- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] eventfs: Have "events" directory get permissions from its" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d57cf30c4c07837799edec949102b0adf58bae79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-sediment-viewable-33bc@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d57cf30c4c07 ("eventfs: Have "events" directory get permissions from its parent") d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d57cf30c4c07837799edec949102b0adf58bae79 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:27 -0400 Subject: [PATCH] eventfs: Have "events" directory get permissions from its parent The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.161887248@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; + + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] eventfs: Have "events" directory get permissions from its" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d57cf30c4c07837799edec949102b0adf58bae79 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051329-cringing-recast-3368@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d57cf30c4c07 ("eventfs: Have "events" directory get permissions from its parent") d53891d348ac ("eventfs: Do not differentiate the toplevel events directory") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 99c001cb617d ("tracefs: Avoid using the ei->dentry pointer unnecessarily") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d57cf30c4c07837799edec949102b0adf58bae79 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:27 -0400 Subject: [PATCH] eventfs: Have "events" directory get permissions from its parent The events directory gets its permissions from the root inode. But this can cause an inconsistency if the instances directory changes its permissions, as the permissions of the created directories under it should inherit the permissions of the instances directory when directories under it are created. Currently the behavior is: # cd /sys/kernel/tracing # chgrp 1002 instances # mkdir instances/foo # ls -l instances/foo [..] -r--r----- 1 root lkp 0 May 1 18:55 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 18:55 current_tracer -rw-r----- 1 root lkp 0 May 1 18:55 error_log drwxr-xr-x 1 root root 0 May 1 18:55 events --w------- 1 root lkp 0 May 1 18:55 free_buffer drwxr-x--- 2 root lkp 0 May 1 18:55 options drwxr-x--- 10 root lkp 0 May 1 18:55 per_cpu -rw-r----- 1 root lkp 0 May 1 18:55 set_event All the files and directories under "foo" has the "lkp" group except the "events" directory. That's because its getting its default value from the mount point instead of its parent. Have the "events" directory make its default value based on its parent's permissions. That now gives: # ls -l instances/foo [..] -rw-r----- 1 root lkp 0 May 1 21:16 buffer_subbuf_size_kb -r--r----- 1 root lkp 0 May 1 21:16 buffer_total_size_kb -rw-r----- 1 root lkp 0 May 1 21:16 current_tracer -rw-r----- 1 root lkp 0 May 1 21:16 error_log drwxr-xr-x 1 root lkp 0 May 1 21:16 events --w------- 1 root lkp 0 May 1 21:16 free_buffer drwxr-x--- 2 root lkp 0 May 1 21:16 options drwxr-x--- 10 root lkp 0 May 1 21:16 per_cpu -rw-r----- 1 root lkp 0 May 1 21:16 set_event Link: https://lore.kernel.org/linux-trace-kernel/20240502200906.161887248@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 8186fff7ab649 ("tracefs/eventfs: Use root and instance inodes as default ownership") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 6e08405892ae..a878cea70f4c 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -37,6 +37,7 @@ static DEFINE_MUTEX(eventfs_mutex); struct eventfs_root_inode { struct eventfs_inode ei; + struct inode *parent_inode; struct dentry *events_dir; }; @@ -226,12 +227,23 @@ static int eventfs_set_attr(struct mnt_idmap *idmap, struct dentry *dentry, static void update_events_attr(struct eventfs_inode *ei, struct super_block *sb) { - struct inode *root; + struct eventfs_root_inode *rei; + struct inode *parent; - /* Get the tracefs root inode. */ - root = d_inode(sb->s_root); - ei->attr.uid = root->i_uid; - ei->attr.gid = root->i_gid; + rei = get_root_inode(ei); + + /* Use the parent inode permissions unless root set its permissions */ + parent = rei->parent_inode; + + if (rei->ei.attr.mode & EVENTFS_SAVE_UID) + ei->attr.uid = rei->ei.attr.uid; + else + ei->attr.uid = parent->i_uid; + + if (rei->ei.attr.mode & EVENTFS_SAVE_GID) + ei->attr.gid = rei->ei.attr.gid; + else + ei->attr.gid = parent->i_gid; } static void set_top_events_ownership(struct inode *inode) @@ -817,6 +829,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry // Note: we have a ref to the dentry from tracefs_start_creating() rei = get_root_inode(ei); rei->events_dir = dentry; + rei->parent_inode = d_inode(dentry->d_sb->s_root); ei->entries = entries; ei->nr_entries = size; @@ -826,10 +839,15 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry uid = d_inode(dentry->d_parent)->i_uid; gid = d_inode(dentry->d_parent)->i_gid; - /* This is used as the default ownership of the files and directories */ ei->attr.uid = uid; ei->attr.gid = gid; + /* + * When the "events" directory is created, it takes on the + * permissions of its parent. But can be reset on remount. + */ + ei->attr.mode |= EVENTFS_SAVE_UID | EVENTFS_SAVE_GID; + INIT_LIST_HEAD(&ei->children); INIT_LIST_HEAD(&ei->list);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] eventfs/tracing: Add callback for release of an eventfs_inode" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x b63db58e2fa5d6963db9c45df88e60060f0ff35f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-ranting-skydiver-968e@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b63db58e2fa5d6963db9c45df88e60060f0ff35f Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 09:03:15 -0400 Subject: [PATCH] eventfs/tracing: Add callback for release of an eventfs_inode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synthetic events create and destroy tracefs files when they are created and removed. The tracing subsystem has its own file descriptor representing the state of the events attached to the tracefs files. There's a race between the eventfs files and this file descriptor of the tracing system where the following can cause an issue: With two scripts 'A' and 'B' doing: Script 'A': echo "hello int aaa" > /sys/kernel/tracing/synthetic_events while : do echo 0 > /sys/kernel/tracing/events/synthetic/hello/enable done Script 'B': echo > /sys/kernel/tracing/synthetic_events Script 'A' creates a synthetic event "hello" and then just writes zero into its enable file. Script 'B' removes all synthetic events (including the newly created "hello" event). What happens is that the opening of the "enable" file has: { struct trace_event_file *file = inode->i_private; int ret; ret = tracing_check_open_get_tr(file->tr); [..] But deleting the events frees the "file" descriptor, and a "use after free" happens with the dereference at "file->tr". The file descriptor does have a reference counter, but there needs to be a way to decrement it from the eventfs when the eventfs_inode is removed that represents this file descriptor. Add an optional "release" callback to the eventfs_entry array structure, that gets called when the eventfs file is about to be removed. This allows for the creating on the eventfs file to increment the tracing file descriptor ref counter. When the eventfs file is deleted, it can call the release function that will call the put function for the tracing file descriptor. This will protect the tracing file from being freed while a eventfs file that references it is being opened. Link: https://lore.kernel.org/linux-trace-kernel/20240426073410.17154-1-Tze-nan.W… Link: https://lore.kernel.org/linux-trace-kernel/20240502090315.448cba46@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") Reported-by: Tze-nan wu <Tze-nan.Wu(a)mediatek.com> Tested-by: Tze-nan Wu (吳澤南) <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 894c6ca1e500..f5510e26f0f6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -84,10 +84,17 @@ enum { static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); + const struct eventfs_entry *entry; struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); + for (int i = 0; i < ei->nr_entries; i++) { + entry = &ei->entries[i]; + if (entry->release) + entry->release(entry->name, ei->data); + } + kfree(ei->entry_attrs); kfree_const(ei->name); if (ei->is_events) { @@ -112,6 +119,18 @@ static inline void free_ei(struct eventfs_inode *ei) } } +/* + * Called when creation of an ei fails, do not call release() functions. + */ +static inline void cleanup_ei(struct eventfs_inode *ei) +{ + if (ei) { + /* Set nr_entries to 0 to prevent release() function being called */ + ei->nr_entries = 0; + free_ei(ei); + } +} + static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei) { if (ei) @@ -734,7 +753,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { - free_ei(ei); + cleanup_ei(ei); ei = NULL; } return ei; @@ -835,7 +854,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry return ei; fail: - free_ei(ei); + cleanup_ei(ei); tracefs_failed_creating(dentry); return ERR_PTR(-ENOMEM); } diff --git a/include/linux/tracefs.h b/include/linux/tracefs.h index 7a5fe17b6bf9..d03f74658716 100644 --- a/include/linux/tracefs.h +++ b/include/linux/tracefs.h @@ -62,6 +62,8 @@ struct eventfs_file; typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, const struct file_operations **fops); +typedef void (*eventfs_release)(const char *name, void *data); + /** * struct eventfs_entry - dynamically created eventfs file call back handler * @name: Then name of the dynamic file in an eventfs directory @@ -72,6 +74,7 @@ typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, struct eventfs_entry { const char *name; eventfs_callback callback; + eventfs_release release; }; struct eventfs_inode; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 52f75c36bbca..6ef29eba90ce 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2552,6 +2552,14 @@ static int event_callback(const char *name, umode_t *mode, void **data, return 0; } +/* The file is incremented on creation and freeing the enable file decrements it */ +static void event_release(const char *name, void *data) +{ + struct trace_event_file *file = data; + + event_file_put(file); +} + static int event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { @@ -2566,6 +2574,7 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { .name = "enable", .callback = event_callback, + .release = event_release, }, { .name = "filter", @@ -2634,6 +2643,9 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) return ret; } + /* Gets decremented on freeing of the "enable" file */ + event_file_get(file); + return 0; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] eventfs/tracing: Add callback for release of an eventfs_inode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b63db58e2fa5d6963db9c45df88e60060f0ff35f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-relight-stoop-214c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") 493ec81a8fb8 ("eventfs: Stop using dcache_readdir() for getdents()") b0f7e2d739b4 ("eventfs: Remove "lookup" parameter from create_dir/file_dentry()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b63db58e2fa5d6963db9c45df88e60060f0ff35f Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 09:03:15 -0400 Subject: [PATCH] eventfs/tracing: Add callback for release of an eventfs_inode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Synthetic events create and destroy tracefs files when they are created and removed. The tracing subsystem has its own file descriptor representing the state of the events attached to the tracefs files. There's a race between the eventfs files and this file descriptor of the tracing system where the following can cause an issue: With two scripts 'A' and 'B' doing: Script 'A': echo "hello int aaa" > /sys/kernel/tracing/synthetic_events while : do echo 0 > /sys/kernel/tracing/events/synthetic/hello/enable done Script 'B': echo > /sys/kernel/tracing/synthetic_events Script 'A' creates a synthetic event "hello" and then just writes zero into its enable file. Script 'B' removes all synthetic events (including the newly created "hello" event). What happens is that the opening of the "enable" file has: { struct trace_event_file *file = inode->i_private; int ret; ret = tracing_check_open_get_tr(file->tr); [..] But deleting the events frees the "file" descriptor, and a "use after free" happens with the dereference at "file->tr". The file descriptor does have a reference counter, but there needs to be a way to decrement it from the eventfs when the eventfs_inode is removed that represents this file descriptor. Add an optional "release" callback to the eventfs_entry array structure, that gets called when the eventfs file is about to be removed. This allows for the creating on the eventfs file to increment the tracing file descriptor ref counter. When the eventfs file is deleted, it can call the release function that will call the put function for the tracing file descriptor. This will protect the tracing file from being freed while a eventfs file that references it is being opened. Link: https://lore.kernel.org/linux-trace-kernel/20240426073410.17154-1-Tze-nan.W… Link: https://lore.kernel.org/linux-trace-kernel/20240502090315.448cba46@gandalf.… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Fixes: 5790b1fb3d672 ("eventfs: Remove eventfs_file and just use eventfs_inode") Reported-by: Tze-nan wu <Tze-nan.Wu(a)mediatek.com> Tested-by: Tze-nan Wu (吳澤南) <Tze-nan.Wu(a)mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index 894c6ca1e500..f5510e26f0f6 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -84,10 +84,17 @@ enum { static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); + const struct eventfs_entry *entry; struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); + for (int i = 0; i < ei->nr_entries; i++) { + entry = &ei->entries[i]; + if (entry->release) + entry->release(entry->name, ei->data); + } + kfree(ei->entry_attrs); kfree_const(ei->name); if (ei->is_events) { @@ -112,6 +119,18 @@ static inline void free_ei(struct eventfs_inode *ei) } } +/* + * Called when creation of an ei fails, do not call release() functions. + */ +static inline void cleanup_ei(struct eventfs_inode *ei) +{ + if (ei) { + /* Set nr_entries to 0 to prevent release() function being called */ + ei->nr_entries = 0; + free_ei(ei); + } +} + static inline struct eventfs_inode *get_ei(struct eventfs_inode *ei) { if (ei) @@ -734,7 +753,7 @@ struct eventfs_inode *eventfs_create_dir(const char *name, struct eventfs_inode /* Was the parent freed? */ if (list_empty(&ei->list)) { - free_ei(ei); + cleanup_ei(ei); ei = NULL; } return ei; @@ -835,7 +854,7 @@ struct eventfs_inode *eventfs_create_events_dir(const char *name, struct dentry return ei; fail: - free_ei(ei); + cleanup_ei(ei); tracefs_failed_creating(dentry); return ERR_PTR(-ENOMEM); } diff --git a/include/linux/tracefs.h b/include/linux/tracefs.h index 7a5fe17b6bf9..d03f74658716 100644 --- a/include/linux/tracefs.h +++ b/include/linux/tracefs.h @@ -62,6 +62,8 @@ struct eventfs_file; typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, const struct file_operations **fops); +typedef void (*eventfs_release)(const char *name, void *data); + /** * struct eventfs_entry - dynamically created eventfs file call back handler * @name: Then name of the dynamic file in an eventfs directory @@ -72,6 +74,7 @@ typedef int (*eventfs_callback)(const char *name, umode_t *mode, void **data, struct eventfs_entry { const char *name; eventfs_callback callback; + eventfs_release release; }; struct eventfs_inode; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 52f75c36bbca..6ef29eba90ce 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -2552,6 +2552,14 @@ static int event_callback(const char *name, umode_t *mode, void **data, return 0; } +/* The file is incremented on creation and freeing the enable file decrements it */ +static void event_release(const char *name, void *data) +{ + struct trace_event_file *file = data; + + event_file_put(file); +} + static int event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { @@ -2566,6 +2574,7 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) { .name = "enable", .callback = event_callback, + .release = event_release, }, { .name = "filter", @@ -2634,6 +2643,9 @@ event_create_dir(struct eventfs_inode *parent, struct trace_event_file *file) return ret; } + /* Gets decremented on freeing of the "enable" file */ + event_file_get(file); + return 0; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] eventfs: Free all of the eventfs_inode after RCU" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x ee4e0379475e4fe723986ae96293e465014fa8d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051314-unwilling-outmatch-c624@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: ee4e0379475e ("eventfs: Free all of the eventfs_inode after RCU") b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee4e0379475e4fe723986ae96293e465014fa8d9 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:22 -0400 Subject: [PATCH] eventfs: Free all of the eventfs_inode after RCU The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.370261163@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei)

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] eventfs: Free all of the eventfs_inode after RCU" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ee4e0379475e4fe723986ae96293e465014fa8d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051313-twilight-disposal-0184@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ee4e0379475e ("eventfs: Free all of the eventfs_inode after RCU") b63db58e2fa5 ("eventfs/tracing: Add callback for release of an eventfs_inode") c3137ab6318d ("eventfs: Create eventfs_root_inode to store dentry") 264424dfdd5c ("eventfs: Restructure eventfs_inode structure to be more condensed") 5a49f996046b ("eventfs: Warn if an eventfs_inode is freed without is_freed being set") 43aa6f97c2d0 ("eventfs: Get rid of dentry pointers without refcounts") 408600be78cd ("eventfs: Remove unused d_parent pointer field") 49304c2b93e4 ("tracefs: dentry lookup crapectomy") 4fa4b010b83f ("eventfs: Initialize the tracefs inode properly") 29142dc92c37 ("tracefs: remove stale 'update_gid' code") 834bf76add3e ("eventfs: Save directory inodes in the eventfs_inode structure") 1057066009c4 ("eventfs: Use kcalloc() instead of kzalloc()") 852e46e239ee ("eventfs: Do not create dentries nor inodes in iterate_shared") 53c41052ba31 ("eventfs: Have the inodes all for files and directories all be the same") 1de94b52d5e8 ("eventfs: Shortcut eventfs_iterate() by skipping entries already read") 704f960dbee2 ("eventfs: Read ei->entries before ei->children in eventfs_iterate()") 1e4624eb5a0e ("eventfs: Do ctx->pos update for all iterations in eventfs_iterate()") e109deadb733 ("eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set") 8186fff7ab64 ("tracefs/eventfs: Use root and instance inodes as default ownership") 493ec81a8fb8 ("eventfs: Stop using dcache_readdir() for getdents()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee4e0379475e4fe723986ae96293e465014fa8d9 Mon Sep 17 00:00:00 2001 From: "Steven Rostedt (Google)" <rostedt(a)goodmis.org> Date: Thu, 2 May 2024 16:08:22 -0400 Subject: [PATCH] eventfs: Free all of the eventfs_inode after RCU The freeing of eventfs_inode via a kfree_rcu() callback. But the content of the eventfs_inode was being freed after the last kref. This is dangerous, as changes are being made that can access the content of an eventfs_inode from an RCU loop. Instead of using kfree_rcu() use call_rcu() that calls a function to do all the freeing of the eventfs_inode after a RCU grace period has expired. Link: https://lore.kernel.org/linux-trace-kernel/20240502200905.370261163@goodmis… Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Cc: Andrew Morton <akpm(a)linux-foundation.org> Fixes: 43aa6f97c2d03 ("eventfs: Get rid of dentry pointers without refcounts") Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> diff --git a/fs/tracefs/event_inode.c b/fs/tracefs/event_inode.c index f5510e26f0f6..cc8b838bbe62 100644 --- a/fs/tracefs/event_inode.c +++ b/fs/tracefs/event_inode.c @@ -73,6 +73,21 @@ enum { #define EVENTFS_MODE_MASK (EVENTFS_SAVE_MODE - 1) +static void free_ei_rcu(struct rcu_head *rcu) +{ + struct eventfs_inode *ei = container_of(rcu, struct eventfs_inode, rcu); + struct eventfs_root_inode *rei; + + kfree(ei->entry_attrs); + kfree_const(ei->name); + if (ei->is_events) { + rei = get_root_inode(ei); + kfree(rei); + } else { + kfree(ei); + } +} + /* * eventfs_inode reference count management. * @@ -85,7 +100,6 @@ static void release_ei(struct kref *ref) { struct eventfs_inode *ei = container_of(ref, struct eventfs_inode, kref); const struct eventfs_entry *entry; - struct eventfs_root_inode *rei; WARN_ON_ONCE(!ei->is_freed); @@ -95,14 +109,7 @@ static void release_ei(struct kref *ref) entry->release(entry->name, ei->data); } - kfree(ei->entry_attrs); - kfree_const(ei->name); - if (ei->is_events) { - rei = get_root_inode(ei); - kfree_rcu(rei, ei.rcu); - } else { - kfree_rcu(ei, rcu); - } + call_rcu(&ei->rcu, free_ei_rcu); } static inline void put_ei(struct eventfs_inode *ei)

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051355-hypnotize-anchor-2de7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") c2a721eead71 ("ksmbd: lazy v2 lease break on smb2_write()") d47d9886aeef ("ksmbd: send v2 lease break notification for directory") eb547407f357 ("ksmbd: downgrade RWH lease caching state to RH for directory") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 4274a9dc6aeb ("ksmbd: separately allocate ci per dentry") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") 5a7ee91d1154 ("ksmbd: fix race condition with fp") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 2b57a4322b1b ("ksmbd: check if a mount point is crossed during path lookup") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 40b268d384a2 ("ksmbd: add mnt_want_write to ksmbd vfs functions") fc6c6a3c324c ("ksmbd: fix out-of-bound read in parse_lease_state()") 6fe55c2799bc ("ksmbd: call putname after using the last component") 36322523dddb ("ksmbd: fix UAF issue from opinfo->conn") df14afeed2e6 ("ksmbd: fix uninitialized pointer read in smb2_create_link()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051354-eastward-undivided-3e1b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") c2a721eead71 ("ksmbd: lazy v2 lease break on smb2_write()") d47d9886aeef ("ksmbd: send v2 lease break notification for directory") eb547407f357 ("ksmbd: downgrade RWH lease caching state to RH for directory") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 4274a9dc6aeb ("ksmbd: separately allocate ci per dentry") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ksmbd: use rwsem instead of rwlock for lease break" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051354-playmaker-preplan-0d22@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d1c189c6cb8b ("ksmbd: use rwsem instead of rwlock for lease break") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d1c189c6cb8b0fb7b5ee549237d27889c40c2f8b Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Thu, 2 May 2024 10:07:50 +0900 Subject: [PATCH] ksmbd: use rwsem instead of rwlock for lease break lease break wait for lease break acknowledgment. rwsem is more suitable than unlock while traversing the list for parent lease break in ->m_op_list. Cc: stable(a)vger.kernel.org Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/oplock.c b/fs/smb/server/oplock.c index 6fd8cb7064dc..c2abf109010d 100644 --- a/fs/smb/server/oplock.c +++ b/fs/smb/server/oplock.c @@ -207,9 +207,9 @@ static void opinfo_add(struct oplock_info *opinfo) { struct ksmbd_inode *ci = opinfo->o_fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_add_rcu(&opinfo->op_entry, &ci->m_op_list); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static void opinfo_del(struct oplock_info *opinfo) @@ -221,9 +221,9 @@ static void opinfo_del(struct oplock_info *opinfo) lease_del_list(opinfo); write_unlock(&lease_list_lock); } - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_del_rcu(&opinfo->op_entry); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); } static unsigned long opinfo_count(struct ksmbd_file *fp) @@ -526,21 +526,18 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, * Compare lease key and client_guid to know request from same owner * of same client */ - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(opinfo, &ci->m_op_list, op_entry) { if (!opinfo->is_lease || !opinfo->conn) continue; - read_unlock(&ci->m_lock); lease = opinfo->o_lease; ret = compare_guid_key(opinfo, client_guid, lctx->lease_key); if (ret) { m_opinfo = opinfo; /* skip upgrading lease about breaking lease */ - if (atomic_read(&opinfo->breaking_cnt)) { - read_lock(&ci->m_lock); + if (atomic_read(&opinfo->breaking_cnt)) continue; - } /* upgrading lease */ if ((atomic_read(&ci->op_count) + @@ -570,9 +567,8 @@ static struct oplock_info *same_client_has_lease(struct ksmbd_inode *ci, lease_none_upgrade(opinfo, lctx->req_state); } } - read_lock(&ci->m_lock); } - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return m_opinfo; } @@ -1114,7 +1110,7 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1132,13 +1128,11 @@ void smb_send_parent_lease_break_noti(struct ksmbd_file *fp, continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } @@ -1159,7 +1153,7 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) if (!p_ci) return; - read_lock(&p_ci->m_lock); + down_read(&p_ci->m_lock); list_for_each_entry(opinfo, &p_ci->m_op_list, op_entry) { if (opinfo->conn == NULL || !opinfo->is_lease) continue; @@ -1173,13 +1167,11 @@ void smb_lazy_parent_lease_break_close(struct ksmbd_file *fp) atomic_dec(&opinfo->conn->r_count); continue; } - read_unlock(&p_ci->m_lock); oplock_break(opinfo, SMB2_OPLOCK_LEVEL_NONE); opinfo_conn_put(opinfo); - read_lock(&p_ci->m_lock); } } - read_unlock(&p_ci->m_lock); + up_read(&p_ci->m_lock); ksmbd_inode_put(p_ci); } diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 30229161b346..b6c5a8ea3887 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -3376,9 +3376,9 @@ int smb2_open(struct ksmbd_work *work) * after daccess, saccess, attrib_only, and stream are * initialized. */ - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_add(&fp->node, &fp->f_ci->m_fp_list); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); /* Check delete pending among previous fp before oplock break */ if (ksmbd_inode_pending_delete(fp)) { diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index fcaf373cc008..474dadf6b7b8 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -646,7 +646,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) * Lookup fp in master fp list, and check desired access and * shared mode between previous open and current open. */ - read_lock(&curr_fp->f_ci->m_lock); + down_read(&curr_fp->f_ci->m_lock); list_for_each_entry(prev_fp, &curr_fp->f_ci->m_fp_list, node) { if (file_inode(filp) != file_inode(prev_fp->filp)) continue; @@ -722,7 +722,7 @@ int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp) break; } } - read_unlock(&curr_fp->f_ci->m_lock); + up_read(&curr_fp->f_ci->m_lock); return rc; } diff --git a/fs/smb/server/vfs_cache.c b/fs/smb/server/vfs_cache.c index 030f70700036..6cb599cd287e 100644 --- a/fs/smb/server/vfs_cache.c +++ b/fs/smb/server/vfs_cache.c @@ -165,7 +165,7 @@ static int ksmbd_inode_init(struct ksmbd_inode *ci, struct ksmbd_file *fp) ci->m_fattr = 0; INIT_LIST_HEAD(&ci->m_fp_list); INIT_LIST_HEAD(&ci->m_op_list); - rwlock_init(&ci->m_lock); + init_rwsem(&ci->m_lock); ci->m_de = fp->filp->f_path.dentry; return 0; } @@ -261,14 +261,14 @@ static void __ksmbd_inode_close(struct ksmbd_file *fp) } if (atomic_dec_and_test(&ci->m_count)) { - write_lock(&ci->m_lock); + down_write(&ci->m_lock); if (ci->m_flags & (S_DEL_ON_CLS | S_DEL_PENDING)) { ci->m_flags &= ~(S_DEL_ON_CLS | S_DEL_PENDING); - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_vfs_unlink(filp); - write_lock(&ci->m_lock); + down_write(&ci->m_lock); } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); ksmbd_inode_free(ci); } @@ -289,9 +289,9 @@ static void __ksmbd_remove_fd(struct ksmbd_file_table *ft, struct ksmbd_file *fp if (!has_file_id(fp->volatile_id)) return; - write_lock(&fp->f_ci->m_lock); + down_write(&fp->f_ci->m_lock); list_del_init(&fp->node); - write_unlock(&fp->f_ci->m_lock); + up_write(&fp->f_ci->m_lock); write_lock(&ft->lock); idr_remove(ft->idr, fp->volatile_id); @@ -523,17 +523,17 @@ struct ksmbd_file *ksmbd_lookup_fd_inode(struct dentry *dentry) if (!ci) return NULL; - read_lock(&ci->m_lock); + down_read(&ci->m_lock); list_for_each_entry(lfp, &ci->m_fp_list, node) { if (inode == file_inode(lfp->filp)) { atomic_dec(&ci->m_count); lfp = ksmbd_fp_get(lfp); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return lfp; } } atomic_dec(&ci->m_count); - read_unlock(&ci->m_lock); + up_read(&ci->m_lock); return NULL; } @@ -705,13 +705,13 @@ static bool session_fd_check(struct ksmbd_tree_connect *tcon, conn = fp->conn; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn != conn) continue; op->conn = NULL; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); fp->conn = NULL; fp->tcon = NULL; @@ -801,13 +801,13 @@ int ksmbd_reopen_durable_fd(struct ksmbd_work *work, struct ksmbd_file *fp) fp->tcon = work->tcon; ci = fp->f_ci; - write_lock(&ci->m_lock); + down_write(&ci->m_lock); list_for_each_entry_rcu(op, &ci->m_op_list, op_entry) { if (op->conn) continue; op->conn = fp->conn; } - write_unlock(&ci->m_lock); + up_write(&ci->m_lock); __open_id(&work->sess->file_table, fp, OPEN_ID_TYPE_VOLATILE_ID); if (!has_file_id(fp->volatile_id)) { diff --git a/fs/smb/server/vfs_cache.h b/fs/smb/server/vfs_cache.h index ed44fb4e18e7..5a225e7055f1 100644 --- a/fs/smb/server/vfs_cache.h +++ b/fs/smb/server/vfs_cache.h @@ -47,7 +47,7 @@ struct stream { }; struct ksmbd_inode { - rwlock_t m_lock; + struct rw_semaphore m_lock; atomic_t m_count; atomic_t op_count; /* opinfo count for streams */

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051340-destitute-overlaid-3681@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") 84b0f12a953c ("pvpanic: Indentation fixes here and there") cc5b392d0f94 ("pvpanic: Fix typos in the comments") 33a430419456 ("pvpanic: Keep single style across modules") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051340-puma-unshaven-405c@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] misc/pvpanic-pci: register attributes via pci_driver" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051339-strut-alienable-25c7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: ee59be35d7a8 ("misc/pvpanic-pci: register attributes via pci_driver") c1426d392aeb ("misc/pvpanic: deduplicate common code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ee59be35d7a8be7fcaa2d61fb89734ab5c25e4ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <linux(a)weissschuh.net> Date: Thu, 11 Apr 2024 23:33:51 +0200 Subject: [PATCH] misc/pvpanic-pci: register attributes via pci_driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In __pci_register_driver(), the pci core overwrites the dev_groups field of the embedded struct device_driver with the dev_groups from the outer struct pci_driver unconditionally. Set dev_groups in the pci_driver to make sure it is used. This was broken since the introduction of pvpanic-pci. Fixes: db3a4f0abefd ("misc/pvpanic: add PCI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> Fixes: ded13b9cfd59 ("PCI: Add support for dev_groups to struct pci_driver") Link: https://lore.kernel.org/r/20240411-pvpanic-pci-dev-groups-v1-1-db8cb69f1b09… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/pvpanic/pvpanic-pci.c b/drivers/misc/pvpanic/pvpanic-pci.c index 9ad20e82785b..b21598a18f6d 100644 --- a/drivers/misc/pvpanic/pvpanic-pci.c +++ b/drivers/misc/pvpanic/pvpanic-pci.c @@ -44,8 +44,6 @@ static struct pci_driver pvpanic_pci_driver = { .name = "pvpanic-pci", .id_table = pvpanic_pci_id_tbl, .probe = pvpanic_pci_probe, - .driver = { - .dev_groups = pvpanic_dev_groups, - }, + .dev_groups = pvpanic_dev_groups, }; module_pci_driver(pvpanic_pci_driver);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 819fe8c96a5172dfd960e5945e8f00f8fed32953 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051326-filter-stoplight-c8cc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 819fe8c96a51 ("arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration") 028fe09cda0a ("arm64: dts: qcom: sm8150: align TLMM pin configuration with DT schema") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 819fe8c96a5172dfd960e5945e8f00f8fed32953 Mon Sep 17 00:00:00 2001 From: Volodymyr Babchuk <Volodymyr_Babchuk(a)epam.com> Date: Fri, 12 Apr 2024 19:03:25 +0000 Subject: [PATCH] arm64: dts: qcom: sa8155p-adp: fix SDHC2 CD pin configuration There are two issues with SDHC2 configuration for SA8155P-ADP, which prevent use of SDHC2 and causes issues with ethernet: - Card Detect pin for SHDC2 on SA8155P-ADP is connected to gpio4 of PMM8155AU_1, not to SoC itself. SoC's gpio4 is used for DWMAC TX. If sdhc driver probes after dwmac driver, it reconfigures gpio4 and this breaks Ethernet MAC. - pinctrl configuration mentions gpio96 as CD pin. It seems it was copied from some SM8150 example, because as mentioned above, correct CD pin is gpio4 on PMM8155AU_1. This patch fixes both mentioned issues by providing correct pin handle and pinctrl configuration. Fixes: 0deb2624e2d0 ("arm64: dts: qcom: sa8155p-adp: Add support for uSD card") Cc: stable(a)vger.kernel.org Signed-off-by: Volodymyr Babchuk <volodymyr_babchuk(a)epam.com> Reviewed-by: Stephan Gerhold <stephan(a)gerhold.net> Link: https://lore.kernel.org/r/20240412190310.1647893-1-volodymyr_babchuk@epam.c… Signed-off-by: Bjorn Andersson <andersson(a)kernel.org> diff --git a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts index 5e4287f8c8cd..b2cf2c988336 100644 --- a/arch/arm64/boot/dts/qcom/sa8155p-adp.dts +++ b/arch/arm64/boot/dts/qcom/sa8155p-adp.dts @@ -367,6 +367,16 @@ queue0 { }; }; +&pmm8155au_1_gpios { + pmm8155au_1_sdc2_cd: sdc2-cd-default-state { + pins = "gpio4"; + function = "normal"; + input-enable; + bias-pull-up; + power-source = <0>; + }; +}; + &qupv3_id_1 { status = "okay"; }; @@ -384,10 +394,10 @@ &remoteproc_cdsp { &sdhc_2 { status = "okay"; - cd-gpios = <&tlmm 4 GPIO_ACTIVE_LOW>; + cd-gpios = <&pmm8155au_1_gpios 4 GPIO_ACTIVE_LOW>; pinctrl-names = "default", "sleep"; - pinctrl-0 = <&sdc2_on>; - pinctrl-1 = <&sdc2_off>; + pinctrl-0 = <&sdc2_on &pmm8155au_1_sdc2_cd>; + pinctrl-1 = <&sdc2_off &pmm8155au_1_sdc2_cd>; vqmmc-supply = <&vreg_l13c_2p96>; /* IO line power */ vmmc-supply = <&vreg_l17a_2p96>; /* Card power line */ bus-width = <4>; @@ -505,13 +515,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <16>; /* 16 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; sdc2_off: sdc2-off-state { @@ -532,13 +535,6 @@ data-pins { bias-pull-up; /* pull up */ drive-strength = <2>; /* 2 MA */ }; - - sd-cd-pins { - pins = "gpio96"; - function = "gpio"; - bias-pull-up; /* pull up */ - drive-strength = <2>; /* 2 MA */ - }; }; usb2phy_ac_en1_default: usb2phy-ac-en1-default-state {

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-sudden-directed-5647@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051306-spender-monotone-7bf7@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-onslaught-twins-2da3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") 712343cd21ea ("drm/amd/display: Add function and debugfs to dump DCC_EN bit") 46a83eba276c ("drm/amd/display: Add debugfs to control DMUB trace buffer events") 0dd795323405 ("drm/amdgpu/display: Implement functions to let DC allocate GPU memory") 0b7421f0a6a4 ("drm/amd/display: Old sequence for HUBP blank") e7a30ade740f ("Revert "drm/amd/display: Unblank hubp based on plane visibility"") afd3a359c452 ("drm/amd/display: do not use drm middle layer for debugfs") dbb7898ac1bc ("drm/amd/display: Drop SOC bounding box hookup in DM/DC") d209124ddae3 ("drm/amd/display: enable HUBP blank behaviour") 985faf2c4ecb ("drm/amd/display: New sequence for HUBP blank") fd1c85d3ac2c ("drm/amd/display: Unblank hubp based on plane visibility") 5a83bf80723d ("drm/amd/display: Use provided offset for DPG generation") 9a3e698c0758 ("drm/amd/display: init soc bounding box for dcn3.01.") 20f2ffe50472 ("drm/amdgpu: fold CONFIG_DRM_AMD_DC_DCN3* into CONFIG_DRM_AMD_DC_DCN (v3)") 4dbcdc9cada2 ("drm/amd/display: fix the NULL pointer that missed set_disp_pattern_generator callback") b15bfd0d8613 ("drm/amd/display: Revert HUBP blank behaviour for now") dbf5256bbf19 ("drm/amd/display: Blank HUBP during pixel data blank for DCN30 v2") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-resonant-pruning-3657@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") e3b0079be8f0 ("drm/amd/display: Clean up some inconsistent indenting") 5d5c6dba2b43 ("drm/amd/display: Fix memory leak") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix incorrect DSC instance for MST" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 892b41b16f6163e6556545835abba668fcab4eea # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-ribcage-visor-6e15@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 892b41b16f61 ("drm/amd/display: Fix incorrect DSC instance for MST") f8e12e770e80 ("drm/amd/display: drop unnecessary NULL checks in debugfs") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 892b41b16f6163e6556545835abba668fcab4eea Mon Sep 17 00:00:00 2001 From: Hersen Wu <hersenxs.wu(a)amd.com> Date: Tue, 13 Feb 2024 14:26:06 -0500 Subject: [PATCH] drm/amd/display: Fix incorrect DSC instance for MST [Why] DSC debugfs, such as dp_dsc_clock_en_read, use aconnector->dc_link to find pipe_ctx for display. Displays connected to MST hub share the same dc_link. DSC instance is from pipe_ctx. This causes incorrect DSC instance for display connected to MST hub. [How] Add aconnector->sink check to find pipe_ctx. CC: stable(a)vger.kernel.org Reviewed-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Hersen Wu <hersenxs.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c index eee4945653e2..c7715a17f388 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c @@ -1495,7 +1495,9 @@ static ssize_t dp_dsc_clock_en_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1596,7 +1598,9 @@ static ssize_t dp_dsc_clock_en_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1681,7 +1685,9 @@ static ssize_t dp_dsc_slice_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1780,7 +1786,9 @@ static ssize_t dp_dsc_slice_width_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1865,7 +1873,9 @@ static ssize_t dp_dsc_slice_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -1964,7 +1974,9 @@ static ssize_t dp_dsc_slice_height_write(struct file *f, const char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2045,7 +2057,9 @@ static ssize_t dp_dsc_bits_per_pixel_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2141,7 +2155,9 @@ static ssize_t dp_dsc_bits_per_pixel_write(struct file *f, const char __user *bu for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2220,7 +2236,9 @@ static ssize_t dp_dsc_pic_width_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2276,7 +2294,9 @@ static ssize_t dp_dsc_pic_height_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2347,7 +2367,9 @@ static ssize_t dp_dsc_chunk_size_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; } @@ -2418,7 +2440,9 @@ static ssize_t dp_dsc_slice_bpg_offset_read(struct file *f, char __user *buf, for (i = 0; i < MAX_PIPES; i++) { pipe_ctx = &aconnector->dc_link->dc->current_state->res_ctx.pipe_ctx[i]; if (pipe_ctx->stream && - pipe_ctx->stream->link == aconnector->dc_link) + pipe_ctx->stream->link == aconnector->dc_link && + pipe_ctx->stream->sink && + pipe_ctx->stream->sink == aconnector->dc_sink) break; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051350-decent-trout-e701@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051349-suitcase-strive-29c2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051348-unclad-penpal-8f46@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") 926d6972efb6 ("drm/amd/display: Add DCN3.1 blocks to the DC Makefile") 2083640f0d5b ("drm/amd/display: Add DCN3.1 Resource") cbaf919f3313 ("drm/amd/display: Add DCN3.1 DIO") cd6d421e3d1a ("drm/amd/display: Initial DC support for Beige Goby") 2ff3cf823882 ("drm/amd/display: Fix hangs with psr enabled on dcn3.xx") 8cf9575d7079 ("drm/amd/display: Fix DSC enable sequence") 66611a721b59 ("drm/amd/display: Add debug flag to enable eDP ILR by default") 42b599732ee1 ("drm/amdgpu/display: fix memory leak for dimgrey cavefish") e1f4328f22c0 ("drm/amd/display: Update link encoder object creation") 4f8e37dbaf58 ("drm/amd/display: Support for DMUB AUX") 1e3489136968 ("drm/amd/display: 3.2.124") 77a2b7265f20 ("drm/amd/display: Synchronize displays with different timings") 97628eb5ac20 ("drm/amd/display: 3.2.123") ef4dd6b2757e ("drm/amd/display: 3.2.122") 6fce5bcee582 ("drm/amd/display: move edp sink present detection to hw init") f1e17351984c ("drm/amd/display: 3.2.121") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 719564737a9ac3d0b49c314450b56cf6f7d71358 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051348-consensus-polygon-1044@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 719564737a9a ("drm/amd/display: Handle Y carry-over in VCP X.Y calculation") 3bc8d9214679 ("drm/amd/display: Add DP 2.0 HPO Link Encoder") 83228ebb82e4 ("drm/amd/display: Add DP 2.0 HPO Stream Encoder") 61452908a79e ("drm/amd/display: Add DP 2.0 Audio Package Generator") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 719564737a9ac3d0b49c314450b56cf6f7d71358 Mon Sep 17 00:00:00 2001 From: George Shen <george.shen(a)amd.com> Date: Thu, 16 Sep 2021 19:55:39 -0400 Subject: [PATCH] drm/amd/display: Handle Y carry-over in VCP X.Y calculation Theoretically rare corner case where ceil(Y) results in rounding up to an integer. If this happens, the 1 should be carried over to the X value. CC: stable(a)vger.kernel.org Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> Signed-off-by: George Shen <george.shen(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> diff --git a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c index 5b7ad38f85e0..65e45a0b4ff3 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c +++ b/drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hpo_dp_link_encoder.c @@ -395,6 +395,12 @@ void dcn31_hpo_dp_link_enc_set_throttled_vcp_size( x), 25)); + // If y rounds up to integer, carry it over to x. + if (y >> 25) { + x += 1; + y = 0; + } + switch (stream_encoder_inst) { case 0: REG_SET_2(DP_DPHY_SYM32_VC_RATE_CNTL0, 0,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-outcast-feisty-83a7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-stoppable-backyard-6cff@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051309-blanching-list-a7ab@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: be4a2a81b6b9 ("drm/amdkfd: don't allow mapping the MMIO HDP page with large pages") b38c074b2b07 ("drm/amdkfd: CRIU Refactor restore BO function") 67a359d85ec2 ("drm/amdkfd: CRIU remove sync and TLB flush on restore") 22804e03f7a5 ("drm/amdkfd: Fix criu_restore_bo error handling") d8a25e485857 ("drm/amdkfd: fix loop error handling") e5af61ffaaef ("drm/amdkfd: CRIU fix a NULL vs IS_ERR() check") be072b06c739 ("drm/amdkfd: CRIU export BOs as prime dmabuf objects") bef153b70c6e ("drm/amdkfd: CRIU implement gpu_id remapping") 40e8a766a761 ("drm/amdkfd: CRIU checkpoint and restore events") 42c6c48214b7 ("drm/amdkfd: CRIU checkpoint and restore queue mqds") 2485c12c980a ("drm/amdkfd: CRIU restore sdma id for queues") 8668dfc30d3e ("drm/amdkfd: CRIU restore queue ids") 626f7b3190b4 ("drm/amdkfd: CRIU add queues support") cd9f79103003 ("drm/amdkfd: CRIU Implement KFD unpause operation") 011bbb03024f ("drm/amdkfd: CRIU Implement KFD resume ioctl") 73fa13b6a511 ("drm/amdkfd: CRIU Implement KFD restore ioctl") 5ccbb057c0a1 ("drm/amdkfd: CRIU Implement KFD checkpoint ioctl") f185381b6481 ("drm/amdkfd: CRIU Implement KFD process_info ioctl") 3698807094ec ("drm/amdkfd: CRIU Introduce Checkpoint-Restore APIs") f61c40c0757a ("drm/amdkfd: enable heavy-weight TLB flush on Arcturus") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be4a2a81b6b90d1a47eaeaace4cc8e2cb57b96c7 Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Sun, 14 Apr 2024 13:06:39 -0400 Subject: [PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 55aa74cbc532..1e6cc0bfc432 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1139,7 +1139,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2307,7 +2307,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3349,6 +3349,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE |

11 months, 3 weeks

1
0
0 0

[PATCH 1/2] SELinux: Fix lsm_get_self_attr()

by Mickaël Salaün

selinux_lsm_getattr() may not initialize the value's pointer in some case. As for proc_pid_attr_read(), initialize this pointer to NULL in selinux_getselfattr() to avoid an UAF in the kfree() call. Cc: Casey Schaufler <casey(a)schaufler-ca.com> Cc: Paul Moore <paul(a)paul-moore.com> Cc: stable(a)vger.kernel.org Fixes: 762c934317e6 ("SELinux: Add selfattr hooks") Signed-off-by: Mickaël Salaün <mic(a)digikod.net> --- security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a6bf90ace84c..338b023a8c3e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -6559,7 +6559,7 @@ static int selinux_getselfattr(unsigned int attr, struct lsm_ctx __user *ctx, size_t *size, u32 flags) { int rc; - char *val; + char *val = NULL; int val_len; val_len = selinux_lsm_getattr(attr, current, &val); -- 2.43.0

11 months, 3 weeks

3
16
0 0

[PATCH v3 2/2] PCI: pciehp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 then hot-plug a bridge at runtime with the QEMU command: device_add pcie-pci-bridge,id=br1,bus=rp1 and the kernel crashes: pcieport 0000:00:03.0: pciehp: Slot(1): Button press: will power on in 5 sec pcieport 0000:00:03.0: pciehp: Slot(1): Card present pcieport 0000:00:03.0: pciehp: Slot(1): Link Up pci 0000:01:00.0: [1b36:000e] type 01 class 0x060400 PCIe to PCI/PCI-X bridge pci 0000:01:00.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:01:00.0: PCI bridge to [bus 00] pci 0000:01:00.0: bridge window [io 0x0000-0x0fff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:01:00.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:01:00.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:01:00.0: BAR 0 [mem 0xfe800000-0xfe8000ff 64bit]: assigned pcieport 0000:00:03.0: PCI bridge to [bus 01] pcieport 0000:00:03.0: bridge window [io 0x1000-0x1fff] pcieport 0000:00:03.0: bridge window [mem 0xfe800000-0xfe9fffff] pcieport 0000:00:03.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:01:00.0: HPC vendor_id 1b36 device_id e ss_vid 0 ss_did 0 shpchp 0000:01:00.0: enabling device (0000 -> 0002) BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 46 Comm: irq/24-pciehp Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 0eb3bcfd088e ("[PATCH] pciehp: allow bridged card hotplug") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> --- v3: revert back to the solution in v1 (calling pci_stop_and_remove_bus_device() and returning negative error code) v2: - remove "Cc: Rajesh Shah <rajesh.shah(a)intel.com>" (this address bounce) - add more information to commit message - return 0 instead of -EINVAL drivers/pci/hotplug/pciehp_pci.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/pci/hotplug/pciehp_pci.c b/drivers/pci/hotplug/pciehp_pci.c index ad12515a4a12..de783d7c8a16 100644 --- a/drivers/pci/hotplug/pciehp_pci.c +++ b/drivers/pci/hotplug/pciehp_pci.c @@ -59,7 +59,11 @@ int pciehp_configure_device(struct controller *ctrl) } for_each_pci_bridge(dev, parent) - pci_hp_add_bridge(dev); + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } pci_assign_unassigned_bridge_resources(bridge); pcie_bus_configure_settings(parent); -- 2.39.2

11 months, 3 weeks

1
0
0 0

[PATCH v3 1/2] PCI: shpchp: Abort hot-plug if pci_hp_add_bridge() fails

by Nam Cao

If a bridge is hot-added without any bus number available for its downstream bus, pci_hp_add_bridge() will fail. However, the driver proceeds regardless, and the kernel crashes. This crash can be reproduced with the QEMU command: qemu-system-x86_64 -machine pc-q35-2.10 \ -kernel bzImage \ -drive "file=img,format=raw" \ -m 2048 -smp 2 -enable-kvm \ -append "console=ttyS0 root=/dev/sda" \ -nographic \ -device pcie-root-port,bus=pcie.0,id=rp1,slot=1,bus-reserve=0 \ -device pcie-pci-bridge,id=br1,bus=rp1 then hot-plug a bridge at runtime with the QEMU command: device_add pci-bridge,id=br2,bus=br1,chassis_nr=1,addr=1 and the kernel crashes: shpchp 0000:01:00.0: Latch close on Slot(1-1) shpchp 0000:01:00.0: Button pressed on Slot(1-1) shpchp 0000:01:00.0: Card present on Slot(1-1) shpchp 0000:01:00.0: PCI slot #1-1 - powering on due to button press pci 0000:02:01.0: [1b36:0001] type 01 class 0x060400 conventional PCI bridge pci 0000:02:01.0: BAR 0 [mem 0x00000000-0x000000ff 64bit] pci 0000:02:01.0: PCI bridge to [bus 00] pci 0000:02:01.0: bridge window [io 0x0000-0x0fff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff] pci 0000:02:01.0: bridge window [mem 0x00000000-0x000fffff 64bit pref] pci 0000:02:01.0: No bus number available for hot-added bridge (note: kernel should abort hot-plugging right here) pci 0000:02:01.0: BAR 0 [mem 0xfe600000-0xfe6000ff 64bit]: assigned shpchp 0000:01:00.0: PCI bridge to [bus 02] shpchp 0000:01:00.0: bridge window [io 0xc000-0xcfff] shpchp 0000:01:00.0: bridge window [mem 0xfe600000-0xfe7fffff] shpchp 0000:01:00.0: bridge window [mem 0xfe000000-0xfe1fffff 64bit pref] shpchp 0000:02:01.0: HPC vendor_id 1b36 device_id 1 ss_vid 0 ss_did 0 shpchp 0000:02:01.0: enabling device (0000 -> 0002) ACPI: \_SB_.GSIE: Enabled at IRQ 20 BUG: kernel NULL pointer dereference, address: 00000000000000da PGD 0 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 66 Comm: kworker/1:2 Not tainted 6.9.0-rc1-00001-g2e0239d47d75 #33 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Workqueue: shpchp-1 shpchp_pushbutton_thread RIP: 0010:shpc_init+0x3fb/0x9d0 [stack dump and register dump cut out] Fix this by aborting the hot-plug if pci_hp_add_bridge() fails. Fixes: 7d01f70ac6f4 ("PCI: shpchp: use generic pci_hp_add_bridge()") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: Yinghai Lu <yinghai(a)kernel.org> Cc: <stable(a)vger.kernel.org> --- v3: revert back to the solution in v1 (calling pci_stop_and_remove_bus_device() and returning negative error code) v2: - add more information to commit description - return 0 instead of -EINVAL drivers/pci/hotplug/shpchp_pci.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/pci/hotplug/shpchp_pci.c b/drivers/pci/hotplug/shpchp_pci.c index 36db0c3c4ea6..2ac98bdc83d9 100644 --- a/drivers/pci/hotplug/shpchp_pci.c +++ b/drivers/pci/hotplug/shpchp_pci.c @@ -48,8 +48,13 @@ int shpchp_configure_device(struct slot *p_slot) } for_each_pci_bridge(dev, parent) { - if (PCI_SLOT(dev->devfn) == p_slot->device) - pci_hp_add_bridge(dev); + if (PCI_SLOT(dev->devfn) == p_slot->device) { + if (pci_hp_add_bridge(dev)) { + pci_stop_and_remove_bus_device(dev); + ret = -EINVAL; + goto out; + } + } } pci_assign_unassigned_bridge_resources(bridge); -- 2.39.2

11 months, 3 weeks

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable. (only fixes theoretical problem, not actual documented problem)

11 months, 3 weeks

2
2
0 0

Re: Patch "spi: axi-spi-engine: Convert to platform remove callback returning void" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: Convert to platform remove callback returning void > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-convert-to-platform-remove-callba.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

11 months, 3 weeks

4
7
0 0

[PATCH v2] drm/i915: Fix memory leak by correcting cache object name in error handler

by Jiasheng Jiang

Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Cc: <stable(a)vger.kernel.org> # v5.2+ Reviewed-by: Nirmoy Das <nirmoy.das(a)intel.com> Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> --- Changelog: v1 -> v2: 1. Alter the subject. --- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; } -- 2.25.1

11 months, 3 weeks

1
0
0 0

[PATCH v2] drm/i915: Fix memory leak by correcting cache object name in error handler

by Jiasheng Jiang

Replace "slab_priorities" with "slab_dependencies" in the error handler to avoid memory leak. Fixes: 32eb6bcfdda9 ("drm/i915: Make request allocation caches global") Signed-off-by: Jiasheng Jiang <jiashengjiangcool(a)outlook.com> --- Changelog: v1 -> v2: 1. Alter the subject. --- drivers/gpu/drm/i915/i915_scheduler.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/i915/i915_scheduler.c b/drivers/gpu/drm/i915/i915_scheduler.c index 762127dd56c5..70a854557e6e 100644 --- a/drivers/gpu/drm/i915/i915_scheduler.c +++ b/drivers/gpu/drm/i915/i915_scheduler.c @@ -506,6 +506,6 @@ int __init i915_scheduler_module_init(void) return 0; err_priorities: - kmem_cache_destroy(slab_priorities); + kmem_cache_destroy(slab_dependencies); return -ENOMEM; } -- 2.25.1

11 months, 3 weeks

2
1
0 0

Old commit back-port

by Alex Elder

This commit landed in Linux v5.16, and should have been back-ported to stable branches: 0ac10b291bee8 arm64: dts: qcom: Fix 'interrupt-map' parent address cells It has three hunks, and the commit can be cherry-picked directly into the 5.15.y and 5.10.y stable branches. The first hunk fixes a problem first introduced in Linux v5.2, so that hunk (only) should be back-ported to v5.4.y. Signed-off-by: Alex Elder <elder(a)linaro.org> Is there anything further I need to do? If you'd prefer I send patches, I can do that also (just ask). Thanks. -Alex Rob's original fix in Linus' tree: 0ac10b291bee8 arm64: dts: qcom: Fix 'interrupt-map' parent address cells This first landed in v5.16. The commit that introduced the problem in the first hunk: b84dfd175c098 arm64: dts: qcom: msm8998: Add PCIe PHY and RC nodes This first landed in v5.2, so back-port to v5.4.y, v5.10.y, v5.15.y. The commit that introduced the problem in the second hunk: 5c538e09cb19b arm64: dts: qcom: sdm845: Add first PCIe controller and PHY This first landed in v5.7, so back-port to v5.10.y, v5.15.y The commit that introduced the problem in the third hunk: 42ad231338c14 arm64: dts: qcom: sdm845: Add second PCIe PHY and controller This first landed in v5.7 also

11 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051308-sullen-plug-a6fb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") 1125d925990b ("ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling") db8793a39b29 ("ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing") 372c4bd11de1 ("ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional") 19f6e424d615 ("ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params") f4d95de415b2 ("ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret") 764958f2b523 ("ASoC: ti: davinci-mcasp: Support for auxclk-fs-ratio") 540f1ba7b3a5 ("ASoC: ti: davinci-mcasp: Add support for GPIO mode of the pins") 617547175507 ("ASoC: ti: davinci-mcasp: Move context save/restore to runtime_pm callbacks") f2055e145f29 ("ASoC: ti: Merge davinci and omap directories") bc1845498531 ("ASoC: davinci-mcasp: Implement configurable dismod handling") ca3d9433349e ("ASoC: davinci-mcasp: Update PDIR (pin direction) register handling") 9c34d023dc35 ("ASoC: omap-mcbsp: Re-arrange files for core McBSP and Sidetone function split") be51c576e849 ("ASoC: omap-mcbsp: Move out the FIFO check from set_threshold and get_delay") 59d177f65f50 ("ASoC: omap-mcbsp: Simplify the mcbsp_start/_stop function parameters") d63a7625a6df ("ASoC: omap-mcbsp: Clean up the interrupt handlers") c9ece9c29e26 ("ASoC: omap-mcbsp: Skip dma_data.maxburst initialization") dd443a7c0b00 ("ASoC: omap-mcbsp: Clean up dma_data addr initialization code") 2c2596f3ab25 ("ASoC: omap: Remove unused machine driver for AM3517-evm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051302-deluge-renovate-d904@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") 1125d925990b ("ASoC: ti: davinci-mcasp: Simplify the configuration parameter handling") db8793a39b29 ("ASoC: ti: davinci-mcasp: Remove legacy dma_request parsing") 372c4bd11de1 ("ASoC: ti: davinci-mcasp: Use platform_get_irq_byname_optional") 19f6e424d615 ("ASoC: ti: davinci-mcasp: remove always zero of davinci_mcasp_get_dt_params") f4d95de415b2 ("ASoC: ti: davinci-mcasp: remove redundant assignment to variable ret") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d18ca8635db2f88c17acbdf6412f26d4f6aff414 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051357-errand-chariot-abc6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: d18ca8635db2 ("ASoC: ti: davinci-mcasp: Fix race condition during probe") 1b4fb70e5b28 ("ASoC: ti: davinci-mcasp: Handle missing required DT properties") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d18ca8635db2f88c17acbdf6412f26d4f6aff414 Mon Sep 17 00:00:00 2001 From: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Date: Wed, 17 Apr 2024 15:41:38 -0300 Subject: [PATCH] ASoC: ti: davinci-mcasp: Fix race condition during probe When using davinci-mcasp as CPU DAI with simple-card, there are some conditions that cause simple-card to finish registering a sound card before davinci-mcasp finishes registering all sound components. This creates a non-working sound card from userspace with no problem indication apart from not being able to play/record audio on a PCM stream. The issue arises during simultaneous probe execution of both drivers. Specifically, the simple-card driver, awaiting a CPU DAI, proceeds as soon as davinci-mcasp registers its DAI. However, this process can lead to the client mutex lock (client_mutex in soc-core.c) being held or davinci-mcasp being preempted before PCM DMA registration on davinci-mcasp finishes. This situation occurs when the probes of both drivers run concurrently. Below is the code path for this condition. To solve the issue, defer davinci-mcasp CPU DAI registration to the last step in the audio part of it. This way, simple-card CPU DAI parsing will be deferred until all audio components are registered. Fail Code Path: simple-card.c: probe starts simple-card.c: simple_dai_link_of: simple_parse_node(..,cpu,..) returns EPROBE_DEFER, no CPU DAI yet davinci-mcasp.c: probe starts davinci-mcasp.c: devm_snd_soc_register_component() register CPU DAI simple-card.c: probes again, finish CPU DAI parsing and call devm_snd_soc_register_card() simple-card.c: finish probe davinci-mcasp.c: *dma_pcm_platform_register() register PCM DMA davinci-mcasp.c: probe finish Cc: stable(a)vger.kernel.org Fixes: 9fbd58cf4ab0 ("ASoC: davinci-mcasp: Choose PCM driver based on configured DMA controller") Signed-off-by: Joao Paulo Goncalves <joao.goncalves(a)toradex.com> Acked-by: Peter Ujfalusi <peter.ujfalusi(a)gmail.com> Reviewed-by: Jai Luthra <j-luthra(a)ti.com> Link: https://lore.kernel.org/r/20240417184138.1104774-1-jpaulo.silvagoncalves@gm… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/ti/davinci-mcasp.c b/sound/soc/ti/davinci-mcasp.c index b892d66f7847..1e760c315521 100644 --- a/sound/soc/ti/davinci-mcasp.c +++ b/sound/soc/ti/davinci-mcasp.c @@ -2417,12 +2417,6 @@ static int davinci_mcasp_probe(struct platform_device *pdev) mcasp_reparent_fck(pdev); - ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, - &davinci_mcasp_dai[mcasp->op_mode], 1); - - if (ret != 0) - goto err; - ret = davinci_mcasp_get_dma_type(mcasp); switch (ret) { case PCM_EDMA: @@ -2449,6 +2443,12 @@ static int davinci_mcasp_probe(struct platform_device *pdev) goto err; } + ret = devm_snd_soc_register_component(&pdev->dev, &davinci_mcasp_component, + &davinci_mcasp_dai[mcasp->op_mode], 1); + + if (ret != 0) + goto err; + no_audio: ret = davinci_mcasp_init_gpiochip(mcasp); if (ret) {

11 months, 3 weeks

1
0
0 0

Excessive memory usage when infiniband config is enabled

by Brian Baboch

Hello, We discovered that the CONFIG_INFINIBAND_IRDMA configuration option in the linux kernel is causing excessive memory usage on idle mode on specific servers like the DELL VEP4600 (https://www.dell.com/en-us/shop/ipovw/virtual-edge-platform-4600. By default we were using Debian's linux-image-6.1.0-13-amd64 which is the stable 6.1.55-1 amd64, we then compiled the kernel again with the same config file from the stable 6.1.55 tag and had the same problem. We were able to resolve the memory problem by removing the `CONFIG_INFINIBAND_IRDMA` option from the kernel config. The tag used to reproduce the problem is v6.1.55. adding the following config `CONFIG_INFINIBAND_IRDMA=m` causes the excessive memory usage to go from 1.4Gb to 7Gb. Here are the 2 config files used and the outputs showing the Memory usage in both cases. Do you have any ideas regarding this bug, we only had this bug on this specific hardware model mentioned above. Debian version of the linux 6.1.55: #uname -a Linux wibox 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64 GNU/Linux #free -m total used free shared buff/cache available Mem: 15724 6757 8840 3 410 8967 Swap: 0 0 0 Compiled version without INFINIBAND: #uname -a Linux wibox 6.1.55-without-infiniband #75 SMP PREEMPT_DYNAMIC Mon Apr 29 19:06:23 CEST 2024 x86_64 GNU/Linux #free -m total used free shared buff/cache available Mem: 15724 1480 13339 3 1205 14244 Swap: 0 0 0 Thank you,

11 months, 3 weeks

6
7
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-gab-promoter-a9b1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch") 88bdef8be9f6 ("net: dsa: mt7530: Extend device data ready for adding a new hardware") dc8ef938c94e ("net: dsa: mt7530: Refine message in Kconfig") f272285f6abb ("net: dsa: mt7530: fix advertising unsupported 1000baseT_Half") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 2f11f0df8474 ("net: bcmgenet: test MPD_EN when resuming") a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize UMAC_CMD access" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0d5e2a82232605b337972fb2c7d0cbc46898aca1 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051300-stipend-sectional-89da@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0d5e2a822326 ("net: bcmgenet: synchronize UMAC_CMD access") a9f31047baca ("net: bcmgenet: Fix EEE implementation") 53243d412ec5 ("net: use bool values to pass bool param of phy_init_eee()") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") b82f8c3f1409 ("net: fec: add eee mode tx lpi support") 40b5d2f15c09 ("net: dsa: mt7530: Add support for EEE features") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") c288575f7810 ("net: dsa: mt7530: Add the support of MT7531 switch") 88bdef8be9f6 ("net: dsa: mt7530: Extend device data ready for adding a new hardware") dc8ef938c94e ("net: dsa: mt7530: Refine message in Kconfig") f272285f6abb ("net: dsa: mt7530: fix advertising unsupported 1000baseT_Half") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 2f11f0df8474 ("net: bcmgenet: test MPD_EN when resuming") a7f7f6248d97 ("treewide: replace '---help---' in Kconfig files with 'help'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0d5e2a82232605b337972fb2c7d0cbc46898aca1 Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:21 -0700 Subject: [PATCH] net: bcmgenet: synchronize UMAC_CMD access The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call. A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD. Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index 5452b7dc6e6a..c7e7dac057a3 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2467,14 +2467,18 @@ static void umac_enable_set(struct bcmgenet_priv *priv, u32 mask, bool enable) { u32 reg; + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); /* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2490,8 +2494,10 @@ static void reset_umac(struct bcmgenet_priv *priv) udelay(10); /* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); } static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3597,16 +3603,19 @@ static void bcmgenet_set_rx_mode(struct net_device *dev) * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); } /* update MDF filter */ @@ -4005,6 +4014,7 @@ static int bcmgenet_probe(struct platform_device *pdev) goto err; } + spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock); /* Set default pause parameters */ diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.h b/drivers/net/ethernet/broadcom/genet/bcmgenet.h index 7523b60b3c1c..43b923c48b14 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0-only */ /* - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #ifndef __BCMGENET_H__ @@ -573,6 +573,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev; diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c index 7a41cad5788f..1248792d7fd4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) Wake-on-LAN support * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet_wol: " fmt @@ -151,6 +151,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -158,6 +159,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10); if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -203,6 +205,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, } /* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -210,6 +213,7 @@ int bcmgenet_wol_power_down_cfg(struct bcmgenet_priv *priv, /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -256,7 +260,9 @@ void bcmgenet_wol_power_up_cfg(struct bcmgenet_priv *priv, } /* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 86a4aa72b3d4..c4a3698cef66 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -76,6 +76,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -88,6 +89,7 @@ static void bcmgenet_mac_config(struct net_device *dev) reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-tinfoil-decoy-9476@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 2dbe5f19368c ("net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()") 1a1d5106c1e3 ("net: bcmgenet: move clk_wol management to bcmgenet_wol") 6f7689057a0f ("net: bcmgenet: Fix WoL with password after deep sleep") 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") 99d55638d4b0 ("net: bcmgenet: enable NETIF_F_HIGHDMA flag") d7ee287827ef ("Merge tag 'blk-dim-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:20 -0700 Subject: [PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-oval-cruelness-c028@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 2dbe5f19368c ("net: bcmgenet: synchronize use of bcmgenet_set_rx_mode()") 1a1d5106c1e3 ("net: bcmgenet: move clk_wol management to bcmgenet_wol") 6f7689057a0f ("net: bcmgenet: Fix WoL with password after deep sleep") 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") 99d55638d4b0 ("net: bcmgenet: enable NETIF_F_HIGHDMA flag") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2dbe5f19368caae63b1f59f5bc2af78c7d522b3a Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:20 -0700 Subject: [PATCH] net: bcmgenet: synchronize use of bcmgenet_set_rx_mode() The ndo_set_rx_mode function is synchronized with the netif_addr_lock spinlock and BHs disabled. Since this function is also invoked directly from the driver the same synchronization should be applied. Fixes: 72f96347628e ("net: bcmgenet: set Rx mode before starting netif") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmgenet.c b/drivers/net/ethernet/broadcom/genet/bcmgenet.c index b1f84b37032a..5452b7dc6e6a 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2,7 +2,7 @@ /* * Broadcom GENET (Gigabit Ethernet) controller driver * - * Copyright (c) 2014-2020 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #define pr_fmt(fmt) "bcmgenet: " fmt @@ -3334,7 +3334,9 @@ static void bcmgenet_netif_start(struct net_device *dev) struct bcmgenet_priv *priv = netdev_priv(dev); /* Start the network engine */ + netif_addr_lock_bh(dev); bcmgenet_set_rx_mode(dev); + netif_addr_unlock_bh(dev); bcmgenet_enable_rx_napi(priv); umac_enable_set(priv, CMD_TX_EN | CMD_RX_EN, true);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051358-starter-disposal-9d42@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 8c7da63978f1 ("bgmac: configure MTU and add support for frames beyond 8192 byte size") 9fb16955fb66 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d85cf67a339685beae1d0aee27b7f61da95455be # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051350-cornflake-slurp-104b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: d85cf67a3396 ("net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access") 696450c05181 ("net: bcmgenet: Clear RGMII_LINK upon link down") fc13d8c03773 ("net: bcmgenet: pull mac_config from adjust_link") fcb5dfe7dc40 ("net: bcmgenet: remove old link state values") 50e356686fa9 ("net: bcmgenet: remove netif_carrier_off from adjust_link") b972b54a68b2 ("net: bcmgenet: Patch PHY interface for dedicated PHY driver") 28e303da55b3 ("net: broadcom: share header defining UniMAC registers") 12cf8e75727a ("bgmac: add bgmac_umac_*() helpers for accessing UniMAC registers") ccaab4d3df98 ("MAINTAINERS: GENET: Add UniMAC MDIO controller files") f69ccc563df0 ("MAINTAINERS: GENET: Add DT binding file") d0cac91817c8 ("MAINTAINERS: GENET: Add missing platform data file") 8c7da63978f1 ("bgmac: configure MTU and add support for frames beyond 8192 byte size") 9fb16955fb66 ("Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d85cf67a339685beae1d0aee27b7f61da95455be Mon Sep 17 00:00:00 2001 From: Doug Berger <opendmb(a)gmail.com> Date: Thu, 25 Apr 2024 15:27:19 -0700 Subject: [PATCH] net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config(). The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure. Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable(a)vger.kernel.org Signed-off-by: Doug Berger <opendmb(a)gmail.com> Acked-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> diff --git a/drivers/net/ethernet/broadcom/genet/bcmmii.c b/drivers/net/ethernet/broadcom/genet/bcmmii.c index 9ada89355747..86a4aa72b3d4 100644 --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -2,7 +2,7 @@ /* * Broadcom GENET MDIO routines * - * Copyright (c) 2014-2017 Broadcom + * Copyright (c) 2014-2024 Broadcom */ #include <linux/acpi.h> @@ -275,6 +275,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) * block for the interface to work, unconditionally clear the * Out-of-band disable since we do not need it. */ + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~OOB_DISABLE; if (priv->ext_phy) { @@ -286,6 +287,7 @@ int bcmgenet_mii_config(struct net_device *dev, bool init) reg |= RGMII_MODE_EN; } bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); if (init) dev_info(kdev, "configuring instance for %s\n", phy_name);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-justifier-trusting-bb69@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051316-outcome-surface-8a1a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-survival-stoic-e4d5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051308-hasty-underwent-c742@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") 11e969bc964a ("xtensa: support coprocessors on SMP") e45d4bfbeb26 ("xtensa: merge SAVE_CP_REGS_TAB and LOAD_CP_REGS_TAB") 0b549f813387 ("xtensa: handle coprocessor exceptions in kernel mode") 6179ef4d460a ("xtensa: use callx0 opcode in fast_coprocessor") 3e554d47dfe3 ("xtensa: clean up declarations in coprocessor.h") fc55402b8438 ("xtensa: clean up exception handler prototypes") db0d07fa192a ("xtensa: clean up function declarations in traps.c") 839769c35477 ("xtensa: fix a7 clobbering in coprocessor context load/store") 967747bbc084 ("uaccess: remove CONFIG_SET_FS") 12700c17fc28 ("uaccess: generalize access_ok()") 52fe8d125c9a ("arm64: simplify access_ok()") 26509034bef1 ("m68k: fix access_ok for coldfire") 15f3d81a8c8a ("MIPS: use simpler access_ok()") 34737e269803 ("uaccess: add generic __{get,put}_kernel_nofault") 1830a1d6a5b7 ("x86: use more conventional access_ok() definition") 36903abedfe8 ("x86: remove __range_not_ok()") 8afafbc955ba ("sparc64: add __{get,put}_kernel_nofault()") 222ca305c9fd ("uaccess: fix integer overflow on access_ok()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] xtensa: fix MAKE_PC_FROM_RA second argument" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0e60f0b75884677fb9f4f2ad40d52b43451564d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-harsh-aids-02ab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0e60f0b75884 ("xtensa: fix MAKE_PC_FROM_RA second argument") 1b6ceeb99ee0 ("xtensa: stacktrace: include <asm/ftrace.h> for prototype") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0e60f0b75884677fb9f4f2ad40d52b43451564d5 Mon Sep 17 00:00:00 2001 From: Max Filippov <jcmvbkbc(a)gmail.com> Date: Sat, 17 Feb 2024 05:15:42 -0800 Subject: [PATCH] xtensa: fix MAKE_PC_FROM_RA second argument Xtensa has two-argument MAKE_PC_FROM_RA macro to convert a0 to an actual return address because when windowed ABI is used call{,x}{4,8,12} opcodes stuff encoded window size into the top 2 bits of the register that becomes a return address in the called function. Second argument of that macro is supposed to be an address having these 2 topmost bits set correctly, but the comment suggested that that could be the stack address. However the stack doesn't have to be in the same 1GByte region as the code, especially in noMMU XIP configurations. Fix the comment and use either _text or regs->pc as the second argument for the MAKE_PC_FROM_RA macro. Cc: stable(a)vger.kernel.org Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> diff --git a/arch/xtensa/include/asm/processor.h b/arch/xtensa/include/asm/processor.h index d008a153a2b9..7ed1a2085bd7 100644 --- a/arch/xtensa/include/asm/processor.h +++ b/arch/xtensa/include/asm/processor.h @@ -115,9 +115,9 @@ #define MAKE_RA_FOR_CALL(ra,ws) (((ra) & 0x3fffffff) | (ws) << 30) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is the address within the same 1GB range as the ra */ -#define MAKE_PC_FROM_RA(ra,sp) (((ra) & 0x3fffffff) | ((sp) & 0xc0000000)) +#define MAKE_PC_FROM_RA(ra, text) (((ra) & 0x3fffffff) | ((unsigned long)(text) & 0xc0000000)) #elif defined(__XTENSA_CALL0_ABI__) @@ -127,9 +127,9 @@ #define MAKE_RA_FOR_CALL(ra, ws) (ra) /* Convert return address to a valid pc - * Note: We assume that the stack pointer is in the same 1GB ranges as the ra + * Note: 'text' is not used as 'ra' is always the full address */ -#define MAKE_PC_FROM_RA(ra, sp) (ra) +#define MAKE_PC_FROM_RA(ra, text) (ra) #else #error Unsupported Xtensa ABI diff --git a/arch/xtensa/include/asm/ptrace.h b/arch/xtensa/include/asm/ptrace.h index a270467556dc..86c70117371b 100644 --- a/arch/xtensa/include/asm/ptrace.h +++ b/arch/xtensa/include/asm/ptrace.h @@ -87,7 +87,7 @@ struct pt_regs { # define user_mode(regs) (((regs)->ps & 0x00000020)!=0) # define instruction_pointer(regs) ((regs)->pc) # define return_pointer(regs) (MAKE_PC_FROM_RA((regs)->areg[0], \ - (regs)->areg[1])) + (regs)->pc)) # ifndef CONFIG_SMP # define profile_pc(regs) instruction_pointer(regs) diff --git a/arch/xtensa/kernel/process.c b/arch/xtensa/kernel/process.c index a815577d25fd..7bd66677f7b6 100644 --- a/arch/xtensa/kernel/process.c +++ b/arch/xtensa/kernel/process.c @@ -47,6 +47,7 @@ #include <asm/asm-offsets.h> #include <asm/regs.h> #include <asm/hw_breakpoint.h> +#include <asm/sections.h> #include <asm/traps.h> extern void ret_from_fork(void); @@ -380,7 +381,7 @@ unsigned long __get_wchan(struct task_struct *p) int count = 0; sp = p->thread.sp; - pc = MAKE_PC_FROM_RA(p->thread.ra, p->thread.sp); + pc = MAKE_PC_FROM_RA(p->thread.ra, _text); do { if (sp < stack_page + sizeof(struct task_struct) || @@ -392,7 +393,7 @@ unsigned long __get_wchan(struct task_struct *p) /* Stack layout: sp-4: ra, sp-3: sp' */ - pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), sp); + pc = MAKE_PC_FROM_RA(SPILL_SLOT(sp, 0), _text); sp = SPILL_SLOT(sp, 1); } while (count++ < 16); return 0; diff --git a/arch/xtensa/kernel/stacktrace.c b/arch/xtensa/kernel/stacktrace.c index 831ffb648bda..ed324fdf2a2f 100644 --- a/arch/xtensa/kernel/stacktrace.c +++ b/arch/xtensa/kernel/stacktrace.c @@ -13,6 +13,7 @@ #include <linux/stacktrace.h> #include <asm/ftrace.h> +#include <asm/sections.h> #include <asm/stacktrace.h> #include <asm/traps.h> #include <linux/uaccess.h> @@ -189,7 +190,7 @@ void walk_stackframe(unsigned long *sp, if (a1 <= (unsigned long)sp) break; - frame.pc = MAKE_PC_FROM_RA(a0, a1); + frame.pc = MAKE_PC_FROM_RA(a0, _text); frame.sp = a1; if (fn(&frame, data))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-grief-hull-2989@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 6ddb4f372fc63210034b903d96ebbeb3c7195adb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-relieving-showcase-24cd@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 6ddb4f372fc6 ("KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()") 4e7728c81a54 ("KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6ddb4f372fc63210034b903d96ebbeb3c7195adb Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Wed, 24 Apr 2024 17:39:58 +0000 Subject: [PATCH] KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. Cc: stable(a)vger.kernel.org Fixes: 7d450e282171 ("KVM: arm/arm64: vgic-new: Add userland access to VGIC dist registers") Reported-by: Alexander Potapenko <glider(a)google.com> Tested-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Alexander Potapenko <glider(a)google.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Link: https://lore.kernel.org/r/20240424173959.3776798-2-oliver.upton@linux.dev Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> diff --git a/arch/arm64/kvm/vgic/vgic-kvm-device.c b/arch/arm64/kvm/vgic/vgic-kvm-device.c index f48b8dab8b3d..1d26bb5b02f4 100644 --- a/arch/arm64/kvm/vgic/vgic-kvm-device.c +++ b/arch/arm64/kvm/vgic/vgic-kvm-device.c @@ -338,12 +338,12 @@ int kvm_register_vgic_device(unsigned long type) int vgic_v2_parse_attr(struct kvm_device *dev, struct kvm_device_attr *attr, struct vgic_reg_attr *reg_attr) { - int cpuid; + int cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - cpuid = FIELD_GET(KVM_DEV_ARM_VGIC_CPUID_MASK, attr->attr); - - reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); reg_attr->addr = attr->attr & KVM_DEV_ARM_VGIC_OFFSET_MASK; + reg_attr->vcpu = kvm_get_vcpu_by_id(dev->kvm, cpuid); + if (!reg_attr->vcpu) + return -EINVAL; return 0; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-pueblo-release-140e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051322-alabaster-reliably-95ba@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-finishing-applause-7489@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] iio: accel: mxc4005: Reset chip on probe() and resume()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-hurdle-ferret-9066@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 6b8cffdc4a31 ("iio: accel: mxc4005: Reset chip on probe() and resume()") 57a1592784d6 ("iio: accel: mxc4005: Interrupt handling fixes") 4d7c16d08d24 ("iio: accel: mxc4005: allow module autoloading via OF compatible") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6b8cffdc4a31e4a72f75ecd1bc13fbf0dafee390 Mon Sep 17 00:00:00 2001 From: Hans de Goede <hdegoede(a)redhat.com> Date: Tue, 26 Mar 2024 12:37:00 +0100 Subject: [PATCH] iio: accel: mxc4005: Reset chip on probe() and resume() On some designs the chip is not properly reset when powered up at boot or after a suspend/resume cycle. Use the sw-reset feature to ensure that the chip is in a clean state after probe() / resume() and in the case of resume() restore the settings (scale, trigger-enabled). Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218578 Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://lore.kernel.org/r/20240326113700.56725-3-hdegoede@redhat.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/accel/mxc4005.c b/drivers/iio/accel/mxc4005.c index 111f4bcf24ad..63c3566a533b 100644 --- a/drivers/iio/accel/mxc4005.c +++ b/drivers/iio/accel/mxc4005.c @@ -5,6 +5,7 @@ * Copyright (c) 2014, Intel Corporation. */ +#include <linux/delay.h> #include <linux/module.h> #include <linux/i2c.h> #include <linux/iio/iio.h> @@ -36,6 +37,7 @@ #define MXC4005_REG_INT_CLR1 0x01 #define MXC4005_REG_INT_CLR1_BIT_DRDYC 0x01 +#define MXC4005_REG_INT_CLR1_SW_RST 0x10 #define MXC4005_REG_CONTROL 0x0D #define MXC4005_REG_CONTROL_MASK_FSR GENMASK(6, 5) @@ -43,6 +45,9 @@ #define MXC4005_REG_DEVICE_ID 0x0E +/* Datasheet does not specify a reset time, this is a conservative guess */ +#define MXC4005_RESET_TIME_US 2000 + enum mxc4005_axis { AXIS_X, AXIS_Y, @@ -66,6 +71,8 @@ struct mxc4005_data { s64 timestamp __aligned(8); } scan; bool trigger_enabled; + unsigned int control; + unsigned int int_mask1; }; /* @@ -349,6 +356,7 @@ static int mxc4005_set_trigger_state(struct iio_trigger *trig, return ret; } + data->int_mask1 = val; data->trigger_enabled = state; mutex_unlock(&data->mutex); @@ -384,6 +392,13 @@ static int mxc4005_chip_init(struct mxc4005_data *data) dev_dbg(data->dev, "MXC4005 chip id %02x\n", reg); + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret < 0) + return dev_err_probe(data->dev, ret, "resetting chip\n"); + + fsleep(MXC4005_RESET_TIME_US); + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); if (ret < 0) return dev_err_probe(data->dev, ret, "writing INT_MASK0\n"); @@ -479,6 +494,58 @@ static int mxc4005_probe(struct i2c_client *client) return devm_iio_device_register(&client->dev, indio_dev); } +static int mxc4005_suspend(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + /* Save control to restore it on resume */ + ret = regmap_read(data->regmap, MXC4005_REG_CONTROL, &data->control); + if (ret < 0) + dev_err(data->dev, "failed to read reg_control\n"); + + return ret; +} + +static int mxc4005_resume(struct device *dev) +{ + struct iio_dev *indio_dev = dev_get_drvdata(dev); + struct mxc4005_data *data = iio_priv(indio_dev); + int ret; + + ret = regmap_write(data->regmap, MXC4005_REG_INT_CLR1, + MXC4005_REG_INT_CLR1_SW_RST); + if (ret) { + dev_err(data->dev, "failed to reset chip: %d\n", ret); + return ret; + } + + fsleep(MXC4005_RESET_TIME_US); + + ret = regmap_write(data->regmap, MXC4005_REG_CONTROL, data->control); + if (ret) { + dev_err(data->dev, "failed to restore control register\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK0, 0); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 0 mask\n"); + return ret; + } + + ret = regmap_write(data->regmap, MXC4005_REG_INT_MASK1, data->int_mask1); + if (ret) { + dev_err(data->dev, "failed to restore interrupt 1 mask\n"); + return ret; + } + + return 0; +} + +static DEFINE_SIMPLE_DEV_PM_OPS(mxc4005_pm_ops, mxc4005_suspend, mxc4005_resume); + static const struct acpi_device_id mxc4005_acpi_match[] = { {"MXC4005", 0}, {"MXC6655", 0}, @@ -506,6 +573,7 @@ static struct i2c_driver mxc4005_driver = { .name = MXC4005_DRV_NAME, .acpi_match_table = mxc4005_acpi_match, .of_match_table = mxc4005_of_match, + .pm = pm_sleep_ptr(&mxc4005_pm_ops), }, .probe = mxc4005_probe, .id_table = mxc4005_id,

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe/vm: prevent UAF in rebind_work_func()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 98957360563e7ffdc0c2b3a314655eff8bc1cb5a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-bonehead-slang-4a7c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 98957360563e ("drm/xe/vm: prevent UAF in rebind_work_func()") 0eb2a18a8fad ("drm/xe: Implement VM snapshot support for BO's and userptr") be7d51c5b468 ("drm/xe: Add batch buffer addresses to devcoredump") 4376cee62092 ("drm/xe: Print more device information in devcoredump") 98fefec8c381 ("drm/xe: Change devcoredump functions parameters to xe_sched_job") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 98957360563e7ffdc0c2b3a314655eff8bc1cb5a Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Tue, 23 Apr 2024 08:47:23 +0100 Subject: [PATCH] drm/xe/vm: prevent UAF in rebind_work_func() We flush the rebind worker during the vm close phase, however in places like preempt_fence_work_func() we seem to queue the rebind worker without first checking if the vm has already been closed. The concern here is the vm being closed with the worker flushed, but then being rearmed later, which looks like potential uaf, since there is no actual refcounting to track the queued worker. We can't take the vm->lock here in preempt_rebind_work_func() to first check if the vm is closed since that will deadlock, so instead flush the worker again when the vm refcount reaches zero. v2: - Grabbing vm->lock in the preempt worker creates a deadlock, so checking the closed state is tricky. Instead flush the worker when the refcount reaches zero. It should be impossible to queue the preempt worker without already holding vm ref. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1676 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1591 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1364 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1304 Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/1249 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240423074721.119633-4-matth… (cherry picked from commit 3d44d67c441a9fe6f81a1d705f7de009a32a5b35) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 3d4c8f342e21..32cd0c978aa2 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -1606,6 +1606,9 @@ static void vm_destroy_work_func(struct work_struct *w) /* xe_vm_close_and_put was not called? */ xe_assert(xe, !vm->size); + if (xe_vm_in_preempt_fence_mode(vm)) + flush_work(&vm->preempt.rebind_work); + mutex_destroy(&vm->snap_mutex); if (!(vm->flags & XE_VM_FLAG_MIGRATION))

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Use ordered WQ for G2H handler" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x c002bfe644a29ba600c571f2abba13a155a12dcd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051310-legacy-papaya-0d01@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: c002bfe644a2 ("drm/xe: Use ordered WQ for G2H handler") 7bd9c9f962eb ("drm/xe/guc: Check error code when initializing the CT mutex") 5030e16140b6 ("drm/xe/guc: Only take actions in CT irq handler if CTs are enabled") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c002bfe644a29ba600c571f2abba13a155a12dcd Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Sun, 5 May 2024 20:47:58 -0700 Subject: [PATCH] drm/xe: Use ordered WQ for G2H handler System work queues are shared, use a dedicated work queue for G2H processing to avoid G2H processing getting block behind system tasks. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Reviewed-by: Francois Dugast <francois.dugast(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240506034758.3697397-1-matt… (cherry picked from commit 50aec9665e0babd62b9eee4e613d9a1ef8d2b7de) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index c62dbd6420db..8bbfa45798e2 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -120,6 +120,7 @@ static void guc_ct_fini(struct drm_device *drm, void *arg) { struct xe_guc_ct *ct = arg; + destroy_workqueue(ct->g2h_wq); xa_destroy(&ct->fence_lookup); } @@ -145,6 +146,10 @@ int xe_guc_ct_init(struct xe_guc_ct *ct) xe_assert(xe, !(guc_ct_size() % PAGE_SIZE)); + ct->g2h_wq = alloc_ordered_workqueue("xe-g2h-wq", 0); + if (!ct->g2h_wq) + return -ENOMEM; + spin_lock_init(&ct->fast_lock); xa_init(&ct->fence_lookup); INIT_WORK(&ct->g2h_worker, g2h_worker_func); diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5083e099064f..105bb8e99a8d 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -34,7 +34,7 @@ static inline void xe_guc_ct_irq_handler(struct xe_guc_ct *ct) return; wake_up_all(&ct->wq); - queue_work(system_unbound_wq, &ct->g2h_worker); + queue_work(ct->g2h_wq, &ct->g2h_worker); xe_guc_ct_fast_path(ct); } diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index d29144c9f20b..fede4c6e93cb 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -120,6 +120,8 @@ struct xe_guc_ct { wait_queue_head_t wq; /** @g2h_fence_wq: wait queue used for G2H fencing */ wait_queue_head_t g2h_fence_wq; + /** @g2h_wq: used to process G2H */ + struct workqueue_struct *g2h_wq; /** @msg: Message buffer */ u32 msg[GUC_CTB_MSG_MAX_LEN]; /** @fast_msg: Message buffer */

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051331-lasso-junkie-d098@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] workqueue: Fix divide error in wq_update_node_max_active()" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x 91f098704c25106d88706fc9f8bcfce01fdb97df # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051329-golf-handwoven-298c@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: 91f098704c25 ("workqueue: Fix divide error in wq_update_node_max_active()") 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") 91ccc6e7233b ("workqueue: Introduce struct wq_node_nr_active") 9f66cff212bb ("workqueue: RCU protect wq->dfl_pwq and implement accessors for it") c5404d4e6df6 ("workqueue: Make wq_adjust_max_active() round-robin pwqs while activating") 1c270b79ce0b ("workqueue: Move nr_active handling into helpers") 4c6380305d21 ("workqueue: Replace pwq_activate_inactive_work() with [__]pwq_activate_work()") afa87ce85379 ("workqueue: Factor out pwq_is_empty()") a045a272d887 ("workqueue: Move pwq->max_active to wq->max_active") 31c89007285d ("workqueue.c: Increase workqueue name length") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 91f098704c25106d88706fc9f8bcfce01fdb97df Mon Sep 17 00:00:00 2001 From: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Date: Wed, 24 Apr 2024 21:51:54 +0800 Subject: [PATCH] workqueue: Fix divide error in wq_update_node_max_active() Yue Sun and xingwei lee reported a divide error bug in wq_update_node_max_active(): divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 PID: 21 Comm: cpuhp/1 Not tainted 6.9.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:wq_update_node_max_active+0x369/0x6b0 kernel/workqueue.c:1605 Code: 24 bf 00 00 00 80 44 89 fe e8 83 27 33 00 41 83 fc ff 75 0d 41 81 ff 00 00 00 80 0f 84 68 01 00 00 e8 fb 22 33 00 44 89 f8 99 <41> f7 fc 89 c5 89 c7 44 89 ee e8 a8 24 33 00 89 ef 8b 5c 24 04 89 RSP: 0018:ffffc9000018fbb0 EFLAGS: 00010293 RAX: 00000000000000ff RBX: 0000000000000001 RCX: ffff888100ada500 RDX: 0000000000000000 RSI: 00000000000000ff RDI: 0000000080000000 RBP: 0000000000000001 R08: ffffffff815b1fcd R09: 1ffff1100364ad72 R10: dffffc0000000000 R11: ffffed100364ad73 R12: 0000000000000000 R13: 0000000000000100 R14: 0000000000000000 R15: 00000000000000ff FS: 0000000000000000(0000) GS:ffff888135c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fb8c06ca6f8 CR3: 000000010d6c6000 CR4: 0000000000750ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> workqueue_offline_cpu+0x56f/0x600 kernel/workqueue.c:6525 cpuhp_invoke_callback+0x4e1/0x870 kernel/cpu.c:194 cpuhp_thread_fun+0x411/0x7d0 kernel/cpu.c:1092 smpboot_thread_fn+0x544/0xa10 kernel/smpboot.c:164 kthread+0x2ed/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- After analysis, it happens when all of the CPUs in a workqueue's affinity get offine. The problem can be easily reproduced by: # echo 8 > /sys/devices/virtual/workqueue/<any-wq-name>/cpumask # echo 0 > /sys/devices/system/cpu/cpu3/online Use the default max_actives for nodes when all of the CPUs in the workqueue's affinity get offline to fix the problem. Reported-by: Yue Sun <samsun1006219(a)gmail.com> Reported-by: xingwei lee <xrivendell7(a)gmail.com> Link: https://lore.kernel.org/lkml/CAEkJfYPGS1_4JqvpSo0=FM0S1ytB8CEbyreLTtWpR900d… Fixes: 5797b1c18919 ("workqueue: Implement system-wide nr_active enforcement for unbound workqueues") Cc: stable(a)vger.kernel.org Signed-off-by: Lai Jiangshan <jiangshan.ljs(a)antgroup.com> Signed-off-by: Tejun Heo <tj(a)kernel.org> diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 5f536c63a48d..d2dbe099286b 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c @@ -1598,6 +1598,15 @@ static void wq_update_node_max_active(struct workqueue_struct *wq, int off_cpu) if (off_cpu >= 0) total_cpus--; + /* If all CPUs of the wq get offline, use the default values */ + if (unlikely(!total_cpus)) { + for_each_node(node) + wq_node_nr_active(wq, node)->max = min_active; + + wq_node_nr_active(wq, NUMA_NO_NODE)->max = max_active; + return; + } + for_each_node(node) { int node_cpus;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-aversion-endearing-7ab9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051346-vintage-pull-0a38@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: add missing mutex_unlock in" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 9af503d91298c3f2945e73703f0e00995be08c30 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051347-kerchief-drainpipe-d49b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 9af503d91298 ("btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()") 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9af503d91298c3f2945e73703f0e00995be08c30 Mon Sep 17 00:00:00 2001 From: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Date: Fri, 19 Apr 2024 11:22:48 +0900 Subject: [PATCH] btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() The previous patch that replaced BUG_ON by error handling forgot to unlock the mutex in the error path. Link: https://lore.kernel.org/all/Zh%2fHpAGFqa7YAFuM@duo.ucw.cz Reported-by: Pavel Machek <pavel(a)denx.de> Fixes: 7411055db5ce ("btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()") CC: stable(a)vger.kernel.org Reviewed-by: Pavel Machek <pavel(a)denx.de> Signed-off-by: Dominique Martinet <dominique.martinet(a)atmark-techno.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c index dedec3d9b111..c72c351fe7eb 100644 --- a/fs/btrfs/volumes.c +++ b/fs/btrfs/volumes.c @@ -3419,6 +3419,7 @@ static int btrfs_relocate_sys_chunks(struct btrfs_fs_info *fs_info) * alignment and size). */ ret = -EUCLEAN; + mutex_unlock(&fs_info->reclaim_bgs_lock); goto error; }

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] mm/slab: make __free(kfree) accept error pointers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-botch-pregame-1b8b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cd7eb8f83fcf ("mm/slab: make __free(kfree) accept error pointers") a67d74a4b163 ("mm/slab: Add __free() support for kvfree") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd7eb8f83fcf258f71e293f7fc52a70be8ed0128 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)linaro.org> Date: Sun, 28 Apr 2024 17:26:44 +0300 Subject: [PATCH] mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this. Fixes: 54da6a092431 ("locking: Introduce __cleanup() based infrastructure") Cc: <stable(a)vger.kernel.org> Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Acked-by: David Rientjes <rientjes(a)google.com> Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/include/linux/slab.h b/include/linux/slab.h index e53cbfa18325..739b21262507 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -266,7 +266,7 @@ void kfree(const void *objp); void kfree_sensitive(const void *objp); size_t __ksize(const void *objp); -DEFINE_FREE(kfree, void *, if (_T) kfree(_T)) +DEFINE_FREE(kfree, void *, if (!IS_ERR_OR_NULL(_T)) kfree(_T)) /** * ksize - Report actual allocation size of associated object @@ -792,7 +792,7 @@ static inline __alloc_size(1, 2) void *kvcalloc(size_t n, size_t size, gfp_t fla extern void *kvrealloc(const void *p, size_t oldsize, size_t newsize, gfp_t flags) __realloc_size(3); extern void kvfree(const void *addr); -DEFINE_FREE(kvfree, void *, if (_T) kvfree(_T)) +DEFINE_FREE(kvfree, void *, if (!IS_ERR_OR_NULL(_T)) kvfree(_T)) extern void kvfree_sensitive(const void *addr, size_t len);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 955a923d2809803980ff574270f81510112be9cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051344-squeamish-runaround-c445@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 955a923d2809803980ff574270f81510112be9cf Mon Sep 17 00:00:00 2001 From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Date: Mon, 22 Apr 2024 16:33:49 -0400 Subject: [PATCH] maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an empty or single entry state. A user could trigger the events to cause a kernel oops by unmapping all vmas to produce an empty maple tree, then mapping a vma that would cause the scenario described above. Link: https://lkml.kernel.org/r/20240422203349.2418465-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Marius Fleischer <fleischermarius(a)gmail.com> Closes: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Link: https://lore.kernel.org/lkml/CAJg=8jyuSxDL6XvqEXY_66M20psRK2J53oBTP+fjV5xpW… Tested-by: Marius Fleischer <fleischermarius(a)gmail.com> Tested-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/lib/maple_tree.c b/lib/maple_tree.c index 55e1b35bf877..2d7d27e6ae3c 100644 --- a/lib/maple_tree.c +++ b/lib/maple_tree.c @@ -5109,18 +5109,18 @@ int mas_empty_area_rev(struct ma_state *mas, unsigned long min, if (size == 0 || max - min < size - 1) return -EINVAL; - if (mas_is_start(mas)) { + if (mas_is_start(mas)) mas_start(mas); - mas->offset = mas_data_end(mas); - } else if (mas->offset >= 2) { - mas->offset -= 2; - } else if (!mas_rewind_node(mas)) { + else if ((mas->offset < 2) && (!mas_rewind_node(mas))) return -EBUSY; - } - /* Empty set. */ - if (mas_is_none(mas) || mas_is_ptr(mas)) + if (unlikely(mas_is_none(mas) || mas_is_ptr(mas))) return mas_sparse_area(mas, min, max, size, false); + else if (mas->offset >= 2) + mas->offset -= 2; + else + mas->offset = mas_data_end(mas); + /* The start of the window can only be within these values. */ mas->index = min;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051356-giggling-footnote-3212@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] btrfs: set correct ram_bytes when splitting ordered extent" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051355-remorse-paragraph-dbaa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 63a6ce5a1a62 ("btrfs: set correct ram_bytes when splitting ordered extent") 52b1fdca23ac ("btrfs: handle completed ordered extents in btrfs_split_ordered_extent") 816f589b8d43 ("btrfs: atomically insert the new extent in btrfs_split_ordered_extent") b0307e28642e ("btrfs: return the new ordered_extent from btrfs_split_ordered_extent") ebdb44a00e25 ("btrfs: reorder conditions in btrfs_extract_ordered_extent") f0f5329a00ba ("btrfs: don't split NOCOW extent_maps in btrfs_extract_ordered_extent") 7edd339c8a41 ("btrfs: pass an ordered_extent to btrfs_extract_ordered_extent") 2e38a84bc6ab ("btrfs: simplify extent map splitting and rename split_zoned_em") f0792b792dbe ("btrfs: fold btrfs_clone_ordered_extent into btrfs_split_ordered_extent") 8f4af4b8e122 ("btrfs: sink parameter len to btrfs_split_ordered_extent") 11d33ab6c1f3 ("btrfs: simplify splitting logic in btrfs_extract_ordered_extent") e44ca71cfe07 ("btrfs: move ordered_extent internal sanity checks into btrfs_split_ordered_extent") 2cef0c79bb81 ("btrfs: make btrfs_split_bio work on struct btrfs_bio") ae42a154ca89 ("btrfs: pass a btrfs_bio to btrfs_submit_bio") 34f888ce3a35 ("btrfs: cleanup main loop in btrfs_encoded_read_regular_fill_pages") 10e924bc320a ("btrfs: factor out a btrfs_add_compressed_bio_pages helper") e7aff33e3161 ("btrfs: use the bbio file offset in btrfs_submit_compressed_read") 798c9fc74d03 ("btrfs: remove redundant free_extent_map in btrfs_submit_compressed_read") 544fe4a903ce ("btrfs: embed a btrfs_bio into struct compressed_bio") d5e4377d5051 ("btrfs: split zone append bios in btrfs_submit_bio") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63a6ce5a1a6261e4c70bad2b55c4e0de8da4762e Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Tue, 16 Apr 2024 08:07:00 +0930 Subject: [PATCH] btrfs: set correct ram_bytes when splitting ordered extent [BUG] When running generic/287, the following file extent items can be generated: item 16 key (258 EXTENT_DATA 2682880) itemoff 15305 itemsize 53 generation 9 type 1 (regular) extent data disk byte 1378414592 nr 462848 extent data offset 0 nr 462848 ram 2097152 extent compression 0 (none) Note that file extent item is not a compressed one, but its ram_bytes is way larger than its disk_num_bytes. According to btrfs on-disk scheme, ram_bytes should match disk_num_bytes if it's not a compressed one. [CAUSE] Since commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit"), for partial dio writes, we would split the ordered extent. However the function btrfs_split_ordered_extent() doesn't update the ram_bytes even it has already shrunk the disk_num_bytes. Originally the function btrfs_split_ordered_extent() is only introduced for zoned devices in commit d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent"), but later commit b73a6fd1b1ef ("btrfs: split partial dio bios before submit") makes non-zoned btrfs affected. Thankfully for un-compressed file extent, we do not really utilize the ram_bytes member, thus it won't cause any real problem. [FIX] Also update btrfs_ordered_extent::ram_bytes inside btrfs_split_ordered_extent(). Fixes: d22002fd37bd ("btrfs: zoned: split ordered extent when bio is sent") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/ordered-data.c b/fs/btrfs/ordered-data.c index b749ba45da2b..c2a42bcde98e 100644 --- a/fs/btrfs/ordered-data.c +++ b/fs/btrfs/ordered-data.c @@ -1188,6 +1188,7 @@ struct btrfs_ordered_extent *btrfs_split_ordered_extent( ordered->disk_bytenr += len; ordered->num_bytes -= len; ordered->disk_num_bytes -= len; + ordered->ram_bytes -= len; if (test_bit(BTRFS_ORDERED_IO_DONE, &ordered->flags)) { ASSERT(ordered->bytes_left == 0);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051326-travesty-kindle-cdeb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-botch-always-c36d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051325-uphill-unworldly-8335@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051324-lather-duvet-ca29@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x cdc9946ea6377e8e214b135ccc308c5e514ba25f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051323-entering-curtly-c09a@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cdc9946ea6377e8e214b135ccc308c5e514ba25f Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:23:57 +0000 Subject: [PATCH] usb: typec: tcpm: enforce ready state when queueing alt mode vdm Before sending Enter Mode for an Alt Mode, there is a gap between Discover Modes and the Alt Mode driver queueing the Enter Mode VDM for the port partner to send a message to the port. If this message results in unregistering Alt Modes such as in a DR_SWAP, then the following deadlock can occur with respect to the DisplayPort Alt Mode driver: 1. The DR_SWAP state holds port->lock. Unregistering the Alt Mode driver results in a cancel_work_sync() that waits for the current dp_altmode_work to finish. 2. dp_altmode_work makes a call to tcpm_altmode_enter. The deadlock occurs because tcpm_queue_vdm_unlock attempts to hold port->lock. Before attempting to grab the lock, ensure that the port is in a state vdm_run_state_machine can run in. Alt Mode unregistration will not occur in these states. Fixes: 03eafcfb60c0 ("usb: typec: tcpm: Add tcpm_queue_vdm_unlocked() helper") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202356.3372314-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 77e632ea6872..53c1f308ebd7 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1564,6 +1564,10 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) { + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) + return; + mutex_lock(&port->lock); tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); mutex_unlock(&port->lock);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: Check for port partner validity before" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ae11f04b452b5205536e1c02d31f8045eba249dd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-grumble-contour-16d3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ae11f04b452b ("usb: typec: tcpm: Check for port partner validity before consuming it") c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae11f04b452b5205536e1c02d31f8045eba249dd Mon Sep 17 00:00:00 2001 From: Badhri Jagan Sridharan <badhri(a)google.com> Date: Sat, 27 Apr 2024 20:28:12 +0000 Subject: [PATCH] usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240427202812.3435268-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 53c1f308ebd7..8a1af08f71b6 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1584,7 +1584,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1746,6 +1747,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -4238,7 +4242,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -4248,9 +4255,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; typec_partner_set_usb_power_delivery(port->partner, port->partner_pd); } } @@ -4330,9 +4341,11 @@ static void tcpm_typec_disconnect(struct tcpm_port *port) port->plug_prime = NULL; port->cable = NULL; if (port->connected) { - typec_partner_set_usb_power_delivery(port->partner, NULL); - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_partner_set_usb_power_delivery(port->partner, NULL); + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -4556,6 +4569,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break;

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051338-manager-debatable-2c57@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051337-january-scrooge-500c@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") 42b8ff477202 ("Input: amimouse - convert to platform remove callback returning void") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051336-attentive-economy-1fd2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-augmented-overblown-4920@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051335-reacquire-salvaging-9c43@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: bf20c69cf3cf ("usb: typec: tcpm: clear pd_event queue in PORT_RESET") 197331b27ac8 ("usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices") 1e35f074399d ("usb: typec: tcpm: fix cc role at port reset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bf20c69cf3cf9c6445c4925dd9a8a6ca1b78bfdf Mon Sep 17 00:00:00 2001 From: RD Babiera <rdbabiera(a)google.com> Date: Tue, 23 Apr 2024 20:27:16 +0000 Subject: [PATCH] usb: typec: tcpm: clear pd_event queue in PORT_RESET When a Fast Role Swap control message attempt results in a transition to ERROR_RECOVERY, the TCPC can still queue a TCPM_SOURCING_VBUS event. If the event is queued but processed after the tcpm_reset_port() call in the PORT_RESET state, then the following occurs: 1. tcpm_reset_port() calls tcpm_init_vbus() to reset the vbus sourcing and sinking state 2. tcpm_pd_event_handler() turns VBUS on before the port is in the default state. 3. The port resolves as a sink. In the SNK_DISCOVERY state, tcpm_set_charge() cannot set vbus to charge. Clear pd events within PORT_RESET to get rid of non-applicable events. Fixes: b17dd57118fe ("staging: typec: tcpm: Improve role swap with non PD capable partners") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240423202715.3375827-2-rdbabiera@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 99a039374f9c..a0e0ffd5a64b 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -5605,6 +5605,7 @@ static void run_state_machine(struct tcpm_port *port) break; case PORT_RESET: tcpm_reset_port(port); + port->pd_events = 0; if (port->self_powered) tcpm_set_cc(port, TYPEC_CC_OPEN); else

11 months, 3 weeks

1
0
0 0

[PATCH] powerpc/85xx: fix compile error without CONFIG_CRASH_DUMP

by Hari Bathini

Since commit 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency"), crashing_cpu is not available without CONFIG_CRASH_DUMP. Fix compile error on 64-BIT 85xx owing to this change. Cc: stable(a)vger.kernel.org Fixes: 5c4233cc0920 ("powerpc/kdump: Split KEXEC_CORE and CRASH_DUMP dependency") Reported-by: Christian Zigotzky <chzigotzky(a)xenosoft.de> Closes: https://lore.kernel.org/all/fa247ae4-5825-4dbe-a737-d93b7ab4d4b9@xenosoft.d… Suggested-by: Michael Ellerman <mpe(a)ellerman.id.au> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/platforms/85xx/smp.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/85xx/smp.c b/arch/powerpc/platforms/85xx/smp.c index 40aa58206888..e52b848b64b7 100644 --- a/arch/powerpc/platforms/85xx/smp.c +++ b/arch/powerpc/platforms/85xx/smp.c @@ -398,6 +398,7 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) hard_irq_disable(); mpic_teardown_this_cpu(secondary); +#ifdef CONFIG_CRASH_DUMP if (cpu == crashing_cpu && cpu_thread_in_core(cpu) != 0) { /* * We enter the crash kernel on whatever cpu crashed, @@ -406,9 +407,11 @@ static void mpc85xx_smp_kexec_cpu_down(int crash_shutdown, int secondary) */ disable_threadbit = 1; disable_cpu = cpu_first_thread_sibling(cpu); - } else if (sibling != crashing_cpu && - cpu_thread_in_core(cpu) == 0 && - cpu_thread_in_core(sibling) != 0) { + } else if (sibling == crashing_cpu) { + return; + } +#endif + if (cpu_thread_in_core(cpu) == 0 && cpu_thread_in_core(sibling) != 0) { disable_threadbit = 2; disable_cpu = sibling; } -- 2.45.0

11 months, 3 weeks

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051307-reseller-bagging-3dbc@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051305-stillness-skirmish-11b0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051304-junkman-evoke-3fa9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051303-flagstone-snowbound-2d25@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 24729b307eefcd7c476065cd7351c1a018082c19 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051302-basin-buffed-b0cd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 24729b307eef ("usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete") b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 24729b307eefcd7c476065cd7351c1a018082c19 Mon Sep 17 00:00:00 2001 From: Wesley Cheng <quic_wcheng(a)quicinc.com> Date: Mon, 8 Apr 2024 18:40:59 -0700 Subject: [PATCH] usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Fixes: 2e4c7553cd6f ("usb: gadget: f_fs: add aio support") Cc: stable <stable(a)kernel.org> # b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") Signed-off-by: Wesley Cheng <quic_wcheng(a)quicinc.com> Link: https://lore.kernel.org/r/20240409014059.6740-1-quic_wcheng@quicinc.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/gadget/function/f_fs.c b/drivers/usb/gadget/function/f_fs.c index f855f1fc8e5e..aa80c2a6b8e0 100644 --- a/drivers/usb/gadget/function/f_fs.c +++ b/drivers/usb/gadget/function/f_fs.c @@ -852,6 +852,7 @@ static void ffs_user_copy_worker(struct work_struct *work) work); int ret = io_data->status; bool kiocb_has_eventfd = io_data->kiocb->ki_flags & IOCB_EVENTFD; + unsigned long flags; if (io_data->read && ret > 0) { kthread_use_mm(io_data->mm); @@ -864,6 +865,11 @@ static void ffs_user_copy_worker(struct work_struct *work) if (io_data->ffs->ffs_eventfd && !kiocb_has_eventfd) eventfd_signal(io_data->ffs->ffs_eventfd); + spin_lock_irqsave(&io_data->ffs->eps_lock, flags); + usb_ep_free_request(io_data->ep, io_data->req); + io_data->req = NULL; + spin_unlock_irqrestore(&io_data->ffs->eps_lock, flags); + if (io_data->read) kfree(io_data->to_free); ffs_free_buffer(io_data); @@ -877,7 +883,6 @@ static void ffs_epfile_async_io_complete(struct usb_ep *_ep, struct ffs_data *ffs = io_data->ffs; io_data->status = req->status ? req->status : req->actual; - usb_ep_free_request(_ep, req); INIT_WORK(&io_data->work, ffs_user_copy_worker); queue_work(ffs->io_completion_wq, &io_data->work);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051321-backyard-cranial-5f34@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

11 months, 3 weeks

1
0
0 0

FAILED: patch "[PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe" failed to apply to 6.8-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.8-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.8.y git checkout FETCH_HEAD git cherry-pick -x d80eee97cb4e90768a81c856ac71d721996d86b7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051320-bleep-cure-25ea@gregkh' --subject-prefix 'PATCH 6.8.y' HEAD^.. Possible dependencies: d80eee97cb4e ("usb: typec: qcom-pmic: fix use-after-free on late probe errors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d80eee97cb4e90768a81c856ac71d721996d86b7 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Thu, 18 Apr 2024 16:57:29 +0200 Subject: [PATCH] usb: typec: qcom-pmic: fix use-after-free on late probe errors Make sure to stop and deregister the port in case of late probe errors to avoid use-after-free issues when the underlying memory is released by devres. Fixes: a4422ff22142 ("usb: typec: qcom: Add Qualcomm PMIC Type-C driver") Cc: stable(a)vger.kernel.org # 6.5 Cc: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Reviewed-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20240418145730.4605-2-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c index e48412cdcb0f..d3958c061a97 100644 --- a/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c +++ b/drivers/usb/typec/tcpm/qcom/qcom_pmic_typec.c @@ -104,14 +104,18 @@ static int qcom_pmic_typec_probe(struct platform_device *pdev) ret = tcpm->port_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_unregister; ret = tcpm->pdphy_start(tcpm, tcpm->tcpm_port); if (ret) - goto fwnode_remove; + goto port_stop; return 0; +port_stop: + tcpm->port_stop(tcpm); +port_unregister: + tcpm_unregister_port(tcpm->tcpm_port); fwnode_remove: fwnode_remove_software_node(tcpm->tcpc.fwnode);

11 months, 3 weeks

1
0
0 0

4.19 stable kernel crash caused by vxlan testing

by zhulei

Hey all, I recently used a testing program to test the 4.19 stable branch kernel and found that a crash occurred immediately. The test source code link is: https://github.com/Backmyheart/src0358/blob/master/vxlan_fdb_destroy.c The test command is as follows: gcc vxlan_fdb_destroy.c -o vxlan_fdb_destroy -lpthread According to its stack, upstream has relevant repair patch, the commit id is 7c31e54aeee517d1318dfc0bde9fa7de75893dc6. May i ask if the 4.19 kernel will port this patch ?

11 months, 3 weeks

4
4
0 0

[PATCH 6.1 000/272] 6.1.84-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.84 release. There are 272 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.84-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.84-rc1 Natanael Copa <ncopa(a)alpinelinux.org> tools/resolve_btfids: fix build with musl libc Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in usb_deauthorize_interface() Kevin Loughlin <kevinloughlin(a)google.com> x86/sev: Skip ROM range scans and validation for SEV-SNP guests Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Fix disk not being scanned in after being removed Xingui Yang <yangxingui(a)huawei.com> scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for wqe for memset() Muhammad Usama Anjum <usama.anjum(a)collabora.com> scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Sabrina Dubroca <sd(a)queasysnail.net> tls: fix use-after-free on failed backlog decryption Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Delay I/O Abort on PCI error Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Change debug message during driver unload Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Fix double free of fcport Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix command flush on cable pull Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: NVME|FCP prefer flag not being honored Bikash Hazarika <bhazarika(a)marvell.com> scsi: qla2xxx: Update manufacturer detail Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Split FCE|EFT trace control Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix N2N stuck connection Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Prevent command send on chip reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi_acpi: Refactor and fix DELL quirk Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Ack unsupported commands Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Check for notifications after init Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Kyle Tso <kyletso(a)google.com> usb: typec: Return size of buffer if pd_set operation succeeds yuan linyu <yuanlinyu(a)hihonor.com> usb: udc: remove warning when queue disabled ep Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: LPM flow fix Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: gadget: Fix exiting from clock gating Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix ISOC flow in DDMA mode Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix hibernation flow Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix remote wakeup from hibernation Damien Le Moal <dlemoal(a)kernel.org> scsi: sd: Fix TCG OPAL unlock on system resume Alan Stern <stern(a)rowland.harvard.edu> USB: core: Fix deadlock in port "disable" sysfs attribute Alan Stern <stern(a)rowland.harvard.edu> USB: core: Add hub_get() and hub_put() routines Dan Carpenter <dan.carpenter(a)linaro.org> staging: vc04_services: fix information leak in create_component() Arnd Bergmann <arnd(a)arndb.de> staging: vc04_services: changen strncpy() to strscpy_pad() Guilherme G. Piccoli <gpiccoli(a)igalia.com> scsi: core: Fix unremoved procfs host directory regression Duoming Zhou <duoming(a)zju.edu.cn> ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Roger Quadros <rogerq(a)kernel.org> usb: dwc3-am62: fix module unload/reload behavior Ladislav Michl <ladis(a)linux-mips.org> usb: dwc3-am62: Rename private data Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> USB: UAS: return ENODEV when submit urbs fail with device not attached Oliver Neukum <oneukum(a)suse.com> usb: cdc-wdm: close race between read and workqueue Alexander Stein <alexander.stein(a)ew.tq-group.com> Revert "usb: phy: generic: Get the vbus supply" Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Chris Wilson <chris(a)chris-wilson.co.uk> drm/i915/gt: Reset queue_priority_hint on parking Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Eric Huang <jinhuieric.huang(a)amd.com> drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Jocelyn Falempe <jfalempe(a)redhat.com> drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Claus Hansen Ries <chr(a)terma.com> net: ll_temac: platform_get_resource replaced by wrong function Duoming Zhou <duoming(a)zju.edu.cn> nouveau/dmem: handle kcalloc() allocation failure Ye Zhang <ye.zhang(a)rock-chips.com> thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Damien Le Moal <dlemoal(a)kernel.org> block: Do not force full zone append completion in req_bio_endio() Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Avoid negative index with array access Mikko Rapeli <mikko.rapeli(a)linaro.org> mmc: core: Initialize mmc_blk_ioc_data Romain Naour <romain.naour(a)skf.com> mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Nathan Chancellor <nathan(a)kernel.org> hexagon: vmlinux.lds.S: handle attributes section Max Filippov <jcmvbkbc(a)gmail.com> exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: fw: don't always use FW dump trig Felix Fietkau <nbd(a)nbd.name> wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use zone aware sb location for scrub Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: don't skip block groups with 100% zone unusable Ard Biesheuvel <ardb(a)kernel.org> efi/libstub: Cast away type warning in use of max() Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Add missing boot_params for mixed mode compat entry John Sperbeck <jsperbeck(a)google.com> init: open /initrd.image with O_LARGEFILE Zi Yan <ziy(a)nvidia.com> mm/migrate: set swap entry values of THP tail pages properly. Ard Biesheuvel <ardb(a)kernel.org> x86/sev: Fix position dependent variable references in startup code Borislav Petkov (AMD) <bp(a)alien8.de> x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Get rid of accessor functions Borislav Petkov (AMD) <bp(a)alien8.de> x86/coco: Export cc_vendor Alex Williamson <alex.williamson(a)redhat.com> vfio/fsl-mc: Block calling interrupt handler without trigger Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Create persistent IRQ handlers Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Create persistent INTx handler Alex Williamson <alex.williamson(a)redhat.com> vfio: Introduce interface to flush virqfd inject workqueue Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Disable auto-enable of exclusive INTx IRQ Geliang Tang <tanggeliang(a)kylinos.cn> selftests: mptcp: diag: return KSFT_FAIL not test_cnt Chengming Zhou <zhouchengming(a)bytedance.com> blk-mq: release scheduler resource when request completes Tony Battersby <tonyb(a)cybernetics.com> block: Fix page refcounts for unaligned buffers in __bio_release_pages() Rickard x Andersson <rickaran(a)axis.com> tty: serial: imx: Fix broken RS485 Zoltan HERPAI <wigyori(a)uid0.hu> pwm: img: fix pwm clock lookup Oleksandr Tymoshenko <ovt(a)google.com> efi: fix panic in kdump kernel Adamos Ttofari <attofari(a)amazon.de> x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD KONDO KAZUMA(近藤　和真) <kazuma-kondo(a)nec.com> efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> irqchip/renesas-rzg2l: Implement restriction when writing ISCR register John Ogness <john.ogness(a)linutronix.de> printk: Update @console_may_schedule in console_trylock_spinning() Nicolin Chen <nicolinc(a)nvidia.com> iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Will Deacon <will(a)kernel.org> swiotlb: Fix alignment checks when both allocation and DMA masks are present David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) André Rösti <an.roesti(a)gmail.com> entry: Respect changes to system call number by trace_sys_enter() Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> clocksource/drivers/arm_global_timer: Fix maximum prescaler value Charan Teja Kalla <quic_charante(a)quicinc.com> iommu: Avoid races around default domain allocations Jiawei Wang <me(a)jwang.link> ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Jakub Kicinski <kuba(a)kernel.org> net: tls: handle backlogging of crypto requests Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Call mixed mode boot services on the firmware's stack Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: handle range offsets in VRR ranges Heiner Kallweit <hkallweit1(a)gmail.com> i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix I2C FIFO data register Cosmin Tanislav <demonsingur(a)gmail.com> iio: accel: adxl367: fix DEVID read after reset Vlastimil Babka <vbabka(a)suse.cz> mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Sumit Garg <sumit.garg(a)linaro.org> tee: optee: Fix kernel panic caused by incorrect error handling Andy Chi <andy.chi(a)canonical.com> ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Bart Van Assche <bvanassche(a)acm.org> fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Nicolas Pitre <nico(a)fluxnic.net> vt: fix unicode buffer corruption when deleting characters Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point H DID Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add arrow lake point S DID Hans de Goede <hdegoede(a)redhat.com> misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Peter Collingbourne <pcc(a)google.com> serial: 8250_dw: Do not reclock if already at correct rate Sherry Sun <sherry.sun(a)nxp.com> tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: port: Don't try to peer unused USB ports based on location Krishna Kurapati <quic_kriskura(a)quicinc.com> usb: gadget: ncm: Fix handling of zero block length packets Alan Stern <stern(a)rowland.harvard.edu> USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Nirmoy Das <nirmoy.das(a)intel.com> drm/i915: Check before removing mm notifier Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the error of pwm1_enable setting Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Use .flush() call to wake up readers Sean Christopherson <seanjc(a)google.com> KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Sean Christopherson <seanjc(a)google.com> KVM: x86: Mark target gfn of emulated atomic instruction as dirty Kees Cook <keescook(a)chromium.org> init/Kconfig: lower GCC version check for -Warray-bounds Nathan Chancellor <nathan(a)kernel.org> xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Michael Kelley <mhklinux(a)outlook.com> Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject constant set with timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: disallow anonymous set with timeout flag Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Jakub Kicinski <kuba(a)kernel.org> tls: fix race between tx work scheduling and socket close Hans de Goede <hdegoede(a)redhat.com> platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" Anton Altaparmakov <anton(a)tuxera.com> x86/pm: Work around false positive kmemleak report in msr_build_context() Mikulas Patocka <mpatocka(a)redhat.com> dm snapshot: fix lockup in dm_exception_table_exit Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Fix noise issue on HDMI AV mute Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Return the correct HDCP error code Philip Yang <Philip.Yang(a)amd.com> drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Conrad Kostecki <conikost(a)gentoo.org> ahci: asm1064: asm1166: don't limit reported ports Andrey Jr. Melnikov <temnota.am(a)gmail.com> ahci: asm1064: correct count of reported ports Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: access device through ctx instead of peer Jason A. Donenfeld <Jason(a)zx2c4.com> wireguard: netlink: check for dangling peer via is_dead instead of empty list Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define the __io_aw() hook as mmiowb() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Steven Rostedt (Google) <rostedt(a)goodmis.org> net: hns3: tracing: fix hclgevf trace event strings Steven Rostedt (Google) <rostedt(a)goodmis.org> NFSD: Fix nfsd_clid_class use of __string_len() macro Borislav Petkov (AMD) <bp(a)alien8.de> x86/CPU/AMD: Update the Zenbleed microcode revisions Marek Szyprowski <m.szyprowski(a)samsung.com> cpufreq: dt: always allocate zeroed cpumask Eugene Korenevsky <ekorenevsky(a)astralinux.ru> cifs: open_cached_dir(): add FILE_READ_EA to desired access Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: prevent kernel bug at submit_bh_wbc() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix failure to detect DAT corruption in btree and direct mappings Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: truncate page cache before clearing flags when aborting atomic write Sunmin Jeong <s_min.jeong(a)samsung.com> f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Bart Van Assche <bvanassche(a)acm.org> Revert "block/mq-deadline: use correct way to throttling write requests" Qiang Zhang <qiang4.zhang(a)intel.com> memtest: use {READ,WRITE}_ONCE in memory scanning Jani Nikula <jani.nikula(a)intel.com> drm/vc4: hdmi: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/imx/ipuv3: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/exynos: do not return negative values from .get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/panel: do not return negative error codes from drm_panel_get_modes() Jani Nikula <jani.nikula(a)intel.com> drm/probe-helper: warn about negative .get_modes() Harald Freudenberger <freude(a)linux.ibm.com> s390/zcrypt: fix reference counting on zcrypt card objects Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Use raw spinlock for cgr_lock Sean Anderson <sean.anderson(a)linux.dev> soc: fsl: qbman: Always disable interrupts when taking cgr_lock Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix full_waiters_pending in poll Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix resetting of shortest_full Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Do not set shortest_full when full target is hit Steven Rostedt (Google) <rostedt(a)goodmis.org> ring-buffer: Fix waking up ring buffer readers Marios Makassikis <mmakassikis(a)freebox.fr> ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Alex Williamson <alex.williamson(a)redhat.com> vfio/platform: Disable virqfds on cleanup Alex Williamson <alex.williamson(a)redhat.com> vfio/pci: Lock external INTx masking ops Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Remove negative check on unsigned vector Reinette Chatre <reinette.chatre(a)intel.com> vfio/pci: Consolidate irq cleanup on MSI/MSI-X disable Jason Gunthorpe <jgg(a)ziepe.ca> vfio: Use GFP_KERNEL_ACCOUNT for userspace persistent allocations Michael Kelley <mhklinux(a)outlook.com> PCI: hv: Fix ring buffer size calculation Niklas Cassel <cassel(a)kernel.org> PCI: dwc: endpoint: Fix advertised resizable BAR size Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Enable BDF to SID translation properly Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom: Rename qcom_pcie_config_sid_sm8250() to reflect IP version Nathan Chancellor <nathan(a)kernel.org> kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Sam Ravnborg <sam(a)ravnborg.org> sparc32: Fix parport build with sparc32 Rob Herring <robh(a)kernel.org> sparc: Explicitly include correct DT includes Jens Axboe <axboe(a)kernel.dk> io_uring/net: correctly handle multishot recvmsg retry setup Stanislaw Gruszka <stanislaw.gruszka(a)linux.intel.com> PCI/AER: Block runtime suspend when handling errors Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Fix 8bit characters from direct synth Wayne Chang <waynec(a)nvidia.com> usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Add API to retrieve the port number of phy Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> slimbus: core: Remove usage of the deprecated ida_simple_xx() API Jerome Brunet <jbrunet(a)baylibre.com> nvmem: meson-efuse: fix function pointer type mismatch Maximilian Heyne <mheyne(a)amazon.de> ext4: fix corruption during on-line resize Josua Mayer <josua(a)solid-run.com> hwmon: (amc6821) add of_match table Mickaël Salaün <mic(a)digikod.net> landlock: Warn once if a Landlock action is requested while disabled Christian Gmeiner <cgmeiner(a)igalia.com> drm/etnaviv: Restore some id values Dominique Martinet <dominique.martinet(a)atmark-techno.com> mmc: core: Fix switch on gp3 partition Ryan Roberts <ryan.roberts(a)arm.com> mm: swap: fix race between free_swap_and_cache() and swapoff() Huang Ying <ying.huang(a)intel.com> swap: comments get_swap_device() with usage rule Fedor Pchelkin <pchelkin(a)ispras.ru> mac802154: fix llsec key resources release in mac802154_llsec_key_del Nathan Chancellor <nathan(a)kernel.org> powerpc: xor_vmx: Add '-mhard-float' to CFLAGS Yu Kuai <yukuai3(a)huawei.com> dm-raid: fix lockdep waring in "pers->hot_add_disk" Jarred White <jarredwhite(a)linux.microsoft.com> ACPI: CPPC: Use access_width over bit_width for system memory accesses Paul Menzel <pmenzel(a)molgen.mpg.de> PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PCI/PM: Drain runtime-idle callbacks before driver removal Filipe Manana <fdmanana(a)suse.com> btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Qu Wenruo <wqu(a)suse.com> btrfs: qgroup: always free reserved space for extent records Peter Collingbourne <pcc(a)google.com> serial: Lock console when calling into driver before registration Jameson Thies <jthies(a)google.com> usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Miklos Szeredi <mszeredi(a)redhat.com> fuse: don't unhash root Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix root lookup with nonzero generation Wolfram Sang <wsa+renesas(a)sang-engineering.com> mmc: tmio: avoid concurrent runs of mmc_request_done() Qingliang Li <qingliang.li(a)mediatek.com> PM: sleep: wakeirq: fix wake irq warning in system suspend Toru Katagiri <Toru.Katagiri(a)tdk.com> USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M David Woodhouse <dwmw(a)amazon.co.uk> KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Aurélien Jacobs <aurel(a)gnuage.org> USB: serial: option: add MeiG Smart SLM320 product Christian Häggström <christian.haggstrom(a)orexplore.com> USB: serial: cp210x: add ID for MGP Instruments PDS100 Cameron Williams <cang1(a)live.co.uk> USB: serial: add device ID for VeriFone adapter Daniel Vogelbacher <daniel(a)chaospixel.com> USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Michael Ellerman <mpe(a)ellerman.id.au> powerpc/fsl: Fix mfpmr build errors with newer binutils Prashanth K <quic_prashk(a)quicinc.com> usb: xhci: Add error handling in xhci_map_urb_for_dma Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays Gabor Juhos <j4g8y7(a)gmail.com> clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays Maulik Shah <quic_mkshah(a)quicinc.com> PM: suspend: Set mem_sleep_current during kernel command line setup Shivnandan Kumar <quic_kshivnan(a)quicinc.com> cpufreq: Limit resolving a frequency to policy min/max Gui-Dong Han <2045gemini(a)gmail.com> md/raid5: fix atomicity violation in raid5_cache_count Guenter Roeck <linux(a)roeck-us.net> parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 64-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix csum_ipv6_magic on 32-bit systems Guenter Roeck <linux(a)roeck-us.net> parisc: Fix ip_fast_csum John David Anglin <dave.anglin(a)bell.net> parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Guenter Roeck <linux(a)roeck-us.net> parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Arseniy Krasnov <avkrasnov(a)salutedevices.com> mtd: rawnand: meson: fix scrambling mode value in command macro Zhang Yi <yi.zhang(a)huawei.com> ubi: correct the calculation of fastmap size Richard Weinberger <richard(a)nod.at> ubi: Check for too small LEB size in VTBL code Matthew Wilcox (Oracle) <willy(a)infradead.org> ubifs: Set page uptodate in the correct place Jan Kara <jack(a)suse.cz> fat: fix uninitialized field in nostale filehandles Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: support non-power-of-two CONFIG_NR_CPUS Arnd Bergmann <arnd(a)arndb.de> kasan/test: avoid gcc warning for intentional overflow Damien Le Moal <dlemoal(a)kernel.org> block: Clear zone limits for a non-zoned stacked queue Baokun Li <libaokun1(a)huawei.com> ext4: correct best extent lstart adjustment logic SeongJae Park <sj(a)kernel.org> selftests/mqueue: Set timeout to 180 seconds Damian Muszynski <damian.muszynski(a)intel.com> crypto: qat - resolve race condition during AER recovery Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix double free during reset Randy Dunlap <rdunlap(a)infradead.org> sparc: vDSO: fix return value of __setup handler Randy Dunlap <rdunlap(a)infradead.org> sparc64: NMI watchdog: fix return value of __setup handler Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Increase nr_cpu_ids to include the boot CPU Michael Ellerman <mpe(a)ellerman.id.au> powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Tor Vic <torvic9(a)mailbox.org> cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Sean Christopherson <seanjc(a)google.com> KVM: Always flush async #PF workqueue when vCPU is being destroyed Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Expand MUST_CONNECT flag to always require an enabled link Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Rename pad variable to clarify intent Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add num_links flag to media_pad Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix flags handling when creating pad links Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Add local pad to pipeline regardless of the link state Gui-Dong Han <2045gemini(a)gmail.com> media: xc4000: Fix atomicity violation in xc4000_get_frequency Philipp Stanner <pstanner(a)redhat.com> pci_iounmap(): Fix MMIO mapping leak Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: max310x: fix NULL pointer dereference in I2C instantiation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Duje Mihanović <duje.mihanovic(a)skole.hr> arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Roberto Sassu <roberto.sassu(a)huawei.com> smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Roberto Sassu <roberto.sassu(a)huawei.com> smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Amit Pundir <amit.pundir(a)linaro.org> clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Joakim Zhang <joakim.zhang(a)cixtech.com> remoteproc: virtio: Fix wdg cannot recovery remote processor Krishna chaitanya chundru <quic_krichai(a)quicinc.com> arm64: dts: qcom: sc7280: Add additional MSI interrupts Hidenori Kobayashi <hidenorik(a)chromium.org> media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Zheng Wang <zyytlz.wz(a)163.com> wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Thomas Gleixner <tglx(a)linutronix.de> timers: Rename del_timer_sync() to timer_delete_sync() Thomas Gleixner <tglx(a)linutronix.de> timers: Use del_timer_sync() even on UP Thomas Gleixner <tglx(a)linutronix.de> timers: Update kernel-doc for various functions Jim Mattson <jmattson(a)google.com> KVM: x86: Use a switch statement and macros in __feature_translate() Jim Mattson <jmattson(a)google.com> KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Sean Christopherson <seanjc(a)google.com> KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs Borislav Petkov <bp(a)suse.de> x86/bugs: Use sysfs_emit() Kim Phillips <kim.phillips(a)amd.com> x86/cpu: Support AMD Automatic IBRS ------------- Diffstat: Documentation/admin-guide/hw-vuln/spectre.rst | 17 +- Documentation/admin-guide/kernel-parameters.txt | 10 +- .../userspace-api/media/mediactl/media-types.rst | 11 +- Documentation/x86/amd-memory-encryption.rst | 16 +- Makefile | 4 +- arch/arm/boot/dts/mmp2-brownstone.dts | 2 +- arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +- arch/hexagon/kernel/vmlinux.lds.S | 1 + arch/loongarch/include/asm/io.h | 2 + arch/loongarch/include/asm/percpu.h | 7 +- arch/parisc/include/asm/assembly.h | 18 +- arch/parisc/include/asm/checksum.h | 10 +- arch/parisc/kernel/unaligned.c | 27 +-- arch/powerpc/include/asm/reg_fsl_emb.h | 11 +- arch/powerpc/kernel/prom.c | 12 + arch/powerpc/lib/Makefile | 2 +- arch/sparc/crypto/crop_devid.c | 2 +- arch/sparc/include/asm/floppy_32.h | 2 +- arch/sparc/include/asm/floppy_64.h | 2 +- arch/sparc/include/asm/parport.h | 258 +-------------------- arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++ arch/sparc/kernel/apc.c | 2 +- arch/sparc/kernel/auxio_32.c | 1 - arch/sparc/kernel/auxio_64.c | 3 +- arch/sparc/kernel/central.c | 2 +- arch/sparc/kernel/chmc.c | 3 +- arch/sparc/kernel/ioport.c | 2 +- arch/sparc/kernel/leon_kernel.c | 2 - arch/sparc/kernel/leon_pci.c | 3 +- arch/sparc/kernel/leon_pci_grpci1.c | 3 +- arch/sparc/kernel/leon_pci_grpci2.c | 4 +- arch/sparc/kernel/nmi.c | 2 +- arch/sparc/kernel/of_device_32.c | 2 +- arch/sparc/kernel/of_device_64.c | 4 +- arch/sparc/kernel/of_device_common.c | 4 +- arch/sparc/kernel/pci.c | 3 +- arch/sparc/kernel/pci_common.c | 3 +- arch/sparc/kernel/pci_fire.c | 3 +- arch/sparc/kernel/pci_impl.h | 1 - arch/sparc/kernel/pci_msi.c | 2 + arch/sparc/kernel/pci_psycho.c | 4 +- arch/sparc/kernel/pci_sun4v.c | 3 +- arch/sparc/kernel/pmc.c | 2 +- arch/sparc/kernel/power.c | 3 +- arch/sparc/kernel/prom_irqtrans.c | 1 + arch/sparc/kernel/psycho_common.c | 1 + arch/sparc/kernel/sbus.c | 3 +- arch/sparc/kernel/time_32.c | 1 - arch/sparc/mm/io-unit.c | 3 +- arch/sparc/mm/iommu.c | 5 +- arch/sparc/vdso/vma.c | 7 +- arch/x86/Kconfig | 13 -- arch/x86/boot/compressed/efi_mixed.S | 29 ++- arch/x86/coco/core.c | 20 +- arch/x86/coco/tdx/tdx.c | 2 +- arch/x86/include/asm/asm.h | 14 ++ arch/x86/include/asm/coco.h | 10 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/mem_encrypt.h | 15 +- arch/x86/include/asm/msr-index.h | 2 + arch/x86/include/asm/sev.h | 4 +- arch/x86/include/asm/suspend_32.h | 10 +- arch/x86/include/asm/x86_init.h | 3 +- arch/x86/kernel/cpu/amd.c | 10 +- arch/x86/kernel/cpu/bugs.c | 138 +++++------ arch/x86/kernel/cpu/common.c | 19 +- arch/x86/kernel/cpu/mshyperv.c | 2 +- arch/x86/kernel/eisa.c | 3 +- arch/x86/kernel/fpu/xstate.c | 5 +- arch/x86/kernel/fpu/xstate.h | 14 +- arch/x86/kernel/kprobes/core.c | 11 +- arch/x86/kernel/probe_roms.c | 10 - arch/x86/kernel/setup.c | 3 +- arch/x86/kernel/sev-shared.c | 12 +- arch/x86/kernel/sev.c | 31 ++- arch/x86/kernel/x86_init.c | 2 + arch/x86/kvm/cpuid.c | 29 ++- arch/x86/kvm/lapic.c | 5 +- arch/x86/kvm/reverse_cpuid.h | 42 +++- arch/x86/kvm/svm/sev.c | 18 +- arch/x86/kvm/x86.c | 10 + arch/x86/kvm/xen.c | 2 +- arch/x86/kvm/xen.h | 18 ++ arch/x86/mm/mem_encrypt_amd.c | 18 ++ arch/x86/mm/mem_encrypt_identity.c | 38 ++- block/bio.c | 11 +- block/blk-mq.c | 33 ++- block/blk-settings.c | 4 + block/mq-deadline.c | 3 +- drivers/accessibility/speakup/synth.c | 4 +- drivers/acpi/cppc_acpi.c | 31 ++- drivers/ata/ahci.c | 5 - drivers/ata/libata-eh.c | 5 +- drivers/ata/libata-scsi.c | 9 + drivers/base/power/wakeirq.c | 4 +- drivers/clk/qcom/gcc-ipq6018.c | 2 + drivers/clk/qcom/gcc-ipq8074.c | 2 + drivers/clk/qcom/gcc-sdm845.c | 1 + drivers/clk/qcom/mmcc-apq8084.c | 2 + drivers/clk/qcom/mmcc-msm8974.c | 2 + drivers/clocksource/arm_global_timer.c | 2 +- drivers/cpufreq/amd-pstate.c | 2 +- drivers/cpufreq/brcmstb-avs-cpufreq.c | 5 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/crypto/qat/qat_common/adf_aer.c | 23 +- drivers/firmware/efi/efi.c | 2 + drivers/firmware/efi/libstub/randomalloc.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +- drivers/gpu/drm/drm_panel.c | 17 +- drivers/gpu/drm/drm_probe_helper.c | 7 + drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +- drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +- drivers/gpu/drm/i915/display/intel_bios.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 + drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 - .../gpu/drm/i915/gt/intel_execlists_submission.c | 3 + drivers/gpu/drm/imx/parallel-display.c | 4 +- drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +- drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +- drivers/hwmon/amc6821.c | 11 + drivers/i2c/busses/i2c-i801.c | 4 +- drivers/iio/accel/adxl367.c | 8 +- drivers/iio/accel/adxl367_i2c.c | 2 +- drivers/iommu/dma-iommu.c | 9 + drivers/iommu/iommu.c | 3 + drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++--- drivers/md/dm-raid.c | 2 + drivers/md/dm-snap.c | 4 +- drivers/md/raid5.c | 14 +- drivers/media/mc/mc-entity.c | 93 ++++++-- drivers/media/tuners/xc4000.c | 4 +- drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +- drivers/misc/mei/hw-me-regs.h | 2 + drivers/misc/mei/pci-me.c | 2 + drivers/mmc/core/block.c | 14 +- drivers/mmc/host/sdhci-omap.c | 3 + drivers/mmc/host/tmio_mmc_core.c | 2 + drivers/mtd/nand/raw/meson_nand.c | 2 +- drivers/mtd/ubi/fastmap.c | 7 +- drivers/mtd/ubi/vtbl.c | 6 + .../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +- drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +- drivers/net/wireguard/netlink.c | 10 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 4 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +- drivers/nvmem/meson-efuse.c | 25 +- drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +- drivers/pci/controller/dwc/pcie-qcom.c | 153 ++++++------ drivers/pci/controller/pci-hyperv.c | 3 +- drivers/pci/pci-driver.c | 7 + drivers/pci/pcie/err.c | 20 ++ drivers/pci/quirks.c | 2 + drivers/phy/tegra/xusb.c | 13 ++ drivers/platform/x86/p2sb.c | 23 +- drivers/pwm/pwm-img.c | 4 +- drivers/remoteproc/remoteproc_virtio.c | 6 +- drivers/s390/crypto/zcrypt_api.c | 2 + drivers/scsi/hosts.c | 7 +- drivers/scsi/libsas/sas_expander.c | 51 ++-- drivers/scsi/lpfc/lpfc_bsg.c | 4 +- drivers/scsi/lpfc/lpfc_nvmet.c | 2 +- drivers/scsi/qla2xxx/qla_attr.c | 14 +- drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_gbl.h | 2 +- drivers/scsi/qla2xxx/qla_init.c | 128 +++++----- drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++-- drivers/scsi/qla2xxx/qla_mbx.c | 2 +- drivers/scsi/qla2xxx/qla_os.c | 2 +- drivers/scsi/qla2xxx/qla_target.c | 10 + drivers/scsi/scsi_scan.c | 34 +++ drivers/scsi/sd.c | 25 +- drivers/slimbus/core.c | 4 +- drivers/soc/fsl/qbman/qman.c | 25 +- drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +- .../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +- drivers/tee/optee/device.c | 3 +- drivers/thermal/devfreq_cooling.c | 2 +- drivers/tty/serial/8250/8250_dw.c | 6 +- drivers/tty/serial/8250/8250_port.c | 6 - drivers/tty/serial/fsl_lpuart.c | 7 +- drivers/tty/serial/imx.c | 22 +- drivers/tty/serial/max310x.c | 7 +- drivers/tty/serial/serial_core.c | 12 + drivers/tty/vt/vt.c | 2 +- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/hub.c | 23 +- drivers/usb/core/hub.h | 2 + drivers/usb/core/port.c | 43 +++- drivers/usb/core/sysfs.c | 16 +- drivers/usb/dwc2/core.h | 14 ++ drivers/usb/dwc2/core_intr.c | 72 ++++-- drivers/usb/dwc2/gadget.c | 10 + drivers/usb/dwc2/hcd.c | 49 +++- drivers/usb/dwc2/hcd_ddma.c | 17 +- drivers/usb/dwc2/hw.h | 2 +- drivers/usb/dwc2/platform.c | 2 +- drivers/usb/dwc3/dwc3-am62.c | 90 ++++--- drivers/usb/gadget/function/f_ncm.c | 2 +- drivers/usb/gadget/udc/core.c | 4 +- drivers/usb/gadget/udc/tegra-xudc.c | 39 ++-- drivers/usb/host/xhci.c | 2 + drivers/usb/phy/phy-generic.c | 7 - drivers/usb/serial/cp210x.c | 4 + drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 6 + drivers/usb/serial/option.c | 6 + drivers/usb/storage/isd200.c | 23 +- drivers/usb/storage/uas.c | 28 ++- drivers/usb/typec/class.c | 7 +- drivers/usb/typec/ucsi/ucsi.c | 56 ++++- drivers/usb/typec/ucsi/ucsi.h | 4 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++--- drivers/vfio/container.c | 2 +- drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +- drivers/vfio/pci/vfio_pci_config.c | 6 +- drivers/vfio/pci/vfio_pci_core.c | 7 +- drivers/vfio/pci/vfio_pci_igd.c | 2 +- drivers/vfio/pci/vfio_pci_intrs.c | 218 ++++++++++------- drivers/vfio/pci/vfio_pci_rdwr.c | 2 +- drivers/vfio/platform/vfio_platform_irq.c | 106 ++++++--- drivers/vfio/virqfd.c | 23 +- fs/aio.c | 8 +- fs/btrfs/block-group.c | 3 +- fs/btrfs/qgroup.c | 10 +- fs/btrfs/scrub.c | 12 +- fs/btrfs/volumes.c | 2 +- fs/exec.c | 1 + fs/ext4/mballoc.c | 17 +- fs/ext4/resize.c | 3 +- fs/f2fs/f2fs.h | 1 + fs/f2fs/segment.c | 4 +- fs/fat/nfs.c | 6 + fs/fuse/dir.c | 4 + fs/fuse/fuse_i.h | 1 - fs/fuse/inode.c | 7 +- fs/nfs/direct.c | 11 +- fs/nfs/write.c | 2 +- fs/nfsd/trace.h | 2 +- fs/nilfs2/btree.c | 9 +- fs/nilfs2/direct.c | 9 +- fs/nilfs2/inode.c | 2 +- fs/smb/client/cached_dir.c | 3 +- fs/smb/server/smb2pdu.c | 10 +- fs/ubifs/file.c | 13 +- include/drm/drm_modeset_helper_vtables.h | 3 +- include/linux/cpufreq.h | 15 +- include/linux/gfp.h | 9 + include/linux/hyperv.h | 22 +- include/linux/libata.h | 1 + include/linux/minmax.h | 17 ++ include/linux/nfs_fs.h | 1 + include/linux/phy/tegra/xusb.h | 1 + include/linux/ring_buffer.h | 1 + include/linux/timer.h | 18 +- include/linux/vfio.h | 2 + include/media/media-entity.h | 2 + include/net/cfg802154.h | 1 + include/scsi/scsi_driver.h | 1 + include/scsi/scsi_host.h | 1 + init/Kconfig | 6 +- init/initramfs.c | 2 +- io_uring/net.c | 3 +- kernel/bounds.c | 2 +- kernel/dma/swiotlb.c | 11 +- kernel/entry/common.c | 8 +- kernel/power/suspend.c | 1 + kernel/printk/printk.c | 27 ++- kernel/time/timer.c | 160 +++++++------ kernel/trace/ring_buffer.c | 233 +++++++++++-------- kernel/trace/trace.c | 21 +- lib/pci_iomap.c | 2 +- mm/compaction.c | 7 +- mm/kasan/kasan_test.c | 3 +- mm/memtest.c | 4 +- mm/migrate.c | 6 +- mm/page_alloc.c | 10 +- mm/swapfile.c | 25 +- mm/vmscan.c | 5 +- net/bluetooth/hci_core.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/mac80211/cfg.c | 5 +- net/mac802154/llsec.c | 18 +- net/netfilter/nf_tables_api.c | 7 + net/tls/tls_sw.c | 60 +++-- net/xfrm/xfrm_user.c | 3 + scripts/Makefile.extrawarn | 2 + security/landlock/syscalls.c | 18 +- security/smack/smack_lsm.c | 12 +- sound/pci/hda/patch_realtek.c | 13 +- sound/sh/aica.c | 17 +- sound/soc/amd/yc/acp6x-mach.c | 7 - tools/include/linux/btf_ids.h | 2 + tools/testing/selftests/mqueue/setting | 1 + tools/testing/selftests/net/mptcp/diag.sh | 6 +- virt/kvm/async_pf.c | 31 ++- 305 files changed, 3011 insertions(+), 1673 deletions(-)

11 months, 3 weeks

16
293
0 0

FAILED: patch "[PATCH] rust: macros: fix soundness issue in `module!` macro" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7044dcff8301b29269016ebd17df27c4736140d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024042940-plod-embellish-5a76@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 7044dcff8301 ("rust: macros: fix soundness issue in `module!` macro") 1b6170ff7a20 ("rust: module: place generated init_module() function in .init.text") 41bdc6decda0 ("btf, scripts: rust: drop is_rust_module.sh") 310897659cf0 ("Merge tag 'rust-6.4' of https://github.com/Rust-for-Linux/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7044dcff8301b29269016ebd17df27c4736140d2 Mon Sep 17 00:00:00 2001 From: Benno Lossin <benno.lossin(a)proton.me> Date: Mon, 1 Apr 2024 18:52:50 +0000 Subject: [PATCH] rust: macros: fix soundness issue in `module!` macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `module!` macro creates glue code that are called by C to initialize the Rust modules using the `Module::init` function. Part of this glue code are the local functions `__init` and `__exit` that are used to initialize/destroy the Rust module. These functions are safe and also visible to the Rust mod in which the `module!` macro is invoked. This means that they can be called by other safe Rust code. But since they contain `unsafe` blocks that rely on only being called at the right time, this is a soundness issue. Wrap these generated functions inside of two private modules, this guarantees that the public functions cannot be called from the outside. Make the safe functions `unsafe` and add SAFETY comments. Cc: stable(a)vger.kernel.org Reported-by: Björn Roy Baron <bjorn3_gh(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/629 Fixes: 1fbde52bde73 ("rust: add `macros` crate") Signed-off-by: Benno Lossin <benno.lossin(a)proton.me> Reviewed-by: Wedson Almeida Filho <walmeida(a)microsoft.com> Link: https://lore.kernel.org/r/20240401185222.12015-1-benno.lossin@proton.me [ Moved `THIS_MODULE` out of the private-in-private modules since it should remain public, as Dirk Behme noticed [1]. Capitalized comments, avoided newline in non-list SAFETY comments and reworded to add Reported-by and newline. ] Link: https://rust-for-linux.zulipchat.com/#narrow/stream/291565-Help/topic/x/nea… [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/macros/module.rs b/rust/macros/module.rs index 27979e582e4b..acd0393b5095 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -199,17 +199,6 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { /// Used by the printing macros, e.g. [`info!`]. const __LOG_PREFIX: &[u8] = b\"{name}\\0\"; - /// The \"Rust loadable module\" mark. - // - // This may be best done another way later on, e.g. as a new modinfo - // key or a new section. For the moment, keep it simple. - #[cfg(MODULE)] - #[doc(hidden)] - #[used] - static __IS_RUST_MODULE: () = (); - - static mut __MOD: Option<{type_}> = None; - // SAFETY: `__this_module` is constructed by the kernel at load time and will not be // freed until the module is unloaded. #[cfg(MODULE)] @@ -221,81 +210,132 @@ pub(crate) fn module(ts: TokenStream) -> TokenStream { kernel::ThisModule::from_ptr(core::ptr::null_mut()) }}; - // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. - /// # Safety - /// - /// This function must not be called after module initialization, because it may be - /// freed after that completes. - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - #[link_section = \".init.text\"] - pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ - __init() - }} + // Double nested modules, since then nobody can access the public items inside. + mod __module_init {{ + mod __module_init {{ + use super::super::{type_}; - #[cfg(MODULE)] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn cleanup_module() {{ - __exit() - }} + /// The \"Rust loadable module\" mark. + // + // This may be best done another way later on, e.g. as a new modinfo + // key or a new section. For the moment, keep it simple. + #[cfg(MODULE)] + #[doc(hidden)] + #[used] + static __IS_RUST_MODULE: () = (); - // Built-in modules are initialized through an initcall pointer - // and the identifiers need to be unique. - #[cfg(not(MODULE))] - #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] - #[doc(hidden)] - #[link_section = \"{initcall_section}\"] - #[used] - pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; + static mut __MOD: Option<{type_}> = None; - #[cfg(not(MODULE))] - #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] - core::arch::global_asm!( - r#\".section \"{initcall_section}\", \"a\" - __{name}_initcall: - .long __{name}_init - . - .previous - \"# - ); + // Loadable modules need to export the `{{init,cleanup}}_module` identifiers. + /// # Safety + /// + /// This function must not be called after module initialization, because it may be + /// freed after that completes. + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + #[link_section = \".init.text\"] + pub unsafe extern \"C\" fn init_module() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name. + unsafe {{ __init() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ - __init() - }} + #[cfg(MODULE)] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn cleanup_module() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `init_module` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} - #[cfg(not(MODULE))] - #[doc(hidden)] - #[no_mangle] - pub extern \"C\" fn __{name}_exit() {{ - __exit() - }} + // Built-in modules are initialized through an initcall pointer + // and the identifiers need to be unique. + #[cfg(not(MODULE))] + #[cfg(not(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS))] + #[doc(hidden)] + #[link_section = \"{initcall_section}\"] + #[used] + pub static __{name}_initcall: extern \"C\" fn() -> core::ffi::c_int = __{name}_init; - fn __init() -> core::ffi::c_int {{ - match <{type_} as kernel::Module>::init(&THIS_MODULE) {{ - Ok(m) => {{ - unsafe {{ - __MOD = Some(m); + #[cfg(not(MODULE))] + #[cfg(CONFIG_HAVE_ARCH_PREL32_RELOCATIONS)] + core::arch::global_asm!( + r#\".section \"{initcall_section}\", \"a\" + __{name}_initcall: + .long __{name}_init - . + .previous + \"# + ); + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_init() -> core::ffi::c_int {{ + // SAFETY: This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // placement above in the initcall section. + unsafe {{ __init() }} + }} + + #[cfg(not(MODULE))] + #[doc(hidden)] + #[no_mangle] + pub extern \"C\" fn __{name}_exit() {{ + // SAFETY: + // - This function is inaccessible to the outside due to the double + // module wrapping it. It is called exactly once by the C side via its + // unique name, + // - furthermore it is only called after `__{name}_init` has returned `0` + // (which delegates to `__init`). + unsafe {{ __exit() }} + }} + + /// # Safety + /// + /// This function must only be called once. + unsafe fn __init() -> core::ffi::c_int {{ + match <{type_} as kernel::Module>::init(&super::super::THIS_MODULE) {{ + Ok(m) => {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this + // module and there only `__init` and `__exit` access it. These + // functions are only called once and `__exit` cannot be called + // before or during `__init`. + unsafe {{ + __MOD = Some(m); + }} + return 0; + }} + Err(e) => {{ + return e.to_errno(); + }} }} - return 0; }} - Err(e) => {{ - return e.to_errno(); + + /// # Safety + /// + /// This function must + /// - only be called once, + /// - be called after `__init` has been called and returned `0`. + unsafe fn __exit() {{ + // SAFETY: No data race, since `__MOD` can only be accessed by this module + // and there only `__init` and `__exit` access it. These functions are only + // called once and `__init` was already called. + unsafe {{ + // Invokes `drop()` on `__MOD`, which should be used for cleanup. + __MOD = None; + }} }} + + {modinfo} }} }} - - fn __exit() {{ - unsafe {{ - // Invokes `drop()` on `__MOD`, which should be used for cleanup. - __MOD = None; - }} - }} - - {modinfo} ", type_ = info.type_, name = info.name,

11 months, 3 weeks

4
4
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

11 months, 3 weeks

2
1
0 0

[PATCH 02/10] drm/mgag200: Bind I2C lifetime to DRM device

by Thomas Zimmermann

Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: b279df242972 ("drm/mgag200: Switch I2C code to managed cleanup") Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.0+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 1029fef590f9b..4caeb68f3010c 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -31,6 +31,8 @@ #include <linux/i2c.h> #include <linux/pci.h> +#include <drm/drm_managed.h> + #include "mgag200_drv.h" static int mga_i2c_read_gpio(struct mga_device *mdev) @@ -86,7 +88,7 @@ static int mga_gpio_getscl(void *data) return (mga_i2c_read_gpio(mdev) & i2c->clock) ? 1 : 0; } -static void mgag200_i2c_release(void *res) +static void mgag200_i2c_release(struct drm_device *dev, void *res) { struct mga_i2c_chan *i2c = res; @@ -125,5 +127,5 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) if (ret) return ret; - return devm_add_action_or_reset(dev->dev, mgag200_i2c_release, i2c); + return drmm_add_action_or_reset(dev, mgag200_i2c_release, i2c); } -- 2.45.0

11 months, 3 weeks

1
0
0 0

[PATCH 01/10] drm/mgag200: Set DDC timeout in milliseconds

by Thomas Zimmermann

Compute the i2c timeout in jiffies from a value in milliseconds. The original values of 2 jiffies equals 2 milliseconds if HZ has been configured to a value of 1000. This corresponds to 2.2 milliseconds used by most other DRM drivers. Update mgag200 accordingly. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: 414c45310625 ("mgag200: initial g200se driver (v2)") Cc: Dave Airlie <airlied(a)redhat.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Jocelyn Falempe <jfalempe(a)redhat.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v3.5+ --- drivers/gpu/drm/mgag200/mgag200_i2c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/mgag200/mgag200_i2c.c b/drivers/gpu/drm/mgag200/mgag200_i2c.c index 423eb302be7eb..1029fef590f9b 100644 --- a/drivers/gpu/drm/mgag200/mgag200_i2c.c +++ b/drivers/gpu/drm/mgag200/mgag200_i2c.c @@ -114,7 +114,7 @@ int mgag200_i2c_init(struct mga_device *mdev, struct mga_i2c_chan *i2c) i2c->adapter.algo_data = &i2c->bit; i2c->bit.udelay = 10; - i2c->bit.timeout = 2; + i2c->bit.timeout = usecs_to_jiffies(2200); i2c->bit.data = i2c; i2c->bit.setsda = mga_gpio_setsda; i2c->bit.setscl = mga_gpio_setscl; -- 2.45.0

11 months, 3 weeks

1
0
0 0

[PATCH] regulator: core: fix debugfs creation regression

by Johan Hovold

regulator_get() may sometimes be called more than once for the same consumer device, something which before commit dbe954d8f163 ("regulator: core: Avoid debugfs: Directory ... already present! error") resulted in errors being logged. A couple of recent commits broke the handling of such cases so that attributes are now erroneously created in the debugfs root directory the second time a regulator is requested and the log is filled with errors like: debugfs: File 'uA_load' in directory '/' already present! debugfs: File 'min_uV' in directory '/' already present! debugfs: File 'max_uV' in directory '/' already present! debugfs: File 'constraint_flags' in directory '/' already present! on any further calls. Fixes: 2715bb11cfff ("regulator: core: Fix more error checking for debugfs_create_dir()") Fixes: 08880713ceec ("regulator: core: Streamline debugfs operations") Cc: stable(a)vger.kernel.org Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/regulator/core.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c index dabac9772741..2c33653ffdea 100644 --- a/drivers/regulator/core.c +++ b/drivers/regulator/core.c @@ -1911,19 +1911,24 @@ static struct regulator *create_regulator(struct regulator_dev *rdev, } } - if (err != -EEXIST) + if (err != -EEXIST) { regulator->debugfs = debugfs_create_dir(supply_name, rdev->debugfs); - if (IS_ERR(regulator->debugfs)) - rdev_dbg(rdev, "Failed to create debugfs directory\n"); + if (IS_ERR(regulator->debugfs)) { + rdev_dbg(rdev, "Failed to create debugfs directory\n"); + regulator->debugfs = NULL; + } + } - debugfs_create_u32("uA_load", 0444, regulator->debugfs, - &regulator->uA_load); - debugfs_create_u32("min_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].min_uV); - debugfs_create_u32("max_uV", 0444, regulator->debugfs, - &regulator->voltage[PM_SUSPEND_ON].max_uV); - debugfs_create_file("constraint_flags", 0444, regulator->debugfs, - regulator, &constraint_flags_fops); + if (regulator->debugfs) { + debugfs_create_u32("uA_load", 0444, regulator->debugfs, + &regulator->uA_load); + debugfs_create_u32("min_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].min_uV); + debugfs_create_u32("max_uV", 0444, regulator->debugfs, + &regulator->voltage[PM_SUSPEND_ON].max_uV); + debugfs_create_file("constraint_flags", 0444, regulator->debugfs, + regulator, &constraint_flags_fops); + } /* * Check now if the regulator is an always on regulator - if -- 2.43.2

11 months, 3 weeks

3
2
0 0

Re: Patch "Bluetooth: qca: fix invalid device address check" has been added to the 6.8-stable tree

by Johan Hovold

Hi Sasha, On Fri, May 03, 2024 at 12:38:51PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: qca: fix invalid device address check > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-qca-fix-invalid-device-address-check.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this one temporarily from all stable queues as it needs to be backported together with some follow-up fixes that are on their way into mainline. > commit 2179ab410adb7c29e2feed5d1c15138e23b5e76e > Author: Johan Hovold <johan+linaro(a)kernel.org> > Date: Tue Apr 16 11:15:09 2024 +0200 > > Bluetooth: qca: fix invalid device address check > > [ Upstream commit 32868e126c78876a8a5ddfcb6ac8cb2fffcf4d27 ] Johan

11 months, 3 weeks

3
3
0 0

Re: [Regression] 6.9.0: WARNING: workqueue: WQ_MEM_RECLAIM ttm:ttm_bo_delayed_delete [ttm] is flushing !WQ_MEM_RECLAIM events:qxl_gc_work [qxl]

by Anders Blomdell

On 2024-05-07 07:04, Linux regression tracking (Thorsten Leemhuis) wrote: > > > On 06.05.24 16:30, David Wang wrote: >>> On 30.04.24 08:13, David Wang wrote: > >>> And confirmed that the warning is caused by >>> 07ed11afb68d94eadd4ffc082b97c2331307c5ea and reverting it can fix. >> >> The kernel warning still shows up in 6.9.0-rc7. >> (I think 4 high load processes on a 2-Core VM could easily trigger the kernel warning.) > > Thx for the report. Linus just reverted the commit 07ed11afb68 you > mentioned in your initial mail (I put that quote in again, see above): > > 3628e0383dd349 ("Reapply "drm/qxl: simplify qxl_fence_wait"") > https://git.kernel.org/torvalds/c/3628e0383dd349f02f882e612ab6184e4bb3dc10 > > So this hopefully should be history now. > > Ciao, Thorsten > Since this affects the 6.8 series (6.8.7 and onwards), I made a CC to stable(a)vger.kernel.org /Anders

11 months, 3 weeks

3
2
0 0

FAILED: patch "[PATCH] drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d3a9331a6591e9df64791e076f6591f440af51c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024051312-abide-backlit-0647@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: d3a9331a6591 ("drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2") 94aeb4117343 ("drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap") 63af82cf5e36 ("drm/amdgpu: audit bo->resource usage") 32f90e652519 ("drm/amdgpu: prevent memory wipe in suspend/shutdown stage") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d3a9331a6591e9df64791e076f6591f440af51c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20K=C3=B6nig?= <christian.koenig(a)amd.com> Date: Thu, 21 Mar 2024 11:32:02 +0100 Subject: [PATCH] drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. The basic problem here is that after the move the old location is simply not available any more. Some fixes were suggested, but essentially we should call the move notification before actually moving things because only this way we have the correct order for DMA-buf and VM move notifications as well. Also rework the statistic handling so that we don't update the eviction counter before the move. v2: add missing NULL check Signed-off-by: Christian König <christian.koenig(a)amd.com> Fixes: 94aeb4117343 ("drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3171 Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> CC: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c index ce733e3cb35d..f6d503432a9e 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.c @@ -1243,14 +1243,18 @@ int amdgpu_bo_get_metadata(struct amdgpu_bo *bo, void *buffer, * amdgpu_bo_move_notify - notification about a memory move * @bo: pointer to a buffer object * @evict: if this move is evicting the buffer from the graphics address space + * @new_mem: new resource for backing the BO * * Marks the corresponding &amdgpu_bo buffer object as invalid, also performs * bookkeeping. * TTM driver callback which is called when ttm moves a buffer. */ -void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict) +void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, + bool evict, + struct ttm_resource *new_mem) { struct amdgpu_device *adev = amdgpu_ttm_adev(bo->bdev); + struct ttm_resource *old_mem = bo->resource; struct amdgpu_bo *abo; if (!amdgpu_bo_is_amdgpu_bo(bo)) @@ -1262,12 +1266,12 @@ void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict) amdgpu_bo_kunmap(abo); if (abo->tbo.base.dma_buf && !abo->tbo.base.import_attach && - bo->resource->mem_type != TTM_PL_SYSTEM) + old_mem && old_mem->mem_type != TTM_PL_SYSTEM) dma_buf_move_notify(abo->tbo.base.dma_buf); - /* remember the eviction */ - if (evict) - atomic64_inc(&adev->num_evictions); + /* move_notify is called before move happens */ + trace_amdgpu_bo_move(abo, new_mem ? new_mem->mem_type : -1, + old_mem ? old_mem->mem_type : -1); } void amdgpu_bo_get_memory(struct amdgpu_bo *bo, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h index fa03d9e4874c..bc42ccbde659 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_object.h @@ -328,7 +328,9 @@ int amdgpu_bo_set_metadata (struct amdgpu_bo *bo, void *metadata, int amdgpu_bo_get_metadata(struct amdgpu_bo *bo, void *buffer, size_t buffer_size, uint32_t *metadata_size, uint64_t *flags); -void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, bool evict); +void amdgpu_bo_move_notify(struct ttm_buffer_object *bo, + bool evict, + struct ttm_resource *new_mem); void amdgpu_bo_release_notify(struct ttm_buffer_object *bo); vm_fault_t amdgpu_bo_fault_reserve_notify(struct ttm_buffer_object *bo); void amdgpu_bo_fence(struct amdgpu_bo *bo, struct dma_fence *fence, diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c index 1d71729e3f6b..4ffee5545265 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c @@ -481,14 +481,16 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, if (!old_mem || (old_mem->mem_type == TTM_PL_SYSTEM && bo->ttm == NULL)) { + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if (old_mem->mem_type == TTM_PL_SYSTEM && (new_mem->mem_type == TTM_PL_TT || new_mem->mem_type == AMDGPU_PL_PREEMPT)) { + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if ((old_mem->mem_type == TTM_PL_TT || old_mem->mem_type == AMDGPU_PL_PREEMPT) && @@ -498,9 +500,10 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, return r; amdgpu_ttm_backend_unbind(bo->bdev, bo->ttm); + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_resource_free(bo, &bo->resource); ttm_bo_assign_mem(bo, new_mem); - goto out; + return 0; } if (old_mem->mem_type == AMDGPU_PL_GDS || @@ -512,8 +515,9 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, new_mem->mem_type == AMDGPU_PL_OA || new_mem->mem_type == AMDGPU_PL_DOORBELL) { /* Nothing to save here */ + amdgpu_bo_move_notify(bo, evict, new_mem); ttm_bo_move_null(bo, new_mem); - goto out; + return 0; } if (bo->type == ttm_bo_type_device && @@ -525,23 +529,24 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, abo->flags &= ~AMDGPU_GEM_CREATE_CPU_ACCESS_REQUIRED; } - if (adev->mman.buffer_funcs_enabled) { - if (((old_mem->mem_type == TTM_PL_SYSTEM && - new_mem->mem_type == TTM_PL_VRAM) || - (old_mem->mem_type == TTM_PL_VRAM && - new_mem->mem_type == TTM_PL_SYSTEM))) { - hop->fpfn = 0; - hop->lpfn = 0; - hop->mem_type = TTM_PL_TT; - hop->flags = TTM_PL_FLAG_TEMPORARY; - return -EMULTIHOP; - } - - r = amdgpu_move_blit(bo, evict, new_mem, old_mem); - } else { - r = -ENODEV; + if (adev->mman.buffer_funcs_enabled && + ((old_mem->mem_type == TTM_PL_SYSTEM && + new_mem->mem_type == TTM_PL_VRAM) || + (old_mem->mem_type == TTM_PL_VRAM && + new_mem->mem_type == TTM_PL_SYSTEM))) { + hop->fpfn = 0; + hop->lpfn = 0; + hop->mem_type = TTM_PL_TT; + hop->flags = TTM_PL_FLAG_TEMPORARY; + return -EMULTIHOP; } + amdgpu_bo_move_notify(bo, evict, new_mem); + if (adev->mman.buffer_funcs_enabled) + r = amdgpu_move_blit(bo, evict, new_mem, old_mem); + else + r = -ENODEV; + if (r) { /* Check that all memory is CPU accessible */ if (!amdgpu_res_copyable(adev, old_mem) || @@ -555,11 +560,10 @@ static int amdgpu_bo_move(struct ttm_buffer_object *bo, bool evict, return r; } - trace_amdgpu_bo_move(abo, new_mem->mem_type, old_mem->mem_type); -out: - /* update statistics */ + /* update statistics after the move */ + if (evict) + atomic64_inc(&adev->num_evictions); atomic64_add(bo->base.size, &adev->num_bytes_moved); - amdgpu_bo_move_notify(bo, evict); return 0; } @@ -1559,7 +1563,7 @@ static int amdgpu_ttm_access_memory(struct ttm_buffer_object *bo, static void amdgpu_bo_delete_mem_notify(struct ttm_buffer_object *bo) { - amdgpu_bo_move_notify(bo, false); + amdgpu_bo_move_notify(bo, false, NULL); } static struct ttm_device_funcs amdgpu_bo_driver = {

11 months, 3 weeks

1
0
0 0

Re: Patch "usb: typec: ucsi: Limit read size on v1.2" has been added to the 6.1-stable tree

by Greg Kroah-Hartman

On Thu, May 09, 2024 at 01:36:33PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > usb: typec: ucsi: Limit read size on v1.2 > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > usb-typec-ucsi-limit-read-size-on-v1.2.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This breaks the build on 6.1 kernels, so I'm dropping it for now. thanks, greg k-h

11 months, 3 weeks

1
0
0 0

Re: Patch "x86/xen: attempt to inflate the memory balloon on PVH" has been added to the 6.1-stable tree

by Greg KH

On Thu, May 09, 2024 at 01:36:36PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > x86/xen: attempt to inflate the memory balloon on PVH > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > x86-xen-attempt-to-inflate-the-memory-balloon-on-pvh.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This breaks the build on 6.1.y kernels: In file included from ./include/linux/ioport.h:15, from ./include/linux/acpi.h:12, from arch/x86/xen/enlighten_pvh.c:2: arch/x86/xen/enlighten_pvh.c: In function ‘xen_reserve_extra_memory’: ./include/linux/minmax.h:20:35: error: comparison of distinct pointer types lacks a cast [-Werror] 20 | (!!(sizeof((typeof(x) *)1 == (typeof(y) *)1))) | ^~ ./include/linux/minmax.h:26:18: note: in expansion of macro ‘__typecheck’ 26 | (__typecheck(x, y) && __no_side_effects(x, y)) | ^~~~~~~~~~~ ./include/linux/minmax.h:36:31: note: in expansion of macro ‘__safe_cmp’ 36 | __builtin_choose_expr(__safe_cmp(x, y), \ | ^~~~~~~~~~ ./include/linux/minmax.h:45:25: note: in expansion of macro ‘__careful_cmp’ 45 | #define min(x, y) __careful_cmp(x, y, <) | ^~~~~~~~~~~~~ arch/x86/xen/enlighten_pvh.c:117:25: note: in expansion of macro ‘min’ 117 | pages = min(extra_pages, | ^~~ cc1: all warnings being treated as errors So I'm dropping it for now. thanks, greg k-h

11 months, 3 weeks

1
0
0 0

[PATCH AUTOSEL 6.1 01/25] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index 094445036c20f..d6ef8e850412b 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

11 months, 3 weeks

4
30
0 0

[PATCHv4 2/4] x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup()

by Kirill A. Shutemov

Rename tdx_parse_tdinfo() to tdx_setup() and move setting NOTIFY_ENABLES there. The function will be extended to adjust TD configuration. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 4bb786dcd6b4..1ff571cb9177 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -179,7 +179,7 @@ static void __noreturn tdx_panic(const char *msg) __tdx_hypercall(&args); } -static void tdx_parse_tdinfo(u64 *cc_mask) +static void tdx_setup(u64 *cc_mask) { struct tdx_module_args args = {}; unsigned int gpa_width; @@ -204,6 +204,9 @@ static void tdx_parse_tdinfo(u64 *cc_mask) gpa_width = args.rcx & GENMASK(5, 0); *cc_mask = BIT_ULL(gpa_width - 1); + /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* * The kernel can not handle #VE's when accessing normal kernel * memory. Ensure that no #VE will be delivered for accesses to @@ -927,11 +930,11 @@ void __init tdx_early_init(void) setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); cc_vendor = CC_VENDOR_INTEL; - tdx_parse_tdinfo(&cc_mask); - cc_set_mask(cc_mask); - /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); + /* Configure the TD */ + tdx_setup(&cc_mask); + + cc_set_mask(cc_mask); /* * All bits above GPA width are reserved and kernel treats shared bit -- 2.43.0

11 months, 4 weeks

1
0
0 0

[PATCHv4 1/4] x86/tdx: Factor out TD metadata write TDCALL

by Kirill A. Shutemov

The TDG_VM_WR TDCALL is used to ask the TDX module to change some TD-specific VM configuration. There is currently only one user in the kernel of this TDCALL leaf. More will be added shortly. Refactor to make way for more users of TDG_VM_WR who will need to modify other TD configuration values. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reviewed-by: Kai Huang <kai.huang(a)intel.com> Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> Cc: stable(a)vger.kernel.org --- arch/x86/coco/tdx/tdx.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index b556cbcc847e..4bb786dcd6b4 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -77,6 +77,18 @@ static inline void tdcall(u64 fn, struct tdx_module_args *args) panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/* Write TD-scoped metadata */ +static inline u64 tdg_vm_wr(u64 field, u64 value, u64 mask) +{ + struct tdx_module_args args = { + .rdx = field, + .r8 = value, + .r9 = mask, + }; + + return __tdcall(TDG_VM_WR, &args); +} + /** * tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT * subtype 0) using TDG.MR.REPORT TDCALL. @@ -901,10 +913,6 @@ static void tdx_kexec_finish(void) void __init tdx_early_init(void) { - struct tdx_module_args args = { - .rdx = TDCS_NOTIFY_ENABLES, - .r9 = -1ULL, - }; u64 cc_mask; u32 eax, sig[3]; @@ -923,7 +931,7 @@ void __init tdx_early_init(void) cc_set_mask(cc_mask); /* Kernel does not use NOTIFY_ENABLES and does not need random #VEs */ - tdcall(TDG_VM_WR, &args); + tdg_vm_wr(TDCS_NOTIFY_ENABLES, 0, -1ULL); /* * All bits above GPA width are reserved and kernel treats shared bit -- 2.43.0

11 months, 4 weeks

1
0
0 0

[PATCH] Revert "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()"

by Wang Jinchao

From: Dave Airlie <airlied(a)redhat.com> This reverts commit 52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2. This causes loading failures in [ 0.367379] nouveau 0000:01:00.0: NVIDIA GP104 (134000a1) [ 0.474499] nouveau 0000:01:00.0: bios: version 86.04.50.80.13 [ 0.474620] nouveau 0000:01:00.0: pmu: firmware unavailable [ 0.474977] nouveau 0000:01:00.0: fb: 8192 MiB GDDR5 [ 0.484371] nouveau 0000:01:00.0: sec2(acr): mbox 00000001 00000000 [ 0.484377] nouveau 0000:01:00.0: sec2(acr):load: boot failed: -5 [ 0.484379] nouveau 0000:01:00.0: acr: init failed, -5 [ 0.484466] nouveau 0000:01:00.0: init failed with -5 [ 0.484468] nouveau: DRM-master:00000000:00000080: init failed with -5 [ 0.484470] nouveau 0000:01:00.0: DRM-master: Device allocation failed: -5 [ 0.485078] nouveau 0000:01:00.0: probe with driver nouveau failed with error -50 I tried tracking it down but ran out of time this week, will revisit next week. Reported-by: Dan Moulding <dan(a)danm.net> Cc: stable(a)vger.kernel.org Signed-off-by: Dave Airlie <airlied(a)redhat.com> --- drivers/gpu/drm/nouveau/nvkm/core/firmware.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c index 141b0a513bf5..adc60b25f8e6 100644 --- a/drivers/gpu/drm/nouveau/nvkm/core/firmware.c +++ b/drivers/gpu/drm/nouveau/nvkm/core/firmware.c @@ -205,9 +205,7 @@ nvkm_firmware_dtor(struct nvkm_firmware *fw) break; case NVKM_FIRMWARE_IMG_DMA: nvkm_memory_unref(&memory); - dma_unmap_single(fw->device->dev, fw->phys, sg_dma_len(&fw->mem.sgl), - DMA_TO_DEVICE); - kfree(fw->img); + dma_free_coherent(fw->device->dev, sg_dma_len(&fw->mem.sgl), fw->img, fw->phys); break; case NVKM_FIRMWARE_IMG_SGT: nvkm_memory_unref(&memory); @@ -237,17 +235,14 @@ nvkm_firmware_ctor(const struct nvkm_firmware_func *func, const char *name, fw->img = kmemdup(src, fw->len, GFP_KERNEL); break; case NVKM_FIRMWARE_IMG_DMA: { - len = ALIGN(fw->len, PAGE_SIZE); + dma_addr_t addr; - fw->img = kmalloc(len, GFP_KERNEL); - if (!fw->img) - return -ENOMEM; + len = ALIGN(fw->len, PAGE_SIZE); - memcpy(fw->img, src, fw->len); - fw->phys = dma_map_single(fw->device->dev, fw->img, len, DMA_TO_DEVICE); - if (dma_mapping_error(fw->device->dev, fw->phys)) { - kfree(fw->img); - return -EFAULT; + fw->img = dma_alloc_coherent(fw->device->dev, len, &addr, GFP_KERNEL); + if (fw->img) { + memcpy(fw->img, src, fw->len); + fw->phys = addr; } sg_init_one(&fw->mem.sgl, fw->img, len); -- 2.45.0

11 months, 4 weeks

1
0
0 0

[merged mm-nonmm-stable] fs-proc-fix-softlockup-in-__read_vmcore.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc: fix softlockup in __read_vmcore has been removed from the -mm tree. Its filename was fs-proc-fix-softlockup-in-__read_vmcore.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Rik van Riel <riel(a)surriel.com> Subject: fs/proc: fix softlockup in __read_vmcore Date: Tue, 7 May 2024 09:18:58 -0400 While taking a kernel core dump with makedumpfile on a larger system, softlockup messages often appear. While softlockup warnings can be harmless, they can also interfere with things like RCU freeing memory, which can be problematic when the kdump kexec image is configured with as little memory as possible. Avoid the softlockup, and give things like work items and RCU a chance to do their thing during __read_vmcore by adding a cond_resched. Link: https://lkml.kernel.org/r/20240507091858.36ff767f@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/vmcore.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/proc/vmcore.c~fs-proc-fix-softlockup-in-__read_vmcore +++ a/fs/proc/vmcore.c @@ -383,6 +383,8 @@ static ssize_t __read_vmcore(struct iov_ /* leave now if filled buffer already */ if (!iov_iter_count(iter)) return acc; + + cond_resched(); } list_for_each_entry(m, &vmcore_list, list) { _ Patches currently in -mm which might be from riel(a)surriel.com are

11 months, 4 weeks

1
0
0 0

[merged mm-stable] docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command has been removed from the -mm tree. Its filename was docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong schemes effective quota update command Date: Fri, 3 May 2024 11:03:15 -0700 To update effective size quota of DAMOS schemes on DAMON sysfs file interface, user should write 'update_schemes_effective_quotas' to the kdamond 'state' file. But the document is mistakenly saying the input string as 'update_schemes_effective_bytes'. Fix it (s/bytes/quotas/). Link: https://lkml.kernel.org/r/20240503180318.72798-8-sj@kernel.org Fixes: a6068d6dfa2f ("Docs/admin-guide/mm/damon/usage: document effective_bytes file") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.9.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-schemes-effective-quota-update-command +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -153,7 +153,7 @@ Users can write below commands for the k - ``clear_schemes_tried_regions``: Clear the DAMON-based operating scheme action tried regions directory for each DAMON-based operation scheme of the kdamond. -- ``update_schemes_effective_bytes``: Update the contents of +- ``update_schemes_effective_quotas``: Update the contents of ``effective_bytes`` files for each DAMON-based operation scheme of the kdamond. For more details, refer to :ref:`quotas directory <sysfs_quotas>`. @@ -342,7 +342,7 @@ Based on the user-specified :ref:`goal < effective size quota is further adjusted. Reading ``effective_bytes`` returns the current effective size quota. The file is not updated in real time, so users should ask DAMON sysfs interface to update the content of the file for -the stats by writing a special keyword, ``update_schemes_effective_bytes`` to +the stats by writing a special keyword, ``update_schemes_effective_quotas`` to the relevant ``kdamonds/<N>/state`` file. Under ``weights`` directory, three files (``sz_permil``, _ Patches currently in -mm which might be from sj(a)kernel.org are

11 months, 4 weeks

1
0
0 0

[merged mm-stable] docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file has been removed from the -mm tree. Its filename was docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file Date: Fri, 3 May 2024 11:03:14 -0700 The example usage of DAMOS filter sysfs files, specifically the part of 'matching' file writing for memcg type filter, is wrong. The intention is to exclude pages of a memcg that already getting enough care from a given scheme, but the example is setting the filter to apply the scheme to only the pages of the memcg. Fix it. Link: https://lkml.kernel.org/r/20240503180318.72798-7-sj@kernel.org Fixes: 9b7f9322a530 ("Docs/admin-guide/mm/damon/usage: document DAMOS filters of sysfs") Closes: https://lore.kernel.org/r/20240317191358.97578-1-sj@kernel.org Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Shuah Khan <shuah(a)kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/mm/damon/usage.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/Documentation/admin-guide/mm/damon/usage.rst~docs-admin-guide-mm-damon-usage-fix-wrong-example-of-damos-filter-matching-sysfs-file +++ a/Documentation/admin-guide/mm/damon/usage.rst @@ -434,7 +434,7 @@ pages of all memory cgroups except ``/ha # # further filter out all cgroups except one at '/having_care_already' echo memcg > 1/type echo /having_care_already > 1/memcg_path - echo N > 1/matching + echo Y > 1/matching Note that ``anon`` and ``memcg`` filters are currently supported only when ``paddr`` :ref:`implementation <sysfs_context>` is being used. _ Patches currently in -mm which might be from sj(a)kernel.org are

11 months, 4 weeks

1
0
0 0

[PATCH 5.4.y 0/2] net: qede: return value conflict resolution

by Asbjørn Sloth Tønnesen

Thanks Sasha, for picking these fixes up. I have reviewed all the queues and everything looks good. Just for completeness sake, I have fixed the conflict in v5.4, so it can also get the flower patch. Asbjørn Sloth Tønnesen (2): net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() net: qede: use return from qede_parse_flow_attr() for flower drivers/net/ethernet/qlogic/qede/qede_filter.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) -- 2.43.0

11 months, 4 weeks

2
3
0 0

[PATCH RESEND 5.15.y 0/3] Use access_width for _CPC package when provided by the platform firmware

by Easwar Hariharan

This series backports the original patch[1] and fixes to it[2][3], all marked for stable, that fix a kernel panic when using the wrong access size when platform firmware provides the access size to use for the _CPC ACPI package. This series was originally sent in response to an automated email notifying authors, reviewers, and maintainer of a failure to apply patch [3] to linux-5.15.y at [4]. [1] 2f4a4d63a193 ("ACPI: CPPC: Use access_width over bit_width for system memory accesses") [2] 92ee782ee ("ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro"). [3] f489c948028b ("ACPI: CPPC: Fix access width used for PCC registers") [4] https://lore.kernel.org/all/2024042905-puppy-heritage-e422@gregkh/ Easwar Hariharan (1): Revert "Revert "ACPI: CPPC: Use access_width over bit_width for system memory accesses"" Jarred White (1): ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro Vanshidhar Konda (1): ACPI: CPPC: Fix access width used for PCC registers drivers/acpi/cppc_acpi.c | 67 +++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 11 deletions(-) base-commit: 284087d4f7d57502b5a41b423b771f16cc6d157a -- 2.34.1

11 months, 4 weeks

2
4
0 0

[PATCH 6.1] MAINTAINERS: add leah to 6.1 MAINTAINERS file

by Leah Rumancik

I've been trying to get backports rolling to 6.1.y. Update MAINTAINERS file so backports requests / questions can get routed appropriately. Signed-off-by: Leah Rumancik <leah.rumancik(a)gmail.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> --- MAINTAINERS | 1 + 1 file changed, 1 insertion(+) diff --git a/MAINTAINERS b/MAINTAINERS index ecf4d0c8f446..4b19dfb5d2fd 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -22557,6 +22557,7 @@ F: include/xen/swiotlb-xen.h XFS FILESYSTEM C: irc://irc.oftc.net/xfs +M: Leah Rumancik <leah.rumancik(a)gmail.com> M: Darrick J. Wong <djwong(a)kernel.org> L: linux-xfs(a)vger.kernel.org S: Supported -- 2.45.0.118.g7fe29c98d7-goog

11 months, 4 weeks

3
2
0 0

DCN 3.5 hang on boot

by Mario Limonciello

Hi, APUs with DCN 3.5 are nominally supported with kernel 6.8 but are hitting a NULL pointer error at bootup. It’s because of a VBIOS change to bump to a newer version (but same structure definition). Can you please bring this to linux-6.8.y? 9a35d205f466 ("drm/amd/display: Atom Integrated System Info v2_2 for DCN35") Thanks!

11 months, 4 weeks

2
1
0 0

2 fixes for inclusion into linux-4.19.y

by Lee Jones

Dear Stable, Please could you apply the following fixes to the v4.19 Stable tree: 97af84a6bba2 af_unix: Do not use atomic ops for unix_sk(sk)->inflight. 47d8ac011fe1 af_unix: Fix garbage collector racing against connect() The former was only applied as far back as linux-5.4.y because the commit in the Fixes tag wasn't ever applied to linux-4.19.y, however it is a dependency for the latter, which fixes a real bug also found in linux-4.19.y. The assumption is that the latter was not applied to linux-4.19.y due to an conflict caused the missing dependency. When both are applied in order, they do so cleanly. Thank you. Kind regards, Lee -- Lee Jones [李琼斯]

11 months, 4 weeks

2
1
0 0

Re: Patch "nfc: nci: Fix kcov check in nci_rx_work()" has been added to the 6.1-stable tree

by Tetsuo Handa

On 2024/05/11 6:39, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > nfc: nci: Fix kcov check in nci_rx_work() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > nfc-nci-fix-kcov-check-in-nci_rx_work.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > I think we should not add this patch to 6.1 and earlier kernels, for only 6.2 and later kernels call kcov_remote_stop() from nci_rx_work().

11 months, 4 weeks

2
1
0 0

[PATCH v1] Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot

by Zijun Hu

Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() during reboot, but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also be fixed by this change since serdev is still opened when send to serdev. Fixes: 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") Cc: stable(a)vger.kernel.org Reported-by: Wren Turkal <wt(a)penguintechs.org> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218726 Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> Tested-by: Wren Turkal <wt(a)penguintechs.org> --- drivers/bluetooth/hci_qca.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 0c9c9ee56592..8e35c9091486 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -2450,13 +2450,12 @@ static void qca_serdev_shutdown(struct device *dev) struct qca_serdev *qcadev = serdev_device_get_drvdata(serdev); struct hci_uart *hu = &qcadev->serdev_hu; struct hci_dev *hdev = hu->hdev; - struct qca_data *qca = hu->priv; const u8 ibs_wake_cmd[] = { 0xFD }; const u8 edl_reset_soc_cmd[] = { 0x01, 0x00, 0xFC, 0x01, 0x05 }; if (qcadev->btsoc_type == QCA_QCA6390) { - if (test_bit(QCA_BT_OFF, &qca->flags) || - !test_bit(HCI_RUNNING, &hdev->flags)) + if (test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks) || + hci_dev_test_flag(hdev, HCI_SETUP)) return; serdev_device_write_flush(serdev); -- 2.7.4

11 months, 4 weeks

6
10
0 0

[PATCH 2/2] x86/sgx: Resolve EREMOVE page vs EAUG page data race

by Dmitrii Kuvaiskii

Two enclave threads may try to add and remove the same enclave page simultaneously (e.g., if the SGX runtime supports both lazy allocation and `MADV_DONTNEED` semantics). Consider this race: 1. T1 performs page removal in sgx_encl_remove_pages() and stops right after removing the page table entry and right before re-acquiring the enclave lock to EREMOVE and xa_erase(&encl->page_array) the page. 2. T2 tries to access the page, and #PF[not_present] is raised. The condition to EAUG in sgx_vma_fault() is not satisfied because the page is still present in encl->page_array, thus the SGX driver assumes that the fault happened because the page was swapped out. The driver continues on a code path that installs a page table entry *without* performing EAUG. 3. The enclave page metadata is in inconsistent state: the PTE is installed but there was no EAUG. Thus, T2 in userspace infinitely receives SIGSEGV on this page (and EACCEPT always fails). Fix this by making sure that T1 (the page-removing thread) always wins this data race. In particular, the page-being-removed is marked as such, and T2 retries until the page is fully removed. Fixes: 9849bb27152c ("x86/sgx: Support complete page removal") Cc: stable(a)vger.kernel.org Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 3 ++- arch/x86/kernel/cpu/sgx/encl.h | 3 +++ arch/x86/kernel/cpu/sgx/ioctl.c | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 41f14b1a3025..7ccd8b2fce5f 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -257,7 +257,8 @@ static struct sgx_encl_page *__sgx_encl_load_page(struct sgx_encl *encl, /* Entry successfully located. */ if (entry->epc_page) { - if (entry->desc & SGX_ENCL_PAGE_BEING_RECLAIMED) + if (entry->desc & (SGX_ENCL_PAGE_BEING_RECLAIMED | + SGX_ENCL_PAGE_BEING_REMOVED)) return ERR_PTR(-EBUSY); return entry; diff --git a/arch/x86/kernel/cpu/sgx/encl.h b/arch/x86/kernel/cpu/sgx/encl.h index f94ff14c9486..fff5f2293ae7 100644 --- a/arch/x86/kernel/cpu/sgx/encl.h +++ b/arch/x86/kernel/cpu/sgx/encl.h @@ -25,6 +25,9 @@ /* 'desc' bit marking that the page is being reclaimed. */ #define SGX_ENCL_PAGE_BEING_RECLAIMED BIT(3) +/* 'desc' bit marking that the page is being removed. */ +#define SGX_ENCL_PAGE_BEING_REMOVED BIT(2) + struct sgx_encl_page { unsigned long desc; unsigned long vm_max_prot_bits:8; diff --git a/arch/x86/kernel/cpu/sgx/ioctl.c b/arch/x86/kernel/cpu/sgx/ioctl.c index b65ab214bdf5..c542d4dd3e64 100644 --- a/arch/x86/kernel/cpu/sgx/ioctl.c +++ b/arch/x86/kernel/cpu/sgx/ioctl.c @@ -1142,6 +1142,7 @@ static long sgx_encl_remove_pages(struct sgx_encl *encl, * Do not keep encl->lock because of dependency on * mmap_lock acquired in sgx_zap_enclave_ptes(). */ + entry->desc |= SGX_ENCL_PAGE_BEING_REMOVED; mutex_unlock(&encl->lock); sgx_zap_enclave_ptes(encl, addr); -- 2.34.1

11 months, 4 weeks

3
3
0 0

[PATCH 1/2] x86/sgx: Resolve EAUG race where losing thread returns SIGBUS

by Dmitrii Kuvaiskii

Two enclave threads may try to access the same non-present enclave page simultaneously (e.g., if the SGX runtime supports lazy allocation). The threads will end up in sgx_encl_eaug_page(), racing to acquire the enclave lock. The winning thread will perform EAUG, set up the page table entry, and insert the page into encl->page_array. The losing thread will then get -EBUSY on xa_insert(&encl->page_array) and proceed to error handling path. This error handling path contains two bugs: (1) SIGBUS is sent to userspace even though the enclave page is correctly installed by another thread, and (2) sgx_encl_free_epc_page() is called that performs EREMOVE even though the enclave page was never intended to be removed. The first bug is less severe because it impacts only the user space; the second bug is more severe because it also impacts the OS state by ripping the page (added by the winning thread) from the enclave. Fix these two bugs (1) by returning VM_FAULT_NOPAGE to the generic Linux fault handler so that no signal is sent to userspace, and (2) by replacing sgx_encl_free_epc_page() with sgx_free_epc_page() so that no EREMOVE is performed. Fixes: 5a90d2c3f5ef ("x86/sgx: Support adding of pages to an initialized enclave") Cc: stable(a)vger.kernel.org Reported-by: Marcelina Kościelnicka <mwk(a)invisiblethingslab.com> Suggested-by: Reinette Chatre <reinette.chatre(a)intel.com> Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii(a)intel.com> --- arch/x86/kernel/cpu/sgx/encl.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kernel/cpu/sgx/encl.c b/arch/x86/kernel/cpu/sgx/encl.c index 279148e72459..41f14b1a3025 100644 --- a/arch/x86/kernel/cpu/sgx/encl.c +++ b/arch/x86/kernel/cpu/sgx/encl.c @@ -382,8 +382,11 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, * If ret == -EBUSY then page was created in another flow while * running without encl->lock */ - if (ret) + if (ret) { + if (ret == -EBUSY) + vmret = VM_FAULT_NOPAGE; goto err_out_shrink; + } pginfo.secs = (unsigned long)sgx_get_epc_virt_addr(encl->secs.epc_page); pginfo.addr = encl_page->desc & PAGE_MASK; @@ -419,7 +422,7 @@ static vm_fault_t sgx_encl_eaug_page(struct vm_area_struct *vma, err_out_shrink: sgx_encl_shrink(encl, va_page); err_out_epc: - sgx_encl_free_epc_page(epc_page); + sgx_free_epc_page(epc_page); err_out_unlock: mutex_unlock(&encl->lock); kfree(encl_page); -- 2.34.1

11 months, 4 weeks

3
5
0 0

[merged mm-hotfixes-stable] selftests-mm-fix-powerpc-arch-check.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix powerpc ARCH check has been removed from the -mm tree. Its filename was selftests-mm-fix-powerpc-arch-check.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix powerpc ARCH check Date: Mon, 6 May 2024 21:58:25 +1000 In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") the logic to detect the machine architecture in the Makefile was changed to use ARCH, and only fallback to uname -m if ARCH is unset. However the tests of ARCH were not updated to account for the fact that ARCH is "powerpc" for powerpc builds, not "ppc64". Fix it by changing the checks to look for "powerpc", and change the uname -m logic to convert "ppc64.*" into "powerpc". With that fixed the following tests now build for powerpc again: * protection_keys * va_high_addr_switch * virtual_address_range * write_to_hugetlbfs Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-fix-powerpc-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null else uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+') endif -ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') +ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/') endif # Without this, failed build products remain, with up-to-date timestamps, @@ -98,13 +98,13 @@ TEST_GEN_FILES += $(BINARIES_64) endif else -ifneq (,$(findstring $(ARCH),ppc64)) +ifneq (,$(findstring $(ARCH),powerpc)) TEST_GEN_FILES += protection_keys endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are drm-amd-display-only-use-hard-float-not-altivec-on-powerpc.patch

11 months, 4 weeks

1
0
0 0

[PATCH] rtla: Fix reporting when a cpu count is 0

by John Kacur

On short runs it is possible to get no samples on a cpu, like this rtla timerlat hist -P f:95 -u -c0-11 -E3500 -T50' Index IRQ-001 Thr-001 Usr-001 IRQ-002 Thr-002 Usr-002 2 1 0 0 0 0 0 33 0 1 0 0 0 0 36 0 0 1 0 0 0 49 0 0 0 1 0 0 52 0 0 0 0 1 0 over: 0 0 0 0 0 0 count: 1 1 1 1 1 0 min: 2 33 36 49 52 18446744073709551615 avg: 2 33 36 49 52 - max: 2 33 36 49 52 0 rtla timerlat hit stop tracing IRQ handler delay: (exit from idle) 48.21 us (91.09 %) IRQ latency: 49.11 us Timerlat IRQ duration: 2.17 us (4.09 %) Blocking thread: 1.01 us (1.90 %) swapper/2:0 1.01 us ------------------------------------------------------------------------ Thread latency: 52.93 us (100%)Max timerlat IRQ latency from idle: 49.11 us in cpu 2 Note, the value 18446744073709551615 is the same as ~0 Fix this by reporting no results for the min, avg and max if the count is 0 This solution came from Daniel Bristot de Oliveria <bristot(a)kernel.org> Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode") Cc: stable(a)vger.kernel.org Tested-by: John Kacur <jkacur(a)redhat.com> Signed-off-by: John Kacur <jkacur(a)redhat.com> --- tools/tracing/rtla/src/timerlat_hist.c | 60 ++++++++++++++++++-------- 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c index 8bd51aab6513..5b869caed10d 100644 --- a/tools/tracing/rtla/src/timerlat_hist.c +++ b/tools/tracing/rtla/src/timerlat_hist.c @@ -324,17 +324,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); @@ -384,17 +396,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); trace_seq_do_printf(trace->seq); -- 2.44.0

11 months, 4 weeks

1
0
0 0

+ mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Hailong.Liu" <hailong.liu(a)oppo.com> Subject: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL Date: Fri, 10 May 2024 18:01:31 +0800 commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c Link: https://lkml.kernel.org/r/20240510100131.1865-1-hailong.liu@oppo.com Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Chao Yu <chao(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Gao Xiang <xiang(a)kernel.org> Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmalloc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) --- a/mm/vmalloc.c~mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail +++ a/mm/vmalloc.c @@ -3492,7 +3492,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3549,12 +3549,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE) _ Patches currently in -mm which might be from hailong.liu(a)oppo.com are mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with-__gfp_nofail.patch

11 months, 4 weeks

1
0
0 0

[PATCH] Fix reporting when a cpu count is 0

by John Kacur

On short runs it is possible to get no samples on a cpu, like this rtla timerlat hist -P f:95 -u -c0-11 -E3500 -T50' Index IRQ-001 Thr-001 Usr-001 IRQ-002 Thr-002 Usr-002 2 1 0 0 0 0 0 33 0 1 0 0 0 0 36 0 0 1 0 0 0 49 0 0 0 1 0 0 52 0 0 0 0 1 0 over: 0 0 0 0 0 0 count: 1 1 1 1 1 0 min: 2 33 36 49 52 18446744073709551615 avg: 2 33 36 49 52 - max: 2 33 36 49 52 0 rtla timerlat hit stop tracing IRQ handler delay: (exit from idle) 48.21 us (91.09 %) IRQ latency: 49.11 us Timerlat IRQ duration: 2.17 us (4.09 %) Blocking thread: 1.01 us (1.90 %) swapper/2:0 1.01 us ------------------------------------------------------------------------ Thread latency: 52.93 us (100%)Max timerlat IRQ latency from idle: 49.11 us in cpu 2 Note, the value 18446744073709551615 is the same as ~0 Fix this by reporting no results for the min, avg and max if the count is 0 This solution came from Daniel Bristot de Oliveria <bristot(a)kernel.org> Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode") Tested-by: John Kacur <jkacur(a)redhat.com> Signed-off-by: John Kacur <jkacur(a)redhat.com> --- tools/tracing/rtla/src/timerlat_hist.c | 60 ++++++++++++++++++-------- 1 file changed, 42 insertions(+), 18 deletions(-) diff --git a/tools/tracing/rtla/src/timerlat_hist.c b/tools/tracing/rtla/src/timerlat_hist.c index 8bd51aab6513..5b869caed10d 100644 --- a/tools/tracing/rtla/src/timerlat_hist.c +++ b/tools/tracing/rtla/src/timerlat_hist.c @@ -324,17 +324,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].min_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].min_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); @@ -384,17 +396,29 @@ timerlat_print_summary(struct timerlat_hist_params *params, if (!data->hist[cpu].irq_count && !data->hist[cpu].thread_count) continue; - if (!params->no_irq) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_irq); + if (!params->no_irq) { + if (data->hist[cpu].irq_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_irq); + else + trace_seq_printf(trace->seq, " - "); + } - if (!params->no_thread) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_thread); + if (!params->no_thread) { + if (data->hist[cpu].thread_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_thread); + else + trace_seq_printf(trace->seq, " - "); + } - if (params->user_hist) - trace_seq_printf(trace->seq, "%9llu ", - data->hist[cpu].max_user); + if (params->user_hist) { + if (data->hist[cpu].user_count) + trace_seq_printf(trace->seq, "%9llu ", + data->hist[cpu].max_user); + else + trace_seq_printf(trace->seq, " - "); + } } trace_seq_printf(trace->seq, "\n"); trace_seq_do_printf(trace->seq); -- 2.44.0

11 months, 4 weeks

2
1
0 0

[PATCH v3 1/5] drm/udl: Remove DRM_CONNECTOR_POLL_HPD

by Thomas Zimmermann

DisplayLink devices do not generate hotplug events. Remove the poll flag DRM_CONNECTOR_POLL_HPD, as it may not be specified together with DRM_CONNECTOR_POLL_CONNECT or DRM_CONNECTOR_POLL_DISCONNECT. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: afdfc4c6f55f ("drm/udl: Fixed problem with UDL adpater reconnection") Reviewed-by: Jani Nikula <jani.nikula(a)intel.com> Cc: Robert Tarasov <tutankhamen(a)chromium.org> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Sean Paul <sean(a)poorly.run> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.15+ --- drivers/gpu/drm/udl/udl_modeset.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/udl/udl_modeset.c b/drivers/gpu/drm/udl/udl_modeset.c index 7702359c90c22..751da3a294c44 100644 --- a/drivers/gpu/drm/udl/udl_modeset.c +++ b/drivers/gpu/drm/udl/udl_modeset.c @@ -527,8 +527,7 @@ struct drm_connector *udl_connector_init(struct drm_device *dev) drm_connector_helper_add(connector, &udl_connector_helper_funcs); - connector->polled = DRM_CONNECTOR_POLL_HPD | - DRM_CONNECTOR_POLL_CONNECT | + connector->polled = DRM_CONNECTOR_POLL_CONNECT | DRM_CONNECTOR_POLL_DISCONNECT; return connector; -- 2.44.0

11 months, 4 weeks

1
0
0 0

FAILED: patch "[PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6c41468c7c12d74843bb414fc00307ea8a6318c3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2023041134-curvature-campsite-e51b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6c41468c7c12 ("KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection") d4963e319f1f ("KVM: x86: Make kvm_queued_exception a properly named, visible struct") 6ad75c5c99f7 ("KVM: x86: Rename kvm_x86_ops.queue_exception to inject_exception") 5623f751bd9c ("KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1)") 8d178f460772 ("KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like") eba9799b5a6e ("KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS") a61d7c5432ac ("KVM: x86: Trace re-injected exceptions") 6ef88d6e36c2 ("KVM: SVM: Re-inject INT3/INTO instead of retrying the instruction") 3741aec4c38f ("KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported") cd9e6da8048c ("KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"") 00f08d99dd7d ("KVM: nSVM: Sync next_rip field from vmcb12 to vmcb02") 9bd1f0efa859 ("KVM: nVMX: Clear IDT vectoring on nested VM-Exit for double/triple fault") c3634d25fbee ("KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry") 1d5a1b5860ed ("KVM: x86: nSVM: correctly virtualize LBR msrs when L2 is running") db663af4a001 ("kvm: x86: SVM: use vmcb* instead of svm->vmcb where it makes sense") b9f3973ab3a8 ("KVM: x86: nSVM: implement nested VMLOAD/VMSAVE") 23e5092b6e2a ("KVM: SVM: Rename hook implementations to conform to kvm_x86_ops' names") e27bc0440ebd ("KVM: x86: Rename kvm_x86_ops pointers to align w/ preferred vendor names") 068f7ea61895 ("KVM: SVM: improve split between svm_prepare_guest_switch and sev_es_prepare_guest_switch") e1779c2714c3 ("KVM: x86: nSVM: fix potential NULL derefernce on nested migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c41468c7c12d74843bb414fc00307ea8a6318c3 Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Wed, 22 Mar 2023 07:32:59 -0700 Subject: [PATCH] KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection When injecting an exception into a vCPU in Real Mode, suppress the error code by clearing the flag that tracks whether the error code is valid, not by clearing the error code itself. The "typo" was introduced by recent fix for SVM's funky Paged Real Mode. Opportunistically hoist the logic above the tracepoint so that the trace is coherent with respect to what is actually injected (this was also the behavior prior to the buggy commit). Fixes: b97f07458373 ("KVM: x86: determine if an exception has an error code only when injecting it.") Cc: stable(a)vger.kernel.org Cc: Maxim Levitsky <mlevitsk(a)redhat.com> Signed-off-by: Sean Christopherson <seanjc(a)google.com> Message-Id: <20230322143300.2209476-2-seanjc(a)google.com> Signed-off-by: Paolo Bonzini <pbonzini(a)redhat.com> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 45017576ad5e..7d6f98b7635f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9908,13 +9908,20 @@ int kvm_check_nested_events(struct kvm_vcpu *vcpu) static void kvm_inject_exception(struct kvm_vcpu *vcpu) { + /* + * Suppress the error code if the vCPU is in Real Mode, as Real Mode + * exceptions don't report error codes. The presence of an error code + * is carried with the exception and only stripped when the exception + * is injected as intercepted #PF VM-Exits for AMD's Paged Real Mode do + * report an error code despite the CPU being in Real Mode. + */ + vcpu->arch.exception.has_error_code &= is_protmode(vcpu); + trace_kvm_inj_exception(vcpu->arch.exception.vector, vcpu->arch.exception.has_error_code, vcpu->arch.exception.error_code, vcpu->arch.exception.injected); - if (vcpu->arch.exception.error_code && !is_protmode(vcpu)) - vcpu->arch.exception.error_code = false; static_call(kvm_x86_inject_exception)(vcpu); }

11 months, 4 weeks

3
2
0 0

[PATCH] apparmor: use kvfree_sensitive to free data->data

by Fedor Pchelkin

Inside unpack_profile() data->data is allocated using kvmemdup() so it should be freed with the corresponding kvfree_sensitive(). Also add missing data->data release for rhashtable insertion failure path in unpack_profile(). Found by Linux Verification Center (linuxtesting.org). Fixes: e025be0f26d5 ("apparmor: support querying extended trusted helper extra data") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 957654d253dd..14df15e35695 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -225,7 +225,7 @@ static void aa_free_data(void *ptr, void *arg) { struct aa_data *data = ptr; - kfree_sensitive(data->data); + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); } diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 5e578ef0ddff..75452acd0e35 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1071,6 +1071,7 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) if (rhashtable_insert_fast(profile->data, &data->head, profile->data->p)) { + kvfree_sensitive(data->data, data->size); kfree_sensitive(data->key); kfree_sensitive(data); info = "failed to insert data to table"; -- 2.43.0

11 months, 4 weeks

2
1
0 0

[PATCH v2 1/5] drm/udl: Remove DRM_CONNECTOR_POLL_HPD

by Thomas Zimmermann

DisplayLink devices do not generate hotplug events. Remove the poll flag DRM_CONNECTOR_POLL_HPD, as it may not be specified together with DRM_CONNECTOR_POLL_CONNECT or DRM_CONNECTOR_POLL_DISCONNECT. Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Fixes: afdfc4c6f55f ("drm/udl: Fixed problem with UDL adpater reconnection") Cc: Robert Tarasov <tutankhamen(a)chromium.org> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: Dave Airlie <airlied(a)redhat.com> Cc: Sean Paul <sean(a)poorly.run> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v4.15+ --- drivers/gpu/drm/udl/udl_modeset.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/udl/udl_modeset.c b/drivers/gpu/drm/udl/udl_modeset.c index 7702359c90c22..751da3a294c44 100644 --- a/drivers/gpu/drm/udl/udl_modeset.c +++ b/drivers/gpu/drm/udl/udl_modeset.c @@ -527,8 +527,7 @@ struct drm_connector *udl_connector_init(struct drm_device *dev) drm_connector_helper_add(connector, &udl_connector_helper_funcs); - connector->polled = DRM_CONNECTOR_POLL_HPD | - DRM_CONNECTOR_POLL_CONNECT | + connector->polled = DRM_CONNECTOR_POLL_CONNECT | DRM_CONNECTOR_POLL_DISCONNECT; return connector; -- 2.44.0

12 months

2
1
0 0

[PATCH v2] mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL

by hailong.liu＠oppo.com

From: "Hailong.Liu" <hailong.liu(a)oppo.com> commit a421ef303008 ("mm: allow !GFP_KERNEL allocations for kvmalloc") includes support for __GFP_NOFAIL, but it presents a conflict with commit dd544141b9eb ("vmalloc: back off when the current task is OOM-killed"). A possible scenario is as follows: process-a __vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL) __vmalloc_area_node() vm_area_alloc_pages() --> oom-killer send SIGKILL to process-a if (fatal_signal_pending(current)) break; --> return NULL; To fix this, do not check fatal_signal_pending() in vm_area_alloc_pages() if __GFP_NOFAIL set. Fixes: 9376130c390a ("mm/vmalloc: add support for __GFP_NOFAIL") Cc: <stable(a)vger.kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Suggested-by: Barry Song <21cnbao(a)gmail.com> Reported-by: Oven <liyangouwen1(a)oppo.com> Signed-off-by: Hailong.Liu <hailong.liu(a)oppo.com> --- mm/vmalloc.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 125427cbdb87..109272b8ee2e 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3492,7 +3492,7 @@ vm_area_alloc_pages(gfp_t gfp, int nid, { unsigned int nr_allocated = 0; gfp_t alloc_gfp = gfp; - bool nofail = false; + bool nofail = gfp & __GFP_NOFAIL; struct page *page; int i; @@ -3549,12 +3549,11 @@ vm_area_alloc_pages(gfp_t gfp, int nid, * and compaction etc. */ alloc_gfp &= ~__GFP_NOFAIL; - nofail = true; } /* High-order pages or fallback path if "bulk" fails. */ while (nr_allocated < nr_pages) { - if (fatal_signal_pending(current)) + if (!nofail && fatal_signal_pending(current)) break; if (nid == NUMA_NO_NODE) --- Changes since RFC v1 [1]: - Remove RFC tag - Add fixes, per Michal - Use nofail instead of gfp & __GFP_NOFAIL, per Barry & Michal - Modify commit log, per Barry [1] https://lore.kernel.org/all/20240508125808.28882-1-hailong.liu@oppo.com/ This issue occurred during OPLUS KASAN TEST. Below is part of the log -> oom-killer sends signal to process [65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198 [65731.259685] [T32454] Call trace: [65731.259698] [T32454] dump_backtrace+0xf4/0x118 [65731.259734] [T32454] show_stack+0x18/0x24 [65731.259756] [T32454] dump_stack_lvl+0x60/0x7c [65731.259781] [T32454] dump_stack+0x18/0x38 [65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump] [65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump] [65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc [65731.260047] [T32454] notify_die+0x114/0x198 [65731.260073] [T32454] die+0xf4/0x5b4 [65731.260098] [T32454] die_kernel_fault+0x80/0x98 [65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8 [65731.260146] [T32454] do_bad_area+0x68/0x148 [65731.260174] [T32454] do_mem_abort+0x151c/0x1b34 [65731.260204] [T32454] el1_abort+0x3c/0x5c [65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90 [65731.260248] [T32454] el1h_64_sync+0x68/0x6c [65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258 --> be->decompressed_pages = kvcalloc(be->nr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL); kernel panic by NULL pointer dereference. erofs assume kvmalloc with __GFP_NOFAIL never return NULL. [65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c [65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968 [65731.260339] [T32454] read_pages+0x170/0xadc [65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30 [65731.260388] [T32454] page_cache_ra_order+0x24c/0x714 [65731.260411] [T32454] filemap_fault+0xbf0/0x1a74 [65731.260437] [T32454] __do_fault+0xd0/0x33c [65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0 [65731.260486] [T32454] do_mem_abort+0x54c/0x1b34 [65731.260509] [T32454] el0_da+0x44/0x94 [65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4 [65731.260553] [T32454] el0t_64_sync+0x198/0x19c -- 2.34.1

12 months

3
2
0 0

[git:media_stage/master] Revert "media: v4l2-ctrls: show all owned controls in log_status"

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: Revert "media: v4l2-ctrls: show all owned controls in log_status" Author: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Date: Fri May 10 09:11:46 2024 +0200 This reverts commit 9801b5b28c6929139d6fceeee8d739cc67bb2739. This patch introduced a potential deadlock scenario: [Wed May 8 10:02:06 2024] Possible unsafe locking scenario: [Wed May 8 10:02:06 2024] CPU0 CPU1 [Wed May 8 10:02:06 2024] ---- ---- [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1620:(hdl_vid_cap)->_lock); [Wed May 8 10:02:06 2024] lock(vivid_ctrls:1608:(hdl_user_vid)->_lock); For now just revert. Fixes: 9801b5b28c69 ("media: v4l2-ctrls: show all owned controls in log_status") Cc: stable(a)vger.kernel.org Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Reviewed-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/v4l2-core/v4l2-ctrls-core.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) --- diff --git a/drivers/media/v4l2-core/v4l2-ctrls-core.c b/drivers/media/v4l2-core/v4l2-ctrls-core.c index c59dd691f79f..eeab6a5eb7ba 100644 --- a/drivers/media/v4l2-core/v4l2-ctrls-core.c +++ b/drivers/media/v4l2-core/v4l2-ctrls-core.c @@ -2507,8 +2507,7 @@ int v4l2_ctrl_handler_setup(struct v4l2_ctrl_handler *hdl) EXPORT_SYMBOL(v4l2_ctrl_handler_setup); /* Log the control name and value */ -static void log_ctrl(const struct v4l2_ctrl_handler *hdl, - struct v4l2_ctrl *ctrl, +static void log_ctrl(const struct v4l2_ctrl *ctrl, const char *prefix, const char *colon) { if (ctrl->flags & (V4L2_CTRL_FLAG_DISABLED | V4L2_CTRL_FLAG_WRITE_ONLY)) @@ -2518,11 +2517,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, pr_info("%s%s%s: ", prefix, colon, ctrl->name); - if (ctrl->handler != hdl) - v4l2_ctrl_lock(ctrl); ctrl->type_ops->log(ctrl); - if (ctrl->handler != hdl) - v4l2_ctrl_unlock(ctrl); if (ctrl->flags & (V4L2_CTRL_FLAG_INACTIVE | V4L2_CTRL_FLAG_GRABBED | @@ -2541,7 +2536,7 @@ static void log_ctrl(const struct v4l2_ctrl_handler *hdl, void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, const char *prefix) { - struct v4l2_ctrl_ref *ref; + struct v4l2_ctrl *ctrl; const char *colon = ""; int len; @@ -2553,12 +2548,9 @@ void v4l2_ctrl_handler_log_status(struct v4l2_ctrl_handler *hdl, if (len && prefix[len - 1] != ' ') colon = ": "; mutex_lock(hdl->lock); - list_for_each_entry(ref, &hdl->ctrl_refs, node) { - if (ref->from_other_dev || - (ref->ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) - continue; - log_ctrl(hdl, ref->ctrl, prefix, colon); - } + list_for_each_entry(ctrl, &hdl->ctrls, node) + if (!(ctrl->flags & V4L2_CTRL_FLAG_DISABLED)) + log_ctrl(ctrl, prefix, colon); mutex_unlock(hdl->lock); } EXPORT_SYMBOL(v4l2_ctrl_handler_log_status);

12 months

1
0
0 0

[PATCH] init: fix allocated page overlapping with PTR_ERR

by Nam Cao

There is nothing preventing kernel memory allocators from allocating a page that overlaps with PTR_ERR(), except for architecture-specific code that setup memblock. It was discovered that RISCV architecture doesn't setup memblock corectly, leading to a page overlapping with PTR_ERR() being allocated, and subsequently crashing the kernel (link in Close: ) The reported crash has nothing to do with PTR_ERR(): the last page (at address 0xfffff000) being allocated leads to an unexpected arithmetic overflow in ext4; but still, this page shouldn't be allocated in the first place. Because PTR_ERR() is an architecture-independent thing, we shouldn't ask every single architecture to set this up. There may be other architectures beside RISCV that have the same problem. Fix this one and for all by reserving the physical memory page that may be mapped to the last virtual memory page as part of low memory. Unfortunately, this means if there is actual memory at this reserved location, that memory will become inaccessible. However, if this page is not reserved, it can only be accessed as high memory, so this doesn't matter if high memory is not supported. Even if high memory is supported, it is still only one page. Closes: https://lore.kernel.org/linux-riscv/878r1ibpdn.fsf@all.your.base.are.belong… Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: <stable(a)vger.kernel.org> # all versions --- init/main.c | 1 + 1 file changed, 1 insertion(+) diff --git a/init/main.c b/init/main.c index 881f6230ee59..f8d2793c4641 100644 --- a/init/main.c +++ b/init/main.c @@ -900,6 +900,7 @@ void start_kernel(void) page_address_init(); pr_notice("%s", linux_banner); early_security_init(); + memblock_reserve(__pa(-PAGE_SIZE), PAGE_SIZE); /* reserve last page for ERR_PTR */ setup_arch(&command_line); setup_boot_config(); setup_command_line(command_line); -- 2.39.2

12 months

5
11
0 0

[PATCH V2 1/2] io_uring: fail NOP if non-zero op flags is passed in

by Ming Lei

The NOP op flags should have been checked from beginning like any other opcode, otherwise NOP may not be extended with the op flags. Given both liburing and Rust io-uring crate always zeros SQE op flags, just ignore users which play raw NOP uring interface without zeroing SQE, because NOP is just for test purpose. Then we can save one NOP2 opcode. Suggested-by: Jens Axboe <axboe(a)kernel.dk> Fixes: 2b188cc1bb85 ("Add io_uring IO interface") Cc: stable(a)vger.kernel.org Signed-off-by: Ming Lei <ming.lei(a)redhat.com> --- io_uring/nop.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/io_uring/nop.c b/io_uring/nop.c index d956599a3c1b..1a4e312dfe51 100644 --- a/io_uring/nop.c +++ b/io_uring/nop.c @@ -12,6 +12,8 @@ int io_nop_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe) { + if (READ_ONCE(sqe->rw_flags)) + return -EINVAL; return 0; } -- 2.42.0

12 months

1
0
0 0

[PATCH v2 2/7] PCI: xilinx-nwl: Fix off-by-one

by Sean Anderson

IRQs start at 0, so we don't need to subtract 1. Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- (no changes since v1) drivers/pci/controller/pcie-xilinx-nwl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK); -- 2.35.1.1320.gc452695387.dirty

12 months

2
2
0 0

[REGRESSION] v6.9-rc7: nouveau: init failed, no display output from kernel; successfully bisected

by Dan Moulding

After upgrading to rc7 from rc6 on a system with NVIDIA GP104 using the nouveau driver, I get no display output from the kernel (only the output from GRUB shows on the primary display). Nonetheless, I was able to SSH to the system and get the kernel log from dmesg. I found errors from nouveau in it. Grepping it for nouveau gives me this: [ 0.367379] nouveau 0000:01:00.0: NVIDIA GP104 (134000a1) [ 0.474499] nouveau 0000:01:00.0: bios: version 86.04.50.80.13 [ 0.474620] nouveau 0000:01:00.0: pmu: firmware unavailable [ 0.474977] nouveau 0000:01:00.0: fb: 8192 MiB GDDR5 [ 0.484371] nouveau 0000:01:00.0: sec2(acr): mbox 00000001 00000000 [ 0.484377] nouveau 0000:01:00.0: sec2(acr):load: boot failed: -5 [ 0.484379] nouveau 0000:01:00.0: acr: init failed, -5 [ 0.484466] nouveau 0000:01:00.0: init failed with -5 [ 0.484468] nouveau: DRM-master:00000000:00000080: init failed with -5 [ 0.484470] nouveau 0000:01:00.0: DRM-master: Device allocation failed: -5 [ 0.485078] nouveau 0000:01:00.0: probe with driver nouveau failed with error -50 I bisected between v6.9-rc6 and v6.9-rc7 and that identified commit 52a6947bf576 ("drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()") as the first bad commit. I then rebuilt v6.9-rc7 with just that commit reverted and the problem does not occur. Please let me know if there are any additional details I can provide that would be helpful, or if I should reproduce the failure with additional debugging options enabled, etc. Cheers, -- Dan

12 months

3
3
0 0

+ fs-proc-fix-softlockup-in-__read_vmcore.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc: fix softlockup in __read_vmcore has been added to the -mm mm-nonmm-unstable branch. Its filename is fs-proc-fix-softlockup-in-__read_vmcore.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Rik van Riel <riel(a)surriel.com> Subject: fs/proc: fix softlockup in __read_vmcore Date: Tue, 7 May 2024 09:18:58 -0400 While taking a kernel core dump with makedumpfile on a larger system, softlockup messages often appear. While softlockup warnings can be harmless, they can also interfere with things like RCU freeing memory, which can be problematic when the kdump kexec image is configured with as little memory as possible. Avoid the softlockup, and give things like work items and RCU a chance to do their thing during __read_vmcore by adding a cond_resched. Link: https://lkml.kernel.org/r/20240507091858.36ff767f@imladris.surriel.com Signed-off-by: Rik van Riel <riel(a)surriel.com> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Vivek Goyal <vgoyal(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/vmcore.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/proc/vmcore.c~fs-proc-fix-softlockup-in-__read_vmcore +++ a/fs/proc/vmcore.c @@ -383,6 +383,8 @@ static ssize_t __read_vmcore(struct iov_ /* leave now if filled buffer already */ if (!iov_iter_count(iter)) return acc; + + cond_resched(); } list_for_each_entry(m, &vmcore_list, list) { _ Patches currently in -mm which might be from riel(a)surriel.com are fs-proc-fix-softlockup-in-__read_vmcore.patch

12 months

1
0
0 0

Quick extra post-rc7 regression report due to the nearing 6.9 release

by Thorsten Leemhuis

Hi Linus, here is a short extra regression report for you mentioning regressions that you might want to be aware of or could still be fixed, but afaics are unlikely to get fixed: * 1cb63d80fff6c4 ("Bluetooth: btusb: Add support Mediatek MT7920") on some devices leads to firmware loading problems with older firmware files[1]; the fix is in next for two weeks now[2], but the maintainer missed that this is regression fix[3]: [1] https://lore.kernel.org/lkml/20240401144424.1714-1-mike@fireburn.co.uk/ [2] 5e970bdf73e619 ("Bluetooth: btusb: Fix the patch for MT7920 the affected to MT7921") [3] https://lore.kernel.org/lkml/CABBYNZK1QWNHpmXUyne1Vmqqvy7csmivL7q7N2Mu=2fmr… * Gaha Bana reported that a AMD Ryzen 7840HS CPU stopped using the boost frequencies; a fix is ready, but Rafael afaics only queued for 6.10[1]: [1] https://lore.kernel.org/lkml/CAJZ5v0iqEj0bx72Rqn--srv8Y+ievjZx6W8_kJksPzPVT… * Some change caused boot lockups for Ben Greear[1]; a workaround is now in next[2], but only queued for the next merge window: [1] https://lore.kernel.org/lkml/30f757e3-73c5-5473-c1f8-328bab98fd7d@candelate… [2] https://lore.kernel.org/linux-wireless/20240430234212.2132958-1-greearb@can… [3] https://lore.kernel.org/linux-wireless/20240508120726.85A10C113CC@smtp.kern… * Lyude ran into a boot lockup on a AMD machine caused by the topology changes from Thomas they are still trying to track down[1]; but this is the only such report I'm aware of, so hopefully something pretty rare: [1] https://lore.kernel.org/lkml/3d77cb89857ee43a9c31249f4eab7196013bc4b4.camel… * Dan Moulding reported a nouveau regression three days ago, but no reply from the developers yet: [1] https://lore.kernel.org/stable/20240506182331.8076-1-dan@danm.net/ There are a few more regression, but those IMHO were not worth mentioning. Ciao, Thorsten

12 months

1
0
0 0

[PATCH v2] ext4: fix i_data_sem unlock order in ext4_ind_migrate()

by Mikhail Ukhin

Fuzzing reports a possible deadlock in jbd2_log_wait_commit. The problem occurs in ext4_ind_migrate due to an incorrect order of unlocking of the journal and write semaphores - the order of unlocking must be the reverse of the order of locking. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Reviewed-by: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Signed-off-by: Artem Sadovnikov <ancowi69(a)gmail.com> Signed-off-by: Mikhail Ukhin <mish.uxin2012(a)yandex.ru> --- v2: New addresses have been added and Ritesh Harjani has been noted as a reviewer. fs/ext4/migrate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/migrate.c b/fs/ext4/migrate.c index b0ea646454ac..59290356aa5b 100644 --- a/fs/ext4/migrate.c +++ b/fs/ext4/migrate.c @@ -663,8 +663,8 @@ int ext4_ind_migrate(struct inode *inode) if (unlikely(ret2 && !ret)) ret = ret2; errout: - ext4_journal_stop(handle); up_write(&EXT4_I(inode)->i_data_sem); + ext4_journal_stop(handle); out_unlock: percpu_up_write(&sbi->s_writepages_rwsem); return ret; -- 2.25.1

12 months

3
2
0 0

[PATCH AUTOSEL 4.19 1/7] tools/power turbostat: Fix added raw MSR output

by Sasha Levin

From: Doug Smythies <dsmythies(a)telus.net> [ Upstream commit e5f4e68eed85fa8495d78cd966eecc2b27bb9e53 ] When using --Summary mode, added MSRs in raw mode always print zeros. Print the actual register contents. Example, with patch: note the added column: --add msr0x64f,u32,package,raw,REASON Where: 0x64F is MSR_CORE_PERF_LIMIT_REASONS Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON 0.00 4800 35 1.42 0.76 0x00000000 0.00 4801 34 1.42 0.76 0x00000000 80.08 4531 66 108.17 107.52 0x08000000 98.69 4530 66 133.21 132.54 0x08000000 99.28 4505 66 128.26 127.60 0x0c000400 99.65 4486 68 124.91 124.25 0x0c000400 99.63 4483 68 124.90 124.25 0x0c000400 79.34 4481 41 99.80 99.13 0x0c000000 0.00 4801 41 1.40 0.73 0x0c000000 Where, for the test processor (i5-10600K): PKG Limit #1: 125.000 Watts, 8.000000 sec MSR bit 26 = log; bit 10 = status PKG Limit #2: 136.000 Watts, 0.002441 sec MSR bit 27 = log; bit 11 = status Example, without patch: Busy% Bzy_MHz PkgTmp PkgWatt CorWatt REASON 0.01 4800 35 1.43 0.77 0x00000000 0.00 4801 35 1.39 0.73 0x00000000 83.49 4531 66 112.71 112.06 0x00000000 98.69 4530 68 133.35 132.69 0x00000000 99.31 4500 67 127.96 127.30 0x00000000 99.63 4483 69 124.91 124.25 0x00000000 99.61 4481 69 124.90 124.25 0x00000000 99.61 4481 71 124.92 124.25 0x00000000 59.35 4479 42 75.03 74.37 0x00000000 0.00 4800 42 1.39 0.73 0x00000000 0.00 4801 42 1.42 0.76 0x00000000 c000000 [lenb: simplified patch to apply only to package scope] Signed-off-by: Doug Smythies <dsmythies(a)telus.net> Signed-off-by: Len Brown <len.brown(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/power/x86/turbostat/turbostat.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c index 2233cf722c692..0eeb339482c06 100644 --- a/tools/power/x86/turbostat/turbostat.c +++ b/tools/power/x86/turbostat/turbostat.c @@ -1524,9 +1524,10 @@ int sum_counters(struct thread_data *t, struct core_data *c, average.packages.rapl_dram_perf_status += p->rapl_dram_perf_status; for (i = 0, mp = sys.pp; mp; i++, mp = mp->next) { - if (mp->format == FORMAT_RAW) - continue; - average.packages.counter[i] += p->counter[i]; + if ((mp->format == FORMAT_RAW) && (topo.num_packages == 0)) + average.packages.counter[i] = p->counter[i]; + else + average.packages.counter[i] += p->counter[i]; } return 0; } -- 2.43.0

12 months

2
8
0 0

[PATCH v2] clk: qcom: gcc-ipq9574: Add BRANCH_HALT_VOTED flag

by Md Sadre Alam

Add BRANCH_HALT_VOTED flag to inform clock framework don't check for CLK_OFF bit. CRYPTO_AHB_CLK_ENA and CRYPTO_AXI_CLK_ENA enable bit is present in other VOTE registers also, like TZ. If anyone else also enabled this clock, even if we turn off in GCC_APCS_CLOCK_BRANCH_ENA_VOTE | 0x180B004, it won't turn off. Also changes the CRYPTO_AHB_CLK_ENA & CRYPTO_AXI_CLK_ENA offset to 0xb004 from 0x16014. Cc: stable(a)vger.kernel.org Fixes: f6b2bd9cb29a ("clk: qcom: gcc-ipq9574: Enable crypto clocks") Signed-off-by: Md Sadre Alam <quic_mdalam(a)quicinc.com> --- Change in [v2] * Added Fixes tag and stable kernel tag * updated commit message about offset change drivers/clk/qcom/gcc-ipq9574.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/clk/qcom/gcc-ipq9574.c b/drivers/clk/qcom/gcc-ipq9574.c index 0a3f846695b8..f8b9a1e93bef 100644 --- a/drivers/clk/qcom/gcc-ipq9574.c +++ b/drivers/clk/qcom/gcc-ipq9574.c @@ -2140,9 +2140,10 @@ static struct clk_rcg2 pcnoc_bfdcd_clk_src = { static struct clk_branch gcc_crypto_axi_clk = { .halt_reg = 0x16010, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16010, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(15), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_axi_clk", .parent_hws = (const struct clk_hw *[]) { @@ -2156,9 +2157,10 @@ static struct clk_branch gcc_crypto_axi_clk = { static struct clk_branch gcc_crypto_ahb_clk = { .halt_reg = 0x16014, + .halt_check = BRANCH_HALT_VOTED, .clkr = { - .enable_reg = 0x16014, - .enable_mask = BIT(0), + .enable_reg = 0xb004, + .enable_mask = BIT(16), .hw.init = &(const struct clk_init_data) { .name = "gcc_crypto_ahb_clk", .parent_hws = (const struct clk_hw *[]) { -- 2.34.1

12 months

2
2
0 0

[PATCH] tty: Fix possible deadlock in tty_buffer_flush

by kovalev＠altlinux.org

From: Vasiliy Kovalev <kovalev(a)altlinux.org> A possible scenario in which a deadlock may occur is as follows: flush_to_ldisc() { mutex_lock(&buf->lock); tty_port_default_receive_buf() { tty_ldisc_receive_buf() { n_tty_receive_buf2() { n_tty_receive_buf_common() { n_tty_receive_char_special() { isig() { tty_driver_flush_buffer() { pty_flush_buffer() { tty_buffer_flush() { mutex_lock(&buf->lock); (DEADLOCK) flush_to_ldisc() and tty_buffer_flush() functions they use the same mutex (&buf->lock), but not necessarily the same struct tty_bufhead object. However, you should probably use a separate mutex for the tty_buffer_flush() function to exclude such a situation. Found by Syzkaller: ====================================================== WARNING: possible circular locking dependency detected 5.10.213-std-def-alt1 #1 Not tainted ------------------------------------------------------ kworker/u6:8/428 is trying to acquire lock: ffff88810c3498b8 (&buf->lock){+.+.}-{3:3}, at: tty_buffer_flush+0x7b/0x2b0 drivers/tty/tty_buffer.c:228 but task is already holding lock: ffff888114dca2e8 (&o_tty->termios_rwsem/1){++++}-{3:3}, at: isig+0xef/0x440 drivers/tty/n_tty.c:1127 which lock already depends on the new lock. Chain exists of: &buf->lock --> &port->buf.lock/1 --> &o_tty->termios_rwsem/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&o_tty->termios_rwsem/1); lock(&port->buf.lock/1); lock(&o_tty->termios_rwsem/1); lock(&buf->lock); stack backtrace: CPU: 0 PID: 428 Comm: kworker/u6:8 Not tainted 5.10.213-std-def-alt1 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-alt1 04/01/2014 Workqueue: events_unbound flush_to_ldisc Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x19b/0x203 lib/dump_stack.c:118 print_circular_bug.cold+0x162/0x171 kernel/locking/lockdep.c:2002 check_noncircular+0x263/0x2e0 kernel/locking/lockdep.c:2123 check_prev_add kernel/locking/lockdep.c:2988 [inline] check_prevs_add kernel/locking/lockdep.c:3113 [inline] validate_chain kernel/locking/lockdep.c:3729 [inline] __lock_acquire+0x298f/0x5500 kernel/locking/lockdep.c:4955 lock_acquire kernel/locking/lockdep.c:5566 [inline] lock_acquire+0x1fe/0x550 kernel/locking/lockdep.c:5531 __mutex_lock_common kernel/locking/mutex.c:968 [inline] __mutex_lock+0x142/0x10c0 kernel/locking/mutex.c:1109 mutex_lock_nested+0x17/0x20 kernel/locking/mutex.c:1124 tty_buffer_flush+0x7b/0x2b0 drivers/tty/tty_buffer.c:228 pty_flush_buffer+0x4e/0x170 drivers/tty/pty.c:222 tty_driver_flush_buffer+0x65/0x80 drivers/tty/tty_ioctl.c:96 isig+0x1e4/0x440 drivers/tty/n_tty.c:1138 n_tty_receive_signal_char+0x24/0x160 drivers/tty/n_tty.c:1239 n_tty_receive_char_special+0x1261/0x2a70 drivers/tty/n_tty.c:1285 n_tty_receive_buf_fast drivers/tty/n_tty.c:1606 [inline] __receive_buf drivers/tty/n_tty.c:1640 [inline] n_tty_receive_buf_common+0x1e76/0x2b60 drivers/tty/n_tty.c:1738 n_tty_receive_buf2+0x34/0x40 drivers/tty/n_tty.c:1773 tty_ldisc_receive_buf+0xb1/0x1a0 drivers/tty/tty_buffer.c:441 tty_port_default_receive_buf+0x73/0xa0 drivers/tty/tty_port.c:39 receive_buf drivers/tty/tty_buffer.c:461 [inline] flush_to_ldisc+0x21c/0x400 drivers/tty/tty_buffer.c:513 process_one_work+0x9ae/0x14b0 kernel/workqueue.c:2282 worker_thread+0x622/0x1320 kernel/workqueue.c:2428 kthread+0x396/0x470 kernel/kthread.c:313 ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:299 Cc: stable(a)vger.kernel.org Signed-off-by: Vasiliy Kovalev <kovalev(a)altlinux.org> --- drivers/tty/tty_buffer.c | 5 +++-- include/linux/tty_buffer.h | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c index 79f0ff94ce00da..e777bd5f3a2fca 100644 --- a/drivers/tty/tty_buffer.c +++ b/drivers/tty/tty_buffer.c @@ -226,7 +226,7 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) atomic_inc(&buf->priority); - mutex_lock(&buf->lock); + mutex_lock(&buf->flush_mtx); /* paired w/ release in __tty_buffer_request_room; ensures there are * no pending memory accesses to the freed buffer */ @@ -241,7 +241,7 @@ void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) ld->ops->flush_buffer(tty); atomic_dec(&buf->priority); - mutex_unlock(&buf->lock); + mutex_unlock(&buf->flush_mtx); } /** @@ -577,6 +577,7 @@ void tty_buffer_init(struct tty_port *port) { struct tty_bufhead *buf = &port->buf; + mutex_init(&buf->flush_mtx); mutex_init(&buf->lock); tty_buffer_reset(&buf->sentinel, 0); buf->head = &buf->sentinel; diff --git a/include/linux/tty_buffer.h b/include/linux/tty_buffer.h index 31125e3be3c55e..cea4eacc3b70d3 100644 --- a/include/linux/tty_buffer.h +++ b/include/linux/tty_buffer.h @@ -35,6 +35,7 @@ static inline u8 *flag_buf_ptr(struct tty_buffer *b, unsigned int ofs) struct tty_bufhead { struct tty_buffer *head; /* Queue head */ struct work_struct work; + struct mutex flush_mtx; /* For use in tty_buffer_flush() */ struct mutex lock; atomic_t priority; struct tty_buffer sentinel; -- 2.33.8

12 months

3
2
0 0

[PATCH v1] spi: microchip-core-qspi: fix setting spi bus clock rate

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> Before ORing the new clock rate with the control register value read from the hardware, the existing clock rate needs to be masked off as otherwise the existing value will interfere with the new one. CC: stable(a)vger.kernel.org Fixes: 8596124c4c1b ("spi: microchip-core-qspi: Add support for microchip fpga qspi controllers") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- CC: Conor Dooley <conor.dooley(a)microchip.com> CC: Daire McNamara <daire.mcnamara(a)microchip.com> CC: Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> CC: Mark Brown <broonie(a)kernel.org> CC: linux-spi(a)vger.kernel.org CC: linux-kernel(a)vger.kernel.org --- drivers/spi/spi-microchip-core-qspi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/spi/spi-microchip-core-qspi.c b/drivers/spi/spi-microchip-core-qspi.c index 03d125a71fd9..09f16471c537 100644 --- a/drivers/spi/spi-microchip-core-qspi.c +++ b/drivers/spi/spi-microchip-core-qspi.c @@ -283,6 +283,7 @@ static int mchp_coreqspi_setup_clock(struct mchp_coreqspi *qspi, struct spi_devi } control = readl_relaxed(qspi->regs + REG_CONTROL); + control &= ~CONTROL_CLKRATE_MASK; control |= baud_rate_val << CONTROL_CLKRATE_SHIFT; writel_relaxed(control, qspi->regs + REG_CONTROL); control = readl_relaxed(qspi->regs + REG_CONTROL); -- 2.43.0

12 months

3
2
0 0

[PATCH 2/2] bcache: fix variable length array abuse in btree_iter

by Coly Li

From: Matthew Mirvish <matthew(a)mm12.xyz> btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array. Cc: stable(a)vger.kernel.org Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2039368 Signed-off-by: Matthew Mirvish <matthew(a)mm12.xyz> Signed-off-by: Coly Li <colyli(a)suse.de> --- drivers/md/bcache/bset.c | 44 +++++++++++++++++------------------ drivers/md/bcache/bset.h | 28 ++++++++++++++-------- drivers/md/bcache/btree.c | 40 ++++++++++++++++--------------- drivers/md/bcache/super.c | 5 ++-- drivers/md/bcache/sysfs.c | 2 +- drivers/md/bcache/writeback.c | 10 ++++---- 6 files changed, 70 insertions(+), 59 deletions(-) diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index 2bba4d6aaaa2..463eb13bd0b2 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -54,7 +54,7 @@ void bch_dump_bucket(struct btree_keys *b) int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; if (b->ops->is_extents) @@ -67,7 +67,7 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; for_each_key(b, k, &iter) { @@ -879,7 +879,7 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; @@ -895,9 +895,9 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1100,33 +1100,33 @@ void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->size = ARRAY_SIZE(iter->data); - iter->used = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, @@ -1293,10 +1293,10 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1307,7 +1307,7 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1323,11 +1323,11 @@ void bch_btree_sort_into(struct btree_keys *b, struct btree_keys *new, struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h index d795c84246b0..011f6062c4c0 100644 --- a/drivers/md/bcache/bset.h +++ b/drivers/md/bcache/bset.h @@ -321,7 +321,14 @@ struct btree_iter { #endif struct btree_iter_set { struct bkey *k, *end; - } data[MAX_BSETS]; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -333,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter(struct btree_iter *iter, void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -350,13 +357,14 @@ static inline struct bkey *bch_bset_search(struct btree_keys *b, return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 196cdacce38f..d011a7154d33 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -1309,7 +1309,7 @@ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc) uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; gc->nodes++; @@ -1570,7 +1570,7 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) @@ -1611,17 +1611,18 @@ static int btree_gc_recurse(struct btree *b, struct btree_op *op, int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1911,7 +1912,7 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1919,10 +1920,10 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1950,7 +1951,7 @@ static int bch_btree_check_thread(void *arg) struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1959,8 +1960,8 @@ static int bch_btree_check_thread(void *arg) ret = 0; /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1978,7 +1979,7 @@ static int bch_btree_check_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2051,7 +2052,7 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; /* check and mark root node keys */ @@ -2547,11 +2548,11 @@ static int bch_btree_map_nodes_recurse(struct btree *b, struct btree_op *op, if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2580,11 +2581,12 @@ int bch_btree_map_keys_recurse(struct btree *b, struct btree_op *op, { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 38e41039edb8..cba09660148a 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1914,8 +1914,9 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size + 1) * - sizeof(struct btree_iter_set); + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); if (!c->devices) diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index 6956beb55326..826b14cae4e5 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -660,7 +660,7 @@ static unsigned int bch_root_usage(struct cache_set *c) unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; + struct btree_iter_stack iter; goto lock_root; diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 8827a6f130ad..792e070ccf38 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -908,15 +908,15 @@ static int bch_dirty_init_thread(void *arg) struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -930,7 +930,7 @@ static int bch_dirty_init_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -979,7 +979,7 @@ void bch_sectors_dirty_init(struct bcache_device *d) int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; -- 2.35.3

12 months

1
0
0 0

[PATCH 4.19.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit abdbd5f3e8c504d864fdc032dd5a4eb481cb12bf. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 4.19.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- This can't be tested on 4.19.y as the selftests for vm/ are not compiled since 4.19.17. I have bisected it to this one, commit: 7696248f9b5a ("selftests: Fix test errors related to lib.mk khdr target"), the reason for reverting it on 4.19.y is to keep 4.19.y in sync with higher stable trees(i.e reverts are sent to 5.4.y, 5.10.y and 5.15.y) --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

12 months

2
1
0 0

Re: 6.1-stable backport request

by Namhyung Kim

Hello, On Fri, Feb 2, 2024 at 3:29 PM Namhyung Kim <namhyung(a)gmail.com> wrote: > > Hello, > > Please queue up these commits for 6.1-stable: > > * commit: 4fb54994b2360ab5029ee3a959161f6fe6bbb349 > ("perf unwind-libunwind: Fix base address for .eh_frame") > > * commit: c966d23a351a33f8a977fd7efbb6f467132f7383 > ("perf unwind-libdw: Handle JIT-generated DSOs properly") > > They are needed to support JIT code in the perf tools. > I think there will be some conflicts, I will send backports soon. Have you received my backport patches? I'm wondering if they're missing or have other problems. Thanks, Namhyung

12 months

2
3
0 0

[PATCH AUTOSEL 6.8 01/52] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index 05f38d1f7d824..b41a1147f1c34 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

12 months

3
54
0 0

filtering stable patches in lore queries

by Jason A. Donenfeld

Hi, Greg and Sasha add the "X-stable: review" to their patch bombs, with the intention that people will be able to filter these out should they desire to do so. For example, I usually want all threads that match code I care about, but I don't regularly want to see thousand-patch stable series. So this header is helpful. However, I'm not able to formulate a query for lore (to pass to `lei q`) that will match on negating it. The idea would be to exclude the thread if the parent has this header. It looks like public inbox might only index on some headers, but can't generically search all? I'm not sure how it works, but queries only seem to half way work when searching for that header. In the meantime, I've been using this ugly bash script, which gets the job done, but means I have to download everything locally first: #!/bin/bash PWD="${BASH_SOURCE[0]}" PWD="${PWD%/*}" set -e cd "$PWD" echo "[+] Syncing new mail" >&2 lei up "$PWD" echo "[+] Cleaning up stable patch bombs" >&2 mapfile -d $'\0' -t parents < <(grep -F -x -Z -r -l 'X-stable: review' cur tmp new) { [[ -f stable-message-ids ]] && cat stable-message-ids [[ ${#parents[@]} -gt 0 ]] && sed -n 's/^Message-ID: <$.*$>$/\1/p' "${parents[@]}" } | sort -u > stable-message-ids.new mv stable-message-ids.new stable-message-ids [[ -s stable-message-ids ]] || exit 0 mapfile -d $'\0' -t children < <(grep -F -Z -r -l -f - cur tmp new < stable-message-ids) total=$(( ${#parents[@]} + ${#children[@]} )) [[ $total -gt 0 ]] || exit 0 echo "# rm <...$total messages...>" >&2 rm -f "${parents[@]}" "${children[@]}" This results in something like: zx2c4@thinkpad ~/Projects/lkml $ ./update.bash [+] Syncing new mail # https://lore.kernel.org/all/ limiting ... # /usr/bin/curl -gSf -s -d '' https://lore.kernel.org/all/?x=m&t=1&q=(... [+] Cleaning up stable patch bombs # rm <...24593 messages...> It works, but it'd be nice to not even download these messages in the first place. Since I'm deleting message I don't want, I have to keep track of the message IDs of those deleted messages with the stable header in case replies come in later. That's some book keeping, sheesh! Any thoughts on this workflow? Jason

12 months

3
5
0 0

[bisected]: Games crash with 6.9rc-5+/6.8.9+/6.6.30+

by Christian Heusel

Hello, I am reporting this to the regressions mailing list since it has popped up in the [Arch Linux Bugtracker][0]. It was also [already reported][1] to the relevant DRM subsystem, but is not tracked here yet. The issue has been bisected to the following commit by someone on Gitlab: a6ff969fe9cb ("drm/amdgpu: fix visible VRAM handling during faults") The DRM maintainers have said that this could be something that just worked by chance in the past: [Comment 1][2] > Christian König (@ckoenig) > Mhm, no idea of hand. But it could be that this is actually an > intended result. > > Previously we didn't correctly checked if the requirements of an > application regarding CPU accessible VRAM were meet. Now we return an > error if things potentially won't work instead of crashing later on. > > Can you provide the output of 'sudo cat > /sys/kernel/debug/dri/0/amdgpu_vram_mm' just before running the game? [Comment 2][3] > Damian Marcin Szymański (@AngryPenguinPL): > @superm1 @ckoenig If you can't fix it before stable 6.9 can we get it > reverted for now? > > Christian König (@ckoenig): > @AngryPenguinPL no, this is an important bug fix which even needs to > be backported to older kernels. All in all this seems to be a rather tricky situation (especially judging if this is actually a regression or not), so maybe getting some input from the stable or regression team on how to handle this well would be good! (I'll add that I can give no direct input on the issue itself, see this as a forward / cc type of Email.) Cheers, Chris [0]: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/47 [1]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 [2]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343#note_2389471 [3]: https://gitlab.freedesktop.org/drm/amd/-/issues/3343#note_2400933 #regzbot introduced: a6ff969fe9cb #regzbot link: https://gitlab.freedesktop.org/drm/amd/-/issues/3343 #regzbot title: drm/amdgpu: Games crash if above 4g decoding/resize bar is disabled or not supported

12 months

3
4
0 0

[PATCH v4 1/2] powerpc64/bpf: fix tail calls for PCREL addressing

by Hari Bathini

With PCREL addressing, there is no kernel TOC. So, it is not setup in prologue when PCREL addressing is used. But the number of instructions to skip on a tail call was not adjusted accordingly. That resulted in not so obvious failures while using tailcalls. 'tailcalls' selftest crashed the system with the below call trace: bpf_test_run+0xe8/0x3cc (unreliable) bpf_prog_test_run_skb+0x348/0x778 __sys_bpf+0xb04/0x2b00 sys_bpf+0x28/0x38 system_call_exception+0x168/0x340 system_call_vectored_common+0x15c/0x2ec Also, as bpf programs are always module addresses and a bpf helper in general is a core kernel text address, using PC relative addressing often fails with "out of range of pcrel address" error. Switch to using kernel base for relative addressing to handle this better. Fixes: 7e3a68be42e1 ("powerpc/64: vmlinux support building with PCREL addresing") Cc: stable(a)vger.kernel.org Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- * Changes in v4: - Fix out of range errors by switching to kernelbase instead of PC for relative addressing. * Changes in v3: - New patch to fix tailcall issues with PCREL addressing. arch/powerpc/net/bpf_jit_comp64.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 79f23974a320..4de08e35e284 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -202,7 +202,8 @@ void bpf_jit_build_epilogue(u32 *image, struct codegen_context *ctx) EMIT(PPC_RAW_BLR()); } -static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u64 func) +static int +bpf_jit_emit_func_call_hlp(u32 *image, u32 *fimage, struct codegen_context *ctx, u64 func) { unsigned long func_addr = func ? ppc_function_entry((void *)func) : 0; long reladdr; @@ -211,19 +212,20 @@ static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u return -EINVAL; if (IS_ENABLED(CONFIG_PPC_KERNEL_PCREL)) { - reladdr = func_addr - CTX_NIA(ctx); + reladdr = func_addr - local_paca->kernelbase; if (reladdr >= (long)SZ_8G || reladdr < -(long)SZ_8G) { - pr_err("eBPF: address of %ps out of range of pcrel address.\n", - (void *)func); + pr_err("eBPF: address of %ps out of range of 34-bit relative address.\n", + (void *)func); return -ERANGE; } - /* pla r12,addr */ - EMIT(PPC_PREFIX_MLS | __PPC_PRFX_R(1) | IMM_H18(reladdr)); - EMIT(PPC_INST_PADDI | ___PPC_RT(_R12) | IMM_L(reladdr)); - EMIT(PPC_RAW_MTCTR(_R12)); - EMIT(PPC_RAW_BCTR()); - + EMIT(PPC_RAW_LD(_R12, _R13, offsetof(struct paca_struct, kernelbase))); + /* Align for subsequent prefix instruction */ + if (!IS_ALIGNED((unsigned long)fimage + CTX_NIA(ctx), 8)) + EMIT(PPC_RAW_NOP()); + /* paddi r12,r12,addr */ + EMIT(PPC_PREFIX_MLS | __PPC_PRFX_R(0) | IMM_H18(reladdr)); + EMIT(PPC_INST_PADDI | ___PPC_RT(_R12) | ___PPC_RA(_R12) | IMM_L(reladdr)); } else { reladdr = func_addr - kernel_toc_addr(); if (reladdr > 0x7FFFFFFF || reladdr < -(0x80000000L)) { @@ -233,9 +235,9 @@ static int bpf_jit_emit_func_call_hlp(u32 *image, struct codegen_context *ctx, u EMIT(PPC_RAW_ADDIS(_R12, _R2, PPC_HA(reladdr))); EMIT(PPC_RAW_ADDI(_R12, _R12, PPC_LO(reladdr))); - EMIT(PPC_RAW_MTCTR(_R12)); - EMIT(PPC_RAW_BCTRL()); } + EMIT(PPC_RAW_MTCTR(_R12)); + EMIT(PPC_RAW_BCTRL()); return 0; } @@ -285,7 +287,7 @@ static int bpf_jit_emit_tail_call(u32 *image, struct codegen_context *ctx, u32 o int b2p_index = bpf_to_ppc(BPF_REG_3); int bpf_tailcall_prologue_size = 8; - if (IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) + if (!IS_ENABLED(CONFIG_PPC_KERNEL_PCREL) && IS_ENABLED(CONFIG_PPC64_ELF_ABI_V2)) bpf_tailcall_prologue_size += 4; /* skip past the toc load */ /* @@ -993,7 +995,7 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code return ret; if (func_addr_fixed) - ret = bpf_jit_emit_func_call_hlp(image, ctx, func_addr); + ret = bpf_jit_emit_func_call_hlp(image, fimage, ctx, func_addr); else ret = bpf_jit_emit_func_call_rel(image, fimage, ctx, func_addr); -- 2.44.0

12 months

3
2
0 0

[PATCH AUTOSEL 5.4 1/8] fs/9p: only translate RWX permissions for plain 9P2000

by Sasha Levin

From: Joakim Sindholt <opensource(a)zhasha.com> [ Upstream commit cd25e15e57e68a6b18dc9323047fe9c68b99290b ] Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u. Signed-off-by: Joakim Sindholt <opensource(a)zhasha.com> Signed-off-by: Eric Van Hensbergen <ericvh(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/9p/vfs_inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index b82423a72f685..b1107b424bf64 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -86,7 +86,7 @@ static int p9mode2perm(struct v9fs_session_info *v9ses, int res; int mode = stat->mode; - res = mode & S_IALLUGO; + res = mode & 0777; /* S_IRWXUGO */ if (v9fs_proto_dotu(v9ses)) { if ((mode & P9_DMSETUID) == P9_DMSETUID) res |= S_ISUID; -- 2.43.0

12 months

2
9
0 0

Issue with Ubuntu 22.04 Kernel Update

by Mandar Deshpande

Hi, I hope this message finds you well. I'm reaching out regarding an issue I've encountered with my Ubuntu 22.04 installation. Up until kernel version linux-image-5.15.0-84-generic, my laptop has been running smoothly. However, after updating to subsequent kernels, including the latest one, linux-image-5.15.0-106-generic, I've been experiencing a significant problem. Upon completion of the boot process, the screen becomes non-responsive and distorted, rendering the system unusable. I've attached a picture for reference. As of now, I've reverted to using linux-image-5.15.0-84-generic to maintain functionality. I would greatly appreciate any guidance or assistance you can provide in resolving this issue. If you're aware of a solution or troubleshooting steps, please do share them with me. Thank you for your time and assistance. Best regards, Mandar

12 months

2
1
0 0

[PATCH 1/2] mtd: rawnand: Fix the nand_read_data_op() early check

by Miquel Raynal

The nand_read_data_op() operation, which only consists in DATA_IN cycles, is sadly not supported by all controllers despite being very basic. The core, for some time, supposed all drivers would support it. An improvement to this situation for supporting more constrained controller added a check to verify if the operation was supported before attempting it by running the function with the check_only boolean set first, and then possibly falling back to another (possibly slightly less optimized) alternative. An even newer addition moved that check very early and probe time, in order to perform the check only once. The content of the operation was not so important, as long as the controller driver would tell whether such operation on the NAND bus would be possible or not. In practice, no buffer was provided (no fake buffer or whatever) as it is anyway not relevant for the "check_only" condition. Unfortunately, early in the function, there is an if statement verifying that the input parameters are right for normal use, making the early check always unsuccessful. Fixes: 9f820fc0651c ("mtd: rawnand: Check the data only read pattern only once") Cc: stable(a)vger.kernel.org Reported-by: Alexander Dahl <ada(a)thorsis.com> Closes: https://lore.kernel.org/linux-mtd/20240306-shaky-bunion-d28b65ea97d7@thorsi… Reported-by: Steven Seeger <steven.seeger(a)flightsystems.net> Closes: https://lore.kernel.org/linux-mtd/DM6PR05MB4506554457CF95191A670BDEF7062@DM… Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/raw/nand_base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c index acd137dd0957..248e654ecefd 100644 --- a/drivers/mtd/nand/raw/nand_base.c +++ b/drivers/mtd/nand/raw/nand_base.c @@ -2173,7 +2173,7 @@ EXPORT_SYMBOL_GPL(nand_reset_op); int nand_read_data_op(struct nand_chip *chip, void *buf, unsigned int len, bool force_8bit, bool check_only) { - if (!len || !buf) + if (!len || (!check_only && !buf)) return -EINVAL; if (nand_has_exec_op(chip)) { -- 2.40.1

12 months

2
1
0 0

[PATCH net] mptcp: only allow set existing scheduler for net.mptcp.scheduler

by Matthieu Baerts (NGI0)

From: Gregory Detal <gregory.detal(a)gmail.com> The current behavior is to accept any strings as inputs, this results in an inconsistent result where an unexisting scheduler can be set: # sysctl -w net.mptcp.scheduler=notdefault net.mptcp.scheduler = notdefault This patch changes this behavior by checking for existing scheduler before accepting the input. Fixes: e3b2870b6d22 ("mptcp: add a new sysctl scheduler") Cc: stable(a)vger.kernel.org Signed-off-by: Gregory Detal <gregory.detal(a)gmail.com> Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Tested-by: Geliang Tang <geliang(a)kernel.org> Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- net/mptcp/ctrl.c | 39 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 38 insertions(+), 1 deletion(-) diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index 13fe0748dde8..2963ba84e2ee 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -96,6 +96,43 @@ static void mptcp_pernet_set_defaults(struct mptcp_pernet *pernet) } #ifdef CONFIG_SYSCTL +static int mptcp_set_scheduler(const struct net *net, const char *name) +{ + struct mptcp_pernet *pernet = mptcp_get_pernet(net); + struct mptcp_sched_ops *sched; + int ret = 0; + + rcu_read_lock(); + sched = mptcp_sched_find(name); + if (sched) + strscpy(pernet->scheduler, name, MPTCP_SCHED_NAME_MAX); + else + ret = -ENOENT; + rcu_read_unlock(); + + return ret; +} + +static int proc_scheduler(struct ctl_table *ctl, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + const struct net *net = current->nsproxy->net_ns; + char val[MPTCP_SCHED_NAME_MAX]; + struct ctl_table tbl = { + .data = val, + .maxlen = MPTCP_SCHED_NAME_MAX, + }; + int ret; + + strscpy(val, mptcp_get_scheduler(net), MPTCP_SCHED_NAME_MAX); + + ret = proc_dostring(&tbl, write, buffer, lenp, ppos); + if (write && ret == 0) + ret = mptcp_set_scheduler(net, val); + + return ret; +} + static struct ctl_table mptcp_sysctl_table[] = { { .procname = "enabled", @@ -148,7 +185,7 @@ static struct ctl_table mptcp_sysctl_table[] = { .procname = "scheduler", .maxlen = MPTCP_SCHED_NAME_MAX, .mode = 0644, - .proc_handler = proc_dostring, + .proc_handler = proc_scheduler, }, { .procname = "close_timeout", --- base-commit: a26ff37e624d12e28077e5b24d2b264f62764ad6 change-id: 20240506-upstream-net-20240506-mptcp-sched-exist-6a1b91872a32 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

12 months

2
1
0 0

[PATCH AUTOSEL 6.6 01/43] ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too

by Sasha Levin

From: Hans de Goede <hdegoede(a)redhat.com> [ Upstream commit e50729d742ec364895f1c389c32315984a987aa5 ] The Asus T100TA quirk has been using an exact match on a product-name of "T100TA" but there are also T100TAM variants with a slightly higher clocked CPU and a metal backside which need the same quirk. Sort the existing T100TA (stereo speakers) below the more specific T100TAF (mono speaker) quirk and switch from exact matching to substring matching so that the T100TA quirk will also match on the T100TAM models. Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Link: https://msgid.link/r/20240407191559.21596-1-hdegoede@redhat.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/intel/boards/bytcr_rt5640.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index e609249cc38d5..651408c6f399d 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -636,28 +636,30 @@ static const struct dmi_system_id byt_rt5640_quirk_table[] = { BYT_RT5640_USE_AMCR0F28), }, { + /* Asus T100TAF, unlike other T100TA* models this one has a mono speaker */ .matches = { DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TA"), + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | + BYT_RT5640_MONO_SPEAKER | + BYT_RT5640_DIFF_MIC | + BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { + /* Asus T100TA and T100TAM, must come after T100TAF (mono spk) match */ .matches = { - DMI_EXACT_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "T100TAF"), + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_NAME, "T100TA"), }, .driver_data = (void *)(BYT_RT5640_IN1_MAP | BYT_RT5640_JD_SRC_JD2_IN4N | BYT_RT5640_OVCD_TH_2000UA | BYT_RT5640_OVCD_SF_0P75 | - BYT_RT5640_MONO_SPEAKER | - BYT_RT5640_DIFF_MIC | - BYT_RT5640_SSP0_AIF2 | BYT_RT5640_MCLK_EN), }, { -- 2.43.0

12 months

2
43
0 0

[PATCH AUTOSEL 4.19 1/4] ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating

by Sasha Levin

From: Derek Fang <derek.fang(a)realtek.com> [ Upstream commit 103abab975087e1f01b76fcb54c91dbb65dbc249 ] The codec leaves tie combo jack's sleeve/ring2 to floating status default. It would cause electric noise while connecting the active speaker jack during boot or shutdown. This patch requests a gpio to control the additional jack circuit to tie the contacts to the ground or floating. Signed-off-by: Derek Fang <derek.fang(a)realtek.com> Link: https://msgid.link/r/20240408091057.14165-1-derek.fang@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index 5f23369d7ccad..fbb3fca59c8cb 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -412,6 +412,7 @@ struct rt5645_priv { struct regmap *regmap; struct i2c_client *i2c; struct gpio_desc *gpiod_hp_det; + struct gpio_desc *gpiod_cbj_sleeve; struct snd_soc_jack *hp_jack; struct snd_soc_jack *mic_jack; struct snd_soc_jack *btn_jack; @@ -3206,6 +3207,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse regmap_update_bits(rt5645->regmap, RT5645_IN1_CTRL2, RT5645_CBJ_MN_JD, 0); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 1); + msleep(600); regmap_read(rt5645->regmap, RT5645_IN1_CTRL3, &val); val &= 0x7; @@ -3222,6 +3226,8 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse snd_soc_dapm_disable_pin(dapm, "Mic Det Power"); snd_soc_dapm_sync(dapm); rt5645->jack_type = SND_JACK_HEADPHONE; + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, @@ -3247,6 +3253,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } return rt5645->jack_type; @@ -3892,6 +3901,16 @@ static int rt5645_i2c_probe(struct i2c_client *i2c, return ret; } + rt5645->gpiod_cbj_sleeve = devm_gpiod_get_optional(&i2c->dev, "cbj-sleeve", + GPIOD_OUT_LOW); + + if (IS_ERR(rt5645->gpiod_cbj_sleeve)) { + ret = PTR_ERR(rt5645->gpiod_cbj_sleeve); + dev_info(&i2c->dev, "failed to initialize gpiod, ret=%d\n", ret); + if (ret != -ENOENT) + return ret; + } + for (i = 0; i < ARRAY_SIZE(rt5645->supplies); i++) rt5645->supplies[i].supply = rt5645_supply_names[i]; @@ -4135,6 +4154,9 @@ static int rt5645_i2c_remove(struct i2c_client *i2c) cancel_delayed_work_sync(&rt5645->jack_detect_work); cancel_delayed_work_sync(&rt5645->rcclock_work); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); + regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies); return 0; @@ -4152,6 +4174,9 @@ static void rt5645_i2c_shutdown(struct i2c_client *i2c) 0); msleep(20); regmap_write(rt5645->regmap, RT5645_RESET, 0); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } static struct i2c_driver rt5645_i2c_driver = { -- 2.43.0

12 months

1
3
0 0

[PATCH AUTOSEL 5.4 1/6] ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating

by Sasha Levin

From: Derek Fang <derek.fang(a)realtek.com> [ Upstream commit 103abab975087e1f01b76fcb54c91dbb65dbc249 ] The codec leaves tie combo jack's sleeve/ring2 to floating status default. It would cause electric noise while connecting the active speaker jack during boot or shutdown. This patch requests a gpio to control the additional jack circuit to tie the contacts to the ground or floating. Signed-off-by: Derek Fang <derek.fang(a)realtek.com> Link: https://msgid.link/r/20240408091057.14165-1-derek.fang@realtek.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/codecs/rt5645.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c index c78d5833c9cd9..6aab552eda777 100644 --- a/sound/soc/codecs/rt5645.c +++ b/sound/soc/codecs/rt5645.c @@ -414,6 +414,7 @@ struct rt5645_priv { struct regmap *regmap; struct i2c_client *i2c; struct gpio_desc *gpiod_hp_det; + struct gpio_desc *gpiod_cbj_sleeve; struct snd_soc_jack *hp_jack; struct snd_soc_jack *mic_jack; struct snd_soc_jack *btn_jack; @@ -3169,6 +3170,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse regmap_update_bits(rt5645->regmap, RT5645_IN1_CTRL2, RT5645_CBJ_MN_JD, 0); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 1); + msleep(600); regmap_read(rt5645->regmap, RT5645_IN1_CTRL3, &val); val &= 0x7; @@ -3185,6 +3189,8 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse snd_soc_dapm_disable_pin(dapm, "Mic Det Power"); snd_soc_dapm_sync(dapm); rt5645->jack_type = SND_JACK_HEADPHONE; + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, @@ -3210,6 +3216,9 @@ static int rt5645_jack_detect(struct snd_soc_component *component, int jack_inse if (rt5645->pdata.level_trigger_irq) regmap_update_bits(rt5645->regmap, RT5645_IRQ_CTRL2, RT5645_JD_1_1_MASK, RT5645_JD_1_1_INV); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } return rt5645->jack_type; @@ -3861,6 +3870,16 @@ static int rt5645_i2c_probe(struct i2c_client *i2c, return ret; } + rt5645->gpiod_cbj_sleeve = devm_gpiod_get_optional(&i2c->dev, "cbj-sleeve", + GPIOD_OUT_LOW); + + if (IS_ERR(rt5645->gpiod_cbj_sleeve)) { + ret = PTR_ERR(rt5645->gpiod_cbj_sleeve); + dev_info(&i2c->dev, "failed to initialize gpiod, ret=%d\n", ret); + if (ret != -ENOENT) + return ret; + } + for (i = 0; i < ARRAY_SIZE(rt5645->supplies); i++) rt5645->supplies[i].supply = rt5645_supply_names[i]; @@ -4104,6 +4123,9 @@ static int rt5645_i2c_remove(struct i2c_client *i2c) cancel_delayed_work_sync(&rt5645->jack_detect_work); cancel_delayed_work_sync(&rt5645->rcclock_work); + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); + regulator_bulk_disable(ARRAY_SIZE(rt5645->supplies), rt5645->supplies); return 0; @@ -4121,6 +4143,9 @@ static void rt5645_i2c_shutdown(struct i2c_client *i2c) 0); msleep(20); regmap_write(rt5645->regmap, RT5645_RESET, 0); + + if (rt5645->gpiod_cbj_sleeve) + gpiod_set_value(rt5645->gpiod_cbj_sleeve, 0); } static struct i2c_driver rt5645_i2c_driver = { -- 2.43.0

12 months

1
5
0 0

[PATCH AUTOSEL 5.15 01/15] regulator: irq_helpers: duplicate IRQ name

by Sasha Levin

From: Matti Vaittinen <mazziesaccount(a)gmail.com> [ Upstream commit 7ab681ddedd4b6dd2b047c74af95221c5f827e1d ] The regulator IRQ helper requires caller to provide pointer to IRQ name which is kept in memory by caller. All other data passed to the helper in the regulator_irq_desc structure is copied. This can cause some confusion and unnecessary complexity. Make the regulator_irq_helper() to copy also the provided IRQ name information so caller can discard the name after the call to regulator_irq_helper() completes. Signed-off-by: Matti Vaittinen <mazziesaccount(a)gmail.com> Link: https://msgid.link/r/ZhJMuUYwaZbBXFGP@drtxq0yyyyyyyyyyyyydy-3.rev.dnaintern… Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/regulator/irq_helpers.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/regulator/irq_helpers.c b/drivers/regulator/irq_helpers.c index 5227644355750..a44a0b30a6516 100644 --- a/drivers/regulator/irq_helpers.c +++ b/drivers/regulator/irq_helpers.c @@ -350,6 +350,9 @@ void *regulator_irq_helper(struct device *dev, h->irq = irq; h->desc = *d; + h->desc.name = devm_kstrdup(dev, d->name, GFP_KERNEL); + if (!h->desc.name) + return ERR_PTR(-ENOMEM); ret = init_rdev_state(dev, h, rdev, common_errs, per_rdev_errs, rdev_amount); -- 2.43.0

12 months

1
14
0 0

[PATCH AUTOSEL 4.19 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 54b0bb344cf93..68d547a4a5a53 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1591,7 +1591,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1608,7 +1608,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

12 months

1
2
0 0

[PATCH AUTOSEL 5.4 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8677d7ab7d692..5d2cf58fec126 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1630,7 +1630,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1647,7 +1647,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

12 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/3] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 6e218a0acd4e3..9bd6a6ef5ee47 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1660,7 +1660,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1677,7 +1677,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

12 months

1
2
0 0

[PATCH AUTOSEL 5.15 1/5] wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class

by Sasha Levin

From: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> [ Upstream commit 9ef369973cd2c97cce3388d2c0c7e3c056656e8a ] The declarations of the tx_rx_evt class and the rdev_set_antenna event use the wrong order of arguments in the TP_ARGS macro. Fix the order of arguments in the TP_ARGS macro. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Igor Artemiev <Igor.A.Artemiev(a)mcst.ru> Link: https://msgid.link/20240405152431.270267-1-Igor.A.Artemiev@mcst.ru Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/wireless/trace.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 19b78d4722834..dfd36cba14bc6 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -1687,7 +1687,7 @@ TRACE_EVENT(rdev_return_void_tx_rx, DECLARE_EVENT_CLASS(tx_rx_evt, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx), + TP_ARGS(wiphy, tx, rx), TP_STRUCT__entry( WIPHY_ENTRY __field(u32, tx) @@ -1704,7 +1704,7 @@ DECLARE_EVENT_CLASS(tx_rx_evt, DEFINE_EVENT(tx_rx_evt, rdev_set_antenna, TP_PROTO(struct wiphy *wiphy, u32 tx, u32 rx), - TP_ARGS(wiphy, rx, tx) + TP_ARGS(wiphy, tx, rx) ); DECLARE_EVENT_CLASS(wiphy_netdev_id_evt, -- 2.43.0

12 months

1
4
0 0

[PATCH AUTOSEL 6.1 01/12] wifi: mac80211: don't use rate mask for scanning

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit ab9177d83c040eba58387914077ebca56f14fae6 ] The rate mask is intended for use during operation, and can be set to only have masks for the currently active band. As such, it cannot be used for scanning which can be on other bands as well. Simply ignore the rate masks during scanning to avoid warnings from incorrect settings. Reported-by: syzbot+fdc5123366fb9c3fdc6d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d Co-developed-by: Dmitry Antipov <dmantipov(a)yandex.ru> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Tested-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/net/mac80211.h | 3 +++ net/mac80211/rate.c | 6 +++++- net/mac80211/scan.c | 1 + net/mac80211/tx.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 43173204d6d5e..87a4f334c22a8 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -885,6 +885,8 @@ enum mac80211_tx_info_flags { * of their QoS TID or other priority field values. * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * for sequence number assignment + * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted + * due to scanning, not in normal operation on the interface. * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * frame should be transmitted on the specific link. This really is * only relevant for frames that do not have data present, and is @@ -905,6 +907,7 @@ enum mac80211_tx_control_flags { IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), + IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, }; diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 9d33fd2377c88..a2bc9c5d92b8b 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, struct ieee80211_sub_if_data *sdata; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband; + u32 mask = ~0; rate_control_fill_sta_table(sta, info, dest, max_rates); @@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, if (ieee80211_is_tx_data(skb)) rate_control_apply_mask(sdata, sta, sband, dest, max_rates); + if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) + mask = sdata->rc_rateidx_mask[info->band]; + if (dest[0].idx < 0) __rate_control_send_low(&sdata->local->hw, sband, sta, info, - sdata->rc_rateidx_mask[info->band]); + mask); if (sta) rate_fixup_ratelist(vif, sband, info, dest, max_rates); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index c37e2576f1c13..933d02d7c1284 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -647,6 +647,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); } IEEE80211_SKB_CB(skb)->flags |= tx_flags; + IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); } } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 3d62e8b718740..419baf8efddea 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -720,11 +720,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.bss_conf = &tx->sdata->vif.bss_conf; txrc.skb = tx->skb; txrc.reported_rate.idx = -1; - txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; - if (tx->sdata->rc_has_mcs_mask[info->band]) - txrc.rate_idx_mcs_mask = - tx->sdata->rc_rateidx_mcs_mask[info->band]; + if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { + txrc.rate_idx_mask = ~0; + } else { + txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + + if (tx->sdata->rc_has_mcs_mask[info->band]) + txrc.rate_idx_mcs_mask = + tx->sdata->rc_rateidx_mcs_mask[info->band]; + } txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -- 2.43.0

12 months

1
11
0 0

Re: Patch "kbuild: rust: force `alloc` extern to allow "empty" Rust files" has been added to the 6.1-stable tree

by Miguel Ojeda

On Fri, May 3, 2024 at 6:42 PM Sasha Levin <sashal(a)kernel.org> wrote: > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I don't think it should be added since it requires upgrading the compiler to Rust 1.71 (from 1.62) at least, given: > be fairly confusing for kernel developers [1], thus use the unstable > `force` option of `--extern` [2] (added in Rust 1.71 [3]) to force the > compiler to resolve `alloc`. Now, we have upgraded the compiler in the past (in 6.6 LTS), so it could be done, but the issue here was small enough (it should only really affect kernel developers if they happen to create a new file or similar) that it felt too minor to warrant it (especially since it would a bigger compiler jump this time, with more changes required too), so I asked for doing it only in 6.6 and 6.8 since those were straightforward: https://lore.kernel.org/stable/2024042909-whimsical-drapery-40d1@gregkh/ If someone is actually doing development in 6.1 LTS with Rust enabled, we may create bigger problems for them (even if it is just time used) by upgrading the compiler than what this fix fixes here (which is an issue they may not even care about or ever notice). Cheers, Miguel

12 months

2
1
0 0

[PATCH AUTOSEL 6.6 01/19] wifi: mac80211: don't use rate mask for scanning

by Sasha Levin

From: Johannes Berg <johannes.berg(a)intel.com> [ Upstream commit ab9177d83c040eba58387914077ebca56f14fae6 ] The rate mask is intended for use during operation, and can be set to only have masks for the currently active band. As such, it cannot be used for scanning which can be on other bands as well. Simply ignore the rate masks during scanning to avoid warnings from incorrect settings. Reported-by: syzbot+fdc5123366fb9c3fdc6d(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=fdc5123366fb9c3fdc6d Co-developed-by: Dmitry Antipov <dmantipov(a)yandex.ru> Signed-off-by: Dmitry Antipov <dmantipov(a)yandex.ru> Tested-by: Dmitry Antipov <dmantipov(a)yandex.ru> Link: https://msgid.link/20240326220854.9594cbb418ca.I7f86c0ba1f98cf7e27c2bacf6c2… Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- include/net/mac80211.h | 3 +++ net/mac80211/rate.c | 6 +++++- net/mac80211/scan.c | 1 + net/mac80211/tx.c | 13 +++++++++---- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/include/net/mac80211.h b/include/net/mac80211.h index 7c707358d15c8..a39bd4169f292 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h @@ -936,6 +936,8 @@ enum mac80211_tx_info_flags { * of their QoS TID or other priority field values. * @IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX: first MLO TX, used mostly internally * for sequence number assignment + * @IEEE80211_TX_CTRL_SCAN_TX: Indicates that this frame is transmitted + * due to scanning, not in normal operation on the interface. * @IEEE80211_TX_CTRL_MLO_LINK: If not @IEEE80211_LINK_UNSPECIFIED, this * frame should be transmitted on the specific link. This really is * only relevant for frames that do not have data present, and is @@ -956,6 +958,7 @@ enum mac80211_tx_control_flags { IEEE80211_TX_CTRL_NO_SEQNO = BIT(7), IEEE80211_TX_CTRL_DONT_REORDER = BIT(8), IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX = BIT(9), + IEEE80211_TX_CTRL_SCAN_TX = BIT(10), IEEE80211_TX_CTRL_MLO_LINK = 0xf0000000, }; diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c index 9d33fd2377c88..a2bc9c5d92b8b 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -877,6 +877,7 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, struct ieee80211_sub_if_data *sdata; struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); struct ieee80211_supported_band *sband; + u32 mask = ~0; rate_control_fill_sta_table(sta, info, dest, max_rates); @@ -889,9 +890,12 @@ void ieee80211_get_tx_rates(struct ieee80211_vif *vif, if (ieee80211_is_tx_data(skb)) rate_control_apply_mask(sdata, sta, sband, dest, max_rates); + if (!(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) + mask = sdata->rc_rateidx_mask[info->band]; + if (dest[0].idx < 0) __rate_control_send_low(&sdata->local->hw, sband, sta, info, - sdata->rc_rateidx_mask[info->band]); + mask); if (sta) rate_fixup_ratelist(vif, sband, info, dest, max_rates); diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index a52813f2b08cb..b68214f159838 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -636,6 +636,7 @@ static void ieee80211_send_scan_probe_req(struct ieee80211_sub_if_data *sdata, cpu_to_le16(IEEE80211_SN_TO_SEQ(sn)); } IEEE80211_SKB_CB(skb)->flags |= tx_flags; + IEEE80211_SKB_CB(skb)->control.flags |= IEEE80211_TX_CTRL_SCAN_TX; ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band); } } diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c index 5c6c5254d987f..46b02a6ae0a36 100644 --- a/net/mac80211/tx.c +++ b/net/mac80211/tx.c @@ -705,11 +705,16 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) txrc.bss_conf = &tx->sdata->vif.bss_conf; txrc.skb = tx->skb; txrc.reported_rate.idx = -1; - txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; - if (tx->sdata->rc_has_mcs_mask[info->band]) - txrc.rate_idx_mcs_mask = - tx->sdata->rc_rateidx_mcs_mask[info->band]; + if (unlikely(info->control.flags & IEEE80211_TX_CTRL_SCAN_TX)) { + txrc.rate_idx_mask = ~0; + } else { + txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band]; + + if (tx->sdata->rc_has_mcs_mask[info->band]) + txrc.rate_idx_mcs_mask = + tx->sdata->rc_rateidx_mcs_mask[info->band]; + } txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || -- 2.43.0

12 months

1
18
0 0

[PATCH AUTOSEL 6.8 01/23] HID: nintendo: Fix N64 controller being identified as mouse

by Sasha Levin

From: Nuno Pereira <nf.pereira(a)outlook.pt> [ Upstream commit 8db8c77059e75a0f418b10ede39dd82a9eb031fa ] This patch is regarding the recent addition of support for the NSO controllers to hid-nintendo. All controllers are working correctly with the exception of the N64 controller, which is being identified as a mouse by udev. This results in the joystick controlling the mouse cursor and the controller not being detected by games. The reason for this is because the N64's C buttons have been attributed to BTN_FORWARD, BTN_BACK, BTN_LEFT, BTN_RIGHT, which are buttons typically attributed to mice. This patch changes those buttons to controller buttons, making the controller be correctly identified as such. Signed-off-by: Nuno Pereira <nf.pereira(a)outlook.pt> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/hid/hid-nintendo.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/hid/hid-nintendo.c b/drivers/hid/hid-nintendo.c index ccc4032fb2b03..4b2c81b49b80e 100644 --- a/drivers/hid/hid-nintendo.c +++ b/drivers/hid/hid-nintendo.c @@ -481,10 +481,10 @@ static const struct joycon_ctlr_button_mapping n64con_button_mappings[] = { { BTN_TR, JC_BTN_R, }, { BTN_TR2, JC_BTN_LSTICK, }, /* ZR */ { BTN_START, JC_BTN_PLUS, }, - { BTN_FORWARD, JC_BTN_Y, }, /* C UP */ - { BTN_BACK, JC_BTN_ZR, }, /* C DOWN */ - { BTN_LEFT, JC_BTN_X, }, /* C LEFT */ - { BTN_RIGHT, JC_BTN_MINUS, }, /* C RIGHT */ + { BTN_SELECT, JC_BTN_Y, }, /* C UP */ + { BTN_X, JC_BTN_ZR, }, /* C DOWN */ + { BTN_Y, JC_BTN_X, }, /* C LEFT */ + { BTN_C, JC_BTN_MINUS, }, /* C RIGHT */ { BTN_MODE, JC_BTN_HOME, }, { BTN_Z, JC_BTN_CAP, }, { /* sentinel */ }, -- 2.43.0

12 months

1
22
0 0

[PATCH 04/12] spmi: hisi-spmi-controller: Do not override device identifier

by Stephen Boyd

From: Vamshi Gajjela <vamshigajjela(a)google.com> 'nr' member of struct spmi_controller, which serves as an identifier for the controller/bus. This value is a dynamic ID assigned in spmi_controller_alloc, and overriding it from the driver results in an ida_free error "ida_free called for id=xx which is not allocated". Signed-off-by: Vamshi Gajjela <vamshigajjela(a)google.com> Fixes: 70f59c90c819 ("staging: spmi: add Hikey 970 SPMI controller driver") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240228185116.1269-1-vamshigajjela@google.com Signed-off-by: Stephen Boyd <sboyd(a)kernel.org> --- drivers/spmi/hisi-spmi-controller.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/spmi/hisi-spmi-controller.c b/drivers/spmi/hisi-spmi-controller.c index 674a350cc676..fa068b34b040 100644 --- a/drivers/spmi/hisi-spmi-controller.c +++ b/drivers/spmi/hisi-spmi-controller.c @@ -300,7 +300,6 @@ static int spmi_controller_probe(struct platform_device *pdev) spin_lock_init(&spmi_controller->lock); - ctrl->nr = spmi_controller->channel; ctrl->dev.parent = pdev->dev.parent; ctrl->dev.of_node = of_node_get(pdev->dev.of_node); -- https://git.kernel.org/pub/scm/linux/kernel/git/clk/linux.git/ https://git.kernel.org/pub/scm/linux/kernel/git/sboyd/spmi.git

12 months

1
0
0 0

[PATCH v1] usb: typec: tcpm: unregister existing source caps before re-registration

by Amit Sunil Dhamne

Check and unregister existing source caps in tcpm_register_source_caps function before registering new ones. This change fixes following warning when port partner resends source caps after negotiating PD contract for the purpose of re-negotiation. [ 343.135030][ T151] sysfs: cannot create duplicate filename '/devices/virtual/usb_power_delivery/pd1/source-capabilities' [ 343.135071][ T151] Call trace: [ 343.135076][ T151] dump_backtrace+0xe8/0x108 [ 343.135099][ T151] show_stack+0x18/0x24 [ 343.135106][ T151] dump_stack_lvl+0x50/0x6c [ 343.135119][ T151] dump_stack+0x18/0x24 [ 343.135126][ T151] sysfs_create_dir_ns+0xe0/0x140 [ 343.135137][ T151] kobject_add_internal+0x228/0x424 [ 343.135146][ T151] kobject_add+0x94/0x10c [ 343.135152][ T151] device_add+0x1b0/0x4c0 [ 343.135187][ T151] device_register+0x20/0x34 [ 343.135195][ T151] usb_power_delivery_register_capabilities+0x90/0x20c [ 343.135209][ T151] tcpm_pd_rx_handler+0x9f0/0x15b8 [ 343.135216][ T151] kthread_worker_fn+0x11c/0x260 [ 343.135227][ T151] kthread+0x114/0x1bc [ 343.135235][ T151] ret_from_fork+0x10/0x20 [ 343.135265][ T151] kobject: kobject_add_internal failed for source-capabilities with -EEXIST, don't try to register things with the same name in the same directory. Fixes: 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities") Cc: linux-usb(a)vger.kernel.org Cc: stable(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: Mark Brown <broonie(a)kernel.org> Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index ab6ed6111ed0..d8eb89f4f0c3 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -2996,7 +2996,7 @@ static int tcpm_register_source_caps(struct tcpm_port *port) { struct usb_power_delivery_desc desc = { port->negotiated_rev }; struct usb_power_delivery_capabilities_desc caps = { }; - struct usb_power_delivery_capabilities *cap; + struct usb_power_delivery_capabilities *cap = port->partner_source_caps; if (!port->partner_pd) port->partner_pd = usb_power_delivery_register(NULL, &desc); @@ -3006,6 +3006,9 @@ static int tcpm_register_source_caps(struct tcpm_port *port) memcpy(caps.pdo, port->source_caps, sizeof(u32) * port->nr_source_caps); caps.role = TYPEC_SOURCE; + if (cap) + usb_power_delivery_unregister_capabilities(cap); + cap = usb_power_delivery_register_capabilities(port->partner_pd, &caps); if (IS_ERR(cap)) return PTR_ERR(cap); base-commit: 0d31ea587709216d88183fe4ca0c8aba5e0205b8 -- 2.44.0.769.g3c40516874-goog

12 months

3
3
0 0

Re: Patch "PCI: Use PCI_HEADER_TYPE_* instead of literals" has been added to the 6.6-stable tree

by Nirmal Patel

On Mon, 22 Apr 2024 18:36:27 -0400 Sasha Levin <sashal(a)kernel.org> wrote: > This is a note to let you know that I've just added the patch titled > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-use-pci_header_type_-instead-of-literals.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable > tree, please let <stable(a)vger.kernel.org> know about it. > > > > commit 47a6faa3158d5013c24f05c59c3d3b84f273d9dd > Author: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Date: Tue Oct 3 15:53:00 2023 +0300 > > PCI: Use PCI_HEADER_TYPE_* instead of literals > > [ Upstream commit 83c088148c8e5c439eec6c7651692f797547e1a8 ] > > Replace literals under drivers/pci/ with PCI_HEADER_TYPE_MASK, > PCI_HEADER_TYPE_NORMAL, and PCI_HEADER_TYPE_MFD. > > Also replace !! boolean conversions with FIELD_GET(). > > Link: > https://lore.kernel.org/r/20231003125300.5541-4-ilpo.jarvinen@linux.intel.c… > Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: > Wolfram Sang <wsa+renesas(a)sang-engineering.com> # for Renesas R-Car > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/pci/controller/dwc/pci-layerscape.c > b/drivers/pci/controller/dwc/pci-layerscape.c index > b931d597656f6..37956e09c65bd 100644 --- > a/drivers/pci/controller/dwc/pci-layerscape.c +++ > b/drivers/pci/controller/dwc/pci-layerscape.c @@ -58,7 +58,7 @@ > static bool ls_pcie_is_bridge(struct ls_pcie *pcie) u32 header_type; > > header_type = ioread8(pci->dbi_base + PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c index > 45b97a4b14dbd..32951f7d6d6d6 100644 --- > a/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c +++ > b/drivers/pci/controller/mobiveil/pcie-mobiveil-host.c @@ -539,7 > +539,7 @@ static bool mobiveil_pcie_is_bridge(struct mobiveil_pcie > *pcie) u32 header_type; > header_type = mobiveil_csr_readb(pcie, PCI_HEADER_TYPE); > - header_type &= 0x7f; > + header_type &= PCI_HEADER_TYPE_MASK; > > return header_type == PCI_HEADER_TYPE_BRIDGE; > } > diff --git a/drivers/pci/controller/pcie-iproc.c > b/drivers/pci/controller/pcie-iproc.c index > bd1c98b688516..97f739a2c9f8f 100644 --- > a/drivers/pci/controller/pcie-iproc.c +++ > b/drivers/pci/controller/pcie-iproc.c @@ -783,7 +783,7 @@ static int > iproc_pcie_check_link(struct iproc_pcie *pcie) > /* make sure we are not in EP mode */ > iproc_pci_raw_config_read32(pcie, 0, PCI_HEADER_TYPE, 1, > &hdr_type); > - if ((hdr_type & 0x7f) != PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & PCI_HEADER_TYPE_MASK) != > PCI_HEADER_TYPE_BRIDGE) { dev_err(dev, "in EP mode, hdr=%#02x\n", > hdr_type); return -EFAULT; > } > diff --git a/drivers/pci/controller/pcie-rcar-ep.c > b/drivers/pci/controller/pcie-rcar-ep.c index > f9682df1da619..7034c0ff23d0d 100644 --- > a/drivers/pci/controller/pcie-rcar-ep.c +++ > b/drivers/pci/controller/pcie-rcar-ep.c @@ -43,7 +43,7 @@ static void > rcar_pcie_ep_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ENDPOINT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_NORMAL); > > /* Write out the physical slot number = 0 */ > diff --git a/drivers/pci/controller/pcie-rcar-host.c > b/drivers/pci/controller/pcie-rcar-host.c index > 88975e40ee2fb..bf7cc0b6a6957 100644 --- > a/drivers/pci/controller/pcie-rcar-host.c +++ > b/drivers/pci/controller/pcie-rcar-host.c @@ -460,7 +460,7 @@ static > int rcar_pcie_hw_init(struct rcar_pcie *pcie) rcar_rmw32(pcie, > REXPCAP(0), 0xff, PCI_CAP_ID_EXP); rcar_rmw32(pcie, > REXPCAP(PCI_EXP_FLAGS), PCI_EXP_FLAGS_TYPE, PCI_EXP_TYPE_ROOT_PORT << > 4); > - rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), 0x7f, > + rcar_rmw32(pcie, RCONF(PCI_HEADER_TYPE), > PCI_HEADER_TYPE_MASK, PCI_HEADER_TYPE_BRIDGE); > > /* Enable data link layer active state reporting */ > diff --git a/drivers/pci/controller/vmd.c > b/drivers/pci/controller/vmd.c index 6ac0afae0ca18..2af46e6587aff > 100644 --- a/drivers/pci/controller/vmd.c > +++ b/drivers/pci/controller/vmd.c > @@ -527,7 +527,7 @@ static void vmd_domain_reset(struct vmd_dev *vmd) > > hdr_type = readb(base + PCI_HEADER_TYPE); > > - functions = (hdr_type & 0x80) ? 8 : 1; > + functions = (hdr_type & PCI_HEADER_TYPE_MFD) Acked-by: Nirmal Patel <nirmal.patel(a)linux.intel.com> > ? 8 : 1; for (fn = 0; fn < functions; fn++) { > base = vmd->cfgbar + > PCIE_ECAM_OFFSET(bus, PCI_DEVFN(dev, fn), 0); > diff --git a/drivers/pci/hotplug/cpqphp_ctrl.c > b/drivers/pci/hotplug/cpqphp_ctrl.c index > e429ecddc8feb..c01968ef0bd7b 100644 --- > a/drivers/pci/hotplug/cpqphp_ctrl.c +++ > b/drivers/pci/hotplug/cpqphp_ctrl.c @@ -2059,7 +2059,7 @@ int > cpqhp_process_SS(struct controller *ctrl, struct pci_func *func) > return rc; > /* If it's a bridge, check the VGA Enable > bit */ > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { rc = pci_bus_read_config_byte(pci_bus, > devfn, PCI_BRIDGE_CONTROL, &BCR); if (rc) > return rc; > @@ -2342,7 +2342,7 @@ static int configure_new_function(struct > controller *ctrl, struct pci_func *func if (rc) > return rc; > > - if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* set Primary bus */ > dbg("set Primary bus = %d\n", func->bus); > rc = pci_bus_write_config_byte(pci_bus, devfn, > PCI_PRIMARY_BUS, func->bus); @@ -2739,7 +2739,7 @@ static int > configure_new_function(struct controller *ctrl, struct pci_func *func > * PCI_BRIDGE_CTL_SERR | > * PCI_BRIDGE_CTL_NO_ISA */ > rc = pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); > - } else if ((temp_byte & 0x7F) == PCI_HEADER_TYPE_NORMAL) { > + } else if ((temp_byte & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Standard device */ > rc = pci_bus_read_config_byte(pci_bus, devfn, 0x0B, > &class_code); > diff --git a/drivers/pci/hotplug/cpqphp_pci.c > b/drivers/pci/hotplug/cpqphp_pci.c index 3b248426a9f42..e9f1fb333a718 > 100644 --- a/drivers/pci/hotplug/cpqphp_pci.c > +++ b/drivers/pci/hotplug/cpqphp_pci.c > @@ -363,7 +363,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) return rc; > > /* If multi-function device, set max_functions to 8 > */ > - if (header_type & 0x80) > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > @@ -372,7 +372,7 @@ int cpqhp_save_config(struct controller *ctrl, > int busnumber, int is_hot_plug) > do { > DevError = 0; > - if ((header_type & 0x7F) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus > * get the subordinate bus number > */ > @@ -487,13 +487,13 @@ int cpqhp_save_slot_config(struct controller > *ctrl, struct pci_func *new_slot) > pci_bus_read_config_byte(ctrl->pci_bus, PCI_DEVFN(new_slot->device, > 0), 0x0B, &class_code); pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, 0), PCI_HEADER_TYPE, &header_type); > - if (header_type & 0x80) /* Multi-function device */ > + if (header_type & PCI_HEADER_TYPE_MFD) > max_functions = 8; > else > max_functions = 1; > > while (function < max_functions) { > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Recurse the subordinate bus */ > pci_bus_read_config_byte(ctrl->pci_bus, > PCI_DEVFN(new_slot->device, function), PCI_SECONDARY_BUS, > &secondary_bus); @@ -571,7 +571,7 @@ int > cpqhp_save_base_addr_length(struct controller *ctrl, struct pci_func > *func) /* Check for Bridge */ pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -625,7 +625,7 @@ int cpqhp_save_base_addr_length(struct controller > *ctrl, struct pci_func *func) > } /* End of base register loop */ > > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { temp_register = 0xFFFFFFFF; > @@ -723,7 +723,7 @@ int cpqhp_save_used_resources(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* Clear Bridge Control Register */ > command = 0x00; > pci_bus_write_config_word(pci_bus, devfn, > PCI_BRIDGE_CONTROL, command); @@ -858,7 +858,7 @@ int > cpqhp_save_used_resources(struct controller *ctrl, struct pci_func > *func) } } /* End of base register loop */ > /* Standard header */ > - } else if ((header_type & 0x7F) == 0x00) { > + } else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Figure out IO and memory base lengths */ > for (cloop = 0x10; cloop <= 0x24; cloop += > 4) { pci_bus_read_config_dword(pci_bus, devfn, cloop, &save_base); > @@ -975,7 +975,7 @@ int cpqhp_configure_board(struct controller > *ctrl, struct pci_func *func) pci_bus_read_config_byte(pci_bus, > devfn, PCI_HEADER_TYPE, &header_type); > /* If this is a bridge device, restore subordinate > devices */ > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { pci_bus_read_config_byte(pci_bus, devfn, > PCI_SECONDARY_BUS, &secondary_bus); > sub_bus = (int) secondary_bus; > @@ -1067,7 +1067,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) /* Check for Bridge */ > pci_bus_read_config_byte(pci_bus, devfn, > PCI_HEADER_TYPE, &header_type); > - if ((header_type & 0x7F) == PCI_HEADER_TYPE_BRIDGE) { > + if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_BRIDGE) { /* In order to continue checking, we must > program the > * bus registers in the bridge to respond to > accesses > * for its subordinate bus(es) > @@ -1090,7 +1090,7 @@ int cpqhp_valid_replace(struct controller > *ctrl, struct pci_func *func) > } > /* Check to see if it is a standard config header */ > - else if ((header_type & 0x7F) == > PCI_HEADER_TYPE_NORMAL) { > + else if ((header_type & PCI_HEADER_TYPE_MASK) == > PCI_HEADER_TYPE_NORMAL) { /* Check subsystem vendor and ID */ > pci_bus_read_config_dword(pci_bus, devfn, > PCI_SUBSYSTEM_VENDOR_ID, &temp_register); > diff --git a/drivers/pci/hotplug/ibmphp.h > b/drivers/pci/hotplug/ibmphp.h index 41eafe511210f..c248a09be7b5d > 100644 --- a/drivers/pci/hotplug/ibmphp.h > +++ b/drivers/pci/hotplug/ibmphp.h > @@ -17,6 +17,7 @@ > */ > > #include <linux/pci_hotplug.h> > +#include <linux/pci_regs.h> > > extern int ibmphp_debug; > > @@ -286,8 +287,8 @@ int ibmphp_register_pci(void); > > /* pci specific defines */ > #define PCI_VENDOR_ID_NOTVALID 0xFFFF > -#define PCI_HEADER_TYPE_MULTIDEVICE 0x80 > -#define PCI_HEADER_TYPE_MULTIBRIDGE 0x81 > +#define PCI_HEADER_TYPE_MULTIDEVICE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_NORMAL) +#define > PCI_HEADER_TYPE_MULTIBRIDGE > (PCI_HEADER_TYPE_MFD|PCI_HEADER_TYPE_BRIDGE) #define LATENCY > 0x64 #define CACHE 64 > diff --git a/drivers/pci/hotplug/ibmphp_pci.c > b/drivers/pci/hotplug/ibmphp_pci.c index 50038e5f9ca40..eeb412cbd9fe3 > 100644 --- a/drivers/pci/hotplug/ibmphp_pci.c > +++ b/drivers/pci/hotplug/ibmphp_pci.c > @@ -1087,7 +1087,7 @@ static struct res_needed > *scan_behind_bridge(struct pci_func *func, u8 busno) > pci_bus_read_config_dword(ibmphp_pci_bus, devfn, PCI_CLASS_REVISION, > &class); debug("hdr_type behind the bridge is %x\n", hdr_type); > - if ((hdr_type & 0x7f) == > PCI_HEADER_TYPE_BRIDGE) { > + if ((hdr_type & > PCI_HEADER_TYPE_MASK) == PCI_HEADER_TYPE_BRIDGE) { err("embedded > bridges not supported for hot-plugging.\n"); amount->not_correct = 1; > return amount; > diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c > index 06fc6f532d6c4..dae9d9e2826f0 100644 > --- a/drivers/pci/pci.c > +++ b/drivers/pci/pci.c > @@ -534,7 +534,7 @@ u8 pci_bus_find_capability(struct pci_bus *bus, > unsigned int devfn, int cap) > pci_bus_read_config_byte(bus, devfn, PCI_HEADER_TYPE, > &hdr_type); > - pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & 0x7f); > + pos = __pci_bus_find_cap_start(bus, devfn, hdr_type & > PCI_HEADER_TYPE_MASK); if (pos) > pos = __pci_find_next_cap(bus, devfn, pos, cap); > > diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c > index b3976dcb71f10..675f77ac1968d 100644 > --- a/drivers/pci/quirks.c > +++ b/drivers/pci/quirks.c > @@ -1849,8 +1849,8 @@ static void quirk_jmicron_ata(struct pci_dev > *pdev) > /* Update pdev accordingly */ > pci_read_config_byte(pdev, PCI_HEADER_TYPE, &hdr); > - pdev->hdr_type = hdr & 0x7f; > - pdev->multifunction = !!(hdr & 0x80); > + pdev->hdr_type = hdr & PCI_HEADER_TYPE_MASK; > + pdev->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, hdr); > > pci_read_config_dword(pdev, PCI_CLASS_REVISION, &class); > pdev->class = class >> 8; > @@ -5710,7 +5710,7 @@ static void quirk_nvidia_hda(struct pci_dev > *gpu) > /* The GPU becomes a multi-function device when the HDA is > enabled */ pci_read_config_byte(gpu, PCI_HEADER_TYPE, &hdr_type); > - gpu->multifunction = !!(hdr_type & 0x80); > + gpu->multifunction = FIELD_GET(PCI_HEADER_TYPE_MFD, > hdr_type); } > DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID, > PCI_BASE_CLASS_DISPLAY, 16, > quirk_nvidia_hda);

12 months

1
0
0 0

[PATCH v6 00/10] Fix Kselftest's vfork() side effects

by Mickaël Salaün

Hi, This sixth series just update the last patch description. Shuah, I think this should be in -next really soon to make sure everything works fine for the v6.9 release, which is not currently the case. I cannot test against all kselftests though. I would prefer to let you handle this, but I guess you're not able to do so and I'll push it on my branch without reply from you. Even if I push it on my branch, please push it on yours too as soon as you see this and I'll remove it from mine. Mark, Jakub, could you please test this series? As reported by Kernel Test Robot [1] and Sean Christopherson [2], some tests fail since v6.9-rc1 . This is due to the use of vfork() which introduced some side effects. Similarly, while making it more generic, a previous commit made some Landlock file system tests flaky, and subject to the host's file system mount configuration. This series fixes all these side effects by replacing vfork() with clone3() and CLONE_VFORK, which is cleaner (no arbitrary shared memory) and makes the Kselftest framework more robust. I tried different approaches and I found this one to be the cleaner and less invasive for current test cases. I successfully ran the following tests (using TEST_F and fork/clone/clone3, and KVM_ONE_VCPU_TEST) with this series: - kvm:fix_hypercall_test - kvm:sync_regs_test - kvm:userspace_msr_exit_test - kvm:vmx_pmu_caps_test - landlock:fs_test - landlock:net_test - landlock:ptrace_test - move_mount_set_group:move_mount_set_group_test - net/af_unix:scm_pidfd - perf_events:remove_on_exec - pidfd:pidfd_getfd_test - pidfd:pidfd_setns_test - seccomp:seccomp_bpf - user_events:abi_test [1] https://lore.kernel.org/oe-lkp/202403291015.1fcfa957-oliver.sang@intel.com [2] https://lore.kernel.org/r/ZjPelW6-AbtYvslu@google.com Previous versions: v1: https://lore.kernel.org/r/20240426172252.1862930-1-mic@digikod.net v2: https://lore.kernel.org/r/20240429130931.2394118-1-mic@digikod.net v3: https://lore.kernel.org/r/20240429191911.2552580-1-mic@digikod.net v4: https://lore.kernel.org/r/20240502210926.145539-1-mic@digikod.net v5: https://lore.kernel.org/r/20240503105820.300927-1-mic@digikod.net Regards, Mickaël Salaün (10): selftests/pidfd: Fix config for pidfd_setns_test selftests/landlock: Fix FS tests when run on a private mount point selftests/harness: Fix fixture teardown selftests/harness: Fix interleaved scheduling leading to race conditions selftests/landlock: Do not allocate memory in fixture data selftests/harness: Constify fixture variants selftests/pidfd: Fix wrong expectation selftests/harness: Share _metadata between forked processes selftests/harness: Fix vfork() side effects selftests/harness: Handle TEST_F()'s explicit exit codes tools/testing/selftests/kselftest_harness.h | 122 +++++++++++++----- tools/testing/selftests/landlock/fs_test.c | 83 +++++++----- tools/testing/selftests/pidfd/config | 2 + .../selftests/pidfd/pidfd_setns_test.c | 2 +- 4 files changed, 143 insertions(+), 66 deletions(-) base-commit: e67572cd2204894179d89bd7b984072f19313b03 -- 2.45.0

12 months

4
14
0 0

[PATCH] nvme-pci: Add quirk for broken MSIs

by Sean Anderson

Sandisk SN530 NVMe drives have broken MSIs. On systems without MSI-X support, all commands time out resulting in the following message: nvme nvme0: I/O tag 12 (100c) QID 0 timeout, completion polled These timeouts cause the boot to take an excessively-long time (over 20 minutes) while the initial command queue is flushed. Address this by adding a quirk for drives with buggy MSIs. The lspci output for this device (recorded on a system with MSI-X support) is: 02:00.0 Non-Volatile memory controller: Sandisk Corp Device 5008 (rev 01) (prog-if 02 [NVM Express]) Subsystem: Sandisk Corp Device 5008 Flags: bus master, fast devsel, latency 0, IRQ 16, NUMA node 0 Memory at f7e00000 (64-bit, non-prefetchable) [size=16K] Memory at f7e04000 (64-bit, non-prefetchable) [size=256] Capabilities: [80] Power Management version 3 Capabilities: [90] MSI: Enable- Count=1/32 Maskable- 64bit+ Capabilities: [b0] MSI-X: Enable+ Count=17 Masked- Capabilities: [c0] Express Endpoint, MSI 00 Capabilities: [100] Advanced Error Reporting Capabilities: [150] Device Serial Number 00-00-00-00-00-00-00-00 Capabilities: [1b8] Latency Tolerance Reporting Capabilities: [300] Secondary PCI Express Capabilities: [900] L1 PM Substates Kernel driver in use: nvme Kernel modules: nvme Cc: <stable(a)vger.kernel.org> Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> --- drivers/nvme/host/nvme.h | 5 +++++ drivers/nvme/host/pci.c | 14 +++++++++++--- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/drivers/nvme/host/nvme.h b/drivers/nvme/host/nvme.h index 7b87763e2f8a..738719085e05 100644 --- a/drivers/nvme/host/nvme.h +++ b/drivers/nvme/host/nvme.h @@ -162,6 +162,11 @@ enum nvme_quirks { * Disables simple suspend/resume path. */ NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND = (1 << 20), + + /* + * MSI (but not MSI-X) interrupts are broken and never fire. + */ + NVME_QUIRK_BROKEN_MSI = (1 << 21), }; /* diff --git a/drivers/nvme/host/pci.c b/drivers/nvme/host/pci.c index e6267a6aa380..d1f0fa2e7c96 100644 --- a/drivers/nvme/host/pci.c +++ b/drivers/nvme/host/pci.c @@ -2218,6 +2218,7 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) .priv = dev, }; unsigned int irq_queues, poll_queues; + unsigned int flags = PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY; /* * Poll queues don't need interrupts, but we need at least one I/O queue @@ -2241,8 +2242,10 @@ static int nvme_setup_irqs(struct nvme_dev *dev, unsigned int nr_io_queues) irq_queues = 1; if (!(dev->ctrl.quirks & NVME_QUIRK_SINGLE_VECTOR)) irq_queues += (nr_io_queues - poll_queues); - return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, - PCI_IRQ_ALL_TYPES | PCI_IRQ_AFFINITY, &affd); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + return pci_alloc_irq_vectors_affinity(pdev, 1, irq_queues, flags, + &affd); } static unsigned int nvme_max_io_queues(struct nvme_dev *dev) @@ -2471,6 +2474,7 @@ static int nvme_pci_enable(struct nvme_dev *dev) { int result = -ENOMEM; struct pci_dev *pdev = to_pci_dev(dev->dev); + unsigned int flags = PCI_IRQ_ALL_TYPES; if (pci_enable_device_mem(pdev)) return result; @@ -2487,7 +2491,9 @@ static int nvme_pci_enable(struct nvme_dev *dev) * interrupts. Pre-enable a single MSIX or MSI vec for setup. We'll * adjust this later. */ - result = pci_alloc_irq_vectors(pdev, 1, 1, PCI_IRQ_ALL_TYPES); + if (dev->ctrl.quirks & NVME_QUIRK_BROKEN_MSI) + flags &= ~PCI_IRQ_MSI; + result = pci_alloc_irq_vectors(pdev, 1, 1, flags); if (result < 0) goto disable; @@ -3381,6 +3387,8 @@ static const struct pci_device_id nvme_id_table[] = { .driver_data = NVME_QUIRK_DELAY_BEFORE_CHK_RDY | NVME_QUIRK_DISABLE_WRITE_ZEROES| NVME_QUIRK_IGNORE_DEV_SUBNQN, }, + { PCI_DEVICE(0x15b7, 0x5008), /* Sandisk SN530 */ + .driver_data = NVME_QUIRK_BROKEN_MSI }, { PCI_DEVICE(0x1987, 0x5012), /* Phison E12 */ .driver_data = NVME_QUIRK_BOGUS_NID, }, { PCI_DEVICE(0x1987, 0x5016), /* Phison E16 */ -- 2.35.1.1320.gc452695387.dirty

12 months

3
5
0 0

[PATCH v2 5/7] arm64: dts: qcom: sc8280xp-x13s: fix touchscreen power on

by Johan Hovold

The Elan eKTH5015M touch controller on the X13s requires a 300 ms delay before sending commands after having deasserted reset during power on. Switch to the Elan specific binding so that the OS can determine the required power-on sequence and make sure that the controller is always detected during boot. Note that the always-on 1.8 V supply (s10b) is not used by the controller directly and should not be described. Fixes: 32c231385ed4 ("arm64: dts: qcom: sc8280xp: add Lenovo Thinkpad X13s devicetree") Cc: stable(a)vger.kernel.org # 6.0 Tested-by: Steev Klimaszewski <steev(a)kali.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts index 569add4ebfab..98c1b75513be 100644 --- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts +++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts @@ -653,15 +653,16 @@ &i2c4 { status = "okay"; - /* FIXME: verify */ touchscreen@10 { - compatible = "hid-over-i2c"; + compatible = "elan,ekth5015m", "elan,ekth6915"; reg = <0x10>; - hid-descr-addr = <0x1>; interrupts-extended = <&tlmm 175 IRQ_TYPE_LEVEL_LOW>; - vdd-supply = <&vreg_misc_3p3>; - vddl-supply = <&vreg_s10b>; + reset-gpios = <&tlmm 99 (GPIO_ACTIVE_LOW | GPIO_OPEN_DRAIN)>; + no-reset-on-power-off; + + vcc33-supply = <&vreg_misc_3p3>; + vccio-supply = <&vreg_misc_3p3>; pinctrl-names = "default"; pinctrl-0 = <&ts0_default>; @@ -1507,8 +1508,8 @@ int-n-pins { reset-n-pins { pins = "gpio99"; function = "gpio"; - output-high; - drive-strength = <16>; + drive-strength = <2>; + bias-disable; }; }; -- 2.43.2

12 months

1
0
0 0

[PATCH v4] can: mcp251xfd: fix infinite loop when xmit fails

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf, tef_head=0x000017d0, tx_head=0x000017d3). ... and repeat forever. The issue can be triggered when multiple devices share the same SPI interface. And there is concurrent access to the bus. The problem occurs because tx_ring->head increments even if mcp251xfd_start_xmit() fails. Consequently, the driver skips one TX package while still expecting a response in mcp251xfd_handle_tefif_one(). This patch resolves the issue by decreasing tx_ring->head and removing the skb from the echo stack if mcp251xfd_start_xmit() fails. Consequently, the package is dropped not been possible to re-transmit. Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- With this approach, some packages get lost in concurrent SPI bus access due to can_put_echo_skb() being called before mcp251xfd_tx_obj_write(). The can_put_echo_skb() calls can_create_echo_skb() that consumes the original skb resulting in a Kernel NULL pointer dereference error if return NETDEV_TX_BUSY on mcp251xfd_tx_obj_write() failure. A potential solution would be to change the code to use spi_sync(), which would wait for SPI bus to be unlocked. Any thoughts about this? V3->V4: - Leave can_put_echo_skb() and stop the queue if needed, before mcp251xfd_tx_obj_write(). - Re-sync head and remove echo skb if mcp251xfd_tx_obj_write() fails. - Revert -> return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. V2->V3: - Add tx_dropped stats. - netdev_sent_queue() only if can_put_echo_skb() succeed. V1->V2: - Return NETDEV_TX_BUSY if mcp251xfd_tx_obj_write() == -EBUSY. - Rework the commit message to address the change above. - Change can_put_echo_skb() to be called after mcp251xfd_tx_obj_write() succeed. Otherwise, we get Kernel NULL pointer dereference error. drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c | 26 ++++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c index 160528d3cc26..9909e23de7b9 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tx.c @@ -166,11 +166,12 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, struct net_device *ndev) { struct mcp251xfd_priv *priv = netdev_priv(ndev); + struct net_device_stats *stats = &ndev->stats; struct mcp251xfd_tx_ring *tx_ring = priv->tx; struct mcp251xfd_tx_obj *tx_obj; unsigned int frame_len; + int err, echo_err; u8 tx_head; - int err; if (can_dev_dropped_skb(ndev, skb)) return NETDEV_TX_OK; @@ -188,18 +189,27 @@ netdev_tx_t mcp251xfd_start_xmit(struct sk_buff *skb, netif_stop_queue(ndev); frame_len = can_skb_get_frame_len(skb); - err = can_put_echo_skb(skb, ndev, tx_head, frame_len); - if (!err) + echo_err = can_put_echo_skb(skb, ndev, tx_head, frame_len); + if (!echo_err) netdev_sent_queue(priv->ndev, frame_len); err = mcp251xfd_tx_obj_write(priv, tx_obj); - if (err) - goto out_err; + if (err) { + tx_ring->head--; - return NETDEV_TX_OK; + if (!echo_err) { + can_free_echo_skb(ndev, tx_head, &frame_len); + netdev_completed_queue(ndev, 1, frame_len); + } + + if (mcp251xfd_get_tx_free(tx_ring)) + netif_wake_queue(ndev); - out_err: - netdev_err(priv->ndev, "ERROR in %s: %d\n", __func__, err); + stats->tx_dropped++; + if (net_ratelimit()) + netdev_err(priv->ndev, + "ERROR in %s: %d\n", __func__, err); + } return NETDEV_TX_OK; } -- 2.34.1

12 months

2
2
0 0

[PATCH] usb: typec: ucsi: displayport: Fix potential deadlock

by Heikki Krogerus

The function ucsi_displayport_work() does not access the connector, so it also must not acquire the connector lock. This fixes a potential deadlock scenario: ucsi_displayport_work() -> lock(&con->lock) typec_altmode_vdm() dp_altmode_vdm() dp_altmode_work() typec_altmode_enter() ucsi_displayport_enter() -> lock(&con->lock) Reported-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Cc: stable(a)vger.kernel.org Signed-off-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- drivers/usb/typec/ucsi/displayport.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/usb/typec/ucsi/displayport.c b/drivers/usb/typec/ucsi/displayport.c index d9d3c91125ca..8be92fc1d12c 100644 --- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -275,8 +275,6 @@ static void ucsi_displayport_work(struct work_struct *work) struct ucsi_dp *dp = container_of(work, struct ucsi_dp, work); int ret; - mutex_lock(&dp->con->lock); - ret = typec_altmode_vdm(dp->alt, dp->header, dp->vdo_data, dp->vdo_size); if (ret) @@ -285,8 +283,6 @@ static void ucsi_displayport_work(struct work_struct *work) dp->vdo_data = NULL; dp->vdo_size = 0; dp->header = 0; - - mutex_unlock(&dp->con->lock); } void ucsi_displayport_remove_partner(struct typec_altmode *alt) -- 2.43.0

12 months

1
0
0 0

[PATCH] ASoC: qcom: audioreach: Correct mapping of back speakers

by Krzysztof Kozlowski

Qualcomm DSP, according to downstream sources, expects back speakers to be mapped as "back", not "surround". The surround is used only for 8+ speakers configuration. Reported-by: Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> Fixes: 3c5fcb20e07e ("ASoC: qcom: audioreach: Add 4 channel support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- sound/soc/qcom/qdsp6/audioreach.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sound/soc/qcom/qdsp6/audioreach.c b/sound/soc/qcom/qdsp6/audioreach.c index 5291deac0a0b..c655f0213723 100644 --- a/sound/soc/qcom/qdsp6/audioreach.c +++ b/sound/soc/qcom/qdsp6/audioreach.c @@ -277,8 +277,8 @@ static void audioreach_set_channel_mapping(u8 *ch_map, int num_channels) } else if (num_channels == 4) { ch_map[0] = PCM_CHANNEL_FL; ch_map[1] = PCM_CHANNEL_FR; - ch_map[2] = PCM_CHANNEL_LS; - ch_map[3] = PCM_CHANNEL_RS; + ch_map[2] = PCM_CHANNEL_LB; + ch_map[3] = PCM_CHANNEL_RB; } } @@ -851,8 +851,8 @@ static int audioreach_mfc_set_media_format(struct q6apm_graph *graph, } else if (num_channels == 4) { media_format->channel_mapping[0] = PCM_CHANNEL_FL; media_format->channel_mapping[1] = PCM_CHANNEL_FR; - media_format->channel_mapping[2] = PCM_CHANNEL_LS; - media_format->channel_mapping[3] = PCM_CHANNEL_RS; + media_format->channel_mapping[2] = PCM_CHANNEL_LB; + media_format->channel_mapping[3] = PCM_CHANNEL_RB; } rc = q6apm_send_cmd_sync(graph->apm, pkt, 0); -- 2.43.0

12 months

1
1
0 0

[PATCH v2] drivers/i915/intel_bios: Fix parsing backlight BDB data

by Karthikeyan Ramasubramanian

Starting BDB version 239, hdr_dpcd_refresh_timeout is introduced to backlight BDB data. Commit 700034566d68 ("drm/i915/bios: Define more BDB contents") updated the backlight BDB data accordingly. This broke the parsing of backlight BDB data in VBT for versions 236 - 238 (both inclusive) and hence the backlight controls are not responding on units with the concerned BDB version. backlight_control information has been present in backlight BDB data from at least BDB version 191 onwards, if not before. Hence this patch extracts the backlight_control information for BDB version 191 or newer. Tested on Chromebooks using Jasperlake SoC (reports bdb->version = 236). Tested on Chromebooks using Raptorlake SoC (reports bdb->version = 251). Fixes: 700034566d68 ("drm/i915/bios: Define more BDB contents") Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Signed-off-by: Karthikeyan Ramasubramanian <kramasub(a)chromium.org> --- Changes in v2: - removed checking the block size of the backlight BDB data drivers/gpu/drm/i915/display/intel_bios.c | 19 ++++--------------- drivers/gpu/drm/i915/display/intel_vbt_defs.h | 5 ----- 2 files changed, 4 insertions(+), 20 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_bios.c b/drivers/gpu/drm/i915/display/intel_bios.c index aa169b0055e97..8c1eb05fe77d2 100644 --- a/drivers/gpu/drm/i915/display/intel_bios.c +++ b/drivers/gpu/drm/i915/display/intel_bios.c @@ -1042,22 +1042,11 @@ parse_lfp_backlight(struct drm_i915_private *i915, panel->vbt.backlight.type = INTEL_BACKLIGHT_DISPLAY_DDI; panel->vbt.backlight.controller = 0; if (i915->display.vbt.version >= 191) { - size_t exp_size; + const struct lfp_backlight_control_method *method; - if (i915->display.vbt.version >= 236) - exp_size = sizeof(struct bdb_lfp_backlight_data); - else if (i915->display.vbt.version >= 234) - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_234; - else - exp_size = EXP_BDB_LFP_BL_DATA_SIZE_REV_191; - - if (get_blocksize(backlight_data) >= exp_size) { - const struct lfp_backlight_control_method *method; - - method = &backlight_data->backlight_control[panel_type]; - panel->vbt.backlight.type = method->type; - panel->vbt.backlight.controller = method->controller; - } + method = &backlight_data->backlight_control[panel_type]; + panel->vbt.backlight.type = method->type; + panel->vbt.backlight.controller = method->controller; } panel->vbt.backlight.pwm_freq_hz = entry->pwm_freq_hz; diff --git a/drivers/gpu/drm/i915/display/intel_vbt_defs.h b/drivers/gpu/drm/i915/display/intel_vbt_defs.h index a9f44abfc9fc2..b50cd0dcabda9 100644 --- a/drivers/gpu/drm/i915/display/intel_vbt_defs.h +++ b/drivers/gpu/drm/i915/display/intel_vbt_defs.h @@ -897,11 +897,6 @@ struct lfp_brightness_level { u16 reserved; } __packed; -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_191 \ - offsetof(struct bdb_lfp_backlight_data, brightness_level) -#define EXP_BDB_LFP_BL_DATA_SIZE_REV_234 \ - offsetof(struct bdb_lfp_backlight_data, brightness_precision_bits) - struct bdb_lfp_backlight_data { u8 entry_size; struct lfp_backlight_data_entry data[16]; -- 2.44.0.rc0.258.g7320e95886-goog

12 months

2
2
0 0

[PATCH linux-next] jff2:fix potential illegal address access in jffs2_free_inode

by xu.xin16＠zte.com.cn

From: Wang Yong <wang.yong12(a)zte.com.cn> During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.651032] FSC = 0x04: level 0 translation fault [ 2430.651446] Data abort info: [ 2430.651683] ISV = 0, ISS = 0x00000004 [ 2430.652001] CM = 0, WnR = 0 [ 2430.652558] [0069696969696948] address between user and kernel address ranges [ 2430.653265] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 2430.654512] CPU: 2 PID: 20919 Comm: cat Not tainted 5.15.25-g512f31242bf6 #33 [ 2430.655008] Hardware name: linux,dummy-virt (DT) [ 2430.655517] pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2430.656142] pc : kfree+0x78/0x348 [ 2430.656630] lr : jffs2_free_inode+0x24/0x48 [ 2430.657051] sp : ffff800009eebd10 [ 2430.657355] x29: ffff800009eebd10 x28: 0000000000000001 x27: 0000000000000000 [ 2430.658327] x26: ffff000038f09d80 x25: 0080000000000000 x24: ffff800009d38000 [ 2430.658919] x23: 5a5a5a5a5a5a5a5a x22: ffff000038f09d80 x21: ffff8000084f0d14 [ 2430.659434] x20: ffff0000bf9a6ac0 x19: 0169696969696940 x18: 0000000000000000 [ 2430.659969] x17: ffff8000b6506000 x16: ffff800009eec000 x15: 0000000000004000 [ 2430.660637] x14: 0000000000000000 x13: 00000001000820a1 x12: 00000000000d1b19 [ 2430.661345] x11: 0004000800000000 x10: 0000000000000001 x9 : ffff8000084f0d14 [ 2430.662025] x8 : ffff0000bf9a6b40 x7 : ffff0000bf9a6b48 x6 : 0000000003470302 [ 2430.662695] x5 : ffff00002e41dcc0 x4 : ffff0000bf9aa3b0 x3 : 0000000003470342 [ 2430.663486] x2 : 0000000000000000 x1 : ffff8000084f0d14 x0 : fffffc0000000000 [ 2430.664217] Call trace: [ 2430.664528] kfree+0x78/0x348 [ 2430.664855] jffs2_free_inode+0x24/0x48 [ 2430.665233] i_callback+0x24/0x50 [ 2430.665528] rcu_do_batch+0x1ac/0x448 [ 2430.665892] rcu_core+0x28c/0x3c8 [ 2430.666151] rcu_core_si+0x18/0x28 [ 2430.666473] __do_softirq+0x138/0x3cc [ 2430.666781] irq_exit+0xf0/0x110 [ 2430.667065] handle_domain_irq+0x6c/0x98 [ 2430.667447] gic_handle_irq+0xac/0xe8 [ 2430.667739] call_on_irq_stack+0x28/0x54 The parameter passed to kfree was 5a5a5a5a, which corresponds to the target field of the jffs_inode_info structure. It was found that all variables in the jffs_inode_info structure were 5a5a5a5a, except for the first member sem. It is suspected that these variables are not initialized because they were set to 5a5a5a5a during memory testing, which is meant to detect uninitialized memory.The sem variable is initialized in the function jffs2_i_init_once, while other members are initialized in the function jffs2_init_inode_info. The function jffs2_init_inode_info is called after iget_locked, but in the iget_locked function, the destroy_inode process is triggered, which releases the inode and consequently, the target member of the inode is not initialized.In concurrent high pressure scenarios, iget_locked may enter the destroy_inode branch as described in the code. Since the destroy_inode functionality of jffs2 only releases the target, the fix method is to set target to NULL in jffs2_i_init_once. Signed-off-by: Wang Yong <wang.yong12(a)zte.com.cn> Reviewed-by: Lu Zhongjun <lu.zhongjun(a)zte.com.cn> Reviewed-by: Yang Tao <yang.tao172(a)zte.com.cn> Cc: Xu Xin <xu.xin16(a)zte.com.cn> Cc: Yang Yang <yang.yang29(a)zte.com.cn> --- fs/jffs2/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/jffs2/super.c b/fs/jffs2/super.c index 81ca58c..40cc5e6 100644 --- a/fs/jffs2/super.c +++ b/fs/jffs2/super.c @@ -58,6 +58,7 @@ static void jffs2_i_init_once(void *foo) struct jffs2_inode_info *f = foo; mutex_init(&f->sem); + f->target = NULL; inode_init_once(&f->vfs_inode); } -- 2.15.2

12 months

2
1
0 0

backport of missing fs/smb patches not in 6.6.30 stable

by Steve French

6.6.30-rc1 has a large set of fs/smb (cifs.ko and ksmbd.ko) patches backported but was missing more than 30 fixes so I put together a safe backport of the remaining, leaving out patches that had dependencies on things outside of fs/smb The following changes since commit 488f7008e62890fae8c7a2d3583913c8074f1fc6: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result (2024-04-30 12:30:53 -0500) are available in the Git repository at: git://git.samba.org/ksmbd.git tags/6.6.30-rc1-full-fs-smb-backport for you to fetch changes up to 411b6f385ac2427ee9d70fae277a4ed6b9d3983f: smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings (2024-05-01 02:18:25 -0500) ---------------------------------------------------------------- full backport for 6.6.30, includes all 80 (of the relevant) missing fs/smb changesets Test results look good (and better than without the patches). Here are the functional test results (they passed exhaustive set of tests to various server types): http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/3/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/5/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/9/… http://smb311-linux-testing.southcentralus.cloudapp.azure.com/#/builders/10… Note that 22 patches had dependencies and were not appropriate to backport and are not included, but here is the list of the additional 80 fs/smb patches included, many of which fix bugs (the others reduce risk of backport, and help avoid merge conflicts): 411b6f385ac2 (HEAD -> fs-smb-backport-linux-6.6.30-rc1, tag: 6.6.30-rc1-full-fs-smb-backport, origin/fs-smb-backport-linux-6.6.30-rc1) smb: smb2pdu.h: Avoid -Wflex-array-member-not-at-end warnings e97b85914501 ksmbd: add continuous availability share parameter c52ce70edb58 cifs: Add tracing for the cifs_tcon struct refcounting 6fa6d5ed6a06 smb3: fix broken reconnect when password changing on the server by allowing password rotation d8833245b0f3 smb: client: instantiate when creating SFU files 4c8cf606bdb9 smb: client: fix NULL ptr deref in cifs_mark_open_handles_for_deleted_file() e0727528f3be smb3: add trace event for mknod b71e6511fa98 smb311: additional compression flag defined in updated protocol spec 0725c800685e smb311: correct incorrect offset field in compression header e25e2f027599 cifs: Move some extern decls from .c files to .h 0d422616d36e ksmbd: fix potencial out-of-bounds when buffer offset is invalid 3967f3e18d66 ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() aec926736509 ksmbd: Fix spelling mistake "connction" -> "connection" 43f609cc80a5 ksmbd: fix possible null-deref in smb_lazy_parent_lease_break_close 3f1a838bc984 cifs: remove redundant variable assignment 05415df6229c cifs: fixes for get_inode_info 025b6f60cccc cifs: defer close file handles having RH lease f1907205b6d3 ksmbd: add support for durable handles v1/v2 38b6f9391d64 ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session 5ab62e6d22d1 cifs: update internal module version number for cifs.ko 4dcd0fe0c185 smb: common: simplify compression headers 0409ad4bad2b smb: common: fix fields sizes in compression_pattern_payload_v1 25fc3d85adc6 smb: client: negotiate compression algorithms f3351838c269 smb3: add dynamic trace point for ioctls 7716c6db1c3b smb: client: return reparse type in /proc/mounts 1c3fbd8f92e9 smb: client: set correct d_type for reparse DFS/DFSR and mount point 555e4ef34991 smb: client: parse uid, gid, mode and dev from WSL reparse points 5232c56b469f smb: client: introduce SMB2_OP_QUERY_WSL_EA 2bcfc0b089f7 smb: client: Fix a NULL vs IS_ERR() check in wsl_set_xattrs() 7ef14e642141 smb: client: add support for WSL reparse points 324c9dc5ab0b smb: client: reduce number of parameters in smb2_compound_op() 8b52dc432b0a smb: client: fix potential broken compound request 8f22fd9f0396 smb: client: move most of reparse point handling code to common file 0ddb5bfd6f20 smb: client: introduce reparse mount option 370c2c605121 smb: client: retry compound request without reusing lease 6051d1b018ea smb: client: do not defer close open handles to deleted files 6a9d47b768c4 smb: client: reuse file lease key in compound operations 87eec3c54337 smb: client: get rid of smb311_posix_query_path_info() 32fab0e3e9b9 smb: client: parse owner/group when creating reparse points df9a4c3f5db4 smb3: update allocation size more accurately on write completion 4d7263b3bf67 smb: client: handle path separator of created SMB symlinks bd15b21c46c1 cifs: update the same create_guid on replay 6feda182ccf0 ksmbd: Add kernel-doc for ksmbd_extract_sharename() function a12c76c3f311 cifs: set replay flag for retries of write command e0a86c86ec5f cifs: commands that are retried should have replay flag set 207e9813ad88 smb: client: delete "true", "false" defines 6eb8a67757c6 smb: Fix some kernel-doc comments 3c21bffee62f cifs: new mount option called retrans 005892f2a944 smb: client: don't clobber ->i_rdev from cached reparse points 222edc9359a6 cifs: new nt status codes from MS-SMB2 80e719af52b9 cifs: pick channel for tcon and tdis 56c978ef1555 cifs: minor comment cleanup 6008da8e76ac cifs: remove redundant variable tcon_exist 95d9120fd9b0 cifs: update internal module version number for cifs.ko 2bbd03ad1d98 ksmbd: vfs: fix all kernel-doc warnings 0988e25500d0 ksmbd: auth: fix most kernel-doc warnings 9198cebadcef cifs: remove unneeded return statement 2b8222b46d92 cifs: get rid of dup length check in parse_reparse_point() a1975468bc0d cifs: Pass unbyteswapped eof value into SMB2_set_eof() b312f2d94a42 smb3: Improve exception handling in allocate_mr_list() b6a02523d103 cifs: fix in logging in cifs_chan_update_iface f7e60be64713 smb: client: handle special files and symlinks in SMB3 POSIX 2f68be9f5e9d smb: client: cleanup smb2_query_reparse_point() eed182ebb134 smb: client: allow creating symlinks via reparse points 95c6eac76fa5 smb: client: optimise reparse point querying 8dbc76e94b4b smb: client: allow creating special files via reparse points a5a4a5bc172b smb: client: extend smb2_compound_op() to accept more commands 778c2e03cbf4 smb: client: Fix minor whitespace errors and warnings 757f636f8fb0 smb: client: introduce cifs_sfu_make_node() 52740954fa81 cifs: fix use after free for iface while disabling secondary channels 789f47984ddf cifs: update internal module version number for cifs.ko 120608af2863 Missing field not being returned in ioctl CIFS_IOC_GET_MNT_INFO d1e9469bb4de smb3: minor cleanup of session handling code 09f7cf2bba1b smb3: more minor cleanups for session handling routines 6e19e4e86f02 smb3: minor RDMA cleanup d73d7f8d1faa cifs: print server capabilities in DebugData a88a5c2bf942 smb: use crypto_shash_digest() in symlink_hash() 56ad4435b30b Add definition for new smb3.1.1 command type 5900e9b37aa2 SMB3: clarify some of the unused CreateOption flags fdf07b15f7d7 cifs: Add client version details to NTLM authenticate message -- Thanks, Steve

12 months

2
1
0 0

Re: Patch "spi: axi-spi-engine: move msg state to new struct" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: move msg state to new struct > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-move-msg-state-to-new-struct.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: use devm_spi_alloc_host()" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use devm_spi_alloc_host() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-devm_spi_alloc_host.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: simplify driver data allocation" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: simplify driver data allocation > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-simplify-driver-data-allocation.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled()" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-use-helper-function-devm_clk_.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: switch to use modern name" has been added to the 6.1-stable tree

by David Lechner

On 5/6/24 2:30 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: switch to use modern name > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-switch-to-use-modern-name.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable. (only fixes theoretical problem)

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: move msg state to new struct" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: move msg state to new struct > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-move-msg-state-to-new-struct.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: use devm_spi_alloc_host()" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use devm_spi_alloc_host() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-devm_spi_alloc_host.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: simplify driver data allocation" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: simplify driver data allocation > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-simplify-driver-data-allocation.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled()" has been added to the 6.6-stable tree

by David Lechner

On 5/6/24 2:27 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: spi-axi-spi-engine: Use helper function devm_clk_get_enabled() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-spi-axi-spi-engine-use-helper-function-devm_clk_.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: fix version format string" has been added to the 6.8-stable tree

by David Lechner

On 5/6/24 2:24 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: fix version format string > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-fix-version-format-string.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > iffy for stable since this is fixing a theoretical problem, not a real problem

12 months

1
0
0 0

Re: Patch "spi: axi-spi-engine: use common AXI macros" has been added to the 6.8-stable tree

by David Lechner

On 5/6/24 2:24 PM, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: axi-spi-engine: use common AXI macros > > to the 6.8-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-axi-spi-engine-use-common-axi-macros.patch > and it can be found in the queue-6.8 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > Does not meet the criteria for stable.

12 months

1
0
0 0

+ selftests-mm-fix-powerpc-arch-check.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: fix powerpc ARCH check has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-fix-powerpc-arch-check.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Michael Ellerman <mpe(a)ellerman.id.au> Subject: selftests/mm: fix powerpc ARCH check Date: Mon, 6 May 2024 21:58:25 +1000 In commit 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") the logic to detect the machine architecture in the Makefile was changed to use ARCH, and only fallback to uname -m if ARCH is unset. However the tests of ARCH were not updated to account for the fact that ARCH is "powerpc" for powerpc builds, not "ppc64". Fix it by changing the checks to look for "powerpc", and change the uname -m logic to convert "ppc64.*" into "powerpc". With that fixed the following tests now build for powerpc again: * protection_keys * va_high_addr_switch * virtual_address_range * write_to_hugetlbfs Link: https://lkml.kernel.org/r/20240506115825.66415-1-mpe@ellerman.id.au Fixes: 0518dbe97fe6 ("selftests/mm: fix cross compilation with LLVM") Signed-off-by: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Mark Brown <broonie(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.4+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/tools/testing/selftests/mm/Makefile~selftests-mm-fix-powerpc-arch-check +++ a/tools/testing/selftests/mm/Makefile @@ -12,7 +12,7 @@ uname_M := $(shell uname -m 2>/dev/null else uname_M := $(shell echo $(CROSS_COMPILE) | grep -o '^[a-z0-9]\+') endif -ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/ppc64/') +ARCH ?= $(shell echo $(uname_M) | sed -e 's/aarch64.*/arm64/' -e 's/ppc64.*/powerpc/') endif # Without this, failed build products remain, with up-to-date timestamps, @@ -98,13 +98,13 @@ TEST_GEN_FILES += $(BINARIES_64) endif else -ifneq (,$(findstring $(ARCH),ppc64)) +ifneq (,$(findstring $(ARCH),powerpc)) TEST_GEN_FILES += protection_keys endif endif -ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 ppc64 riscv64 s390x sparc64 x86_64)) +ifneq (,$(filter $(ARCH),arm64 ia64 mips64 parisc64 powerpc riscv64 s390x sparc64 x86_64)) TEST_GEN_FILES += va_high_addr_switch TEST_GEN_FILES += virtual_address_range TEST_GEN_FILES += write_to_hugetlbfs _ Patches currently in -mm which might be from mpe(a)ellerman.id.au are selftests-mm-fix-powerpc-arch-check.patch drm-amd-display-only-use-hard-float-not-altivec-on-powerpc.patch

12 months

1
0
0 0

[PATCH] drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

by Alex Deucher

We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. Fixes: d8e408a82704 ("drm/amdkfd: Expose HDP registers to user space") Reviewed-by: Felix Kuehling <felix.kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index 6b713fb0b818f..fdf171ad4a3c6 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -1144,7 +1144,7 @@ static int kfd_ioctl_alloc_memory_of_gpu(struct file *filep, goto err_unlock; } offset = dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { err = -ENOMEM; goto err_unlock; } @@ -2312,7 +2312,7 @@ static int criu_restore_memory_of_gpu(struct kfd_process_device *pdd, return -EINVAL; } offset = pdd->dev->adev->rmmio_remap.bus_addr; - if (!offset) { + if (!offset || (PAGE_SIZE > 4096)) { pr_err("amdgpu_amdkfd_get_mmio_remap_phys_addr failed\n"); return -ENOMEM; } @@ -3354,6 +3354,9 @@ static int kfd_mmio_mmap(struct kfd_node *dev, struct kfd_process *process, if (vma->vm_end - vma->vm_start != PAGE_SIZE) return -EINVAL; + if (PAGE_SIZE > 4096) + return -EINVAL; + address = dev->adev->rmmio_remap.bus_addr; vm_flags_set(vma, VM_IO | VM_DONTCOPY | VM_DONTEXPAND | VM_NORESERVE | -- 2.44.0

12 months

1
0
0 0

[PATCH] drm/xe: Use ordered WQ for G2H handler

by Matthew Brost

System work queues are shared, use a dedicated work queue for G2H processing to avoid G2H processing getting block behind system tasks. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> --- drivers/gpu/drm/xe/xe_guc_ct.c | 5 +++++ drivers/gpu/drm/xe/xe_guc_ct.h | 2 +- drivers/gpu/drm/xe/xe_guc_ct_types.h | 2 ++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 8ac819a7061e..cc60c3333ce3 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -121,6 +121,7 @@ static void guc_ct_fini(struct drm_device *drm, void *arg) { struct xe_guc_ct *ct = arg; + destroy_workqueue(ct->g2h_wq); xa_destroy(&ct->fence_lookup); } @@ -146,6 +147,10 @@ int xe_guc_ct_init(struct xe_guc_ct *ct) xe_gt_assert(gt, !(guc_ct_size() % PAGE_SIZE)); + ct->g2h_wq = alloc_ordered_workqueue("xe-g2h-wq", 0); + if(!ct->g2h_wq) + return -ENOMEM; + spin_lock_init(&ct->fast_lock); xa_init(&ct->fence_lookup); INIT_WORK(&ct->g2h_worker, g2h_worker_func); diff --git a/drivers/gpu/drm/xe/xe_guc_ct.h b/drivers/gpu/drm/xe/xe_guc_ct.h index 5083e099064f..105bb8e99a8d 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.h +++ b/drivers/gpu/drm/xe/xe_guc_ct.h @@ -34,7 +34,7 @@ static inline void xe_guc_ct_irq_handler(struct xe_guc_ct *ct) return; wake_up_all(&ct->wq); - queue_work(system_unbound_wq, &ct->g2h_worker); + queue_work(ct->g2h_wq, &ct->g2h_worker); xe_guc_ct_fast_path(ct); } diff --git a/drivers/gpu/drm/xe/xe_guc_ct_types.h b/drivers/gpu/drm/xe/xe_guc_ct_types.h index d29144c9f20b..fede4c6e93cb 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct_types.h +++ b/drivers/gpu/drm/xe/xe_guc_ct_types.h @@ -120,6 +120,8 @@ struct xe_guc_ct { wait_queue_head_t wq; /** @g2h_fence_wq: wait queue used for G2H fencing */ wait_queue_head_t g2h_fence_wq; + /** @g2h_wq: used to process G2H */ + struct workqueue_struct *g2h_wq; /** @msg: Message buffer */ u32 msg[GUC_CTB_MSG_MAX_LEN]; /** @fast_msg: Message buffer */ -- 2.34.1

12 months

2
1
0 0

[PATCH net v3] net: fix out-of-bounds access in ops_init

by Thadeu Lima de Souza Cascardo

net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic. Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> Fixes: 073862ba5d24 ("netns: fix net_alloc_generic()") Reviewed-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> Cc: stable(a)vger.kernel.org --- v3: - Use reverse xmas order in local variable declaration. - Use netdev multi-line comment style. - Target to net tree. - Cc stable. v2: - Instead of delaying struct net_generic allocation to setup_net, read max_gen_ptrs only once. v1: https://lore.kernel.org/netdev/20240430084253.3272177-1-cascardo@igalia.com/ --- net/core/net_namespace.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c index f0540c557515..9d690d32da33 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -69,12 +69,15 @@ DEFINE_COOKIE(net_cookie); static struct net_generic *net_alloc_generic(void) { + unsigned int gen_ptrs = READ_ONCE(max_gen_ptrs); + unsigned int generic_size; struct net_generic *ng; - unsigned int generic_size = offsetof(struct net_generic, ptr[max_gen_ptrs]); + + generic_size = offsetof(struct net_generic, ptr[gen_ptrs]); ng = kzalloc(generic_size, GFP_KERNEL); if (ng) - ng->s.len = max_gen_ptrs; + ng->s.len = gen_ptrs; return ng; } @@ -1307,7 +1310,11 @@ static int register_pernet_operations(struct list_head *list, if (error < 0) return error; *ops->id = error; - max_gen_ptrs = max(max_gen_ptrs, *ops->id + 1); + /* This does not require READ_ONCE as writers already hold + * pernet_ops_rwsem. But WRITE_ONCE is needed to protect + * net_alloc_generic. + */ + WRITE_ONCE(max_gen_ptrs, max(max_gen_ptrs, *ops->id + 1)); } error = __register_pernet_operations(list, ops); if (error) { -- 2.34.1

12 months

2
1
0 0

[PATCH 5.4.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit 47c68edecca26f0e29b25d26500afd62279951b0. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.4.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

12 months

1
0
0 0

[PATCH 5.10.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit c9c3cc6a13bddc76bb533ad8147a5528cac5ba5a. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.10.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

12 months

1
0
0 0

[PATCH 5.15.y] Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"

by Harshit Mogalapalli

This reverts commit 0d29b474fb90ff35920642f378d9baace9b47edd. map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated. vm_util.h is not present in 5.15.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/tools/testing/selftests/vm/map_hugetlb.c b/tools/testing/selftests/vm/map_hugetlb.c index c65c55b7a789..312889edb84a 100644 --- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h" #define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0; - hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) { -- 2.34.1

12 months

1
0
0 0

[PATCH v3] media: venus: fix use after free in vdec_close

by Dikshita Agarwal

There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. Cc: stable(a)vger.kernel.org Fixes: af2c3834c ("media: venus: adding core part and helper functions") Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v2: - fixed email id Changes since v1: - Added fixes and stable tags drivers/media/platform/qcom/venus/vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 29130a9..56f8a25 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1747,6 +1747,7 @@ static int vdec_close(struct file *file) vdec_pm_get(inst); + cancel_work_sync(&inst->delayed_process_work); v4l2_m2m_ctx_release(inst->m2m_ctx); v4l2_m2m_release(inst->m2m_dev); vdec_ctrl_deinit(inst); -- 2.7.4

12 months

2
1
0 0

[PATCH v4] i2c: acpi: Unbind mux adapters before delete

by Hamish Martin

There is an issue with ACPI overlay table removal specifically related to I2C multiplexers. Consider an ACPI SSDT Overlay that defines a PCA9548 I2C mux on an existing I2C bus. When this table is loaded we see the creation of a device for the overall PCA9548 chip and 8 further devices - one i2c_adapter each for the mux channels. These are all bound to their ACPI equivalents via an eventual invocation of acpi_bind_one(). When we unload the SSDT overlay we run into the problem. The ACPI devices are deleted as normal via acpi_device_del_work_fn() and the acpi_device_del_list. However, the following warning and stack trace is output as the deletion does not go smoothly: ------------[ cut here ]------------ kernfs: can not remove 'physical_node', no directory WARNING: CPU: 1 PID: 11 at fs/kernfs/dir.c:1674 kernfs_remove_by_name_ns+0xb9/0xc0 Modules linked in: CPU: 1 PID: 11 Comm: kworker/u128:0 Not tainted 6.8.0-rc6+ #1 Hardware name: congatec AG conga-B7E3/conga-B7E3, BIOS 5.13 05/16/2023 Workqueue: kacpi_hotplug acpi_device_del_work_fn RIP: 0010:kernfs_remove_by_name_ns+0xb9/0xc0 Code: e4 00 48 89 ef e8 07 71 db ff 5b b8 fe ff ff ff 5d 41 5c 41 5d e9 a7 55 e4 00 0f 0b eb a6 48 c7 c7 f0 38 0d 9d e8 97 0a d5 ff <0f> 0b eb dc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffff9f864008fb28 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff8ef90a8d4940 RCX: 0000000000000000 RDX: ffff8f000e267d10 RSI: ffff8f000e25c780 RDI: ffff8f000e25c780 RBP: ffff8ef9186f9870 R08: 0000000000013ffb R09: 00000000ffffbfff R10: 00000000ffffbfff R11: ffff8f000e0a0000 R12: ffff9f864008fb50 R13: ffff8ef90c93dd60 R14: ffff8ef9010d0958 R15: ffff8ef9186f98c8 FS: 0000000000000000(0000) GS:ffff8f000e240000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f48f5253a08 CR3: 00000003cb82e000 CR4: 00000000003506f0 Call Trace: <TASK> ? kernfs_remove_by_name_ns+0xb9/0xc0 ? __warn+0x7c/0x130 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? report_bug+0x171/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? kernfs_remove_by_name_ns+0xb9/0xc0 ? kernfs_remove_by_name_ns+0xb9/0xc0 acpi_unbind_one+0x108/0x180 device_del+0x18b/0x490 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_del_adapter.part.0+0x1bf/0x250 i2c_mux_del_adapters+0xa1/0xe0 i2c_device_remove+0x1e/0x80 device_release_driver_internal+0x19a/0x200 bus_remove_device+0xbf/0x100 device_del+0x157/0x490 ? __pfx_device_match_fwnode+0x10/0x10 ? srso_return_thunk+0x5/0x5f device_unregister+0xd/0x30 i2c_acpi_notify+0x10f/0x140 notifier_call_chain+0x58/0xd0 blocking_notifier_call_chain+0x3a/0x60 acpi_device_del_work_fn+0x85/0x1d0 process_one_work+0x134/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe3/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> ---[ end trace 0000000000000000 ]--- ... repeated 7 more times, 1 for each channel of the mux ... The issue is that the binding of the ACPI devices to their peer I2C adapters is not correctly cleaned up. Digging deeper into the issue we see that the deletion order is such that the ACPI devices matching the mux channel i2c adapters are deleted first during the SSDT overlay removal. For each of the channels we see a call to i2c_acpi_notify() with ACPI_RECONFIG_DEVICE_REMOVE but, because these devices are not actually i2c_clients, nothing is done for them. Later on, after each of the mux channels has been dealt with, we come to delete the i2c_client representing the PCA9548 device. This is the call stack we see above, whereby the kernel cleans up the i2c_client including destruction of the mux and its channel adapters. At this point we do attempt to unbind from the ACPI peers but those peers no longer exist and so we hit the kernfs errors. The fix is to augment i2c_acpi_notify() to handle i2c_adapters. But, given that the life cycle of the adapters is linked to the i2c_client, instead of deleting the i2c_adapters during the i2c_acpi_notify(), we just trigger unbinding of the ACPI device from the adapter device, and allow the clean up of the adapter to continue in the way it always has. Signed-off-by: Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Reviewed-by: Andi Shyti <andi.shyti(a)kernel.org> Fixes: 525e6fabeae2 ("i2c / ACPI: add support for ACPI reconfigure notifications") Cc: <stable(a)vger.kernel.org> # v4.8+ --- Notes: v4: Resolve Build failure noted by: Linux Kernel Functional Testing <lkft(a)linaro.org>, and kernel test robot <lkp(a)intel.com> These failures led to revert of the v3 version of this patch that had been accepted earlier. v3: Add reviewed by tags (Mika Westerberg and Andi Shyti) and Fixes tag. v2: Moved long problem description from cover letter to commit description at Mika's suggestion drivers/i2c/i2c-core-acpi.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/drivers/i2c/i2c-core-acpi.c b/drivers/i2c/i2c-core-acpi.c index d6037a328669..14ae0cfc325e 100644 --- a/drivers/i2c/i2c-core-acpi.c +++ b/drivers/i2c/i2c-core-acpi.c @@ -445,6 +445,11 @@ static struct i2c_client *i2c_acpi_find_client_by_adev(struct acpi_device *adev) return i2c_find_device_by_fwnode(acpi_fwnode_handle(adev)); } +static struct i2c_adapter *i2c_acpi_find_adapter_by_adev(struct acpi_device *adev) +{ + return i2c_find_adapter_by_fwnode(acpi_fwnode_handle(adev)); +} + static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, void *arg) { @@ -471,11 +476,17 @@ static int i2c_acpi_notify(struct notifier_block *nb, unsigned long value, break; client = i2c_acpi_find_client_by_adev(adev); - if (!client) - break; + if (client) { + i2c_unregister_device(client); + put_device(&client->dev); + } + + adapter = i2c_acpi_find_adapter_by_adev(adev); + if (adapter) { + acpi_unbind_one(&adapter->dev); + put_device(&adapter->dev); + } - i2c_unregister_device(client); - put_device(&client->dev); break; } -- 2.43.2

12 months

4
3
0 0

[PATCH v2] media: venus: fix use after free in vdec_close

by Agarwal, Dikshita

From: Dikshita Agarwal <quic_dikshita(a)quicinc.com> There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. Cc: stable(a)vger.kernel.org Fixes: af2c3834c ("media: venus: adding core part and helper functions") Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Changes since v1: - Added fixes and stable tags drivers/media/platform/qcom/venus/vdec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c index 29130a9..56f8a25 100644 --- a/drivers/media/platform/qcom/venus/vdec.c +++ b/drivers/media/platform/qcom/venus/vdec.c @@ -1747,6 +1747,7 @@ static int vdec_close(struct file *file) vdec_pm_get(inst); + cancel_work_sync(&inst->delayed_process_work); v4l2_m2m_ctx_release(inst->m2m_ctx); v4l2_m2m_release(inst->m2m_dev); vdec_ctrl_deinit(inst); -- 2.7.4

12 months

1
0
0 0

[PATCH stable,5.4 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

12 months

2
3
0 0

[PATCH 5.4 000/107] 5.4.275-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.275 release. There are 107 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 02 May 2024 10:30:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.275-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.275-rc1 Randy Dunlap <rdunlap(a)infradead.org> serial: core: fix kernel-doc for uart_port_unlock_irqrestore() Yick Xie <yick.xie(a)gmail.com> udp: preserve the connected status if only UDP cmsg Mikulas Patocka <mpatocka(a)redhat.com> dm: limit the number of targets and parameter size area Matthew Wilcox (Oracle) <willy(a)infradead.org> bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS Nam Cao <namcao(a)linutronix.de> HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: smbus: fix NULL function pointer dereference Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> idma64: Don't try to serve interrupts when device is powered off Arnd Bergmann <arnd(a)arndb.de> dmaengine: owl: fix register access functions Eric Dumazet <edumazet(a)google.com> tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp: Clean up kernel listener's reqsk in inet_twsk_purge() Arnd Bergmann <arnd(a)arndb.de> mtd: diskonchip: work around ubsan link failure Andrey Ryabinin <ryabinin.a.a(a)gmail.com> stackdepot: respect __GFP_NOLOCKDEP allocation flag Peter Münster <pm(a)a16n.net> net: b44: set pause params only when interface is up Rahul Rameshbabu <rrameshbabu(a)nvidia.com> ethernet: Add helper for assigning packet type when dest address does not match device address Guanrui Huang <guanrui.huang(a)linux.alibaba.com> irqchip/gic-v3-its: Prevent double free on error Mukul Joshi <mukul.joshi(a)amd.com> drm/amdgpu: Fix leak when GPU memory allocation fails Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: fix information leak in btrfs_ioctl_logical_to_ino() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 Nathan Chancellor <nathan(a)kernel.org> Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() Robin H. Johnson <robbat2(a)gentoo.org> tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together Robin H. Johnson <robbat2(a)gentoo.org> tracing: Show size of requested perf buffer Shifeng Li <lishifeng(a)sangfor.com.cn> net/mlx5e: Fix a race in command alloc flow Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "crypto: api - Disallow identical driver names" xinhui pan <xinhui.pan(a)amd.com> drm/amdgpu: validate the parameters of bo mapping operations more clearly Chia-I Wu <olvaffe(a)gmail.com> amdgpu: validate offset_in_bo of drm_amdgpu_gem_va Rajneesh Bhardwaj <rajneesh.bhardwaj(a)amd.com> drm/amdgpu: restrict bo mapping within gpu address limits Emil Kronborg <emil.kronborg(a)protonmail.com> serial: mxs-auart: add spinlock around changing cts state Thomas Gleixner <tglx(a)linutronix.de> serial: core: Provide port lock wrappers Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). Sudheer Mogilappagari <sudheer.mogilappagari(a)intel.com> iavf: Fix TC config comparison with existing adapter TC config Sindhu Devale <sindhu.devale(a)intel.com> i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix warning during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix memory leak during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Rate limit error message Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_tcam: Fix race during rehash delayed work Hyunwoo Kim <v4bel(a)theori.io> net: openvswitch: Fix Use-After-Free in ovs_ct_exit Ismael Luceno <iluceno(a)suse.de> ipvs: Fix checksumming on GSO of SCTP packets Hyunwoo Kim <v4bel(a)theori.io> net: gtp: Fix Use-After-Free in gtp_dellink Eric Dumazet <edumazet(a)google.com> net: usb: ax88179_178a: stop lying about skb->truesize Paul Geurts <paul_geurts(a)live.nl> NFC: trf7970a: disable all regulators on removal Ido Schimmel <idosch(a)nvidia.com> mlxsw: core: Unregister EMAD trap using FORWARD action David Bauer <mail(a)david-bauer.net> vxlan: drop packets from invalid src-address Alexey Brodkin <Alexey.Brodkin(a)synopsys.com> ARC: [plat-hsdk]: Remove misplaced interrupt-cells property Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt2712: fix validation errors Biao Huang <biao.huang(a)mediatek.com> arm64: dts: mt2712: add ethernet device node Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix ethernet controller "compatible" Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix IR nodename Ikjoon Jang <ikjn(a)chromium.org> arm64: dts: mediatek: mt8183: Add power-domains properity to mfgcfg Quentin Schulz <quentin.schulz(a)theobroma-systems.com> arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma Iskander Amara <iskander.amara(a)theobroma-systems.com> arm64: dts: rockchip: fix alphabetical ordering RK3399 puma Vitaly Kuznetsov <vkuznets(a)redhat.com> KVM: async_pf: Cleanup kvm_setup_async_pf() Jeongjun Park <aha310510(a)gmail.com> nilfs2: fix OOB in nilfs_set_de_type Dave Airlie <airlied(a)redhat.com> nouveau: fix instmem race condition around ptr stores Alan Stern <stern(a)rowland.harvard.edu> fs: sysfs: Fix reference leak in sysfs_break_active_protection() Samuel Thibault <samuel.thibault(a)ens-lyon.org> speakup: Avoid crash on very long word Kai-Heng Feng <kai.heng.feng(a)canonical.com> usb: Disable USB3 LPM at shutdown Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> usb: dwc2: host: Fix dereference issue in DDMA completion flow. Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "usb: cdc-wdm: close race between read and workqueue" Daniele Palmas <dnlplm(a)gmail.com> USB: serial: option: add Telit FN920C04 rmnet compositions Vanillan Wang <vanillanwang(a)163.com> USB: serial: option: add Rolling RW101-GL and RW135-GL support Jerry Meng <jerry-meng(a)foxmail.com> USB: serial: option: support Quectel EM060K sub-models Coia Prant <coiaprant(a)gmail.com> USB: serial: option: add Lonsung U8300/U9300 product Chuanhong Guo <gch981213(a)gmail.com> USB: serial: option: add support for Fibocom FM650/FG650 bolan wang <bolan.wang(a)fibocom.com> USB: serial: option: add Fibocom FM135-GL variants Finn Thain <fthain(a)linux-m68k.org> serial/pmac_zilog: Remove flawed mitigation for rx irq flood Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> comedi: vmk80xx: fix incomplete endpoint checking Carlos Llamas <cmllamas(a)google.com> binder: check offset alignment in binder_get_object() Eric Biggers <ebiggers(a)google.com> x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ Stephen Boyd <sboyd(a)kernel.org> clk: Get runtime PM before walking tree during disable_unused Stephen Boyd <sboyd(a)kernel.org> clk: Initialize struct clk_core kref earlier Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: Print an info line before disabling unused clocks Claudiu Beznea <claudiu.beznea(a)microchip.com> clk: remove extra empty line Stephen Boyd <sboyd(a)kernel.org> clk: Mark 'all_lists' as const Stephen Boyd <sboyd(a)kernel.org> clk: Remove prepare_lock hold assertion in __clk_release() Mikhail Kobuk <m.kobuk(a)ispras.ru> drm: nv04: Fix out of bounds access Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix port number for counter query in multi-port configuration Yanjun.Zhu <yanjun.zhu(a)linux.dev> RDMA/rxe: Fix the problem "mutex_destroy missing" Lei Chen <lei.chen(a)smartx.com> tun: limit printing rate when illegal packet received by tun dev Ziyang Xuan <william.xuanziyang(a)huawei.com> netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() Siddh Raman Pant <siddh.raman.pant(a)oracle.com> Revert "tracing/trigger: Fix to return error if failed to alloc snapshot" Zheng Yejian <zhengyejian1(a)huawei.com> kprobes: Fix possible use-after-free issue on kprobe registration Yuanhe Shu <xiangzao(a)linux.alibaba.com> selftests/ftrace: Limit length in subsystem-enable tests Boris Burkov <boris(a)bur.io> btrfs: record delayed inode root in transaction Adam Dunlap <acdunlap(a)google.com> x86/apic: Force native_apic_mem_read() to use the MOV instruction John Stultz <jstultz(a)google.com> selftests: timers: Fix abs() warning in posix_timers test Gavin Shan <gshan(a)redhat.com> vhost: Add smp_rmb() in vhost_vq_avail_empty() Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/client: Fully protect modes[] with dev->mode_config.mutex Boris Burkov <boris(a)bur.io> btrfs: qgroup: correctly model root qgroup rsv in convert David Arinzon <darinzon(a)amazon.com> net: ena: Fix potential sign extension issue Michal Luczaj <mhal(a)rbox.co> af_unix: Fix garbage collector racing against connect() Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Do not use atomic ops for unix_sk(sk)->inflight. Cosmin Ratiu <cratiu(a)nvidia.com> net/mlx5: Properly link new fs rules into the tree Jiri Benc <jbenc(a)redhat.com> ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Arnd Bergmann <arnd(a)arndb.de> ipv4/route: avoid unused-but-set-variable warning Arnd Bergmann <arnd(a)arndb.de> ipv6: fib: hide unused 'pn' variable Eric Dumazet <edumazet(a)google.com> geneve: fix header validation in geneve[6]_xmit_skb Petr Tesarik <petr(a)tesarici.cz> u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix unwanted error log on timeout policy probing Arnd Bergmann <arnd(a)arndb.de> nouveau: fix function cast warning Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: Fix memory leak in hci_req_sync_complete() Sven Eckelmann <sven(a)narfation.org> batman-adv: Avoid infinite loop trying to resize local TT ------------- Diffstat: Makefile | 4 +- arch/arc/boot/dts/hsdk.dts | 1 - arch/arm64/boot/dts/mediatek/mt2712-evb.dts | 78 ++++++++++- arch/arm64/boot/dts/mediatek/mt2712e.dtsi | 68 ++++++++- arch/arm64/boot/dts/mediatek/mt7622.dtsi | 7 +- arch/arm64/boot/dts/mediatek/mt8183.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 29 +++- arch/x86/include/asm/apic.h | 3 +- arch/x86/kernel/cpu/cpuid-deps.c | 6 +- crypto/algapi.c | 1 - drivers/android/binder.c | 4 +- drivers/bluetooth/btusb.c | 2 + drivers/clk/clk.c | 154 ++++++++++++++++----- drivers/dma/idma64.c | 4 + drivers/dma/owl-dma.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 70 ++++++---- drivers/gpu/drm/drm_client_modeset.c | 3 +- drivers/gpu/drm/nouveau/nouveau_bios.c | 13 +- .../gpu/drm/nouveau/nvkm/subdev/bios/shadowof.c | 7 +- drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c | 7 +- drivers/hid/i2c-hid/i2c-hid-core.c | 8 -- drivers/i2c/i2c-core-base.c | 12 +- drivers/infiniband/hw/mlx5/mad.c | 3 +- drivers/infiniband/sw/rxe/rxe.c | 2 + drivers/irqchip/irq-gic-v3-its.c | 9 +- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 3 +- drivers/md/dm-table.c | 9 +- drivers/mtd/nand/raw/diskonchip.c | 4 +- drivers/net/ethernet/amazon/ena/ena_com.c | 2 +- drivers/net/ethernet/broadcom/b44.c | 14 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/iavf/iavf_main.c | 30 +++- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 3 +- drivers/net/ethernet/mellanox/mlxsw/core.c | 2 +- .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.c | 54 ++++++-- drivers/net/geneve.c | 4 +- drivers/net/gtp.c | 3 +- drivers/net/tun.c | 18 +-- drivers/net/usb/ax88179_178a.c | 11 +- drivers/net/vxlan.c | 4 + drivers/nfc/trf7970a.c | 42 +++--- drivers/staging/comedi/drivers/vmk80xx.c | 35 ++--- drivers/staging/speakup/main.c | 2 +- drivers/tty/serial/mxs-auart.c | 8 +- drivers/tty/serial/pmac_zilog.c | 14 -- drivers/usb/class/cdc-wdm.c | 6 +- drivers/usb/core/port.c | 4 +- drivers/usb/dwc2/hcd_ddma.c | 4 +- drivers/usb/serial/option.c | 40 ++++++ drivers/vhost/vhost.c | 14 +- fs/btrfs/backref.c | 12 +- fs/btrfs/delayed-inode.c | 3 + fs/btrfs/qgroup.c | 2 + fs/nilfs2/dir.c | 2 +- fs/sysfs/file.c | 2 + include/linux/etherdevice.h | 25 ++++ include/linux/serial_core.h | 79 +++++++++++ include/linux/trace_events.h | 2 +- include/linux/u64_stats_sync.h | 6 +- include/net/addrconf.h | 4 + include/net/af_unix.h | 5 +- include/net/ip_tunnels.h | 33 +++++ kernel/bounds.c | 2 +- kernel/kprobes.c | 18 ++- kernel/trace/trace_event_perf.c | 3 +- kernel/trace/trace_events_trigger.c | 6 +- lib/stackdepot.c | 4 +- net/batman-adv/translation-table.c | 2 +- net/bluetooth/hci_request.c | 4 +- net/bluetooth/l2cap_sock.c | 7 +- net/bluetooth/sco.c | 7 +- net/ethernet/eth.c | 12 +- net/ipv4/inet_timewait_sock.c | 34 +++-- net/ipv4/route.c | 4 +- net/ipv4/udp.c | 5 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_fib.c | 7 +- net/ipv6/udp.c | 5 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 6 +- net/netfilter/nf_tables_api.c | 8 +- net/openvswitch/conntrack.c | 9 +- net/unix/af_unix.c | 4 +- net/unix/garbage.c | 35 +++-- net/unix/scm.c | 8 +- .../ftrace/test.d/event/subsystem-enable.tc | 6 +- tools/testing/selftests/timers/posix_timers.c | 2 +- virt/kvm/async_pf.c | 19 +-- 90 files changed, 906 insertions(+), 340 deletions(-)

12 months

5
113
0 0

[PATCH stable,4.19 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

12 months

1
2
0 0

[PATCH stable,5.10 0/2] Revert the patchset for fix CVE-2024-26865

by Zhengchao Shao

There's no "pernet" variable in the struct hashinfo. The "pernet" variable is introduced from v6.1-rc1. Revert pre-patch and post-patch. Zhengchao Shao (2): Revert "tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()" Revert "tcp: Clean up kernel listener's reqsk in inet_twsk_purge()" net/ipv4/inet_timewait_sock.c | 32 +++++++++++--------------------- 1 file changed, 11 insertions(+), 21 deletions(-) -- 2.34.1

12 months

1
2
0 0

[merged mm-nonmm-stable] kexec-fix-the-unexpected-kexec_dprintk-macro.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kexec: fix the unexpected kexec_dprintk() macro has been removed from the -mm tree. Its filename was kexec-fix-the-unexpected-kexec_dprintk-macro.patch This patch was dropped because it was merged into the mm-nonmm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Baoquan He <bhe(a)redhat.com> Subject: kexec: fix the unexpected kexec_dprintk() macro Date: Tue, 9 Apr 2024 12:22:38 +0800 Jiri reported that the current kexec_dprintk() always prints out debugging message whenever kexec/kdmmp loading is triggered. That is not wanted. The debugging message is supposed to be printed out when 'kexec -s -d' is specified for kexec/kdump loading. After investigating, the reason is the current kexec_dprintk() takes printk(KERN_INFO) or printk(KERN_DEBUG) depending on whether '-d' is specified. However, distros usually have defaulg log level like below: [~]# cat /proc/sys/kernel/printk 7 4 1 7 So, even though '-d' is not specified, printk(KERN_DEBUG) also always prints out. I thought printk(KERN_DEBUG) is equal to pr_debug(), it's not. Fix it by changing to use pr_info() instead which are expected to work. Link: https://lkml.kernel.org/r/20240409042238.1240462-1-bhe@redhat.com Fixes: cbc2fe9d9cb2 ("kexec_file: add kexec_file flag to control debug printing") Signed-off-by: Baoquan He <bhe(a)redhat.com> Reported-by: Jiri Slaby <jirislaby(a)kernel.org> Closes: https://lore.kernel.org/all/4c775fca-5def-4a2d-8437-7130b02722a2@kernel.org Reviewed-by: Dave Young <dyoung(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kexec.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) --- a/include/linux/kexec.h~kexec-fix-the-unexpected-kexec_dprintk-macro +++ a/include/linux/kexec.h @@ -461,10 +461,8 @@ static inline void arch_kexec_pre_free_p extern bool kexec_file_dbg_print; -#define kexec_dprintk(fmt, ...) \ - printk("%s" fmt, \ - kexec_file_dbg_print ? KERN_INFO : KERN_DEBUG, \ - ##__VA_ARGS__) +#define kexec_dprintk(fmt, arg...) \ + do { if (kexec_file_dbg_print) pr_info(fmt, ##arg); } while (0) #else /* !CONFIG_KEXEC_CORE */ struct pt_regs; _ Patches currently in -mm which might be from bhe(a)redhat.com are

12 months

1
0
0 0

[merged mm-stable] mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast has been removed from the -mm tree. Its filename was mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch This patch was dropped because it was merged into the mm-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: mm: fix race between __split_huge_pmd_locked() and GUP-fast Date: Wed, 1 May 2024 15:33:10 +0100 __split_huge_pmd_locked() can be called for a present THP, devmap or (non-present) migration entry. It calls pmdp_invalidate() unconditionally on the pmdp and only determines if it is present or not based on the returned old pmd. This is a problem for the migration entry case because pmd_mkinvalid(), called by pmdp_invalidate() must only be called for a present pmd. On arm64 at least, pmd_mkinvalid() will mark the pmd such that any future call to pmd_present() will return true. And therefore any lockless pgtable walker could see the migration entry pmd in this state and start interpretting the fields as if it were present, leading to BadThings (TM). GUP-fast appears to be one such lockless pgtable walker. x86 does not suffer the above problem, but instead pmd_mkinvalid() will corrupt the offset field of the swap entry within the swap pte. See link below for discussion of that problem. Fix all of this by only calling pmdp_invalidate() for a present pmd. And for good measure let's add a warning to all implementations of pmdp_invalidate[_ad](). I've manually reviewed all other pmdp_invalidate[_ad]() call sites and believe all others to be conformant. This is a theoretical bug found during code review. I don't have any test case to trigger it in practice. Link: https://lkml.kernel.org/r/20240501143310.1381675-1-ryan.roberts@arm.com Link: https://lore.kernel.org/all/0dd7827a-6334-439a-8fd0-43c98e6af22b@arm.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Anshuman Khandual <anshuman.khandual(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Andreas Larsson <andreas(a)gaisler.com> Cc: Andy Lutomirski <luto(a)kernel.org> Cc: Aneesh Kumar K.V <aneesh.kumar(a)kernel.org> Cc: Borislav Petkov (AMD) <bp(a)alien8.de> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "David S. Miller" <davem(a)davemloft.net> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Naveen N. Rao <naveen.n.rao(a)linux.ibm.com> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/mm/arch_pgtable_helpers.rst | 6 +- arch/powerpc/mm/book3s64/pgtable.c | 1 arch/s390/include/asm/pgtable.h | 4 + arch/sparc/mm/tlb.c | 1 arch/x86/mm/pgtable.c | 2 mm/huge_memory.c | 49 ++++++++++---------- mm/pgtable-generic.c | 2 7 files changed, 39 insertions(+), 26 deletions(-) --- a/arch/powerpc/mm/book3s64/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/powerpc/mm/book3s64/pgtable.c @@ -170,6 +170,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { unsigned long old_pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); old_pmd = pmd_hugepage_update(vma->vm_mm, address, pmdp, _PAGE_PRESENT, _PAGE_INVALID); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return __pmd(old_pmd); --- a/arch/s390/include/asm/pgtable.h~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/s390/include/asm/pgtable.h @@ -1769,8 +1769,10 @@ static inline pmd_t pmdp_huge_clear_flus static inline pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long addr, pmd_t *pmdp) { - pmd_t pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); + pmd_t pmd; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + pmd = __pmd(pmd_val(*pmdp) | _SEGMENT_ENTRY_INVALID); return pmdp_xchg_direct(vma->vm_mm, addr, pmdp, pmd); } --- a/arch/sparc/mm/tlb.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/sparc/mm/tlb.c @@ -249,6 +249,7 @@ pmd_t pmdp_invalidate(struct vm_area_str { pmd_t old, entry; + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); entry = __pmd(pmd_val(*pmdp) & ~_PAGE_VALID); old = pmdp_establish(vma, address, pmdp, entry); flush_tlb_range(vma, address, address + HPAGE_PMD_SIZE); --- a/arch/x86/mm/pgtable.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/arch/x86/mm/pgtable.c @@ -631,6 +631,8 @@ int pmdp_clear_flush_young(struct vm_are pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); + /* * No flush is necessary. Once an invalid PTE is established, the PTE's * access and dirty bits cannot be updated. --- a/Documentation/mm/arch_pgtable_helpers.rst~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/Documentation/mm/arch_pgtable_helpers.rst @@ -140,7 +140,8 @@ PMD Page Table Helpers +---------------------------+--------------------------------------------------+ | pmd_swp_clear_soft_dirty | Clears a soft dirty swapped PMD | +---------------------------+--------------------------------------------------+ -| pmd_mkinvalid | Invalidates a mapped PMD [1] | +| pmd_mkinvalid | Invalidates a present PMD; do not call for | +| | non-present PMD [1] | +---------------------------+--------------------------------------------------+ | pmd_set_huge | Creates a PMD huge mapping | +---------------------------+--------------------------------------------------+ @@ -196,7 +197,8 @@ PUD Page Table Helpers +---------------------------+--------------------------------------------------+ | pud_mkdevmap | Creates a ZONE_DEVICE mapped PUD | +---------------------------+--------------------------------------------------+ -| pud_mkinvalid | Invalidates a mapped PUD [1] | +| pud_mkinvalid | Invalidates a present PUD; do not call for | +| | non-present PUD [1] | +---------------------------+--------------------------------------------------+ | pud_set_huge | Creates a PUD huge mapping | +---------------------------+--------------------------------------------------+ --- a/mm/huge_memory.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/huge_memory.c @@ -2430,32 +2430,11 @@ static void __split_huge_pmd_locked(stru return __split_huge_zero_page_pmd(vma, haddr, pmd); } - /* - * Up to this point the pmd is present and huge and userland has the - * whole access to the hugepage during the split (which happens in - * place). If we overwrite the pmd with the not-huge version pointing - * to the pte here (which of course we could if all CPUs were bug - * free), userland could trigger a small page size TLB miss on the - * small sized TLB while the hugepage TLB entry is still established in - * the huge TLB. Some CPU doesn't like that. - * See http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum - * 383 on page 105. Intel should be safe but is also warns that it's - * only safe if the permission and cache attributes of the two entries - * loaded in the two TLB is identical (which should be the case here). - * But it is generally safer to never allow small and huge TLB entries - * for the same virtual address to be loaded simultaneously. So instead - * of doing "pmd_populate(); flush_pmd_tlb_range();" we first mark the - * current pmd notpresent (atomically because here the pmd_trans_huge - * must remain set at all times on the pmd until the split is complete - * for this pmd), then we flush the SMP TLB and finally we write the - * non-huge version of the pmd entry with pmd_populate. - */ - old_pmd = pmdp_invalidate(vma, haddr, pmd); - - pmd_migration = is_pmd_migration_entry(old_pmd); + pmd_migration = is_pmd_migration_entry(*pmd); if (unlikely(pmd_migration)) { swp_entry_t entry; + old_pmd = *pmd; entry = pmd_to_swp_entry(old_pmd); page = pfn_swap_entry_to_page(entry); write = is_writable_migration_entry(entry); @@ -2466,6 +2445,30 @@ static void __split_huge_pmd_locked(stru soft_dirty = pmd_swp_soft_dirty(old_pmd); uffd_wp = pmd_swp_uffd_wp(old_pmd); } else { + /* + * Up to this point the pmd is present and huge and userland has + * the whole access to the hugepage during the split (which + * happens in place). If we overwrite the pmd with the not-huge + * version pointing to the pte here (which of course we could if + * all CPUs were bug free), userland could trigger a small page + * size TLB miss on the small sized TLB while the hugepage TLB + * entry is still established in the huge TLB. Some CPU doesn't + * like that. See + * http://support.amd.com/TechDocs/41322_10h_Rev_Gd.pdf, Erratum + * 383 on page 105. Intel should be safe but is also warns that + * it's only safe if the permission and cache attributes of the + * two entries loaded in the two TLB is identical (which should + * be the case here). But it is generally safer to never allow + * small and huge TLB entries for the same virtual address to be + * loaded simultaneously. So instead of doing "pmd_populate(); + * flush_pmd_tlb_range();" we first mark the current pmd + * notpresent (atomically because here the pmd_trans_huge must + * remain set at all times on the pmd until the split is + * complete for this pmd), then we flush the SMP TLB and finally + * we write the non-huge version of the pmd entry with + * pmd_populate. + */ + old_pmd = pmdp_invalidate(vma, haddr, pmd); page = pmd_page(old_pmd); folio = page_folio(page); if (pmd_dirty(old_pmd)) { --- a/mm/pgtable-generic.c~mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast +++ a/mm/pgtable-generic.c @@ -198,6 +198,7 @@ pgtable_t pgtable_trans_huge_withdraw(st pmd_t pmdp_invalidate(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); pmd_t old = pmdp_establish(vma, address, pmdp, pmd_mkinvalid(*pmdp)); flush_pmd_tlb_range(vma, address, address + HPAGE_PMD_SIZE); return old; @@ -208,6 +209,7 @@ pmd_t pmdp_invalidate(struct vm_area_str pmd_t pmdp_invalidate_ad(struct vm_area_struct *vma, unsigned long address, pmd_t *pmdp) { + VM_WARN_ON_ONCE(!pmd_present(*pmdp)); return pmdp_invalidate(vma, address, pmdp); } #endif _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are

12 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() has been removed from the -mm tree. Its filename was fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix uffd-wp confusion in pagemap_scan_pmd_entry() Date: Mon, 29 Apr 2024 12:41:04 +0100 pagemap_scan_pmd_entry() checks if uffd-wp is set on each pte to avoid unnecessary if set. However it was previously checking with `pte_uffd_wp(ptep_get(pte))` without first confirming that the pte was present. It is only valid to call pte_uffd_wp() for present ptes. For swap ptes, pte_swp_uffd_wp() must be called because the uffd-wp bit may be kept in a different position, depending on the arch. This was leading to test failures in the pagemap_ioctl mm selftest, when bringing up uffd-wp support on arm64 due to incorrectly interpretting the uffd-wp status of migration entries. Let's fix this by using the correct check based on pte_present(). While we are at it, let's pass the pte to make_uffd_wp_pte() to avoid the pointless extra ptep_get() which can't be optimized out due to READ_ONCE() on many arches. Link: https://lkml.kernel.org/r/20240429114104.182890-1-ryan.roberts@arm.com Fixes: 12f6b01a0bcb ("fs/proc/task_mmu: add fast paths to get/clear PAGE_IS_WRITTEN flag") Closes: https://lore.kernel.org/linux-arm-kernel/ZiuyGXt0XWwRgFh9@x1n/ Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Tested-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-uffd-wp-confusion-in-pagemap_scan_pmd_entry +++ a/fs/proc/task_mmu.c @@ -1817,10 +1817,8 @@ static unsigned long pagemap_page_catego } static void make_uffd_wp_pte(struct vm_area_struct *vma, - unsigned long addr, pte_t *pte) + unsigned long addr, pte_t *pte, pte_t ptent) { - pte_t ptent = ptep_get(pte); - if (pte_present(ptent)) { pte_t old_pte; @@ -2175,9 +2173,12 @@ static int pagemap_scan_pmd_entry(pmd_t if ((p->arg.flags & PM_SCAN_WP_MATCHING) && !p->vec_out) { /* Fast path for performing exclusive WP */ for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { - if (pte_uffd_wp(ptep_get(pte))) + pte_t ptent = ptep_get(pte); + + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = addr + PAGE_SIZE; @@ -2190,8 +2191,10 @@ static int pagemap_scan_pmd_entry(pmd_t p->arg.return_mask == PAGE_IS_WRITTEN) { for (addr = start; addr < end; pte++, addr += PAGE_SIZE) { unsigned long next = addr + PAGE_SIZE; + pte_t ptent = ptep_get(pte); - if (pte_uffd_wp(ptep_get(pte))) + if ((pte_present(ptent) && pte_uffd_wp(ptent)) || + pte_swp_uffd_wp_any(ptent)) continue; ret = pagemap_scan_output(p->cur_vma_category | PAGE_IS_WRITTEN, p, addr, &next); @@ -2199,7 +2202,7 @@ static int pagemap_scan_pmd_entry(pmd_t break; if (~p->arg.flags & PM_SCAN_WP_MATCHING) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; @@ -2208,8 +2211,9 @@ static int pagemap_scan_pmd_entry(pmd_t } for (addr = start; addr != end; pte++, addr += PAGE_SIZE) { + pte_t ptent = ptep_get(pte); unsigned long categories = p->cur_vma_category | - pagemap_page_category(p, vma, addr, ptep_get(pte)); + pagemap_page_category(p, vma, addr, ptent); unsigned long next = addr + PAGE_SIZE; if (!pagemap_scan_is_interesting_page(categories, p)) @@ -2224,7 +2228,7 @@ static int pagemap_scan_pmd_entry(pmd_t if (~categories & PAGE_IS_WRITTEN) continue; - make_uffd_wp_pte(vma, addr, pte); + make_uffd_wp_pte(vma, addr, pte, ptent); if (!flush_end) start = addr; flush_end = next; _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-debug_vm_pgtable-test-pmd_leaf-behavior-with-pmd_mkinvalid.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

12 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan has been removed from the -mm tree. Its filename was fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Ryan Roberts <ryan.roberts(a)arm.com> Subject: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan Date: Mon, 29 Apr 2024 12:40:17 +0100 make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); But if another thread accessed or dirtied the pte between the first 2 calls, this could lead to loss of that information. Since ptep_modify_prot_start() gets and clears atomically, the following is the correct pattern and prevents any possible race. Any access after the first call would see an invalid pte and cause a fault: pte = ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte); Link: https://lkml.kernel.org/r/20240429114017.182570-1-ryan.roberts@arm.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: Ryan Roberts <ryan.roberts(a)arm.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-loss-of-young-dirty-bits-during-pagemap-scan +++ a/fs/proc/task_mmu.c @@ -1825,7 +1825,7 @@ static void make_uffd_wp_pte(struct vm_a pte_t old_pte; old_pte = ptep_modify_prot_start(vma, addr, pte); - ptent = pte_mkuffd_wp(ptent); + ptent = pte_mkuffd_wp(old_pte); ptep_modify_prot_commit(vma, addr, pte, old_pte, ptent); } else if (is_swap_pte(ptent)) { ptent = pte_swp_mkuffd_wp(ptent); _ Patches currently in -mm which might be from ryan.roberts(a)arm.com are selftests-mm-soft-dirty-should-fail-if-a-testcase-fails.patch mm-debug_vm_pgtable-test-pmd_leaf-behavior-with-pmd_mkinvalid.patch mm-fix-race-between-__split_huge_pmd_locked-and-gup-fast.patch

12 months

1
0
0 0

[merged mm-hotfixes-stable] mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() has been removed from the -mm tree. Its filename was mm-use-memalloc_nofs_save-in-page_cache_ra_order.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kefeng Wang <wangkefeng.wang(a)huawei.com> Subject: mm: use memalloc_nofs_save() in page_cache_ra_order() Date: Fri, 26 Apr 2024 19:29:38 +0800 See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 Link: https://lkml.kernel.org/r/20240426112938.124740-1-wangkefeng.wang@huawei.com Fixes: 793917d997df ("mm/readahead: Add large folio readahead") Signed-off-by: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Zhang Yi <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/readahead.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/readahead.c~mm-use-memalloc_nofs_save-in-page_cache_ra_order +++ a/mm/readahead.c @@ -490,6 +490,7 @@ void page_cache_ra_order(struct readahea pgoff_t index = readahead_index(ractl); pgoff_t limit = (i_size_read(mapping->host) - 1) >> PAGE_SHIFT; pgoff_t mark = index + ra->size - ra->async_size; + unsigned int nofs; int err = 0; gfp_t gfp = readahead_gfp_mask(mapping); @@ -504,6 +505,8 @@ void page_cache_ra_order(struct readahea new_order = min_t(unsigned int, new_order, ilog2(ra->size)); } + /* See comment in page_cache_ra_unbounded() */ + nofs = memalloc_nofs_save(); filemap_invalidate_lock_shared(mapping); while (index <= limit) { unsigned int order = new_order; @@ -527,6 +530,7 @@ void page_cache_ra_order(struct readahea read_pages(ractl); filemap_invalidate_unlock_shared(mapping); + memalloc_nofs_restore(nofs); /* * If there were already pages in the page cache, then we may have _ Patches currently in -mm which might be from wangkefeng.wang(a)huawei.com are arm64-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch arm-mm-drop-vm_fault_badmap-vm_fault_badaccess.patch mm-move-mm-counter-updating-out-of-set_pte_range.patch mm-filemap-batch-mm-counter-updating-in-filemap_map_pages.patch mm-swapfile-check-usable-swap-device-in-__folio_throttle_swaprate.patch mm-memory-check-userfaultfd_wp-in-vmf_orig_pte_uffd_wp.patch

12 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror