struct fscache_volume * +fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); +extern void fscache_put_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); extern void fscache_end_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); -- 2.39.2

9 months, 2 weeks

1
2
0 0

[PATCH 6.9 1/3] netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume()

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> [ Upstream commit 85b08b31a22b481ec6528130daf94eee4452e23f ] Export fscache_put_volume() and add fscache_try_get_volume() helper function to allow cachefiles to get/put fscache_volume via linux/fscache-cache.h. Signed-off-by: Baokun Li <libaokun1(a)huawei.com> Link: https://lore.kernel.org/r/20240628062930.2467993-2-libaokun@huaweicloud.com Signed-off-by: Christian Brauner <brauner(a)kernel.org> Stable-dep-of: 522018a0de6b ("cachefiles: fix slab-use-after-free in fscache_withdraw_volume()") Stable-dep-of: 5d8f80578907 ("cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()") Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- fs/netfs/fscache_volume.c | 14 ++++++++++++++ fs/netfs/internal.h | 2 -- include/linux/fscache-cache.h | 6 ++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/fs/netfs/fscache_volume.c b/fs/netfs/fscache_volume.c index cdf991bdd9de..cb75c07b5281 100644 --- a/fs/netfs/fscache_volume.c +++ b/fs/netfs/fscache_volume.c @@ -27,6 +27,19 @@ struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, return volume; } +struct fscache_volume *fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where) +{ + int ref; + + if (!__refcount_inc_not_zero(&volume->ref, &ref)) + return NULL; + + trace_fscache_volume(volume->debug_id, ref + 1, where); + return volume; +} +EXPORT_SYMBOL(fscache_try_get_volume); + static void fscache_see_volume(struct fscache_volume *volume, enum fscache_volume_trace where) { @@ -420,6 +433,7 @@ void fscache_put_volume(struct fscache_volume *volume, fscache_free_volume(volume); } } +EXPORT_SYMBOL(fscache_put_volume); /* * Relinquish a volume representation cookie. diff --git a/fs/netfs/internal.h b/fs/netfs/internal.h index ec7045d24400..edf9b2a180ca 100644 --- a/fs/netfs/internal.h +++ b/fs/netfs/internal.h @@ -326,8 +326,6 @@ extern const struct seq_operations fscache_volumes_seq_ops; struct fscache_volume *fscache_get_volume(struct fscache_volume *volume, enum fscache_volume_trace where); -void fscache_put_volume(struct fscache_volume *volume, - enum fscache_volume_trace where); bool fscache_begin_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h index bdf7f3eddf0a..4c91a019972b 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h @@ -19,6 +19,7 @@ enum fscache_cache_trace; enum fscache_cookie_trace; enum fscache_access_trace; +enum fscache_volume_trace; enum fscache_cache_state { FSCACHE_CACHE_IS_NOT_PRESENT, /* No cache is present for this name */ @@ -97,6 +98,11 @@ extern void fscache_withdraw_cookie(struct fscache_cookie *cookie); extern void fscache_io_error(struct fscache_cache *cache); +extern struct fscache_volume * +fscache_try_get_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); +extern void fscache_put_volume(struct fscache_volume *volume, + enum fscache_volume_trace where); extern void fscache_end_volume_access(struct fscache_volume *volume, struct fscache_cookie *cookie, enum fscache_access_trace why); -- 2.39.2

9 months, 2 weeks

1
2
0 0

[PATCH] PCI: loongson: Add LS7A MSI enablement quirk

by Huacai Chen

LS7A chipset can be used as a downstream bridge which connected to a high-level host bridge. In this case DEV_LS7A_PCIE_PORT5 is used as the upward port. We should always enable MSI caps of this port, otherwise downstream devices cannot use MSI. Cc: <stable(a)vger.kernel.org> Signed-off-by: Sheng Wu <wusheng(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/controller/pci-loongson.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/drivers/pci/controller/pci-loongson.c b/drivers/pci/controller/pci-loongson.c index 8b34ccff073a..ffc581605834 100644 --- a/drivers/pci/controller/pci-loongson.c +++ b/drivers/pci/controller/pci-loongson.c @@ -163,6 +163,18 @@ DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_LOONGSON, DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_LOONGSON, DEV_LS7A_HDMI, loongson_pci_pin_quirk); +static void loongson_pci_msi_quirk(struct pci_dev *dev) +{ + u16 val, class = dev->class >> 8; + + if (class == PCI_CLASS_BRIDGE_HOST) { + pci_read_config_word(dev, dev->msi_cap + PCI_MSI_FLAGS, &val); + val |= PCI_MSI_FLAGS_ENABLE; + pci_write_config_word(dev, dev->msi_cap + PCI_MSI_FLAGS, val); + } +} +DECLARE_PCI_FIXUP_FINAL(PCI_VENDOR_ID_LOONGSON, DEV_LS7A_PCIE_PORT5, loongson_pci_msi_quirk); + static struct loongson_pci *pci_bus_to_loongson_pci(struct pci_bus *bus) { struct pci_config_window *cfg; -- 2.43.0

9 months, 2 weeks

4
8
0 0

[PATCH v4] cxl: Fix possible null pointer dereference in read_handle()

by Ma Ke

In read_handle(), of_get_address() may return NULL if getting address and size of the node failed. When of_read_number() uses prop to handle conversions between different byte orders, it could lead to a null pointer dereference. Add NULL check to fix potential issue. Found by static analysis. Cc: stable(a)vger.kernel.org Fixes: 14baf4d9c739 ("cxl: Add guest-specific code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v4: - modified vulnerability description according to suggestions, making the process of static analysis of vulnerabilities clearer. No active research on developer behavior. Changes in v3: - fixed up the changelog text as suggestions. Changes in v2: - added an explanation of how the potential vulnerability was discovered, but not meet the description specification requirements. --- drivers/misc/cxl/of.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/cxl/of.c b/drivers/misc/cxl/of.c index bcc005dff1c0..d8dbb3723951 100644 --- a/drivers/misc/cxl/of.c +++ b/drivers/misc/cxl/of.c @@ -58,7 +58,7 @@ static int read_handle(struct device_node *np, u64 *handle) /* Get address and size of the node */ prop = of_get_address(np, 0, &size, NULL); - if (size) + if (!prop || size) return -EINVAL; /* Helper to read a big number; size is in cells (not bytes) */ -- 2.25.1

9 months, 2 weeks

6
8
0 0

[PATCH v2 1/6] OPP: Fix support for required OPPs for multiple PM domains

by Ulf Hansson

It has turned out that having _set_required_opps() to recursively call dev_pm_opp_set_opp() to set the required OPPs, doesn't really work as well as we expected. More precisely, at each recursive call to dev_pm_opp_set_opp() we are changing the OPP for a genpd's OPP table for a device that has been attached to it. The problem with this, is that we may have several devices being attached to the same genpd, thus sharing the same OPP-table that is being used for their required OPPs. So, typically we may have several active requests simultaneously for different OPPs for a genpd's OPP table. This may lead to that the per device vote for a performance-state (opp-level) for a genpd doesn't get requested accordingly. Moreover, dev_pm_opp_set_opp() doesn't get called for a required OPP when a device has been attached to a single PM domain. Even if a consumer driver would attempt to assign the required-devs, via _opp_attach_genpd() or _opp_set_required_devs() it would not be possible, as there is no separate virtual device at hand to use in this case. The above said, let's fix the problem by replacing the call to dev_pm_opp_set_opp() in _set_required_opps() by a call to _set_opp_level(). At the moment there's no drawback doing this, as there is no need to manage anything but the performance-state of the genpd. If it later turns out that another resource needs to be managed for a required-OPP, it can still be extended without having to call dev_pm_opp_set_opp(). Fixes: e37440e7e2c2 ("OPP: Call dev_pm_opp_set_opp() for required OPPs") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- Changes in v2: - Clarified the commitmsg. - Addressed some comments from Viresh. - Drop calls to _add_opp_dev() for required_devs. --- drivers/opp/core.c | 56 ++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 34 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 5f4598246a87..494f8860220d 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1061,6 +1061,27 @@ static int _set_opp_bw(const struct opp_table *opp_table, return 0; } +static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (opp->level == OPP_LEVEL_UNSET) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_domain_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + /* This is only called for PM domain for now */ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, struct dev_pm_opp *opp, bool up) @@ -1091,7 +1112,7 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, if (devs[index]) { required_opp = opp ? opp->required_opps[index] : NULL; - ret = dev_pm_opp_set_opp(devs[index], required_opp); + ret = _set_opp_level(devs[index], required_opp); if (ret) return ret; } @@ -1102,27 +1123,6 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, return 0; } -static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) -{ - unsigned int level = 0; - int ret = 0; - - if (opp) { - if (opp->level == OPP_LEVEL_UNSET) - return 0; - - level = opp->level; - } - - /* Request a new performance state through the device's PM domain. */ - ret = dev_pm_domain_set_performance_state(dev, level); - if (ret) - dev_err(dev, "Failed to set performance state %u (%d)\n", level, - ret); - - return ret; -} - static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); @@ -2457,18 +2457,6 @@ static int _opp_attach_genpd(struct opp_table *opp_table, struct device *dev, } } - /* - * Add the virtual genpd device as a user of the OPP table, so - * we can call dev_pm_opp_set_opp() on it directly. - * - * This will be automatically removed when the OPP table is - * removed, don't need to handle that here. - */ - if (!_add_opp_dev(virt_dev, opp_table->required_opp_tables[index])) { - ret = -ENOMEM; - goto err; - } - opp_table->required_devs[index] = virt_dev; index++; name++; -- 2.34.1

9 months, 2 weeks

1
0
0 0

[PATCH v2] clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use

by Bastien Curutchet

The flag attribute of the struct clk_init_data isn't initialized before the devm_clk_hw_register() call. This can lead to unexpected behavior during registration. Initialize the entire clk_init_data to zero at declaration. Cc: stable(a)vger.kernel.org Fixes: 58e1e2d2cd89 ("clk: davinci: cfgchip: Add TI DA8XX USB PHY clocks") Signed-off-by: Bastien Curutchet <bastien.curutchet(a)bootlin.com> Reviewed-by: David Lechner <david(a)lechnology.com> --- Changes in v2: Add Cc and Fixes tags Add Reviewed-by David v1: https://lore.kernel.org/all/20240717141201.64125-1-bastien.curutchet@bootli… drivers/clk/davinci/da8xx-cfgchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/clk/davinci/da8xx-cfgchip.c b/drivers/clk/davinci/da8xx-cfgchip.c index ad2d0df43dc6..ec60ecb517f1 100644 --- a/drivers/clk/davinci/da8xx-cfgchip.c +++ b/drivers/clk/davinci/da8xx-cfgchip.c @@ -508,7 +508,7 @@ da8xx_cfgchip_register_usb0_clk48(struct device *dev, const char * const parent_names[] = { "usb_refclkin", "pll0_auxclk" }; struct clk *fck_clk; struct da8xx_usb0_clk48 *usb0; - struct clk_init_data init; + struct clk_init_data init = {}; int ret; fck_clk = devm_clk_get(dev, "fck"); @@ -583,7 +583,7 @@ da8xx_cfgchip_register_usb1_clk48(struct device *dev, { const char * const parent_names[] = { "usb0_clk48", "usb_refclkin" }; struct da8xx_usb1_clk48 *usb1; - struct clk_init_data init; + struct clk_init_data init = {}; int ret; usb1 = devm_kzalloc(dev, sizeof(*usb1), GFP_KERNEL); -- 2.45.0

9 months, 2 weeks

2
1
0 0

[PATCH 6.9 000/142] 6.9.10-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.9.10 release. There are 142 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.9.10-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.9.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.9.10-rc2 Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> kbuild: rpm-pkg: avoid the warnings with dtb's listed twice Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Wander Lairson Costa <wander(a)redhat.com> sched/deadline: Fix task_struct reference leak Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Baokun Li <libaokun1(a)huawei.com> ext4: avoid ptr null pointer dereference Komal Bajaj <quic_kbajaj(a)quicinc.com> Revert "dt-bindings: cache: qcom,llcc: correct QDU1000 reg entries" SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet Gavin Shan <gshan(a)redhat.com> mm/shmem: disable PMD-sized page cache if needed Gavin Shan <gshan(a)redhat.com> mm/readahead: limit page cache size in page_cache_ra_order() Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Restrict untrusted app to attach to privileged PD Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix ownership reassignment of remote heap Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix memory leak in audio daemon attach operation Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Copy the complete capability structure to user Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Avoid updating PD type for capability request Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix DSP capabilities request Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: Allow drivers to advertise boost enabled Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: ACPI: Mark boost policy as enabled when setting boost Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Taniya Das <quic_tdas(a)quicinc.com> pmdomain: qcom: rpmhpd: Skip retention level for Power Domains Bastien Curutchet <bastien.curutchet(a)bootlin.com> mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length Adrian Hunter <adrian.hunter(a)intel.com> mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Wentong Wu <wentong.wu(a)intel.com> mei: vsc: Utilize the appropriate byte order swap function Wentong Wu <wentong.wu(a)intel.com> mei: vsc: Prevent timeout error with added delay post-firmware download Wentong Wu <wentong.wu(a)intel.com> mei: vsc: Enhance IVSC chipset stability during warm reboot Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Rasmus Villemoes <linux(a)rasmusvillemoes.dk> serial: imx: ensure RTS signal is not left active after shutdown Jacky Huang <ychuang3(a)nuvoton.com> tty: serial: ma35d1: Add a NULL check for of_node Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix array out-of-bounds access Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: limit cell sysfs permissions to main attribute ones Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100-crd: fix DAI used for headset recording Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> arm64: dts: qcom: x1e80100-crd: fix WCD audio codec TX port mapping Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on Cong Zhang <quic_congzhan(a)quicinc.com> arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical timer João Paulo Gonçalves <joao.goncalves(a)toradex.com> iio: trigger: Fix condition for own trigger Hobin Woo <hobin.woo(a)samsung.com> ksmbd: discard write access to the directory open Gavin Shan <gshan(a)redhat.com> mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Gavin Shan <gshan(a)redhat.com> mm/filemap: skip to create PMD-sized page cache if needed ZhangPeng <zhangpeng362(a)huawei.com> filemap: replace pte_offset_map() with pte_offset_map_nolock() Hugh Dickins <hughd(a)google.com> mm: fix crashes from deferred split racing folio migration Uladzislau Rezki (Sony) <urezki(a)gmail.com> mm: vmalloc: check if a hash-index is in cpu_possible_mask Nhat Pham <nphamcs(a)gmail.com> cachestat: do not flush stats in recency check Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: always resume roothubs if xHC was reset during resume He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Joy Chakraborty <joychakr(a)google.com> misc: microchip: pci1xxxx: Fix return value of nvmem callbacks Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> usb: core: add missing of_node_put() in usb_of_has_devices_or_graph Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Panther Lake WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix deadlock with the SPI chip variant Josh Don <joshdon(a)google.com> Revert "sched/fair: Make sure to try to detach at least one movable task" Steve French <stfrench(a)microsoft.com> cifs: fix setting SecurityFlags to true Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix: remove needless retries of NVM update Saeed Mahameed <saeedm(a)nvidia.com> net: ethtool: Fix RSS setting Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: Intel: hda: fix null deref on system suspend entry Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Validate payload length before processing block Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Return error if block header overflows file Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Fix overflow checking of wmfw header Komal Bajaj <quic_kbajaj(a)quicinc.com> arm64: dts: qcom: qdu1000: Fix LLCC reg property Caleb Connolly <caleb.connolly(a)linaro.org> arm64: dts: qcom: sm6115: add iommu for sdhc_1 Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix PCIe 6a reg offsets and add MHI Andre Przywara <andre.przywara(a)arm.com> arm64: dts: allwinner: Fix PMIC interrupt number Konrad Dybcio <konrad.dybcio(a)linaro.org> arm64: dts: qcom: x1e80100-*: Allocate some CMA buffers Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x: Fix LLCC reg property again Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: prefer nft_chain_validate Florian Westphal <fw(a)strlen.de> netfilter: nfnetlink_queue: drop bogus WARN_ON Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Defer work in bpf_timer_cancel_and_free Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fail bpf_timer_cancel when callback is being cancelled Benjamin Tissoires <bentiss(a)kernel.org> bpf: replace bpf_timer_init with a generic helper Benjamin Tissoires <bentiss(a)kernel.org> bpf: make timer data struct more generic Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> bpf: fix order of args in call to bpf_map_kvcalloc Matthew Wilcox (Oracle) <willy(a)infradead.org> minixfs: Fix minixfs_rename with HIGHMEM Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() David Lechner <dlechner(a)baylibre.com> spi: add defer_optimize_message controller flag David Lechner <dlechner(a)baylibre.com> spi: don't unoptimize message in spi_async() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: lan87xx: reinit PHY after cable test Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix too early release of tcx_entry Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Dan Carpenter <dan.carpenter(a)linaro.org> net: bcmasp: Fix error code in probe() Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Christian Eggers <ceggers(a)arri.de> dsa: lan9303: Fix mapping between DSA port number and PHY address Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: lan9303: provide own phylink MAC operations Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: allow DSA switch drivers to provide their own phylink mac ops Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: introduce dsa_phylink_to_port() Jingbo Xu <jefflexu(a)linux.alibaba.com> cachefiles: add missing lock protection when polling Baokun Li <libaokun1(a)huawei.com> cachefiles: cyclic allocation of msg_id to avoid reuse Hou Tao <houtao1(a)huawei.com> cachefiles: wait for ondemand_object_worker to finish when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: cancel all requests for the object that is being dropped Baokun Li <libaokun1(a)huawei.com> cachefiles: stop sending new request when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop David Lechner <dlechner(a)baylibre.com> spi: axi-spi-engine: fix sleep calculation Yi Liu <yi.l.liu(a)intel.com> vfio/pci: Init the count variable in collecting hot-reset devices Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_abort_one racing issue Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_clear_cmd racing issue Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 34 +-- .../devicetree/bindings/cache/qcom,llcc.yaml | 2 +- Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- .../dts/allwinner/sun50i-h64-remix-mini-pc.dts | 2 +- arch/arm64/boot/dts/qcom/qdu1000.dtsi | 16 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 11 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 +- arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 + arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 13 +- arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 9 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 +- arch/s390/mm/pgalloc.c | 4 + arch/x86/entry/entry_64_compat.S | 14 +- drivers/acpi/processor_idle.c | 37 ++-- drivers/char/hpet.c | 34 ++- drivers/cpufreq/acpi-cpufreq.c | 4 +- drivers/cpufreq/cpufreq.c | 3 +- drivers/firmware/cirrus/cs_dsp.c | 231 +++++++++++++------ drivers/i2c/busses/i2c-rcar.c | 27 ++- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/iio/industrialio-trigger.c | 2 +- drivers/misc/fastrpc.c | 41 +++- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 4 - drivers/misc/mei/platform-vsc.c | 4 +- drivers/misc/mei/vsc-tp.c | 16 +- drivers/mmc/host/davinci_mmc.c | 3 + drivers/mmc/host/sdhci.c | 15 ++ drivers/net/dsa/lan9303-core.c | 54 +++-- drivers/net/ethernet/broadcom/asp2/bcmasp.c | 1 + drivers/net/ethernet/intel/i40e/i40e_adminq.h | 4 - drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 12 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 10 +- drivers/net/ethernet/micrel/ks8851_spi.c | 4 +- drivers/net/phy/microchip_t1.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/nvmem/core.c | 7 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/toshiba_acpi.c | 1 + drivers/pmdomain/qcom/rpmhpd.c | 7 + drivers/spi/spi-axi-spi-engine.c | 26 ++- drivers/spi/spi-mux.c | 1 + drivers/spi/spi.c | 20 +- drivers/tty/serial/imx.c | 51 +++++ drivers/tty/serial/ma35d1_serial.c | 13 +- drivers/ufs/core/ufs-mcq.c | 11 +- drivers/ufs/core/ufshcd.c | 2 + drivers/usb/core/config.c | 18 +- drivers/usb/core/of.c | 7 +- drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 8 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/host/xhci.c | 16 +- drivers/usb/serial/mos7840.c | 45 ++++ drivers/usb/serial/option.c | 38 ++++ drivers/vfio/pci/vfio_pci_core.c | 2 +- fs/cachefiles/daemon.c | 4 +- fs/cachefiles/internal.h | 3 + fs/cachefiles/ondemand.c | 52 ++++- fs/cachefiles/xattr.c | 5 +- fs/dcache.c | 12 +- fs/ext4/sysfs.c | 2 + fs/locks.c | 2 +- fs/minix/namei.c | 3 +- fs/nilfs2/dir.c | 32 ++- fs/smb/client/cifsglob.h | 4 +- fs/smb/server/smb2pdu.c | 13 +- fs/userfaultfd.c | 7 +- include/linux/mmzone.h | 3 +- include/linux/pagemap.h | 11 +- include/linux/spi/spi.h | 4 + include/linux/swap.h | 3 +- include/net/dsa.h | 11 + include/net/tcx.h | 13 +- include/uapi/misc/fastrpc.h | 3 + kernel/bpf/bpf_local_storage.c | 4 +- kernel/bpf/helpers.c | 245 +++++++++++++++------ kernel/sched/deadline.c | 7 +- kernel/sched/fair.c | 12 +- mm/damon/core.c | 21 +- mm/filemap.c | 10 +- mm/memcontrol.c | 11 - mm/migrate.c | 13 ++ mm/readahead.c | 8 +- mm/shmem.c | 15 +- mm/vmalloc.c | 10 +- mm/workingset.c | 14 +- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 3 +- net/core/skmsg.c | 3 +- net/dsa/dsa.c | 11 + net/dsa/port.c | 38 +++- net/ethtool/ioctl.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/tcp_input.c | 11 +- net/ipv4/tcp_timer.c | 17 +- net/ipv4/udp.c | 4 +- net/netfilter/nf_tables_api.c | 158 ++----------- net/netfilter/nfnetlink_queue.c | 2 +- net/sched/act_ct.c | 8 + net/sched/sch_ingress.c | 12 +- net/sunrpc/xprtsock.c | 7 + scripts/ld-version.sh | 8 +- scripts/package/kernel.spec | 1 - sound/pci/hda/patch_realtek.c | 4 + sound/soc/sof/intel/hda-dai.c | 12 +- tools/testing/selftests/wireguard/qemu/Makefile | 8 +- 120 files changed, 1348 insertions(+), 607 deletions(-)

9 months, 2 weeks

11
10
0 0

[PATCH 6.1 00/95] 6.1.100-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.100 release. There are 95 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.100-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.100-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing John Stultz <jstultz(a)google.com> sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Jim Mattson <jmattson(a)google.com> x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Copy the complete capability structure to user Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Avoid updating PD type for capability request Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix DSP capabilities request Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix array out-of-bounds access Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() Hobin Woo <hobin.woo(a)samsung.com> ksmbd: discard write access to the directory open Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: always resume roothubs if xHC was reset during resume He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix deadlock with the SPI chip variant Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Josh Don <joshdon(a)google.com> Revert "sched/fair: Make sure to try to detach at least one movable task" Steve French <stfrench(a)microsoft.com> cifs: fix setting SecurityFlags to true Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: extend RSS supported offload types Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Srujana Challa <schalla(a)marvell.com> octeontx2-af: update cpt lf alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Validate payload length before processing block Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Return error if block header overflows file Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Fix overflow checking of wmfw header Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> bpf: fix order of args in call to bpf_map_kvcalloc Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Remove __bpf_local_storage_map_alloc Yafang Shao <laoar.shao(a)gmail.com> bpf: use bpf_map_kvcalloc in bpf_local_storage Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Reduce smap->elem_size Yonghong Song <yhs(a)fb.com> bpf: Refactor some inode/task/sk storage functions for reuse Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Oleksij Rempel <linux(a)rempel-privat.de> net: phy: microchip: lan87xx: reinit PHY after cable test Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Jingbo Xu <jefflexu(a)linux.alibaba.com> cachefiles: add missing lock protection when polling Baokun Li <libaokun1(a)huawei.com> cachefiles: cyclic allocation of msg_id to avoid reuse Hou Tao <houtao1(a)huawei.com> cachefiles: wait for ondemand_object_worker to finish when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: cancel all requests for the object that is being dropped Baokun Li <libaokun1(a)huawei.com> cachefiles: stop sending new request when dropping object Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Baokun Li <libaokun1(a)huawei.com> cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Heiko Carstens <hca(a)linux.ibm.com> Compiler Attributes: Add __uninitialized macro ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 34 +-- Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/s390/include/asm/processor.h | 2 +- arch/x86/entry/entry_64.S | 19 +- arch/x86/entry/entry_64_compat.S | 14 +- arch/x86/lib/retpoline.S | 2 +- drivers/acpi/processor_idle.c | 37 ++-- drivers/char/hpet.c | 34 ++- drivers/firmware/cirrus/cs_dsp.c | 231 +++++++++++++++------ drivers/i2c/busses/i2c-rcar.c | 67 +++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/misc/fastrpc.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 ++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 +++++- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 10 +- drivers/net/ethernet/micrel/ks8851_spi.c | 4 +- drivers/net/phy/microchip_t1.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/toshiba_acpi.c | 1 + drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/host/xhci.c | 16 +- drivers/usb/serial/mos7840.c | 45 ++++ drivers/usb/serial/option.c | 38 ++++ fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 15 ++ fs/cachefiles/ondemand.c | 52 ++++- fs/cachefiles/xattr.c | 5 +- fs/dcache.c | 12 +- fs/locks.c | 2 +- fs/nilfs2/dir.c | 32 ++- fs/smb/client/cifsglob.h | 4 +- fs/smb/server/smb2pdu.c | 13 +- fs/userfaultfd.c | 7 +- include/linux/bpf.h | 8 + include/linux/bpf_local_storage.h | 17 +- include/linux/compiler_attributes.h | 12 ++ include/linux/mmzone.h | 3 +- kernel/bpf/bpf_inode_storage.c | 38 +--- kernel/bpf/bpf_local_storage.c | 199 +++++++++++------- kernel/bpf/bpf_task_storage.c | 38 +--- kernel/bpf/syscall.c | 15 ++ kernel/bpf/verifier.c | 11 +- kernel/sched/core.c | 7 +- kernel/sched/fair.c | 12 +- kernel/sched/psi.c | 21 +- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 +- net/ceph/mon_client.c | 14 +- net/core/bpf_sk_storage.c | 35 +--- net/core/datagram.c | 3 +- net/core/skmsg.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/tcp_input.c | 11 +- net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/sched/act_ct.c | 8 + net/sunrpc/xprtsock.c | 7 + scripts/ld-version.sh | 8 +- sound/pci/hda/patch_realtek.c | 4 + .../selftests/bpf/progs/test_global_func10.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 7 +- tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/wireguard/qemu/Makefile | 8 +- 84 files changed, 1133 insertions(+), 624 deletions(-)

9 months, 2 weeks

11
10
0 0

[PATCH 6.6 000/122] 6.6.41-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.41 release. There are 122 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.41-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.41-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Nikolay Borisov <nik.borisov(a)suse.com> x86/entry: Rename ignore_sysret() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: add type and sequence check for inline backrefs John Stultz <jstultz(a)google.com> sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Baokun Li <libaokun1(a)huawei.com> ext4: avoid ptr null pointer dereference Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory John Hubbard <jhubbard(a)nvidia.com> selftests/net: fix gro.c compilation failure due to non-existent opt_ipproto_off SeongJae Park <sj(a)kernel.org> mm/damon/core: merge regions aggressively when max_nr_regions is unmet Gavin Shan <gshan(a)redhat.com> mm/shmem: disable PMD-sized page cache if needed Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Restrict untrusted app to attach to privileged PD Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix ownership reassignment of remote heap Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix memory leak in audio daemon attach operation Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Copy the complete capability structure to user Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Avoid updating PD type for capability request Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Fix DSP capabilities request Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: Allow drivers to advertise boost enabled Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: ACPI: Mark boost policy as enabled when setting boost Kuan-Wei Chiu <visitorckw(a)gmail.com> ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Taniya Das <quic_tdas(a)quicinc.com> pmdomain: qcom: rpmhpd: Skip retention level for Power Domains Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Jacky Huang <ychuang3(a)nuvoton.com> tty: serial: ma35d1: Add a NULL check for of_node Armin Wolf <W_Armin(a)gmx.de> platform/x86: toshiba_acpi: Fix array out-of-bounds access Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() Johan Hovold <johan+linaro(a)kernel.org> arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on Cong Zhang <quic_congzhan(a)quicinc.com> arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical timer João Paulo Gonçalves <joao.goncalves(a)toradex.com> iio: trigger: Fix condition for own trigger Hobin Woo <hobin.woo(a)samsung.com> ksmbd: discard write access to the directory open Gavin Shan <gshan(a)redhat.com> mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray Gavin Shan <gshan(a)redhat.com> mm/filemap: skip to create PMD-sized page cache if needed Uladzislau Rezki (Sony) <urezki(a)gmail.com> mm: vmalloc: check if a hash-index is in cpu_possible_mask Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: always resume roothubs if xHC was reset during resume He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Joy Chakraborty <joychakr(a)google.com> misc: microchip: pci1xxxx: Fix return value of nvmem callbacks Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Panther Lake WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix deadlock with the SPI chip variant Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Josh Don <joshdon(a)google.com> Revert "sched/fair: Make sure to try to detach at least one movable task" Steve French <stfrench(a)microsoft.com> cifs: fix setting SecurityFlags to true Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> i40e: fix: remove needless retries of NVM update Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: Intel: hda: fix null deref on system suspend entry Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Validate payload length before processing block Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Return error if block header overflows file Richard Fitzgerald <rf(a)opensource.cirrus.com> firmware: cs_dsp: Fix overflow checking of wmfw header Bjorn Andersson <quic_bjorande(a)quicinc.com> arm64: dts: qcom: sc8180x: Fix LLCC reg property again Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Daniel Borkmann <daniel(a)iogearbox.net> net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <o.rempel(a)pengutronix.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Kumar Kartikeya Dwivedi <memxor(a)gmail.com> bpf: Fail bpf_timer_cancel when callback is being cancelled Benjamin Tissoires <bentiss(a)kernel.org> bpf: replace bpf_timer_init with a generic helper Benjamin Tissoires <bentiss(a)kernel.org> bpf: make timer data struct more generic Mohammad Shehar Yaar Tausif <sheharyaar48(a)gmail.com> bpf: fix order of args in call to bpf_map_kvcalloc Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Oleksij Rempel <o.rempel(a)pengutronix.de> net: phy: microchip: lan87xx: reinit PHY after cable test Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix too early release of tcx_entry Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Dan Carpenter <dan.carpenter(a)linaro.org> net: bcmasp: Fix error code in probe() Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Christian Eggers <ceggers(a)arri.de> dsa: lan9303: Fix mapping between DSA port number and PHY address Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: introduce dsa_phylink_to_port() Jingbo Xu <jefflexu(a)linux.alibaba.com> cachefiles: add missing lock protection when polling Baokun Li <libaokun1(a)huawei.com> cachefiles: cyclic allocation of msg_id to avoid reuse Hou Tao <houtao1(a)huawei.com> cachefiles: wait for ondemand_object_worker to finish when dropping object Baokun Li <libaokun1(a)huawei.com> cachefiles: cancel all requests for the object that is being dropped Baokun Li <libaokun1(a)huawei.com> cachefiles: stop sending new request when dropping object Jia Zhu <zhujia.zj(a)bytedance.com> cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Baokun Li <libaokun1(a)huawei.com> cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop Yi Liu <yi.l.liu(a)intel.com> vfio/pci: Init the count variable in collecting hot-reset devices Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_abort_one racing issue Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix ufshcd_clear_cmd racing issue Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Heiko Carstens <hca(a)linux.ibm.com> Compiler Attributes: Add __uninitialized macro ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 34 +-- Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 +- arch/arm64/boot/dts/qcom/sc8180x.dtsi | 11 +- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 +- arch/s390/include/asm/processor.h | 2 +- arch/s390/mm/pgalloc.c | 4 + arch/x86/entry/entry_64.S | 23 +- arch/x86/entry/entry_64_compat.S | 14 +- arch/x86/include/asm/processor.h | 2 +- arch/x86/kernel/cpu/common.c | 2 +- drivers/acpi/processor_idle.c | 37 ++-- drivers/char/hpet.c | 34 ++- drivers/cpufreq/acpi-cpufreq.c | 4 +- drivers/cpufreq/cpufreq.c | 3 +- drivers/firmware/cirrus/cs_dsp.c | 231 +++++++++++++++------ drivers/i2c/busses/i2c-rcar.c | 67 +++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/iio/industrialio-trigger.c | 2 +- drivers/misc/fastrpc.c | 41 +++- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 4 - drivers/net/dsa/lan9303-core.c | 23 +- drivers/net/ethernet/broadcom/asp2/bcmasp.c | 1 + drivers/net/ethernet/intel/i40e/i40e_adminq.h | 4 - drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 4 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 12 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 10 +- drivers/net/ethernet/micrel/ks8851_spi.c | 4 +- drivers/net/phy/microchip_t1.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/toshiba_acpi.c | 1 + drivers/pmdomain/qcom/rpmhpd.c | 7 + drivers/tty/serial/ma35d1_serial.c | 13 +- drivers/ufs/core/ufs-mcq.c | 11 +- drivers/ufs/core/ufshcd.c | 2 + drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 8 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/host/xhci.c | 16 +- drivers/usb/serial/mos7840.c | 45 ++++ drivers/usb/serial/option.c | 38 ++++ drivers/vfio/pci/vfio_pci_core.c | 2 +- fs/btrfs/tree-checker.c | 39 ++++ fs/cachefiles/daemon.c | 14 +- fs/cachefiles/internal.h | 15 ++ fs/cachefiles/ondemand.c | 52 ++++- fs/cachefiles/xattr.c | 5 +- fs/dcache.c | 12 +- fs/ext4/sysfs.c | 2 + fs/locks.c | 2 +- fs/nilfs2/dir.c | 32 ++- fs/smb/client/cifsglob.h | 4 +- fs/smb/server/smb2pdu.c | 13 +- fs/userfaultfd.c | 7 +- include/linux/compiler_attributes.h | 12 ++ include/linux/mmzone.h | 3 +- include/linux/pagemap.h | 11 +- include/net/dsa.h | 6 + include/net/tcx.h | 13 +- include/uapi/misc/fastrpc.h | 3 + kernel/bpf/bpf_local_storage.c | 4 +- kernel/bpf/helpers.c | 186 ++++++++++++----- kernel/sched/core.c | 7 +- kernel/sched/fair.c | 12 +- kernel/sched/psi.c | 21 +- kernel/sched/sched.h | 1 + kernel/sched/stats.h | 11 +- mm/damon/core.c | 21 +- mm/filemap.c | 2 +- mm/shmem.c | 15 +- mm/vmalloc.c | 10 +- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 3 +- net/core/skmsg.c | 3 +- net/dsa/port.c | 12 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/tcp_input.c | 11 +- net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/sched/act_ct.c | 8 + net/sched/sch_ingress.c | 12 +- net/sunrpc/xprtsock.c | 7 + scripts/ld-version.sh | 8 +- sound/pci/hda/patch_realtek.c | 4 + sound/soc/sof/intel/hda-dai.c | 12 +- tools/testing/selftests/net/gro.c | 3 - tools/testing/selftests/wireguard/qemu/Makefile | 8 +- 102 files changed, 1147 insertions(+), 442 deletions(-)

9 months, 2 weeks

10
9
0 0

[PATCH 6.6 0/3] Backport VFIO refactor to fix fork ordering bug

by Axel Rasmussen

35e351780fa9 ("fork: defer linking file vma until vma is fully initialized") switched the ordering of vm_ops->open() and copy_page_range() on fork. This is a bug for VFIO, because it causes two problems: 1. Because open() is called before copy_page_range(), the range can conceivably have unmapped 'holes' in it. This causes the code underneath untrack_pfn() to WARN. 2. More seriously, open() is trying to guarantee that the entire range is zapped, so any future accesses in the child will result in the VFIO fault handler being called. Because we copy_page_range() *after* open() (and therefore after zapping), this guarantee is violated. We can't revert 35e351780fa9, because it fixes a real bug for hugetlbfs. The fix is also not as simple as just reodering open() and copy_page_range(), as Miaohe points out in [1]. So, although these patches are kind of large for stable, just backport this refactoring which completely sidesteps the issue. Note that patch 2 is the key one here which fixes the issue. Patch 1 is a prerequisite required for patch 2 to build / work. This would almost be enough, but we might see significantly regressed performance. Patch 3 fixes that up, putting performance back on par with what it was before. Note [1] also has a more full discussion justifying taking these backports. I proposed the same backport for 6.9 [2], and now for 6.6. 6.6 is the oldest kernel which needs the change: 35e351780fa9 was reverted for unrelated reasons in 6.1, and was never backported to 5.15 or earlier. [1]: https://lore.kernel.org/all/20240702042948.2629267-1-leah.rumancik@gmail.co… [2]: https://lore.kernel.org/r/20240717213339.1921530-1-axelrasmussen@google.com Alex Williamson (3): vfio: Create vfio_fs_type with inode per device vfio/pci: Use unmap_mapping_range() vfio/pci: Insert full vma on mmap'd MMIO fault drivers/vfio/device_cdev.c | 7 + drivers/vfio/group.c | 7 + drivers/vfio/pci/vfio_pci_core.c | 271 ++++++++----------------------- drivers/vfio/vfio_main.c | 44 +++++ include/linux/vfio.h | 1 + include/linux/vfio_pci_core.h | 2 - 6 files changed, 125 insertions(+), 207 deletions(-) -- 2.45.2.993.g49e7a77208-goog

9 months, 2 weeks

2
5
0 0

[PATCH 5.15 000/145] 5.15.163-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.163 release. There are 145 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.163-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.163-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Nathan Chancellor <nathan(a)kernel.org> kbuild: Make ld-version.sh more robust against version string changes Alexandre Chartre <alexandre.chartre(a)oracle.com> x86/bhi: Avoid warning in #DB handler due to BHI mitigation Brian Gerst <brgerst(a)gmail.com> x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: testunit: avoid re-issued work after read message Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Audra Mitchell <audra(a)redhat.com> Fix userfaultfd_api to return EINVAL as expected Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Michał Kopeć <michal.kopec(a)3mdeb.com> ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Thomas Weißschuh <linux(a)weissschuh.net> nvmem: core: only change name to fram for current attribute Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks Joy Chakraborty <joychakr(a)google.com> nvmem: rmem: Fix return value of rmem_read() He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Satheesh Paul <psatheesh(a)marvell.com> octeontx2-af: fix issue with IPv4 match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: fix issue with IPv6 ext match for RSS Kiran Kumar K <kirankumark(a)marvell.com> octeontx2-af: extend RSS supported offload types Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Srujana Challa <schalla(a)marvell.com> octeontx2-af: fix a issue with cpt_lf_alloc mailbox Srujana Challa <schalla(a)marvell.com> octeontx2-af: update cpt lf alloc mailbox Nithin Dabilpuram <ndabilpuram(a)marvell.com> octeontx2-af: replace cpt slot with lf id on reg write Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Jian Hui Lee <jianhui.lee(a)canonical.com> net: ethernet: mtk-star-emac: set mac_managed_pm when probing Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Michal Kubiak <michal.kubiak(a)intel.com> i40e: Fix XDP program unloading while removing the driver Hugh Dickins <hughd(a)google.com> net: fix rc7's __skb_datagram_iter() Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Geliang Tang <tanggeliang(a)kylinos.cn> skmsg: Skip zero length skb in sk_msg_recvmsg Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Damien Le Moal <dlemoal(a)kernel.org> null_blk: Do not allow runt zone with zone capacity smaller then zone size Edward Adam Davis <eadavis(a)qq.com> nfc/nci: Add the inconsistency check between the input data length and count Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Jim Wylder <jwylder(a)google.com> regmap-i2c: Subtract reg size from max_write Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Fedor Pchelkin <pchelkin(a)ispras.ru> dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Mark volume as dirty if xattr is broken Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Val Packett <val(a)packett.cool> mtd: rawnand: rockchip: ensure NVDDR timings are rejected Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Ensure ECC configuration is propagated to upper layers Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: fix adding block group to a reclaim list and the unused list during reclaim Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Sasha Neftin <sasha.neftin(a)intel.com> Revert "igc: fix a log entry using uninitialized netdev" Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add polarity quirk for TSC2005 Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: add a quirk for reset line polarity for Himax LCDs Dmitry Torokhov <dmitry.torokhov(a)gmail.com> gpiolib: of: factor out code overriding gpio line polarity Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: unconditionally flush pending work before notifier Song Shuai <songshuaishuai(a)tinylab.org> riscv: kexec: Avoid deadlock in kexec crash path Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Sagi Grimberg <sagi(a)grimberg.me> net: allow skb_datagram_iter to be called from any context Dima Ruinskiy <dima.ruinskiy(a)intel.com> e1000e: Fix S0ix residency on corporate systems Christian Borntraeger <borntraeger(a)linux.ibm.com> KVM: s390: fix LPSWEY handling Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Len Brown <len.brown(a)intel.com> tools/power turbostat: Remember global max_die_id Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Corinna Vinschen <vinschen(a)redhat.com> igc: fix a log entry using uninitialized netdev Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Felix Fietkau <nbd(a)nbd.name> wifi: mt76: replace skb_put with skb_put_zero Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove George Stark <gnstark(a)salutedevices.com> locking/mutex: Introduce devm_mutex_init() Heiko Carstens <hca(a)linux.ibm.com> Compiler Attributes: Add __uninitialized macro ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/riscv/kernel/machine_kexec.c | 10 +- arch/s390/include/asm/kvm_host.h | 1 + arch/s390/include/asm/processor.h | 2 +- arch/s390/kvm/kvm-s390.c | 1 + arch/s390/kvm/kvm-s390.h | 15 ++ arch/s390/kvm/priv.c | 32 ++++ arch/x86/entry/entry_64.S | 19 +- arch/x86/entry/entry_64_compat.S | 14 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/base/regmap/regmap-i2c.c | 3 +- drivers/block/null_blk/zoned.c | 11 ++ drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/clk/qcom/gcc-sm6350.c | 10 +- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpio/gpiolib-of.c | 92 +++++++-- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/i2c/i2c-slave-testunit.c | 7 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 66 ++++--- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 +- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 132 ++++++------- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 +++- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 ++++++- drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 + drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- .../net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nfc/virtual_ncidev.c | 4 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/core.c | 5 +- drivers/nvmem/meson-efuse.c | 14 +- drivers/nvmem/rmem.c | 5 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/btrfs/block-group.c | 13 +- fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/ntfs3/xattr.c | 5 +- fs/orangefs/super.c | 3 +- fs/userfaultfd.c | 7 +- include/linux/compiler_attributes.h | 12 ++ include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/mutex.h | 27 +++ include/linux/security.h | 5 +- kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/dma/map_benchmark.c | 3 + kernel/exit.c | 2 + kernel/locking/mutex-debug.c | 12 ++ lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/datagram.c | 20 +- net/core/skmsg.c | 3 +- net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/netfilter/nf_tables_api.c | 3 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/ld-version.sh | 8 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 13 ++ tools/lib/bpf/bpf_core_read.h | 1 + tools/power/x86/turbostat/turbostat.c | 10 +- .../selftests/bpf/progs/test_global_func10.c | 9 +- tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 146 files changed, 1585 insertions(+), 616 deletions(-)

9 months, 2 weeks

8
7
0 0

[PATCH v4 1/4] drm/vmwgfx: Fix a deadlock in dma buf fence polling

by Zack Rusin

Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback both deletes the fence and removes it from the list of pending fences, for which it holds a lock. dma buf polling cb unrefs a fence after it's been signaled: so the poll calls the wait, which signals the fences, which are being destroyed. The destruction tries to acquire the lock on the pending fences list which it can never get because it's held by the wait from which it was called. Old bug, but not a lot of userspace apps were using dma-buf polling interfaces. Fix those, in particular this fixes KDE stalls/deadlock. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: 2298e804e96e ("drm/vmwgfx: rework to new fence interface, v2") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.2+ --- drivers/gpu/drm/vmwgfx/vmwgfx_fence.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c index 5efc6a766f64..588d50ababf6 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fence.c @@ -32,7 +32,6 @@ #define VMW_FENCE_WRAP (1 << 31) struct vmw_fence_manager { - int num_fence_objects; struct vmw_private *dev_priv; spinlock_t lock; struct list_head fence_list; @@ -124,13 +123,13 @@ static void vmw_fence_obj_destroy(struct dma_fence *f) { struct vmw_fence_obj *fence = container_of(f, struct vmw_fence_obj, base); - struct vmw_fence_manager *fman = fman_from_fence(fence); - spin_lock(&fman->lock); - list_del_init(&fence->head); - --fman->num_fence_objects; - spin_unlock(&fman->lock); + if (!list_empty(&fence->head)) { + spin_lock(&fman->lock); + list_del_init(&fence->head); + spin_unlock(&fman->lock); + } fence->destroy(fence); } @@ -257,7 +256,6 @@ static const struct dma_fence_ops vmw_fence_ops = { .release = vmw_fence_obj_destroy, }; - /* * Execute signal actions on fences recently signaled. * This is done from a workqueue so we don't have to execute @@ -355,7 +353,6 @@ static int vmw_fence_obj_init(struct vmw_fence_manager *fman, goto out_unlock; } list_add_tail(&fence->head, &fman->fence_list); - ++fman->num_fence_objects; out_unlock: spin_unlock(&fman->lock); @@ -403,7 +400,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, u32 passed_seqno) { u32 goal_seqno; - struct vmw_fence_obj *fence; + struct vmw_fence_obj *fence, *next_fence; if (likely(!fman->seqno_valid)) return false; @@ -413,7 +410,7 @@ static bool vmw_fence_goal_new_locked(struct vmw_fence_manager *fman, return false; fman->seqno_valid = false; - list_for_each_entry(fence, &fman->fence_list, head) { + list_for_each_entry_safe(fence, next_fence, &fman->fence_list, head) { if (!list_empty(&fence->seq_passed_actions)) { fman->seqno_valid = true; vmw_fence_goal_write(fman->dev_priv, -- 2.43.0

9 months, 2 weeks

1
0
0 0

[PATCH v2] drm/amd/amdgpu: Fix uninitialized variable warnings

by Ma Ke

Return 0 to avoid returning an uninitialized variable r. Cc: stable(a)vger.kernel.org Fixes: 230dd6bb6117 ("drm/amd/amdgpu: implement mode2 reset on smu_v13_0_10") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line. --- drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c b/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c index 04c797d54511..0af648931df5 100644 --- a/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c +++ b/drivers/gpu/drm/amd/amdgpu/smu_v13_0_10.c @@ -91,7 +91,7 @@ static int smu_v13_0_10_mode2_suspend_ip(struct amdgpu_device *adev) adev->ip_blocks[i].status.hw = false; } - return r; + return 0; } static int -- 2.25.1

9 months, 2 weeks

2
1
0 0

[PATCH v3] drm/amdgpu: fix a possible null pointer dereference

by Ma Ke

In amdgpu_connector_add_common_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: d38ceaf99ed0 ("drm/amdgpu: add core driver (v4)") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added Cc stable line. Changes in v2: - modified the patch according to suggestions; - added Fixes line. --- drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c index 9caba10315a8..25b51b600f6f 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c @@ -458,6 +458,9 @@ static void amdgpu_connector_add_common_modes(struct drm_encoder *encoder, continue; mode = drm_cvt_mode(dev, common_modes[i].w, common_modes[i].h, 60, false, false, false); + if (!mode) + return; + drm_mode_probed_add(connector, mode); } } -- 2.25.1

9 months, 2 weeks

2
1
0 0

[PATCH v3] EDAC/versal: Fix possible null pointer dereference in emif_get_id()

by Ma Ke

In emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 6f15b178cd63 ("EDAC/versal: Add a Xilinx Versal memory controller driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - added Cc stable line. Changes in v2: - fixed the typo according to suggestions. --- drivers/edac/versal_edac.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/edac/versal_edac.c b/drivers/edac/versal_edac.c index a556d23e8261..7aa9468acd53 100644 --- a/drivers/edac/versal_edac.c +++ b/drivers/edac/versal_edac.c @@ -1053,6 +1053,9 @@ static u32 emif_get_id(struct device_node *node) const __be32 *addrp; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, xlnx_edac_match) { -- 2.25.1

9 months, 2 weeks

2
1
0 0

[PATCH v2] drm/radeon: fix null pointer dereference in radeon_add_common_modes

by Ma Ke

In radeon_add_common_modes(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: d50ba256b5f1 ("drm/kms: start adding command line interface using fb.") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added a blank line; - added Cc line. --- drivers/gpu/drm/radeon/radeon_connectors.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c index b84b58926106..37c56c16af8d 100644 --- a/drivers/gpu/drm/radeon/radeon_connectors.c +++ b/drivers/gpu/drm/radeon/radeon_connectors.c @@ -520,6 +520,9 @@ static void radeon_add_common_modes(struct drm_encoder *encoder, struct drm_conn continue; mode = drm_cvt_mode(dev, common_modes[i].w, common_modes[i].h, 60, false, false, false); + if (!mode) + continue; + drm_mode_probed_add(connector, mode); } } -- 2.25.1

9 months, 2 weeks

2
1
0 0

[PATCH v2] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..d6bf0eebeb41 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (!sdram_addr) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH v2] drm/qxl: fix null pointer dereference in qxl_add_mode

by Ma Ke

In qxl_add_mode(), the return value of drm_cvt_mode() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_cvt_mode(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 1b043677d4be ("drm/qxl: add qxl_add_mode helper function") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added a blank line; - added Cc line. --- drivers/gpu/drm/qxl/qxl_display.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/qxl/qxl_display.c b/drivers/gpu/drm/qxl/qxl_display.c index c6d35c33d5d6..c371ee59ab07 100644 --- a/drivers/gpu/drm/qxl/qxl_display.c +++ b/drivers/gpu/drm/qxl/qxl_display.c @@ -236,6 +236,9 @@ static int qxl_add_mode(struct drm_connector *connector, return 0; mode = drm_cvt_mode(dev, width, height, 60, false, false, false); + if (!mode) + return -ENOMEM; + if (preferred) mode->type |= DRM_MODE_TYPE_PREFERRED; mode->hdisplay = width; -- 2.25.1

9 months, 2 weeks

1
0
0 0

[PATCH v2 RESEND] drm/client: fix null pointer dereference in drm_client_modeset_probe

by Ma Ke

In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: cf13909aee05 ("drm/fb-helper: Move out modeset config code") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - added the recipient's email address, due to the prolonged absence of a response from the recipients. - added Cc stable. --- drivers/gpu/drm/drm_client_modeset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/drm_client_modeset.c b/drivers/gpu/drm/drm_client_modeset.c index 31af5cf37a09..cca37b225385 100644 --- a/drivers/gpu/drm/drm_client_modeset.c +++ b/drivers/gpu/drm/drm_client_modeset.c @@ -880,6 +880,9 @@ int drm_client_modeset_probe(struct drm_client_dev *client, unsigned int width, kfree(modeset->mode); modeset->mode = drm_mode_duplicate(dev, mode); + if (!modeset->mode) + continue; + drm_connector_get(connector); modeset->connectors[modeset->num_connectors++] = connector; modeset->x = offset->x; -- 2.25.1

9 months, 2 weeks

1
0
0 0

[REGRESSION] ALSA: firewire-lib: snd_pcm_period_elapsed deadlock with Fireface 800

by edmund.raile

On kernels since 5.14.0, ALSA playback to the FireWire RME Fireface 800 audio interface results in a deadlock involving snd_pcm_period_elapsed(), freezing the system. On kernels 5.0.0 to 5.13.19 the interface works just fine, as it does with the RME driver. Distributions tested: Ubuntu Manjaro Arch Fedora FireWire chipsets tested: LSI FW643 TI XIO2213B Platforms tested: Intel i5 4570 on AsRock H97 Pro4 Intel i5 12600K on MSI MS-7D25 The behavior was also observed on the RME forum: https://forum.rme-audio.de/viewtopic.php?pid=190472#p190472 Shortened traces of 6.10.0-rc7 (Arch linux-mainline): RIP: 0010:tasklet_unlock_spin_wait (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/softirq.c:851) <NMI> ? watchdog_hardlockup_check.cold (kernel/watchdog.c:200) ? __perf_event_overflow (kernel/events/core.c:9737 (discriminator 2)) ? handle_pmi_common (arch/x86/events/intel/core.c:3061 (discriminator 1)) ? intel_pmu_handle_irq (./arch/x86/include/asm/paravirt.h:192 arch/x86/events/intel/core.c:2428 arch/x86/events/intel/core.c:3127) ? perf_event_nmi_handler (arch/x86/events/core.c:1744 arch/x86/events/core.c:1730) ? nmi_handle (arch/x86/kernel/nmi.c:151) ? default_do_nmi (arch/x86/kernel/nmi.c:352 (discriminator 61)) ? exc_nmi (arch/x86/kernel/nmi.c:546) ? end_repeat_nmi (arch/x86/entry/entry_64.S:1408) ? tasklet_unlock_spin_wait (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/softirq.c:851) ? tasklet_unlock_spin_wait (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/softirq.c:851) ? tasklet_unlock_spin_wait (./arch/x86/include/asm/bitops.h:206 ./arch/x86/include/asm/bitops.h:238 ./include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/softirq.c:851) </NMI> <TASK> ohci_flush_iso_completions (./include/linux/interrupt.h:740 drivers/firewire/ohci.c:3530) firewire_ohci amdtp_domain_stream_pcm_pointer (sound/firewire/amdtp-stream.c:1858) snd_firewire_lib snd_pcm_update_hw_ptr0 (sound/core/pcm_lib.c:304) snd_pcm snd_pcm_status64 (sound/core/pcm_native.c:1034) snd_pcm snd_pcm_status_user64 (./include/linux/uaccess.h:191 sound/core/pcm_native.c:1096) snd_pcm snd_pcm_ioctl (sound/core/pcm_native.c:3401 (discriminator 1)) snd_pcm __x64_sys_ioctl (fs/ioctl.c:51 fs/ioctl.c:907 fs/ioctl.c:893 fs/ioctl.c:893) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) ? snd_pcm_status_user64 (sound/core/pcm_native.c:1096 (discriminator 1)) snd_pcm ? futex_wake (kernel/futex/waitwake.c:173) ? do_futex (kernel/futex/syscalls.c:107 (discriminator 1)) ? __x64_sys_futex (kernel/futex/syscalls.c:179 kernel/futex/syscalls.c:160 kernel/futex/syscalls.c:160) ? syscall_exit_to_user_mode (kernel/entry/common.c:221) ? do_syscall_64 (./arch/x86/include/asm/cpufeature.h:178 arch/x86/entry/common.c:98) ? do_futex (kernel/futex/syscalls.c:107 (discriminator 1)) ? __x64_sys_futex (kernel/futex/syscalls.c:179 kernel/futex/syscalls.c:160 kernel/futex/syscalls.c:160) ? syscall_exit_to_user_mode (kernel/entry/common.c:221) ? do_syscall_64 (./arch/x86/include/asm/cpufeature.h:178 arch/x86/entry/common.c:98) ? syscall_exit_to_user_mode (kernel/entry/common.c:221) ? do_syscall_64 (./arch/x86/include/asm/cpufeature.h:178 arch/x86/entry/common.c:98) ? do_syscall_64 (./arch/x86/include/asm/cpufeature.h:178 arch/x86/entry/common.c:98) ? __irq_exit_rcu (kernel/softirq.c:620 (discriminator 1) kernel/softirq.c:639 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0010:native_queued_spin_lock_slowpath (kernel/locking/qspinlock.c:380 (discriminator 3)) <NMI> ? watchdog_hardlockup_check.cold (kernel/watchdog.c:200) ? __perf_event_overflow (kernel/events/core.c:9737 (discriminator 2)) ? handle_pmi_common (arch/x86/events/intel/core.c:3061 (discriminator 1)) ? intel_pmu_handle_irq (./arch/x86/include/asm/paravirt.h:192 arch/x86/events/intel/core.c:2428 arch/x86/events/intel/core.c:3127) ? perf_event_nmi_handler (arch/x86/events/core.c:1744 arch/x86/events/core.c:1730) ? nmi_handle (arch/x86/kernel/nmi.c:151) ? default_do_nmi (arch/x86/kernel/nmi.c:352 (discriminator 61)) ? exc_nmi (arch/x86/kernel/nmi.c:546) ? end_repeat_nmi (arch/x86/entry/entry_64.S:1408) ? native_queued_spin_lock_slowpath (kernel/locking/qspinlock.c:380 (discriminator 3)) ? native_queued_spin_lock_slowpath (kernel/locking/qspinlock.c:380 (discriminator 3)) ? native_queued_spin_lock_slowpath (kernel/locking/qspinlock.c:380 (discriminator 3)) </NMI> <IRQ> _raw_spin_lock_irqsave (./arch/x86/include/asm/paravirt.h:584 ./arch/x86/include/asm/qspinlock.h:51 ./include/asm-generic/qspinlock.h:114 ./include/linux/spinlock.h:187 ./include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) snd_pcm_period_elapsed (sound/core/pcm_lib.c:1905) snd_pcm process_rx_packets (sound/firewire/amdtp-stream.c:1164) snd_firewire_lib irq_target_callback (sound/firewire/amdtp-stream.c:1549) snd_firewire_lib handle_it_packet (drivers/firewire/ohci.c:2786 drivers/firewire/ohci.c:2974) firewire_ohci context_tasklet (drivers/firewire/ohci.c:1127) firewire_ohci tasklet_action_common.isra.0 (kernel/softirq.c:789) handle_softirqs (kernel/softirq.c:554) __irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637) common_interrupt (arch/x86/kernel/irq.c:278 (discriminator 35)) </IRQ> <TASK> asm_common_interrupt (./arch/x86/include/asm/idtentry.h:693) It can be induced by direct ALSA playback to the device: mpv --audio-device=alsa/sysdefault:CARD=Fireface800 Spor-Ignition.flac Time to occurrence ranges from two seconds to 30 minutes. Loading the CPU appears to increase the likelihood: stress --cpu $(nproc) So does switching between applications via workspaces (only tested Xfce). The regression has been traced to these two commits: 7ba5ca32fe6e8d2e153fb5602997336517b34743 b5b519965c4c364ae65c49fe9f11d222dd70a9c2 I am currently testing a simple patch, in essence reverting both commits. Behaves well so far (stable), will likely send it in tomorrow. #regzbot introduced: 7ba5ca32fe6e

9 months, 2 weeks

2
2
0 0

[REGRESSION] ALSA: firewire-lib: heavy digital distortion with Fireface 800

by edmund.raile

Between the kernel releases 6.9.9 and 6.10.0, something changed that causes heavy digital distortion on playback from at least ALSA and PipeWire. The rhythm of the music is discernable in the output, so it isn't just random noise. It sounds a bit like bitcrushing, but not quite. The generated overtones appear to be dependet on the sample rate. I am sorry I can not be more specific, there are no kernel messages this time. As Mr. Sakamoto recently committed all these changes to firewire he might be able to identify the issue easily, which is why I'd like to ask him to look into it. Kind regards, Edmund Raile. #regzbot introduced: v6.9.9..v6.10

9 months, 2 weeks

1
0
0 0

Linux 6.9.10

by Greg Kroah-Hartman

I'm announcing the release of the 6.9.10 kernel. All users of the 6.9 kernel series must upgrade. The updated 6.9.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.9.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/cifs/usage.rst | 36 - Documentation/devicetree/bindings/cache/qcom,llcc.yaml | 2 Makefile | 2 arch/arm/mach-davinci/pm.c | 2 arch/arm64/boot/dts/allwinner/sun50i-h64-remix-mini-pc.dts | 2 arch/arm64/boot/dts/qcom/qdu1000.dtsi | 16 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 11 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 arch/arm64/boot/dts/qcom/sm6115.dtsi | 1 arch/arm64/boot/dts/qcom/x1e80100-crd.dts | 13 arch/arm64/boot/dts/qcom/x1e80100-qcp.dts | 9 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 arch/s390/mm/pgalloc.c | 4 arch/x86/entry/entry_64_compat.S | 14 drivers/acpi/processor_idle.c | 37 - drivers/char/hpet.c | 34 + drivers/cpufreq/acpi-cpufreq.c | 4 drivers/cpufreq/cpufreq.c | 3 drivers/firmware/cirrus/cs_dsp.c | 227 ++++++++---- drivers/i2c/busses/i2c-rcar.c | 27 + drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 7 drivers/iio/industrialio-trigger.c | 2 drivers/misc/fastrpc.c | 41 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 4 drivers/misc/mei/platform-vsc.c | 4 drivers/misc/mei/vsc-tp.c | 16 drivers/mmc/host/davinci_mmc.c | 3 drivers/mmc/host/sdhci.c | 15 drivers/net/dsa/lan9303-core.c | 23 - drivers/net/ethernet/broadcom/asp2/bcmasp.c | 1 drivers/net/ethernet/intel/i40e/i40e_adminq.h | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 9 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 - drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 12 drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 drivers/net/ethernet/micrel/ks8851_common.c | 10 drivers/net/ethernet/micrel/ks8851_spi.c | 4 drivers/net/phy/microchip_t1.c | 2 drivers/net/ppp/ppp_generic.c | 15 drivers/net/wireguard/allowedips.c | 4 drivers/net/wireguard/queueing.h | 4 drivers/net/wireguard/send.c | 2 drivers/nvmem/core.c | 7 drivers/nvmem/meson-efuse.c | 14 drivers/nvmem/rmem.c | 5 drivers/platform/x86/toshiba_acpi.c | 1 drivers/pmdomain/qcom/rpmhpd.c | 7 drivers/spi/spi-axi-spi-engine.c | 26 - drivers/spi/spi-mux.c | 1 drivers/spi/spi.c | 20 - drivers/tty/serial/imx.c | 51 ++ drivers/tty/serial/ma35d1_serial.c | 13 drivers/ufs/core/ufs-mcq.c | 11 drivers/ufs/core/ufshcd.c | 2 drivers/usb/core/config.c | 18 drivers/usb/core/of.c | 7 drivers/usb/core/quirks.c | 3 drivers/usb/dwc3/dwc3-pci.c | 8 drivers/usb/gadget/configfs.c | 3 drivers/usb/host/xhci.c | 16 drivers/usb/serial/mos7840.c | 45 ++ drivers/usb/serial/option.c | 38 ++ drivers/vfio/pci/vfio_pci_core.c | 2 fs/cachefiles/daemon.c | 4 fs/cachefiles/internal.h | 3 fs/cachefiles/ondemand.c | 52 ++ fs/cachefiles/xattr.c | 5 fs/dcache.c | 12 fs/ext4/sysfs.c | 2 fs/locks.c | 2 fs/minix/namei.c | 3 fs/nilfs2/dir.c | 32 + fs/smb/client/cifsglob.h | 4 fs/smb/server/smb2pdu.c | 13 fs/userfaultfd.c | 7 include/linux/mmzone.h | 3 include/linux/pagemap.h | 11 include/linux/spi/spi.h | 4 include/linux/swap.h | 3 include/net/tcx.h | 13 include/uapi/misc/fastrpc.h | 3 kernel/bpf/bpf_local_storage.c | 4 kernel/bpf/helpers.c | 243 +++++++++---- kernel/sched/deadline.c | 7 kernel/sched/fair.c | 12 mm/damon/core.c | 23 + mm/filemap.c | 10 mm/memcontrol.c | 11 mm/migrate.c | 13 mm/readahead.c | 8 mm/shmem.c | 15 mm/vmalloc.c | 10 mm/workingset.c | 14 net/ceph/mon_client.c | 14 net/core/datagram.c | 3 net/core/skmsg.c | 3 net/ethtool/ioctl.c | 3 net/ethtool/linkstate.c | 41 +- net/ipv4/tcp_input.c | 11 net/ipv4/tcp_timer.c | 17 net/ipv4/udp.c | 4 net/netfilter/nf_tables_api.c | 158 -------- net/netfilter/nfnetlink_queue.c | 2 net/sched/act_ct.c | 8 net/sched/sch_ingress.c | 12 net/sunrpc/xprtsock.c | 7 scripts/ld-version.sh | 8 scripts/package/kernel.spec | 1 sound/pci/hda/patch_realtek.c | 4 sound/soc/sof/intel/hda-dai.c | 12 tools/testing/selftests/wireguard/qemu/Makefile | 8 117 files changed, 1272 insertions(+), 588 deletions(-) Abel Vesa (1): arm64: dts: qcom: x1e80100: Fix PCIe 6a reg offsets and add MHI Adrian Hunter (1): mmc: sdhci: Fix max_seg_size for 64KiB PAGE_SIZE Alan Stern (1): USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix double free in detach Aleksandr Loktionov (1): i40e: fix: remove needless retries of NVM update Aleksandr Mishin (1): octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Alexandre Chartre (1): x86/bhi: Avoid warning in #DB handler due to BHI mitigation Andre Przywara (1): arm64: dts: allwinner: Fix PMIC interrupt number Armin Wolf (1): platform/x86: toshiba_acpi: Fix array out-of-bounds access Audra Mitchell (1): Fix userfaultfd_api to return EINVAL as expected Baokun Li (5): cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop cachefiles: stop sending new request when dropping object cachefiles: cancel all requests for the object that is being dropped cachefiles: cyclic allocation of msg_id to avoid reuse ext4: avoid ptr null pointer dereference Bastien Curutchet (1): mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length Benjamin Tissoires (2): bpf: make timer data struct more generic bpf: replace bpf_timer_init with a generic helper Bjorn Andersson (1): arm64: dts: qcom: sc8180x: Fix LLCC reg property again Bjørn Mork (1): USB: serial: option: add Fibocom FM350-GL Brian Foster (1): vfs: don't mod negative dentry count when on shrinker list Caleb Connolly (1): arm64: dts: qcom: sm6115: add iommu for sdhc_1 Chen Ni (1): ARM: davinci: Convert comma to semicolon Chengen Du (1): net/sched: Fix UAF when resolving a clash Christian Eggers (1): dsa: lan9303: Fix mapping between DSA port number and PHY address Cong Zhang (1): arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical timer Dan Carpenter (1): net: bcmasp: Fix error code in probe() Daniel Borkmann (2): bpf: Fix too early release of tcx_entry net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniele Palmas (2): USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions David Lechner (3): spi: axi-spi-engine: fix sleep calculation spi: don't unoptimize message in spi_async() spi: add defer_optimize_message controller flag Dmitry Antipov (1): ppp: reject claimed-as-LCP but actually malformed packets Dmitry Smirnov (1): USB: serial: mos7840: fix crash on resume Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Ekansh Gupta (6): misc: fastrpc: Fix DSP capabilities request misc: fastrpc: Avoid updating PD type for capability request misc: fastrpc: Copy the complete capability structure to user misc: fastrpc: Fix memory leak in audio daemon attach operation misc: fastrpc: Fix ownership reassignment of remote heap misc: fastrpc: Restrict untrusted app to attach to privileged PD Eric Dumazet (1): tcp: avoid too many retransmit packets Florian Westphal (2): netfilter: nfnetlink_queue: drop bogus WARN_ON netfilter: nf_tables: prefer nft_chain_validate Gavin Shan (4): mm/filemap: skip to create PMD-sized page cache if needed mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray mm/readahead: limit page cache size in page_cache_ra_order() mm/shmem: disable PMD-sized page cache if needed Geliang Tang (1): skmsg: Skip zero length skb in sk_msg_recvmsg Greg Kroah-Hartman (1): Linux 6.9.10 He Zhe (1): hpet: Support 32-bit userspace Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Panther Lake Heiko Carstens (1): s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() Helge Deller (1): wireguard: allowedips: avoid unaligned 64-bit memory accesses Hobin Woo (1): ksmbd: discard write access to the directory open Hou Tao (1): cachefiles: wait for ondemand_object_worker to finish when dropping object Hugh Dickins (2): net: fix rc7's __skb_datagram_iter() mm: fix crashes from deferred split racing folio migration Ilya Dryomov (1): libceph: fix race between delayed_work() and ceph_monc_stop() Jacky Huang (1): tty: serial: ma35d1: Add a NULL check for of_node Jason A. Donenfeld (3): wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue Javier Carrasco (1): usb: core: add missing of_node_put() in usb_of_has_devices_or_graph Jeff Layton (1): filelock: fix potential use-after-free in posix_lock_inode Jian Hui Lee (1): net: ethernet: mtk-star-emac: set mac_managed_pm when probing Jingbo Xu (1): cachefiles: add missing lock protection when polling Johan Hovold (1): arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on Jose Ignacio Tornos Martinez (1): kbuild: rpm-pkg: avoid the warnings with dtb's listed twice Josh Don (1): Revert "sched/fair: Make sure to try to detach at least one movable task" Joy Chakraborty (3): misc: microchip: pci1xxxx: Fix return value of nvmem callbacks nvmem: rmem: Fix return value of rmem_read() nvmem: meson-efuse: Fix return value of nvmem callbacks João Paulo Gonçalves (1): iio: trigger: Fix condition for own trigger Kai Vehmanen (1): ASoC: SOF: Intel: hda: fix null deref on system suspend entry Kiran Kumar K (1): octeontx2-af: fix issue with IPv6 ext match for RSS Komal Bajaj (2): arm64: dts: qcom: qdu1000: Fix LLCC reg property Revert "dt-bindings: cache: qcom,llcc: correct QDU1000 reg entries" Konrad Dybcio (1): arm64: dts: qcom: x1e80100-*: Allocate some CMA buffers Krzysztof Kozlowski (2): arm64: dts: qcom: x1e80100-crd: fix WCD audio codec TX port mapping arm64: dts: qcom: x1e80100-crd: fix DAI used for headset recording Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Kumar Kartikeya Dwivedi (2): bpf: Fail bpf_timer_cancel when callback is being cancelled bpf: Defer work in bpf_timer_cancel_and_free Kuniyuki Iwashima (1): udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Lee Jones (1): usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Mank Wang (1): USB: serial: option: add Netprisma LCUK54 series modules Mario Limonciello (2): cpufreq: ACPI: Mark boost policy as enabled when setting boost cpufreq: Allow drivers to advertise boost enabled Mathias Nyman (1): xhci: always resume roothubs if xHC was reset during resume Matthew Wilcox (Oracle) (1): minixfs: Fix minixfs_rename with HIGHMEM Michal Kubiak (1): i40e: Fix XDP program unloading while removing the driver Michal Mazur (1): octeontx2-af: fix detection of IP layer Michał Kopeć (1): ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Mohammad Shehar Yaar Tausif (1): bpf: fix order of args in call to bpf_map_kvcalloc Nathan Chancellor (1): kbuild: Make ld-version.sh more robust against version string changes Nazar Bilinskyi (1): ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Neal Cardwell (1): tcp: fix incorrect undo caused by DSACK of TLP retransmit Nhat Pham (1): cachestat: do not flush stats in recency check Nithin Dabilpuram (1): octeontx2-af: replace cpt slot with lf id on reg write Oleksij Rempel (2): net: phy: microchip: lan87xx: reinit PHY after cable test ethtool: netlink: do not return SQI value if link is down Peter Wang (2): scsi: ufs: core: Fix ufshcd_clear_cmd racing issue scsi: ufs: core: Fix ufshcd_abort_one racing issue Rasmus Villemoes (1): serial: imx: ensure RTS signal is not left active after shutdown Richard Fitzgerald (5): firmware: cs_dsp: Fix overflow checking of wmfw header firmware: cs_dsp: Return error if block header overflows file firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Ronald Wahl (2): net: ks8851: Fix deadlock with the SPI chip variant net: ks8851: Fix potential TX stall after interface reopen Ryusuke Konishi (1): nilfs2: fix kernel bug on rename operation of broken directory Saeed Mahameed (1): net: ethtool: Fix RSS setting Satheesh Paul (1): octeontx2-af: fix issue with IPv4 match for RSS SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet Slark Xiao (1): USB: serial: option: add support for Foxconn T99W651 Srujana Challa (1): octeontx2-af: fix a issue with cpt_lf_alloc mailbox Steve French (1): cifs: fix setting SecurityFlags to true Taniya Das (1): pmdomain: qcom: rpmhpd: Skip retention level for Power Domains Thomas Weißschuh (2): nvmem: core: only change name to fram for current attribute nvmem: core: limit cell sysfs permissions to main attribute ones Uladzislau Rezki (Sony) (1): mm: vmalloc: check if a hash-index is in cpu_possible_mask Vanillan Wang (1): USB: serial: option: add Rolling RW350-GL variants Waiman Long (1): mm: prevent derefencing NULL ptr in pfn_section_valid() Wander Lairson Costa (1): sched/deadline: Fix task_struct reference leak WangYuli (1): USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Wentong Wu (3): mei: vsc: Enhance IVSC chipset stability during warm reboot mei: vsc: Prevent timeout error with added delay post-firmware download mei: vsc: Utilize the appropriate byte order swap function Wolfram Sang (5): i2c: rcar: bring hardware to known state when probing i2c: rcar: clear NO_RXDMA flag after resetting i2c: mark HostNotify target address as used i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: testunit: avoid re-issued work after read message Yi Liu (1): vfio/pci: Init the count variable in collecting hot-reset devices ZhangPeng (1): filemap: replace pte_offset_map() with pte_offset_map_nolock() linke li (1): fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading

9 months, 2 weeks

1
1
0 0

Linux 6.6.41

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.41 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/cifs/usage.rst | 36 -- Makefile | 2 arch/arm/mach-davinci/pm.c | 2 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/sc8180x.dtsi | 11 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 arch/s390/include/asm/processor.h | 2 arch/s390/mm/pgalloc.c | 4 arch/x86/entry/entry_64.S | 23 - arch/x86/entry/entry_64_compat.S | 14 arch/x86/include/asm/processor.h | 2 arch/x86/kernel/cpu/common.c | 2 drivers/acpi/processor_idle.c | 37 -- drivers/char/hpet.c | 34 + drivers/cpufreq/acpi-cpufreq.c | 4 drivers/cpufreq/cpufreq.c | 3 drivers/firmware/cirrus/cs_dsp.c | 227 +++++++++---- drivers/i2c/busses/i2c-rcar.c | 67 ++- drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 7 drivers/iio/industrialio-trigger.c | 2 drivers/misc/fastrpc.c | 41 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_otpe2p.c | 4 drivers/net/dsa/lan9303-core.c | 23 - drivers/net/ethernet/broadcom/asp2/bcmasp.c | 1 drivers/net/ethernet/intel/i40e/i40e_adminq.h | 4 drivers/net/ethernet/intel/i40e/i40e_main.c | 9 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 2 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 23 - drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 12 drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 drivers/net/ethernet/micrel/ks8851_common.c | 10 drivers/net/ethernet/micrel/ks8851_spi.c | 4 drivers/net/phy/microchip_t1.c | 2 drivers/net/ppp/ppp_generic.c | 15 drivers/net/wireguard/allowedips.c | 4 drivers/net/wireguard/queueing.h | 4 drivers/net/wireguard/send.c | 2 drivers/nvmem/core.c | 5 drivers/nvmem/meson-efuse.c | 14 drivers/nvmem/rmem.c | 5 drivers/platform/x86/toshiba_acpi.c | 1 drivers/pmdomain/qcom/rpmhpd.c | 7 drivers/tty/serial/ma35d1_serial.c | 13 drivers/ufs/core/ufs-mcq.c | 11 drivers/ufs/core/ufshcd.c | 2 drivers/usb/core/config.c | 18 - drivers/usb/core/quirks.c | 3 drivers/usb/dwc3/dwc3-pci.c | 8 drivers/usb/gadget/configfs.c | 3 drivers/usb/host/xhci.c | 16 drivers/usb/serial/mos7840.c | 45 ++ drivers/usb/serial/option.c | 38 ++ drivers/vfio/pci/vfio_pci_core.c | 2 fs/btrfs/tree-checker.c | 39 ++ fs/cachefiles/daemon.c | 14 fs/cachefiles/internal.h | 15 fs/cachefiles/ondemand.c | 52 ++ fs/cachefiles/xattr.c | 5 fs/dcache.c | 12 fs/ext4/sysfs.c | 2 fs/locks.c | 2 fs/nilfs2/dir.c | 32 + fs/smb/client/cifsglob.h | 4 fs/smb/server/smb2pdu.c | 13 fs/userfaultfd.c | 7 include/linux/compiler_attributes.h | 12 include/linux/mmzone.h | 3 include/linux/pagemap.h | 11 include/net/tcx.h | 13 include/uapi/misc/fastrpc.h | 3 kernel/bpf/bpf_local_storage.c | 4 kernel/bpf/helpers.c | 186 +++++++--- kernel/sched/core.c | 7 kernel/sched/fair.c | 12 kernel/sched/psi.c | 21 - kernel/sched/sched.h | 1 kernel/sched/stats.h | 11 mm/damon/core.c | 23 + mm/filemap.c | 2 mm/shmem.c | 15 mm/vmalloc.c | 10 net/ceph/mon_client.c | 14 net/core/datagram.c | 3 net/core/skmsg.c | 3 net/ethtool/linkstate.c | 41 +- net/ipv4/tcp_input.c | 11 net/ipv4/tcp_timer.c | 31 + net/ipv4/udp.c | 4 net/sched/act_ct.c | 8 net/sched/sch_ingress.c | 12 net/sunrpc/xprtsock.c | 7 scripts/ld-version.sh | 8 sound/pci/hda/patch_realtek.c | 4 sound/soc/sof/intel/hda-dai.c | 12 tools/testing/selftests/net/gro.c | 3 tools/testing/selftests/wireguard/qemu/Makefile | 8 100 files changed, 1134 insertions(+), 435 deletions(-) Alan Stern (1): USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix double free in detach Aleksandr Loktionov (1): i40e: fix: remove needless retries of NVM update Aleksandr Mishin (1): octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Alexandre Chartre (1): x86/bhi: Avoid warning in #DB handler due to BHI mitigation Armin Wolf (1): platform/x86: toshiba_acpi: Fix array out-of-bounds access Audra Mitchell (1): Fix userfaultfd_api to return EINVAL as expected Baokun Li (5): cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop cachefiles: stop sending new request when dropping object cachefiles: cancel all requests for the object that is being dropped cachefiles: cyclic allocation of msg_id to avoid reuse ext4: avoid ptr null pointer dereference Benjamin Tissoires (2): bpf: make timer data struct more generic bpf: replace bpf_timer_init with a generic helper Bjorn Andersson (1): arm64: dts: qcom: sc8180x: Fix LLCC reg property again Bjørn Mork (1): USB: serial: option: add Fibocom FM350-GL Brian Foster (1): vfs: don't mod negative dentry count when on shrinker list Brian Gerst (1): x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Chen Ni (1): ARM: davinci: Convert comma to semicolon Chengen Du (1): net/sched: Fix UAF when resolving a clash Christian Eggers (1): dsa: lan9303: Fix mapping between DSA port number and PHY address Cong Zhang (1): arm64: dts: qcom: sa8775p: Correct IRQ number of EL2 non-secure physical timer Dan Carpenter (2): net: bcmasp: Fix error code in probe() i2c: rcar: fix error code in probe() Daniel Borkmann (2): bpf: Fix too early release of tcx_entry net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniele Palmas (2): USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions Dmitry Antipov (1): ppp: reject claimed-as-LCP but actually malformed packets Dmitry Smirnov (1): USB: serial: mos7840: fix crash on resume Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Ekansh Gupta (6): misc: fastrpc: Fix DSP capabilities request misc: fastrpc: Avoid updating PD type for capability request misc: fastrpc: Copy the complete capability structure to user misc: fastrpc: Fix memory leak in audio daemon attach operation misc: fastrpc: Fix ownership reassignment of remote heap misc: fastrpc: Restrict untrusted app to attach to privileged PD Eric Dumazet (2): tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets Gavin Shan (3): mm/filemap: skip to create PMD-sized page cache if needed mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray mm/shmem: disable PMD-sized page cache if needed Geliang Tang (1): skmsg: Skip zero length skb in sk_msg_recvmsg Greg Kroah-Hartman (1): Linux 6.6.41 He Zhe (1): hpet: Support 32-bit userspace Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Panther Lake Heiko Carstens (2): Compiler Attributes: Add __uninitialized macro s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() Helge Deller (1): wireguard: allowedips: avoid unaligned 64-bit memory accesses Hobin Woo (1): ksmbd: discard write access to the directory open Hou Tao (1): cachefiles: wait for ondemand_object_worker to finish when dropping object Hugh Dickins (1): net: fix rc7's __skb_datagram_iter() Ilya Dryomov (1): libceph: fix race between delayed_work() and ceph_monc_stop() Jacky Huang (1): tty: serial: ma35d1: Add a NULL check for of_node Jason A. Donenfeld (3): wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue Jeff Layton (1): filelock: fix potential use-after-free in posix_lock_inode Jia Zhu (1): cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Jian Hui Lee (1): net: ethernet: mtk-star-emac: set mac_managed_pm when probing Jingbo Xu (1): cachefiles: add missing lock protection when polling Johan Hovold (1): arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on John Hubbard (1): selftests/net: fix gro.c compilation failure due to non-existent opt_ipproto_off John Stultz (1): sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Josh Don (1): Revert "sched/fair: Make sure to try to detach at least one movable task" Joy Chakraborty (3): misc: microchip: pci1xxxx: Fix return value of nvmem callbacks nvmem: rmem: Fix return value of rmem_read() nvmem: meson-efuse: Fix return value of nvmem callbacks João Paulo Gonçalves (1): iio: trigger: Fix condition for own trigger Kai Vehmanen (1): ASoC: SOF: Intel: hda: fix null deref on system suspend entry Kiran Kumar K (1): octeontx2-af: fix issue with IPv6 ext match for RSS Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Kumar Kartikeya Dwivedi (1): bpf: Fail bpf_timer_cancel when callback is being cancelled Kuniyuki Iwashima (1): udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Lee Jones (1): usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Mank Wang (1): USB: serial: option: add Netprisma LCUK54 series modules Mario Limonciello (2): cpufreq: ACPI: Mark boost policy as enabled when setting boost cpufreq: Allow drivers to advertise boost enabled Mathias Nyman (1): xhci: always resume roothubs if xHC was reset during resume Michal Kubiak (1): i40e: Fix XDP program unloading while removing the driver Michal Mazur (1): octeontx2-af: fix detection of IP layer Michał Kopeć (1): ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Mohammad Shehar Yaar Tausif (1): bpf: fix order of args in call to bpf_map_kvcalloc Nathan Chancellor (1): kbuild: Make ld-version.sh more robust against version string changes Nazar Bilinskyi (1): ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Neal Cardwell (1): tcp: fix incorrect undo caused by DSACK of TLP retransmit Nikolay Borisov (1): x86/entry: Rename ignore_sysret() Nithin Dabilpuram (1): octeontx2-af: replace cpt slot with lf id on reg write Oleksij Rempel (2): net: phy: microchip: lan87xx: reinit PHY after cable test ethtool: netlink: do not return SQI value if link is down Peter Wang (2): scsi: ufs: core: Fix ufshcd_clear_cmd racing issue scsi: ufs: core: Fix ufshcd_abort_one racing issue Qu Wenruo (1): btrfs: tree-checker: add type and sequence check for inline backrefs Richard Fitzgerald (5): firmware: cs_dsp: Fix overflow checking of wmfw header firmware: cs_dsp: Return error if block header overflows file firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Ronald Wahl (2): net: ks8851: Fix deadlock with the SPI chip variant net: ks8851: Fix potential TX stall after interface reopen Ryusuke Konishi (1): nilfs2: fix kernel bug on rename operation of broken directory Satheesh Paul (1): octeontx2-af: fix issue with IPv4 match for RSS SeongJae Park (1): mm/damon/core: merge regions aggressively when max_nr_regions is unmet Slark Xiao (1): USB: serial: option: add support for Foxconn T99W651 Srujana Challa (1): octeontx2-af: fix a issue with cpt_lf_alloc mailbox Steve French (1): cifs: fix setting SecurityFlags to true Sven Schnelle (1): s390: Mark psw in __load_psw_mask() as __unitialized Taniya Das (1): pmdomain: qcom: rpmhpd: Skip retention level for Power Domains Thomas Weißschuh (1): nvmem: core: only change name to fram for current attribute Uladzislau Rezki (Sony) (1): mm: vmalloc: check if a hash-index is in cpu_possible_mask Vanillan Wang (1): USB: serial: option: add Rolling RW350-GL variants Waiman Long (1): mm: prevent derefencing NULL ptr in pfn_section_valid() WangYuli (1): USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Wolfram Sang (7): i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: testunit: avoid re-issued work after read message i2c: rcar: clear NO_RXDMA flag after resetting Yi Liu (1): vfio/pci: Init the count variable in collecting hot-reset devices linke li (1): fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading

9 months, 2 weeks

1
1
0 0

Linux 6.1.100

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.100 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/cifs/usage.rst | 36 - Makefile | 2 arch/arm/mach-davinci/pm.c | 2 arch/s390/include/asm/processor.h | 2 arch/x86/entry/entry_64.S | 19 arch/x86/entry/entry_64_compat.S | 14 arch/x86/lib/retpoline.S | 2 drivers/acpi/processor_idle.c | 37 - drivers/char/hpet.c | 34 + drivers/firmware/cirrus/cs_dsp.c | 227 +++++++---- drivers/i2c/busses/i2c-rcar.c | 67 ++- drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 7 drivers/misc/fastrpc.c | 14 drivers/net/ethernet/intel/i40e/i40e_main.c | 9 drivers/net/ethernet/lantiq_etop.c | 4 drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 + drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 +++ drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 drivers/net/ethernet/micrel/ks8851_common.c | 10 drivers/net/ethernet/micrel/ks8851_spi.c | 4 drivers/net/phy/microchip_t1.c | 2 drivers/net/ppp/ppp_generic.c | 15 drivers/net/wireguard/allowedips.c | 4 drivers/net/wireguard/queueing.h | 4 drivers/net/wireguard/send.c | 2 drivers/nvmem/core.c | 5 drivers/nvmem/meson-efuse.c | 14 drivers/nvmem/rmem.c | 5 drivers/platform/x86/toshiba_acpi.c | 1 drivers/usb/core/config.c | 18 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/configfs.c | 3 drivers/usb/host/xhci.c | 16 drivers/usb/serial/mos7840.c | 45 ++ drivers/usb/serial/option.c | 38 + fs/cachefiles/daemon.c | 14 fs/cachefiles/internal.h | 15 fs/cachefiles/ondemand.c | 52 ++ fs/cachefiles/xattr.c | 5 fs/dcache.c | 12 fs/locks.c | 2 fs/nilfs2/dir.c | 32 + fs/smb/client/cifsglob.h | 4 fs/smb/server/smb2pdu.c | 13 fs/userfaultfd.c | 7 include/linux/bpf.h | 8 include/linux/bpf_local_storage.h | 17 include/linux/compiler_attributes.h | 12 include/linux/mmzone.h | 3 kernel/bpf/bpf_inode_storage.c | 38 - kernel/bpf/bpf_local_storage.c | 197 +++++---- kernel/bpf/bpf_task_storage.c | 38 - kernel/bpf/syscall.c | 15 kernel/bpf/verifier.c | 11 kernel/sched/core.c | 7 kernel/sched/fair.c | 12 kernel/sched/psi.c | 21 - kernel/sched/sched.h | 1 kernel/sched/stats.h | 11 net/ceph/mon_client.c | 14 net/core/bpf_sk_storage.c | 35 - net/core/datagram.c | 3 net/core/skmsg.c | 3 net/ethtool/linkstate.c | 41 + net/ipv4/tcp_input.c | 11 net/ipv4/tcp_timer.c | 31 + net/ipv4/udp.c | 4 net/sched/act_ct.c | 8 net/sunrpc/xprtsock.c | 7 scripts/ld-version.sh | 8 sound/pci/hda/patch_realtek.c | 4 tools/testing/selftests/bpf/progs/test_global_func10.c | 9 tools/testing/selftests/bpf/verifier/calls.c | 13 tools/testing/selftests/bpf/verifier/helper_access_var_len.c | 104 +++-- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 tools/testing/selftests/bpf/verifier/search_pruning.c | 13 tools/testing/selftests/bpf/verifier/sock.c | 27 - tools/testing/selftests/bpf/verifier/spill_fill.c | 7 tools/testing/selftests/bpf/verifier/var_off.c | 52 -- tools/testing/selftests/wireguard/qemu/Makefile | 8 84 files changed, 1130 insertions(+), 621 deletions(-) Alan Stern (1): USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Aleksander Jan Bajkowski (1): net: ethernet: lantiq_etop: fix double free in detach Aleksandr Mishin (1): octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Alexandre Chartre (1): x86/bhi: Avoid warning in #DB handler due to BHI mitigation Armin Wolf (1): platform/x86: toshiba_acpi: Fix array out-of-bounds access Audra Mitchell (1): Fix userfaultfd_api to return EINVAL as expected Baokun Li (4): cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop cachefiles: stop sending new request when dropping object cachefiles: cancel all requests for the object that is being dropped cachefiles: cyclic allocation of msg_id to avoid reuse Bjørn Mork (1): USB: serial: option: add Fibocom FM350-GL Brian Foster (1): vfs: don't mod negative dentry count when on shrinker list Brian Gerst (1): x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Chen Ni (1): ARM: davinci: Convert comma to semicolon Chengen Du (1): net/sched: Fix UAF when resolving a clash Dan Carpenter (1): i2c: rcar: fix error code in probe() Daniel Borkmann (1): net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket Daniele Palmas (2): USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions Dmitry Antipov (1): ppp: reject claimed-as-LCP but actually malformed packets Dmitry Smirnov (1): USB: serial: mos7840: fix crash on resume Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Eduard Zingerman (1): bpf: Allow reads from uninit stack Ekansh Gupta (3): misc: fastrpc: Fix DSP capabilities request misc: fastrpc: Avoid updating PD type for capability request misc: fastrpc: Copy the complete capability structure to user Eric Dumazet (2): tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets Geliang Tang (1): skmsg: Skip zero length skb in sk_msg_recvmsg Greg Kroah-Hartman (1): Linux 6.1.100 He Zhe (1): hpet: Support 32-bit userspace Heiko Carstens (1): Compiler Attributes: Add __uninitialized macro Helge Deller (1): wireguard: allowedips: avoid unaligned 64-bit memory accesses Hobin Woo (1): ksmbd: discard write access to the directory open Hou Tao (1): cachefiles: wait for ondemand_object_worker to finish when dropping object Hugh Dickins (1): net: fix rc7's __skb_datagram_iter() Ilya Dryomov (1): libceph: fix race between delayed_work() and ceph_monc_stop() Jason A. Donenfeld (3): wireguard: selftests: use acpi=off instead of -no-acpi for recent QEMU wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue Jeff Layton (1): filelock: fix potential use-after-free in posix_lock_inode Jia Zhu (1): cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode Jian Hui Lee (1): net: ethernet: mtk-star-emac: set mac_managed_pm when probing Jim Mattson (1): x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Jingbo Xu (1): cachefiles: add missing lock protection when polling John Stultz (1): sched: Move psi_account_irqtime() out of update_rq_clock_task() hotpath Josh Don (1): Revert "sched/fair: Make sure to try to detach at least one movable task" Joy Chakraborty (2): nvmem: rmem: Fix return value of rmem_read() nvmem: meson-efuse: Fix return value of nvmem callbacks Kiran Kumar K (2): octeontx2-af: extend RSS supported offload types octeontx2-af: fix issue with IPv6 ext match for RSS Kuan-Wei Chiu (1): ACPI: processor_idle: Fix invalid comparison with insertion sort for latency Kuniyuki Iwashima (1): udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Lee Jones (1): usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Mank Wang (1): USB: serial: option: add Netprisma LCUK54 series modules Martin KaFai Lau (2): bpf: Reduce smap->elem_size bpf: Remove __bpf_local_storage_map_alloc Mathias Nyman (1): xhci: always resume roothubs if xHC was reset during resume Michal Kubiak (1): i40e: Fix XDP program unloading while removing the driver Michal Mazur (1): octeontx2-af: fix detection of IP layer Michał Kopeć (1): ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Mohammad Shehar Yaar Tausif (1): bpf: fix order of args in call to bpf_map_kvcalloc Nathan Chancellor (1): kbuild: Make ld-version.sh more robust against version string changes Nazar Bilinskyi (1): ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Neal Cardwell (1): tcp: fix incorrect undo caused by DSACK of TLP retransmit Nithin Dabilpuram (1): octeontx2-af: replace cpt slot with lf id on reg write Oleksij Rempel (2): net: phy: microchip: lan87xx: reinit PHY after cable test ethtool: netlink: do not return SQI value if link is down Richard Fitzgerald (5): firmware: cs_dsp: Fix overflow checking of wmfw header firmware: cs_dsp: Return error if block header overflows file firmware: cs_dsp: Validate payload length before processing block firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Ronald Wahl (2): net: ks8851: Fix deadlock with the SPI chip variant net: ks8851: Fix potential TX stall after interface reopen Ryusuke Konishi (1): nilfs2: fix kernel bug on rename operation of broken directory Satheesh Paul (1): octeontx2-af: fix issue with IPv4 match for RSS Slark Xiao (1): USB: serial: option: add support for Foxconn T99W651 Srujana Challa (2): octeontx2-af: update cpt lf alloc mailbox octeontx2-af: fix a issue with cpt_lf_alloc mailbox Steve French (1): cifs: fix setting SecurityFlags to true Sven Schnelle (1): s390: Mark psw in __load_psw_mask() as __unitialized Thomas Weißschuh (1): nvmem: core: only change name to fram for current attribute Vanillan Wang (1): USB: serial: option: add Rolling RW350-GL variants Waiman Long (1): mm: prevent derefencing NULL ptr in pfn_section_valid() WangYuli (1): USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Wolfram Sang (7): i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: testunit: avoid re-issued work after read message i2c: rcar: clear NO_RXDMA flag after resetting Yafang Shao (1): bpf: use bpf_map_kvcalloc in bpf_local_storage Yonghong Song (1): bpf: Refactor some inode/task/sk storage functions for reuse linke li (1): fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading

9 months, 2 weeks

1
1
0 0

Linux 5.15.163

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.163 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-davinci/pm.c | 2 arch/powerpc/include/asm/io.h | 2 arch/powerpc/xmon/xmon.c | 6 arch/riscv/kernel/machine_kexec.c | 10 arch/s390/include/asm/kvm_host.h | 1 arch/s390/include/asm/processor.h | 2 arch/s390/kvm/kvm-s390.c | 1 arch/s390/kvm/kvm-s390.h | 15 arch/s390/kvm/priv.c | 32 + arch/x86/entry/entry_64.S | 19 arch/x86/entry/entry_64_compat.S | 14 crypto/aead.c | 3 crypto/cipher.c | 3 drivers/base/regmap/regmap-i2c.c | 3 drivers/block/null_blk/zoned.c | 11 drivers/bluetooth/hci_qca.c | 18 drivers/char/hpet.c | 34 + drivers/clk/qcom/gcc-sm6350.c | 10 drivers/firmware/dmi_scan.c | 11 drivers/gpio/gpiolib-of.c | 92 +++- drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c | 8 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 drivers/gpu/drm/amd/include/atomfirmware.h | 2 drivers/gpu/drm/lima/lima_gp.c | 2 drivers/gpu/drm/lima/lima_mmu.c | 5 drivers/gpu/drm/lima/lima_pp.c | 4 drivers/gpu/drm/nouveau/nouveau_connector.c | 3 drivers/i2c/busses/i2c-i801.c | 2 drivers/i2c/busses/i2c-pnx.c | 48 -- drivers/i2c/busses/i2c-rcar.c | 66 +-- drivers/i2c/i2c-core-base.c | 1 drivers/i2c/i2c-slave-testunit.c | 7 drivers/infiniband/core/user_mad.c | 21 drivers/input/ff-core.c | 7 drivers/media/dvb-frontends/as102_fe_types.h | 2 drivers/media/dvb-frontends/tda10048.c | 9 drivers/media/dvb-frontends/tda18271c2dd.c | 4 drivers/media/usb/dvb-usb/dib0700_devices.c | 18 drivers/media/usb/dvb-usb/dw2102.c | 120 +++-- drivers/media/usb/s2255/s2255drv.c | 20 drivers/mtd/nand/raw/nand_base.c | 64 +-- drivers/mtd/nand/raw/rockchip-nand-controller.c | 6 drivers/net/bonding/bond_options.c | 6 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/intel/e1000e/netdev.c | 132 +++--- drivers/net/ethernet/intel/i40e/i40e_main.c | 9 drivers/net/ethernet/lantiq_etop.c | 5 drivers/net/ethernet/marvell/octeontx2/af/mbox.h | 10 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 33 + drivers/net/ethernet/marvell/octeontx2/af/rvu_nix.c | 67 +++ drivers/net/ethernet/mediatek/mtk_star_emac.c | 7 drivers/net/ethernet/micrel/ks8851_common.c | 2 drivers/net/ppp/ppp_generic.c | 15 drivers/net/wireguard/allowedips.c | 4 drivers/net/wireguard/queueing.h | 4 drivers/net/wireguard/send.c | 2 drivers/net/wireless/mediatek/mt76/mt76_connac_mcu.c | 10 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 2 drivers/net/wireless/microchip/wilc1000/hif.c | 3 drivers/nfc/virtual_ncidev.c | 4 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/core.c | 9 drivers/nvmem/core.c | 5 drivers/nvmem/meson-efuse.c | 14 drivers/nvmem/rmem.c | 5 drivers/platform/x86/touchscreen_dmi.c | 36 + drivers/s390/crypto/pkey_api.c | 4 drivers/scsi/qedf/qedf_io.c | 6 drivers/usb/core/config.c | 18 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/configfs.c | 3 drivers/usb/serial/mos7840.c | 45 ++ drivers/usb/serial/option.c | 38 + fs/btrfs/block-group.c | 13 fs/dcache.c | 12 fs/jffs2/super.c | 1 fs/locks.c | 2 fs/nilfs2/alloc.c | 18 fs/nilfs2/alloc.h | 4 fs/nilfs2/dat.c | 2 fs/nilfs2/dir.c | 38 + fs/nilfs2/ifile.c | 7 fs/nilfs2/nilfs.h | 10 fs/nilfs2/the_nilfs.c | 6 fs/nilfs2/the_nilfs.h | 2 fs/ntfs3/xattr.c | 5 fs/orangefs/super.c | 3 fs/userfaultfd.c | 7 include/linux/compiler_attributes.h | 12 include/linux/fsnotify.h | 8 include/linux/lsm_hook_defs.h | 2 include/linux/mmzone.h | 3 include/linux/mutex.h | 27 + include/linux/security.h | 5 kernel/auditfilter.c | 5 kernel/bpf/verifier.c | 11 kernel/dma/map_benchmark.c | 3 kernel/exit.c | 2 kernel/locking/mutex-debug.c | 12 lib/kunit/try-catch.c | 3 mm/page-writeback.c | 32 + net/ceph/mon_client.c | 14 net/core/datagram.c | 20 net/core/skmsg.c | 3 net/ethtool/linkstate.c | 41 + net/ipv4/inet_diag.c | 2 net/ipv4/tcp_input.c | 13 net/ipv4/tcp_metrics.c | 1 net/ipv4/tcp_timer.c | 31 + net/ipv4/udp.c | 4 net/ipv6/addrconf.c | 9 net/ipv6/ip6_input.c | 2 net/ipv6/ip6_output.c | 2 net/netfilter/nf_tables_api.c | 3 net/sched/act_ct.c | 8 net/sctp/socket.c | 7 scripts/ld-version.sh | 8 scripts/link-vmlinux.sh | 2 security/apparmor/audit.c | 6 security/apparmor/include/audit.h | 2 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_policy.c | 15 security/security.c | 6 security/selinux/include/audit.h | 4 security/selinux/ss/services.c | 5 security/smack/smack_lsm.c | 4 sound/pci/hda/patch_realtek.c | 13 tools/lib/bpf/bpf_core_read.h | 1 tools/power/x86/turbostat/turbostat.c | 10 tools/testing/selftests/bpf/progs/test_global_func10.c | 9 tools/testing/selftests/bpf/verifier/calls.c | 13 tools/testing/selftests/bpf/verifier/helper_access_var_len.c | 104 +++- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 tools/testing/selftests/bpf/verifier/search_pruning.c | 13 tools/testing/selftests/bpf/verifier/sock.c | 27 - tools/testing/selftests/bpf/verifier/spill_fill.c | 211 ++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 -- tools/testing/selftests/net/msg_zerocopy.c | 14 146 files changed, 1583 insertions(+), 614 deletions(-) Alan Stern (1): USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Aleksander Jan Bajkowski (2): net: lantiq_etop: add blank line after declaration net: ethernet: lantiq_etop: fix double free in detach Aleksandr Mishin (1): octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Alex Deucher (1): drm/amdgpu/atomfirmware: silence UBSAN warning Alex Hung (3): drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id Alexandre Chartre (1): x86/bhi: Avoid warning in #DB handler due to BHI mitigation Audra Mitchell (1): Fix userfaultfd_api to return EINVAL as expected Bjørn Mork (1): USB: serial: option: add Fibocom FM350-GL Brian Foster (1): vfs: don't mod negative dentry count when on shrinker list Brian Gerst (1): x86/entry/64: Remove obsolete comment on tracing vs. SYSRET Chen Ni (1): ARM: davinci: Convert comma to semicolon Chengen Du (1): net/sched: Fix UAF when resolving a clash Christian Borntraeger (1): KVM: s390: fix LPSWEY handling Corinna Vinschen (1): igc: fix a log entry using uninitialized netdev Damien Le Moal (1): null_blk: Do not allow runt zone with zone capacity smaller then zone size Dan Carpenter (1): i2c: rcar: fix error code in probe() Daniele Palmas (2): USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions Dima Ruinskiy (1): e1000e: Fix S0ix residency on corporate systems Dmitry Antipov (1): ppp: reject claimed-as-LCP but actually malformed packets Dmitry Smirnov (1): USB: serial: mos7840: fix crash on resume Dmitry Torokhov (3): gpiolib: of: factor out code overriding gpio line polarity gpiolib: of: add a quirk for reset line polarity for Himax LCDs gpiolib: of: add polarity quirk for TSC2005 Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Eduard Zingerman (1): bpf: Allow reads from uninit stack Edward Adam Davis (1): nfc/nci: Add the inconsistency check between the input data length and count Eric Dumazet (4): tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Erick Archer (2): sctp: prefer struct_size over open coded arithmetic Input: ff-core - prefer struct_size over open coded arithmetic Erico Nunes (1): drm/lima: fix shared irq handling on driver remove Fedor Pchelkin (1): dma-mapping: benchmark: avoid needless copy_to_user if benchmark fails Felix Fietkau (1): wifi: mt76: replace skb_put with skb_put_zero Florian Westphal (1): netfilter: nf_tables: unconditionally flush pending work before notifier GUO Zihua (1): ima: Avoid blocking in RCU read-side critical section Geert Uytterhoeven (1): i2c: rcar: Add R-Car Gen4 support Geliang Tang (1): skmsg: Skip zero length skb in sk_msg_recvmsg George Stark (1): locking/mutex: Introduce devm_mutex_init() Ghadi Elie Rahme (1): bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman (1): Linux 5.15.163 Greg Kurz (1): powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use He Zhe (1): hpet: Support 32-bit userspace Heiko Carstens (1): Compiler Attributes: Add __uninitialized macro Heiner Kallweit (1): i2c: i801: Annotate apanel_addr as __ro_after_init Helge Deller (1): wireguard: allowedips: avoid unaligned 64-bit memory accesses Holger Dengler (1): s390/pkey: Wipe sensitive data on failure Hugh Dickins (1): net: fix rc7's __skb_datagram_iter() Ilya Dryomov (1): libceph: fix race between delayed_work() and ceph_monc_stop() Jakub Kicinski (1): tcp_metrics: validate source addr length Jan Kara (3): mm: avoid overflows in dirty throttling logic fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jason A. Donenfeld (2): wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue Jean Delvare (1): firmware: dmi: Stop decoding on broken entry Jeff Layton (1): filelock: fix potential use-after-free in posix_lock_inode Jian Hui Lee (1): net: ethernet: mtk-star-emac: set mac_managed_pm when probing Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Jim Wylder (1): regmap-i2c: Subtract reg size from max_write Jimmy Assarsson (1): can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinliang Zheng (1): mm: optimize the redundant loop of mm_update_owner_next() John Meneghini (1): scsi: qedf: Make qedf_execute_tmf() non-preemptible Jose E. Marchesi (1): bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Joy Chakraborty (2): nvmem: rmem: Fix return value of rmem_read() nvmem: meson-efuse: Fix return value of nvmem callbacks Jozef Hopko (1): wifi: wilc1000: fix ies_len type in connect path Kiran Kumar K (2): octeontx2-af: extend RSS supported offload types octeontx2-af: fix issue with IPv6 ext match for RSS Konstantin Komarov (1): fs/ntfs3: Mark volume as dirty if xattr is broken Kundan Kumar (1): nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Kuniyuki Iwashima (1): udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Lee Jones (1): usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Len Brown (1): tools/power turbostat: Remember global max_die_id Luca Weiss (1): clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents Ma Jun (1): drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Ke (1): drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Mank Wang (1): USB: serial: option: add Netprisma LCUK54 series modules Masahiro Yamada (1): kbuild: fix short log for AS in link-vmlinux.sh Mauro Carvalho Chehab (1): media: dw2102: fix a potential buffer overflow Michael Bunk (1): media: dw2102: Don't translate i2c read into write Michael Ellerman (1): powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Michael Guralnik (1): IB/core: Implement a limit on UMAD receive List Michal Kubiak (1): i40e: Fix XDP program unloading while removing the driver Michal Mazur (1): octeontx2-af: fix detection of IP layer Michał Kopeć (1): ALSA: hda/realtek: add quirk for Clevo V5[46]0TU Mickaël Salaün (1): kunit: Fix timeout message Mike Marshall (1): orangefs: fix out-of-bounds fsid access Miquel Raynal (2): mtd: rawnand: Ensure ECC configuration is propagated to upper layers mtd: rawnand: Bypass a couple of sanity checks during NAND identification Naohiro Aota (1): btrfs: fix adding block group to a reclaim list and the unused list during reclaim Nathan Chancellor (1): kbuild: Make ld-version.sh more robust against version string changes Nazar Bilinskyi (1): ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Neal Cardwell (2): UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() tcp: fix incorrect undo caused by DSACK of TLP retransmit Nilay Shroff (1): nvme-multipath: find NUMA path only for online numa-node Nithin Dabilpuram (1): octeontx2-af: replace cpt slot with lf id on reg write Oleksij Rempel (1): ethtool: netlink: do not return SQI value if link is down Piotr Wojtaszczyk (1): i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Ricardo Ribalda (5): media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow Ronald Wahl (1): net: ks8851: Fix potential TX stall after interface reopen Ryusuke Konishi (4): nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries nilfs2: fix incorrect inode allocation from reserved inodes nilfs2: fix kernel bug on rename operation of broken directory Sagi Grimberg (2): net: allow skb_datagram_iter to be called from any context nvmet: fix a possible leak when destroy a ctrl during qp establishment Sam Sun (1): bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Sasha Neftin (1): Revert "igc: fix a log entry using uninitialized netdev" Satheesh Paul (1): octeontx2-af: fix issue with IPv4 match for RSS Shigeru Yoshida (1): inet_diag: Initialize pad field in struct inet_diag_req_v2 Simon Horman (1): net: dsa: mv88e6xxx: Correct check for empty list Slark Xiao (1): USB: serial: option: add support for Foxconn T99W651 Song Shuai (1): riscv: kexec: Avoid deadlock in kexec crash path Srujana Challa (2): octeontx2-af: update cpt lf alloc mailbox octeontx2-af: fix a issue with cpt_lf_alloc mailbox Sven Schnelle (1): s390: Mark psw in __load_psw_mask() as __unitialized Thomas Weißschuh (1): nvmem: core: only change name to fram for current attribute Val Packett (1): mtd: rawnand: rockchip: ensure NVDDR timings are rejected Vanillan Wang (1): USB: serial: option: add Rolling RW350-GL variants Waiman Long (1): mm: prevent derefencing NULL ptr in pfn_section_valid() Wang Yong (1): jffs2: Fix potential illegal address access in jffs2_free_inode WangYuli (1): USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Wolfram Sang (7): i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: testunit: avoid re-issued work after read message i2c: rcar: clear NO_RXDMA flag after resetting Zijian Zhang (2): selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest Zijun Hu (1): Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot hmtheboy154 (2): platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro linke li (1): fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading

9 months, 2 weeks

1
1
0 0

Linux 5.10.222

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.222 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/arm/mach-davinci/pm.c | 2 arch/ia64/include/asm/efi.h | 13 arch/ia64/kernel/efi.c | 1 arch/ia64/kernel/machine_kexec.c | 1 arch/ia64/kernel/mca.c | 1 arch/ia64/kernel/smpboot.c | 1 arch/ia64/kernel/time.c | 1 arch/ia64/kernel/uncached.c | 4 arch/ia64/mm/contig.c | 1 arch/ia64/mm/discontig.c | 1 arch/ia64/mm/init.c | 1 arch/powerpc/include/asm/io.h | 2 arch/powerpc/xmon/xmon.c | 6 arch/s390/include/asm/processor.h | 2 arch/x86/lib/retpoline.S | 2 crypto/aead.c | 3 crypto/cipher.c | 3 drivers/bluetooth/hci_qca.c | 18 drivers/char/hpet.c | 34 + drivers/firmware/dmi_scan.c | 11 drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c | 8 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 drivers/gpu/drm/amd/include/atomfirmware.h | 2 drivers/gpu/drm/lima/lima_gp.c | 2 drivers/gpu/drm/lima/lima_mmu.c | 5 drivers/gpu/drm/lima/lima_pp.c | 4 drivers/gpu/drm/nouveau/nouveau_connector.c | 3 drivers/i2c/busses/i2c-i801.c | 2 drivers/i2c/busses/i2c-pnx.c | 48 -- drivers/i2c/busses/i2c-rcar.c | 66 +-- drivers/i2c/i2c-core-base.c | 1 drivers/infiniband/core/user_mad.c | 21 drivers/input/ff-core.c | 7 drivers/media/dvb-frontends/as102_fe_types.h | 2 drivers/media/dvb-frontends/tda10048.c | 9 drivers/media/dvb-frontends/tda18271c2dd.c | 4 drivers/media/usb/dvb-usb/dib0700_devices.c | 18 drivers/media/usb/dvb-usb/dw2102.c | 120 +++-- drivers/media/usb/s2255/s2255drv.c | 20 drivers/mtd/nand/raw/nand_base.c | 55 +- drivers/net/bonding/bond_options.c | 6 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 4 drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 drivers/net/ethernet/lantiq_etop.c | 5 drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 drivers/net/ethernet/micrel/ks8851_common.c | 2 drivers/net/ppp/ppp_generic.c | 15 drivers/net/wireguard/allowedips.c | 4 drivers/net/wireguard/queueing.h | 4 drivers/net/wireguard/send.c | 2 drivers/net/wireless/microchip/wilc1000/hif.c | 3 drivers/nvme/host/multipath.c | 2 drivers/nvme/host/pci.c | 3 drivers/nvme/target/core.c | 9 drivers/nvmem/meson-efuse.c | 14 drivers/platform/x86/touchscreen_dmi.c | 36 + drivers/s390/crypto/pkey_api.c | 4 drivers/scsi/qedf/qedf_io.c | 6 drivers/usb/core/config.c | 18 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/configfs.c | 3 drivers/usb/serial/mos7840.c | 45 ++ drivers/usb/serial/option.c | 38 + fs/dcache.c | 12 fs/jffs2/super.c | 1 fs/locks.c | 2 fs/nilfs2/alloc.c | 18 fs/nilfs2/alloc.h | 4 fs/nilfs2/dat.c | 2 fs/nilfs2/dir.c | 38 + fs/nilfs2/ifile.c | 7 fs/nilfs2/nilfs.h | 10 fs/nilfs2/the_nilfs.c | 6 fs/nilfs2/the_nilfs.h | 2 fs/orangefs/super.c | 3 include/linux/bpf.h | 1 include/linux/compiler_attributes.h | 12 include/linux/efi.h | 6 include/linux/fsnotify.h | 8 include/linux/lsm_hook_defs.h | 2 include/linux/mmzone.h | 3 include/linux/security.h | 5 include/linux/skmsg.h | 1 kernel/auditfilter.c | 5 kernel/bpf/verifier.c | 11 kernel/exit.c | 2 lib/kunit/try-catch.c | 3 mm/page-writeback.c | 32 + net/ceph/mon_client.c | 14 net/core/skmsg.c | 1 net/core/sock_map.c | 22 + net/ethtool/linkstate.c | 41 + net/ipv4/inet_diag.c | 2 net/ipv4/tcp_bpf.c | 1 net/ipv4/tcp_input.c | 13 net/ipv4/tcp_metrics.c | 1 net/ipv4/tcp_timer.c | 31 + net/ipv4/udp.c | 4 net/ipv6/addrconf.c | 9 net/ipv6/ip6_input.c | 2 net/ipv6/ip6_output.c | 2 net/sched/act_ct.c | 8 net/sctp/socket.c | 7 scripts/link-vmlinux.sh | 2 security/apparmor/audit.c | 6 security/apparmor/include/audit.h | 2 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_policy.c | 15 security/security.c | 6 security/selinux/include/audit.h | 4 security/selinux/ss/services.c | 5 security/smack/smack_lsm.c | 4 sound/pci/hda/patch_realtek.c | 12 tools/lib/bpf/bpf_core_read.h | 1 tools/testing/selftests/bpf/progs/test_global_func10.c | 31 + tools/testing/selftests/bpf/verifier/calls.c | 13 tools/testing/selftests/bpf/verifier/helper_access_var_len.c | 104 +++- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 tools/testing/selftests/bpf/verifier/search_pruning.c | 13 tools/testing/selftests/bpf/verifier/sock.c | 27 - tools/testing/selftests/bpf/verifier/spill_fill.c | 211 ++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 -- tools/testing/selftests/net/msg_zerocopy.c | 14 128 files changed, 1207 insertions(+), 445 deletions(-) Alan Stern (1): USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Aleksander Jan Bajkowski (2): net: lantiq_etop: add blank line after declaration net: ethernet: lantiq_etop: fix double free in detach Aleksandr Mishin (1): octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Alex Deucher (1): drm/amdgpu/atomfirmware: silence UBSAN warning Alex Hung (3): drm/amd/display: Check index msg_id before read or write drm/amd/display: Check pipe offset before setting vblank drm/amd/display: Skip finding free audio for unknown engine_id Ard Biesheuvel (1): efi: ia64: move IA64-only declarations to new asm/efi.h header Bjørn Mork (1): USB: serial: option: add Fibocom FM350-GL Brian Foster (1): vfs: don't mod negative dentry count when on shrinker list Chen Ni (1): ARM: davinci: Convert comma to semicolon Chengen Du (1): net/sched: Fix UAF when resolving a clash Dan Carpenter (1): i2c: rcar: fix error code in probe() Daniele Palmas (2): USB: serial: option: add Telit generic core-dump composition USB: serial: option: add Telit FN912 rmnet compositions Dmitry Antipov (1): ppp: reject claimed-as-LCP but actually malformed packets Dmitry Smirnov (1): USB: serial: mos7840: fix crash on resume Edson Juliano Drosdeck (1): ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Eduard Zingerman (1): bpf: Allow reads from uninit stack Eric Dumazet (4): tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() tcp: avoid too many retransmit packets ipv6: annotate data-races around cnf.disable_ipv6 ipv6: prevent NULL dereference in ip6_output() Erick Archer (2): sctp: prefer struct_size over open coded arithmetic Input: ff-core - prefer struct_size over open coded arithmetic Erico Nunes (1): drm/lima: fix shared irq handling on driver remove GUO Zihua (1): ima: Avoid blocking in RCU read-side critical section Geert Uytterhoeven (1): i2c: rcar: Add R-Car Gen4 support Ghadi Elie Rahme (1): bnx2x: Fix multiple UBSAN array-index-out-of-bounds Greg Kroah-Hartman (1): Linux 5.10.222 Greg Kurz (1): powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Hailey Mothershead (1): crypto: aead,cipher - zeroize key buffer after use He Zhe (1): hpet: Support 32-bit userspace Heiko Carstens (1): Compiler Attributes: Add __uninitialized macro Heiner Kallweit (1): i2c: i801: Annotate apanel_addr as __ro_after_init Helge Deller (1): wireguard: allowedips: avoid unaligned 64-bit memory accesses Holger Dengler (1): s390/pkey: Wipe sensitive data on failure Ilya Dryomov (1): libceph: fix race between delayed_work() and ceph_monc_stop() Jakub Kicinski (1): tcp_metrics: validate source addr length Jan Kara (3): mm: avoid overflows in dirty throttling logic fsnotify: Do not generate events for O_PATH file descriptors Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jason A. Donenfeld (2): wireguard: queueing: annotate intentional data race in cpu round robin wireguard: send: annotate intentional data race in checking empty queue Jean Delvare (1): firmware: dmi: Stop decoding on broken entry Jeff Layton (1): filelock: fix potential use-after-free in posix_lock_inode Jian-Hong Pan (1): ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Jim Mattson (1): x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Jimmy Assarsson (1): can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Jinliang Zheng (1): mm: optimize the redundant loop of mm_update_owner_next() John Meneghini (1): scsi: qedf: Make qedf_execute_tmf() non-preemptible Jose E. Marchesi (1): bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Joy Chakraborty (1): nvmem: meson-efuse: Fix return value of nvmem callbacks Jozef Hopko (1): wifi: wilc1000: fix ies_len type in connect path Kundan Kumar (1): nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Kuniyuki Iwashima (1): udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Lee Jones (1): usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Ma Jun (1): drm/amdgpu: Initialize timestamp for some legacy SOCs Ma Ke (1): drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Mank Wang (1): USB: serial: option: add Netprisma LCUK54 series modules Masahiro Yamada (1): kbuild: fix short log for AS in link-vmlinux.sh Mauro Carvalho Chehab (1): media: dw2102: fix a potential buffer overflow Michael Bunk (1): media: dw2102: Don't translate i2c read into write Michael Ellerman (1): powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Michael Guralnik (1): IB/core: Implement a limit on UMAD receive List Michal Mazur (1): octeontx2-af: fix detection of IP layer Mickaël Salaün (1): kunit: Fix timeout message Mike Marshall (1): orangefs: fix out-of-bounds fsid access Miquel Raynal (1): mtd: rawnand: Bypass a couple of sanity checks during NAND identification Nazar Bilinskyi (1): ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Neal Cardwell (2): UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() tcp: fix incorrect undo caused by DSACK of TLP retransmit Nilay Shroff (1): nvme-multipath: find NUMA path only for online numa-node Oleksij Rempel (1): ethtool: netlink: do not return SQI value if link is down Piotr Wojtaszczyk (1): i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Ricardo Ribalda (5): media: dvb: as102-fe: Fix as10x_register_addr packing media: dvb-usb: dib0700_devices: Add missing release_firmware() media: dvb-frontends: tda18271c2dd: Remove casting during div media: s2255: Use refcount_t instead of atomic_t for num_channels media: dvb-frontends: tda10048: Fix integer overflow Ronald Wahl (1): net: ks8851: Fix potential TX stall after interface reopen Ryusuke Konishi (4): nilfs2: fix inode number range checks nilfs2: add missing check for inode numbers on directory entries nilfs2: fix incorrect inode allocation from reserved inodes nilfs2: fix kernel bug on rename operation of broken directory Sagi Grimberg (1): nvmet: fix a possible leak when destroy a ctrl during qp establishment Sam Sun (1): bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Shigeru Yoshida (1): inet_diag: Initialize pad field in struct inet_diag_req_v2 Simon Horman (1): net: dsa: mv88e6xxx: Correct check for empty list Slark Xiao (1): USB: serial: option: add support for Foxconn T99W651 Sven Schnelle (1): s390: Mark psw in __load_psw_mask() as __unitialized Vanillan Wang (1): USB: serial: option: add Rolling RW350-GL variants Waiman Long (1): mm: prevent derefencing NULL ptr in pfn_section_valid() Wang Yong (1): jffs2: Fix potential illegal address access in jffs2_free_inode Wang Yufen (1): bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues WangYuli (1): USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Wolfram Sang (6): i2c: rcar: bring hardware to known state when probing i2c: mark HostNotify target address as used i2c: rcar: reset controller is mandatory for Gen3+ i2c: rcar: introduce Gen4 devices i2c: rcar: ensure Gen3+ reset does not disturb local targets i2c: rcar: clear NO_RXDMA flag after resetting Zijian Zhang (2): selftests: fix OOM in msg_zerocopy selftest selftests: make order checking verbose in msg_zerocopy selftest Zijun Hu (1): Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot hmtheboy154 (2): platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro linke li (1): fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading

9 months, 2 weeks

1
1
0 0

[PATCH 5.10] arm64/bpf: Remove 128MB limit for BPF JIT programs

by Puranjay Mohan

From: Russell King <russell.king(a)oracle.com> [ Upstream commit b89ddf4cca43f1269093942cf5c4e457fd45c335 ] Commit 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory") restricts BPF JIT program allocation to a 128MB region to ensure BPF programs are still in branching range of each other. However this restriction should not apply to the aarch64 JIT, since BPF_JMP | BPF_CALL are implemented as a 64-bit move into a register and then a BLR instruction - which has the effect of being able to call anything without proximity limitation. The practical reason to relax this restriction on JIT memory is that 128MB of JIT memory can be quickly exhausted, especially where PAGE_SIZE is 64KB - one page is needed per program. In cases where seccomp filters are applied to multiple VMs on VM launch - such filters are classic BPF but converted to BPF - this can severely limit the number of VMs that can be launched. In a world where we support BPF JIT always on, turning off the JIT isn't always an option either. Fixes: 91fc957c9b1d ("arm64/bpf: don't allocate BPF JIT programs in module memory") Suggested-by: Ard Biesheuvel <ard.biesheuvel(a)linaro.org> Signed-off-by: Russell King <russell.king(a)oracle.com> Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Tested-by: Alan Maguire <alan.maguire(a)oracle.com> Link: https://lore.kernel.org/bpf/1636131046-5982-2-git-send-email-alan.maguire@o… [Replace usage of in_bpf_jit() with is_bpf_text_address()] Signed-off-by: Puranjay Mohan <pjy(a)amazon.com> --- arch/arm64/include/asm/extable.h | 9 --------- arch/arm64/include/asm/memory.h | 5 +---- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/extable.c | 3 ++- arch/arm64/mm/ptdump.c | 2 -- arch/arm64/net/bpf_jit_comp.c | 7 ++----- 6 files changed, 6 insertions(+), 22 deletions(-) diff --git a/arch/arm64/include/asm/extable.h b/arch/arm64/include/asm/extable.h index b15eb4a3e6b20..840a35ed92ec8 100644 --- a/arch/arm64/include/asm/extable.h +++ b/arch/arm64/include/asm/extable.h @@ -22,15 +22,6 @@ struct exception_table_entry #define ARCH_HAS_RELATIVE_EXTABLE -static inline bool in_bpf_jit(struct pt_regs *regs) -{ - if (!IS_ENABLED(CONFIG_BPF_JIT)) - return false; - - return regs->pc >= BPF_JIT_REGION_START && - regs->pc < BPF_JIT_REGION_END; -} - #ifdef CONFIG_BPF_JIT int arm64_bpf_fixup_exception(const struct exception_table_entry *ex, struct pt_regs *regs); diff --git a/arch/arm64/include/asm/memory.h b/arch/arm64/include/asm/memory.h index 505bdd75b5411..eef03120c0daf 100644 --- a/arch/arm64/include/asm/memory.h +++ b/arch/arm64/include/asm/memory.h @@ -44,11 +44,8 @@ #define _PAGE_OFFSET(va) (-(UL(1) << (va))) #define PAGE_OFFSET (_PAGE_OFFSET(VA_BITS)) #define KIMAGE_VADDR (MODULES_END) -#define BPF_JIT_REGION_START (KASAN_SHADOW_END) -#define BPF_JIT_REGION_SIZE (SZ_128M) -#define BPF_JIT_REGION_END (BPF_JIT_REGION_START + BPF_JIT_REGION_SIZE) #define MODULES_END (MODULES_VADDR + MODULES_VSIZE) -#define MODULES_VADDR (BPF_JIT_REGION_END) +#define MODULES_VADDR (_PAGE_END(VA_BITS_MIN)) #define MODULES_VSIZE (SZ_128M) #define VMEMMAP_START (-VMEMMAP_SIZE - SZ_2M) #define VMEMMAP_END (VMEMMAP_START + VMEMMAP_SIZE) diff --git a/arch/arm64/kernel/traps.c b/arch/arm64/kernel/traps.c index 563d07d3904e4..e9cc15414133f 100644 --- a/arch/arm64/kernel/traps.c +++ b/arch/arm64/kernel/traps.c @@ -913,7 +913,7 @@ static struct break_hook bug_break_hook = { static int reserved_fault_handler(struct pt_regs *regs, unsigned int esr) { pr_err("%s generated an invalid instruction at %pS!\n", - in_bpf_jit(regs) ? "BPF JIT" : "Kernel text patching", + "Kernel text patching", (void *)instruction_pointer(regs)); /* We cannot handle this */ diff --git a/arch/arm64/mm/extable.c b/arch/arm64/mm/extable.c index aa0060178343a..9a8147b6878b9 100644 --- a/arch/arm64/mm/extable.c +++ b/arch/arm64/mm/extable.c @@ -5,6 +5,7 @@ #include <linux/extable.h> #include <linux/uaccess.h> +#include <linux/filter.h> int fixup_exception(struct pt_regs *regs) { @@ -14,7 +15,7 @@ int fixup_exception(struct pt_regs *regs) if (!fixup) return 0; - if (in_bpf_jit(regs)) + if (is_bpf_text_address(regs->pc)) return arm64_bpf_fixup_exception(fixup, regs); regs->pc = (unsigned long)&fixup->fixup + fixup->fixup; diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c index 807dc634bbd24..ba6d1d89f9b2a 100644 --- a/arch/arm64/mm/ptdump.c +++ b/arch/arm64/mm/ptdump.c @@ -41,8 +41,6 @@ static struct addr_marker address_markers[] = { { 0 /* KASAN_SHADOW_START */, "Kasan shadow start" }, { KASAN_SHADOW_END, "Kasan shadow end" }, #endif - { BPF_JIT_REGION_START, "BPF start" }, - { BPF_JIT_REGION_END, "BPF end" }, { MODULES_VADDR, "Modules start" }, { MODULES_END, "Modules end" }, { VMALLOC_START, "vmalloc() area" }, diff --git a/arch/arm64/net/bpf_jit_comp.c b/arch/arm64/net/bpf_jit_comp.c index 18627cbd6da4e..2a47165abbe5e 100644 --- a/arch/arm64/net/bpf_jit_comp.c +++ b/arch/arm64/net/bpf_jit_comp.c @@ -1145,15 +1145,12 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) u64 bpf_jit_alloc_exec_limit(void) { - return BPF_JIT_REGION_SIZE; + return VMALLOC_END - VMALLOC_START; } void *bpf_jit_alloc_exec(unsigned long size) { - return __vmalloc_node_range(size, PAGE_SIZE, BPF_JIT_REGION_START, - BPF_JIT_REGION_END, GFP_KERNEL, - PAGE_KERNEL, 0, NUMA_NO_NODE, - __builtin_return_address(0)); + return vmalloc(size); } void bpf_jit_free_exec(void *addr) -- 2.40.1

9 months, 2 weeks

5
5
0 0

[PATCH 5.10 000/109] 5.10.222-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.222 release. There are 109 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Jul 2024 06:37:32 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.222-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.222-rc2 Dan Carpenter <dan.carpenter(a)linaro.org> i2c: rcar: fix error code in probe() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: clear NO_RXDMA flag after resetting Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: ensure Gen3+ reset does not disturb local targets Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: introduce Gen4 devices Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: reset controller is mandatory for Gen3+ Geert Uytterhoeven <geert+renesas(a)glider.be> i2c: rcar: Add R-Car Gen4 support Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: mark HostNotify target address as used Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: rcar: bring hardware to known state when probing Russell King <russell.king(a)oracle.com> arm64/bpf: Remove 128MB limit for BPF JIT programs Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix kernel bug on rename operation of broken directory Eduard Zingerman <eddyz87(a)gmail.com> bpf: Allow reads from uninit stack Eric Dumazet <edumazet(a)google.com> ipv6: prevent NULL dereference in ip6_output() Eric Dumazet <edumazet(a)google.com> ipv6: annotate data-races around cnf.disable_ipv6 Ard Biesheuvel <ardb(a)kernel.org> efi: ia64: move IA64-only declarations to new asm/efi.h header Jim Mattson <jmattson(a)google.com> x86/retpoline: Move a NOENDBR annotation to the SRSO dummy return thunk Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: send: annotate intentional data race in checking empty queue Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: queueing: annotate intentional data race in cpu round robin Helge Deller <deller(a)kernel.org> wireguard: allowedips: avoid unaligned 64-bit memory accesses Ilya Dryomov <idryomov(a)gmail.com> libceph: fix race between delayed_work() and ceph_monc_stop() Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> ALSA: hda/realtek: Limit mic boost on VAIO PRO PX Nazar Bilinskyi <nbilinskyi(a)gmail.com> ALSA: hda/realtek: Enable Mute LED on HP 250 G7 Joy Chakraborty <joychakr(a)google.com> nvmem: meson-efuse: Fix return value of nvmem callbacks He Zhe <zhe.he(a)windriver.com> hpet: Support 32-bit userspace Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Lee Jones <lee(a)kernel.org> usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() WangYuli <wangyuli(a)uniontech.com> USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k Dmitry Smirnov <d.smirnov(a)inbox.lv> USB: serial: mos7840: fix crash on resume Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW350-GL variants Mank Wang <mank.wang(a)netprisma.us> USB: serial: option: add Netprisma LCUK54 series modules Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add support for Foxconn T99W651 Bjørn Mork <bjorn(a)mork.no> USB: serial: option: add Fibocom FM350-GL Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN912 rmnet compositions Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit generic core-dump composition Ronald Wahl <ronald.wahl(a)raritan.com> net: ks8851: Fix potential TX stall after interface reopen Eric Dumazet <edumazet(a)google.com> tcp: avoid too many retransmit packets Eric Dumazet <edumazet(a)google.com> tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() Michal Mazur <mmazur2(a)marvell.com> octeontx2-af: fix detection of IP layer Chen Ni <nichen(a)iscas.ac.cn> ARM: davinci: Convert comma to semicolon Sven Schnelle <svens(a)linux.ibm.com> s390: Mark psw in __load_psw_mask() as __unitialized Chengen Du <chengen.du(a)canonical.com> net/sched: Fix UAF when resolving a clash Kuniyuki Iwashima <kuniyu(a)amazon.com> udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). Oleksij Rempel <linux(a)rempel-privat.de> ethtool: netlink: do not return SQI value if link is down Dmitry Antipov <dmantipov(a)yandex.ru> ppp: reject claimed-as-LCP but actually malformed packets Aleksander Jan Bajkowski <olek2(a)wp.pl> net: ethernet: lantiq_etop: fix double free in detach Aleksander Jan Bajkowski <olek2(a)wp.pl> net: lantiq_etop: add blank line after declaration Aleksandr Mishin <amishin(a)t-argos.ru> octeontx2-af: Fix incorrect value output on error path in rvu_check_rsrc_availability() Neal Cardwell <ncardwell(a)google.com> tcp: fix incorrect undo caused by DSACK of TLP retransmit Brian Foster <bfoster(a)redhat.com> vfs: don't mod negative dentry count when on shrinker list linke li <lilinke99(a)qq.com> fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading Jeff Layton <jlayton(a)kernel.org> filelock: fix potential use-after-free in posix_lock_inode Waiman Long <longman(a)redhat.com> mm: prevent derefencing NULL ptr in pfn_section_valid() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix incorrect inode allocation from reserved inodes Masahiro Yamada <masahiroy(a)kernel.org> kbuild: fix short log for AS in link-vmlinux.sh Sagi Grimberg <sagi(a)grimberg.me> nvmet: fix a possible leak when destroy a ctrl during qp establishment hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro hmtheboy154 <buingoc67(a)gmail.com> platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6" tablet Kundan Kumar <kundan.kumar(a)samsung.com> nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset Nilay Shroff <nilay(a)linux.ibm.com> nvme-multipath: find NUMA path only for online numa-node Jian-Hong Pan <jhp(a)endlessos.org> ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 Piotr Wojtaszczyk <piotr.wojtaszczyk(a)timesys.com> i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr Mauro Carvalho Chehab <mchehab(a)kernel.org> media: dw2102: fix a potential buffer overflow GUO Zihua <guozihua(a)huawei.com> ima: Avoid blocking in RCU read-side critical section Wang Yufen <wangyufen(a)huawei.com> bpf, sockmap: Fix sk->sk_forward_alloc warn_on in sk_stream_kill_queues Ghadi Elie Rahme <ghadi.rahme(a)canonical.com> bnx2x: Fix multiple UBSAN array-index-out-of-bounds Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: Bypass a couple of sanity checks during NAND identification Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/atomfirmware: silence UBSAN warning Ma Ke <make24(a)iscas.ac.cn> drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes Jan Kara <jack(a)suse.cz> Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Jan Kara <jack(a)suse.cz> fsnotify: Do not generate events for O_PATH file descriptors Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct Zijun Hu <quic_zijuhu(a)quicinc.com> Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Jan Kara <jack(a)suse.cz> mm: avoid overflows in dirty throttling logic Jinliang Zheng <alexjlzheng(a)tencent.com> mm: optimize the redundant loop of mm_update_owner_next() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: add missing check for inode numbers on directory entries Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix inode number range checks Shigeru Yoshida <syoshida(a)redhat.com> inet_diag: Initialize pad field in struct inet_diag_req_v2 Zijian Zhang <zijianzhang(a)bytedance.com> selftests: make order checking verbose in msg_zerocopy selftest Zijian Zhang <zijianzhang(a)bytedance.com> selftests: fix OOM in msg_zerocopy selftest Sam Sun <samsun1006219(a)gmail.com> bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() Jozef Hopko <jozef.hopko(a)altana.com> wifi: wilc1000: fix ies_len type in connect path Jakub Kicinski <kuba(a)kernel.org> tcp_metrics: validate source addr length Neal Cardwell <ncardwell(a)google.com> UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() Holger Dengler <dengler(a)linux.ibm.com> s390/pkey: Wipe sensitive data on failure Wang Yong <wang.yong12(a)zte.com.cn> jffs2: Fix potential illegal address access in jffs2_free_inode Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD Greg Kurz <groug(a)kaod.org> powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" Mickaël Salaün <mic(a)digikod.net> kunit: Fix timeout message Mike Marshall <hubcap(a)omnibond.com> orangefs: fix out-of-bounds fsid access Michael Ellerman <mpe(a)ellerman.id.au> powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Annotate apanel_addr as __ro_after_init Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda10048: Fix integer overflow Ricardo Ribalda <ribalda(a)chromium.org> media: s2255: Use refcount_t instead of atomic_t for num_channels Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-frontends: tda18271c2dd: Remove casting during div Simon Horman <horms(a)kernel.org> net: dsa: mv88e6xxx: Correct check for empty list Erick Archer <erick.archer(a)outlook.com> Input: ff-core - prefer struct_size over open coded arithmetic Jean Delvare <jdelvare(a)suse.de> firmware: dmi: Stop decoding on broken entry Erick Archer <erick.archer(a)outlook.com> sctp: prefer struct_size over open coded arithmetic Michael Bunk <micha(a)freedict.org> media: dw2102: Don't translate i2c read into write Alex Hung <alex.hung(a)amd.com> drm/amd/display: Skip finding free audio for unknown engine_id Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check pipe offset before setting vblank Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check index msg_id before read or write Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Initialize timestamp for some legacy SOCs Hailey Mothershead <hailmo(a)amazon.com> crypto: aead,cipher - zeroize key buffer after use John Meneghini <jmeneghi(a)redhat.com> scsi: qedf: Make qedf_execute_tmf() non-preemptible Michael Guralnik <michaelgur(a)nvidia.com> IB/core: Implement a limit on UMAD receive List Ricardo Ribalda <ribalda(a)chromium.org> media: dvb-usb: dib0700_devices: Add missing release_firmware() Ricardo Ribalda <ribalda(a)chromium.org> media: dvb: as102-fe: Fix as10x_register_addr packing Erico Nunes <nunes.erico(a)gmail.com> drm/lima: fix shared irq handling on driver remove Heiko Carstens <hca(a)linux.ibm.com> Compiler Attributes: Add __uninitialized macro ------------- Diffstat: Makefile | 4 +- arch/arm/mach-davinci/pm.c | 2 +- arch/arm64/include/asm/extable.h | 9 - arch/arm64/include/asm/memory.h | 5 +- arch/arm64/kernel/traps.c | 2 +- arch/arm64/mm/extable.c | 3 +- arch/arm64/mm/ptdump.c | 2 - arch/arm64/net/bpf_jit_comp.c | 7 +- arch/ia64/include/asm/efi.h | 13 ++ arch/ia64/kernel/efi.c | 1 + arch/ia64/kernel/machine_kexec.c | 1 + arch/ia64/kernel/mca.c | 1 + arch/ia64/kernel/smpboot.c | 1 + arch/ia64/kernel/time.c | 1 + arch/ia64/kernel/uncached.c | 4 +- arch/ia64/mm/contig.c | 1 + arch/ia64/mm/discontig.c | 1 + arch/ia64/mm/init.c | 1 + arch/powerpc/include/asm/io.h | 2 +- arch/powerpc/xmon/xmon.c | 6 +- arch/s390/include/asm/processor.h | 2 +- arch/x86/lib/retpoline.S | 2 +- crypto/aead.c | 3 +- crypto/cipher.c | 3 +- drivers/bluetooth/hci_qca.c | 18 +- drivers/char/hpet.c | 34 +++- drivers/firmware/dmi_scan.c | 11 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_irq.c | 8 + drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 3 + .../amd/display/dc/irq/dce110/irq_service_dce110.c | 8 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 8 + drivers/gpu/drm/amd/include/atomfirmware.h | 2 +- drivers/gpu/drm/lima/lima_gp.c | 2 + drivers/gpu/drm/lima/lima_mmu.c | 5 + drivers/gpu/drm/lima/lima_pp.c | 4 + drivers/gpu/drm/nouveau/nouveau_connector.c | 3 + drivers/i2c/busses/i2c-i801.c | 2 +- drivers/i2c/busses/i2c-pnx.c | 48 +---- drivers/i2c/busses/i2c-rcar.c | 66 ++++--- drivers/i2c/i2c-core-base.c | 1 + drivers/infiniband/core/user_mad.c | 21 +- drivers/input/ff-core.c | 7 +- drivers/media/dvb-frontends/as102_fe_types.h | 2 +- drivers/media/dvb-frontends/tda10048.c | 9 +- drivers/media/dvb-frontends/tda18271c2dd.c | 4 +- drivers/media/usb/dvb-usb/dib0700_devices.c | 18 +- drivers/media/usb/dvb-usb/dw2102.c | 120 +++++++----- drivers/media/usb/s2255/s2255drv.c | 20 +- drivers/mtd/nand/raw/nand_base.c | 57 +++--- drivers/net/bonding/bond_options.c | 6 +- drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 4 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x.h | 2 +- drivers/net/ethernet/lantiq_etop.c | 5 +- drivers/net/ethernet/marvell/octeontx2/af/npc.h | 8 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 2 +- drivers/net/ethernet/micrel/ks8851_common.c | 2 +- drivers/net/ppp/ppp_generic.c | 15 ++ drivers/net/wireguard/allowedips.c | 4 +- drivers/net/wireguard/queueing.h | 4 +- drivers/net/wireguard/send.c | 2 +- drivers/net/wireless/microchip/wilc1000/hif.c | 3 +- drivers/nvme/host/multipath.c | 2 +- drivers/nvme/host/pci.c | 3 +- drivers/nvme/target/core.c | 9 + drivers/nvmem/meson-efuse.c | 14 +- drivers/platform/x86/touchscreen_dmi.c | 36 ++++ drivers/s390/crypto/pkey_api.c | 4 +- drivers/scsi/qedf/qedf_io.c | 6 +- drivers/usb/core/config.c | 18 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/configfs.c | 3 + drivers/usb/serial/mos7840.c | 45 +++++ drivers/usb/serial/option.c | 38 ++++ fs/dcache.c | 12 +- fs/jffs2/super.c | 1 + fs/locks.c | 2 +- fs/nilfs2/alloc.c | 18 +- fs/nilfs2/alloc.h | 4 +- fs/nilfs2/dat.c | 2 +- fs/nilfs2/dir.c | 38 +++- fs/nilfs2/ifile.c | 7 +- fs/nilfs2/nilfs.h | 10 +- fs/nilfs2/the_nilfs.c | 6 + fs/nilfs2/the_nilfs.h | 2 +- fs/orangefs/super.c | 3 +- include/linux/bpf.h | 1 + include/linux/compiler_attributes.h | 12 ++ include/linux/efi.h | 6 - include/linux/fsnotify.h | 8 +- include/linux/lsm_hook_defs.h | 2 +- include/linux/mmzone.h | 3 +- include/linux/security.h | 5 +- include/linux/skmsg.h | 1 + kernel/auditfilter.c | 5 +- kernel/bpf/verifier.c | 11 +- kernel/exit.c | 2 + lib/kunit/try-catch.c | 3 +- mm/page-writeback.c | 32 +++- net/ceph/mon_client.c | 14 +- net/core/skmsg.c | 1 + net/core/sock_map.c | 22 +++ net/ethtool/linkstate.c | 41 ++-- net/ipv4/inet_diag.c | 2 + net/ipv4/tcp_bpf.c | 1 + net/ipv4/tcp_input.c | 13 +- net/ipv4/tcp_metrics.c | 1 + net/ipv4/tcp_timer.c | 31 ++- net/ipv4/udp.c | 4 +- net/ipv6/addrconf.c | 9 +- net/ipv6/ip6_input.c | 2 +- net/ipv6/ip6_output.c | 2 +- net/sched/act_ct.c | 8 + net/sctp/socket.c | 7 +- scripts/link-vmlinux.sh | 2 +- security/apparmor/audit.c | 6 +- security/apparmor/include/audit.h | 2 +- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_policy.c | 15 +- security/security.c | 6 +- security/selinux/include/audit.h | 4 +- security/selinux/ss/services.c | 5 +- security/smack/smack_lsm.c | 4 +- sound/pci/hda/patch_realtek.c | 12 ++ tools/lib/bpf/bpf_core_read.h | 1 + .../selftests/bpf/progs/test_global_func10.c | 31 +++ tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../selftests/bpf/verifier/helper_access_var_len.c | 104 ++++++---- tools/testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- tools/testing/selftests/bpf/verifier/spill_fill.c | 211 +++++++++++++++++++++ tools/testing/selftests/bpf/verifier/var_off.c | 52 ----- tools/testing/selftests/net/msg_zerocopy.c | 14 +- 134 files changed, 1215 insertions(+), 469 deletions(-)

9 months, 2 weeks

7
7
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror