- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] igc: Fix qbv tx latency by setting gtxoffset" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082754-tricking-facsimile-011e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6c3fc0b1c3d0 ("igc: Fix qbv tx latency by setting gtxoffset") 790835fcc0cb ("igc: Correct the launchtime offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 Mon Sep 17 00:00:00 2001 From: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Date: Sun, 7 Jul 2024 08:53:18 -0400 Subject: [PATCH] igc: Fix qbv tx latency by setting gtxoffset A large tx latency issue was discovered during testing when only QBV was enabled. The issue occurs because gtxoffset was not set when QBV is active, it was only set when launch time is active. The patch "igc: Correct the launchtime offset" only sets gtxoffset when the launchtime_enable field is set by the user. Enabling launchtime_enable ultimately sets the register IGC_TXQCTL_QUEUE_MODE_LAUNCHT (referred to as LaunchT in the SW user manual). Section 7.5.2.6 of the IGC i225/6 SW User Manual Rev 1.2.4 states: "The latency between transmission scheduling (launch time) and the time the packet is transmitted to the network is listed in Table 7-61." However, the patch misinterprets the phrase "launch time" in that section by assuming it specifically refers to the LaunchT register, whereas it actually denotes the generic term for when a packet is released from the internal buffer to the MAC transmit logic. This launch time, as per that section, also implicitly refers to the QBV gate open time, where a packet waits in the buffer for the QBV gate to open. Therefore, latency applies whenever QBV is in use. TSN features such as QBU and QAV reuse QBV, making the latency universal to TSN features. Discussed with i226 HW owner (Shalev, Avi) and we were in agreement that the term "launch time" used in Section 7.5.2.6 is not clear and can be easily misinterpreted. Avi will update this section to: "When TQAVCTRL.TRANSMIT_MODE = TSN, the latency between transmission scheduling and the time the packet is transmitted to the network is listed in Table 7-61." Fix this issue by using igc_tsn_is_tx_mode_in_tsn() as a condition to write to gtxoffset, aligning with the newly updated SW User Manual. Tested: 1. Enrol taprio on talker board base-time 0 cycle-time 1000000 flags 0x2 index 0 cmd S gatemask 0x1 interval1 index 0 cmd S gatemask 0x1 interval2 Note: interval1 = interval for a 64 bytes packet to go through interval2 = cycle-time - interval1 2. Take tcpdump on listener board 3. Use udp tai app on talker to send packets to listener 4. Check the timestamp on listener via wireshark Test Result: 100 Mbps: 113 ~193 ns 1000 Mbps: 52 ~ 84 ns 2500 Mbps: 95 ~ 223 ns Note that the test result is similar to the patch "igc: Correct the launchtime offset". Fixes: 790835fcc0cb ("igc: Correct the launchtime offset") Signed-off-by: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Tested-by: Mor Bar-Gabay <morx.bar.gabay(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/igc/igc_tsn.c b/drivers/net/ethernet/intel/igc/igc_tsn.c index ada751430517..d68fa7f3d5f0 100644 --- a/drivers/net/ethernet/intel/igc/igc_tsn.c +++ b/drivers/net/ethernet/intel/igc/igc_tsn.c @@ -61,7 +61,7 @@ void igc_tsn_adjust_txtime_offset(struct igc_adapter *adapter) struct igc_hw *hw = &adapter->hw; u16 txoffset; - if (!is_any_launchtime(adapter)) + if (!igc_tsn_is_tx_mode_in_tsn(adapter)) return; switch (adapter->link_speed) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] igc: Fix qbv tx latency by setting gtxoffset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082732-calculus-unviable-28eb@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6c3fc0b1c3d0 ("igc: Fix qbv tx latency by setting gtxoffset") 790835fcc0cb ("igc: Correct the launchtime offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 Mon Sep 17 00:00:00 2001 From: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Date: Sun, 7 Jul 2024 08:53:18 -0400 Subject: [PATCH] igc: Fix qbv tx latency by setting gtxoffset A large tx latency issue was discovered during testing when only QBV was enabled. The issue occurs because gtxoffset was not set when QBV is active, it was only set when launch time is active. The patch "igc: Correct the launchtime offset" only sets gtxoffset when the launchtime_enable field is set by the user. Enabling launchtime_enable ultimately sets the register IGC_TXQCTL_QUEUE_MODE_LAUNCHT (referred to as LaunchT in the SW user manual). Section 7.5.2.6 of the IGC i225/6 SW User Manual Rev 1.2.4 states: "The latency between transmission scheduling (launch time) and the time the packet is transmitted to the network is listed in Table 7-61." However, the patch misinterprets the phrase "launch time" in that section by assuming it specifically refers to the LaunchT register, whereas it actually denotes the generic term for when a packet is released from the internal buffer to the MAC transmit logic. This launch time, as per that section, also implicitly refers to the QBV gate open time, where a packet waits in the buffer for the QBV gate to open. Therefore, latency applies whenever QBV is in use. TSN features such as QBU and QAV reuse QBV, making the latency universal to TSN features. Discussed with i226 HW owner (Shalev, Avi) and we were in agreement that the term "launch time" used in Section 7.5.2.6 is not clear and can be easily misinterpreted. Avi will update this section to: "When TQAVCTRL.TRANSMIT_MODE = TSN, the latency between transmission scheduling and the time the packet is transmitted to the network is listed in Table 7-61." Fix this issue by using igc_tsn_is_tx_mode_in_tsn() as a condition to write to gtxoffset, aligning with the newly updated SW User Manual. Tested: 1. Enrol taprio on talker board base-time 0 cycle-time 1000000 flags 0x2 index 0 cmd S gatemask 0x1 interval1 index 0 cmd S gatemask 0x1 interval2 Note: interval1 = interval for a 64 bytes packet to go through interval2 = cycle-time - interval1 2. Take tcpdump on listener board 3. Use udp tai app on talker to send packets to listener 4. Check the timestamp on listener via wireshark Test Result: 100 Mbps: 113 ~193 ns 1000 Mbps: 52 ~ 84 ns 2500 Mbps: 95 ~ 223 ns Note that the test result is similar to the patch "igc: Correct the launchtime offset". Fixes: 790835fcc0cb ("igc: Correct the launchtime offset") Signed-off-by: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Tested-by: Mor Bar-Gabay <morx.bar.gabay(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/igc/igc_tsn.c b/drivers/net/ethernet/intel/igc/igc_tsn.c index ada751430517..d68fa7f3d5f0 100644 --- a/drivers/net/ethernet/intel/igc/igc_tsn.c +++ b/drivers/net/ethernet/intel/igc/igc_tsn.c @@ -61,7 +61,7 @@ void igc_tsn_adjust_txtime_offset(struct igc_adapter *adapter) struct igc_hw *hw = &adapter->hw; u16 txoffset; - if (!is_any_launchtime(adapter)) + if (!igc_tsn_is_tx_mode_in_tsn(adapter)) return; switch (adapter->link_speed) {

1 year, 3 months

1
0
0 0

[PATCH for stable 0/2] ASoC: topology: Fix loading topology issue

by Amadeusz Sławiński

Commit 97ab304ecd95 ("ASoC: topology: Fix references to freed memory") is a problematic fix for issue in topology loading code, which was cherry-picked to stable. It was later corrected in 0298f51652be ("ASoC: topology: Fix route memory corruption"), however to apply cleanly e0e7bc2cbee9 ("ASoC: topology: Clean up route loading") also needs to be applied. Link: https://lore.kernel.org/linux-sound/ZrwUCnrtKQ61LWFS@sashalap/T/#mbfd273adf… Amadeusz Sławiński (2): ASoC: topology: Clean up route loading ASoC: topology: Fix route memory corruption sound/soc/soc-topology.c | 32 ++++++++------------------------ 1 file changed, 8 insertions(+), 24 deletions(-) base-commit: 878fbff41def4649a2884e9d33bb423f5a7726b0 -- 2.34.1

1 year, 3 months

2
11
0 0

"s390/dasd: Remove DMA alignment" for stable

by Jan Höppner

Hi, the stable tag was missing for the following commit: commit 2a07bb64d801 ("s390/dasd: Remove DMA alignment") The change needs to be applied for kernel 6.0+ essentially reverting bc792884b76f ("s390/dasd: Establish DMA alignment"). The patch fixes filesystem errors especially for XFS when DASD devices are formatted with a blocksize smaller than 4096 bytes. The commit 2a07bb64d801 ("s390/dasd: Remove DMA alignment") should apply cleanly for kernel 6.9+. There was a refactoring happening at the time with the following two commits (just for context, not required as prereqs!): commit 0127a47f58c6 ("dasd: move queue setup to common code") commit fde07a4d74e3 ("dasd: use the atomic queue limits API") For everything before 6.9 a simple git revert for commit bc792884b76f ("s390/dasd: Establish DMA alignment") should work just fine. If you run into any conflicts, need separate patches, or have any questions, please let me know. Thanks a lot and apologies for the inconvenience! regards, Jan

1 year, 3 months

2
3
0 0

[PATCH 6.1 0/2] VCN power saving improvements

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> This is a backport of patches from 6.11-rc1 that improve power savings for VCN when hardware accelerated video playback is active. Boyuan Zhang (2): drm/amdgpu/vcn: identify unified queue in sw init drm/amdgpu/vcn: not pause dpg for unified queue drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 53 ++++++++++++------------- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 + 2 files changed, 27 insertions(+), 27 deletions(-) -- 2.43.0

1 year, 3 months

2
3
0 0

[PATCH 6.1.y 5.15.y 5.10.y 5.4.y 4.19.y] Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

by Harshit Mogalapalli

From: "Lee, Chun-Yi" <joeyli.kernel(a)gmail.com> commit 9c33663af9ad115f90c076a1828129a3fbadea98 upstream. This patch adds code to check HCI_UART_PROTO_READY flag before accessing hci_uart->proto. It fixes the race condition in hci_uart_tty_ioctl() between HCIUARTSETPROTO and HCIUARTGETPROTO. This issue bug found by Yu Hao and Weiteng Chen: BUG: general protection fault in hci_uart_tty_ioctl [1] The information of C reproducer can also reference the link [2] Reported-by: Yu Hao <yhao016(a)ucr.edu> Closes: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDe… [1] Reported-by: Weiteng Chen <wchen130(a)ucr.edu> Closes: https://lore.kernel.org/lkml/CA+UBctDPEvHdkHMwD340=n02rh+jNRJNNQ5LBZNA+Wm4K… [2] Signed-off-by: "Lee, Chun-Yi" <jlee(a)suse.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> [Harshit: bp to stable kernels] Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> --- This is backport of a fix for CVE-2023-31083, it applies cleanly to all stable trees and I have build tested this. drivers/bluetooth/hci_ldisc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/hci_ldisc.c b/drivers/bluetooth/hci_ldisc.c index 865112e96ff9..c1feebd9e3a0 100644 --- a/drivers/bluetooth/hci_ldisc.c +++ b/drivers/bluetooth/hci_ldisc.c @@ -770,7 +770,8 @@ static int hci_uart_tty_ioctl(struct tty_struct *tty, unsigned int cmd, break; case HCIUARTGETPROTO: - if (test_bit(HCI_UART_PROTO_SET, &hu->flags)) + if (test_bit(HCI_UART_PROTO_SET, &hu->flags) && + test_bit(HCI_UART_PROTO_READY, &hu->flags)) err = hu->proto->id; else err = -EUNATCH; -- 2.45.2

1 year, 3 months

2
2
0 0

FAILED: patch "[PATCH] net: ngbe: Fix phy mode set to external phy" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f2916c83d746eb99f50f42c15cf4c47c2ea5f3b3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082635-dislike-tipping-1bee@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: f2916c83d746 ("net: ngbe: Fix phy mode set to external phy") bc2426d74aa3 ("net: ngbe: convert phylib to phylink") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f2916c83d746eb99f50f42c15cf4c47c2ea5f3b3 Mon Sep 17 00:00:00 2001 From: Mengyuan Lou <mengyuanlou(a)net-swift.com> Date: Tue, 20 Aug 2024 11:04:25 +0800 Subject: [PATCH] net: ngbe: Fix phy mode set to external phy The MAC only has add the TX delay and it can not be modified. MAC and PHY are both set the TX delay cause transmission problems. So just disable TX delay in PHY, when use rgmii to attach to external phy, set PHY_INTERFACE_MODE_RGMII_RXID to phy drivers. And it is does not matter to internal phy. Fixes: bc2426d74aa3 ("net: ngbe: convert phylib to phylink") Signed-off-by: Mengyuan Lou <mengyuanlou(a)net-swift.com> Cc: stable(a)vger.kernel.org # 6.3+ Reviewed-by: Jacob Keller <jacob.e.keller(a)intel.com> Link: https://patch.msgid.link/E6759CF1387CF84C+20240820030425.93003-1-mengyuanlo… Signed-off-by: Paolo Abeni <pabeni(a)redhat.com> diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c index ec54b18c5fe7..a5e9b779c44d 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c @@ -124,8 +124,12 @@ static int ngbe_phylink_init(struct wx *wx) MAC_SYM_PAUSE | MAC_ASYM_PAUSE; config->mac_managed_pm = true; - phy_mode = PHY_INTERFACE_MODE_RGMII_ID; - __set_bit(PHY_INTERFACE_MODE_RGMII_ID, config->supported_interfaces); + /* The MAC only has add the Tx delay and it can not be modified. + * So just disable TX delay in PHY, and it is does not matter to + * internal phy. + */ + phy_mode = PHY_INTERFACE_MODE_RGMII_RXID; + __set_bit(PHY_INTERFACE_MODE_RGMII_RXID, config->supported_interfaces); phylink = phylink_create(config, NULL, phy_mode, &ngbe_mac_ops); if (IS_ERR(phylink))

1 year, 3 months

3
2
0 0

FAILED: patch "[PATCH] ksmbd: fix race condition between destroy_previous_session()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 76e98a158b207771a6c9a0de0a60522a446a3447 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082626-succulent-engraver-73cd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 76e98a158b20 ("ksmbd: fix race condition between destroy_previous_session() and smb2 operations()") d484d621d40f ("ksmbd: add durable scavenger timer") c8efcc786146 ("ksmbd: add support for durable handles v1/v2") fa9415d4024f ("ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous session") c2a721eead71 ("ksmbd: lazy v2 lease break on smb2_write()") d47d9886aeef ("ksmbd: send v2 lease break notification for directory") eb547407f357 ("ksmbd: downgrade RWH lease caching state to RH for directory") 2e450920d58b ("ksmbd: move oplock handling after unlock parent dir") 4274a9dc6aeb ("ksmbd: separately allocate ci per dentry") 864fb5d37163 ("ksmbd: fix possible deadlock in smb2_open") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76e98a158b207771a6c9a0de0a60522a446a3447 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Sat, 17 Aug 2024 14:03:49 +0900 Subject: [PATCH] ksmbd: fix race condition between destroy_previous_session() and smb2 operations() If there is ->PreviousSessionId field in the session setup request, The session of the previous connection should be destroyed. During this, if the smb2 operation requests in the previous session are being processed, a racy issue could happen with ksmbd_destroy_file_table(). This patch sets conn->status to KSMBD_SESS_NEED_RECONNECT to block incoming operations and waits until on-going operations are complete (i.e. idle) before desctorying the previous session. Fixes: c8efcc786146 ("ksmbd: add support for durable handles v1/v2") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-25040 Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index 09e1e7771592..7889df8112b4 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -165,11 +165,43 @@ void ksmbd_all_conn_set_status(u64 sess_id, u32 status) up_read(&conn_list_lock); } -void ksmbd_conn_wait_idle(struct ksmbd_conn *conn, u64 sess_id) +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) { wait_event(conn->req_running_q, atomic_read(&conn->req_running) < 2); } +int ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn *curr_conn, u64 sess_id) +{ + struct ksmbd_conn *conn; + int rc, retry_count = 0, max_timeout = 120; + int rcount = 1; + +retry_idle: + if (retry_count >= max_timeout) + return -EIO; + + down_read(&conn_list_lock); + list_for_each_entry(conn, &conn_list, conns_list) { + if (conn->binding || xa_load(&conn->sessions, sess_id)) { + if (conn == curr_conn) + rcount = 2; + if (atomic_read(&conn->req_running) >= rcount) { + rc = wait_event_timeout(conn->req_running_q, + atomic_read(&conn->req_running) < rcount, + HZ); + if (!rc) { + up_read(&conn_list_lock); + retry_count++; + goto retry_idle; + } + } + } + } + up_read(&conn_list_lock); + + return 0; +} + int ksmbd_conn_write(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h index 5c2845e47cf2..5b947175c048 100644 --- a/fs/smb/server/connection.h +++ b/fs/smb/server/connection.h @@ -145,7 +145,8 @@ extern struct list_head conn_list; extern struct rw_semaphore conn_list_lock; bool ksmbd_conn_alive(struct ksmbd_conn *conn); -void ksmbd_conn_wait_idle(struct ksmbd_conn *conn, u64 sess_id); +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn); +int ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn *curr_conn, u64 sess_id); struct ksmbd_conn *ksmbd_conn_alloc(void); void ksmbd_conn_free(struct ksmbd_conn *conn); bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c); diff --git a/fs/smb/server/mgmt/user_session.c b/fs/smb/server/mgmt/user_session.c index 162a12685d2c..99416ce9f501 100644 --- a/fs/smb/server/mgmt/user_session.c +++ b/fs/smb/server/mgmt/user_session.c @@ -311,6 +311,7 @@ void destroy_previous_session(struct ksmbd_conn *conn, { struct ksmbd_session *prev_sess; struct ksmbd_user *prev_user; + int err; down_write(&sessions_table_lock); down_write(&conn->session_lock); @@ -325,8 +326,16 @@ void destroy_previous_session(struct ksmbd_conn *conn, memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) goto out; + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_RECONNECT); + err = ksmbd_conn_wait_idle_sess_id(conn, id); + if (err) { + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE); + goto out; + } + ksmbd_destroy_file_table(&prev_sess->file_table); prev_sess->state = SMB2_SESSION_EXPIRED; + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE); ksmbd_launch_ksmbd_durable_scavenger(); out: up_write(&conn->session_lock); diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 3f4c56a10a86..cb7f487c96af 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2213,7 +2213,7 @@ int smb2_session_logoff(struct ksmbd_work *work) ksmbd_conn_unlock(conn); ksmbd_close_session_fds(work); - ksmbd_conn_wait_idle(conn, sess_id); + ksmbd_conn_wait_idle(conn); /* * Re-lookup session to validate if session is deleted

1 year, 3 months

3
2
0 0

[PATCH 6.6 0/2] VCN power saving improvements

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> This is a backport of patches from 6.11-rc1 that improve power savings for VCN when hardware accelerated video playback is active. Boyuan Zhang (2): drm/amdgpu/vcn: identify unified queue in sw init drm/amdgpu/vcn: not pause dpg for unified queue drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.c | 53 ++++++++++++------------- drivers/gpu/drm/amd/amdgpu/amdgpu_vcn.h | 1 + 2 files changed, 27 insertions(+), 27 deletions(-) -- 2.43.0

1 year, 3 months

2
3
0 0

[PATCH 5.10.y] nfsd: Don't call freezable_schedule_timeout() after each successful page allocation in svc_alloc_arg().

by Kuniyuki Iwashima

When commit 390390240145 ("nfsd: don't allow nfsd threads to be signalled.") is backported to 5.10, it was adjusted considering commit 3feac2b55293 ("sunrpc: exclude from freezer when waiting for requests:"). However, 3feac2b55293 is based on commit f6e70aab9dfe ("SUNRPC: refresh rq_pages using a bulk page allocator"), which converted page-by-page allocation to a batch allocation, so schedule_timeout() is placed un-nested. As a result, the backported commit 7229200f6866 ("nfsd: don't allow nfsd threads to be signalled.") placed freezable_schedule_timeout() in the wrong place. Now, freezable_schedule_timeout() is called after every successful page allocation, and we see 30%+ performance regression on 5.10.220 in our test suite. Let's move it to the correct place so that freezable_schedule_timeout() is called only when page allocation fails. Fixes: 7229200f6866 ("nfsd: don't allow nfsd threads to be signalled.") Reported-by: Hughdan Liu <hughliu(a)amazon.com> Signed-off-by: Kuniyuki Iwashima <kuniyu(a)amazon.com> --- net/sunrpc/svc_xprt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index d1eacf3358b8..60782504ad3e 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -679,8 +679,8 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) set_current_state(TASK_RUNNING); return -EINTR; } + freezable_schedule_timeout(msecs_to_jiffies(500)); } - freezable_schedule_timeout(msecs_to_jiffies(500)); rqstp->rq_pages[i] = p; } rqstp->rq_page_end = &rqstp->rq_pages[i]; -- 2.30.2

1 year, 3 months

3
2
0 0

[PATCH 6.1.y 0/7] NFSD updates for LTS 6.1.y

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Address an NFSD crasher that was noted here: https://lore.kernel.org/linux-nfs/65ee9c0d-e89e-b3e5-f542-103a0ee4745c@huaw… To apply the fix cleanly, backport a few NFSD patches into v6.1.y that have been in the other LTS kernels for a while. Reported-by: Li LingFeng <lilingfeng3(a)huawei.com> Suggested-by: Li LingFeng <lilingfeng3(a)huawei.com> Tested-by: Li LingFeng <lilingfeng3(a)huawei.com> Jeff Layton (1): nfsd: drop the nfsd_put helper NeilBrown (5): nfsd: Simplify code around svc_exit_thread() call in nfsd() nfsd: separate nfsd_last_thread() from nfsd_put() NFSD: simplify error paths in nfsd_svc() nfsd: call nfsd_last_thread() before final nfsd_put() nfsd: don't call locks_release_private() twice concurrently Trond Myklebust (1): nfsd: Fix a regression in nfsd_setattr() fs/nfsd/nfs4proc.c | 4 ++ fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsctl.c | 32 ++++++++------ fs/nfsd/nfsd.h | 3 +- fs/nfsd/nfssvc.c | 85 ++++++++++---------------------------- fs/nfsd/vfs.c | 6 ++- include/linux/sunrpc/svc.h | 13 ------ 7 files changed, 51 insertions(+), 94 deletions(-) -- 2.45.1

1 year, 3 months

2
8
0 0

[PATCH stable 6.6 1/2] bpf: Fix a kernel verifier crash in stacksafe()

by Shung-Hsi Yu

From: Yonghong Song <yonghong.song(a)linux.dev> [ Upstream commit bed2eb964c70b780fb55925892a74f26cb590b25 ] Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code: if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false; The 'i' iterates old->allocated_stack. If cur->allocated_stack < old->allocated_stack the out-of-bound access will happen. To fix the issue add 'i >= cur->allocated_stack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal. Fixes: 2793a8b015f7 ("bpf: exact states comparison for iterator convergence checks") Cc: Eduard Zingerman <eddyz87(a)gmail.com> Reported-by: Daniel Hodges <hodgesd(a)meta.com> Acked-by: Eduard Zingerman <eddyz87(a)gmail.com> Signed-off-by: Yonghong Song <yonghong.song(a)linux.dev> Link: https://lore.kernel.org/r/20240812214847.213612-1-yonghong.song@linux.dev Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> shung-hsi.yu: "exact" variable is bool instead enum because commit 4f81c16f50ba ("bpf: Recognize that two registers are safe when their ranges match") is not present. Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- kernel/bpf/verifier.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index 171045b6956d..3f1a9cd7fc9e 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -16124,8 +16124,9 @@ static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, spi = i / BPF_REG_SIZE; if (exact && - old->stack[spi].slot_type[i % BPF_REG_SIZE] != - cur->stack[spi].slot_type[i % BPF_REG_SIZE]) + (i >= cur->allocated_stack || + old->stack[spi].slot_type[i % BPF_REG_SIZE] != + cur->stack[spi].slot_type[i % BPF_REG_SIZE])) return false; if (!(old->stack[spi].spilled_ptr.live & REG_LIVE_READ) && !exact) { -- 2.46.0

1 year, 3 months

2
2
0 0

[PATCH stable 5.10] bpf: Allow reads from uninit stack

by Maxim Mikityanskiy

From: Eduard Zingerman <eddyz87(a)gmail.com> [ Upstream commit 6715df8d5d24655b9fd368e904028112b54c7de1 ] This commits updates the following functions to allow reads from uninitialized stack locations when env->allow_uninit_stack option is enabled: - check_stack_read_fixed_off() - check_stack_range_initialized(), called from: - check_stack_read_var_off() - check_helper_mem_access() Such change allows to relax logic in stacksafe() to treat STACK_MISC and STACK_INVALID in a same way and make the following stack slot configurations equivalent: | Cached state | Current state | | stack slot | stack slot | |------------------+------------------| | STACK_INVALID or | STACK_INVALID or | | STACK_MISC | STACK_SPILL or | | | STACK_MISC or | | | STACK_ZERO or | | | STACK_DYNPTR | This leads to significant verification speed gains (see below). The idea was suggested by Andrii Nakryiko [1] and initial patch was created by Alexei Starovoitov [2]. Currently the env->allow_uninit_stack is allowed for programs loaded by users with CAP_PERFMON or CAP_SYS_ADMIN capabilities. A number of test cases from verifier/*.c were expecting uninitialized stack access to be an error. These test cases were updated to execute in unprivileged mode (thus preserving the tests). The test progs/test_global_func10.c expected "invalid indirect read from stack" error message because of the access to uninitialized memory region. This error is no longer possible in privileged mode. The test is updated to provoke an error "invalid indirect access to stack" because of access to invalid stack address (such error is not verified by progs/test_global_func*.c series of tests). The following tests had to be removed because these can't be made unprivileged: - verifier/sock.c: - "sk_storage_get(map, skb->sk, &stack_value, 1): partially init stack_value" BPF_PROG_TYPE_SCHED_CLS programs are not executed in unprivileged mode. - verifier/var_off.c: - "indirect variable-offset stack access, max_off+size > max_initialized" - "indirect variable-offset stack access, uninitialized" These tests verify that access to uninitialized stack values is detected when stack offset is not a constant. However, variable stack access is prohibited in unprivileged mode, thus these tests are no longer valid. * * * Here is veristat log comparing this patch with current master on a set of selftest binaries listed in tools/testing/selftests/bpf/veristat.cfg and cilium BPF binaries (see [3]): $ ./veristat -e file,prog,states -C -f 'states_pct<-30' master.log current.log File Program States (A) States (B) States (DIFF) -------------------------- -------------------------- ---------- ---------- ---------------- bpf_host.o tail_handle_ipv6_from_host 349 244 -105 (-30.09%) bpf_host.o tail_handle_nat_fwd_ipv4 1320 895 -425 (-32.20%) bpf_lxc.o tail_handle_nat_fwd_ipv4 1320 895 -425 (-32.20%) bpf_sock.o cil_sock4_connect 70 48 -22 (-31.43%) bpf_sock.o cil_sock4_sendmsg 68 46 -22 (-32.35%) bpf_xdp.o tail_handle_nat_fwd_ipv4 1554 803 -751 (-48.33%) bpf_xdp.o tail_lb_ipv4 6457 2473 -3984 (-61.70%) bpf_xdp.o tail_lb_ipv6 7249 3908 -3341 (-46.09%) pyperf600_bpf_loop.bpf.o on_event 287 145 -142 (-49.48%) strobemeta.bpf.o on_event 15915 4772 -11143 (-70.02%) strobemeta_nounroll2.bpf.o on_event 17087 3820 -13267 (-77.64%) xdp_synproxy_kern.bpf.o syncookie_tc 21271 6635 -14636 (-68.81%) xdp_synproxy_kern.bpf.o syncookie_xdp 23122 6024 -17098 (-73.95%) -------------------------- -------------------------- ---------- ---------- ---------------- Note: I limited selection by states_pct<-30%. Inspection of differences in pyperf600_bpf_loop behavior shows that the following patch for the test removes almost all differences: - a/tools/testing/selftests/bpf/progs/pyperf.h + b/tools/testing/selftests/bpf/progs/pyperf.h @ -266,8 +266,8 @ int __on_event(struct bpf_raw_tracepoint_args *ctx) } if (event->pthread_match || !pidData->use_tls) { - void* frame_ptr; - FrameData frame; + void* frame_ptr = 0; + FrameData frame = {}; Symbol sym = {}; int cur_cpu = bpf_get_smp_processor_id(); W/o this patch the difference comes from the following pattern (for different variables): static bool get_frame_data(... FrameData *frame ...) { ... bpf_probe_read_user(&frame->f_code, ...); if (!frame->f_code) return false; ... bpf_probe_read_user(&frame->co_name, ...); if (frame->co_name) ...; } int __on_event(struct bpf_raw_tracepoint_args *ctx) { FrameData frame; ... get_frame_data(... &frame ...) // indirectly via a bpf_loop & callback ... } SEC("raw_tracepoint/kfree_skb") int on_event(struct bpf_raw_tracepoint_args* ctx) { ... ret |= __on_event(ctx); ret |= __on_event(ctx); ... } With regards to value `frame->co_name` the following is important: - Because of the conditional `if (!frame->f_code)` each call to __on_event() produces two states, one with `frame->co_name` marked as STACK_MISC, another with it as is (and marked STACK_INVALID on a first call). - The call to bpf_probe_read_user() does not mark stack slots corresponding to `&frame->co_name` as REG_LIVE_WRITTEN but it marks these slots as BPF_MISC, this happens because of the following loop in the check_helper_call(): for (i = 0; i < meta.access_size; i++) { err = check_mem_access(env, insn_idx, meta.regno, i, BPF_B, BPF_WRITE, -1, false); if (err) return err; } Note the size of the write, it is a one byte write for each byte touched by a helper. The BPF_B write does not lead to write marks for the target stack slot. - Which means that w/o this patch when second __on_event() call is verified `if (frame->co_name)` will propagate read marks first to a stack slot with STACK_MISC marks and second to a stack slot with STACK_INVALID marks and these states would be considered different. [1] https://lore.kernel.org/bpf/CAEf4BzY3e+ZuC6HUa8dCiUovQRg2SzEk7M-dSkqNZyn=xE… [2] https://lore.kernel.org/bpf/CAADnVQKs2i1iuZ5SUGuJtxWVfGYR9kDgYKhq3rNV+kBLQC… [3] git@github.com:anakryiko/cilium.git Suggested-by: Andrii Nakryiko <andrii(a)kernel.org> Co-developed-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Eduard Zingerman <eddyz87(a)gmail.com> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20230219200427.606541-2-eddyz87@gmail.com Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Maxim Mikityanskiy <maxim(a)isovalent.com> --- Backporting to address the complexity regression introduced by commit 71f656a50176 ("bpf: Fix to preserve reg parent/live fields when copying range info"), that affects Cilium built with LLVM 18. kernel/bpf/verifier.c | 11 +- .../selftests/bpf/progs/test_global_func10.c | 31 +++ tools/testing/selftests/bpf/verifier/calls.c | 13 +- .../bpf/verifier/helper_access_var_len.c | 104 ++++++--- .../testing/selftests/bpf/verifier/int_ptr.c | 9 +- .../selftests/bpf/verifier/search_pruning.c | 13 +- tools/testing/selftests/bpf/verifier/sock.c | 27 --- .../selftests/bpf/verifier/spill_fill.c | 211 ++++++++++++++++++ .../testing/selftests/bpf/verifier/var_off.c | 52 ----- 9 files changed, 342 insertions(+), 129 deletions(-) create mode 100644 tools/testing/selftests/bpf/progs/test_global_func10.c diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index ad115ccc2fe0..60db311480d0 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -2807,6 +2807,8 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env, continue; if (type == STACK_MISC) continue; + if (type == STACK_INVALID && env->allow_uninit_stack) + continue; verbose(env, "invalid read from stack off %d+%d size %d\n", off, i, size); return -EACCES; @@ -2844,6 +2846,8 @@ static int check_stack_read_fixed_off(struct bpf_verifier_env *env, continue; if (type == STACK_ZERO) continue; + if (type == STACK_INVALID && env->allow_uninit_stack) + continue; verbose(env, "invalid read from stack off %d+%d size %d\n", off, i, size); return -EACCES; @@ -4300,7 +4304,8 @@ static int check_stack_range_initialized( stype = &state->stack[spi].slot_type[slot % BPF_REG_SIZE]; if (*stype == STACK_MISC) goto mark; - if (*stype == STACK_ZERO) { + if ((*stype == STACK_ZERO) || + (*stype == STACK_INVALID && env->allow_uninit_stack)) { if (clobber) { /* helper can write anything into the stack */ *stype = STACK_MISC; @@ -9492,6 +9497,10 @@ static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, if (old->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_INVALID) continue; + if (env->allow_uninit_stack && + old->stack[spi].slot_type[i % BPF_REG_SIZE] == STACK_MISC) + continue; + /* explored stack has more populated slots than current stack * and these slots were used */ diff --git a/tools/testing/selftests/bpf/progs/test_global_func10.c b/tools/testing/selftests/bpf/progs/test_global_func10.c new file mode 100644 index 000000000000..8fba3f3649e2 --- /dev/null +++ b/tools/testing/selftests/bpf/progs/test_global_func10.c @@ -0,0 +1,31 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include <stddef.h> +#include <linux/bpf.h> +#include <bpf/bpf_helpers.h> +#include "bpf_misc.h" + +struct Small { + long x; +}; + +struct Big { + long x; + long y; +}; + +__noinline int foo(const struct Big *big) +{ + if (!big) + return 0; + + return bpf_get_prandom_u32() < big->y; +} + +SEC("cgroup_skb/ingress") +__failure __msg("invalid indirect access to stack") +int global_func10(struct __sk_buff *skb) +{ + const struct Small small = {.x = skb->len }; + + return foo((struct Big *)&small) ? 1 : 0; +} diff --git a/tools/testing/selftests/bpf/verifier/calls.c b/tools/testing/selftests/bpf/verifier/calls.c index eb888c8479c3..4b0628cd2d03 100644 --- a/tools/testing/selftests/bpf/verifier/calls.c +++ b/tools/testing/selftests/bpf/verifier/calls.c @@ -1948,19 +1948,22 @@ * that fp-8 stack slot was unused in the fall-through * branch and will accept the program incorrectly */ - BPF_JMP_IMM(BPF_JGT, BPF_REG_1, 2, 2), + BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), + BPF_JMP_IMM(BPF_JGT, BPF_REG_0, 2, 2), BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), BPF_JMP_IMM(BPF_JA, 0, 0, 0), BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -8), BPF_LD_MAP_FD(BPF_REG_1, 0), BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), + BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, - .fixup_map_hash_48b = { 6 }, - .errstr = "invalid indirect read from stack R2 off -8+0 size 8", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_XDP, + .fixup_map_hash_48b = { 7 }, + .errstr_unpriv = "invalid indirect read from stack R2 off -8+0 size 8", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "calls: ctx read at start of subprog", diff --git a/tools/testing/selftests/bpf/verifier/helper_access_var_len.c b/tools/testing/selftests/bpf/verifier/helper_access_var_len.c index 0ab7f1dfc97a..0e24aa11c457 100644 --- a/tools/testing/selftests/bpf/verifier/helper_access_var_len.c +++ b/tools/testing/selftests/bpf/verifier/helper_access_var_len.c @@ -29,19 +29,30 @@ { "helper access to variable memory: stack, bitwise AND, zero included", .insns = { - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), - BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), - BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), - BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), - BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 64), - BPF_MOV64_IMM(BPF_REG_3, 0), - BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel), + /* set max stack size */ + BPF_ST_MEM(BPF_DW, BPF_REG_10, -128, 0), + /* set r3 to a random value */ + BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), + BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), + /* use bitwise AND to limit r3 range to [0, 64] */ + BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 64), + BPF_LD_MAP_FD(BPF_REG_1, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -64), + BPF_MOV64_IMM(BPF_REG_4, 0), + /* Call bpf_ringbuf_output(), it is one of a few helper functions with + * ARG_CONST_SIZE_OR_ZERO parameter allowed in unpriv mode. + * For unpriv this should signal an error, because memory at &fp[-64] is + * not initialized. + */ + BPF_EMIT_CALL(BPF_FUNC_ringbuf_output), BPF_EXIT_INSN(), }, - .errstr = "invalid indirect read from stack R1 off -64+0 size 64", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_TRACEPOINT, + .fixup_map_ringbuf = { 4 }, + .errstr_unpriv = "invalid indirect read from stack R2 off -64+0 size 64", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "helper access to variable memory: stack, bitwise AND + JMP, wrong max", @@ -183,20 +194,31 @@ { "helper access to variable memory: stack, JMP, no min check", .insns = { - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), - BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), - BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), - BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_2, -128), - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, -128), - BPF_JMP_IMM(BPF_JGT, BPF_REG_2, 64, 3), - BPF_MOV64_IMM(BPF_REG_3, 0), - BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel), + /* set max stack size */ + BPF_ST_MEM(BPF_DW, BPF_REG_10, -128, 0), + /* set r3 to a random value */ + BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), + BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), + /* use JMP to limit r3 range to [0, 64] */ + BPF_JMP_IMM(BPF_JGT, BPF_REG_3, 64, 6), + BPF_LD_MAP_FD(BPF_REG_1, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -64), + BPF_MOV64_IMM(BPF_REG_4, 0), + /* Call bpf_ringbuf_output(), it is one of a few helper functions with + * ARG_CONST_SIZE_OR_ZERO parameter allowed in unpriv mode. + * For unpriv this should signal an error, because memory at &fp[-64] is + * not initialized. + */ + BPF_EMIT_CALL(BPF_FUNC_ringbuf_output), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, - .errstr = "invalid indirect read from stack R1 off -64+0 size 64", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_TRACEPOINT, + .fixup_map_ringbuf = { 4 }, + .errstr_unpriv = "invalid indirect read from stack R2 off -64+0 size 64", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "helper access to variable memory: stack, JMP (signed), no min check", @@ -564,29 +586,41 @@ { "helper access to variable memory: 8 bytes leak", .insns = { - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_1, 8), - BPF_MOV64_REG(BPF_REG_1, BPF_REG_10), - BPF_ALU64_IMM(BPF_ADD, BPF_REG_1, -64), + /* set max stack size */ + BPF_ST_MEM(BPF_DW, BPF_REG_10, -128, 0), + /* set r3 to a random value */ + BPF_EMIT_CALL(BPF_FUNC_get_prandom_u32), + BPF_MOV64_REG(BPF_REG_3, BPF_REG_0), + BPF_LD_MAP_FD(BPF_REG_1, 0), + BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -64), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -64), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -56), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -48), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -40), + /* Note: fp[-32] left uninitialized */ BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -24), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -16), BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_0, -8), - BPF_STX_MEM(BPF_DW, BPF_REG_10, BPF_REG_2, -128), - BPF_LDX_MEM(BPF_DW, BPF_REG_2, BPF_REG_10, -128), - BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 63), - BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 1), - BPF_MOV64_IMM(BPF_REG_3, 0), - BPF_EMIT_CALL(BPF_FUNC_probe_read_kernel), - BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_10, -16), + /* Limit r3 range to [1, 64] */ + BPF_ALU64_IMM(BPF_AND, BPF_REG_3, 63), + BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, 1), + BPF_MOV64_IMM(BPF_REG_4, 0), + /* Call bpf_ringbuf_output(), it is one of a few helper functions with + * ARG_CONST_SIZE_OR_ZERO parameter allowed in unpriv mode. + * For unpriv this should signal an error, because memory region [1, 64] + * at &fp[-64] is not fully initialized. + */ + BPF_EMIT_CALL(BPF_FUNC_ringbuf_output), + BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, - .errstr = "invalid indirect read from stack R1 off -64+32 size 64", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_TRACEPOINT, + .fixup_map_ringbuf = { 3 }, + .errstr_unpriv = "invalid indirect read from stack R2 off -64+32 size 64", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "helper access to variable memory: 8 bytes no leak (init memory)", diff --git a/tools/testing/selftests/bpf/verifier/int_ptr.c b/tools/testing/selftests/bpf/verifier/int_ptr.c index 070893fb2900..02d9e004260b 100644 --- a/tools/testing/selftests/bpf/verifier/int_ptr.c +++ b/tools/testing/selftests/bpf/verifier/int_ptr.c @@ -54,12 +54,13 @@ /* bpf_strtoul() */ BPF_EMIT_CALL(BPF_FUNC_strtoul), - BPF_MOV64_IMM(BPF_REG_0, 1), + BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, - .result = REJECT, - .prog_type = BPF_PROG_TYPE_CGROUP_SYSCTL, - .errstr = "invalid indirect read from stack R4 off -16+4 size 8", + .result_unpriv = REJECT, + .errstr_unpriv = "invalid indirect read from stack R4 off -16+4 size 8", + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "ARG_PTR_TO_LONG misaligned", diff --git a/tools/testing/selftests/bpf/verifier/search_pruning.c b/tools/testing/selftests/bpf/verifier/search_pruning.c index 7e36078f8f48..949cbe460248 100644 --- a/tools/testing/selftests/bpf/verifier/search_pruning.c +++ b/tools/testing/selftests/bpf/verifier/search_pruning.c @@ -128,9 +128,10 @@ BPF_EXIT_INSN(), }, .fixup_map_hash_8b = { 3 }, - .errstr = "invalid read from stack off -16+0 size 8", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_TRACEPOINT, + .errstr_unpriv = "invalid read from stack off -16+0 size 8", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, { "allocated_stack", @@ -187,6 +188,8 @@ BPF_EXIT_INSN(), }, .flags = BPF_F_TEST_STATE_FREQ, - .errstr = "invalid read from stack off -8+1 size 8", - .result = REJECT, + .errstr_unpriv = "invalid read from stack off -8+1 size 8", + .result_unpriv = REJECT, + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, }, diff --git a/tools/testing/selftests/bpf/verifier/sock.c b/tools/testing/selftests/bpf/verifier/sock.c index 8c224eac93df..59d976d22867 100644 --- a/tools/testing/selftests/bpf/verifier/sock.c +++ b/tools/testing/selftests/bpf/verifier/sock.c @@ -530,33 +530,6 @@ .prog_type = BPF_PROG_TYPE_SCHED_CLS, .result = ACCEPT, }, -{ - "sk_storage_get(map, skb->sk, &stack_value, 1): partially init stack_value", - .insns = { - BPF_MOV64_IMM(BPF_REG_2, 0), - BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_2, -8), - BPF_LDX_MEM(BPF_DW, BPF_REG_1, BPF_REG_1, offsetof(struct __sk_buff, sk)), - BPF_JMP_IMM(BPF_JNE, BPF_REG_1, 0, 2), - BPF_MOV64_IMM(BPF_REG_0, 0), - BPF_EXIT_INSN(), - BPF_EMIT_CALL(BPF_FUNC_sk_fullsock), - BPF_JMP_IMM(BPF_JNE, BPF_REG_0, 0, 2), - BPF_MOV64_IMM(BPF_REG_0, 0), - BPF_EXIT_INSN(), - BPF_MOV64_IMM(BPF_REG_4, 1), - BPF_MOV64_REG(BPF_REG_3, BPF_REG_10), - BPF_ALU64_IMM(BPF_ADD, BPF_REG_3, -8), - BPF_MOV64_REG(BPF_REG_2, BPF_REG_0), - BPF_LD_MAP_FD(BPF_REG_1, 0), - BPF_EMIT_CALL(BPF_FUNC_sk_storage_get), - BPF_MOV64_IMM(BPF_REG_0, 0), - BPF_EXIT_INSN(), - }, - .fixup_sk_storage_map = { 14 }, - .prog_type = BPF_PROG_TYPE_SCHED_CLS, - .result = REJECT, - .errstr = "invalid indirect read from stack", -}, { "bpf_map_lookup_elem(smap, &key)", .insns = { diff --git a/tools/testing/selftests/bpf/verifier/spill_fill.c b/tools/testing/selftests/bpf/verifier/spill_fill.c index 0b943897aaf6..1e76841b7bfa 100644 --- a/tools/testing/selftests/bpf/verifier/spill_fill.c +++ b/tools/testing/selftests/bpf/verifier/spill_fill.c @@ -104,3 +104,214 @@ .result = ACCEPT, .retval = POINTER_VALUE, }, +{ + "Spill and refill a u32 const scalar. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + /* r4 = 20 */ + BPF_MOV32_IMM(BPF_REG_4, 20), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = *(u32 *)(r10 -8) */ + BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_10, -8), + /* r0 = r2 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r0 += r4 R0=pkt R2=pkt R3=pkt_end R4=20 */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), + /* if (r0 > r3) R0=pkt,off=20 R2=pkt R3=pkt_end R4=20 */ + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), + /* r0 = *(u32 *)r2 R0=pkt,off=20,r=20 R2=pkt,r=20 R3=pkt_end R4=20 */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_2, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill a u32 const, refill from another half of the uninit u32 from the stack", + .insns = { + /* r4 = 20 */ + BPF_MOV32_IMM(BPF_REG_4, 20), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = *(u32 *)(r10 -4) fp-8=????rrrr*/ + BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_10, -4), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result_unpriv = REJECT, + .errstr_unpriv = "invalid read from stack off -4+0 size 4", + /* in privileged mode reads from uninitialized stack locations are permitted */ + .result = ACCEPT, +}, +{ + "Spill a u32 const scalar. Refill as u16. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + /* r4 = 20 */ + BPF_MOV32_IMM(BPF_REG_4, 20), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = *(u16 *)(r10 -8) */ + BPF_LDX_MEM(BPF_H, BPF_REG_4, BPF_REG_10, -8), + /* r0 = r2 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r0 += r4 R0=pkt R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), + /* if (r0 > r3) R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), + /* r0 = *(u32 *)r2 R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=20 */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_2, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = REJECT, + .errstr = "invalid access to packet", + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill u32 const scalars. Refill as u64. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + /* r6 = 0 */ + BPF_MOV32_IMM(BPF_REG_6, 0), + /* r7 = 20 */ + BPF_MOV32_IMM(BPF_REG_7, 20), + /* *(u32 *)(r10 -4) = r6 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_6, -4), + /* *(u32 *)(r10 -8) = r7 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_7, -8), + /* r4 = *(u64 *)(r10 -8) */ + BPF_LDX_MEM(BPF_H, BPF_REG_4, BPF_REG_10, -8), + /* r0 = r2 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r0 += r4 R0=pkt R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), + /* if (r0 > r3) R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), + /* r0 = *(u32 *)r2 R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=20 */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_2, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = REJECT, + .errstr = "invalid access to packet", + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill a u32 const scalar. Refill as u16 from fp-6. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + /* r4 = 20 */ + BPF_MOV32_IMM(BPF_REG_4, 20), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = *(u16 *)(r10 -6) */ + BPF_LDX_MEM(BPF_H, BPF_REG_4, BPF_REG_10, -6), + /* r0 = r2 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r0 += r4 R0=pkt R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), + /* if (r0 > r3) R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=umax=65535 */ + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), + /* r0 = *(u32 *)r2 R0=pkt,umax=65535 R2=pkt R3=pkt_end R4=20 */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_2, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = REJECT, + .errstr = "invalid access to packet", + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill and refill a u32 const scalar at non 8byte aligned stack addr. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + /* r4 = 20 */ + BPF_MOV32_IMM(BPF_REG_4, 20), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* *(u32 *)(r10 -4) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -4), + /* r4 = *(u32 *)(r10 -4), */ + BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_10, -4), + /* r0 = r2 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r0 += r4 R0=pkt R2=pkt R3=pkt_end R4=umax=U32_MAX */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_0, BPF_REG_4), + /* if (r0 > r3) R0=pkt,umax=U32_MAX R2=pkt R3=pkt_end R4= */ + BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), + /* r0 = *(u32 *)r2 R0=pkt,umax=U32_MAX R2=pkt R3=pkt_end R4= */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_2, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = REJECT, + .errstr = "invalid access to packet", + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill and refill a umax=40 bounded scalar. Offset to skb->data", + .insns = { + BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, + offsetof(struct __sk_buff, data)), + BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, + offsetof(struct __sk_buff, data_end)), + BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_1, + offsetof(struct __sk_buff, tstamp)), + BPF_JMP_IMM(BPF_JLE, BPF_REG_4, 40, 2), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + /* *(u32 *)(r10 -8) = r4 R4=umax=40 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = (*u32 *)(r10 - 8) */ + BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_10, -8), + /* r2 += r4 R2=pkt R4=umax=40 */ + BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_4), + /* r0 = r2 R2=pkt,umax=40 R4=umax=40 */ + BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), + /* r2 += 20 R0=pkt,umax=40 R2=pkt,umax=40 */ + BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, 20), + /* if (r2 > r3) R0=pkt,umax=40 R2=pkt,off=20,umax=40 */ + BPF_JMP_REG(BPF_JGT, BPF_REG_2, BPF_REG_3, 1), + /* r0 = *(u32 *)r0 R0=pkt,r=20,umax=40 R2=pkt,off=20,r=20,umax=40 */ + BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_0, 0), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, +{ + "Spill a u32 scalar at fp-4 and then at fp-8", + .insns = { + /* r4 = 4321 */ + BPF_MOV32_IMM(BPF_REG_4, 4321), + /* *(u32 *)(r10 -4) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -4), + /* *(u32 *)(r10 -8) = r4 */ + BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_4, -8), + /* r4 = *(u64 *)(r10 -8) */ + BPF_LDX_MEM(BPF_DW, BPF_REG_4, BPF_REG_10, -8), + BPF_MOV64_IMM(BPF_REG_0, 0), + BPF_EXIT_INSN(), + }, + .result = ACCEPT, + .prog_type = BPF_PROG_TYPE_SCHED_CLS, +}, diff --git a/tools/testing/selftests/bpf/verifier/var_off.c b/tools/testing/selftests/bpf/verifier/var_off.c index eab1f7f56e2f..dc92a29f0d74 100644 --- a/tools/testing/selftests/bpf/verifier/var_off.c +++ b/tools/testing/selftests/bpf/verifier/var_off.c @@ -212,31 +212,6 @@ .result = REJECT, .prog_type = BPF_PROG_TYPE_LWT_IN, }, -{ - "indirect variable-offset stack access, max_off+size > max_initialized", - .insns = { - /* Fill only the second from top 8 bytes of the stack. */ - BPF_ST_MEM(BPF_DW, BPF_REG_10, -16, 0), - /* Get an unknown value. */ - BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 0), - /* Make it small and 4-byte aligned. */ - BPF_ALU64_IMM(BPF_AND, BPF_REG_2, 4), - BPF_ALU64_IMM(BPF_SUB, BPF_REG_2, 16), - /* Add it to fp. We now have either fp-12 or fp-16, but we don't know - * which. fp-12 size 8 is partially uninitialized stack. - */ - BPF_ALU64_REG(BPF_ADD, BPF_REG_2, BPF_REG_10), - /* Dereference it indirectly. */ - BPF_LD_MAP_FD(BPF_REG_1, 0), - BPF_EMIT_CALL(BPF_FUNC_map_lookup_elem), - BPF_MOV64_IMM(BPF_REG_0, 0), - BPF_EXIT_INSN(), - }, - .fixup_map_hash_8b = { 5 }, - .errstr = "invalid indirect read from stack R2 var_off", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_LWT_IN, -}, { "indirect variable-offset stack access, min_off < min_initialized", .insns = { @@ -289,33 +264,6 @@ .result = ACCEPT, .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, -{ - "indirect variable-offset stack access, uninitialized", - .insns = { - BPF_MOV64_IMM(BPF_REG_2, 6), - BPF_MOV64_IMM(BPF_REG_3, 28), - /* Fill the top 16 bytes of the stack. */ - BPF_ST_MEM(BPF_W, BPF_REG_10, -16, 0), - BPF_ST_MEM(BPF_DW, BPF_REG_10, -8, 0), - /* Get an unknown value. */ - BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 0), - /* Make it small and 4-byte aligned. */ - BPF_ALU64_IMM(BPF_AND, BPF_REG_4, 4), - BPF_ALU64_IMM(BPF_SUB, BPF_REG_4, 16), - /* Add it to fp. We now have either fp-12 or fp-16, we don't know - * which, but either way it points to initialized stack. - */ - BPF_ALU64_REG(BPF_ADD, BPF_REG_4, BPF_REG_10), - BPF_MOV64_IMM(BPF_REG_5, 8), - /* Dereference it indirectly. */ - BPF_EMIT_CALL(BPF_FUNC_getsockopt), - BPF_MOV64_IMM(BPF_REG_0, 0), - BPF_EXIT_INSN(), - }, - .errstr = "invalid indirect read from stack R4 var_off", - .result = REJECT, - .prog_type = BPF_PROG_TYPE_SOCK_OPS, -}, { "indirect variable-offset stack access, ok", .insns = { -- 2.45.2

1 year, 3 months

5
6
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PTE is changed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 40b760cfd44566bca791c80e0720d70d75382b84 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081934-embargo-primer-a23e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 40b760cfd445 ("mm/numa: no task_numa_fault() call if PTE is changed") d2136d749d76 ("mm: support multi-size THP numa balancing") 6b0ed7b3c775 ("mm: factor out the numa mapping rebuilding into a new helper") ec1778807a80 ("mm: mprotect: use a folio in change_pte_range()") 6695cf68b15c ("mm: memory: use a folio in do_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:04 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PTE is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index 34f8402d2046..3c01d68065be 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5295,7 +5295,7 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (unlikely(!pte_same(old_pte, vmf->orig_pte))) { pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + return 0; } pte = pte_modify(old_pte, vma->vm_page_prot); @@ -5358,23 +5358,19 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { nid = target_nid; flags |= TNF_MIGRATED; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, - vmf->address, &vmf->ptl); - if (unlikely(!vmf->pte)) - goto out; - if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { - pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, nr_pages, flags); - return 0; + flags |= TNF_MIGRATE_FAIL; + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, + vmf->address, &vmf->ptl); + if (unlikely(!vmf->pte)) + return 0; + if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); + return 0; + } out_map: /* * Make it present again, depending on how arch implements @@ -5387,7 +5383,10 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)

1 year, 3 months

3
2
0 0

Re: Patch "drm/amdkfd: Move dma unmapping after TLB flush" has been added to the 6.6-stable tree

by Felix Kuehling

This patch introduced a regression. If you want to backport it, I'd recommend including this fix as well: commit 9c29282ecbeeb1b43fced3055c6a5bb244b9390b Author: Lang Yu <Lang.Yu(a)amd.com> Date: Thu Jan 11 12:27:07 2024 +0800 drm/amdkfd: reserve the BO before validating it Fix a warning. v2: Avoid unmapping attachment repeatedly when ERESTARTSYS. v3: Lock the BO before accessing ttm->sg to avoid race conditions.(Felix) [ 41.708711] WARNING: CPU: 0 PID: 1463 at drivers/gpu/drm/ttm/ttm_bo.c:846 ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.708989] Call Trace: [ 41.708992] <TASK> [ 41.708996] ? show_regs+0x6c/0x80 [ 41.709000] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709008] ? __warn+0x93/0x190 [ 41.709014] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709024] ? report_bug+0x1f9/0x210 [ 41.709035] ? handle_bug+0x46/0x80 [ 41.709041] ? exc_invalid_op+0x1d/0x80 [ 41.709048] ? asm_exc_invalid_op+0x1f/0x30 [ 41.709057] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709185] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709197] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709337] ? srso_alias_return_thunk+0x5/0x7f [ 41.709346] kfd_mem_dmaunmap_attachment+0x9e/0x1e0 [amdgpu] [ 41.709467] amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x56/0x80 [amdgpu] [ 41.709586] kfd_ioctl_unmap_memory_from_gpu+0x1b7/0x300 [amdgpu] [ 41.709710] kfd_ioctl+0x1ec/0x650 [amdgpu] [ 41.709822] ? __pfx_kfd_ioctl_unmap_memory_from_gpu+0x10/0x10 [amdgpu] [ 41.709945] ? srso_alias_return_thunk+0x5/0x7f [ 41.709949] ? tomoyo_file_ioctl+0x20/0x30 [ 41.709959] __x64_sys_ioctl+0x9c/0xd0 [ 41.709967] do_syscall_64+0x3f/0x90 [ 41.709973] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fixes: 101b8104307e ("drm/amdkfd: Move dma unmapping after TLB flush") Signed-off-by: Lang Yu <Lang.Yu(a)amd.com> Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Regards, Felix On 2024-08-20 8:00, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/amdkfd: Move dma unmapping after TLB flush > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amdkfd-move-dma-unmapping-after-tlb-flush.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 23f8ef0f6e5deee5814fda6ec2e2ee4c2f19a384 > Author: Philip Yang <Philip.Yang(a)amd.com> > Date: Mon Sep 11 14:44:22 2023 -0400 > > drm/amdkfd: Move dma unmapping after TLB flush > > [ Upstream commit 101b8104307eac734f2dfa4d3511430b0b631c73 ] > > Otherwise GPU may access the stale mapping and generate IOMMU > IO_PAGE_FAULT. > > Move this to inside p->mutex to prevent multiple threads mapping and > unmapping concurrently race condition. > > After kfd_mem_dmaunmap_attachment is removed from unmap_bo_from_gpuvm, > kfd_mem_dmaunmap_attachment is called if failed to map to GPUs, and > before free the mem attachment in case failed to unmap from GPUs. > > Signed-off-by: Philip Yang <Philip.Yang(a)amd.com> > Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > index 2fe9860725bd9..5e4fb33b97351 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > @@ -303,6 +303,7 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu(struct amdgpu_device *adev, > struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv); > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_sync_memory( > struct amdgpu_device *adev, struct kgd_mem *mem, bool intr); > int amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(struct kgd_mem *mem, > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > index 62c1dc9510a41..c2d1d57a6c668 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > @@ -733,7 +733,7 @@ kfd_mem_dmaunmap_sg_bo(struct kgd_mem *mem, > enum dma_data_direction dir; > > if (unlikely(!ttm->sg)) { > - pr_err("SG Table of BO is UNEXPECTEDLY NULL"); > + pr_debug("SG Table of BO is NULL"); > return; > } > > @@ -1202,8 +1202,6 @@ static void unmap_bo_from_gpuvm(struct kgd_mem *mem, > amdgpu_vm_clear_freed(adev, vm, &bo_va->last_pt_update); > > amdgpu_sync_fence(sync, bo_va->last_pt_update); > - > - kfd_mem_dmaunmap_attachment(mem, entry); > } > > static int update_gpuvm_pte(struct kgd_mem *mem, > @@ -1258,6 +1256,7 @@ static int map_bo_to_gpuvm(struct kgd_mem *mem, > > update_gpuvm_pte_failed: > unmap_bo_from_gpuvm(mem, entry, sync); > + kfd_mem_dmaunmap_attachment(mem, entry); > return ret; > } > > @@ -1862,8 +1861,10 @@ int amdgpu_amdkfd_gpuvm_free_memory_of_gpu( > mem->va + bo_size * (1 + mem->aql_queue)); > > /* Remove from VM internal data structures */ > - list_for_each_entry_safe(entry, tmp, &mem->attachments, list) > + list_for_each_entry_safe(entry, tmp, &mem->attachments, list) { > + kfd_mem_dmaunmap_attachment(mem, entry); > kfd_mem_detach(entry); > + } > > ret = unreserve_bo_and_vms(&ctx, false, false); > > @@ -2037,6 +2038,23 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu( > return ret; > } > > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv) > +{ > + struct kfd_mem_attachment *entry; > + struct amdgpu_vm *vm; > + > + vm = drm_priv_to_vm(drm_priv); > + > + mutex_lock(&mem->lock); > + > + list_for_each_entry(entry, &mem->attachments, list) { > + if (entry->bo_va->base.vm == vm) > + kfd_mem_dmaunmap_attachment(mem, entry); > + } > + > + mutex_unlock(&mem->lock); > +} > + > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv) > { > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > index d33ba4fe9ad5b..045280c2b607c 100644 > --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > @@ -1432,17 +1432,21 @@ static int kfd_ioctl_unmap_memory_from_gpu(struct file *filep, > goto sync_memory_failed; > } > } > - mutex_unlock(&p->mutex); > > - if (flush_tlb) { > - /* Flush TLBs after waiting for the page table updates to complete */ > - for (i = 0; i < args->n_devices; i++) { > - peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > - if (WARN_ON_ONCE(!peer_pdd)) > - continue; > + /* Flush TLBs after waiting for the page table updates to complete */ > + for (i = 0; i < args->n_devices; i++) { > + peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > + if (WARN_ON_ONCE(!peer_pdd)) > + continue; > + if (flush_tlb) > kfd_flush_tlb(peer_pdd, TLB_FLUSH_HEAVYWEIGHT); > - } > + > + /* Remove dma mapping after tlb flush to avoid IO_PAGE_FAULT */ > + amdgpu_amdkfd_gpuvm_dmaunmap_mem(mem, peer_pdd->drm_priv); > } > + > + mutex_unlock(&p->mutex); > + > kfree(devices_arr); > > return 0;

1 year, 3 months

2
1
0 0

FAILED: patch "[PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 61ebe5a747da649057c37be1c37eb934b4af79ca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081918-payday-symphonic-ac65@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 61ebe5a747da ("mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0") 88ae5fb755b0 ("mm: vmalloc: enable memory allocation profiling") e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") 3ba2c3ff98ea ("Merge tag 'modules-6.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/mcgrof/linux") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61ebe5a747da649057c37be1c37eb934b4af79ca Mon Sep 17 00:00:00 2001 From: Hailong Liu <hailong.liu(a)oppo.com> Date: Thu, 8 Aug 2024 20:19:56 +0800 Subject: [PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. Link: https://lkml.kernel.org/r/20240808122019.3361-1-hailong.liu@oppo.com Fixes: e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") Signed-off-by: Hailong Liu <hailong.liu(a)oppo.com> Reported-by: Tangquan Zheng <zhengtangquan(a)oppo.com> Reviewed-by: Baoquan He <bhe(a)redhat.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Acked-by: Barry Song <baohua(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6b783baf12a1..af2de36549d6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3584,15 +3584,8 @@ vm_area_alloc_pages(gfp_t gfp, int nid, page = alloc_pages_noprof(alloc_gfp, order); else page = alloc_pages_node_noprof(nid, alloc_gfp, order); - if (unlikely(!page)) { - if (!nofail) - break; - - /* fall back to the zero order allocations */ - alloc_gfp |= __GFP_NOFAIL; - order = 0; - continue; - } + if (unlikely(!page)) + break; /* * Higher order allocations must be able to be treated as

1 year, 3 months

3
2
0 0

[PATCH v6.6.y] ALSA: timer: Relax start tick time check for slave timer elements

by Takashi Iwai

commit ccbfcac05866ebe6eb3bc6d07b51d4ed4fcde436 upstream. The recent addition of a sanity check for a too low start tick time seems breaking some applications that uses aloop with a certain slave timer setup. They may have the initial resolution 0, hence it's treated as if it were a too low value. Relax and skip the check for the slave timer instance for addressing the regression. Fixes: 4a63bd179fa8 ("ALSA: timer: Set lower bound of start tick time") Cc: <stable(a)vger.kernel.org> Link: https://github.com/raspberrypi/linux/issues/6294 Link: https://patch.msgid.link/20240810084833.10939-1-tiwai@suse.de Signed-off-by: Takashi Iwai <tiwai(a)suse.de> --- Greg, this is a backport for 6.6.y and older stable kernels that failed to cherry-pick the original one. sound/core/timer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/core/timer.c b/sound/core/timer.c index a0b515981ee9..230babace502 100644 --- a/sound/core/timer.c +++ b/sound/core/timer.c @@ -556,7 +556,7 @@ static int snd_timer_start1(struct snd_timer_instance *timeri, /* check the actual time for the start tick; * bail out as error if it's way too low (< 100us) */ - if (start) { + if (start && !(timer->hw.flags & SNDRV_TIMER_HW_SLAVE)) { if ((u64)snd_timer_hw_resolution(timer) * ticks < 100000) { result = -EINVAL; goto unlock; -- 2.43.0

1 year, 3 months

2
1
0 0

[PATCH AUTOSEL 6.1 01/61] drm/amd/display: Assign linear_pitch_alignment even for VM

by Sasha Levin

From: Alvin Lee <alvin.lee2(a)amd.com> [ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ] [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Reviewed-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index f415733f1a979..d7bca680805d3 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1265,6 +1265,7 @@ struct dc *dc_create(const struct dc_init_data *init_params) return NULL; if (init_params->dce_environment == DCE_ENV_VIRTUAL_HW) { + dc->caps.linear_pitch_alignment = 64; if (!dc_construct_ctx(dc, init_params)) goto destruct_dc; } else { -- 2.43.0

1 year, 3 months

2
62
0 0

[PATCH AUTOSEL 5.10 01/38] drm/amdgpu: fix overflowed array index read warning

by Sasha Levin

From: Tim Huang <Tim.Huang(a)amd.com> [ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ] Clear overflowed array index read warning by cast operation. Signed-off-by: Tim Huang <Tim.Huang(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c index 15ee13c3bd9e1..6976f61be7341 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c @@ -368,8 +368,9 @@ static ssize_t amdgpu_debugfs_ring_read(struct file *f, char __user *buf, size_t size, loff_t *pos) { struct amdgpu_ring *ring = file_inode(f)->i_private; - int r, i; uint32_t value, result, early[3]; + loff_t i; + int r; if (*pos & 3 || size & 3) return -EINVAL; -- 2.43.0

1 year, 3 months

3
40
0 0

FAILED: patch "[PATCH] ksmbd: fix race condition between destroy_previous_session()" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 76e98a158b207771a6c9a0de0a60522a446a3447 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082625-savior-clinic-1a91@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 76e98a158b20 ("ksmbd: fix race condition between destroy_previous_session() and smb2 operations()") d484d621d40f ("ksmbd: add durable scavenger timer") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76e98a158b207771a6c9a0de0a60522a446a3447 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Sat, 17 Aug 2024 14:03:49 +0900 Subject: [PATCH] ksmbd: fix race condition between destroy_previous_session() and smb2 operations() If there is ->PreviousSessionId field in the session setup request, The session of the previous connection should be destroyed. During this, if the smb2 operation requests in the previous session are being processed, a racy issue could happen with ksmbd_destroy_file_table(). This patch sets conn->status to KSMBD_SESS_NEED_RECONNECT to block incoming operations and waits until on-going operations are complete (i.e. idle) before desctorying the previous session. Fixes: c8efcc786146 ("ksmbd: add support for durable handles v1/v2") Cc: stable(a)vger.kernel.org # v6.6+ Reported-by: zdi-disclosures(a)trendmicro.com # ZDI-CAN-25040 Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/connection.c b/fs/smb/server/connection.c index 09e1e7771592..7889df8112b4 100644 --- a/fs/smb/server/connection.c +++ b/fs/smb/server/connection.c @@ -165,11 +165,43 @@ void ksmbd_all_conn_set_status(u64 sess_id, u32 status) up_read(&conn_list_lock); } -void ksmbd_conn_wait_idle(struct ksmbd_conn *conn, u64 sess_id) +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn) { wait_event(conn->req_running_q, atomic_read(&conn->req_running) < 2); } +int ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn *curr_conn, u64 sess_id) +{ + struct ksmbd_conn *conn; + int rc, retry_count = 0, max_timeout = 120; + int rcount = 1; + +retry_idle: + if (retry_count >= max_timeout) + return -EIO; + + down_read(&conn_list_lock); + list_for_each_entry(conn, &conn_list, conns_list) { + if (conn->binding || xa_load(&conn->sessions, sess_id)) { + if (conn == curr_conn) + rcount = 2; + if (atomic_read(&conn->req_running) >= rcount) { + rc = wait_event_timeout(conn->req_running_q, + atomic_read(&conn->req_running) < rcount, + HZ); + if (!rc) { + up_read(&conn_list_lock); + retry_count++; + goto retry_idle; + } + } + } + } + up_read(&conn_list_lock); + + return 0; +} + int ksmbd_conn_write(struct ksmbd_work *work) { struct ksmbd_conn *conn = work->conn; diff --git a/fs/smb/server/connection.h b/fs/smb/server/connection.h index 5c2845e47cf2..5b947175c048 100644 --- a/fs/smb/server/connection.h +++ b/fs/smb/server/connection.h @@ -145,7 +145,8 @@ extern struct list_head conn_list; extern struct rw_semaphore conn_list_lock; bool ksmbd_conn_alive(struct ksmbd_conn *conn); -void ksmbd_conn_wait_idle(struct ksmbd_conn *conn, u64 sess_id); +void ksmbd_conn_wait_idle(struct ksmbd_conn *conn); +int ksmbd_conn_wait_idle_sess_id(struct ksmbd_conn *curr_conn, u64 sess_id); struct ksmbd_conn *ksmbd_conn_alloc(void); void ksmbd_conn_free(struct ksmbd_conn *conn); bool ksmbd_conn_lookup_dialect(struct ksmbd_conn *c); diff --git a/fs/smb/server/mgmt/user_session.c b/fs/smb/server/mgmt/user_session.c index 162a12685d2c..99416ce9f501 100644 --- a/fs/smb/server/mgmt/user_session.c +++ b/fs/smb/server/mgmt/user_session.c @@ -311,6 +311,7 @@ void destroy_previous_session(struct ksmbd_conn *conn, { struct ksmbd_session *prev_sess; struct ksmbd_user *prev_user; + int err; down_write(&sessions_table_lock); down_write(&conn->session_lock); @@ -325,8 +326,16 @@ void destroy_previous_session(struct ksmbd_conn *conn, memcmp(user->passkey, prev_user->passkey, user->passkey_sz)) goto out; + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_RECONNECT); + err = ksmbd_conn_wait_idle_sess_id(conn, id); + if (err) { + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE); + goto out; + } + ksmbd_destroy_file_table(&prev_sess->file_table); prev_sess->state = SMB2_SESSION_EXPIRED; + ksmbd_all_conn_set_status(id, KSMBD_SESS_NEED_NEGOTIATE); ksmbd_launch_ksmbd_durable_scavenger(); out: up_write(&conn->session_lock); diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 3f4c56a10a86..cb7f487c96af 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -2213,7 +2213,7 @@ int smb2_session_logoff(struct ksmbd_work *work) ksmbd_conn_unlock(conn); ksmbd_close_session_fds(work); - ksmbd_conn_wait_idle(conn, sess_id); + ksmbd_conn_wait_idle(conn); /* * Re-lookup session to validate if session is deleted

1 year, 3 months

3
2
0 0

[PATCH stable 6.10 1/2] bpf: Fix a kernel verifier crash in stacksafe()

by Shung-Hsi Yu

From: Yonghong Song <yonghong.song(a)linux.dev> [ Upstream commit bed2eb964c70b780fb55925892a74f26cb590b25 ] Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksafe(). More specifically, it is the following code: if (exact != NOT_EXACT && old->stack[spi].slot_type[i % BPF_REG_SIZE] != cur->stack[spi].slot_type[i % BPF_REG_SIZE]) return false; The 'i' iterates old->allocated_stack. If cur->allocated_stack < old->allocated_stack the out-of-bound access will happen. To fix the issue add 'i >= cur->allocated_stack' check such that if the condition is true, stacksafe() should fail. Otherwise, cur->stack[spi].slot_type[i % BPF_REG_SIZE] memory access is legal. Fixes: 2793a8b015f7 ("bpf: exact states comparison for iterator convergence checks") Cc: Eduard Zingerman <eddyz87(a)gmail.com> Reported-by: Daniel Hodges <hodgesd(a)meta.com> Acked-by: Eduard Zingerman <eddyz87(a)gmail.com> Signed-off-by: Yonghong Song <yonghong.song(a)linux.dev> Link: https://lore.kernel.org/r/20240812214847.213612-1-yonghong.song@linux.dev Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Shung-Hsi Yu <shung-hsi.yu(a)suse.com> --- I see this patch itself was already picked up[1] by Sasha. This thread additional includes the associated selftest that was sent in the same series (not entirely sure if backporting selftest goes against the stable backporting rule though). 1: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/com… --- kernel/bpf/verifier.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c index a8845cc299fe..521bd7efae03 100644 --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -16881,8 +16881,9 @@ static bool stacksafe(struct bpf_verifier_env *env, struct bpf_func_state *old, spi = i / BPF_REG_SIZE; if (exact != NOT_EXACT && - old->stack[spi].slot_type[i % BPF_REG_SIZE] != - cur->stack[spi].slot_type[i % BPF_REG_SIZE]) + (i >= cur->allocated_stack || + old->stack[spi].slot_type[i % BPF_REG_SIZE] != + cur->stack[spi].slot_type[i % BPF_REG_SIZE])) return false; if (!(old->stack[spi].spilled_ptr.live & REG_LIVE_READ) -- 2.46.0

1 year, 3 months

2
2
0 0

VCN power consumption improvement for 6.10.y

by Mario Limonciello

Hi, The following patches in 6.11-rc1 help VCN power consumption on a lot of modern products. Can we please take then to 6.10.y so more people can get the power savings? commit ecfa23c8df7e ("drm/amdgpu/vcn: identify unified queue in sw init") commit 7d75ef3736a0 ("drm/amdgpu/vcn: not pause dpg for unified queue") I've also sent out backports to both 6.6.y and 6.1.y separately. Thanks!

1 year, 3 months

2
1
0 0

[PATCH AUTOSEL 5.15 01/47] drm/amd/display: Assign linear_pitch_alignment even for VM

by Sasha Levin

From: Alvin Lee <alvin.lee2(a)amd.com> [ Upstream commit 984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 ] [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Reviewed-by: Sohaib Nadeem <sohaib.nadeem(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Alvin Lee <alvin.lee2(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index ef151a1bc31cd..12e4beca5e840 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -1107,6 +1107,7 @@ struct dc *dc_create(const struct dc_init_data *init_params) return NULL; if (init_params->dce_environment == DCE_ENV_VIRTUAL_HW) { + dc->caps.linear_pitch_alignment = 64; if (!dc_construct_ctx(dc, init_params)) goto destruct_dc; } else { -- 2.43.0

1 year, 3 months

2
47
0 0

[PATCH AUTOSEL 6.10 001/121] drm/amd/display: Enable RCO for PHYSYMCLK in DCN35

by Sasha Levin

From: Daniel Miess <daniel.miess(a)amd.com> [ Upstream commit f2303026a5b6327247ba61152d00199b2d1be294 ] [Why & How] Enable root clock optimization for PHYSYMCLK and only disable it when it's actively being used v2: Fix array-index-out-of-bounds in dcn35_calc_blocks_to_gate Reviewed-by: Roman Li <roman.li(a)amd.com> Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Acked-by: Wayne Lin <wayne.lin(a)amd.com> Signed-off-by: Daniel Miess <daniel.miess(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/display/dc/dc.h | 1 + .../gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c | 45 ------------------- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 32 +++++++++++++ .../amd/display/dc/hwss/dcn35/dcn35_hwseq.h | 2 + .../amd/display/dc/hwss/dcn35/dcn35_init.c | 1 + .../amd/display/dc/hwss/dcn351/dcn351_init.c | 1 + .../display/dc/hwss/hw_sequencer_private.h | 4 ++ 7 files changed, 41 insertions(+), 45 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index 3c33c3bcbe2cb..fe0025f2167fa 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -701,6 +701,7 @@ enum pg_hw_pipe_resources { PG_OPTC, PG_DPSTREAM, PG_HDMISTREAM, + PG_PHYSYMCLK, PG_HW_PIPE_RESOURCES_NUM_ELEMENT }; diff --git a/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c index 58dd3c5bbff09..024dcf3057a05 100644 --- a/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dcn35/dcn35_dccg.c @@ -451,32 +451,22 @@ static void dccg35_set_physymclk_root_clock_gating( case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYA_REFCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); break; case 1: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYB_REFCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); break; case 2: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYC_REFCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); break; case 3: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYD_REFCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); break; case 4: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYE_REFCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); break; default: BREAK_TO_DEBUGGER(); @@ -499,16 +489,10 @@ static void dccg35_set_physymclk( REG_UPDATE_2(PHYASYMCLK_CLOCK_CNTL, PHYASYMCLK_EN, 1, PHYASYMCLK_SRC_SEL, clk_src); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYA_REFCLK_ROOT_GATE_DISABLE, 0); } else { REG_UPDATE_2(PHYASYMCLK_CLOCK_CNTL, PHYASYMCLK_EN, 0, PHYASYMCLK_SRC_SEL, 0); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYA_REFCLK_ROOT_GATE_DISABLE, 1); } break; case 1: @@ -516,16 +500,10 @@ static void dccg35_set_physymclk( REG_UPDATE_2(PHYBSYMCLK_CLOCK_CNTL, PHYBSYMCLK_EN, 1, PHYBSYMCLK_SRC_SEL, clk_src); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYB_REFCLK_ROOT_GATE_DISABLE, 0); } else { REG_UPDATE_2(PHYBSYMCLK_CLOCK_CNTL, PHYBSYMCLK_EN, 0, PHYBSYMCLK_SRC_SEL, 0); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYB_REFCLK_ROOT_GATE_DISABLE, 1); } break; case 2: @@ -533,16 +511,10 @@ static void dccg35_set_physymclk( REG_UPDATE_2(PHYCSYMCLK_CLOCK_CNTL, PHYCSYMCLK_EN, 1, PHYCSYMCLK_SRC_SEL, clk_src); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYC_REFCLK_ROOT_GATE_DISABLE, 0); } else { REG_UPDATE_2(PHYCSYMCLK_CLOCK_CNTL, PHYCSYMCLK_EN, 0, PHYCSYMCLK_SRC_SEL, 0); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYC_REFCLK_ROOT_GATE_DISABLE, 1); } break; case 3: @@ -550,16 +522,10 @@ static void dccg35_set_physymclk( REG_UPDATE_2(PHYDSYMCLK_CLOCK_CNTL, PHYDSYMCLK_EN, 1, PHYDSYMCLK_SRC_SEL, clk_src); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYD_REFCLK_ROOT_GATE_DISABLE, 0); } else { REG_UPDATE_2(PHYDSYMCLK_CLOCK_CNTL, PHYDSYMCLK_EN, 0, PHYDSYMCLK_SRC_SEL, 0); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYD_REFCLK_ROOT_GATE_DISABLE, 1); } break; case 4: @@ -567,16 +533,10 @@ static void dccg35_set_physymclk( REG_UPDATE_2(PHYESYMCLK_CLOCK_CNTL, PHYESYMCLK_EN, 1, PHYESYMCLK_SRC_SEL, clk_src); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYE_REFCLK_ROOT_GATE_DISABLE, 0); } else { REG_UPDATE_2(PHYESYMCLK_CLOCK_CNTL, PHYESYMCLK_EN, 0, PHYESYMCLK_SRC_SEL, 0); -// if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) -// REG_UPDATE(DCCG_GATE_DISABLE_CNTL4, -// PHYE_REFCLK_ROOT_GATE_DISABLE, 1); } break; default: @@ -714,11 +674,6 @@ void dccg35_init(struct dccg *dccg) dccg35_set_dpstreamclk_root_clock_gating(dccg, otg_inst, false); } - if (dccg->ctx->dc->debug.root_clock_optimization.bits.physymclk) - for (otg_inst = 0; otg_inst < 5; otg_inst++) - dccg35_set_physymclk_root_clock_gating(dccg, otg_inst, - false); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) for (otg_inst = 0; otg_inst < 4; otg_inst++) dccg35_set_dppclk_root_clock_gating(dccg, otg_inst, 0); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index dcced89c07b38..5f60da72c6f58 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -506,6 +506,17 @@ void dcn35_dpstream_root_clock_control(struct dce_hwseq *hws, unsigned int dp_hp } } +void dcn35_physymclk_root_clock_control(struct dce_hwseq *hws, unsigned int phy_inst, bool clock_on) +{ + if (!hws->ctx->dc->debug.root_clock_optimization.bits.physymclk) + return; + + if (hws->ctx->dc->res_pool->dccg->funcs->set_physymclk_root_clock_gating) { + hws->ctx->dc->res_pool->dccg->funcs->set_physymclk_root_clock_gating( + hws->ctx->dc->res_pool->dccg, phy_inst, clock_on); + } +} + void dcn35_dsc_pg_control( struct dce_hwseq *hws, unsigned int dsc_inst, @@ -1041,6 +1052,13 @@ void dcn35_calc_blocks_to_gate(struct dc *dc, struct dc_state *context, if (pipe_ctx->stream_res.hpo_dp_stream_enc) update_state->pg_pipe_res_update[PG_DPSTREAM][pipe_ctx->stream_res.hpo_dp_stream_enc->inst] = false; } + + for (i = 0; i < dc->link_count; i++) { + update_state->pg_pipe_res_update[PG_PHYSYMCLK][dc->links[i]->link_enc_hw_inst] = true; + if (dc->links[i]->type != dc_connection_none) + update_state->pg_pipe_res_update[PG_PHYSYMCLK][dc->links[i]->link_enc_hw_inst] = false; + } + /*domain24 controls all the otg, mpc, opp, as long as one otg is still up, avoid enabling OTG PG*/ for (i = 0; i < dc->res_pool->timing_generator_count; i++) { struct timing_generator *tg = dc->res_pool->timing_generators[i]; @@ -1138,6 +1156,10 @@ void dcn35_calc_blocks_to_ungate(struct dc *dc, struct dc_state *context, } } + for (i = 0; i < dc->link_count; i++) + if (dc->links[i]->type != dc_connection_none) + update_state->pg_pipe_res_update[PG_PHYSYMCLK][dc->links[i]->link_enc_hw_inst] = true; + for (i = 0; i < dc->res_pool->hpo_dp_stream_enc_count; i++) { if (context->res_ctx.is_hpo_dp_stream_enc_acquired[i] && dc->res_pool->hpo_dp_stream_enc[i]) { @@ -1288,6 +1310,11 @@ void dcn35_root_clock_control(struct dc *dc, dc->hwseq->funcs.dpstream_root_clock_control(dc->hwseq, i, power_on); } + for (i = 0; i < dc->res_pool->dig_link_enc_count; i++) + if (update_state->pg_pipe_res_update[PG_PHYSYMCLK][i]) + if (dc->hwseq->funcs.physymclk_root_clock_control) + dc->hwseq->funcs.physymclk_root_clock_control(dc->hwseq, i, power_on); + } for (i = 0; i < dc->res_pool->res_cap->num_dsc; i++) { if (update_state->pg_pipe_res_update[PG_DSC][i]) { @@ -1313,6 +1340,11 @@ void dcn35_root_clock_control(struct dc *dc, dc->hwseq->funcs.dpstream_root_clock_control(dc->hwseq, i, power_on); } + for (i = 0; i < dc->res_pool->dig_link_enc_count; i++) + if (update_state->pg_pipe_res_update[PG_PHYSYMCLK][i]) + if (dc->hwseq->funcs.physymclk_root_clock_control) + dc->hwseq->funcs.physymclk_root_clock_control(dc->hwseq, i, power_on); + } } diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h index f0ea7d1511ae6..e27b3609020ff 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.h @@ -39,6 +39,8 @@ void dcn35_dpp_root_clock_control(struct dce_hwseq *hws, unsigned int dpp_inst, void dcn35_dpstream_root_clock_control(struct dce_hwseq *hws, unsigned int dp_hpo_inst, bool clock_on); +void dcn35_physymclk_root_clock_control(struct dce_hwseq *hws, unsigned int phy_inst, bool clock_on); + void dcn35_enable_power_gating_plane(struct dce_hwseq *hws, bool enable); void dcn35_set_dmu_fgcg(struct dce_hwseq *hws, bool enable); diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 199781233fd5f..987e09d9246e4 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -148,6 +148,7 @@ static const struct hwseq_private_funcs dcn35_private_funcs = { .enable_power_gating_plane = dcn35_enable_power_gating_plane, .dpp_root_clock_control = dcn35_dpp_root_clock_control, .dpstream_root_clock_control = dcn35_dpstream_root_clock_control, + .physymclk_root_clock_control = dcn35_physymclk_root_clock_control, .program_all_writeback_pipes_in_tree = dcn30_program_all_writeback_pipes_in_tree, .update_odm = dcn35_update_odm, .set_hdr_multiplier = dcn10_set_hdr_multiplier, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c index a53092cd619b1..2e0d23ae8fee5 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c @@ -147,6 +147,7 @@ static const struct hwseq_private_funcs dcn351_private_funcs = { .enable_power_gating_plane = dcn35_enable_power_gating_plane, .dpp_root_clock_control = dcn35_dpp_root_clock_control, .dpstream_root_clock_control = dcn35_dpstream_root_clock_control, + .physymclk_root_clock_control = dcn35_physymclk_root_clock_control, .program_all_writeback_pipes_in_tree = dcn30_program_all_writeback_pipes_in_tree, .update_odm = dcn35_update_odm, .set_hdr_multiplier = dcn10_set_hdr_multiplier, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h index 341219cf41442..9553a7d34c3e9 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h +++ b/drivers/gpu/drm/amd/display/dc/hwss/hw_sequencer_private.h @@ -124,6 +124,10 @@ struct hwseq_private_funcs { struct dce_hwseq *hws, unsigned int dpp_inst, bool clock_on); + void (*physymclk_root_clock_control)( + struct dce_hwseq *hws, + unsigned int phy_inst, + bool clock_on); void (*dpp_pg_control)(struct dce_hwseq *hws, unsigned int dpp_inst, bool power_on); -- 2.43.0

1 year, 3 months

3
122
0 0

[PATCH AUTOSEL 4.19 01/14] drm/amdgpu: fix overflowed array index read warning

by Sasha Levin

From: Tim Huang <Tim.Huang(a)amd.com> [ Upstream commit ebbc2ada5c636a6a63d8316a3408753768f5aa9f ] Clear overflowed array index read warning by cast operation. Signed-off-by: Tim Huang <Tim.Huang(a)amd.com> Reviewed-by: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Christian König <christian.koenig(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c index 93794a85f83d8..d1efab2270340 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c @@ -497,8 +497,9 @@ static ssize_t amdgpu_debugfs_ring_read(struct file *f, char __user *buf, size_t size, loff_t *pos) { struct amdgpu_ring *ring = file_inode(f)->i_private; - int r, i; uint32_t value, result, early[3]; + loff_t i; + int r; if (*pos & 3 || size & 3) return -EINVAL; -- 2.43.0

1 year, 3 months

2
14
0 0

[git:media_stage/master] media: videobuf2: Drop minimum allocation requirement of 2 buffers

by Laurent Pinchart

This is an automatic generated email to let you know that the following patch were queued: Subject: media: videobuf2: Drop minimum allocation requirement of 2 buffers Author: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Date: Mon Aug 26 02:24:49 2024 +0300 When introducing the ability for drivers to indicate the minimum number of buffers they require an application to allocate, commit 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") also introduced a global minimum of 2 buffers. It turns out this breaks the Renesas R-Car VSP test suite, where a test that allocates a single buffer fails when two buffers are used. One may consider debatable whether test suite failures without failures in production use cases should be considered as a regression, but operation with a single buffer is a valid use case. While full frame rate can't be maintained, memory-to-memory devices can still be used with a decent efficiency, and requiring applications to allocate multiple buffers for single-shot use cases with capture devices would just waste memory. For those reasons, fix the regression by dropping the global minimum of buffers. Individual drivers can still set their own minimum. Fixes: 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Reviewed-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> Acked-by: Tomasz Figa <tfiga(a)chromium.org> Link: https://lore.kernel.org/r/20240825232449.25905-1-laurent.pinchart+renesas@i… Signed-off-by: Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> drivers/media/common/videobuf2/videobuf2-core.c | 7 ------- 1 file changed, 7 deletions(-) --- diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c index 500a4e0c84ab..29a8d876e6c2 100644 --- a/drivers/media/common/videobuf2/videobuf2-core.c +++ b/drivers/media/common/videobuf2/videobuf2-core.c @@ -2632,13 +2632,6 @@ int vb2_core_queue_init(struct vb2_queue *q) if (WARN_ON(q->supports_requests && q->min_queued_buffers)) return -EINVAL; - /* - * The minimum requirement is 2: one buffer is used - * by the hardware while the other is being processed by userspace. - */ - if (q->min_reqbufs_allocation < 2) - q->min_reqbufs_allocation = 2; - /* * If the driver needs 'min_queued_buffers' in the queue before * calling start_streaming() then the minimum requirement is

1 year, 3 months

1
0
0 0

[PATCH] media: videobuf2: Drop minimum allocation requirement of 2 buffers

by Laurent Pinchart

When introducing the ability for drivers to indicate the minimum number of buffers they require an application to allocate, commit 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") also introduced a global minimum of 2 buffers. It turns out this breaks the Renesas R-Car VSP test suite, where a test that allocates a single buffer fails when two buffers are used. One may consider debatable whether test suite failures without failures in production use cases should be considered as a regression, but operation with a single buffer is a valid use case. While full frame rate can't be maintained, memory-to-memory devices can still be used with a decent efficiency, and requiring applications to allocate multiple buffers for single-shot use cases with capture devices would just waste memory. For those reasons, fix the regression by dropping the global minimum of buffers. Individual drivers can still set their own minimum. Fixes: 6662edcd32cc ("media: videobuf2: Add min_reqbufs_allocation field to vb2_queue structure") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> --- drivers/media/common/videobuf2/videobuf2-core.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c index 500a4e0c84ab..29a8d876e6c2 100644 --- a/drivers/media/common/videobuf2/videobuf2-core.c +++ b/drivers/media/common/videobuf2/videobuf2-core.c @@ -2632,13 +2632,6 @@ int vb2_core_queue_init(struct vb2_queue *q) if (WARN_ON(q->supports_requests && q->min_queued_buffers)) return -EINVAL; - /* - * The minimum requirement is 2: one buffer is used - * by the hardware while the other is being processed by userspace. - */ - if (q->min_reqbufs_allocation < 2) - q->min_reqbufs_allocation = 2; - /* * If the driver needs 'min_queued_buffers' in the queue before * calling start_streaming() then the minimum requirement is base-commit: a043ea54bbb975ca9239c69fd17f430488d33522 -- Regards, Laurent Pinchart

1 year, 3 months

4
5
0 0

[PATCH v5] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202408160935.A6QFliqt-lkp@intel.com/ Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - According to the developer's suggestion, added an inspection of function of_translate_address(). However, kernel test robot reported a build warning, so the inspection is removed here, reverting to the modification solution of patch v3. Changes in v4: - added the check of of_translate_address() as suggestions. Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

1 year, 3 months

2
1
0 0

[PATCH net v2] ionic: Prevent tx_timeout due to frequent doorbell ringing

by Brett Creeley

With recent work to the doorbell workaround code a small hole was introduced that could cause a tx_timeout. This happens if the rx dbell_deadline goes beyond the netdev watchdog timeout set by the driver (i.e. 2 seconds). Fix this by changing the netdev watchdog timeout to 5 seconds and reduce the max rx dbell_deadline to 4 seconds. The test that can reproduce the issue being fixed is a multi-queue send test via pktgen with the "burst" setting to 1. This causes the queue's doorbell to be rung on every packet sent to the driver, which may result in the device missing doorbells due to the high doorbell rate. Cc: stable(a)vger.kernel.org Fixes: 4ded136c78f8 ("ionic: add work item for missed-doorbell check") Signed-off-by: Brett Creeley <brett.creeley(a)amd.com> Reviewed-by: Shannon Nelson <shannon.nelson(a)amd.com> --- v2: - Drop budget == 0 patch to expedite getting this patch merged due to the budget == 0 patch being more complicated than we originally thought. v1: - https://lore.kernel.org/netdev/20240813234122.53083-1-brett.creeley@amd.com/ drivers/net/ethernet/pensando/ionic/ionic_dev.h | 2 +- drivers/net/ethernet/pensando/ionic/ionic_lif.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/pensando/ionic/ionic_dev.h b/drivers/net/ethernet/pensando/ionic/ionic_dev.h index c647033f3ad2..f2f07bf88545 100644 --- a/drivers/net/ethernet/pensando/ionic/ionic_dev.h +++ b/drivers/net/ethernet/pensando/ionic/ionic_dev.h @@ -32,7 +32,7 @@ #define IONIC_ADMIN_DOORBELL_DEADLINE (HZ / 2) /* 500ms */ #define IONIC_TX_DOORBELL_DEADLINE (HZ / 100) /* 10ms */ #define IONIC_RX_MIN_DOORBELL_DEADLINE (HZ / 100) /* 10ms */ -#define IONIC_RX_MAX_DOORBELL_DEADLINE (HZ * 5) /* 5s */ +#define IONIC_RX_MAX_DOORBELL_DEADLINE (HZ * 4) /* 4s */ struct ionic_dev_bar { void __iomem *vaddr; diff --git a/drivers/net/ethernet/pensando/ionic/ionic_lif.c b/drivers/net/ethernet/pensando/ionic/ionic_lif.c index aa0cc31dfe6e..86774d9922d8 100644 --- a/drivers/net/ethernet/pensando/ionic/ionic_lif.c +++ b/drivers/net/ethernet/pensando/ionic/ionic_lif.c @@ -3220,7 +3220,7 @@ int ionic_lif_alloc(struct ionic *ionic) netdev->netdev_ops = &ionic_netdev_ops; ionic_ethtool_set_ops(netdev); - netdev->watchdog_timeo = 2 * HZ; + netdev->watchdog_timeo = 5 * HZ; netif_carrier_off(netdev); lif->identity = lid; -- 2.17.1

1 year, 3 months

2
1
0 0

[PATCH net 2/2] net: mctp-serial: Fix missing escapes on transmit

by Matt Johnston

0x7d and 0x7e bytes are meant to be escaped in the data portion of frames, but this didn't occur since next_chunk_len() had an off-by-one error. That also resulted in the final byte of a payload being written as a separate tty write op. The chunk prior to an escaped byte would be one byte short, and the next call would never test the txpos+1 case, which is where the escaped byte was located. That meant it never hit the escaping case in mctp_serial_tx_work(). Example Input: 01 00 08 c8 7e 80 02 Previous incorrect chunks from next_chunk_len(): 01 00 08 c8 7e 80 02 With this fix: 01 00 08 c8 7e 80 02 Cc: stable(a)vger.kernel.org Fixes: a0c2ccd9b5ad ("mctp: Add MCTP-over-serial transport binding") Signed-off-by: Matt Johnston <matt(a)codeconstruct.com.au> --- drivers/net/mctp/mctp-serial.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/mctp/mctp-serial.c b/drivers/net/mctp/mctp-serial.c index d7db11355909..82890e983847 100644 --- a/drivers/net/mctp/mctp-serial.c +++ b/drivers/net/mctp/mctp-serial.c @@ -91,8 +91,8 @@ static int next_chunk_len(struct mctp_serial *dev) * will be those non-escaped bytes, and does not include the escaped * byte. */ - for (i = 1; i + dev->txpos + 1 < dev->txlen; i++) { - if (needs_escape(dev->txbuf[dev->txpos + i + 1])) + for (i = 1; i + dev->txpos < dev->txlen; i++) { + if (needs_escape(dev->txbuf[dev->txpos + i])) break; }

1 year, 3 months

2
1
0 0

[PATCH] drm/sched: Fix UB pointer dereference

by Philipp Stanner

In drm_sched_job_init(), commit 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") implemented a call to drm_err(), which uses the job's scheduler pointer as a parameter. job->sched, however, is not yet valid as it gets set by drm_sched_job_arm(), which is always called after drm_sched_job_init(). Since the scheduler code has no control over how the API-User has allocated or set 'job', the pointer's dereference is undefined behavior. Fix the UB by replacing drm_err() with pr_err(). Cc: <stable(a)vger.kernel.org> # 6.7+ Fixes: 56e449603f0a ("drm/sched: Convert the GPU scheduler to variable number of run-queues") Reported-by: Danilo Krummrich <dakr(a)redhat.com> Closes: https://lore.kernel.org/lkml/20231108022716.15250-1-dakr@redhat.com/ Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> --- drivers/gpu/drm/scheduler/sched_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/scheduler/sched_main.c b/drivers/gpu/drm/scheduler/sched_main.c index 7e90c9f95611..356c30fa24a8 100644 --- a/drivers/gpu/drm/scheduler/sched_main.c +++ b/drivers/gpu/drm/scheduler/sched_main.c @@ -797,7 +797,7 @@ int drm_sched_job_init(struct drm_sched_job *job, * or worse--a blank screen--leave a trail in the * logs, so this can be debugged easier. */ - drm_err(job->sched, "%s: entity has no rq!\n", __func__); + pr_err("*ERROR* %s: entity has no rq!\n", __func__); return -ENOENT; } -- 2.46.0

1 year, 3 months

3
4
0 0

[PATCH net 00/15] mptcp: more fixes for the in-kernel PM

by Matthieu Baerts (NGI0)

Here is a new batch of fixes for the MPTCP in-kernel path-manager: Patch 1 ensures the address ID is set to 0 when the path-manager sends an ADD_ADDR for the address of the initial subflow. The same fix is applied when a new subflow is created re-using this special address. A fix for v6.0. Patch 2 is similar, but for the case where an endpoint is removed: if this endpoint was used for the initial address, it is important to send a RM_ADDR with this ID set to 0, and look for existing subflows with the ID set to 0. A fix for v6.0 as well. Patch 3 validates the two previous patches. Patch 4 makes the PM selecting an "active" path to send an address notification in an ACK, instead of taking the first path in the list. A fix for v5.11. Patch 5 fixes skipping the establishment of a new subflow if a previous subflow using the same pair of addresses is being closed. A fix for v5.13. Patch 6 resets the ID linked to the initial subflow when the linked endpoint is re-added, possibly with a different ID. A fix for v6.0. Patch 7 validates the three previous patches. Patch 8 is a small fix for the MPTCP Join selftest, when being used with older subflows not supporting all MIB counters. A fix for a commit introduced in v6.4, but backported up to v5.10. Patch 9 avoids the PM to try to close the initial subflow multiple times, and increment counters while nothing happened. A fix for v5.10. Patch 10 stops incrementing local_addr_used and add_addr_accepted counters when dealing with the address ID 0, because these counters are not taking into account the initial subflow, and are then not decremented when the linked addresses are removed. A fix for v6.0. Patch 11 validates the previous patch. Patch 12 avoids the PM to send multiple SUB_CLOSED events for the initial subflow. A fix for v5.12. Patch 13 validates the previous patch. Patch 14 stops treating the ADD_ADDR 0 as a new address, and accepts it in order to re-create the initial subflow if it has been closed, even if the limit for *new* addresses -- not taking into account the address of the initial subflow -- has been reached. A fix for v5.10. Patch 15 validates the previous patch. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (15): mptcp: pm: reuse ID 0 after delete and re-add mptcp: pm: fix RM_ADDR ID for the initial subflow selftests: mptcp: join: check removing ID 0 endpoint mptcp: pm: send ACK on an active subflow mptcp: pm: skip connecting to already established sf mptcp: pm: reset MPC endp ID when re-added selftests: mptcp: join: check re-adding init endp with != id selftests: mptcp: join: no extra msg if no counter mptcp: pm: do not remove already closed subflows mptcp: pm: fix ID 0 endp usage after multiple re-creations selftests: mptcp: join: check re-re-adding ID 0 endp mptcp: avoid duplicated SUB_CLOSED events selftests: mptcp: join: validate event numbers mptcp: pm: ADD_ADDR 0 is not a new address selftests: mptcp: join: check re-re-adding ID 0 signal net/mptcp/pm.c | 4 +- net/mptcp/pm_netlink.c | 87 ++++++++++---- net/mptcp/protocol.c | 6 + net/mptcp/protocol.h | 5 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 149 ++++++++++++++++++++---- tools/testing/selftests/net/mptcp/mptcp_lib.sh | 4 + 6 files changed, 207 insertions(+), 48 deletions(-) --- base-commit: 8af174ea863c72f25ce31cee3baad8a301c0cf0f change-id: 20240826-net-mptcp-more-pm-fix-ffa61a36f817 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 3 months

3
17
0 0

[PATCH] x86/hyperv: fix kexec crash due to VP assist page corruption

by Anirudh Rayabharam

From: Anirudh Rayabharam (Microsoft) <anirudh(a)anirudhrb.com> 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_machine_shutdown(), the cpuhp_remove_state() call is conditioned upon "hyperv_init_cpuhp > 0". This will never be true and so hv_cpu_die() won't be called on all CPUs. This means the VP assist page won't be reset. When the kexec kernel tries to setup the VP assist page again, the hypervisor corrupts the memory region of the old VP assist page causing a panic in case the kexec kernel is using that memory elsewhere. This was originally fixed in dfe94d4086e4 ("x86/hyperv: Fix kexec panic/hang issues"). Set hyperv_init_cpuhp to CPUHP_AP_HYPERV_ONLINE upon successful setup so that the hyperv cpuhp state is removed correctly on kexec and the necessary cleanup takes place. Cc: stable(a)vger.kernel.org Fixes: 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") Signed-off-by: Anirudh Rayabharam (Microsoft) <anirudh(a)anirudhrb.com> --- arch/x86/hyperv/hv_init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 17a71e92a343..81d1981a75d1 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -607,7 +607,7 @@ void __init hyperv_init(void) register_syscore_ops(&hv_syscore_ops); - hyperv_init_cpuhp = cpuhp; + hyperv_init_cpuhp = CPUHP_AP_HYPERV_ONLINE; if (cpuid_ebx(HYPERV_CPUID_FEATURES) & HV_ACCESS_PARTITION_ID) hv_get_partition_id(); @@ -637,7 +637,7 @@ void __init hyperv_init(void) clean_guest_os_id: wrmsrl(HV_X64_MSR_GUEST_OS_ID, 0); hv_ivm_msr_write(HV_X64_MSR_GUEST_OS_ID, 0); - cpuhp_remove_state(cpuhp); + cpuhp_remove_state(CPUHP_AP_HYPERV_ONLINE); free_ghcb_page: free_percpu(hv_ghcb_pg); free_vp_assist_page: -- 2.45.2

1 year, 3 months

2
2
0 0

[PATCH] wifi: wfx: repair open network AP mode

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> RSN IE missing in beacon is normal in open networks. Avoid returning -ENODEV in this case. Steps to reproduce: $ cat /etc/wpa_supplicant.conf network={ ssid="testNet" mode=2 key_mgmt=NONE } $ wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf nl80211: Beacon set failed: -22 (Invalid argument) Failed to set beacon parameters Interface initialization failed wlan0: interface state UNINITIALIZED->DISABLED wlan0: AP-DISABLED wlan0: Unable to setup interface. Failed to initialize AP interface After the change: $ wpa_supplicant -iwlan0 -c /etc/wpa_supplicant.conf Successfully initialized wpa_supplicant wlan0: interface state UNINITIALIZED->ENABLED wlan0: AP-ENABLED Cc: stable(a)vger.kernel.org Fixes: fe0a7776d4d1 ("wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()") Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- drivers/net/wireless/silabs/wfx/sta.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/silabs/wfx/sta.c b/drivers/net/wireless/silabs/wfx/sta.c index 216d43c8bd6e..7c04810dbf3d 100644 --- a/drivers/net/wireless/silabs/wfx/sta.c +++ b/drivers/net/wireless/silabs/wfx/sta.c @@ -352,8 +352,11 @@ static int wfx_set_mfp_ap(struct wfx_vif *wvif) ptr = (u16 *)cfg80211_find_ie(WLAN_EID_RSN, skb->data + ieoffset, skb->len - ieoffset); - if (unlikely(!ptr)) + if (!ptr) { + /* No RSN IE is fine in open networks */ + ret = 0; goto free_skb; + } ptr += pairwise_cipher_suite_count_offset; if (WARN_ON(ptr > (u16 *)skb_tail_pointer(skb))) -- 2.46.0

1 year, 3 months

4
6
0 0

FAILED: patch "[PATCH] igc: Fix qbv tx latency by setting gtxoffset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082742-getting-scoured-1475@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 6c3fc0b1c3d0 ("igc: Fix qbv tx latency by setting gtxoffset") 790835fcc0cb ("igc: Correct the launchtime offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 Mon Sep 17 00:00:00 2001 From: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Date: Sun, 7 Jul 2024 08:53:18 -0400 Subject: [PATCH] igc: Fix qbv tx latency by setting gtxoffset A large tx latency issue was discovered during testing when only QBV was enabled. The issue occurs because gtxoffset was not set when QBV is active, it was only set when launch time is active. The patch "igc: Correct the launchtime offset" only sets gtxoffset when the launchtime_enable field is set by the user. Enabling launchtime_enable ultimately sets the register IGC_TXQCTL_QUEUE_MODE_LAUNCHT (referred to as LaunchT in the SW user manual). Section 7.5.2.6 of the IGC i225/6 SW User Manual Rev 1.2.4 states: "The latency between transmission scheduling (launch time) and the time the packet is transmitted to the network is listed in Table 7-61." However, the patch misinterprets the phrase "launch time" in that section by assuming it specifically refers to the LaunchT register, whereas it actually denotes the generic term for when a packet is released from the internal buffer to the MAC transmit logic. This launch time, as per that section, also implicitly refers to the QBV gate open time, where a packet waits in the buffer for the QBV gate to open. Therefore, latency applies whenever QBV is in use. TSN features such as QBU and QAV reuse QBV, making the latency universal to TSN features. Discussed with i226 HW owner (Shalev, Avi) and we were in agreement that the term "launch time" used in Section 7.5.2.6 is not clear and can be easily misinterpreted. Avi will update this section to: "When TQAVCTRL.TRANSMIT_MODE = TSN, the latency between transmission scheduling and the time the packet is transmitted to the network is listed in Table 7-61." Fix this issue by using igc_tsn_is_tx_mode_in_tsn() as a condition to write to gtxoffset, aligning with the newly updated SW User Manual. Tested: 1. Enrol taprio on talker board base-time 0 cycle-time 1000000 flags 0x2 index 0 cmd S gatemask 0x1 interval1 index 0 cmd S gatemask 0x1 interval2 Note: interval1 = interval for a 64 bytes packet to go through interval2 = cycle-time - interval1 2. Take tcpdump on listener board 3. Use udp tai app on talker to send packets to listener 4. Check the timestamp on listener via wireshark Test Result: 100 Mbps: 113 ~193 ns 1000 Mbps: 52 ~ 84 ns 2500 Mbps: 95 ~ 223 ns Note that the test result is similar to the patch "igc: Correct the launchtime offset". Fixes: 790835fcc0cb ("igc: Correct the launchtime offset") Signed-off-by: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Tested-by: Mor Bar-Gabay <morx.bar.gabay(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/igc/igc_tsn.c b/drivers/net/ethernet/intel/igc/igc_tsn.c index ada751430517..d68fa7f3d5f0 100644 --- a/drivers/net/ethernet/intel/igc/igc_tsn.c +++ b/drivers/net/ethernet/intel/igc/igc_tsn.c @@ -61,7 +61,7 @@ void igc_tsn_adjust_txtime_offset(struct igc_adapter *adapter) struct igc_hw *hw = &adapter->hw; u16 txoffset; - if (!is_any_launchtime(adapter)) + if (!igc_tsn_is_tx_mode_in_tsn(adapter)) return; switch (adapter->link_speed) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] igc: Fix qbv tx latency by setting gtxoffset" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082740-citadel-facelift-bc00@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 6c3fc0b1c3d0 ("igc: Fix qbv tx latency by setting gtxoffset") 790835fcc0cb ("igc: Correct the launchtime offset") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6c3fc0b1c3d073bd6fc3bf43dbd0e64240537464 Mon Sep 17 00:00:00 2001 From: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Date: Sun, 7 Jul 2024 08:53:18 -0400 Subject: [PATCH] igc: Fix qbv tx latency by setting gtxoffset A large tx latency issue was discovered during testing when only QBV was enabled. The issue occurs because gtxoffset was not set when QBV is active, it was only set when launch time is active. The patch "igc: Correct the launchtime offset" only sets gtxoffset when the launchtime_enable field is set by the user. Enabling launchtime_enable ultimately sets the register IGC_TXQCTL_QUEUE_MODE_LAUNCHT (referred to as LaunchT in the SW user manual). Section 7.5.2.6 of the IGC i225/6 SW User Manual Rev 1.2.4 states: "The latency between transmission scheduling (launch time) and the time the packet is transmitted to the network is listed in Table 7-61." However, the patch misinterprets the phrase "launch time" in that section by assuming it specifically refers to the LaunchT register, whereas it actually denotes the generic term for when a packet is released from the internal buffer to the MAC transmit logic. This launch time, as per that section, also implicitly refers to the QBV gate open time, where a packet waits in the buffer for the QBV gate to open. Therefore, latency applies whenever QBV is in use. TSN features such as QBU and QAV reuse QBV, making the latency universal to TSN features. Discussed with i226 HW owner (Shalev, Avi) and we were in agreement that the term "launch time" used in Section 7.5.2.6 is not clear and can be easily misinterpreted. Avi will update this section to: "When TQAVCTRL.TRANSMIT_MODE = TSN, the latency between transmission scheduling and the time the packet is transmitted to the network is listed in Table 7-61." Fix this issue by using igc_tsn_is_tx_mode_in_tsn() as a condition to write to gtxoffset, aligning with the newly updated SW User Manual. Tested: 1. Enrol taprio on talker board base-time 0 cycle-time 1000000 flags 0x2 index 0 cmd S gatemask 0x1 interval1 index 0 cmd S gatemask 0x1 interval2 Note: interval1 = interval for a 64 bytes packet to go through interval2 = cycle-time - interval1 2. Take tcpdump on listener board 3. Use udp tai app on talker to send packets to listener 4. Check the timestamp on listener via wireshark Test Result: 100 Mbps: 113 ~193 ns 1000 Mbps: 52 ~ 84 ns 2500 Mbps: 95 ~ 223 ns Note that the test result is similar to the patch "igc: Correct the launchtime offset". Fixes: 790835fcc0cb ("igc: Correct the launchtime offset") Signed-off-by: Faizal Rahim <faizal.abdul.rahim(a)linux.intel.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Acked-by: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Tested-by: Mor Bar-Gabay <morx.bar.gabay(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/igc/igc_tsn.c b/drivers/net/ethernet/intel/igc/igc_tsn.c index ada751430517..d68fa7f3d5f0 100644 --- a/drivers/net/ethernet/intel/igc/igc_tsn.c +++ b/drivers/net/ethernet/intel/igc/igc_tsn.c @@ -61,7 +61,7 @@ void igc_tsn_adjust_txtime_offset(struct igc_adapter *adapter) struct igc_hw *hw = &adapter->hw; u16 txoffset; - if (!is_any_launchtime(adapter)) + if (!igc_tsn_is_tx_mode_in_tsn(adapter)) return; switch (adapter->link_speed) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ce61b605a00502c59311d0a4b1f58d62b48272d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082604-depose-iphone-7d55@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: ce61b605a005 ("ksmbd: the buffer of smb2 query dir response has at least 1 byte") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect") abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel") ea174a918939 ("ksmbd: destroy expired sessions") f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 34e8ccf9ce24 ("ksmbd: set NegotiateContextCount once instead of every inc") 42bc6793e452 ("Merge tag 'pull-lock_rename_child' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into ksmbd-for-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ce61b605a00502c59311d0a4b1f58d62b48272d0 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 20 Aug 2024 22:07:38 +0900 Subject: [PATCH] ksmbd: the buffer of smb2 query dir response has at least 1 byte When STATUS_NO_MORE_FILES status is set to smb2 query dir response, ->StructureSize is set to 9, which mean buffer has 1 byte. This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to flex-array. Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays") Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 0bc9edf22ba4..e9204180919e 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -4409,7 +4409,8 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->OutputBufferLength = cpu_to_le32(0); rsp->Buffer[0] = 0; rc = ksmbd_iov_pin_rsp(work, (void *)rsp, - sizeof(struct smb2_query_directory_rsp)); + offsetof(struct smb2_query_directory_rsp, Buffer) + + 1); if (rc) goto err_out; } else {

1 year, 3 months

3
4
0 0

[PATCH] spi: rockchip: Resolve unbalanced runtime PM / system PM handling

by Brian Norris

Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. This causes problems when the device is already runtime suspended when we go to sleep -- in which case we double-disable clocks and produce a WARNing. Switch back to pm_runtime_force_{suspend,resume}(), because that still seems like the right thing to do, and the aforementioned commit makes no explanation why it stopped using it. Also, refactor some of the resume() error handling, because it's not actually a good idea to re-disable clocks on failure. Fixes: e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") Cc: <stable(a)vger.kernel.org> Reported-by: "Ondřej Jirman" <megi(a)xff.cz> Closes: https://lore.kernel.org/lkml/20220621154218.sau54jeij4bunf56@core/ Signed-off-by: Brian Norris <briannorris(a)chromium.org> --- drivers/spi/spi-rockchip.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/spi/spi-rockchip.c b/drivers/spi/spi-rockchip.c index e1ecd96c7858..f30af4316b8b 100644 --- a/drivers/spi/spi-rockchip.c +++ b/drivers/spi/spi-rockchip.c @@ -951,8 +951,11 @@ static int rockchip_spi_suspend(struct device *dev) if (ret < 0) return ret; - clk_disable_unprepare(rs->spiclk); - clk_disable_unprepare(rs->apb_pclk); + ret = pm_runtime_force_suspend(dev); + if (ret < 0) { + spi_controller_resume(ctlr); + return ret; + } pinctrl_pm_select_sleep_state(dev); @@ -967,21 +970,11 @@ static int rockchip_spi_resume(struct device *dev) pinctrl_pm_select_default_state(dev); - ret = clk_prepare_enable(rs->apb_pclk); + ret = pm_runtime_force_resume(dev); if (ret < 0) return ret; - ret = clk_prepare_enable(rs->spiclk); - if (ret < 0) - clk_disable_unprepare(rs->apb_pclk); - - ret = spi_controller_resume(ctlr); - if (ret < 0) { - clk_disable_unprepare(rs->spiclk); - clk_disable_unprepare(rs->apb_pclk); - } - - return 0; + return spi_controller_resume(ctlr); } #endif /* CONFIG_PM_SLEEP */ -- 2.46.0.295.g3b9ea8a38a-goog

1 year, 3 months

2
1
0 0

[PATCH] drm/vmwgfx: Cleanup kms setup without 3d

by Zack Rusin

Do not validate format equality for the non 3d cases to allow xrgb to argb copies and make sure the dx binding flags are only used on dx compatible surfaces. Fixes basic 2d kms setup on configurations without 3d. There's little practical benefit to it because kms framebuffer coherence is disabled on configurations without 3d but with those changes the code actually makes sense. Signed-off-by: Zack Rusin <zack.rusin(a)broadcom.com> Fixes: d6667f0ddf46 ("drm/vmwgfx: Fix handling of dumb buffers") Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list(a)broadcom.com> Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ Cc: Maaz Mombasawala <maaz.mombasawala(a)broadcom.com> Cc: Martin Krastev <martin.krastev(a)broadcom.com> --- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 9 --------- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 9 ++++++--- 2 files changed, 6 insertions(+), 12 deletions(-) diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c index 288ed0bb75cb..b5fc5a9e123a 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c @@ -1339,15 +1339,6 @@ static int vmw_kms_new_framebuffer_surface(struct vmw_private *dev_priv, return -EINVAL; } - /* - * For DX, surface format validation is done when surface->scanout - * is set. - */ - if (!has_sm4_context(dev_priv) && format != surface->metadata.format) { - DRM_ERROR("Invalid surface format for requested mode.\n"); - return -EINVAL; - } - vfbs = kzalloc(sizeof(*vfbs), GFP_KERNEL); if (!vfbs) { ret = -ENOMEM; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c index 1625b30d9970..5721c74da3e0 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c @@ -2276,9 +2276,12 @@ int vmw_dumb_create(struct drm_file *file_priv, const struct SVGA3dSurfaceDesc *desc = vmw_surface_get_desc(format); SVGA3dSurfaceAllFlags flags = SVGA3D_SURFACE_HINT_TEXTURE | SVGA3D_SURFACE_HINT_RENDERTARGET | - SVGA3D_SURFACE_SCREENTARGET | - SVGA3D_SURFACE_BIND_SHADER_RESOURCE | - SVGA3D_SURFACE_BIND_RENDER_TARGET; + SVGA3D_SURFACE_SCREENTARGET; + + if (vmw_surface_is_dx_screen_target_format(format)) { + flags |= SVGA3D_SURFACE_BIND_SHADER_RESOURCE | + SVGA3D_SURFACE_BIND_RENDER_TARGET; + } /* * Without mob support we're just going to use raw memory buffer -- 2.43.0

1 year, 3 months

1
0
0 0

[PATCH] cpuidle: haltpoll: Fix guest_halt_poll_ns failed to take effect

by Yanhao Dong

From: ysay <ysaydong(a)gmail.com> When guest_halt_poll_allow_shrink=N,setting guest_halt_poll_ns from a large value to 0 does not reset the CPU polling time, despite guest_halt_poll_ns being intended as a mandatory maximum time limit. The problem was situated in the adjust_poll_limit() within drivers/cpuidle/governors/haltpoll.c:79. Specifically, when guest_halt_poll_allow_shrink was set to N, resetting guest_halt_poll_ns to zero did not lead to executing any section of code that adjusts dev->poll_limit_ns. The issue has been resolved by relocating the check and assignment for dev->poll_limit_ns outside of the conditional block. This ensures that every modification to guest_halt_poll_ns properly influences the CPU polling time. Signed-off-by: ysay <ysaydong(a)gmail.com> Fixes: 2cffe9f6b96f ("cpuidle: add haltpoll governor") --- drivers/cpuidle/governors/haltpoll.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/cpuidle/governors/haltpoll.c b/drivers/cpuidle/governors/haltpoll.c index 663b7f164..99c6260d7 100644 --- a/drivers/cpuidle/governors/haltpoll.c +++ b/drivers/cpuidle/governors/haltpoll.c @@ -78,26 +78,22 @@ static int haltpoll_select(struct cpuidle_driver *drv, static void adjust_poll_limit(struct cpuidle_device *dev, u64 block_ns) { - unsigned int val; + unsigned int val = dev->poll_limit_ns; /* Grow cpu_halt_poll_us if * cpu_halt_poll_us < block_ns < guest_halt_poll_us */ if (block_ns > dev->poll_limit_ns && block_ns <= guest_halt_poll_ns) { - val = dev->poll_limit_ns * guest_halt_poll_grow; + val *= guest_halt_poll_grow; if (val < guest_halt_poll_grow_start) val = guest_halt_poll_grow_start; - if (val > guest_halt_poll_ns) - val = guest_halt_poll_ns; trace_guest_halt_poll_ns_grow(val, dev->poll_limit_ns); - dev->poll_limit_ns = val; } else if (block_ns > guest_halt_poll_ns && guest_halt_poll_allow_shrink) { unsigned int shrink = guest_halt_poll_shrink; - val = dev->poll_limit_ns; if (shrink == 0) { val = 0; } else { @@ -108,8 +104,12 @@ static void adjust_poll_limit(struct cpuidle_device *dev, u64 block_ns) } trace_guest_halt_poll_ns_shrink(val, dev->poll_limit_ns); - dev->poll_limit_ns = val; } + + if (val > guest_halt_poll_ns) + val = guest_halt_poll_ns; + + dev->poll_limit_ns = val; } /** -- 2.43.5

1 year, 3 months

2
1
0 0

[PATCH 2/2] mmc : fix for check cqe halt.

by Seunghwan Baek

To check if mmc cqe is in halt state, need to check set/clear of CQHCI_HALT bit. At this time, we need to check with &, not &&. Therefore, code to check whether cqe is in halt state is modified to cqhci_halted, which has already been implemented. Fixes: 0653300224a6 ("mmc: cqhci: rename cqhci.c to cqhci-core.c") Cc: stable(a)vger.kernel.org Signed-off-by: Seunghwan Baek <sh8267.baek(a)samsung.com> --- drivers/mmc/host/cqhci-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mmc/host/cqhci-core.c b/drivers/mmc/host/cqhci-core.c index c14d7251d0bb..3d5bcb92c78e 100644 --- a/drivers/mmc/host/cqhci-core.c +++ b/drivers/mmc/host/cqhci-core.c @@ -282,7 +282,7 @@ static void __cqhci_enable(struct cqhci_host *cq_host) cqhci_writel(cq_host, cqcfg, CQHCI_CFG); - if (cqhci_readl(cq_host, CQHCI_CTL) & CQHCI_HALT) + if (cqhci_halted(cq_host)) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; @@ -617,7 +617,7 @@ static int cqhci_request(struct mmc_host *mmc, struct mmc_request *mrq) cqhci_writel(cq_host, 0, CQHCI_CTL); mmc->cqe_on = true; pr_debug("%s: cqhci: CQE on\n", mmc_hostname(mmc)); - if (cqhci_readl(cq_host, CQHCI_CTL) && CQHCI_HALT) { + if (cqhci_halted(cq_host)) { pr_err("%s: cqhci: CQE failed to exit halt state\n", mmc_hostname(mmc)); } -- 2.17.1

1 year, 3 months

2
2
0 0

[PATCH] binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined

by Max Filippov

create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architecture has ELF_HWCAP2 defined. Prior to the commit 10e29251be0e ("binfmt_elf_fdpic: fix /proc/<pid>/auxv") it resulted in the last entry of the AUX vector being set to zero, but with that change it results in a kernel BUG. Fix that by adding one to the number of AUXV entries (nitems) when ELF_HWCAP2 is defined. Fixes: 10e29251be0e ("binfmt_elf_fdpic: fix /proc/<pid>/auxv") Cc: stable(a)vger.kernel.org Reported-by: Greg Ungerer <gregungerer(a)westnet.com.au> Closes: https://lore.kernel.org/lkml/5b51975f-6d0b-413c-8b38-39a6a45e8821@westnet.c… Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- fs/binfmt_elf_fdpic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index c11289e1301b..a5cb45cb30c8 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -594,6 +594,9 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, if (bprm->have_execfd) nitems++; +#ifdef ELF_HWCAP2 + nitems++; +#endif csp = sp; sp -= nitems * 2 * sizeof(unsigned long); -- 2.39.2

1 year, 3 months

3
2
0 0

[tip: x86/urgent] x86/tdx: Fix data leak in mmio_read()

by tip-bot2 for Kirill A. Shutemov

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: b6fb565a2d15277896583d471b21bc14a0c99661 Gitweb: https://git.kernel.org/tip/b6fb565a2d15277896583d471b21bc14a0c99661 Author: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> AuthorDate: Mon, 26 Aug 2024 15:53:04 +03:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Mon, 26 Aug 2024 12:45:19 -07:00 x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable (val) on the stack to the VMM. This variable is only needed as an output value. It did not need to be passed to the VMM in the first place. Do not send the original value of *val to the VMM. [ dhansen: clarify what 'val' is used for. ] Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Reported-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240826125304.1566719-1-kirill.shutemov%40linu… --- arch/x86/coco/tdx/tdx.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2ba..da8b66d 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -389,7 +389,6 @@ static bool mmio_read(int size, unsigned long addr, unsigned long *val) .r12 = size, .r13 = EPT_READ, .r14 = addr, - .r15 = *val, }; if (__tdx_hypercall(&args))

1 year, 3 months

1
0
0 0

[PATCH] x86/tdx: Fix data leak in mmio_read()

by Kirill A. Shutemov

The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable on the stack to the VMM. Do not send the original value of *val to the VMM. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Reported-by: Sean Christopherson <seanjc(a)google.com> Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Cc: stable(a)vger.kernel.org # v5.19+ --- arch/x86/coco/tdx/tdx.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2bac2553..da8b66dce0da 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -389,7 +389,6 @@ static bool mmio_read(int size, unsigned long addr, unsigned long *val) .r12 = size, .r13 = EPT_READ, .r14 = addr, - .r15 = *val, }; if (__tdx_hypercall(&args)) -- 2.43.0

1 year, 3 months

2
2
0 0

[PATCH] codetag: debug: mark codetags for pages which transitioned from being poison to unpoison as empty

by Hao Ge

From: Hao Ge <gehao(a)kylinos.cn> The PG_hwpoison page will be caught and isolated on the entrance to the free buddy page pool. so,when we clear this flag and return it to the buddy system,mark codetags for pages as empty. It was detected by [1] and the following WARN occurred: [ 113.930443][ T3282] ------------[ cut here ]------------ [ 113.931105][ T3282] alloc_tag was not set [ 113.931576][ T3282] WARNING: CPU: 2 PID: 3282 at ./include/linux/alloc_tag.h:130 pgalloc_tag_sub.part.66+0x154/0x164 [ 113.932866][ T3282] Modules linked in: hwpoison_inject fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 ipt_REJECT nf_reject_ipv4 xt_conntrack ebtable_nat ebtable_broute ip6table_nat ip6table_man4 [ 113.941638][ T3282] CPU: 2 UID: 0 PID: 3282 Comm: madvise11 Kdump: loaded Tainted: G W 6.11.0-rc4-dirty #18 [ 113.943003][ T3282] Tainted: [W]=WARN [ 113.943453][ T3282] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 113.944378][ T3282] pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 113.945319][ T3282] pc : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946016][ T3282] lr : pgalloc_tag_sub.part.66+0x154/0x164 [ 113.946706][ T3282] sp : ffff800087093a10 [ 113.947197][ T3282] x29: ffff800087093a10 x28: ffff0000d7a9d400 x27: ffff80008249f0a0 [ 113.948165][ T3282] x26: 0000000000000000 x25: ffff80008249f2b0 x24: 0000000000000000 [ 113.949134][ T3282] x23: 0000000000000001 x22: 0000000000000001 x21: 0000000000000000 [ 113.950597][ T3282] x20: ffff0000c08fcad8 x19: ffff80008251e000 x18: ffffffffffffffff [ 113.952207][ T3282] x17: 0000000000000000 x16: 0000000000000000 x15: ffff800081746210 [ 113.953161][ T3282] x14: 0000000000000000 x13: 205d323832335420 x12: 5b5d353031313339 [ 113.954120][ T3282] x11: ffff800087093500 x10: 000000000000005d x9 : 00000000ffffffd0 [ 113.955078][ T3282] x8 : 7f7f7f7f7f7f7f7f x7 : ffff80008236ba90 x6 : c0000000ffff7fff [ 113.956036][ T3282] x5 : ffff000b34bf4dc8 x4 : ffff8000820aba90 x3 : 0000000000000001 [ 113.956994][ T3282] x2 : ffff800ab320f000 x1 : 841d1e35ac932e00 x0 : 0000000000000000 [ 113.957962][ T3282] Call trace: [ 113.958350][ T3282] pgalloc_tag_sub.part.66+0x154/0x164 [ 113.959000][ T3282] pgalloc_tag_sub+0x14/0x1c [ 113.959539][ T3282] free_unref_page+0xf4/0x4b8 [ 113.960096][ T3282] __folio_put+0xd4/0x120 [ 113.960614][ T3282] folio_put+0x24/0x50 [ 113.961103][ T3282] unpoison_memory+0x4f0/0x5b0 [ 113.961678][ T3282] hwpoison_unpoison+0x30/0x48 [hwpoison_inject] [ 113.962436][ T3282] simple_attr_write_xsigned.isra.34+0xec/0x1cc [ 113.963183][ T3282] simple_attr_write+0x38/0x48 [ 113.963750][ T3282] debugfs_attr_write+0x54/0x80 [ 113.964330][ T3282] full_proxy_write+0x68/0x98 [ 113.964880][ T3282] vfs_write+0xdc/0x4d0 [ 113.965372][ T3282] ksys_write+0x78/0x100 [ 113.965875][ T3282] __arm64_sys_write+0x24/0x30 [ 113.966440][ T3282] invoke_syscall+0x7c/0x104 [ 113.966984][ T3282] el0_svc_common.constprop.1+0x88/0x104 [ 113.967652][ T3282] do_el0_svc+0x2c/0x38 [ 113.968893][ T3282] el0_svc+0x3c/0x1b8 [ 113.969379][ T3282] el0t_64_sync_handler+0x98/0xbc [ 113.969980][ T3282] el0t_64_sync+0x19c/0x1a0 [ 113.970511][ T3282] ---[ end trace 0000000000000000 ]--- Link [1]: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/sysc… Fixes: a8fc28dad6d5 ("alloc_tag: introduce clear_page_tag_ref() helper function") Cc: stable(a)vger.kernel.org # v6.10 Signed-off-by: Hao Ge <gehao(a)kylinos.cn> --- mm/memory-failure.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/memory-failure.c b/mm/memory-failure.c index 7066fc84f351..570388c41532 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -2623,6 +2623,12 @@ int unpoison_memory(unsigned long pfn) folio_put(folio); if (TestClearPageHWPoison(p)) { + /* the PG_hwpoison page will be caught and isolated + * on the entrance to the free buddy page pool. + * so,when we clear this flag and return it to the buddy system, + * clear it's codetag + */ + clear_page_tag_ref(p); folio_put(folio); ret = 0; } -- 2.25.1

1 year, 3 months

3
14
0 0

[PATCH] Fixes: 496d0a648509 ("cpuidle: Fix guest_halt_poll_ns failed to take effect when setting guest_halt_poll_allow_shrink=N")

by Yanhao Dong

From: ysay <ysaydong(a)gmail.com> When guest_halt_poll_allow_shrink=N,setting guest_halt_poll_ns from a large value to 0 does not reset the CPU polling time, despite guest_halt_poll_ns being intended as a mandatory maximum time limit. The problem was situated in the adjust_poll_limit() within drivers/cpuidle/governors/haltpoll.c:79. Specifically, when guest_halt_poll_allow_shrink was set to N, resetting guest_halt_poll_ns to zero did not lead to executing any section of code that adjusts dev->poll_limit_ns. The issue has been resolved by relocating the check and assignment for dev->poll_limit_ns outside of the conditional block. This ensures that every modification to guest_halt_poll_ns properly influences the CPU polling time. Signed-off-by: ysay <ysaydong(a)gmail.com> --- drivers/cpuidle/governors/haltpoll.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/drivers/cpuidle/governors/haltpoll.c b/drivers/cpuidle/governors/haltpoll.c index 663b7f164..99c6260d7 100644 --- a/drivers/cpuidle/governors/haltpoll.c +++ b/drivers/cpuidle/governors/haltpoll.c @@ -78,26 +78,22 @@ static int haltpoll_select(struct cpuidle_driver *drv, static void adjust_poll_limit(struct cpuidle_device *dev, u64 block_ns) { - unsigned int val; + unsigned int val = dev->poll_limit_ns; /* Grow cpu_halt_poll_us if * cpu_halt_poll_us < block_ns < guest_halt_poll_us */ if (block_ns > dev->poll_limit_ns && block_ns <= guest_halt_poll_ns) { - val = dev->poll_limit_ns * guest_halt_poll_grow; + val *= guest_halt_poll_grow; if (val < guest_halt_poll_grow_start) val = guest_halt_poll_grow_start; - if (val > guest_halt_poll_ns) - val = guest_halt_poll_ns; trace_guest_halt_poll_ns_grow(val, dev->poll_limit_ns); - dev->poll_limit_ns = val; } else if (block_ns > guest_halt_poll_ns && guest_halt_poll_allow_shrink) { unsigned int shrink = guest_halt_poll_shrink; - val = dev->poll_limit_ns; if (shrink == 0) { val = 0; } else { @@ -108,8 +104,12 @@ static void adjust_poll_limit(struct cpuidle_device *dev, u64 block_ns) } trace_guest_halt_poll_ns_shrink(val, dev->poll_limit_ns); - dev->poll_limit_ns = val; } + + if (val > guest_halt_poll_ns) + val = guest_halt_poll_ns; + + dev->poll_limit_ns = val; } /** -- 2.43.5

1 year, 3 months

3
2
0 0

[tip: x86/urgent] x86/tdx: Fix data leak in mmio_read()

by tip-bot2 for Kirill A. Shutemov

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: eb786ee1390b8fbba633c01a971709c6906fd8bf Gitweb: https://git.kernel.org/tip/eb786ee1390b8fbba633c01a971709c6906fd8bf Author: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> AuthorDate: Mon, 26 Aug 2024 15:53:04 +03:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Mon, 26 Aug 2024 07:04:09 -07:00 x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initialized variable on the stack to the VMM. Do not send the original value of *val to the VMM. Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Reported-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20240826125304.1566719-1-kirill.shutemov%40linu… --- arch/x86/coco/tdx/tdx.c | 1 - 1 file changed, 1 deletion(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 078e2ba..da8b66d 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -389,7 +389,6 @@ static bool mmio_read(int size, unsigned long addr, unsigned long *val) .r12 = size, .r13 = EPT_READ, .r14 = addr, - .r15 = *val, }; if (__tdx_hypercall(&args))

1 year, 3 months

1
0
0 0

[proposal] binfmt_misc: pass binfmt_misc flags to the interpreter

by Thorsten Glaser

commit 2347961b11d4079deace3c81dceed460c08a8fc1 I would like to propose this commit from 5.12 for stable, or rather, ask whether it’s a candidate and leave the exact picking/backporting to the experts (if it has other commits as prerequisites and/or later fixups). This is because qemu-user needs it, and it arrived just too late for the current Debian LTS kernel (5.10), and qemu-user in Debian until yesterday had a workaround, but now doesn’t because it’s in the stable kernel (6.1), so qemu-user-static cannot be just used as-is on Debian LTS any more. I’d like it to be applied to 5.10 (obviously), but perhaps others would appreciate more broad coverage. Thanks in advance, //mirabilos -- „Cool, /usr/share/doc/mksh/examples/uhr.gz ist ja ein Grund, mksh auf jedem System zu installieren.“ -- XTaran auf der OpenRheinRuhr, ganz begeistert (EN: “[…]uhr.gz is a reason to install mksh on every system.”)

1 year, 3 months

2
2
0 0

[PATCH] btrfs: fix the race between umount and btrfs-cleaner

by Julian Sun

There is a race condition generic_shutdown_super() and __btrfs_run_defrag_inode(). Consider the following scenario: umount thread: btrfs-cleaner thread: btrfs_run_delayed_iputs() ->run_delayed_iput_locked() ->iput(inode) // Here the inode (ie ino 261) will be cleared and freed btrfs_kill_super() ->generic_shutdown_super() btrfs_run_defrag_inodes() ->__btrfs_run_defrag_inode() ->btrfs_iget(ino) // The inode 261 was recreated with i_count=1 // and added to the sb list ->evict_inodes(sb) // After some work // inode 261 was added ->iput(inode) // to the dispose list ->iput_funal() ->evict(inode) ->evict(inode) Now, we have two threads simultaneously evicting the same inode, which led to a bug. The above behavior can be confirmed by the log I added for debugging and the log printed when BUG was triggered. Due to space limitations, I cannot paste the full diff and here is a brief describtion. First, within __btrfs_run_defrag_inode(), set inode->i_state |= (1<<19) just before calling iput(). Within the dispose_list(), check the flag, if the flag was set, then pr_info("bug! double evict! crash will happen! state is 0x%lx\n", inode->i_state); Here is the printed log when the BUG was triggered: [ 190.686726][ T2336] bug! double evict! crash will happen! state is 0x80020 [ 190.687647][ T2336] ------------[ cut here ]------------ [ 190.688294][ T2336] kernel BUG at fs/inode.c:626! [ 190.688939][ T2336] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 190.689792][ T2336] CPU: 1 PID: 2336 Comm: a.out Not tainted 6.10.0-rc2-00223-g0c529ab65ef8-dirty #109 [ 190.690894][ T2336] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [ 190.692111][ T2336] RIP: 0010:clear_inode+0x15b/0x190 // some logs... [ 190.704501][ T2336] btrfs_evict_inode+0x529/0xe80 [ 190.706966][ T2336] evict+0x2ed/0x6c0 [ 190.707209][ T2336] dispose_list+0x62/0x260 [ 190.707490][ T2336] evict_inodes+0x34e/0x450 To prevent this behavior, we need to set BTRFS_FS_CLOSING_START before kill_anon_super() to ensure that btrfs_run_defrag_inodes() doesn't continue working after unmount. Reported-and-tested-by: syzbot+67ba3c42bcbb4665d3ad(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=67ba3c42bcbb4665d3ad CC: stable(a)vger.kernel.org Fixes: c146afad2c7f ("Btrfs: mount ro and remount support") Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/btrfs/super.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index f05cce7c8b8d..f7e87fe583ab 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -2093,6 +2093,7 @@ static int btrfs_get_tree(struct fs_context *fc) static void btrfs_kill_super(struct super_block *sb) { struct btrfs_fs_info *fs_info = btrfs_sb(sb); + set_bit(BTRFS_FS_CLOSING_START, &fs_info->flags); kill_anon_super(sb); btrfs_free_fs_info(fs_info); } -- 2.39.2

1 year, 3 months

3
5
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in of_thermal_zone_find() error" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c0a1ef9c5be72ff28a5413deb1b3e1a066593c13 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082600-trodden-majesty-7be0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: c0a1ef9c5be7 ("thermal: of: Fix OF node leak in of_thermal_zone_find() error paths") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c0a1ef9c5be72ff28a5413deb1b3e1a066593c13 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:23 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in of_thermal_zone_find() error paths Terminating for_each_available_child_of_node() loop requires dropping OF node reference, so bailing out on errors misses this. Solve the OF node reference leak with scoped for_each_available_child_of_node_scoped(). Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-3-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index b08a9b64718d..1f252692815a 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -184,14 +184,14 @@ static struct device_node *of_thermal_zone_find(struct device_node *sensor, int * Search for each thermal zone, a defined sensor * corresponding to the one passed as parameter */ - for_each_available_child_of_node(np, tz) { + for_each_available_child_of_node_scoped(np, child) { int count, i; - count = of_count_phandle_with_args(tz, "thermal-sensors", + count = of_count_phandle_with_args(child, "thermal-sensors", "#thermal-sensor-cells"); if (count <= 0) { - pr_err("%pOFn: missing thermal sensor\n", tz); + pr_err("%pOFn: missing thermal sensor\n", child); tz = ERR_PTR(-EINVAL); goto out; } @@ -200,18 +200,19 @@ static struct device_node *of_thermal_zone_find(struct device_node *sensor, int int ret; - ret = of_parse_phandle_with_args(tz, "thermal-sensors", + ret = of_parse_phandle_with_args(child, "thermal-sensors", "#thermal-sensor-cells", i, &sensor_specs); if (ret < 0) { - pr_err("%pOFn: Failed to read thermal-sensors cells: %d\n", tz, ret); + pr_err("%pOFn: Failed to read thermal-sensors cells: %d\n", child, ret); tz = ERR_PTR(ret); goto out; } if ((sensor == sensor_specs.np) && id == (sensor_specs.args_count ? sensor_specs.args[0] : 0)) { - pr_debug("sensor %pOFn id=%d belongs to %pOFn\n", sensor, id, tz); + pr_debug("sensor %pOFn id=%d belongs to %pOFn\n", sensor, id, child); + tz = no_free_ptr(child); goto out; } }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in of_thermal_zone_find() error" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c0a1ef9c5be72ff28a5413deb1b3e1a066593c13 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082659-veto-ladies-d1b3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: c0a1ef9c5be7 ("thermal: of: Fix OF node leak in of_thermal_zone_find() error paths") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c0a1ef9c5be72ff28a5413deb1b3e1a066593c13 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:23 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in of_thermal_zone_find() error paths Terminating for_each_available_child_of_node() loop requires dropping OF node reference, so bailing out on errors misses this. Solve the OF node reference leak with scoped for_each_available_child_of_node_scoped(). Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-3-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index b08a9b64718d..1f252692815a 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -184,14 +184,14 @@ static struct device_node *of_thermal_zone_find(struct device_node *sensor, int * Search for each thermal zone, a defined sensor * corresponding to the one passed as parameter */ - for_each_available_child_of_node(np, tz) { + for_each_available_child_of_node_scoped(np, child) { int count, i; - count = of_count_phandle_with_args(tz, "thermal-sensors", + count = of_count_phandle_with_args(child, "thermal-sensors", "#thermal-sensor-cells"); if (count <= 0) { - pr_err("%pOFn: missing thermal sensor\n", tz); + pr_err("%pOFn: missing thermal sensor\n", child); tz = ERR_PTR(-EINVAL); goto out; } @@ -200,18 +200,19 @@ static struct device_node *of_thermal_zone_find(struct device_node *sensor, int int ret; - ret = of_parse_phandle_with_args(tz, "thermal-sensors", + ret = of_parse_phandle_with_args(child, "thermal-sensors", "#thermal-sensor-cells", i, &sensor_specs); if (ret < 0) { - pr_err("%pOFn: Failed to read thermal-sensors cells: %d\n", tz, ret); + pr_err("%pOFn: Failed to read thermal-sensors cells: %d\n", child, ret); tz = ERR_PTR(ret); goto out; } if ((sensor == sensor_specs.np) && id == (sensor_specs.args_count ? sensor_specs.args[0] : 0)) { - pr_debug("sensor %pOFn id=%d belongs to %pOFn\n", sensor, id, tz); + pr_debug("sensor %pOFn id=%d belongs to %pOFn\n", sensor, id, child); + tz = no_free_ptr(child); goto out; } }

1 year, 3 months

1
0
0 0

[PATCH v2] firmware_loader: Block path traversal

by Jann Horn

Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace; the ones I could find (not counting interfaces that require root privileges) are: - lpfc_sli4_request_firmware_update() seems to construct the firmware filename from "ModelName", a string that was previously parsed out of some descriptor ("Vital Product Data") in lpfc_fill_vpd() - nfp_net_fw_find() seems to construct a firmware filename from a model name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I think parses some descriptor that was read from the device. (But this case likely isn't exploitable because the format string looks like "netronome/nic_%s", and there shouldn't be any *folders* starting with "netronome/nic_". The previous case was different because there, the "%s" is *at the start* of the format string.) - module_flash_fw_schedule() is reachable from the ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is enough to pass the privilege check), and takes a userspace-provided firmware name. (But I think to reach this case, you need to have CAP_NET_ADMIN over a network namespace that a special kind of ethernet device is mapped into, so I think this is not a viable attack path in practice.) Fix it by rejecting any firmware names containing ".." path components. For what it's worth, I went looking and haven't found any USB device drivers that use the firmware loader dangerously. Cc: stable(a)vger.kernel.org Fixes: abb139e75c2c ("firmware: teach the kernel to load firmware files directly from the filesystem") Signed-off-by: Jann Horn <jannh(a)google.com> --- Changes in v2: - describe fix in commit message (dakr) - write check more clearly and with comment in separate helper (dakr) - document new restriction in comment above request_firmware() (dakr) - warn when new restriction is triggered - Link to v1: https://lore.kernel.org/r/20240820-firmware-traversal-v1-1-8699ffaa9276@goo… --- drivers/base/firmware_loader/main.c | 41 +++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a03ee4b11134..dd47ce9a761f 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -849,6 +849,37 @@ static void fw_log_firmware_info(const struct firmware *fw, const char *name, {} #endif +/* + * Reject firmware file names with ".." path components. + * There are drivers that construct firmware file names from device-supplied + * strings, and we don't want some device to be able to tell us "I would like to + * be sent my firmware from ../../../etc/shadow, please". + * + * Search for ".." surrounded by either '/' or start/end of string. + * + * This intentionally only looks at the firmware name, not at the firmware base + * directory or at symlink contents. + */ +static bool name_contains_dotdot(const char *name) +{ + size_t name_len = strlen(name); + size_t i; + + if (name_len < 2) + return false; + for (i = 0; i < name_len - 1; i++) { + /* do we see a ".." sequence? */ + if (name[i] != '.' || name[i+1] != '.') + continue; + + /* is it a path component? */ + if ((i == 0 || name[i-1] == '/') && + (i == name_len - 2 || name[i+2] == '/')) + return true; + } + return false; +} + /* called from request_firmware() and request_firmware_work_func() */ static int _request_firmware(const struct firmware **firmware_p, const char *name, @@ -869,6 +900,14 @@ _request_firmware(const struct firmware **firmware_p, const char *name, goto out; } + if (name_contains_dotdot(name)) { + dev_warn(device, + "Firmware load for '%s' refused, path contains '..' component", + name); + ret = -EINVAL; + goto out; + } + ret = _request_firmware_prepare(&fw, name, device, buf, size, offset, opt_flags); if (ret <= 0) /* error or already assigned */ @@ -946,6 +985,8 @@ _request_firmware(const struct firmware **firmware_p, const char *name, * @name will be used as $FIRMWARE in the uevent environment and * should be distinctive enough not to be confused with any other * firmware image for this or any other device. + * It must not contain any ".." path components - "foo/bar..bin" is + * allowed, but "foo/../bar.bin" is not. * * Caller must hold the reference count of @device. * --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240820-firmware-traversal-6df8501b0fe4 -- Jann Horn <jannh(a)google.com>

1 year, 3 months

6
11
0 0

[PATCH v3 2/7] media: sun4i_csi: Implement link validate for sun4i_csi subdev

by Laurent Pinchart

The sun4i_csi driver doesn't implement link validation for the subdev it registers, leaving the link between the subdev and its source unvalidated. Fix it, using the v4l2_subdev_link_validate() helper. Fixes: 577bbf23b758 ("media: sunxi: Add A10 CSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Acked-by: Chen-Yu Tsai <wens(a)csie.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> --- drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c index 097a3a08ef7d..dbb26c7b2f8d 100644 --- a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c +++ b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c @@ -39,6 +39,10 @@ static const struct media_entity_operations sun4i_csi_video_entity_ops = { .link_validate = v4l2_subdev_link_validate, }; +static const struct media_entity_operations sun4i_csi_subdev_entity_ops = { + .link_validate = v4l2_subdev_link_validate, +}; + static int sun4i_csi_notify_bound(struct v4l2_async_notifier *notifier, struct v4l2_subdev *subdev, struct v4l2_async_connection *asd) @@ -214,6 +218,7 @@ static int sun4i_csi_probe(struct platform_device *pdev) subdev->internal_ops = &sun4i_csi_subdev_internal_ops; subdev->flags = V4L2_SUBDEV_FL_HAS_DEVNODE | V4L2_SUBDEV_FL_HAS_EVENTS; subdev->entity.function = MEDIA_ENT_F_VID_IF_BRIDGE; + subdev->entity.ops = &sun4i_csi_subdev_entity_ops; subdev->owner = THIS_MODULE; snprintf(subdev->name, sizeof(subdev->name), "sun4i-csi-0"); v4l2_set_subdevdata(subdev, csi); -- Regards, Laurent Pinchart

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in thermal_of_trips_init()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x afc954fd223ded70b1fa000767e2531db55cce58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082654-puppy-crying-cf89@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: afc954fd223d ("thermal: of: Fix OF node leak in thermal_of_trips_init() error path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From afc954fd223ded70b1fa000767e2531db55cce58 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:21 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in thermal_of_trips_init() error path Terminating for_each_child_of_node() loop requires dropping OF node reference, so bailing out after thermal_of_populate_trip() error misses this. Solve the OF node reference leak with scoped for_each_child_of_node_scoped(). Fixes: d0c75fa2c17f ("thermal/of: Initialize trip points separately") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-1-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index aa34b6e82e26..30f8d6e70484 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -125,7 +125,7 @@ static int thermal_of_populate_trip(struct device_node *np, static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *ntrips) { struct thermal_trip *tt; - struct device_node *trips, *trip; + struct device_node *trips; int ret, count; trips = of_get_child_by_name(np, "trips"); @@ -150,7 +150,7 @@ static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *n *ntrips = count; count = 0; - for_each_child_of_node(trips, trip) { + for_each_child_of_node_scoped(trips, trip) { ret = thermal_of_populate_trip(trip, &tt[count++]); if (ret) goto out_kfree;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in thermal_of_trips_init()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x afc954fd223ded70b1fa000767e2531db55cce58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082655-virtuous-reggae-54f4@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: afc954fd223d ("thermal: of: Fix OF node leak in thermal_of_trips_init() error path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From afc954fd223ded70b1fa000767e2531db55cce58 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:21 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in thermal_of_trips_init() error path Terminating for_each_child_of_node() loop requires dropping OF node reference, so bailing out after thermal_of_populate_trip() error misses this. Solve the OF node reference leak with scoped for_each_child_of_node_scoped(). Fixes: d0c75fa2c17f ("thermal/of: Initialize trip points separately") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-1-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index aa34b6e82e26..30f8d6e70484 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -125,7 +125,7 @@ static int thermal_of_populate_trip(struct device_node *np, static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *ntrips) { struct thermal_trip *tt; - struct device_node *trips, *trip; + struct device_node *trips; int ret, count; trips = of_get_child_by_name(np, "trips"); @@ -150,7 +150,7 @@ static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *n *ntrips = count; count = 0; - for_each_child_of_node(trips, trip) { + for_each_child_of_node_scoped(trips, trip) { ret = thermal_of_populate_trip(trip, &tt[count++]); if (ret) goto out_kfree;

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082650-decompose-customer-0b61@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e3e4bf58bad1 ("drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1") a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") 94b1e028e15c ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Wed, 14 Aug 2024 10:28:24 -0400 Subject: [PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 The workaround seems to cause stability issues on other SDMA 5.2.x IPs. Fixes: a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3556 Acked-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 2dc3851ef7d9c5439ea8e9623fc36878f3b40649) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c index af1e90159ce3..2e72d445415f 100644 --- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c @@ -176,14 +176,16 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring) DRM_DEBUG("calling WDOORBELL64(0x%08x, 0x%016llx)\n", ring->doorbell_index, ring->wptr << 2); WDOORBELL64(ring->doorbell_index, ring->wptr << 2); - /* SDMA seems to miss doorbells sometimes when powergating kicks in. - * Updating the wptr directly will wake it. This is only safe because - * we disallow gfxoff in begin_use() and then allow it again in end_use(). - */ - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), - lower_32_bits(ring->wptr << 2)); - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), - upper_32_bits(ring->wptr << 2)); + if (amdgpu_ip_version(adev, SDMA0_HWIP, 0) == IP_VERSION(5, 2, 1)) { + /* SDMA seems to miss doorbells sometimes when powergating kicks in. + * Updating the wptr directly will wake it. This is only safe because + * we disallow gfxoff in begin_use() and then allow it again in end_use(). + */ + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), + lower_32_bits(ring->wptr << 2)); + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), + upper_32_bits(ring->wptr << 2)); + } } else { DRM_DEBUG("Not using doorbell -- " "mmSDMA%i_GFX_RB_WPTR == 0x%08x "

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082649-shading-anyhow-2d3e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e3e4bf58bad1 ("drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1") a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") 94b1e028e15c ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Wed, 14 Aug 2024 10:28:24 -0400 Subject: [PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 The workaround seems to cause stability issues on other SDMA 5.2.x IPs. Fixes: a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3556 Acked-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 2dc3851ef7d9c5439ea8e9623fc36878f3b40649) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c index af1e90159ce3..2e72d445415f 100644 --- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c @@ -176,14 +176,16 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring) DRM_DEBUG("calling WDOORBELL64(0x%08x, 0x%016llx)\n", ring->doorbell_index, ring->wptr << 2); WDOORBELL64(ring->doorbell_index, ring->wptr << 2); - /* SDMA seems to miss doorbells sometimes when powergating kicks in. - * Updating the wptr directly will wake it. This is only safe because - * we disallow gfxoff in begin_use() and then allow it again in end_use(). - */ - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), - lower_32_bits(ring->wptr << 2)); - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), - upper_32_bits(ring->wptr << 2)); + if (amdgpu_ip_version(adev, SDMA0_HWIP, 0) == IP_VERSION(5, 2, 1)) { + /* SDMA seems to miss doorbells sometimes when powergating kicks in. + * Updating the wptr directly will wake it. This is only safe because + * we disallow gfxoff in begin_use() and then allow it again in end_use(). + */ + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), + lower_32_bits(ring->wptr << 2)); + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), + upper_32_bits(ring->wptr << 2)); + } } else { DRM_DEBUG("Not using doorbell -- " "mmSDMA%i_GFX_RB_WPTR == 0x%08x "

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082648-curry-rack-be6b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e3e4bf58bad1 ("drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1") a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") 94b1e028e15c ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e3e4bf58bad1576ac732a1429f53e3d4bfb82b4b Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Wed, 14 Aug 2024 10:28:24 -0400 Subject: [PATCH] drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 The workaround seems to cause stability issues on other SDMA 5.2.x IPs. Fixes: a03ebf116303 ("drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3556 Acked-by: Ruijing Dong <ruijing.dong(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit 2dc3851ef7d9c5439ea8e9623fc36878f3b40649) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c index af1e90159ce3..2e72d445415f 100644 --- a/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c +++ b/drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c @@ -176,14 +176,16 @@ static void sdma_v5_2_ring_set_wptr(struct amdgpu_ring *ring) DRM_DEBUG("calling WDOORBELL64(0x%08x, 0x%016llx)\n", ring->doorbell_index, ring->wptr << 2); WDOORBELL64(ring->doorbell_index, ring->wptr << 2); - /* SDMA seems to miss doorbells sometimes when powergating kicks in. - * Updating the wptr directly will wake it. This is only safe because - * we disallow gfxoff in begin_use() and then allow it again in end_use(). - */ - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), - lower_32_bits(ring->wptr << 2)); - WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), - upper_32_bits(ring->wptr << 2)); + if (amdgpu_ip_version(adev, SDMA0_HWIP, 0) == IP_VERSION(5, 2, 1)) { + /* SDMA seems to miss doorbells sometimes when powergating kicks in. + * Updating the wptr directly will wake it. This is only safe because + * we disallow gfxoff in begin_use() and then allow it again in end_use(). + */ + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR), + lower_32_bits(ring->wptr << 2)); + WREG32(sdma_v5_2_get_reg_offset(adev, ring->me, mmSDMA0_GFX_RB_WPTR_HI), + upper_32_bits(ring->wptr << 2)); + } } else { DRM_DEBUG("Not using doorbell -- " "mmSDMA%i_GFX_RB_WPTR == 0x%08x "

1 year, 3 months

1
0
0 0

[PATCH v4 2/2] dmaengine: dw-edma: Do not enable watermark interrupts for HDMA

by Mrinmay Sarkar

DW_HDMA_V0_LIE and DW_HDMA_V0_RIE are initialized as BIT(3) and BIT(4) respectively in dw_hdma_control enum. But as per HDMA register these bits are corresponds to LWIE and RWIE bit i.e local watermark interrupt enable and remote watermarek interrupt enable. In linked list mode LWIE and RWIE bits only enable the local and remote watermark interrupt. Since the watermark interrupts are not used but enabled, this leads to spurious interrupts getting generated. So remove the code that enables them to avoid generating spurious watermark interrupts. And also rename DW_HDMA_V0_LIE to DW_HDMA_V0_LWIE and DW_HDMA_V0_RIE to DW_HDMA_V0_RWIE as there is no LIE and RIE bits in HDMA and those bits are corresponds to LWIE and RWIE bits. Fixes: e74c39573d35 ("dmaengine: dw-edma: Add support for native HDMA") cc: stable(a)vger.kernel.org Signed-off-by: Mrinmay Sarkar <quic_msarkar(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> Reviewed-by: Serge Semin <fancer.lancer(a)gmail.com> --- drivers/dma/dw-edma/dw-hdma-v0-core.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/drivers/dma/dw-edma/dw-hdma-v0-core.c b/drivers/dma/dw-edma/dw-hdma-v0-core.c index 2addaca..e3f8db4 100644 --- a/drivers/dma/dw-edma/dw-hdma-v0-core.c +++ b/drivers/dma/dw-edma/dw-hdma-v0-core.c @@ -17,8 +17,8 @@ enum dw_hdma_control { DW_HDMA_V0_CB = BIT(0), DW_HDMA_V0_TCB = BIT(1), DW_HDMA_V0_LLP = BIT(2), - DW_HDMA_V0_LIE = BIT(3), - DW_HDMA_V0_RIE = BIT(4), + DW_HDMA_V0_LWIE = BIT(3), + DW_HDMA_V0_RWIE = BIT(4), DW_HDMA_V0_CCS = BIT(8), DW_HDMA_V0_LLE = BIT(9), }; @@ -195,25 +195,14 @@ static void dw_hdma_v0_write_ll_link(struct dw_edma_chunk *chunk, static void dw_hdma_v0_core_write_chunk(struct dw_edma_chunk *chunk) { struct dw_edma_burst *child; - struct dw_edma_chan *chan = chunk->chan; u32 control = 0, i = 0; - int j; if (chunk->cb) control = DW_HDMA_V0_CB; - j = chunk->bursts_alloc; - list_for_each_entry(child, &chunk->burst->list, list) { - j--; - if (!j) { - control |= DW_HDMA_V0_LIE; - if (!(chan->dw->chip->flags & DW_EDMA_CHIP_LOCAL)) - control |= DW_HDMA_V0_RIE; - } - + list_for_each_entry(child, &chunk->burst->list, list) dw_hdma_v0_write_ll_data(chunk, i++, control, child->sz, child->sar, child->dar); - } control = DW_HDMA_V0_LLP | DW_HDMA_V0_TCB; if (!chunk->cb) -- 2.7.4

1 year, 3 months

1
0
0 0

[PATCH v4 1/2] dmaengine: dw-edma: Fix unmasking STOP and ABORT interrupts for HDMA

by Mrinmay Sarkar

The current logic is enabling both STOP_INT_MASK and ABORT_INT_MASK bit. This is apparently masking those particular interrupts rather than unmasking the same. If the interrupts are masked, they would never get triggered. So fix the issue by unmasking the STOP and ABORT interrupts properly. Fixes: e74c39573d35 ("dmaengine: dw-edma: Add support for native HDMA") cc: stable(a)vger.kernel.org Signed-off-by: Mrinmay Sarkar <quic_msarkar(a)quicinc.com> Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> --- drivers/dma/dw-edma/dw-hdma-v0-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/dma/dw-edma/dw-hdma-v0-core.c b/drivers/dma/dw-edma/dw-hdma-v0-core.c index 10e8f07..2addaca 100644 --- a/drivers/dma/dw-edma/dw-hdma-v0-core.c +++ b/drivers/dma/dw-edma/dw-hdma-v0-core.c @@ -247,10 +247,11 @@ static void dw_hdma_v0_core_start(struct dw_edma_chunk *chunk, bool first) if (first) { /* Enable engine */ SET_CH_32(dw, chan->dir, chan->id, ch_en, BIT(0)); - /* Interrupt enable&unmask - done, abort */ - tmp = GET_CH_32(dw, chan->dir, chan->id, int_setup) | - HDMA_V0_STOP_INT_MASK | HDMA_V0_ABORT_INT_MASK | - HDMA_V0_LOCAL_STOP_INT_EN | HDMA_V0_LOCAL_ABORT_INT_EN; + /* Interrupt unmask - stop, abort */ + tmp = GET_CH_32(dw, chan->dir, chan->id, int_setup); + tmp &= ~(HDMA_V0_STOP_INT_MASK | HDMA_V0_ABORT_INT_MASK); + /* Interrupt enable - stop, abort */ + tmp |= HDMA_V0_LOCAL_STOP_INT_EN | HDMA_V0_LOCAL_ABORT_INT_EN; if (!(dw->chip->flags & DW_EDMA_CHIP_LOCAL)) tmp |= HDMA_V0_REMOTE_STOP_INT_EN | HDMA_V0_REMOTE_ABORT_INT_EN; SET_CH_32(dw, chan->dir, chan->id, int_setup, tmp); -- 2.7.4

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082625-canon-squeeze-24ab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:20 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR This test extends "delete re-add signal" to validate the previous commit. An extra address is announced by the server, but this address cannot be used by the client. The result is that no subflow will be established to this address. Later, the server will delete this extra endpoint, and set a new one, with a valid address, but re-using the same ID. Before the previous commit, the server would not have been able to announce this new address. While at it, extra checks have been added to validate the expected numbers of MPJ, ADD_ADDR and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9ea6d698e9d3..25077ccf31d2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3601,9 +3601,11 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 2 2 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3615,15 +3617,21 @@ endpoint_tests() chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns1 1 10.0.2.1 + pm_nl_del_endpoint $ns1 2 224.0.0.1 sleep 0.5 chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 - chk_mptcp_info subflows 1 subflows 1 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 2 subflows 2 mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_add_nr 4 4 + chk_rm_nr 2 1 invert fi }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082624-upchuck-frail-8d79@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: a13d5aad4dd9 ("selftests: mptcp: join: check re-using ID of unused ADD_ADDR") b5e2fb832f48 ("selftests: mptcp: add explicit test case for remove/readd") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a13d5aad4dd9a309eecdc33cfd75045bd5f376a3 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:20 +0200 Subject: [PATCH] selftests: mptcp: join: check re-using ID of unused ADD_ADDR This test extends "delete re-add signal" to validate the previous commit. An extra address is announced by the server, but this address cannot be used by the client. The result is that no subflow will be established to this address. Later, the server will delete this extra endpoint, and set a new one, with a valid address, but re-using the same ID. Before the previous commit, the server would not have been able to announce this new address. While at it, extra checks have been added to validate the expected numbers of MPJ, ADD_ADDR and RM_ADDR. The 'Fixes' tag here below is the same as the one from the previous commit: this patch here is not fixing anything wrong in the selftests, but it validates the previous fix for an issue introduced by this commit ID. Fixes: b6c08380860b ("mptcp: remove addr and subflow in PM netlink") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-2-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/tools/testing/selftests/net/mptcp/mptcp_join.sh b/tools/testing/selftests/net/mptcp/mptcp_join.sh index 9ea6d698e9d3..25077ccf31d2 100755 --- a/tools/testing/selftests/net/mptcp/mptcp_join.sh +++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh @@ -3601,9 +3601,11 @@ endpoint_tests() # remove and re-add if reset "delete re-add signal" && mptcp_lib_kallsyms_has "subflow_rebuild_header$"; then - pm_nl_set_limits $ns1 1 1 - pm_nl_set_limits $ns2 1 1 + pm_nl_set_limits $ns1 0 2 + pm_nl_set_limits $ns2 2 2 pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + # broadcast IP: no packet for this address will be received on ns1 + pm_nl_add_endpoint $ns1 224.0.0.1 id 2 flags signal test_linkfail=4 speed=20 \ run_tests $ns1 $ns2 10.0.1.1 & local tests_pid=$! @@ -3615,15 +3617,21 @@ endpoint_tests() chk_mptcp_info subflows 1 subflows 1 pm_nl_del_endpoint $ns1 1 10.0.2.1 + pm_nl_del_endpoint $ns1 2 224.0.0.1 sleep 0.5 chk_subflow_nr "after delete" 1 chk_mptcp_info subflows 0 subflows 0 - pm_nl_add_endpoint $ns1 10.0.2.1 flags signal + pm_nl_add_endpoint $ns1 10.0.2.1 id 1 flags signal + pm_nl_add_endpoint $ns1 10.0.3.1 id 2 flags signal wait_mpj $ns2 - chk_subflow_nr "after re-add" 2 - chk_mptcp_info subflows 1 subflows 1 + chk_subflow_nr "after re-add" 3 + chk_mptcp_info subflows 2 subflows 2 mptcp_lib_kill_wait $tests_pid + + chk_join_nr 3 3 3 + chk_add_nr 4 4 + chk_rm_nr 2 1 invert fi }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: pm: check add_addr_accept_max before accepting new" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082607-slush-clavicle-60dd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 0137a3c7c2ea ("mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR") 1c1f72137598 ("mptcp: pm: only decrement add_addr_accepted for MPJ req") 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0137a3c7c2ea3f9df8ebfc65d78b4ba712a187bb Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:28 +0200 Subject: [PATCH] mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR The limits might have changed in between, it is best to check them before accepting new ADD_ADDR. Fixes: d0876b2284cf ("mptcp: add the incoming RM_ADDR support") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-10-38035d40de5… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 882781571c7b..28a9a3726146 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -848,8 +848,8 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, /* Note: if the subflow has been closed before, this * add_addr_accepted counter will not be decremented. */ - msk->pm.add_addr_accepted--; - WRITE_ONCE(msk->pm.accept_addr, true); + if (--msk->pm.add_addr_accepted < mptcp_pm_get_add_addr_accept_max(msk)) + WRITE_ONCE(msk->pm.accept_addr, true); } } }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: pm: only mark 'subflow' endp as available" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 322ea3778965da72862cca2a0c50253aacf65fe6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082626-citadel-cortex-f8ef@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 322ea3778965 ("mptcp: pm: only mark 'subflow' endp as available") f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 6a09788c1a66 ("mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 322ea3778965da72862cca2a0c50253aacf65fe6 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:26 +0200 Subject: [PATCH] mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) ... before decrementing the local_addr_used counter helped to find a bug when running the "remove single address" subtest from the mptcp_join.sh selftests. Removing a 'signal' endpoint will trigger the removal of all subflows linked to this endpoint via mptcp_pm_nl_rm_addr_or_subflow() with rm_type == MPTCP_MIB_RMSUBFLOW. This will decrement the local_addr_used counter, which is wrong in this case because this counter is linked to 'subflow' endpoints, and here it is a 'signal' endpoint that is being removed. Now, the counter is decremented, only if the ID is being used outside of mptcp_pm_nl_rm_addr_or_subflow(), only for 'subflow' endpoints, and if the ID is not 0 -- local_addr_used is not taking into account these ones. This marking of the ID as being available, and the decrement is done no matter if a subflow using this ID is currently available, because the subflow could have been closed before. Fixes: 06faa2271034 ("mptcp: remove multi addresses and subflows in PM") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-8-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 44fc1c5959ac..4cf7cc851f80 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -833,10 +833,10 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMSUBFLOW) __MPTCP_INC_STATS(sock_net(sk), rm_type); } - if (rm_type == MPTCP_MIB_RMSUBFLOW) - __set_bit(rm_id ? rm_id : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap); - else if (rm_type == MPTCP_MIB_RMADDR) + + if (rm_type == MPTCP_MIB_RMADDR) __MPTCP_INC_STATS(sock_net(sk), rm_type); + if (!removed) continue; @@ -846,8 +846,6 @@ static void mptcp_pm_nl_rm_addr_or_subflow(struct mptcp_sock *msk, if (rm_type == MPTCP_MIB_RMADDR) { msk->pm.add_addr_accepted--; WRITE_ONCE(msk->pm.accept_addr, true); - } else if (rm_type == MPTCP_MIB_RMSUBFLOW) { - msk->pm.local_addr_used--; } } } @@ -1441,6 +1439,14 @@ static bool mptcp_pm_remove_anno_addr(struct mptcp_sock *msk, return ret; } +static void __mark_subflow_endp_available(struct mptcp_sock *msk, u8 id) +{ + /* If it was marked as used, and not ID 0, decrement local_addr_used */ + if (!__test_and_set_bit(id ? : msk->mpc_endpoint_id, msk->pm.id_avail_bitmap) && + id && !WARN_ON_ONCE(msk->pm.local_addr_used == 0)) + msk->pm.local_addr_used--; +} + static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, const struct mptcp_pm_addr_entry *entry) { @@ -1474,11 +1480,11 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); spin_unlock_bh(&msk->pm.lock); - } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { - /* If the subflow has been used, but now closed */ + } + + if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { spin_lock_bh(&msk->pm.lock); - if (!__test_and_set_bit(entry->addr.id, msk->pm.id_avail_bitmap)) - msk->pm.local_addr_used--; + __mark_subflow_endp_available(msk, list.ids[0]); spin_unlock_bh(&msk->pm.lock); } @@ -1516,6 +1522,7 @@ static int mptcp_nl_remove_id_zero_address(struct net *net, spin_lock_bh(&msk->pm.lock); mptcp_pm_remove_addr(msk, &list); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, 0); spin_unlock_bh(&msk->pm.lock); release_sock(sk); @@ -1917,6 +1924,7 @@ static void mptcp_pm_nl_fullmesh(struct mptcp_sock *msk, spin_lock_bh(&msk->pm.lock); mptcp_pm_nl_rm_subflow_received(msk, &list); + __mark_subflow_endp_available(msk, list.ids[0]); mptcp_pm_create_subflow_or_signal_addr(msk); spin_unlock_bh(&msk->pm.lock); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mptcp: pm: remove mptcp_pm_remove_subflow()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f448451aa62d54be16acb0034223c17e0d12bc69 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082655-frostily-embellish-9960@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: f448451aa62d ("mptcp: pm: remove mptcp_pm_remove_subflow()") ef34a6ea0cab ("mptcp: pm: re-using ID of unused flushed subflows") edd8b5d868a4 ("mptcp: pm: re-using ID of unused removed subflows") 4b317e0eb287 ("mptcp: fix NL PM announced address accounting") 9bbec87ecfe8 ("mptcp: unify pm get_local_id interfaces") dc886bce753c ("mptcp: export local_address") 8b1c94da1e48 ("mptcp: only send RM_ADDR in nl_cmd_remove") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f448451aa62d54be16acb0034223c17e0d12bc69 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Mon, 19 Aug 2024 21:45:25 +0200 Subject: [PATCH] mptcp: pm: remove mptcp_pm_remove_subflow() This helper is confusing. It is in pm.c, but it is specific to the in-kernel PM and it cannot be used by the userspace one. Also, it simply calls one in-kernel specific function with the PM lock, while the similar mptcp_pm_remove_addr() helper requires the PM lock. What's left is the pr_debug(), which is not that useful, because a similar one is present in the only function called by this helper: mptcp_pm_nl_rm_subflow_received() After these modifications, this helper can be marked as 'static', and the lock can be taken only once in mptcp_pm_flush_addrs_and_subflows(). Note that it is not a bug fix, but it will help backporting the following commits. Fixes: 0ee4261a3681 ("mptcp: implement mptcp_pm_remove_subflow") Cc: stable(a)vger.kernel.org Reviewed-by: Mat Martineau <martineau(a)kernel.org> Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Link: https://patch.msgid.link/20240819-net-mptcp-pm-reusing-id-v1-7-38035d40de5b… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c index 23bb89c94e90..925123e99889 100644 --- a/net/mptcp/pm.c +++ b/net/mptcp/pm.c @@ -60,16 +60,6 @@ int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_ return 0; } -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list) -{ - pr_debug("msk=%p, rm_list_nr=%d", msk, rm_list->nr); - - spin_lock_bh(&msk->pm.lock); - mptcp_pm_nl_rm_subflow_received(msk, rm_list); - spin_unlock_bh(&msk->pm.lock); - return 0; -} - /* path manager event handlers */ void mptcp_pm_new_connection(struct mptcp_sock *msk, const struct sock *ssk, int server_side) diff --git a/net/mptcp/pm_netlink.c b/net/mptcp/pm_netlink.c index 2c26696b820e..44fc1c5959ac 100644 --- a/net/mptcp/pm_netlink.c +++ b/net/mptcp/pm_netlink.c @@ -857,8 +857,8 @@ static void mptcp_pm_nl_rm_addr_received(struct mptcp_sock *msk) mptcp_pm_nl_rm_addr_or_subflow(msk, &msk->pm.rm_list_rx, MPTCP_MIB_RMADDR); } -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list) +static void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, + const struct mptcp_rm_list *rm_list) { mptcp_pm_nl_rm_addr_or_subflow(msk, rm_list, MPTCP_MIB_RMSUBFLOW); } @@ -1471,7 +1471,9 @@ static int mptcp_nl_remove_subflow_and_signal_addr(struct net *net, !(entry->flags & MPTCP_PM_ADDR_FLAG_IMPLICIT)); if (remove_subflow) { - mptcp_pm_remove_subflow(msk, &list); + spin_lock_bh(&msk->pm.lock); + mptcp_pm_nl_rm_subflow_received(msk, &list); + spin_unlock_bh(&msk->pm.lock); } else if (entry->flags & MPTCP_PM_ADDR_FLAG_SUBFLOW) { /* If the subflow has been used, but now closed */ spin_lock_bh(&msk->pm.lock); @@ -1617,18 +1619,14 @@ static void mptcp_pm_remove_addrs_and_subflows(struct mptcp_sock *msk, alist.ids[alist.nr++] = entry->addr.id; } + spin_lock_bh(&msk->pm.lock); if (alist.nr) { - spin_lock_bh(&msk->pm.lock); msk->pm.add_addr_signaled -= alist.nr; mptcp_pm_remove_addr(msk, &alist); - spin_unlock_bh(&msk->pm.lock); } - if (slist.nr) - mptcp_pm_remove_subflow(msk, &slist); - + mptcp_pm_nl_rm_subflow_received(msk, &slist); /* Reset counters: maybe some subflows have been removed before */ - spin_lock_bh(&msk->pm.lock); bitmap_fill(msk->pm.id_avail_bitmap, MPTCP_PM_MAX_ADDR_ID + 1); msk->pm.local_addr_used = 0; spin_unlock_bh(&msk->pm.lock); diff --git a/net/mptcp/protocol.h b/net/mptcp/protocol.h index 60c6b073d65f..a1c1b0ff1ce1 100644 --- a/net/mptcp/protocol.h +++ b/net/mptcp/protocol.h @@ -1026,7 +1026,6 @@ int mptcp_pm_announce_addr(struct mptcp_sock *msk, const struct mptcp_addr_info *addr, bool echo); int mptcp_pm_remove_addr(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); -int mptcp_pm_remove_subflow(struct mptcp_sock *msk, const struct mptcp_rm_list *rm_list); void mptcp_pm_remove_addrs(struct mptcp_sock *msk, struct list_head *rm_list); void mptcp_free_local_addr_list(struct mptcp_sock *msk); @@ -1133,8 +1132,6 @@ static inline u8 subflow_get_local_id(const struct mptcp_subflow_context *subflo void __init mptcp_pm_nl_init(void); void mptcp_pm_nl_work(struct mptcp_sock *msk); -void mptcp_pm_nl_rm_subflow_received(struct mptcp_sock *msk, - const struct mptcp_rm_list *rm_list); unsigned int mptcp_pm_get_add_addr_signal_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_add_addr_accept_max(const struct mptcp_sock *msk); unsigned int mptcp_pm_get_subflows_max(const struct mptcp_sock *msk);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in thermal_of_zone_register()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 662b52b761bfe0ba970e5823759798faf809b896 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082656-step-coeditor-e1ab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 662b52b761bf ("thermal: of: Fix OF node leak in thermal_of_zone_register()") 698a1eb1f75e ("thermal: core: Store zone ops in struct thermal_zone_device") 9b0a62758665 ("thermal: core: Store zone trips table in struct thermal_zone_device") 755113d76786 ("thermal/debugfs: Add thermal cooling device debugfs information") d654362d53a8 ("Merge tag 'thermal-v6.8-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thermal/linux into thermal") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 662b52b761bfe0ba970e5823759798faf809b896 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:22 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in thermal_of_zone_register() thermal_of_zone_register() calls of_thermal_zone_find() which will iterate over OF nodes with for_each_available_child_of_node() to find matching thermal zone node. When it finds such, it exits the loop and returns the node. Prematurely ending for_each_available_child_of_node() loops requires dropping OF node reference, thus success of of_thermal_zone_find() means that caller must drop the reference. Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-2-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 30f8d6e70484..b08a9b64718d 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -491,7 +491,8 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * trips = thermal_of_trips_init(np, &ntrips); if (IS_ERR(trips)) { pr_err("Failed to find trip points for %pOFn id=%d\n", sensor, id); - return ERR_CAST(trips); + ret = PTR_ERR(trips); + goto out_of_node_put; } ret = thermal_of_monitor_init(np, &delay, &pdelay); @@ -519,6 +520,7 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * goto out_kfree_trips; } + of_node_put(np); kfree(trips); ret = thermal_zone_device_enable(tz); @@ -533,6 +535,8 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * out_kfree_trips: kfree(trips); +out_of_node_put: + of_node_put(np); return ERR_PTR(ret); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] thermal: of: Fix OF node leak in thermal_of_zone_register()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 662b52b761bfe0ba970e5823759798faf809b896 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082656-bacterium-output-c8b2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 662b52b761bf ("thermal: of: Fix OF node leak in thermal_of_zone_register()") 698a1eb1f75e ("thermal: core: Store zone ops in struct thermal_zone_device") 9b0a62758665 ("thermal: core: Store zone trips table in struct thermal_zone_device") 755113d76786 ("thermal/debugfs: Add thermal cooling device debugfs information") d654362d53a8 ("Merge tag 'thermal-v6.8-rc1' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/thermal/linux into thermal") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 662b52b761bfe0ba970e5823759798faf809b896 Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Wed, 14 Aug 2024 21:58:22 +0200 Subject: [PATCH] thermal: of: Fix OF node leak in thermal_of_zone_register() thermal_of_zone_register() calls of_thermal_zone_find() which will iterate over OF nodes with for_each_available_child_of_node() to find matching thermal zone node. When it finds such, it exits the loop and returns the node. Prematurely ending for_each_available_child_of_node() loops requires dropping OF node reference, thus success of of_thermal_zone_find() means that caller must drop the reference. Fixes: 3fd6d6e2b4e8 ("thermal/of: Rework the thermal device tree initialization") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Chen-Yu Tsai <wenst(a)chromium.org> Reviewed-by: Daniel Lezcano <daniel.lezcano(a)linaro.org> Link: https://patch.msgid.link/20240814195823.437597-2-krzysztof.kozlowski@linaro… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index 30f8d6e70484..b08a9b64718d 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -491,7 +491,8 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * trips = thermal_of_trips_init(np, &ntrips); if (IS_ERR(trips)) { pr_err("Failed to find trip points for %pOFn id=%d\n", sensor, id); - return ERR_CAST(trips); + ret = PTR_ERR(trips); + goto out_of_node_put; } ret = thermal_of_monitor_init(np, &delay, &pdelay); @@ -519,6 +520,7 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * goto out_kfree_trips; } + of_node_put(np); kfree(trips); ret = thermal_zone_device_enable(tz); @@ -533,6 +535,8 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * out_kfree_trips: kfree(trips); +out_of_node_put: + of_node_put(np); return ERR_PTR(ret); }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082640-fragrant-tarnish-604d@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082639-canning-dress-147e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082638-decidable-mug-0c43@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082637-juvenile-trickle-8a0f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082636-freehand-sliding-9738@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] smb3: fix broken cached reads when posix locks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e4be320eeca842a3d7648258ee3673f1755a5a59 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082635-cycle-universal-c044@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: e4be320eeca8 ("smb3: fix broken cached reads when posix locks") 3ee1a1fc3981 ("cifs: Cut over to using netfslib") 69c3c023af25 ("cifs: Implement netfslib hooks") edea94a69730 ("cifs: Add mempools for cifs_io_request and cifs_io_subrequest structs") 1a5b4edd97ce ("cifs: Move cifs_loose_read_iter() and cifs_file_write_iter() to file.c") ab58fbdeebc7 ("cifs: Use more fields from netfs_io_subrequest") a975a2f22cdc ("cifs: Replace cifs_writedata with a wrapper around netfs_io_subrequest") 753b67eb630d ("cifs: Replace cifs_readdata with a wrapper around netfs_io_subrequest") 0f7c0f3f5150 ("cifs: Use alternative invalidation to using launder_folio") 2e9d7e4b984a ("mm: Remove the PG_fscache alias for PG_private_2") 2ff1e97587f4 ("netfs: Replace PG_fscache by setting folio->private and marking dirty") f3dc1bdb6b0b ("cifs: Fix writeback data corruption") d1bba17e20d5 ("Merge tag '6.8-rc1-smb3-client-fixes' of git://git.samba.org/sfrench/cifs-2.6") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4be320eeca842a3d7648258ee3673f1755a5a59 Mon Sep 17 00:00:00 2001 From: Steve French <stfrench(a)microsoft.com> Date: Thu, 15 Aug 2024 18:31:36 -0500 Subject: [PATCH] smb3: fix broken cached reads when posix locks Mandatory locking is enforced for cached reads, which violates default posix semantics, and also it is enforced inconsistently. This affected recent versions of libreoffice, and can be demonstrated by opening a file twice from the same client, locking it from handle one and trying to read from it from handle two (which fails, returning EACCES). There is already a mount option "forcemandatorylock" (which defaults to off), so with this change only when the user intentionally specifies "forcemandatorylock" on mount will we break posix semantics on read to a locked range (ie we will only fail in this case, if the user mounts with "forcemandatorylock"). An earlier patch fixed the write path. Fixes: 85160e03a79e ("CIFS: Implement caching mechanism for mandatory brlocks") Cc: stable(a)vger.kernel.org Cc: Pavel Shilovsky <piastryyy(a)gmail.com> Reviewed-by: David Howells <dhowells(a)redhat.com> Reported-by: abartlet(a)samba.org Reported-by: Kevin Ottens <kevin.ottens(a)enioka.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c index 1fc66bcf49eb..f9b302cb8233 100644 --- a/fs/smb/client/file.c +++ b/fs/smb/client/file.c @@ -2912,9 +2912,7 @@ cifs_strict_readv(struct kiocb *iocb, struct iov_iter *to) if (!CIFS_CACHE_READ(cinode)) return netfs_unbuffered_read_iter(iocb, to); - if (cap_unix(tcon->ses) && - (CIFS_UNIX_FCNTL_CAP & le64_to_cpu(tcon->fsUnixInfo.Capability)) && - ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0)) { + if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_NOPOSIXBRL) == 0) { if (iocb->ki_flags & IOCB_DIRECT) return netfs_unbuffered_read_iter(iocb, to); return netfs_buffered_read_iter(iocb, to);

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] mmc: mtk-sd: receive cmd8 data when hs400 tuning fail" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9374ae912dbb1eed8139ed75fd2c0f1b30ca454d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082654-stood-dollop-a306@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 9374ae912dbb ("mmc: mtk-sd: receive cmd8 data when hs400 tuning fail") b98e7e8daf0e ("mmc: Avoid open coding by using mmc_op_tuning()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9374ae912dbb1eed8139ed75fd2c0f1b30ca454d Mon Sep 17 00:00:00 2001 From: Mengqi Zhang <mengqi.zhang(a)mediatek.com> Date: Tue, 16 Jul 2024 09:37:04 +0800 Subject: [PATCH] mmc: mtk-sd: receive cmd8 data when hs400 tuning fail When we use cmd8 as the tuning command in hs400 mode, the command response sent back by some eMMC devices cannot be correctly sampled by MTK eMMC controller at some weak sample timing. In this case, command timeout error may occur. So we must receive the following data to make sure the next cmd8 send correctly. Signed-off-by: Mengqi Zhang <mengqi.zhang(a)mediatek.com> Fixes: c4ac38c6539b ("mmc: mtk-sd: Add HS400 online tuning support") Cc: stable(a)vger.stable.com Link: https://lore.kernel.org/r/20240716013704.10578-1-mengqi.zhang@mediatek.com Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c index a94835b8ab93..e386f78e3267 100644 --- a/drivers/mmc/host/mtk-sd.c +++ b/drivers/mmc/host/mtk-sd.c @@ -1230,7 +1230,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events, } if (!sbc_error && !(events & MSDC_INT_CMDRDY)) { - if (events & MSDC_INT_CMDTMO || + if ((events & MSDC_INT_CMDTMO && !host->hs400_tuning) || (!mmc_op_tuning(cmd->opcode) && !host->hs400_tuning)) /* * should not clear fifo/interrupt as the tune data @@ -1323,9 +1323,9 @@ static void msdc_start_command(struct msdc_host *host, static void msdc_cmd_next(struct msdc_host *host, struct mmc_request *mrq, struct mmc_command *cmd) { - if ((cmd->error && - !(cmd->error == -EILSEQ && - (mmc_op_tuning(cmd->opcode) || host->hs400_tuning))) || + if ((cmd->error && !host->hs400_tuning && + !(cmd->error == -EILSEQ && + mmc_op_tuning(cmd->opcode))) || (mrq->sbc && mrq->sbc->error)) msdc_request_done(host, mrq); else if (cmd == mrq->sbc)

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/amdgpu: fix eGPU hotplug regression" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 9cead81eff635e3b3cbce51b40228f3bdc6f2b8c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082614-overnight-phonebook-e864@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 9cead81eff63 ("drm/amdgpu: fix eGPU hotplug regression") b32563859d6f ("drm/amdgpu: Do not wait for MP0_C2PMSG_33 IFWI init in SRIOV") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9cead81eff635e3b3cbce51b40228f3bdc6f2b8c Mon Sep 17 00:00:00 2001 From: Alex Deucher <alexander.deucher(a)amd.com> Date: Mon, 19 Aug 2024 11:14:29 -0400 Subject: [PATCH] drm/amdgpu: fix eGPU hotplug regression The driver needs to wait for the on board firmware to finish its initialization before probing the card. Commit 959056982a9b ("drm/amdgpu: Fix discovery initialization failure during pci rescan") switched from using msleep() to using usleep_range() which seems to have caused init failures on some navi1x boards. Switch back to msleep(). Fixes: 959056982a9b ("drm/amdgpu: Fix discovery initialization failure during pci rescan") Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3559 Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3500 Reviewed-by: Hawking Zhang <Hawking.Zhang(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: Ma Jun <Jun.Ma2(a)amd.com> (cherry picked from commit c69b07f7bbc905022491c45097923d3487479529) Cc: stable(a)vger.kernel.org # 6.10.x diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c index ac108fca64fe..7b561e8e3caf 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c @@ -278,7 +278,7 @@ static int amdgpu_discovery_read_binary_from_mem(struct amdgpu_device *adev, msg = RREG32(mmMP0_SMN_C2PMSG_33); if (msg & 0x80000000) break; - usleep_range(1000, 1100); + msleep(1); } }

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/xe: prevent UAF around preempt fence" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 730b72480e29f63fd644f5fa57c9d46109428953 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082602-sneezing-kettle-88ca@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 730b72480e29 ("drm/xe: prevent UAF around preempt fence") 731e46c03228 ("drm/xe/exec_queue: Rename xe_exec_queue::compute to xe_exec_queue::lr") b3181f433206 ("drm/xe/vm: Simplify if condition") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 730b72480e29f63fd644f5fa57c9d46109428953 Mon Sep 17 00:00:00 2001 From: Matthew Auld <matthew.auld(a)intel.com> Date: Wed, 14 Aug 2024 12:01:30 +0100 Subject: [PATCH] drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock before checking the fence state. But if we have already dropped the queue ref, then the lock might already be freed as part of the queue, leading to uaf. To prevent this, move the fence lock into the fence itself so we don't run into lifetime issues. Alternative might be to have device level lock, or only release the queue in the fence release callback, however that might require pushing to another worker to avoid locking issues. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2454 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2342 References: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/2020 Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ Reviewed-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240814110129.825847-2-matth… (cherry picked from commit 7116c35aacedc38be6d15bd21b2fc936eed0008b) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_exec_queue.c b/drivers/gpu/drm/xe/xe_exec_queue.c index 16f24f4a7062..9731dcd0b1bd 100644 --- a/drivers/gpu/drm/xe/xe_exec_queue.c +++ b/drivers/gpu/drm/xe/xe_exec_queue.c @@ -643,7 +643,6 @@ int xe_exec_queue_create_ioctl(struct drm_device *dev, void *data, if (xe_vm_in_preempt_fence_mode(vm)) { q->lr.context = dma_fence_context_alloc(1); - spin_lock_init(&q->lr.lock); err = xe_vm_add_compute_exec_queue(vm, q); if (XE_IOCTL_DBG(xe, err)) diff --git a/drivers/gpu/drm/xe/xe_exec_queue_types.h b/drivers/gpu/drm/xe/xe_exec_queue_types.h index a35ce24c9798..f6ee0ae80fd6 100644 --- a/drivers/gpu/drm/xe/xe_exec_queue_types.h +++ b/drivers/gpu/drm/xe/xe_exec_queue_types.h @@ -126,8 +126,6 @@ struct xe_exec_queue { u32 seqno; /** @lr.link: link into VM's list of exec queues */ struct list_head link; - /** @lr.lock: preemption fences lock */ - spinlock_t lock; } lr; /** @ops: submission backend exec queue operations */ diff --git a/drivers/gpu/drm/xe/xe_preempt_fence.c b/drivers/gpu/drm/xe/xe_preempt_fence.c index e8b8ae5c6485..c453f45328b1 100644 --- a/drivers/gpu/drm/xe/xe_preempt_fence.c +++ b/drivers/gpu/drm/xe/xe_preempt_fence.c @@ -128,8 +128,9 @@ xe_preempt_fence_arm(struct xe_preempt_fence *pfence, struct xe_exec_queue *q, { list_del_init(&pfence->link); pfence->q = xe_exec_queue_get(q); + spin_lock_init(&pfence->lock); dma_fence_init(&pfence->base, &preempt_fence_ops, - &q->lr.lock, context, seqno); + &pfence->lock, context, seqno); return &pfence->base; } diff --git a/drivers/gpu/drm/xe/xe_preempt_fence_types.h b/drivers/gpu/drm/xe/xe_preempt_fence_types.h index b54b5c29b533..312c3372a49f 100644 --- a/drivers/gpu/drm/xe/xe_preempt_fence_types.h +++ b/drivers/gpu/drm/xe/xe_preempt_fence_types.h @@ -25,6 +25,8 @@ struct xe_preempt_fence { struct xe_exec_queue *q; /** @preempt_work: work struct which issues preemption */ struct work_struct preempt_work; + /** @lock: dma-fence fence lock */ + spinlock_t lock; /** @error: preempt fence is in error state */ int error; };

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] drm/xe/display: Make display suspend/resume work on discrete" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x ddf6492e0e508b7c2b42c8d5a4ac82bd38ef0dd5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082656-unexposed-simply-c596@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: ddf6492e0e50 ("drm/xe/display: Make display suspend/resume work on discrete") e7b180b22022 ("drm/xe: Prepare display for D3Cold") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ddf6492e0e508b7c2b42c8d5a4ac82bd38ef0dd5 Mon Sep 17 00:00:00 2001 From: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Date: Tue, 6 Aug 2024 12:50:44 +0200 Subject: [PATCH] drm/xe/display: Make display suspend/resume work on discrete We should unpin before evicting all memory, and repin after GT resume. This way, we preserve the contents of the framebuffers, and won't hang on resume due to migration engine not being restored yet. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Cc: stable(a)vger.kernel.org # v6.8+ Reviewed-by: Uma Shankar <uma.shankar(a)intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/20240806105044.596842-3-maart… Signed-off-by: Maarten Lankhorst,,, <maarten.lankhorst(a)linux.intel.com> (cherry picked from commit cb8f81c1753187995b7a43e79c12959f14eb32d3) Signed-off-by: Rodrigo Vivi <rodrigo.vivi(a)intel.com> diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index ca4468c82078..49de4e4f8a75 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -283,6 +283,27 @@ static bool suspend_to_idle(void) return false; } +static void xe_display_flush_cleanup_work(struct xe_device *xe) +{ + struct intel_crtc *crtc; + + for_each_intel_crtc(&xe->drm, crtc) { + struct drm_crtc_commit *commit; + + spin_lock(&crtc->base.commit_lock); + commit = list_first_entry_or_null(&crtc->base.commit_list, + struct drm_crtc_commit, commit_entry); + if (commit) + drm_crtc_commit_get(commit); + spin_unlock(&crtc->base.commit_lock); + + if (commit) { + wait_for_completion(&commit->cleanup_done); + drm_crtc_commit_put(commit); + } + } +} + void xe_display_pm_suspend(struct xe_device *xe, bool runtime) { bool s2idle = suspend_to_idle(); @@ -300,6 +321,8 @@ void xe_display_pm_suspend(struct xe_device *xe, bool runtime) if (!runtime) intel_display_driver_suspend(xe); + xe_display_flush_cleanup_work(xe); + intel_dp_mst_suspend(xe); intel_hpd_cancel_work(xe); diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index de3b5df65e48..9a3f618d22dc 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -91,13 +91,13 @@ int xe_pm_suspend(struct xe_device *xe) for_each_gt(gt, xe, id) xe_gt_suspend_prepare(gt); + xe_display_pm_suspend(xe, false); + /* FIXME: Super racey... */ err = xe_bo_evict_all(xe); if (err) goto err; - xe_display_pm_suspend(xe, false); - for_each_gt(gt, xe, id) { err = xe_gt_suspend(gt); if (err) { @@ -151,11 +151,11 @@ int xe_pm_resume(struct xe_device *xe) xe_irq_resume(xe); - xe_display_pm_resume(xe, false); - for_each_gt(gt, xe, id) xe_gt_resume(gt); + xe_display_pm_resume(xe, false); + err = xe_bo_restore_user(xe); if (err) goto err; @@ -363,10 +363,11 @@ int xe_pm_runtime_suspend(struct xe_device *xe) mutex_unlock(&xe->mem_access.vram_userfault.lock); if (xe->d3cold.allowed) { + xe_display_pm_suspend(xe, true); + err = xe_bo_evict_all(xe); if (err) goto out; - xe_display_pm_suspend(xe, true); } for_each_gt(gt, xe, id) {

1 year, 3 months

1
0
0 0

FAILED: patch "[PATCH] ksmbd: the buffer of smb2 query dir response has at least 1" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ce61b605a00502c59311d0a4b1f58d62b48272d0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024082603-lend-finishing-4d83@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: ce61b605a005 ("ksmbd: the buffer of smb2 query dir response has at least 1 byte") e2b76ab8b5c9 ("ksmbd: add support for read compound") e202a1e8634b ("ksmbd: no response from compound read") 7b7d709ef7cf ("ksmbd: add missing compound request handing in some commands") 81a94b27847f ("ksmbd: use kvzalloc instead of kvmalloc") 38c8a9a52082 ("smb: move client and server files to common directory fs/smb") 30210947a343 ("ksmbd: fix racy issue under cocurrent smb2 tree disconnect") abcc506a9a71 ("ksmbd: fix racy issue from smb2 close and logoff with multichannel") ea174a918939 ("ksmbd: destroy expired sessions") f5c779b7ddbd ("ksmbd: fix racy issue from session setup and logoff") 74d7970febf7 ("ksmbd: fix racy issue from using ->d_parent and ->d_name") 34e8ccf9ce24 ("ksmbd: set NegotiateContextCount once instead of every inc") 42bc6793e452 ("Merge tag 'pull-lock_rename_child' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs into ksmbd-for-next") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ce61b605a00502c59311d0a4b1f58d62b48272d0 Mon Sep 17 00:00:00 2001 From: Namjae Jeon <linkinjeon(a)kernel.org> Date: Tue, 20 Aug 2024 22:07:38 +0900 Subject: [PATCH] ksmbd: the buffer of smb2 query dir response has at least 1 byte When STATUS_NO_MORE_FILES status is set to smb2 query dir response, ->StructureSize is set to 9, which mean buffer has 1 byte. This issue occurs because ->Buffer[1] in smb2_query_directory_rsp to flex-array. Fixes: eb3e28c1e89b ("smb3: Replace smb2pdu 1-element arrays with flex-arrays") Cc: stable(a)vger.kernel.org # v6.1+ Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 0bc9edf22ba4..e9204180919e 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -4409,7 +4409,8 @@ int smb2_query_dir(struct ksmbd_work *work) rsp->OutputBufferLength = cpu_to_le32(0); rsp->Buffer[0] = 0; rc = ksmbd_iov_pin_rsp(work, (void *)rsp, - sizeof(struct smb2_query_directory_rsp)); + offsetof(struct smb2_query_directory_rsp, Buffer) + + 1); if (rc) goto err_out; } else {

1 year, 3 months

1
0
0 0

[PATCH v2 2/7] media: sun4i_csi: Implement link validate for sun4i_csi subdev

by Laurent Pinchart

The sun4i_csi driver doesn't implement link validation for the subdev it registers, leaving the link between the subdev and its source unvalidated. Fix it, using the v4l2_subdev_link_validate() helper. Fixes: 577bbf23b758 ("media: sunxi: Add A10 CSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Acked-by: Chen-Yu Tsai <wens(a)csie.org> --- drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c index 097a3a08ef7d..dbb26c7b2f8d 100644 --- a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c +++ b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c @@ -39,6 +39,10 @@ static const struct media_entity_operations sun4i_csi_video_entity_ops = { .link_validate = v4l2_subdev_link_validate, }; +static const struct media_entity_operations sun4i_csi_subdev_entity_ops = { + .link_validate = v4l2_subdev_link_validate, +}; + static int sun4i_csi_notify_bound(struct v4l2_async_notifier *notifier, struct v4l2_subdev *subdev, struct v4l2_async_connection *asd) @@ -214,6 +218,7 @@ static int sun4i_csi_probe(struct platform_device *pdev) subdev->internal_ops = &sun4i_csi_subdev_internal_ops; subdev->flags = V4L2_SUBDEV_FL_HAS_DEVNODE | V4L2_SUBDEV_FL_HAS_EVENTS; subdev->entity.function = MEDIA_ENT_F_VID_IF_BRIDGE; + subdev->entity.ops = &sun4i_csi_subdev_entity_ops; subdev->owner = THIS_MODULE; snprintf(subdev->name, sizeof(subdev->name), "sun4i-csi-0"); v4l2_set_subdevdata(subdev, csi); -- Regards, Laurent Pinchart

1 year, 3 months

2
1
0 0

[PATCH] mt76: mt7915: check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7915/init.c b/drivers/net/wireless/mediatek/mt76/mt7915/init.c index a978f434dc5e..7bc3b4cd3592 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7915/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7915/init.c @@ -194,6 +194,8 @@ static int mt7915_thermal_init(struct mt7915_phy *phy) name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7915_%s", wiphy_name(wiphy)); + if (!name) + return -ENOMEM; cdev = thermal_cooling_device_register(name, phy, &mt7915_thermal_ops); if (!IS_ERR(cdev)) { -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH] wifi: mt76: mt7921: Check devm_kasprintf() returned value

by Ma Ke

devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 6ae39b7c7ed4 ("wifi: mt76: mt7921: Support temp sensor") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7921/init.c b/drivers/net/wireless/mediatek/mt76/mt7921/init.c index ef0c721d26e3..5ab395d9d93e 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7921/init.c +++ b/drivers/net/wireless/mediatek/mt76/mt7921/init.c @@ -52,6 +52,8 @@ static int mt7921_thermal_init(struct mt792x_phy *phy) name = devm_kasprintf(&wiphy->dev, GFP_KERNEL, "mt7921_%s", wiphy_name(wiphy)); + if (!name) + return -ENOMEM; hwmon = devm_hwmon_device_register_with_groups(&wiphy->dev, name, phy, mt7921_hwmon_groups); -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH] bus: mhi: host: pci_generic: Fix the name for the Telit FE990A

by Fabio Porcedda

Add a mhi_pci_dev_info struct specific for the Telit FE990A modem in order to use the correct product name. Cc: stable(a)vger.kernel.org # 6.1+ Fixes: 0724869ede9c ("bus: mhi: host: pci_generic: add support for Telit FE990 modem") Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com> --- drivers/bus/mhi/host/pci_generic.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/drivers/bus/mhi/host/pci_generic.c b/drivers/bus/mhi/host/pci_generic.c index 14a11880bcea..fb701c67f763 100644 --- a/drivers/bus/mhi/host/pci_generic.c +++ b/drivers/bus/mhi/host/pci_generic.c @@ -680,6 +680,15 @@ static const struct mhi_pci_dev_info mhi_telit_fn990_info = { .mru_default = 32768, }; +static const struct mhi_pci_dev_info mhi_telit_fe990a_info = { + .name = "telit-fe990a", + .config = &modem_telit_fn990_config, + .bar_num = MHI_PCI_DEFAULT_BAR_NUM, + .dma_data_width = 32, + .sideband_wake = false, + .mru_default = 32768, +}; + /* Keep the list sorted based on the PID. New VID should be added as the last entry */ static const struct pci_device_id mhi_pci_id_table[] = { { PCI_DEVICE(PCI_VENDOR_ID_QCOM, 0x0304), @@ -697,9 +706,9 @@ static const struct pci_device_id mhi_pci_id_table[] = { /* Telit FN990 */ { PCI_DEVICE_SUB(PCI_VENDOR_ID_QCOM, 0x0308, 0x1c5d, 0x2010), .driver_data = (kernel_ulong_t) &mhi_telit_fn990_info }, - /* Telit FE990 */ + /* Telit FE990A */ { PCI_DEVICE_SUB(PCI_VENDOR_ID_QCOM, 0x0308, 0x1c5d, 0x2015), - .driver_data = (kernel_ulong_t) &mhi_telit_fn990_info }, + .driver_data = (kernel_ulong_t) &mhi_telit_fe990a_info }, { PCI_DEVICE(PCI_VENDOR_ID_QCOM, 0x0308), .driver_data = (kernel_ulong_t) &mhi_qcom_sdx65_info }, { PCI_DEVICE(PCI_VENDOR_ID_QCOM, 0x0309), -- 2.46.0

1 year, 3 months

2
2
0 0

[PATCH v3 7/9] vdpa: solidrun: Fix UB bug with devres

by Philipp Stanner

In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). Cc: stable(a)vger.kernel.org # v6.3 Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/ Suggested-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> --- drivers/vdpa/solidrun/snet_main.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/vdpa/solidrun/snet_main.c b/drivers/vdpa/solidrun/snet_main.c index 99428a04068d..67235f6190ef 100644 --- a/drivers/vdpa/solidrun/snet_main.c +++ b/drivers/vdpa/solidrun/snet_main.c @@ -555,7 +555,7 @@ static const struct vdpa_config_ops snet_config_ops = { static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) { - char name[50]; + char *name; int ret, i, mask = 0; /* We don't know which BAR will be used to communicate.. * We will map every bar with len > 0. @@ -573,7 +573,10 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) return -ENODEV; } - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + ret = pcim_iomap_regions(pdev, mask, name); if (ret) { SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); @@ -590,10 +593,12 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) static int snet_open_vf_bar(struct pci_dev *pdev, struct snet *snet) { - char name[50]; + char *name; int ret; - snprintf(name, sizeof(name), "snet[%s]-bar", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; /* Request and map BAR */ ret = pcim_iomap_regions(pdev, BIT(snet->psnet->cfg.vf_bar), name); if (ret) { -- 2.46.0

1 year, 3 months

3
3
0 0

[PATCH RESEND] wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he

by Ma Ke

Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 driver. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 98686cd21624 ("wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c index 2e4fa9f48dfb..cba28d8d5562 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7996/mcu.c @@ -1544,6 +1544,9 @@ mt7996_mcu_sta_bfer_he(struct ieee80211_sta *sta, struct ieee80211_vif *vif, u8 nss_mcs = mt7996_mcu_get_sta_nss(mcs_map); u8 snd_dim, sts; + if (!vc) + return; + bf->tx_mode = MT_PHY_TYPE_HE_SU; mt7996_mcu_sta_sounding_rate(bf); -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH 6.11 regression fix] ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder

by Hans de Goede

Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy, DAILINK_COMP_ARRAY(COMP_DUMMY())); expand to: static struct snd_soc_dai_link_component dummy[] = { }; Which means that dummy is a zero sized array and thus dais[i].codecs should not be dereferenced *at all* since it points to the address of the next variable stored in the data section as the "dummy" variable has an address but no size, so even dereferencing dais[0] is already an out of bounds array reference. Which means that the if (dais[i].codecs->name) check added in commit 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards") relies on that the part of the next variable which the name member maps to just happens to be NULL. Which apparently so far it usually is, except when it isn't and then it results in crashes like this one: [ 28.795659] BUG: unable to handle page fault for address: 0000000000030011 ... [ 28.795780] Call Trace: [ 28.795787] <TASK> ... [ 28.795862] ? strcmp+0x18/0x40 [ 28.795872] 0xffffffffc150c605 [ 28.795887] platform_probe+0x40/0xa0 ... [ 28.795979] ? __pfx_init_module+0x10/0x10 [snd_soc_sst_bytcr_wm5102] Really fix things this time around by checking dais.num_codecs != 0. Fixes: 7d99a70b6595 ("ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards") Cc: stable(a)vger.kernel.org Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- sound/soc/intel/boards/bxt_rt298.c | 2 +- sound/soc/intel/boards/bytcht_cx2072x.c | 2 +- sound/soc/intel/boards/bytcht_da7213.c | 2 +- sound/soc/intel/boards/bytcht_es8316.c | 2 +- sound/soc/intel/boards/bytcr_rt5640.c | 2 +- sound/soc/intel/boards/bytcr_rt5651.c | 2 +- sound/soc/intel/boards/bytcr_wm5102.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5645.c | 2 +- sound/soc/intel/boards/cht_bsw_rt5672.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/sound/soc/intel/boards/bxt_rt298.c b/sound/soc/intel/boards/bxt_rt298.c index dce6a2086f2a..6da1517c53c6 100644 --- a/sound/soc/intel/boards/bxt_rt298.c +++ b/sound/soc/intel/boards/bxt_rt298.c @@ -605,7 +605,7 @@ static int broxton_audio_probe(struct platform_device *pdev) int i; for (i = 0; i < ARRAY_SIZE(broxton_rt298_dais); i++) { - if (card->dai_link[i].codecs->name && + if (card->dai_link[i].num_codecs && !strncmp(card->dai_link[i].codecs->name, "i2c-INT343A:00", I2C_NAME_SIZE)) { if (!strncmp(card->name, "broxton-rt298", diff --git a/sound/soc/intel/boards/bytcht_cx2072x.c b/sound/soc/intel/boards/bytcht_cx2072x.c index c014d85a08b2..df3c2a7b64d2 100644 --- a/sound/soc/intel/boards/bytcht_cx2072x.c +++ b/sound/soc/intel/boards/bytcht_cx2072x.c @@ -241,7 +241,7 @@ static int snd_byt_cht_cx2072x_probe(struct platform_device *pdev) /* fix index of codec dai */ for (i = 0; i < ARRAY_SIZE(byt_cht_cx2072x_dais); i++) { - if (byt_cht_cx2072x_dais[i].codecs->name && + if (byt_cht_cx2072x_dais[i].num_codecs && !strcmp(byt_cht_cx2072x_dais[i].codecs->name, "i2c-14F10720:00")) { dai_index = i; diff --git a/sound/soc/intel/boards/bytcht_da7213.c b/sound/soc/intel/boards/bytcht_da7213.c index f4ac3ddd148b..08c598b7e1ee 100644 --- a/sound/soc/intel/boards/bytcht_da7213.c +++ b/sound/soc/intel/boards/bytcht_da7213.c @@ -245,7 +245,7 @@ static int bytcht_da7213_probe(struct platform_device *pdev) /* fix index of codec dai */ for (i = 0; i < ARRAY_SIZE(dailink); i++) { - if (dailink[i].codecs->name && + if (dailink[i].num_codecs && !strcmp(dailink[i].codecs->name, "i2c-DLGS7213:00")) { dai_index = i; break; diff --git a/sound/soc/intel/boards/bytcht_es8316.c b/sound/soc/intel/boards/bytcht_es8316.c index 2fcec2e02bb5..77b91ea4dc32 100644 --- a/sound/soc/intel/boards/bytcht_es8316.c +++ b/sound/soc/intel/boards/bytcht_es8316.c @@ -546,7 +546,7 @@ static int snd_byt_cht_es8316_mc_probe(struct platform_device *pdev) /* fix index of codec dai */ for (i = 0; i < ARRAY_SIZE(byt_cht_es8316_dais); i++) { - if (byt_cht_es8316_dais[i].codecs->name && + if (byt_cht_es8316_dais[i].num_codecs && !strcmp(byt_cht_es8316_dais[i].codecs->name, "i2c-ESSX8316:00")) { dai_index = i; diff --git a/sound/soc/intel/boards/bytcr_rt5640.c b/sound/soc/intel/boards/bytcr_rt5640.c index a64d1989e28a..db4a33680d94 100644 --- a/sound/soc/intel/boards/bytcr_rt5640.c +++ b/sound/soc/intel/boards/bytcr_rt5640.c @@ -1677,7 +1677,7 @@ static int snd_byt_rt5640_mc_probe(struct platform_device *pdev) /* fix index of codec dai */ for (i = 0; i < ARRAY_SIZE(byt_rt5640_dais); i++) { - if (byt_rt5640_dais[i].codecs->name && + if (byt_rt5640_dais[i].num_codecs && !strcmp(byt_rt5640_dais[i].codecs->name, "i2c-10EC5640:00")) { dai_index = i; diff --git a/sound/soc/intel/boards/bytcr_rt5651.c b/sound/soc/intel/boards/bytcr_rt5651.c index 80c841b000a3..8514b79f389b 100644 --- a/sound/soc/intel/boards/bytcr_rt5651.c +++ b/sound/soc/intel/boards/bytcr_rt5651.c @@ -910,7 +910,7 @@ static int snd_byt_rt5651_mc_probe(struct platform_device *pdev) /* fix index of codec dai */ for (i = 0; i < ARRAY_SIZE(byt_rt5651_dais); i++) { - if (byt_rt5651_dais[i].codecs->name && + if (byt_rt5651_dais[i].num_codecs && !strcmp(byt_rt5651_dais[i].codecs->name, "i2c-10EC5651:00")) { dai_index = i; diff --git a/sound/soc/intel/boards/bytcr_wm5102.c b/sound/soc/intel/boards/bytcr_wm5102.c index cccb5e90c0fe..e5a7cc606aa9 100644 --- a/sound/soc/intel/boards/bytcr_wm5102.c +++ b/sound/soc/intel/boards/bytcr_wm5102.c @@ -605,7 +605,7 @@ static int snd_byt_wm5102_mc_probe(struct platform_device *pdev) /* find index of codec dai */ for (i = 0; i < ARRAY_SIZE(byt_wm5102_dais); i++) { - if (byt_wm5102_dais[i].codecs->name && + if (byt_wm5102_dais[i].num_codecs && !strcmp(byt_wm5102_dais[i].codecs->name, "wm5102-codec")) { dai_index = i; diff --git a/sound/soc/intel/boards/cht_bsw_rt5645.c b/sound/soc/intel/boards/cht_bsw_rt5645.c index eb41b7115d01..1da9ceee4d59 100644 --- a/sound/soc/intel/boards/cht_bsw_rt5645.c +++ b/sound/soc/intel/boards/cht_bsw_rt5645.c @@ -569,7 +569,7 @@ static int snd_cht_mc_probe(struct platform_device *pdev) /* set correct codec name */ for (i = 0; i < ARRAY_SIZE(cht_dailink); i++) - if (cht_dailink[i].codecs->name && + if (cht_dailink[i].num_codecs && !strcmp(cht_dailink[i].codecs->name, "i2c-10EC5645:00")) { dai_index = i; diff --git a/sound/soc/intel/boards/cht_bsw_rt5672.c b/sound/soc/intel/boards/cht_bsw_rt5672.c index be2d1a8dbca8..d68e5bc755de 100644 --- a/sound/soc/intel/boards/cht_bsw_rt5672.c +++ b/sound/soc/intel/boards/cht_bsw_rt5672.c @@ -466,7 +466,7 @@ static int snd_cht_mc_probe(struct platform_device *pdev) /* find index of codec dai */ for (i = 0; i < ARRAY_SIZE(cht_dailink); i++) { - if (cht_dailink[i].codecs->name && + if (cht_dailink[i].num_codecs && !strcmp(cht_dailink[i].codecs->name, RT5672_I2C_DEFAULT)) { dai_index = i; break; -- 2.46.0

1 year, 3 months

4
4
0 0

[PATCH v1 1/2] ufs: core: complete scsi command after release

by peter.wang＠mediatek.com

From: Peter Wang <peter.wang(a)mediatek.com> When the error handler successfully aborts a MCQ request, it only releases the command and does not notify the SCSI layer. This may cause another abort after 30 seconds timeout. This patch notifies the SCSI layer to requeue the request. Below is error log [ 14.183804][ T74] ufshcd-mtk 112b0000.ufshci: ufshcd_err_handler started; HBA state eh_non_fatal; powered 1; shutting down 0; saved_err = 4; saved_uic_err = 64; force_reset = 0 [ 14.256164][ T74] ufshcd-mtk 112b0000.ufshci: ufshcd_try_to_abort_task: cmd pending in the device. tag = 19 [ 14.257511][ T74] ufshcd-mtk 112b0000.ufshci: Aborting tag 19 / CDB 0x35 succeeded [ 34.287949][ T8] ufshcd-mtk 112b0000.ufshci: ufshcd_abort: Device abort task at tag 19 [ 34.290514][ T8] ufshcd-mtk 112b0000.ufshci: ufshcd_mcq_abort: skip abort. cmd at tag 19 already completed. Fixes:93e6c0e19d5b ("scsi: ufs: core: Clear cmd if abort succeeds in MCQ mode") Cc: <stable(a)vger.kernel.org> 6.6.x Signed-off-by: Peter Wang <peter.wang(a)mediatek.com> --- drivers/ufs/core/ufshcd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 0b3d0c8e0dda..4bcd4e5b62bd 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -6482,8 +6482,12 @@ static bool ufshcd_abort_one(struct request *rq, void *priv) if (!hwq) return 0; spin_lock_irqsave(&hwq->cq_lock, flags); - if (ufshcd_cmd_inflight(lrbp->cmd)) + if (ufshcd_cmd_inflight(lrbp->cmd)) { + struct scsi_cmnd *cmd = lrbp->cmd; + set_host_byte(cmd, DID_REQUEUE); ufshcd_release_scsi_cmd(hba, lrbp); + scsi_done(cmd); + } spin_unlock_irqrestore(&hwq->cq_lock, flags); } -- 2.45.2

1 year, 3 months

3
2
0 0

Re: [tip: perf/core] perf/core: Fix hardlockup failure caused by perf throttle

by Pengfei Xu

Hi Jihong and perf experts, Greetings! There was "BUG: soft lockup in asm_sysvec_apic_timer_interrupt" in v6.11-rc4 mainline kernel by local syzkaller Intel internal kernel testing. Bisected and found first bad commit: " 15def34e2635 perf/core: Fix hardlockup failure caused by perf throttle " After reverted above commit on top of v6.11-rc4 mainline kernel, this issue was gone. And this issue could be reproduced in 1200s. All detailed info: https://github.com/xupengfe/syzkaller_logs/tree/main/240823_212601_asm_sysv… Syzkaller repro code: https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… Syzkaller repro syscall steps: https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… Syzkaller report: https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… Kconfig(make olddefconfig): https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… bzImage: https://github.com/xupengfe/syzkaller_logs/raw/main/240823_212601_asm_sysve… Issue dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/240823_212601_asm_sysv… " [ 22.518698] hrtimer: interrupt took 13103 ns [ 30.382700] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 2079936720 wd_nsec: 2079936828 [ 378.038693] clocksource: Long readout interval, skipping watchdog check: cs_nsec: 7719948786 wd_nsec: 7719948793 [ 736.508865] watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [repro:193160] [ 736.509218] Modules linked in: [ 736.509369] irq event stamp: 15405229 [ 736.509539] hardirqs last enabled at (15405228): [<ffffffff8579c9de>] irqentry_exit+0x3e/0xa0 [ 736.509947] hardirqs last disabled at (15405229): [<ffffffff8579ae14>] sysvec_apic_timer_interrupt+0x14/0xc0 [ 736.510383] softirqs last enabled at (9218742): [<ffffffff81289fb9>] __irq_exit_rcu+0xa9/0x120 [ 736.510776] softirqs last disabled at (9218745): [<ffffffff81289fb9>] __irq_exit_rcu+0xa9/0x120 [ 736.511167] CPU: 0 UID: 0 PID: 193160 Comm: repro Not tainted 6.11.0-rc4-47ac09b91bef+ #1 [ 736.511529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 [ 736.512039] RIP: 0010:__rcu_read_unlock+0x284/0x560 [ 736.512272] Code: 8f 00 00 00 84 d2 0f 84 87 00 00 00 bf 09 00 00 00 e8 d0 0b dc ff 4d 85 f6 0f 84 68 fe ff ff e8 f2 83 26 00 fb 0f 1f 44 00 00 <e9> 58 fe ff ff 0f 0b 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 [ 736.513091] RSP: 0018:ffff88806c609938 EFLAGS: 00000212 [ 736.513330] RAX: 0000000000e956e0 RBX: ffff88806c649600 RCX: 1ffffffff14ae71b [ 736.513648] RDX: 0000000000000000 RSI: 0000000000000101 RDI: 0000000000000000 [ 736.513974] RBP: ffff88806c609968 R08: 0000000000000001 R09: fffffbfff14a92b5 [ 736.514289] R10: ffffffff8a5495af R11: 0000000000000001 R12: ffff88801379ca00 [ 736.514606] R13: ffff88801379ca00 R14: 0000000000000200 R15: ffffffff86e619c0 [ 736.514935] FS: 00007f095e148740(0000) GS:ffff88806c600000(0000) knlGS:0000000000000000 [ 736.515293] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 736.515555] CR2: 0000000020000000 CR3: 0000000021944006 CR4: 0000000000770ef0 [ 736.515888] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 736.516215] DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 [ 736.516539] PKRU: 55555554 [ 736.516672] Call Trace: [ 736.516798] <IRQ> [ 736.516907] ? show_regs+0xa8/0xc0 [ 736.517080] ? watchdog_timer_fn+0x52f/0x6b0 [ 736.517284] ? __pfx_watchdog_timer_fn+0x10/0x10 [ 736.517503] ? __hrtimer_run_queues+0x5d6/0xb10 [ 736.517733] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 736.517975] ? hrtimer_interrupt+0x324/0x7a0 [ 736.518193] ? __sysvec_apic_timer_interrupt+0x10b/0x410 [ 736.518443] ? debug_smp_processor_id+0x20/0x30 [ 736.518663] ? sysvec_apic_timer_interrupt+0x4b/0xc0 [ 736.518901] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 736.519162] ? __rcu_read_unlock+0x284/0x560 [ 736.519370] ? __rcu_read_unlock+0x27e/0x560 [ 736.519579] __is_insn_slot_addr+0x14c/0x2a0 [ 736.519791] kernel_text_address+0x64/0xe0 [ 736.519991] __kernel_text_address+0x16/0x50 [ 736.520199] unwind_get_return_address+0x8c/0x100 [ 736.520424] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 736.520671] arch_stack_walk+0xa7/0x170 [ 736.520878] stack_trace_save+0x97/0xd0 [ 736.521064] ? __pfx_stack_trace_save+0x10/0x10 [ 736.521276] ? __pfx_mark_lock.part.0+0x10/0x10 [ 736.521499] kasan_save_stack+0x2c/0x60 [ 736.521681] ? kasan_save_stack+0x2c/0x60 [ 736.521870] ? kasan_save_track+0x18/0x40 [ 736.522057] ? kasan_save_free_info+0x3f/0x60 [ 736.522267] ? __kasan_slab_free+0x115/0x1a0 [ 736.522467] ? kfree+0xfe/0x330 [ 736.522622] ? free_ctx+0x22/0x30 [ 736.522788] ? rcu_core+0x877/0x18f0 [ 736.522967] ? rcu_core_si+0x12/0x20 [ 736.523142] ? handle_softirqs+0x1c7/0x870 [ 736.523334] ? __irq_exit_rcu+0xa9/0x120 [ 736.523519] ? irq_exit_rcu+0x12/0x30 [ 736.523693] ? sysvec_apic_timer_interrupt+0xa5/0xc0 [ 736.523922] ? asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 736.524165] ? lock_acquire+0x1ff/0x580 [ 736.524352] ? _raw_spin_lock+0x38/0x50 [ 736.524534] ? do_fcntl+0xa95/0x1400 [ 736.524709] ? __x64_sys_fcntl+0x179/0x210 [ 736.524906] ? x64_sys_call+0x5b9/0x20d0 [ 736.525094] ? do_syscall_64+0x6d/0x140 [ 736.525276] ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 736.525529] ? __pfx___lock_acquire+0x10/0x10 [ 736.525736] ? do_raw_spin_trylock+0xbf/0x190 [ 736.525949] ? free_unref_page_commit+0x3c0/0xfb0 [ 736.526176] ? __this_cpu_preempt_check+0x21/0x30 [ 736.526399] ? lock_acquire+0x1de/0x580 [ 736.526587] ? free_ctx+0x22/0x30 [ 736.526753] kasan_save_track+0x18/0x40 [ 736.526944] kasan_save_free_info+0x3f/0x60 [ 736.527146] __kasan_slab_free+0x115/0x1a0 [ 736.527341] ? free_ctx+0x22/0x30 [ 736.527503] kfree+0xfe/0x330 [ 736.527655] ? rcu_core+0x875/0x18f0 [ 736.527833] free_ctx+0x22/0x30 [ 736.527991] rcu_core+0x877/0x18f0 [ 736.528165] ? __pfx_rcu_core+0x10/0x10 [ 736.528365] rcu_core_si+0x12/0x20 [ 736.528535] handle_softirqs+0x1c7/0x870 [ 736.528734] __irq_exit_rcu+0xa9/0x120 [ 736.528915] irq_exit_rcu+0x12/0x30 [ 736.529085] sysvec_apic_timer_interrupt+0xa5/0xc0 [ 736.529309] </IRQ> [ 736.529414] <TASK> [ 736.529522] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 736.529762] RIP: 0010:lock_acquire+0x1ff/0x580 [ 736.529974] Code: 48 83 c4 28 e8 72 73 37 04 b8 ff ff ff ff 65 0f c1 05 fd b6 c0 7e 83 f8 01 0f 85 d9 02 00 00 4d 85 ff 74 06 fb 0f 1f 44 00 00 <48> b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 00 00 00 48 c7 [ 736.530786] RSP: 0018:ffff88801aa0fcd0 EFLAGS: 00000206 [ 736.531031] RAX: 0000000000000001 RBX: 1ffff11003541f9e RCX: 1ffff11003541f82 [ 736.531348] RDX: 1ffff110026f3b07 RSI: 0000000000000001 RDI: 0000000000000000 [ 736.531668] RBP: ffff88801aa0fdb8 R08: 0000000000000000 R09: fffffbfff14a92b5 [ 736.531994] R10: ffffffff8a5495af R11: 0000000000000001 R12: 0000000000000001 [ 736.532318] R13: 0000000000000000 R14: ffff88800f65a028 R15: 0000000000000200 [ 736.532660] ? __pfx_lock_acquire+0x10/0x10 [ 736.532860] ? _raw_spin_unlock+0x31/0x60 [ 736.533063] ? up_write+0x1c0/0x550 [ 736.533234] ? fasync_helper+0x77/0xc0 [ 736.533420] _raw_spin_lock+0x38/0x50 [ 736.533595] ? do_fcntl+0xa95/0x1400 [ 736.533775] do_fcntl+0xa95/0x1400 [ 736.533948] ? __pfx_do_fcntl+0x10/0x10 [ 736.534137] ? trace_hardirqs_on+0x51/0x60 [ 736.534336] ? seqcount_lockdep_reader_access.constprop.0+0xc0/0xd0 [ 736.534619] ? __sanitizer_cov_trace_cmp4+0x1a/0x20 [ 736.534853] ? __sanitizer_cov_trace_const_cmp4+0x1a/0x20 [ 736.535104] ? security_file_fcntl+0x9d/0xd0 [ 736.535315] __x64_sys_fcntl+0x179/0x210 [ 736.535508] x64_sys_call+0x5b9/0x20d0 [ 736.535687] do_syscall_64+0x6d/0x140 [ 736.535866] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 736.536099] RIP: 0033:0x7f095de3ee5d [ 736.536273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 93 af 1b 00 f7 d8 64 89 01 48 [ 736.537075] RSP: 002b:00007ffea8175048 EFLAGS: 00000217 ORIG_RAX: 0000000000000048 [ 736.537411] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f095de3ee5d [ 736.537736] RDX: 0000000000002400 RSI: 0000000000000004 RDI: 0000000000000003 [ 736.538053] RBP: 00007ffea8175060 R08: 00007ffea8175060 R09: 00007ffea8175060 [ 736.538371] R10: 00007ffea8175060 R11: 0000000000000217 R12: 00007ffea81751d8 [ 736.538689] R13: 000000000040547a R14: 0000000000407df8 R15: 00007f095e193000 [ 736.539023] </TASK> [ 736.539132] Kernel panic - not syncing: softlockup: hung tasks " Hope it's helpful. Thanks! --- If you don't need the following environment to reproduce the problem or if you already have one reproduced environment, please ignore the following information. How to reproduce: git clone https://gitlab.com/xupengfe/repro_vm_env.git cd repro_vm_env tar -xvf repro_vm_env.tar.gz cd repro_vm_env; ./start3.sh // it needs qemu-system-x86_64 and I used v7.1.0 // start3.sh will load bzImage_2241ab53cbb5cdb08a6b2d4688feb13971058f65 v6.2-rc5 kernel // You could change the bzImage_xxx as you want // Maybe you need to remove line "-drive if=pflash,format=raw,readonly=on,file=./OVMF_CODE.fd \" for different qemu version You could use below command to log in, there is no password for root. ssh -p 10023 root@localhost After login vm(virtual machine) successfully, you could transfer reproduced binary to the vm by below way, and reproduce the problem in vm: gcc -pthread -o repro repro.c scp -P 10023 repro root@localhost:/root/ Get the bzImage for target kernel: Please use target kconfig and copy it to kernel_src/.config make olddefconfig make -jx bzImage //x should equal or less than cpu num your pc has Fill the bzImage file into above start3.sh to load the target kernel in vm. Tips: If you already have qemu-system-x86_64, please ignore below info. If you want to install qemu v7.1.0 version: git clone https://github.com/qemu/qemu.git cd qemu git checkout -f v7.1.0 mkdir build cd build yum install -y ninja-build.x86_64 yum -y install libslirp-devel.x86_64 ../configure --target-list=x86_64-softmmu --enable-kvm --enable-vnc --enable-gtk --enable-sdl --enable-usb-redir --enable-slirp make make install Best Regards, Thanks! On 2023-04-17 at 10:46:22 -0000, tip-bot2 for Yang Jihong wrote: > The following commit has been merged into the perf/core branch of tip: > > Commit-ID: 15def34e2635ab7e0e96f1bc32e1b69609f14942 > Gitweb: https://git.kernel.org/tip/15def34e2635ab7e0e96f1bc32e1b69609f14942 > Author: Yang Jihong <yangjihong1(a)huawei.com> > AuthorDate: Mon, 27 Feb 2023 10:35:08 +08:00 > Committer: Peter Zijlstra <peterz(a)infradead.org> > CommitterDate: Fri, 14 Apr 2023 16:08:22 +02:00 > > perf/core: Fix hardlockup failure caused by perf throttle > > commit e050e3f0a71bf ("perf: Fix broken interrupt rate throttling") > introduces a change in throttling threshold judgment. Before this, > compare hwc->interrupts and max_samples_per_tick, then increase > hwc->interrupts by 1, but this commit reverses order of these two > behaviors, causing the semantics of max_samples_per_tick to change. > In literal sense of "max_samples_per_tick", if hwc->interrupts == > max_samples_per_tick, it should not be throttled, therefore, the judgment > condition should be changed to "hwc->interrupts > max_samples_per_tick". > > In fact, this may cause the hardlockup to fail, The minimum value of > max_samples_per_tick may be 1, in this case, the return value of > __perf_event_account_interrupt function is 1. > As a result, nmi_watchdog gets throttled, which would stop PMU (Use x86 > architecture as an example, see x86_pmu_handle_irq). > > Fixes: e050e3f0a71b ("perf: Fix broken interrupt rate throttling") > Signed-off-by: Yang Jihong <yangjihong1(a)huawei.com> > Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> > Link: https://lkml.kernel.org/r/20230227023508.102230-1-yangjihong1@huawei.com > --- > kernel/events/core.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/kernel/events/core.c b/kernel/events/core.c > index fb3e436..82b95b8 100644 > --- a/kernel/events/core.c > +++ b/kernel/events/core.c > @@ -9433,8 +9433,8 @@ __perf_event_account_interrupt(struct perf_event *event, int throttle) > hwc->interrupts = 1; > } else { > hwc->interrupts++; > - if (unlikely(throttle > - && hwc->interrupts >= max_samples_per_tick)) { > + if (unlikely(throttle && > + hwc->interrupts > max_samples_per_tick)) { > __this_cpu_inc(perf_throttled_count); > tick_dep_set_cpu(smp_processor_id(), TICK_DEP_BIT_PERF_EVENTS); > hwc->interrupts = MAX_INTERRUPTS;

1 year, 3 months

1
0
0 0

[PATCH] perf/x86/intel: Limit the period on Haswell

by kan.liang＠linux.intel.com

From: Kan Liang <kan.liang(a)linux.intel.com> Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? intel_pmu_handle_irq+0x285/0x370 ? report_bug+0x3e/0xa0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? irq_work_claim+0x1e/0x40 ? intel_pmu_handle_irq+0x285/0x370 perf_event_nmi_handler+0x3d/0x60 nmi_handle+0x104/0x330 Thanks to Thomas Gleixner's analysis, the issue is caused by the low initial period (1) of the frequency estimation algorithm, which triggers the defects of the HW, specifically erratum HSW11 and HSW143. (For the details, please refer https://lore.kernel.org/lkml/87plq9l5d2.ffs@tglx/) The HSW11 requires a period larger than 100 for the INST_RETIRED.ALL event, but the initial period in the freq mode is 1. The erratum is the same as the BDM11, which has been supported in the kernel. A minimum period of 128 is enforced as well on HSW. HSW143 is regarding that the fixed counter 1 may overcount 32 with the Hyper-Threading is enabled. However, based on the test, the hardware has more issues than it tells. Besides the fixed counter 1, the message 'interrupt took too long' can be observed on any counter which was armed with a period < 32 and two events expired in the same NMI. A minimum period of 32 is enforced for the rest of the events. The recommended workaround code of the HSW143 is not implemented. Because it only addresses the issue for the fixed counter. It brings extra overhead through extra MSR writing. No related overcounting issue has been reported so far. Fixes: 3a632cb229bf ("perf/x86/intel: Add simple Haswell PMU support") Reported-by: Li Huafei <lihuafei1(a)huawei.com> Closes: https://lore.kernel.org/lkml/20240729223328.327835-1-lihuafei1@huawei.com/ Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Cc: Vince Weaver <vincent.weaver(a)maine.edu> Cc: stable(a)vger.kernel.org --- arch/x86/events/intel/core.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index e8bd45556c30..605ed19043ed 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -4634,6 +4634,25 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) return HYBRID_INTEL_CORE; } +static inline bool erratum_hsw11(struct perf_event *event) +{ + return (event->hw.config & INTEL_ARCH_EVENT_MASK) == + X86_CONFIG(.event=0xc0, .umask=0x01); +} + +/* + * The HSW11 requires a period larger than 100 which is the same as the BDM11. + * A minimum period of 128 is enforced as well for the INST_RETIRED.ALL. + * + * The message 'interrupt took too long' can be observed on any counter which + * was armed with a period < 32 and two events expired in the same NMI. + * A minimum period of 32 is enforced for the rest of the events. + */ +static void hsw_limit_period(struct perf_event *event, s64 *left) +{ + *left = max(*left, erratum_hsw11(event) ? 128 : 32); +} + /* * Broadwell: * @@ -4651,8 +4670,7 @@ static enum hybrid_cpu_type adl_get_hybrid_cpu_type(void) */ static void bdw_limit_period(struct perf_event *event, s64 *left) { - if ((event->hw.config & INTEL_ARCH_EVENT_MASK) == - X86_CONFIG(.event=0xc0, .umask=0x01)) { + if (erratum_hsw11(event)) { if (*left < 128) *left = 128; *left &= ~0x3fULL; @@ -6821,6 +6839,7 @@ __init int intel_pmu_init(void) x86_pmu.hw_config = hsw_hw_config; x86_pmu.get_event_constraints = hsw_get_event_constraints; + x86_pmu.limit_period = hsw_limit_period; x86_pmu.lbr_double_abort = true; extra_attr = boot_cpu_has(X86_FEATURE_RTM) ? hsw_format_attr : nhm_format_attr; -- 2.38.1

1 year, 3 months

2
1
0 0

[PATCH] crypto: sa2ul - fix memory leak in sa_cra_init_aead()

by Ma Ke

Currently the resource allocated by crypto_alloc_shash() is not freed in case crypto_alloc_aead() fails, resulting in memory leak. Add crypto_free_shash() to fix it. Found by code review. Cc: stable(a)vger.kernel.org Fixes: d2c8ac187fc9 ("crypto: sa2ul - Add AEAD algorithm support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/crypto/sa2ul.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/sa2ul.c b/drivers/crypto/sa2ul.c index 461eca40e878..b5af621f7f17 100644 --- a/drivers/crypto/sa2ul.c +++ b/drivers/crypto/sa2ul.c @@ -1740,7 +1740,8 @@ static int sa_cra_init_aead(struct crypto_aead *tfm, const char *hash, ctx->shash = crypto_alloc_shash(hash, 0, CRYPTO_ALG_NEED_FALLBACK); if (IS_ERR(ctx->shash)) { dev_err(sa_k3_dev, "base driver %s couldn't be loaded\n", hash); - return PTR_ERR(ctx->shash); + ret = PTR_ERR(ctx->shash); + goto err_free_shash; } ctx->fallback.aead = crypto_alloc_aead(fallback, 0, @@ -1749,7 +1750,8 @@ static int sa_cra_init_aead(struct crypto_aead *tfm, const char *hash, if (IS_ERR(ctx->fallback.aead)) { dev_err(sa_k3_dev, "fallback driver %s couldn't be loaded\n", fallback); - return PTR_ERR(ctx->fallback.aead); + ret = PTR_ERR(ctx->fallback.aead); + goto err_free_shash; } crypto_aead_set_reqsize(tfm, sizeof(struct aead_request) + @@ -1757,19 +1759,23 @@ static int sa_cra_init_aead(struct crypto_aead *tfm, const char *hash, ret = sa_init_ctx_info(&ctx->enc, data); if (ret) - return ret; + goto err_free_shash; ret = sa_init_ctx_info(&ctx->dec, data); - if (ret) { - sa_free_ctx_info(&ctx->enc, data); - return ret; - } + if (ret) + goto err_free_ctx_info; dev_dbg(sa_k3_dev, "%s(0x%p) sc-ids(0x%x(0x%pad), 0x%x(0x%pad))\n", __func__, tfm, ctx->enc.sc_id, &ctx->enc.sc_phys, ctx->dec.sc_id, &ctx->dec.sc_phys); return ret; + +err_free_ctx_info: + sa_free_ctx_info(&ctx->enc, data); +err_free_shash: + crypto_free_shash(ctx->shash); + return ret; } static int sa_cra_init_aead_sha1(struct crypto_aead *tfm) -- 2.25.1

1 year, 3 months

2
1
0 0

[git:media_stage/master] media: venus: fix use after free bug in venus_remove due to race condition

by Hans Verkuil

This is an automatic generated email to let you know that the following patch were queued: Subject: media: venus: fix use after free bug in venus_remove due to race condition Author: Zheng Wang <zyytlz.wz(a)163.com> Date: Tue Jun 18 14:55:59 2024 +0530 in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to make sync work. The core->work is started in venus_event_notify. If we call venus_remove, there might be an unfished work. The possible sequence is as follows: CPU0 CPU1 |venus_sys_error_handler venus_remove | hfi_destroy | venus_hfi_destroy | kfree(hdev); | |hfi_reinit |venus_hfi_queues_reinit |//use hdev Fix it by canceling the work in venus_remove. Cc: stable(a)vger.kernel.org Fixes: af2c3834c8ca ("[media] media: venus: adding core part and helper functions") Signed-off-by: Zheng Wang <zyytlz.wz(a)163.com> Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> Signed-off-by: Stanimir Varbanov <stanimir.k.varbanov(a)gmail.com> Signed-off-by: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> drivers/media/platform/qcom/venus/core.c | 1 + 1 file changed, 1 insertion(+) --- diff --git a/drivers/media/platform/qcom/venus/core.c b/drivers/media/platform/qcom/venus/core.c index 165c947a6703..84e95a46dfc9 100644 --- a/drivers/media/platform/qcom/venus/core.c +++ b/drivers/media/platform/qcom/venus/core.c @@ -430,6 +430,7 @@ static void venus_remove(struct platform_device *pdev) struct device *dev = core->dev; int ret; + cancel_delayed_work_sync(&core->work); ret = pm_runtime_get_sync(dev); WARN_ON(ret < 0);

1 year, 3 months

1
0
0 0

[PATCH RESEND] drm/nouveau: fix a possible null pointer dereference

by Ma Ke

In ch7006_encoder_get_modes(), the return value of drm_mode_duplicate() is used directly in drm_mode_probed_add(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Cc: stable(a)vger.kernel.org Fixes: 6ee738610f41 ("drm/nouveau: Add DRM driver for NVIDIA GPUs") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/i2c/ch7006_drv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i2c/ch7006_drv.c b/drivers/gpu/drm/i2c/ch7006_drv.c index 131512a5f3bd..48bf6e4e8bdb 100644 --- a/drivers/gpu/drm/i2c/ch7006_drv.c +++ b/drivers/gpu/drm/i2c/ch7006_drv.c @@ -229,6 +229,7 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, { struct ch7006_priv *priv = to_ch7006_priv(encoder); const struct ch7006_mode *mode; + struct drm_display_mode *encoder_mode = NULL; int n = 0; for (mode = ch7006_modes; mode->mode.clock; mode++) { @@ -236,8 +237,11 @@ static int ch7006_encoder_get_modes(struct drm_encoder *encoder, ~mode->valid_norms & 1<<priv->norm) continue; - drm_mode_probed_add(connector, - drm_mode_duplicate(encoder->dev, &mode->mode)); + encoder_mode = drm_mode_duplicate(encoder->dev, &mode->mode); + if (!encoder_mode) + return 0; + + drm_mode_probed_add(connector, encoder_mode); n++; } -- 2.25.1

1 year, 3 months

1
0
0 0

[PATCH v5 1/2] locking/lockdep: Avoid creating new name string literals in lockdep_set_subclass()

by Ahmed Ehab

Syzbot reports a problem that a warning will be triggered while searching a lock class in look_up_lock_class(). The cause of the issue is that a new name is created and used by lockdep_set_subclass() instead of using the existing one. This results in two lock classes with the same key but different name pointers and a WARN_ONCE() is triggered because of that in look_up_lock_class(). To fix this, change lockdep_set_subclass() to use the existing name instead of a new one. Hence, no new name will be created by lockdep_set_subclass(). Hence, the warning is avoided. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- v4->v5: - Changed the subject - Changed the changelog to be more detailed include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

1 year, 3 months

1
0
0 0

[PATCH AUTOSEL 6.10 01/24] drm/mediatek: Set sensible cursor width/height values to fix crash

by Sasha Levin

From: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> [ Upstream commit 042b8711a0beafb2c3b888bebe3c300ab4c817fa ] Hardware-speaking, there is no feature-reduced cursor specific plane, so this driver reserves the last all Overlay plane as a Cursor plane, but sets the maximum cursor width/height to the maximum value that the full overlay plane can use. While this could be ok, it raises issues with common userspace using libdrm (especially Mutter, but other compositors too) which will crash upon performing allocations and/or using said cursor plane. Reduce the maximum width/height for the cursor to 512x512 pixels, value taken from IGT's maximum cursor size test, which succeeds. Signed-off-by: AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> Reviewed-by: Fei Shao <fshao(a)chromium.org> Tested-by: Fei Shao <fshao(a)chromium.org> Reviewed-by: Daniel Stone <daniels(a)collabora.com> Reviewed-by: CK Hu <ck.hu(a)mediatek.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20240718082410.204459-… Signed-off-by: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 56f409ad7f390..ab2bace792e46 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -539,8 +539,8 @@ static int mtk_drm_kms_init(struct drm_device *drm) } /* IGT will check if the cursor size is configured */ - drm->mode_config.cursor_width = drm->mode_config.max_width; - drm->mode_config.cursor_height = drm->mode_config.max_height; + drm->mode_config.cursor_width = 512; + drm->mode_config.cursor_height = 512; /* Use OVL device for all DMA memory allocations */ crtc = drm_crtc_from_index(drm, 0); -- 2.43.0

1 year, 4 months

2
25
0 0

[PATCH AUTOSEL 6.6 01/20] ksmbd: override fsids for share path check

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit a018c1b636e79b60149b41151ded7c2606d8606e ] Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for share path check. Reported-by: Sangsoo Lee <constant.lee(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/smb/server/mgmt/share_config.c | 15 ++++++++++++--- fs/smb/server/mgmt/share_config.h | 4 +++- fs/smb/server/mgmt/tree_connect.c | 9 +++++---- fs/smb/server/mgmt/tree_connect.h | 4 ++-- fs/smb/server/smb2pdu.c | 2 +- fs/smb/server/smb_common.c | 9 +++++++-- fs/smb/server/smb_common.h | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c index e0a6b758094fc..d8d03070ae44b 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -15,6 +15,7 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" +#include "../connection.h" #include "../transport_ipc.h" #include "../misc.h" @@ -120,12 +121,13 @@ static int parse_veto_list(struct ksmbd_share_config *share, return 0; } -static struct ksmbd_share_config *share_config_request(struct unicode_map *um, +static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config_response *resp; struct ksmbd_share_config *share = NULL; struct ksmbd_share_config *lookup; + struct unicode_map *um = work->conn->um; int ret; resp = ksmbd_ipc_share_config_request(name); @@ -181,7 +183,14 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, KSMBD_SHARE_CONFIG_VETO_LIST(resp), resp->veto_list_sz); if (!ret && share->path) { + if (__ksmbd_override_fsids(work, share)) { + kill_share(share); + share = NULL; + goto out; + } + ret = kern_path(share->path, 0, &share->vfs_path); + ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", share->path); @@ -214,7 +223,7 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, return share; } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config *share; @@ -227,7 +236,7 @@ struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, if (share) return share; - return share_config_request(um, name); + return share_config_request(work, name); } bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, diff --git a/fs/smb/server/mgmt/share_config.h b/fs/smb/server/mgmt/share_config.h index 5f591751b9236..d4ac2dd4de204 100644 --- a/fs/smb/server/mgmt/share_config.h +++ b/fs/smb/server/mgmt/share_config.h @@ -11,6 +11,8 @@ #include <linux/path.h> #include <linux/unicode.h> +struct ksmbd_work; + struct ksmbd_share_config { char *name; char *path; @@ -68,7 +70,7 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) __ksmbd_share_config_put(share); } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index d2c81a8a11dda..94a52a75014a4 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -16,17 +16,18 @@ #include "user_session.h" struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) { struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; int ret; - sc = ksmbd_share_config_get(conn->um, share_name); + sc = ksmbd_share_config_get(work, share_name); if (!sc) return status; @@ -61,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, struct ksmbd_share_config *new_sc; ksmbd_share_config_del(sc); - new_sc = ksmbd_share_config_get(conn->um, share_name); + new_sc = ksmbd_share_config_get(work, share_name); if (!new_sc) { pr_err("Failed to update stale share config\n"); status.ret = -ESTALE; diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index 6377a70b811c8..a42cdd0510411 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -13,6 +13,7 @@ struct ksmbd_share_config; struct ksmbd_user; struct ksmbd_conn; +struct ksmbd_work; enum { TREE_NEW = 0, @@ -50,8 +51,7 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session; struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name); void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon); int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 592a2cdfd0670..646c874d151a8 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1955,7 +1955,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename); - status = ksmbd_tree_conn_connect(conn, sess, name); + status = ksmbd_tree_conn_connect(work, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index 474dadf6b7b8b..13818ecb6e1b2 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -732,10 +732,10 @@ bool is_asterisk(char *p) return p && p[0] == '*'; } -int ksmbd_override_fsids(struct ksmbd_work *work) +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share) { struct ksmbd_session *sess = work->sess; - struct ksmbd_share_config *share = work->tcon->share_conf; struct cred *cred; struct group_info *gi; unsigned int uid; @@ -775,6 +775,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) return 0; } +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + return __ksmbd_override_fsids(work, work->tcon->share_conf); +} + void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index f1092519c0c28..4a3148b0167f5 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -447,6 +447,8 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share); int ksmbd_override_fsids(struct ksmbd_work *work); void ksmbd_revert_fsids(struct ksmbd_work *work); -- 2.43.0

1 year, 4 months

2
21
0 0

[PATCH] pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins

by Huang-Huang Bao

The base iomux offsets for each GPIO pin line are accumulatively calculated based off iomux width flag in rockchip_pinctrl_get_soc_data. If the iomux width flag is one of IOMUX_WIDTH_4BIT, IOMUX_WIDTH_3BIT or IOMUX_WIDTH_2BIT, the base offset for next pin line would increase by 8 bytes, otherwise it would increase by 4 bytes. Despite most of GPIO2-B iomux have 2-bit data width, which can be fit into 4 bytes space with write mask, it actually take 8 bytes width for whole GPIO2-B line. Commit e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins") wrongly set iomux width flag to 0, causing all base iomux offset for line after GPIO2-B to be calculated wrong. Fix the iomux width flag to IOMUX_WIDTH_2BIT so the offset after GPIO2-B is correctly increased by 8, matching the actual width of GPIO2-B iomux. Fixes: e8448a6c817c ("pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins") Cc: stable(a)vger.kernel.org Reported-by: Richard Kojedzinszky <richard(a)kojedz.in> Closes: https://lore.kernel.org/linux-rockchip/4f29b743202397d60edfb3c725537415@koj… Tested-by: Richard Kojedzinszky <richard(a)kojedz.in> Signed-off-by: Huang-Huang Bao <i(a)eh5.me> --- I have double checked the iomux offsets in debug message match iomux register definitions in "GRF Register Description" section in RK3328 TRM[1]. [1]: https://opensource.rock-chips.com/images/9/97/Rockchip_RK3328TRM_V1.1-Part1… Kernel pinctrl debug message with dyndbg="file pinctrl-rockchip.c +p": rockchip-pinctrl pinctrl: bank 0, iomux 0 has iom_offset 0x0 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 1 has iom_offset 0x4 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 2 has iom_offset 0x8 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 0, iomux 3 has iom_offset 0xc drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 0 has iom_offset 0x10 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 1 has iom_offset 0x14 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 2 has iom_offset 0x18 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 1, iomux 3 has iom_offset 0x1c drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 0 has iom_offset 0x20 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 1 has iom_offset 0x24 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 2 has iom_offset 0x2c drv_offset 0x0 rockchip-pinctrl pinctrl: bank 2, iomux 3 has iom_offset 0x34 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 0 has iom_offset 0x38 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 1 has iom_offset 0x40 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 2 has iom_offset 0x48 drv_offset 0x0 rockchip-pinctrl pinctrl: bank 3, iomux 3 has iom_offset 0x4c drv_offset 0x0 The "Closes" links to test report from original reporter with original issue contained, which was not delivered to any mailing list thus not available on the web. Added CC stable as the problematic e8448a6c817c fixed by this patch was recently merged to stable kernels. Sorry for the inconvenience caused, Huang-Huang drivers/pinctrl/pinctrl-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/pinctrl-rockchip.c b/drivers/pinctrl/pinctrl-rockchip.c index 3f56991f5b89..f6da91941fbd 100644 --- a/drivers/pinctrl/pinctrl-rockchip.c +++ b/drivers/pinctrl/pinctrl-rockchip.c @@ -3813,7 +3813,7 @@ static struct rockchip_pin_bank rk3328_pin_banks[] = { PIN_BANK_IOMUX_FLAGS(0, 32, "gpio0", 0, 0, 0, 0), PIN_BANK_IOMUX_FLAGS(1, 32, "gpio1", 0, 0, 0, 0), PIN_BANK_IOMUX_FLAGS(2, 32, "gpio2", 0, - 0, + IOMUX_WIDTH_2BIT, IOMUX_WIDTH_3BIT, 0), PIN_BANK_IOMUX_FLAGS(3, 32, "gpio3", base-commit: 4376e966ecb78c520b0faf239d118ecfab42a119 -- 2.45.2

1 year, 4 months

5
5
0 0

WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c kernel 6.10.6 x86

by Roberto CORRADO

[ 4.546432] ------------[ cut here ]------------ [ 4.546498] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:256 pti_clone_pgtable+0x1ad/0x310 [ 4.546593] Modules linked in: [ 4.546660] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.10.6 #1 [ 4.546730] Hardware name: null [ 4.546818] EIP: pti_clone_pgtable+0x1ad/0x310 [ 4.546886] Code: 00 89 f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 <0f> 0b 0f 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 [ 4.547003] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.547073] ESI: 00000000 EDI: c92e76a8 EBP: c11e1f7c ESP: c11e1f4c [ 4.547142] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.547214] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.547284] Call Trace: [ 4.547365] ? show_regs.part.0+0x1c/0x24 [ 4.547435] ? show_regs.cold+0x7/0xc [ 4.547501] ? __warn.cold+0x42/0xe5 [ 4.547567] ? pti_clone_pgtable+0x1ad/0x310 [ 4.547634] ? report_bug+0xd7/0x180 [ 4.547703] ? exc_overflow+0x40/0x40 [ 4.547770] ? handle_bug+0x35/0x70 [ 4.547835] ? exc_invalid_op+0x18/0x60 [ 4.547902] ? handle_exception+0x133/0x133 [ 4.547971] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.548038] ? exc_overflow+0x40/0x40 [ 4.548104] ? pti_clone_pgtable+0x1ad/0x310 [ 4.548171] ? exc_overflow+0x40/0x40 [ 4.548236] ? pti_clone_pgtable+0x1ad/0x310 [ 4.548304] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.548392] ? rest_init+0xb8/0xb8 [ 4.548459] pti_finalize+0x30/0x80 [ 4.548525] kernel_init+0x66/0x120 [ 4.548590] ret_from_fork+0x38/0x60 [ 4.548657] ? rest_init+0xb8/0xb8 [ 4.548723] ret_from_fork_asm+0x12/0x1c [ 4.548789] entry_INT80_32+0xf0/0xf0 [ 4.548857] ---[ end trace 0000000000000000 ]--- [ 4.548925] ------------[ cut here ]------------ [ 4.548989] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:394 pti_clone_pgtable+0x1af/0x310 [ 4.549077] Modules linked in: [ 4.549141] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.549226] Hardware name: null [ 4.549312] EIP: pti_clone_pgtable+0x1af/0x310 [ 4.549397] Code: f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 0f 0b <0f> 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 d2 89 [ 4.549514] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.549584] ESI: 00000000 EDI: c92e76a8 EBP: c11e1f7c ESP: c11e1f4c [ 4.549653] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.549724] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.549794] Call Trace: [ 4.549855] ? show_regs.part.0+0x1c/0x24 [ 4.549923] ? show_regs.cold+0x7/0xc [ 4.549989] ? __warn.cold+0x42/0xe5 [ 4.550054] ? pti_clone_pgtable+0x1af/0x310 [ 4.550121] ? report_bug+0xd7/0x180 [ 4.550188] ? exc_overflow+0x40/0x40 [ 4.550254] ? handle_bug+0x35/0x70 [ 4.550319] ? exc_invalid_op+0x18/0x60 [ 4.550404] ? handle_exception+0x133/0x133 [ 4.550472] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.550540] ? exc_overflow+0x40/0x40 [ 4.550605] ? pti_clone_pgtable+0x1af/0x310 [ 4.550672] ? exc_overflow+0x40/0x40 [ 4.550737] ? pti_clone_pgtable+0x1af/0x310 [ 4.550805] ? __SCT__tp_func_ma_write+0x8/0x8 [ 4.550873] ? rest_init+0xb8/0xb8 [ 4.550938] pti_finalize+0x30/0x80 [ 4.551004] kernel_init+0x66/0x120 [ 4.551069] ret_from_fork+0x38/0x60 [ 4.551135] ? rest_init+0xb8/0xb8 [ 4.551201] ret_from_fork_asm+0x12/0x1c [ 4.551267] entry_INT80_32+0xf0/0xf0 [ 4.551344] ---[ end trace 0000000000000000 ]--- [ 4.551428] ------------[ cut here ]------------ [ 4.551493] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:256 pti_clone_pgtable+0x1ad/0x310 [ 4.551581] Modules linked in: [ 4.551645] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.551729] Hardware name: null [ 4.551816] EIP: pti_clone_pgtable+0x1ad/0x310 [ 4.551882] Code: 00 89 f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 <0f> 0b 0f 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 [ 4.551998] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.552068] ESI: 00000000 EDI: c9200000 EBP: c11e1f7c ESP: c11e1f4c [ 4.552138] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.552209] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.552278] Call Trace: [ 4.552351] ? show_regs.part.0+0x1c/0x24 [ 4.552422] ? show_regs.cold+0x7/0xc [ 4.552488] ? __warn.cold+0x42/0xe5 [ 4.552554] ? pti_clone_pgtable+0x1ad/0x310 [ 4.552620] ? report_bug+0xd7/0x180 [ 4.552688] ? exc_overflow+0x40/0x40 [ 4.552753] ? handle_bug+0x35/0x70 [ 4.552818] ? exc_invalid_op+0x18/0x60 [ 4.552884] ? handle_exception+0x133/0x133 [ 4.552952] ? unregister_dcbevent_notifier+0x10/0x20 [ 4.553022] ? exc_overflow+0x40/0x40 [ 4.553087] ? pti_clone_pgtable+0x1ad/0x310 [ 4.553155] ? exc_overflow+0x40/0x40 [ 4.553220] ? pti_clone_pgtable+0x1ad/0x310 [ 4.553287] ? 0xc8100000 [ 4.553368] ? 0xc8100000 [ 4.553432] ? rest_init+0xb8/0xb8 [ 4.553498] pti_finalize+0x5e/0x80 [ 4.553564] kernel_init+0x66/0x120 [ 4.553629] ret_from_fork+0x38/0x60 [ 4.553695] ? rest_init+0xb8/0xb8 [ 4.553761] ret_from_fork_asm+0x12/0x1c [ 4.553827] entry_INT80_32+0xf0/0xf0 [ 4.553895] ---[ end trace 0000000000000000 ]--- [ 4.553961] ------------[ cut here ]------------ [ 4.554026] WARNING: CPU: 1 PID: 1 at arch/x86/mm/pti.c:394 pti_clone_pgtable+0x1af/0x310 [ 4.554114] Modules linked in: [ 4.554178] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 6.10.6 #1 [ 4.554262] Hardware name: null [ 4.554366] EIP: pti_clone_pgtable+0x1af/0x310 [ 4.554433] Code: f8 e8 25 fd ff ff 89 45 d4 85 c0 74 1d 8b 08 31 d2 89 55 f0 8b 75 f0 89 c8 25 80 00 00 00 89 45 ec 8b 45 ec 09 f0 74 13 0f 0b <0f> 0b e9 64 ff ff ff 2e 8d b4 26 00 00 00 00 66 90 89 c8 31 d2 89 [ 4.554549] EAX: 00000080 EBX: 00000000 ECX: 092001e3 EDX: 00000000 [ 4.554618] ESI: 00000000 EDI: c9200000 EBP: c11e1f7c ESP: c11e1f4c [ 4.554687] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010202 [ 4.554758] CR0: 80050033 CR2: c9314e44 CR3: 09cd4000 CR4: 000006f0 [ 4.554828] Call Trace: [ 4.554890] ? show_regs.part.0+0x1c/0x24 [ 4.554957] ? show_regs.cold+0x7/0xc [ 4.555024] ? __warn.cold+0x42/0xe5 [ 4.555089] ? pti_clone_pgtable+0x1af/0x310 [ 4.555156] ? report_bug+0xd7/0x180 [ 4.555223] ? exc_overflow+0x40/0x40 [ 4.555289] ? handle_bug+0x35/0x70 [ 4.555384] ? exc_invalid_op+0x18/0x60 [ 4.555456] ? handle_exception+0x133/0x133 [ 4.555523] ? unregister_dcbevent_notifier+0x10/0x20 [ 4.555592] ? exc_overflow+0x40/0x40 [ 4.555658] ? pti_clone_pgtable+0x1af/0x310 [ 4.555725] ? exc_overflow+0x40/0x40 [ 4.555790] ? pti_clone_pgtable+0x1af/0x310 [ 4.555857] ? 0xc8100000 [ 4.555921] ? 0xc8100000 [ 4.556788] ? rest_init+0xb8/0xb8 [ 4.556854] pti_finalize+0x5e/0x80 [ 4.556920] kernel_init+0x66/0x120 [ 4.556986] ret_from_fork+0x38/0x60 [ 4.557052] ? rest_init+0xb8/0xb8 [ 4.557117] ret_from_fork_asm+0x12/0x1c [ 4.557183] entry_INT80_32+0xf0/0xf0 [ 4.557252] ---[ end trace 0000000000000000 ]---

1 year, 4 months

1
0
0 0

[PATCH v5 RESEND] EDAC/ti: Fix possible null pointer dereference in _emif_get_id()

by Ma Ke

In _emif_get_id(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by code review. Cc: stable(a)vger.kernel.org Fixes: 86a18ee21e5e ("EDAC, ti: Add support for TI keystone and DRA7xx EDAC") Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202408160935.A6QFliqt-lkp@intel.com/ Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v5: - According to the developer's suggestion, added an inspection of function of_translate_address(). However, kernel test robot reported a build warning, so the inspection is removed here, reverting to the modification solution of patch v3. Changes in v4: - added the check of of_translate_address() as suggestions. Changes in v3: - added the patch operations omitted in PATCH v2 RESEND compared to PATCH v2. Sorry for my oversight. Changes in v2: - added Cc stable line. --- drivers/edac/ti_edac.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/edac/ti_edac.c b/drivers/edac/ti_edac.c index 29723c9592f7..6f3da8d99eab 100644 --- a/drivers/edac/ti_edac.c +++ b/drivers/edac/ti_edac.c @@ -207,6 +207,9 @@ static int _emif_get_id(struct device_node *node) int my_id = 0; addrp = of_get_address(node, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + my_addr = (u32)of_translate_address(node, addrp); for_each_matching_node(np, ti_edac_of_match) { @@ -214,6 +217,9 @@ static int _emif_get_id(struct device_node *node) continue; addrp = of_get_address(np, 0, NULL, NULL); + if (!addrp) + return -EINVAL; + addr = (u32)of_translate_address(np, addrp); edac_printk(KERN_INFO, EDAC_MOD_NAME, -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH] PCI: dra7xx: Fix threaded IRQ handler registration

by Siddharth Vadapalli

Commit da87d35a6e51 ("PCI: dra7xx: Use threaded IRQ handler for "dra7xx-pcie-main" IRQ") switched from devm_request_irq() to devm_request_threaded_irq(). In this process, the "handler" and the "thread_fn" parameters were erroneously interchanged, with "NULL" being passed as the "handler" and "dra7xx_pcie_irq_handler()" being registered as the function to be called in a threaded interrupt context. Fix this by interchanging the "handler" and "thread_fn" parameters. While at it, correct the indentation. Fixes: da87d35a6e51 ("PCI: dra7xx: Use threaded IRQ handler for "dra7xx-pcie-main" IRQ") Cc: <stable(a)vger.kernel.org> Reported-by: Udit Kumar <u-kumar1(a)ti.com> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit d2bafcf224f3 Merge tag 'cgroup-for-6.11-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup of Mainline Linux. Regards, Siddharth. drivers/pci/controller/dwc/pci-dra7xx.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/dwc/pci-dra7xx.c b/drivers/pci/controller/dwc/pci-dra7xx.c index 4fe3b0cb72ec..4c64ac27af40 100644 --- a/drivers/pci/controller/dwc/pci-dra7xx.c +++ b/drivers/pci/controller/dwc/pci-dra7xx.c @@ -849,8 +849,9 @@ static int dra7xx_pcie_probe(struct platform_device *pdev) } dra7xx->mode = mode; - ret = devm_request_threaded_irq(dev, irq, NULL, dra7xx_pcie_irq_handler, - IRQF_SHARED, "dra7xx-pcie-main", dra7xx); + ret = devm_request_threaded_irq(dev, irq, dra7xx_pcie_irq_handler, NULL, + IRQF_SHARED, "dra7xx-pcie-main", + dra7xx); if (ret) { dev_err(dev, "failed to request irq\n"); goto err_gpio; -- 2.40.1

1 year, 4 months

1
1
0 0

+ mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mike Yuan <me(a)yhndnzj.com> Subject: mm/memcontrol: respect zswap.writeback setting from parent cg too Date: Fri, 23 Aug 2024 16:27:06 +0000 Currently, the behavior of zswap.writeback wrt. the cgroup hierarchy seems a bit odd. Unlike zswap.max, it doesn't honor the value from parent cgroups. This surfaced when people tried to globally disable zswap writeback, i.e. reserve physical swap space only for hibernation [1] - disabling zswap.writeback only for the root cgroup results in subcgroups with zswap.writeback=3D1 still performing writeback. The inconsistency became more noticeable after I introduced the MemoryZSwapWriteback=3D systemd unit setting [2] for controlling the knob. The patch assumed that the kernel would enforce the value of parent cgroups. It could probably be workarounded from systemd's side, by going up the slice unit tree and inheriting the value. Yet I think it's more sensible to make it behave consistently with zswap.max and friends. [1] https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate= #Disable_zswap_writeback_to_use_the_swap_space_only_for_hibernation [2] https://github.com/systemd/systemd/pull/31734 Link: https://lkml.kernel.org/r/20240823162506.12117-1-me@yhndnzj.com Fixes: 501a06fe8e4c ("zswap: memcontrol: implement zswap writeback disablin= g") Signed-off-by: Mike Yuan <me(a)yhndnzj.com> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Michal Koutn�� <mkoutny(a)suse.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: Shakeel Butt <shakeel.butt(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Documentation/admin-guide/cgroup-v2.rst | 7 ++++--- mm/memcontrol.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) --- a/Documentation/admin-guide/cgroup-v2.rst~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/Documentation/admin-guide/cgroup-v2.rst @@ -1717,9 +1717,10 @@ The following nested keys are defined. entries fault back in or are written out to disk. memory.zswap.writeback - A read-write single value file. The default value is "1". The - initial value of the root cgroup is 1, and when a new cgroup is - created, it inherits the current value of its parent. + A read-write single value file. The default value is "1". + Note that this setting is hierarchical, i.e. the writeback would be + implicitly disabled for child cgroups if the upper hierarchy + does so. When this is set to 0, all swapping attempts to swapping devices are disabled. This included both zswap writebacks, and swapping due --- a/mm/memcontrol.c~mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too +++ a/mm/memcontrol.c @@ -3613,8 +3613,7 @@ mem_cgroup_css_alloc(struct cgroup_subsy memcg1_soft_limit_reset(memcg); #ifdef CONFIG_ZSWAP memcg->zswap_max = PAGE_COUNTER_MAX; - WRITE_ONCE(memcg->zswap_writeback, - !parent || READ_ONCE(parent->zswap_writeback)); + WRITE_ONCE(memcg->zswap_writeback, true); #endif page_counter_set_high(&memcg->swap, PAGE_COUNTER_MAX); if (parent) { @@ -5320,7 +5319,14 @@ void obj_cgroup_uncharge_zswap(struct ob bool mem_cgroup_zswap_writeback_enabled(struct mem_cgroup *memcg) { /* if zswap is disabled, do not block pages going to the swapping device */ - return !zswap_is_enabled() || !memcg || READ_ONCE(memcg->zswap_writeback); + if (!zswap_is_enabled()) + return true; + + for (; memcg; memcg = parent_mem_cgroup(memcg)) + if (!READ_ONCE(memcg->zswap_writeback)) + return false; + + return true; } static u64 zswap_current_read(struct cgroup_subsys_state *css, _ Patches currently in -mm which might be from me(a)yhndnzj.com are mm-memcontrol-respect-zswapwriteback-setting-from-parent-cg-too.patch documentation-cgroup-v2-clarify-that-zswapwriteback-is-ignored-if-zswap-is-disabled.patch selftests-test_zswap-add-test-for-hierarchical-zswapwriteback.patch

1 year, 4 months

1
0
0 0

patch "usb: cdnsp: fix for Link TRB with TC" added to usb-linus

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: cdnsp: fix for Link TRB with TC to my usb git tree which can be found at git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git in the usb-linus branch. The patch will show up in the next release of the linux-next tree (usually sometime within the next 24 hours during the week.) The patch will hopefully also be merged in Linus's tree for the next -rc kernel release. If you have any questions about this process, please let me know. From 740f2e2791b98e47288b3814c83a3f566518fed2 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Wed, 21 Aug 2024 06:07:42 +0000 Subject: usb: cdnsp: fix for Link TRB with TC Stop Endpoint command on LINK TRB with TC bit set to 1 causes that internal cycle bit can have incorrect state after command complete. In consequence empty transfer ring can be incorrectly detected when EP is resumed. NOP TRB before LINK TRB avoid such scenario. Stop Endpoint command is then on NOP TRB and internal cycle bit is not changed and have correct value. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Reviewed-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB953878279F375CCCE6C6F40FDD8E2@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index dbee6f085277..84887dfea763 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -811,6 +811,7 @@ struct cdnsp_stream_info { * generate Missed Service Error Event. * Set skip flag when receive a Missed Service Error Event and * process the missed tds on the endpoint ring. + * @wa1_nop_trb: hold pointer to NOP trb. */ struct cdnsp_ep { struct usb_ep endpoint; @@ -838,6 +839,8 @@ struct cdnsp_ep { #define EP_UNCONFIGURED BIT(7) bool skip; + union cdnsp_trb *wa1_nop_trb; + }; /** diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index a60c0cb991cd..dbd83d321bca 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1904,6 +1904,23 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) if (ret) return ret; + /* + * workaround 1: STOP EP command on LINK TRB with TC bit set to 1 + * causes that internal cycle bit can have incorrect state after + * command complete. In consequence empty transfer ring can be + * incorrectly detected when EP is resumed. + * NOP TRB before LINK TRB avoid such scenario. STOP EP command is + * then on NOP TRB and internal cycle bit is not changed and have + * correct value. + */ + if (pep->wa1_nop_trb) { + field = le32_to_cpu(pep->wa1_nop_trb->trans_event.flags); + field ^= TRB_CYCLE; + + pep->wa1_nop_trb->trans_event.flags = cpu_to_le32(field); + pep->wa1_nop_trb = NULL; + } + /* * Don't give the first TRB to the hardware (by toggling the cycle bit) * until we've finished creating all the other TRBs. The ring's cycle @@ -1999,6 +2016,17 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) send_addr = addr; } + if (cdnsp_trb_is_link(ring->enqueue + 1)) { + field = TRB_TYPE(TRB_TR_NOOP) | TRB_IOC; + if (!ring->cycle_state) + field |= TRB_CYCLE; + + pep->wa1_nop_trb = ring->enqueue; + + cdnsp_queue_trb(pdev, ring, 0, 0x0, 0x0, + TRB_INTR_TARGET(0), field); + } + cdnsp_check_trb_math(preq, enqd_len); ret = cdnsp_giveback_first_trb(pdev, pep, preq->request.stream_id, start_cycle, start_trb); -- 2.46.0

1 year, 4 months

1
0
0 0

[PATCH v2] drm/i915/dp_mst: Fix MST state after a sink reset

by Imre Deak

In some cases the sink can reset itself after it was configured into MST mode, without the driver noticing the disconnected state. For instance the reset may happen in the middle of a modeset, or the (long) HPD pulse generated may be not long enough for the encoder detect handler to observe the HPD's deasserted state. In this case the sink's DPCD register programmed to enable MST will be reset, while the driver still assumes MST is still enabled. Detect this condition, which will tear down and recreate/re-enable the MST topology. v2: - Add a code comment about adjusting the expected DP_MSTM_CTRL register value for SST + SideBand. (Suraj, Jani) - Print a debug message about detecting the link reset. (Jani) - Verify the DPCD MST state only if it wasn't already determined that the sink is disconnected. Cc: stable(a)vger.kernel.org Cc: Jani Nikula <jani.nikula(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/11195 Reviewed-by: Suraj Kandpal <suraj.kandpal(a)intel.com> (v1) Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/i915/display/intel_dp.c | 12 +++++++ drivers/gpu/drm/i915/display/intel_dp_mst.c | 40 +++++++++++++++++++++ drivers/gpu/drm/i915/display/intel_dp_mst.h | 1 + 3 files changed, 53 insertions(+) diff --git a/drivers/gpu/drm/i915/display/intel_dp.c b/drivers/gpu/drm/i915/display/intel_dp.c index 6a0c7ae654f40..789c2f78826d0 100644 --- a/drivers/gpu/drm/i915/display/intel_dp.c +++ b/drivers/gpu/drm/i915/display/intel_dp.c @@ -5999,6 +5999,18 @@ intel_dp_detect(struct drm_connector *connector, else status = connector_status_disconnected; + if (status != connector_status_disconnected && + !intel_dp_mst_verify_dpcd_state(intel_dp)) + /* + * This requires retrying detection for instance to re-enable + * the MST mode that got reset via a long HPD pulse. The retry + * will happen either via the hotplug handler's retry logic, + * ensured by setting the connector here to SST/disconnected, + * or via a userspace connector probing in response to the + * hotplug uevent sent when removing the MST connectors. + */ + status = connector_status_disconnected; + if (status == connector_status_disconnected) { memset(&intel_dp->compliance, 0, sizeof(intel_dp->compliance)); memset(intel_connector->dp.dsc_dpcd, 0, sizeof(intel_connector->dp.dsc_dpcd)); diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c index 45d2230d1801b..15541932b809e 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.c +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c @@ -2062,3 +2062,43 @@ void intel_dp_mst_prepare_probe(struct intel_dp *intel_dp) intel_mst_set_probed_link_params(intel_dp, link_rate, lane_count); } + +/* + * intel_dp_mst_verify_dpcd_state - verify the MST SW enabled state wrt. the DPCD + * @intel_dp: DP port object + * + * Verify if @intel_dp's MST enabled SW state matches the corresponding DPCD + * state. A long HPD pulse - not long enough to be detected as a disconnected + * state - could've reset the DPCD state, which requires tearing + * down/recreating the MST topology. + * + * Returns %true if the SW MST enabled and DPCD states match, %false + * otherwise. + */ +bool intel_dp_mst_verify_dpcd_state(struct intel_dp *intel_dp) +{ + struct intel_display *display = to_intel_display(intel_dp); + struct intel_connector *connector = intel_dp->attached_connector; + struct intel_digital_port *dig_port = dp_to_dig_port(intel_dp); + struct intel_encoder *encoder = &dig_port->base; + int ret; + u8 val; + + if (!intel_dp->is_mst) + return true; + + ret = drm_dp_dpcd_readb(intel_dp->mst_mgr.aux, DP_MSTM_CTRL, &val); + + /* Adjust the expected register value for SST + SideBand. */ + if (ret < 0 || val != (DP_MST_EN | DP_UP_REQ_EN | DP_UPSTREAM_IS_SRC)) { + drm_dbg_kms(display->drm, + "[CONNECTOR:%d:%s][ENCODER:%d:%s] MST mode got reset, removing topology (ret=%d, ctrl=0x%02x)\n", + connector->base.base.id, connector->base.name, + encoder->base.base.id, encoder->base.name, + ret, val); + + return false; + } + + return true; +} diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.h b/drivers/gpu/drm/i915/display/intel_dp_mst.h index fba76454fa67f..8343804ce3f8d 100644 --- a/drivers/gpu/drm/i915/display/intel_dp_mst.h +++ b/drivers/gpu/drm/i915/display/intel_dp_mst.h @@ -28,5 +28,6 @@ int intel_dp_mst_atomic_check_link(struct intel_atomic_state *state, bool intel_dp_mst_crtc_needs_modeset(struct intel_atomic_state *state, struct intel_crtc *crtc); void intel_dp_mst_prepare_probe(struct intel_dp *intel_dp); +bool intel_dp_mst_verify_dpcd_state(struct intel_dp *intel_dp); #endif /* __INTEL_DP_MST_H__ */ -- 2.44.2

1 year, 4 months

1
0
0 0

[PATCH v3 1/3] mm/memcontrol: respect zswap.writeback setting from parent cg too

by Mike Yuan

Currently, the behavior of zswap.writeback wrt. the cgroup hierarchy seems a bit odd. Unlike zswap.max, it doesn't honor the value from parent cgroups. This surfaced when people tried to globally disable zswap writeback, i.e. reserve physical swap space only for hibernation [1] - disabling zswap.writeback only for the root cgroup results in subcgroups with zswap.writeback=1 still performing writeback. The inconsistency became more noticeable after I introduced the MemoryZSwapWriteback= systemd unit setting [2] for controlling the knob. The patch assumed that the kernel would enforce the value of parent cgroups. It could probably be workarounded from systemd's side, by going up the slice unit tree and inheriting the value. Yet I think it's more sensible to make it behave consistently with zswap.max and friends. [1] https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Dis… [2] https://github.com/systemd/systemd/pull/31734 Changes in v3: - Additionally drop inheritance of zswap.writeback setting on cgroup creation, which is no longer needed Link to v2: https://lore.kernel.org/linux-kernel/20240816144344.18135-1-me@yhndnzj.com/ Changes in v2: - Actually base on latest tree (is_zswap_enabled() -> zswap_is_enabled()) - Update Documentation/admin-guide/cgroup-v2.rst to reflect the change Link to v1: https://lore.kernel.org/linux-kernel/20240814171800.23558-1-me@yhndnzj.com/ Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: Yosry Ahmed <yosryahmed(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Michal Koutný <mkoutny(a)suse.com> Fixes: 501a06fe8e4c ("zswap: memcontrol: implement zswap writeback disabling") Cc: <stable(a)vger.kernel.org> Signed-off-by: Mike Yuan <me(a)yhndnzj.com> Reviewed-by: Nhat Pham <nphamcs(a)gmail.com> Acked-by: Yosry Ahmed <yosryahmed(a)google.com> --- Documentation/admin-guide/cgroup-v2.rst | 7 ++++--- mm/memcontrol.c | 12 +++++++++--- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/Documentation/admin-guide/cgroup-v2.rst b/Documentation/admin-guide/cgroup-v2.rst index 86311c2907cd..95c18bc17083 100644 --- a/Documentation/admin-guide/cgroup-v2.rst +++ b/Documentation/admin-guide/cgroup-v2.rst @@ -1717,9 +1717,10 @@ The following nested keys are defined. entries fault back in or are written out to disk. memory.zswap.writeback - A read-write single value file. The default value is "1". The - initial value of the root cgroup is 1, and when a new cgroup is - created, it inherits the current value of its parent. + A read-write single value file. The default value is "1". + Note that this setting is hierarchical, i.e. the writeback would be + implicitly disabled for child cgroups if the upper hierarchy + does so. When this is set to 0, all swapping attempts to swapping devices are disabled. This included both zswap writebacks, and swapping due diff --git a/mm/memcontrol.c b/mm/memcontrol.c index f29157288b7d..d563fb515766 100644 --- a/mm/memcontrol.c +++ b/mm/memcontrol.c @@ -3613,8 +3613,7 @@ mem_cgroup_css_alloc(struct cgroup_subsys_state *parent_css) memcg1_soft_limit_reset(memcg); #ifdef CONFIG_ZSWAP memcg->zswap_max = PAGE_COUNTER_MAX; - WRITE_ONCE(memcg->zswap_writeback, - !parent || READ_ONCE(parent->zswap_writeback)); + WRITE_ONCE(memcg->zswap_writeback, true); #endif page_counter_set_high(&memcg->swap, PAGE_COUNTER_MAX); if (parent) { @@ -5320,7 +5319,14 @@ void obj_cgroup_uncharge_zswap(struct obj_cgroup *objcg, size_t size) bool mem_cgroup_zswap_writeback_enabled(struct mem_cgroup *memcg) { /* if zswap is disabled, do not block pages going to the swapping device */ - return !zswap_is_enabled() || !memcg || READ_ONCE(memcg->zswap_writeback); + if (!zswap_is_enabled()) + return true; + + for (; memcg; memcg = parent_mem_cgroup(memcg)) + if (!READ_ONCE(memcg->zswap_writeback)) + return false; + + return true; } static u64 zswap_current_read(struct cgroup_subsys_state *css, base-commit: 47ac09b91befbb6a235ab620c32af719f8208399 -- 2.46.0

1 year, 4 months

1
0
0 0

[PATCH] pinctrl: single: fix potential NULL dereference in pcs_get_function()

by Ma Ke

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-single.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c index 4c6bfabb6bd7..4da3c3f422b6 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c @@ -345,6 +345,8 @@ static int pcs_get_function(struct pinctrl_dev *pctldev, unsigned pin, return -ENOTSUPP; fselector = setting->func; function = pinmux_generic_get_function(pctldev, fselector); + if (!function) + return -EINVAL; *func = function->data; if (!(*func)) { dev_err(pcs->dev, "%s could not find function%i\n", -- 2.25.1

1 year, 4 months

2
1
0 0

[PATCH net 1/3] net: txgbe: add IO address in I2C platform device data

by Jiawen Wu

Consider the necessity of reading/writing the IO address to acquire and release the lock between software and firmware, add the IO address as the platform data to register I2C platform device. Cc: stable(a)vger.kernel.org Fixes: c625e72561f6 ("net: txgbe: Register I2C platform device") Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c | 5 +++++ include/linux/platform_data/i2c-wx.h | 11 +++++++++++ 2 files changed, 16 insertions(+) create mode 100644 include/linux/platform_data/i2c-wx.h diff --git a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c index 5f502265f0a6..781a3a34aa4c 100644 --- a/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c +++ b/drivers/net/ethernet/wangxun/txgbe/txgbe_phy.c @@ -9,6 +9,7 @@ #include <linux/i2c.h> #include <linux/pci.h> #include <linux/platform_device.h> +#include <linux/platform_data/i2c-wx.h> #include <linux/regmap.h> #include <linux/pcs/pcs-xpcs.h> #include <linux/phylink.h> @@ -618,6 +619,7 @@ static const struct regmap_config i2c_regmap_config = { static int txgbe_i2c_register(struct txgbe *txgbe) { + struct txgbe_i2c_platform_data pdata = {}; struct platform_device_info info = {}; struct platform_device *i2c_dev; struct regmap *i2c_regmap; @@ -636,6 +638,9 @@ static int txgbe_i2c_register(struct txgbe *txgbe) info.fwnode = software_node_fwnode(txgbe->nodes.group[SWNODE_I2C]); info.name = "i2c_designware"; info.id = pci_dev_id(pdev); + pdata.hw_addr = wx->hw_addr; + info.data = &pdata; + info.size_data = sizeof(pdata); info.res = &DEFINE_RES_IRQ(pdev->irq); info.num_res = 1; diff --git a/include/linux/platform_data/i2c-wx.h b/include/linux/platform_data/i2c-wx.h new file mode 100644 index 000000000000..b46777fa1d85 --- /dev/null +++ b/include/linux/platform_data/i2c-wx.h @@ -0,0 +1,11 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* Copyright (c) 2015 - 2024 Beijing WangXun Technology Co., Ltd. */ + +#ifndef _I2C_WX_H_ +#define _I2C_WX_H_ + +struct txgbe_i2c_platform_data { + void __iomem *hw_addr; +}; + +#endif /* _I2C_WX_H_ */ -- 2.27.0

1 year, 4 months

2
1
0 0

[PATCH AUTOSEL 4.19 1/6] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index cea005cc7b2ab..c762335587a43 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -407,8 +407,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

1 year, 4 months

1
5
0 0

[PATCH AUTOSEL 5.4 1/7] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index 73ad78f47763c..7814856636907 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

1 year, 4 months

1
6
0 0

[PATCH AUTOSEL 5.10 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index 06d9f19ca142a..0774d753dd316 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

1 year, 4 months

1
8
0 0

[PATCH AUTOSEL 5.15 1/9] usbnet: ipheth: race between ipheth_close and error handling

by Sasha Levin

From: Oliver Neukum <oneukum(a)suse.com> [ Upstream commit e5876b088ba03a62124266fa20d00e65533c7269 ] ipheth_sndbulk_callback() can submit carrier_work as a part of its error handling. That means that the driver must make sure that the work is cancelled after it has made sure that no more URB can terminate with an error condition. Hence the order of actions in ipheth_close() needs to be inverted. Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Signed-off-by: Foster Snowhill <forst(a)pen.gy> Tested-by: Georgi Valkov <gvalkov(a)gmail.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/usb/ipheth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/usb/ipheth.c b/drivers/net/usb/ipheth.c index d56e276e4d805..4485388dcff2e 100644 --- a/drivers/net/usb/ipheth.c +++ b/drivers/net/usb/ipheth.c @@ -353,8 +353,8 @@ static int ipheth_close(struct net_device *net) { struct ipheth_device *dev = netdev_priv(net); - cancel_delayed_work_sync(&dev->carrier_work); netif_stop_queue(net); + cancel_delayed_work_sync(&dev->carrier_work); return 0; } -- 2.43.0

1 year, 4 months

1
8
0 0

[PATCH AUTOSEL 6.1 01/13] ksmbd: override fsids for share path check

by Sasha Levin

From: Namjae Jeon <linkinjeon(a)kernel.org> [ Upstream commit a018c1b636e79b60149b41151ded7c2606d8606e ] Sangsoo reported that a DAC denial error occurred when accessing files through the ksmbd thread. This patch override fsids for share path check. Reported-by: Sangsoo Lee <constant.lee(a)samsung.com> Signed-off-by: Namjae Jeon <linkinjeon(a)kernel.org> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- fs/smb/server/mgmt/share_config.c | 15 ++++++++++++--- fs/smb/server/mgmt/share_config.h | 4 +++- fs/smb/server/mgmt/tree_connect.c | 9 +++++---- fs/smb/server/mgmt/tree_connect.h | 4 ++-- fs/smb/server/smb2pdu.c | 2 +- fs/smb/server/smb_common.c | 9 +++++++-- fs/smb/server/smb_common.h | 2 ++ 7 files changed, 32 insertions(+), 13 deletions(-) diff --git a/fs/smb/server/mgmt/share_config.c b/fs/smb/server/mgmt/share_config.c index e0a6b758094fc..d8d03070ae44b 100644 --- a/fs/smb/server/mgmt/share_config.c +++ b/fs/smb/server/mgmt/share_config.c @@ -15,6 +15,7 @@ #include "share_config.h" #include "user_config.h" #include "user_session.h" +#include "../connection.h" #include "../transport_ipc.h" #include "../misc.h" @@ -120,12 +121,13 @@ static int parse_veto_list(struct ksmbd_share_config *share, return 0; } -static struct ksmbd_share_config *share_config_request(struct unicode_map *um, +static struct ksmbd_share_config *share_config_request(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config_response *resp; struct ksmbd_share_config *share = NULL; struct ksmbd_share_config *lookup; + struct unicode_map *um = work->conn->um; int ret; resp = ksmbd_ipc_share_config_request(name); @@ -181,7 +183,14 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, KSMBD_SHARE_CONFIG_VETO_LIST(resp), resp->veto_list_sz); if (!ret && share->path) { + if (__ksmbd_override_fsids(work, share)) { + kill_share(share); + share = NULL; + goto out; + } + ret = kern_path(share->path, 0, &share->vfs_path); + ksmbd_revert_fsids(work); if (ret) { ksmbd_debug(SMB, "failed to access '%s'\n", share->path); @@ -214,7 +223,7 @@ static struct ksmbd_share_config *share_config_request(struct unicode_map *um, return share; } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name) { struct ksmbd_share_config *share; @@ -227,7 +236,7 @@ struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, if (share) return share; - return share_config_request(um, name); + return share_config_request(work, name); } bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, diff --git a/fs/smb/server/mgmt/share_config.h b/fs/smb/server/mgmt/share_config.h index 5f591751b9236..d4ac2dd4de204 100644 --- a/fs/smb/server/mgmt/share_config.h +++ b/fs/smb/server/mgmt/share_config.h @@ -11,6 +11,8 @@ #include <linux/path.h> #include <linux/unicode.h> +struct ksmbd_work; + struct ksmbd_share_config { char *name; char *path; @@ -68,7 +70,7 @@ static inline void ksmbd_share_config_put(struct ksmbd_share_config *share) __ksmbd_share_config_put(share); } -struct ksmbd_share_config *ksmbd_share_config_get(struct unicode_map *um, +struct ksmbd_share_config *ksmbd_share_config_get(struct ksmbd_work *work, const char *name); bool ksmbd_share_veto_filename(struct ksmbd_share_config *share, const char *filename); diff --git a/fs/smb/server/mgmt/tree_connect.c b/fs/smb/server/mgmt/tree_connect.c index d2c81a8a11dda..94a52a75014a4 100644 --- a/fs/smb/server/mgmt/tree_connect.c +++ b/fs/smb/server/mgmt/tree_connect.c @@ -16,17 +16,18 @@ #include "user_session.h" struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name) +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name) { struct ksmbd_tree_conn_status status = {-ENOENT, NULL}; struct ksmbd_tree_connect_response *resp = NULL; struct ksmbd_share_config *sc; struct ksmbd_tree_connect *tree_conn = NULL; struct sockaddr *peer_addr; + struct ksmbd_conn *conn = work->conn; + struct ksmbd_session *sess = work->sess; int ret; - sc = ksmbd_share_config_get(conn->um, share_name); + sc = ksmbd_share_config_get(work, share_name); if (!sc) return status; @@ -61,7 +62,7 @@ ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, struct ksmbd_share_config *new_sc; ksmbd_share_config_del(sc); - new_sc = ksmbd_share_config_get(conn->um, share_name); + new_sc = ksmbd_share_config_get(work, share_name); if (!new_sc) { pr_err("Failed to update stale share config\n"); status.ret = -ESTALE; diff --git a/fs/smb/server/mgmt/tree_connect.h b/fs/smb/server/mgmt/tree_connect.h index 6377a70b811c8..a42cdd0510411 100644 --- a/fs/smb/server/mgmt/tree_connect.h +++ b/fs/smb/server/mgmt/tree_connect.h @@ -13,6 +13,7 @@ struct ksmbd_share_config; struct ksmbd_user; struct ksmbd_conn; +struct ksmbd_work; enum { TREE_NEW = 0, @@ -50,8 +51,7 @@ static inline int test_tree_conn_flag(struct ksmbd_tree_connect *tree_conn, struct ksmbd_session; struct ksmbd_tree_conn_status -ksmbd_tree_conn_connect(struct ksmbd_conn *conn, struct ksmbd_session *sess, - const char *share_name); +ksmbd_tree_conn_connect(struct ksmbd_work *work, const char *share_name); void ksmbd_tree_connect_put(struct ksmbd_tree_connect *tcon); int ksmbd_tree_conn_disconnect(struct ksmbd_session *sess, diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c index 4ba6bf1535da1..d97c7982bb3ee 100644 --- a/fs/smb/server/smb2pdu.c +++ b/fs/smb/server/smb2pdu.c @@ -1971,7 +1971,7 @@ int smb2_tree_connect(struct ksmbd_work *work) ksmbd_debug(SMB, "tree connect request for tree %s treename %s\n", name, treename); - status = ksmbd_tree_conn_connect(conn, sess, name); + status = ksmbd_tree_conn_connect(work, name); if (status.ret == KSMBD_TREE_CONN_STATUS_OK) rsp->hdr.Id.SyncId.TreeId = cpu_to_le32(status.tree_conn->id); else diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c index e90a1e8c1951d..bdcdc0fc9cad5 100644 --- a/fs/smb/server/smb_common.c +++ b/fs/smb/server/smb_common.c @@ -729,10 +729,10 @@ bool is_asterisk(char *p) return p && p[0] == '*'; } -int ksmbd_override_fsids(struct ksmbd_work *work) +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share) { struct ksmbd_session *sess = work->sess; - struct ksmbd_share_config *share = work->tcon->share_conf; struct cred *cred; struct group_info *gi; unsigned int uid; @@ -772,6 +772,11 @@ int ksmbd_override_fsids(struct ksmbd_work *work) return 0; } +int ksmbd_override_fsids(struct ksmbd_work *work) +{ + return __ksmbd_override_fsids(work, work->tcon->share_conf); +} + void ksmbd_revert_fsids(struct ksmbd_work *work) { const struct cred *cred; diff --git a/fs/smb/server/smb_common.h b/fs/smb/server/smb_common.h index f1092519c0c28..4a3148b0167f5 100644 --- a/fs/smb/server/smb_common.h +++ b/fs/smb/server/smb_common.h @@ -447,6 +447,8 @@ int ksmbd_extract_shortname(struct ksmbd_conn *conn, int ksmbd_smb_negotiate_common(struct ksmbd_work *work, unsigned int command); int ksmbd_smb_check_shared_mode(struct file *filp, struct ksmbd_file *curr_fp); +int __ksmbd_override_fsids(struct ksmbd_work *work, + struct ksmbd_share_config *share); int ksmbd_override_fsids(struct ksmbd_work *work); void ksmbd_revert_fsids(struct ksmbd_work *work); -- 2.43.0

1 year, 4 months

1
12
0 0

[PATCH net] net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response

by Haiyang Zhang

The mana_hwc_rx_event_handler() / mana_hwc_handle_resp() calls complete(&ctx->comp_event) before posting the wqe back. It's possible that other callers, like mana_create_txq(), start the next round of mana_hwc_send_request() before the posting of wqe. And if the HW is fast enough to respond, it can hit no_wqe error on the HW channel, then the response message is lost. The mana driver may fail to create queues and open, because of waiting for the HW response and timed out. Sample dmesg: [ 528.610840] mana 39d4:00:02.0: HWC: Request timed out! [ 528.614452] mana 39d4:00:02.0: Failed to send mana message: -110, 0x0 [ 528.618326] mana 39d4:00:02.0 enP14804s2: Failed to create WQ object: -110 To fix it, move posting of rx wqe before complete(&ctx->comp_event). Cc: stable(a)vger.kernel.org Fixes: ca9c54d2d6a5 ("net: mana: Add a driver for Microsoft Azure Network Adapter (MANA)") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- .../net/ethernet/microsoft/mana/hw_channel.c | 62 ++++++++++--------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/drivers/net/ethernet/microsoft/mana/hw_channel.c b/drivers/net/ethernet/microsoft/mana/hw_channel.c index cafded2f9382..a00f915c5188 100644 --- a/drivers/net/ethernet/microsoft/mana/hw_channel.c +++ b/drivers/net/ethernet/microsoft/mana/hw_channel.c @@ -52,9 +52,33 @@ static int mana_hwc_verify_resp_msg(const struct hwc_caller_ctx *caller_ctx, return 0; } +static int mana_hwc_post_rx_wqe(const struct hwc_wq *hwc_rxq, + struct hwc_work_request *req) +{ + struct device *dev = hwc_rxq->hwc->dev; + struct gdma_sge *sge; + int err; + + sge = &req->sge; + sge->address = (u64)req->buf_sge_addr; + sge->mem_key = hwc_rxq->msg_buf->gpa_mkey; + sge->size = req->buf_len; + + memset(&req->wqe_req, 0, sizeof(struct gdma_wqe_request)); + req->wqe_req.sgl = sge; + req->wqe_req.num_sge = 1; + req->wqe_req.client_data_unit = 0; + + err = mana_gd_post_and_ring(hwc_rxq->gdma_wq, &req->wqe_req, NULL); + if (err) + dev_err(dev, "Failed to post WQE on HWC RQ: %d\n", err); + return err; +} + static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, - const struct gdma_resp_hdr *resp_msg) + struct hwc_work_request *rx_req) { + const struct gdma_resp_hdr *resp_msg = rx_req->buf_va; struct hwc_caller_ctx *ctx; int err; @@ -62,6 +86,7 @@ static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, hwc->inflight_msg_res.map)) { dev_err(hwc->dev, "hwc_rx: invalid msg_id = %u\n", resp_msg->response.hwc_msg_id); + mana_hwc_post_rx_wqe(hwc->rxq, rx_req); return; } @@ -75,30 +100,13 @@ static void mana_hwc_handle_resp(struct hw_channel_context *hwc, u32 resp_len, memcpy(ctx->output_buf, resp_msg, resp_len); out: ctx->error = err; - complete(&ctx->comp_event); -} - -static int mana_hwc_post_rx_wqe(const struct hwc_wq *hwc_rxq, - struct hwc_work_request *req) -{ - struct device *dev = hwc_rxq->hwc->dev; - struct gdma_sge *sge; - int err; - - sge = &req->sge; - sge->address = (u64)req->buf_sge_addr; - sge->mem_key = hwc_rxq->msg_buf->gpa_mkey; - sge->size = req->buf_len; - memset(&req->wqe_req, 0, sizeof(struct gdma_wqe_request)); - req->wqe_req.sgl = sge; - req->wqe_req.num_sge = 1; - req->wqe_req.client_data_unit = 0; + /* Must post rx wqe before complete(), otherwise the next rx may + * hit no_wqe error. + */ + mana_hwc_post_rx_wqe(hwc->rxq, rx_req); - err = mana_gd_post_and_ring(hwc_rxq->gdma_wq, &req->wqe_req, NULL); - if (err) - dev_err(dev, "Failed to post WQE on HWC RQ: %d\n", err); - return err; + complete(&ctx->comp_event); } static void mana_hwc_init_event_handler(void *ctx, struct gdma_queue *q_self, @@ -235,14 +243,12 @@ static void mana_hwc_rx_event_handler(void *ctx, u32 gdma_rxq_id, return; } - mana_hwc_handle_resp(hwc, rx_oob->tx_oob_data_size, resp); + mana_hwc_handle_resp(hwc, rx_oob->tx_oob_data_size, rx_req); - /* Do no longer use 'resp', because the buffer is posted to the HW - * in the below mana_hwc_post_rx_wqe(). + /* Can no longer use 'resp', because the buffer is posted to the HW + * in mana_hwc_handle_resp() above. */ resp = NULL; - - mana_hwc_post_rx_wqe(hwc_rxq, rx_req); } static void mana_hwc_tx_event_handler(void *ctx, u32 gdma_txq_id, -- 2.34.1

1 year, 4 months

4
4
0 0

ASUS GA402XY (ACL285) Headset mic not working with 6.9 and 6.10 kernel

by Andrey Kashtanov

Greetings! I've run into a problem with an external microphone (3.5 jack headset) and fresh kernels (6.9, 6.10) When using the 6.9 or the 6.10 kernel system doesn't see an external mic from the headset (3.5 jack). Instead, there's only an internal mic plugged/available in the system. When using the 6.8 kernel or less it's okay, I can use mic from the headset. So currently I'm on 6.8.12. Also opened a bug on bugzilla ( https://bugzilla.kernel.org/show_bug.cgi?id=219158) Laptop Model: Asus ROG G14 GA402XY Codec: Realtek ALC285 + Cirrus logic cs35l41 OS: Debian Testing Kernel: 6.9.x, 6.10 represents the issue, 6.8.x no DE: Gnome 46, wayland What I've tried: - Play with snd_hda_intel model parameters from here: https://www.kernel.org/doc/html/latest/sound/hd-audio/models.html?highlight… ex: options snd_hda_intel model=dell-headset-mic - Retask jack with hdajackretask - Install a fresh system on another ssd (latest PopOS) - after kernel update to 6.9.x (from the repository) it's the same issue.

1 year, 4 months

1
0
0 0

Re: Patch "Input: bcm5974 - check endpoint type before starting traffic" has been added to the 6.1-stable tree

by Dmitry Torokhov

On Mon, Aug 19, 2024 at 10:25:08AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Input: bcm5974 - check endpoint type before starting traffic > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > input-bcm5974-check-endpoint-type-before-starting-tr.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop it, it was reverted. Thanks. -- Dmitry

1 year, 4 months

2
1
0 0

RE: Patch "drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2" has been added to the 6.6-stable tree

by Deucher, Alexander

[Public] > -----Original Message----- > From: Sasha Levin <sashal(a)kernel.org> > Sent: Wednesday, August 21, 2024 9:33 AM > To: stable-commits(a)vger.kernel.org; Xiao, Jack <Jack.Xiao(a)amd.com> > Cc: Deucher, Alexander <Alexander.Deucher(a)amd.com>; Koenig, Christian > <Christian.Koenig(a)amd.com>; Pan, Xinhui <Xinhui.Pan(a)amd.com>; David > Airlie <airlied(a)gmail.com>; Daniel Vetter <daniel(a)ffwll.ch> > Subject: Patch "drm/amdgpu/gfx11: need acquire mutex before access > CP_VMID_RESET v2" has been added to the 6.6-stable tree > > This is a note to let you know that I've just added the patch titled > > drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2 > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable- > queue.git;a=summary > > The filename of the patch is: > drm-amdgpu-gfx11-need-acquire-mutex-before-access-cp.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, please let > <stable(a)vger.kernel.org> know about it. > This patch is not stable material. Please drop for stable. Thanks, Alex > > > commit 72516630230bee2668c491fdafcac27c565a5ad5 > Author: Jack Xiao <Jack.Xiao(a)amd.com> > Date: Tue Dec 19 17:10:34 2023 +0800 > > drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2 > > [ Upstream commit 4b5c5f5ad38b9435518730cc7f8f1e8de9c5cb2f ] > > It's required to take the gfx mutex before access to CP_VMID_RESET, > for there is a race condition with CP firmware to write the register. > > v2: add extra code to ensure the mutex releasing is successful. > > Signed-off-by: Jack Xiao <Jack.Xiao(a)amd.com> > Reviewed-by: Hawking Zhang <Hawking.Zhang(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > b/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > index c81e98f0d17ff..17a09e96b30fc 100644 > --- a/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c > @@ -4430,11 +4430,43 @@ static int gfx_v11_0_wait_for_idle(void *handle) > return -ETIMEDOUT; > } > > +static int gfx_v11_0_request_gfx_index_mutex(struct amdgpu_device *adev, > + int req) > +{ > + u32 i, tmp, val; > + > + for (i = 0; i < adev->usec_timeout; i++) { > + /* Request with MeId=2, PipeId=0 */ > + tmp = REG_SET_FIELD(0, CP_GFX_INDEX_MUTEX, REQUEST, > req); > + tmp = REG_SET_FIELD(tmp, CP_GFX_INDEX_MUTEX, > CLIENTID, 4); > + WREG32_SOC15(GC, 0, regCP_GFX_INDEX_MUTEX, tmp); > + > + val = RREG32_SOC15(GC, 0, regCP_GFX_INDEX_MUTEX); > + if (req) { > + if (val == tmp) > + break; > + } else { > + tmp = REG_SET_FIELD(tmp, CP_GFX_INDEX_MUTEX, > + REQUEST, 1); > + > + /* unlocked or locked by firmware */ > + if (val != tmp) > + break; > + } > + udelay(1); > + } > + > + if (i >= adev->usec_timeout) > + return -EINVAL; > + > + return 0; > +} > + > static int gfx_v11_0_soft_reset(void *handle) { > u32 grbm_soft_reset = 0; > u32 tmp; > - int i, j, k; > + int r, i, j, k; > struct amdgpu_device *adev = (struct amdgpu_device *)handle; > > tmp = RREG32_SOC15(GC, 0, regCP_INT_CNTL); @@ -4474,6 > +4506,13 @@ static int gfx_v11_0_soft_reset(void *handle) > } > } > > + /* Try to acquire the gfx mutex before access to CP_VMID_RESET */ > + r = gfx_v11_0_request_gfx_index_mutex(adev, 1); > + if (r) { > + DRM_ERROR("Failed to acquire the gfx mutex during soft > reset\n"); > + return r; > + } > + > WREG32_SOC15(GC, 0, regCP_VMID_RESET, 0xfffffffe); > > // Read CP_VMID_RESET register three times. > @@ -4482,6 +4521,13 @@ static int gfx_v11_0_soft_reset(void *handle) > RREG32_SOC15(GC, 0, regCP_VMID_RESET); > RREG32_SOC15(GC, 0, regCP_VMID_RESET); > > + /* release the gfx mutex */ > + r = gfx_v11_0_request_gfx_index_mutex(adev, 0); > + if (r) { > + DRM_ERROR("Failed to release the gfx mutex during soft > reset\n"); > + return r; > + } > + > for (i = 0; i < adev->usec_timeout; i++) { > if (!RREG32_SOC15(GC, 0, regCP_HQD_ACTIVE) && > !RREG32_SOC15(GC, 0, regCP_GFX_HQD_ACTIVE))

1 year, 4 months

2
1
0 0

Re: Patch "serial: pch: Don't disable interrupts while acquiring lock in ISR." has been added to the 6.1-stable tree

by Jiri Slaby

On 21. 08. 24, 15:37, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > serial-pch-don-t-disable-interrupts-while-acquiring-.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I feel so. It does not fix anything real. It is a prep for d47dd323bf959. So unless you take that too, this one does not make sense on its own. > commit 2e7194802a740ab6ef47e19e56bd1b06c03610d3 > Author: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> > Date: Fri Mar 1 22:45:28 2024 +0100 > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > [ Upstream commit f8ff23ebce8c305383c8070e1ea3b08a69eb1e8d ] > > The interrupt service routine is always invoked with disabled > interrupts. > > Remove the _irqsave() from the locking functions in the interrupts > service routine/ pch_uart_interrupt(). > > Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> > Link: https://lore.kernel.org/r/20240301215246.891055-16-bigeasy@linutronix.de > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/tty/serial/pch_uart.c b/drivers/tty/serial/pch_uart.c > index abff1c6470f6a..d638e890ef6f0 100644 > --- a/drivers/tty/serial/pch_uart.c > +++ b/drivers/tty/serial/pch_uart.c > @@ -1023,11 +1023,10 @@ static irqreturn_t pch_uart_interrupt(int irq, void *dev_id) > u8 lsr; > int ret = 0; > unsigned char iid; > - unsigned long flags; > int next = 1; > u8 msr; > > - spin_lock_irqsave(&priv->lock, flags); > + spin_lock(&priv->lock); > handled = 0; > while (next) { > iid = pch_uart_hal_get_iid(priv); > @@ -1087,7 +1086,7 @@ static irqreturn_t pch_uart_interrupt(int irq, void *dev_id) > handled |= (unsigned int)ret; > } > > - spin_unlock_irqrestore(&priv->lock, flags); > + spin_unlock(&priv->lock); > return IRQ_RETVAL(handled); > } > -- js suse labs

1 year, 4 months

2
1
0 0

6.8.2->vanilla 6.10.6: regression: oops on heavy compiltons

by Piotr Oniszczuk

Hi, In my development i’m using ryzen9 based builder machine. OS is ArchLinux. It worked perfectly stable with 6.8.2 kernel. Recently I updated to 6.10.6 kernel and….started to have regular oops at heavy compilations (12c/24t loaded 8..12h constantly compiling) Only single change is kernel: 6.8.2->6.10.6 6.10.6 is vanilla mainline (no any ArchLinux patches) When i have ooops - dmesg is like below. For me this looks like regression... [root@minimyth2-x8664 piotro]# dmesg [ 0.000000] Linux version 6.10.6-12 (linux@archlinux) (gcc (GCC) 13.2.1 20230801, GNU ld (GNU Binutils) 2.41.0) #1 SMP PREEMPT_DYNAMIC Mon, 19 Aug 2024 11:27:15 +0000 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-linux-nvme root=UUID=78029aac-358d-4ce1-b48f-0c910bc10436 rw rootflags=rw,noatime cgroup_disable=memory mitigations=off [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009d3ff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009d400-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x0000000009bfefff] usable [ 0.000000] BIOS-e820: [mem 0x0000000009bff000-0x0000000009ffffff] reserved [ 0.000000] BIOS-e820: [mem 0x000000000a000000-0x000000000a1fffff] usable [ 0.000000] BIOS-e820: [mem 0x000000000a200000-0x000000000a210fff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x000000000a211000-0x000000000affffff] usable [ 0.000000] BIOS-e820: [mem 0x000000000b000000-0x000000000b01ffff] reserved [ 0.000000] BIOS-e820: [mem 0x000000000b020000-0x00000000bb3f7fff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bb3f8000-0x00000000bcbaafff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000bcbab000-0x00000000bcbdcfff] ACPI data [ 0.000000] BIOS-e820: [mem 0x00000000bcbdd000-0x00000000bd28afff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x00000000bd28b000-0x00000000bddfefff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000bddff000-0x00000000beffffff] usable [ 0.000000] BIOS-e820: [mem 0x00000000bf000000-0x00000000bfffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000f0000000-0x00000000f7ffffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fd100000-0x00000000fd1fffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fd500000-0x00000000fd6fffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fea00000-0x00000000fea0ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000feb80000-0x00000000fec01fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec10000-0x00000000fec10fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fec30000-0x00000000fec30fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed00000-0x00000000fed00fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed40000-0x00000000fed44fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fed80000-0x00000000fed8ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fedc2000-0x00000000fedcffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000fedd4000-0x00000000fedd5fff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000043f2fffff] usable [ 0.000000] BIOS-e820: [mem 0x000000043f300000-0x000000043fffffff] reserved [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] APIC: Static calls initialized [ 0.000000] SMBIOS 3.3.0 present. [ 0.000000] DMI: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [ 0.000000] DMI: Memory slots populated: 2/4 [ 0.000000] tsc: Fast TSC calibration using PIT [ 0.000000] tsc: Detected 4099.961 MHz processor [ 0.000527] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved [ 0.000529] e820: remove [mem 0x000a0000-0x000fffff] usable [ 0.000538] last_pfn = 0x43f300 max_arch_pfn = 0x400000000 [ 0.000544] total RAM covered: 3071M [ 0.000729] Found optimal setting for mtrr clean up [ 0.000729] gran_size: 64K chunk_size: 64M num_reg: 3 lose cover RAM: 0G [ 0.000732] MTRR map: 7 entries (3 fixed + 4 variable; max 20), built from 9 variable MTRRs [ 0.000733] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.001245] e820: update [mem 0xbcd40000-0xbcd4ffff] usable ==> reserved [ 0.001250] e820: update [mem 0xc0000000-0xffffffff] usable ==> reserved [ 0.001254] last_pfn = 0xbf000 max_arch_pfn = 0x400000000 [ 0.004712] Using GB pages for direct mapping [ 0.004906] RAMDISK: [mem 0x21f2b000-0x2cf8cfff] [ 0.004909] ACPI: Early table checksum verification disabled [ 0.004912] ACPI: RSDP 0x00000000000F05B0 000024 (v02 ALASKA) [ 0.004915] ACPI: XSDT 0x00000000BD273728 0000B4 (v01 ALASKA A M I 01072009 AMI 01000013) [ 0.004920] ACPI: FACP 0x00000000BCBD6000 000114 (v06 ALASKA A M I 01072009 AMI 00010013) [ 0.004924] ACPI: DSDT 0x00000000BCBCF000 00643E (v02 ALASKA A M I 01072009 INTL 20120913) [ 0.004926] ACPI: FACS 0x00000000BD26E000 000040 [ 0.004928] ACPI: SSDT 0x00000000BCBDC000 00092A (v02 AMD AmdTable 00000002 MSFT 04000000) [ 0.004930] ACPI: SSDT 0x00000000BCBD8000 003CB6 (v02 AMD AMD AOD 00000001 INTL 20120913) [ 0.004933] ACPI: SSDT 0x00000000BCBD7000 000164 (v02 ALASKA CPUSSDT 01072009 AMI 01072009) [ 0.004935] ACPI: FIDT 0x00000000BCBCE000 00009C (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.004937] ACPI: MCFG 0x00000000BCBCD000 00003C (v01 ALASKA A M I 01072009 MSFT 00010013) [ 0.004939] ACPI: AAFT 0x00000000BCBCC000 0000C9 (v01 ALASKA OEMAAFT 01072009 MSFT 00000097) [ 0.004941] ACPI: HPET 0x00000000BCBCB000 000038 (v01 ALASKA A M I 01072009 AMI 00000005) [ 0.004944] ACPI: PCCT 0x00000000BCBCA000 00006E (v02 AMD AmdTable 00000001 AMD 00000001) [ 0.004946] ACPI: SSDT 0x00000000BCBC3000 00603B (v02 AMD AmdTable 00000001 AMD 00000001) [ 0.004948] ACPI: CRAT 0x00000000BCBC1000 0016D0 (v01 AMD AmdTable 00000001 AMD 00000001) [ 0.004950] ACPI: CDIT 0x00000000BCBC0000 000029 (v01 AMD AmdTable 00000001 AMD 00000001) [ 0.004952] ACPI: SSDT 0x00000000BCBBC000 0037C4 (v02 AMD MYRTLE 00000001 INTL 20120913) [ 0.004954] ACPI: SSDT 0x00000000BCBBB000 0000BF (v01 AMD AmdTable 00001000 INTL 20120913) [ 0.004956] ACPI: WSMT 0x00000000BCBBA000 000028 (v01 ALASKA A M I 01072009 AMI 00010013) [ 0.004958] ACPI: APIC 0x00000000BCBB9000 00015E (v03 ALASKA A M I 01072009 AMI 00010013) [ 0.004961] ACPI: SSDT 0x00000000BCBB7000 0010AF (v02 AMD MYRTLE 00000001 INTL 20120913) [ 0.004963] ACPI: FPDT 0x00000000BCBB6000 000044 (v01 ALASKA A M I 01072009 AMI 01000013) [ 0.004964] ACPI: Reserving FACP table memory at [mem 0xbcbd6000-0xbcbd6113] [ 0.004965] ACPI: Reserving DSDT table memory at [mem 0xbcbcf000-0xbcbd543d] [ 0.004966] ACPI: Reserving FACS table memory at [mem 0xbd26e000-0xbd26e03f] [ 0.004967] ACPI: Reserving SSDT table memory at [mem 0xbcbdc000-0xbcbdc929] [ 0.004967] ACPI: Reserving SSDT table memory at [mem 0xbcbd8000-0xbcbdbcb5] [ 0.004968] ACPI: Reserving SSDT table memory at [mem 0xbcbd7000-0xbcbd7163] [ 0.004969] ACPI: Reserving FIDT table memory at [mem 0xbcbce000-0xbcbce09b] [ 0.004969] ACPI: Reserving MCFG table memory at [mem 0xbcbcd000-0xbcbcd03b] [ 0.004970] ACPI: Reserving AAFT table memory at [mem 0xbcbcc000-0xbcbcc0c8] [ 0.004971] ACPI: Reserving HPET table memory at [mem 0xbcbcb000-0xbcbcb037] [ 0.004971] ACPI: Reserving PCCT table memory at [mem 0xbcbca000-0xbcbca06d] [ 0.004972] ACPI: Reserving SSDT table memory at [mem 0xbcbc3000-0xbcbc903a] [ 0.004973] ACPI: Reserving CRAT table memory at [mem 0xbcbc1000-0xbcbc26cf] [ 0.004973] ACPI: Reserving CDIT table memory at [mem 0xbcbc0000-0xbcbc0028] [ 0.004974] ACPI: Reserving SSDT table memory at [mem 0xbcbbc000-0xbcbbf7c3] [ 0.004975] ACPI: Reserving SSDT table memory at [mem 0xbcbbb000-0xbcbbb0be] [ 0.004975] ACPI: Reserving WSMT table memory at [mem 0xbcbba000-0xbcbba027] [ 0.004976] ACPI: Reserving APIC table memory at [mem 0xbcbb9000-0xbcbb915d] [ 0.004977] ACPI: Reserving SSDT table memory at [mem 0xbcbb7000-0xbcbb80ae] [ 0.004977] ACPI: Reserving FPDT table memory at [mem 0xbcbb6000-0xbcbb6043] [ 0.005026] No NUMA configuration found [ 0.005027] Faking a node at [mem 0x0000000000000000-0x000000043f2fffff] [ 0.005029] NODE_DATA(0) allocated [mem 0x43f2fb000-0x43f2fffff] [ 0.005050] Zone ranges: [ 0.005051] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.005052] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.005053] Normal [mem 0x0000000100000000-0x000000043f2fffff] [ 0.005054] Device empty [ 0.005055] Movable zone start for each node [ 0.005055] Early memory node ranges [ 0.005056] node 0: [mem 0x0000000000001000-0x000000000009cfff] [ 0.005057] node 0: [mem 0x0000000000100000-0x0000000009bfefff] [ 0.005058] node 0: [mem 0x000000000a000000-0x000000000a1fffff] [ 0.005059] node 0: [mem 0x000000000a211000-0x000000000affffff] [ 0.005059] node 0: [mem 0x000000000b020000-0x00000000bb3f7fff] [ 0.005060] node 0: [mem 0x00000000bddff000-0x00000000beffffff] [ 0.005061] node 0: [mem 0x0000000100000000-0x000000043f2fffff] [ 0.005063] Initmem setup node 0 [mem 0x0000000000001000-0x000000043f2fffff] [ 0.005067] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.005083] On node 0, zone DMA: 99 pages in unavailable ranges [ 0.005222] On node 0, zone DMA32: 1025 pages in unavailable ranges [ 0.005236] On node 0, zone DMA32: 17 pages in unavailable ranges [ 0.008749] On node 0, zone DMA32: 32 pages in unavailable ranges [ 0.008854] On node 0, zone DMA32: 10759 pages in unavailable ranges [ 0.026310] On node 0, zone Normal: 4096 pages in unavailable ranges [ 0.026338] On node 0, zone Normal: 3328 pages in unavailable ranges [ 0.026708] ACPI: PM-Timer IO Port: 0x808 [ 0.026714] CPU topo: Ignoring hot-pluggable APIC ID 0 in present package. [ 0.026718] ACPI: LAPIC_NMI (acpi_id[0xff] high edge lint[0x1]) [ 0.026729] IOAPIC[0]: apic_id 25, version 33, address 0xfec00000, GSI 0-23 [ 0.026735] IOAPIC[1]: apic_id 26, version 33, address 0xfec01000, GSI 24-55 [ 0.026736] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.026738] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level) [ 0.026741] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.026742] ACPI: HPET id: 0x10228201 base: 0xfed00000 [ 0.026749] CPU topo: Max. logical packages: 1 [ 0.026749] CPU topo: Max. logical dies: 1 [ 0.026750] CPU topo: Max. dies per package: 1 [ 0.026754] CPU topo: Max. threads per core: 2 [ 0.026754] CPU topo: Num. cores per package: 12 [ 0.026755] CPU topo: Num. threads per package: 24 [ 0.026756] CPU topo: Allowing 24 present CPUs plus 0 hotplug CPUs [ 0.026756] CPU topo: Rejected CPUs 8 [ 0.026775] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.026777] PM: hibernation: Registered nosave memory: [mem 0x0009d000-0x0009dfff] [ 0.026777] PM: hibernation: Registered nosave memory: [mem 0x0009e000-0x0009ffff] [ 0.026778] PM: hibernation: Registered nosave memory: [mem 0x000a0000-0x000dffff] [ 0.026779] PM: hibernation: Registered nosave memory: [mem 0x000e0000-0x000fffff] [ 0.026780] PM: hibernation: Registered nosave memory: [mem 0x09bff000-0x09ffffff] [ 0.026781] PM: hibernation: Registered nosave memory: [mem 0x0a200000-0x0a210fff] [ 0.026783] PM: hibernation: Registered nosave memory: [mem 0x0b000000-0x0b01ffff] [ 0.026784] PM: hibernation: Registered nosave memory: [mem 0xbb3f8000-0xbcbaafff] [ 0.026784] PM: hibernation: Registered nosave memory: [mem 0xbcbab000-0xbcbdcfff] [ 0.026785] PM: hibernation: Registered nosave memory: [mem 0xbcbdd000-0xbd28afff] [ 0.026786] PM: hibernation: Registered nosave memory: [mem 0xbd28b000-0xbddfefff] [ 0.026787] PM: hibernation: Registered nosave memory: [mem 0xbf000000-0xbfffffff] [ 0.026788] PM: hibernation: Registered nosave memory: [mem 0xc0000000-0xefffffff] [ 0.026788] PM: hibernation: Registered nosave memory: [mem 0xf0000000-0xf7ffffff] [ 0.026789] PM: hibernation: Registered nosave memory: [mem 0xf8000000-0xfd0fffff] [ 0.026789] PM: hibernation: Registered nosave memory: [mem 0xfd100000-0xfd1fffff] [ 0.026790] PM: hibernation: Registered nosave memory: [mem 0xfd200000-0xfd4fffff] [ 0.026790] PM: hibernation: Registered nosave memory: [mem 0xfd500000-0xfd6fffff] [ 0.026791] PM: hibernation: Registered nosave memory: [mem 0xfd700000-0xfe9fffff] [ 0.026792] PM: hibernation: Registered nosave memory: [mem 0xfea00000-0xfea0ffff] [ 0.026792] PM: hibernation: Registered nosave memory: [mem 0xfea10000-0xfeb7ffff] [ 0.026793] PM: hibernation: Registered nosave memory: [mem 0xfeb80000-0xfec01fff] [ 0.026793] PM: hibernation: Registered nosave memory: [mem 0xfec02000-0xfec0ffff] [ 0.026794] PM: hibernation: Registered nosave memory: [mem 0xfec10000-0xfec10fff] [ 0.026794] PM: hibernation: Registered nosave memory: [mem 0xfec11000-0xfec2ffff] [ 0.026795] PM: hibernation: Registered nosave memory: [mem 0xfec30000-0xfec30fff] [ 0.026795] PM: hibernation: Registered nosave memory: [mem 0xfec31000-0xfecfffff] [ 0.026796] PM: hibernation: Registered nosave memory: [mem 0xfed00000-0xfed00fff] [ 0.026797] PM: hibernation: Registered nosave memory: [mem 0xfed01000-0xfed3ffff] [ 0.026797] PM: hibernation: Registered nosave memory: [mem 0xfed40000-0xfed44fff] [ 0.026798] PM: hibernation: Registered nosave memory: [mem 0xfed45000-0xfed7ffff] [ 0.026798] PM: hibernation: Registered nosave memory: [mem 0xfed80000-0xfed8ffff] [ 0.026799] PM: hibernation: Registered nosave memory: [mem 0xfed90000-0xfedc1fff] [ 0.026799] PM: hibernation: Registered nosave memory: [mem 0xfedc2000-0xfedcffff] [ 0.026800] PM: hibernation: Registered nosave memory: [mem 0xfedd0000-0xfedd3fff] [ 0.026801] PM: hibernation: Registered nosave memory: [mem 0xfedd4000-0xfedd5fff] [ 0.026801] PM: hibernation: Registered nosave memory: [mem 0xfedd6000-0xfeffffff] [ 0.026802] PM: hibernation: Registered nosave memory: [mem 0xff000000-0xffffffff] [ 0.026803] [mem 0xc0000000-0xefffffff] available for PCI devices [ 0.026804] Booting paravirtualized kernel on bare hardware [ 0.026806] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370452778343963 ns [ 0.031310] setup_percpu: NR_CPUS:320 nr_cpumask_bits:24 nr_cpu_ids:24 nr_node_ids:1 [ 0.032484] percpu: Embedded 66 pages/cpu s233472 r8192 d28672 u524288 [ 0.032489] pcpu-alloc: s233472 r8192 d28672 u524288 alloc=1*2097152 [ 0.032491] pcpu-alloc: [0] 00 01 02 03 [0] 04 05 06 07 [ 0.032495] pcpu-alloc: [0] 08 09 10 11 [0] 12 13 14 15 [ 0.032499] pcpu-alloc: [0] 16 17 18 19 [0] 20 21 22 23 [ 0.032513] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-linux-nvme root=UUID=78029aac-358d-4ce1-b48f-0c910bc10436 rw rootflags=rw,noatime cgroup_disable=memory mitigations=off [ 0.032610] cgroup: Disabling memory control group subsystem [ 0.032623] Unknown kernel command line parameters "BOOT_IMAGE=/boot/vmlinuz-linux-nvme", will be passed to user space. [ 0.032639] random: crng init done [ 0.032640] printk: log_buf_len individual max cpu contribution: 4096 bytes [ 0.032640] printk: log_buf_len total cpu_extra contributions: 94208 bytes [ 0.032641] printk: log_buf_len min size: 131072 bytes [ 0.032785] printk: log_buf_len: 262144 bytes [ 0.032786] printk: early log buf free: 116968(89%) [ 0.034095] Dentry cache hash table entries: 2097152 (order: 12, 16777216 bytes, linear) [ 0.034775] Inode-cache hash table entries: 1048576 (order: 11, 8388608 bytes, linear) [ 0.034906] Fallback order for Node 0: 0 [ 0.034912] Built 1 zonelists, mobility grouping on. Total pages: 4174947 [ 0.034913] Policy zone: Normal [ 0.035122] mem auto-init: stack:all(zero), heap alloc:on, heap free:off [ 0.035128] software IO TLB: area num 32. [ 0.072942] Memory: 16108000K/16699788K available (18432K kernel code, 2197K rwdata, 13412K rodata, 3500K init, 3552K bss, 591528K reserved, 0K cma-reserved) [ 0.073133] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=24, Nodes=1 [ 0.073191] ftrace: allocating 49905 entries in 195 pages [ 0.079639] ftrace: allocated 195 pages with 4 groups [ 0.079709] Dynamic Preempt: full [ 0.079780] rcu: Preemptible hierarchical RCU implementation. [ 0.079780] rcu: RCU restricting CPUs from NR_CPUS=320 to nr_cpu_ids=24. [ 0.079781] rcu: RCU priority boosting: priority 1 delay 500 ms. [ 0.079782] Trampoline variant of Tasks RCU enabled. [ 0.079782] Rude variant of Tasks RCU enabled. [ 0.079783] Tracing variant of Tasks RCU enabled. [ 0.079783] rcu: RCU calculated value of scheduler-enlistment delay is 30 jiffies. [ 0.079784] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=24 [ 0.079798] RCU Tasks: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.079800] RCU Tasks Rude: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.079802] RCU Tasks Trace: Setting shift to 5 and lim to 1 rcu_task_cb_adjust=1. [ 0.081836] NR_IRQS: 20736, nr_irqs: 1160, preallocated irqs: 16 [ 0.082022] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 0.082129] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____) [ 0.082156] spurious 8259A interrupt: IRQ7. [ 0.082171] Console: colour dummy device 80x25 [ 0.082172] printk: legacy console [tty0] enabled [ 0.082211] ACPI: Core revision 20240322 [ 0.082312] clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 133484873504 ns [ 0.082326] APIC: Switch to symmetric I/O mode setup [ 0.082457] x2apic: IRQ remapping doesn't support X2APIC mode [ 0.082519] APIC: Switched APIC routing to: physical flat [ 0.083117] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 0.098994] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x3b193a2cd8f, max_idle_ns: 440795361324 ns [ 0.098997] Calibrating delay loop (skipped), value calculated using timer frequency.. 8203.58 BogoMIPS (lpj=13666536) [ 0.099007] Zenbleed: please update your microcode for the most optimal fix [ 0.099010] x86/cpu: User Mode Instruction Prevention (UMIP) activated [ 0.099052] LVT offset 1 assigned for vector 0xf9 [ 0.099177] LVT offset 2 assigned for vector 0xf4 [ 0.099212] Last level iTLB entries: 4KB 1024, 2MB 1024, 4MB 512 [ 0.099213] Last level dTLB entries: 4KB 2048, 2MB 2048, 4MB 1024, 1GB 0 [ 0.099215] process: using mwait in idle threads [ 0.099217] Spectre V2 : User space: Vulnerable [ 0.099218] Speculative Store Bypass: Vulnerable [ 0.099221] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 0.099222] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 0.099222] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 0.099223] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 0.099224] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'compacted' format. [ 0.116939] Freeing SMP alternatives memory: 40K [ 0.116940] pid_max: default: 32768 minimum: 301 [ 0.116969] LSM: initializing lsm=capability,landlock,lockdown,yama,bpf [ 0.116983] landlock: Up and running. [ 0.116984] Yama: becoming mindful. [ 0.116987] LSM support for eBPF active [ 0.117015] Mount-cache hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.117030] Mountpoint-cache hash table entries: 32768 (order: 6, 262144 bytes, linear) [ 0.224562] smpboot: CPU0: AMD Ryzen 9 3900 12-Core Processor (family: 0x17, model: 0x71, stepping: 0x0) [ 0.224699] Performance Events: Fam17h+ core perfctr, AMD PMU driver. [ 0.224702] ... version: 0 [ 0.224703] ... bit width: 48 [ 0.224703] ... generic registers: 6 [ 0.224704] ... value mask: 0000ffffffffffff [ 0.224705] ... max period: 00007fffffffffff [ 0.224705] ... fixed-purpose events: 0 [ 0.224705] ... event mask: 000000000000003f [ 0.224767] signal: max sigframe size: 1776 [ 0.224781] rcu: Hierarchical SRCU implementation. [ 0.224781] rcu: Max phase no-delay instances is 1000. [ 0.225002] NMI watchdog: Enabled. Permanently consumes one hw-PMU counter. [ 0.225122] smp: Bringing up secondary CPUs ... [ 0.225177] smpboot: x86: Booting SMP configuration: [ 0.225178] .... node #0, CPUs: #1 #2 #3 #4 #5 #6 #7 #8 #9 #10 #11 #12 #13 #14 #15 #16 #17 #18 #19 #20 #21 #22 #23 [ 0.272357] smp: Brought up 1 node, 24 CPUs [ 0.272357] smpboot: Total of 24 processors activated (196876.04 BogoMIPS) [ 0.276059] devtmpfs: initialized [ 0.276059] x86/mm: Memory block size: 128MB [ 0.276676] ACPI: PM: Registering ACPI NVS region [mem 0x0a200000-0x0a210fff] (69632 bytes) [ 0.276676] ACPI: PM: Registering ACPI NVS region [mem 0xbcbdd000-0xbd28afff] (7004160 bytes) [ 0.276676] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 6370867519511994 ns [ 0.276676] futex hash table entries: 8192 (order: 7, 524288 bytes, linear) [ 0.276676] pinctrl core: initialized pinctrl subsystem [ 0.276676] PM: RTC time: 18:06:09, date: 2024-08-20 [ 0.276676] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL pool for atomic allocations [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations [ 0.276676] DMA: preallocated 2048 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations [ 0.276676] audit: initializing netlink subsys (disabled) [ 0.276676] audit: type=2000 audit(1724177169.193:1): state=initialized audit_enabled=0 res=1 [ 0.276676] thermal_sys: Registered thermal governor 'fair_share' [ 0.276676] thermal_sys: Registered thermal governor 'bang_bang' [ 0.276676] thermal_sys: Registered thermal governor 'step_wise' [ 0.276676] thermal_sys: Registered thermal governor 'user_space' [ 0.276676] thermal_sys: Registered thermal governor 'power_allocator' [ 0.276676] cpuidle: using governor ladder [ 0.276676] cpuidle: using governor menu [ 0.276676] Detected 1 PCC Subspaces [ 0.276676] Registering PCC driver as Mailbox controller [ 0.276676] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5 [ 0.279005] PCI: ECAM [mem 0xf0000000-0xf7ffffff] (base 0xf0000000) for domain 0000 [bus 00-7f] [ 0.279012] PCI: Using configuration type 1 for base access [ 0.279098] kprobes: kprobe jump-optimization is enabled. All kprobes are optimized if possible. [ 0.279104] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 0.279104] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 0.279104] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 0.279104] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 0.279104] Demotion targets for Node 0: null [ 0.279104] ACPI: Added _OSI(Module Device) [ 0.279104] ACPI: Added _OSI(Processor Device) [ 0.279104] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.279104] ACPI: Added _OSI(Processor Aggregator Device) [ 0.283937] ACPI: 8 ACPI AML tables successfully acquired and loaded [ 0.285919] ACPI: [Firmware Bug]: BIOS _OSI(Linux) query ignored [ 0.286660] ACPI: _OSC evaluation for CPUs failed, trying _PDC [ 0.286660] ACPI: Interpreter enabled [ 0.286660] ACPI: PM: (supports S0 S3 S4 S5) [ 0.286660] ACPI: Using IOAPIC for interrupt routing [ 0.286660] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 0.286660] PCI: Ignoring E820 reservations for host bridge windows [ 0.286660] ACPI: Enabled 3 GPEs in block 00 to 1F [ 0.294651] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 0.294656] acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI EDR HPX-Type3] [ 0.294710] acpi PNP0A08:00: _OSC: platform does not support [SHPCHotplug LTR DPC] [ 0.294805] acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug PME AER PCIeCapability] [ 0.294812] acpi PNP0A08:00: [Firmware Info]: ECAM [mem 0xf0000000-0xf7ffffff] for domain 0000 [bus 00-7f] only partially covers this bridge [ 0.295065] PCI host bridge to bus 0000:00 [ 0.295066] pci_bus 0000:00: root bus resource [io 0x0000-0x03af window] [ 0.295068] pci_bus 0000:00: root bus resource [io 0x03e0-0x0cf7 window] [ 0.295070] pci_bus 0000:00: root bus resource [io 0x03b0-0x03df window] [ 0.295070] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 0.295071] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000dffff window] [ 0.295072] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfec2ffff window] [ 0.295073] pci_bus 0000:00: root bus resource [mem 0xfee00000-0xffffffff window] [ 0.295074] pci_bus 0000:00: root bus resource [bus 00-ff] [ 0.295086] pci 0000:00:00.0: [1022:1480] type 00 class 0x060000 conventional PCI endpoint [ 0.295167] pci 0000:00:01.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295219] pci 0000:00:01.1: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295237] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.295243] pci 0000:00:01.1: bridge window [mem 0xfc700000-0xfc7fffff] [ 0.295308] pci 0000:00:01.1: PME# supported from D0 D3hot D3cold [ 0.295429] pci 0000:00:01.3: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295447] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.295451] pci 0000:00:01.3: bridge window [io 0xf000-0xffff] [ 0.295453] pci 0000:00:01.3: bridge window [mem 0xfc500000-0xfc6fffff] [ 0.295466] pci 0000:00:01.3: enabling Extended Tags [ 0.295518] pci 0000:00:01.3: PME# supported from D0 D3hot D3cold [ 0.295647] pci 0000:00:02.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295701] pci 0000:00:03.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.295749] pci 0000:00:03.1: [1022:1483] type 01 class 0x060400 PCIe Root Port [ 0.295767] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.295772] pci 0000:00:03.1: bridge window [mem 0xfa000000-0xfc0fffff] [ 0.295779] pci 0000:00:03.1: bridge window [mem 0xe0000000-0xefffffff 64bit pref] [ 0.295787] pci 0000:00:03.1: enabling Extended Tags [ 0.295839] pci 0000:00:03.1: PME# supported from D0 D3hot D3cold [ 0.295955] pci 0000:00:04.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296007] pci 0000:00:05.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296060] pci 0000:00:07.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296106] pci 0000:00:07.1: [1022:1484] type 01 class 0x060400 PCIe Root Port [ 0.296121] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.296135] pci 0000:00:07.1: enabling Extended Tags [ 0.296175] pci 0000:00:07.1: PME# supported from D0 D3hot D3cold [ 0.296264] pci 0000:00:08.0: [1022:1482] type 00 class 0x060000 conventional PCI endpoint [ 0.296311] pci 0000:00:08.1: [1022:1484] type 01 class 0x060400 PCIe Root Port [ 0.296327] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.296331] pci 0000:00:08.1: bridge window [mem 0xfc200000-0xfc4fffff] [ 0.296342] pci 0000:00:08.1: enabling Extended Tags [ 0.296386] pci 0000:00:08.1: PME# supported from D0 D3hot D3cold [ 0.296495] pci 0000:00:14.0: [1022:790b] type 00 class 0x0c0500 conventional PCI endpoint [ 0.296590] pci 0000:00:14.3: [1022:790e] type 00 class 0x060100 conventional PCI endpoint [ 0.296691] pci 0000:00:18.0: [1022:1440] type 00 class 0x060000 conventional PCI endpoint [ 0.296713] pci 0000:00:18.1: [1022:1441] type 00 class 0x060000 conventional PCI endpoint [ 0.296734] pci 0000:00:18.2: [1022:1442] type 00 class 0x060000 conventional PCI endpoint [ 0.296754] pci 0000:00:18.3: [1022:1443] type 00 class 0x060000 conventional PCI endpoint [ 0.296774] pci 0000:00:18.4: [1022:1444] type 00 class 0x060000 conventional PCI endpoint [ 0.296794] pci 0000:00:18.5: [1022:1445] type 00 class 0x060000 conventional PCI endpoint [ 0.296814] pci 0000:00:18.6: [1022:1446] type 00 class 0x060000 conventional PCI endpoint [ 0.296834] pci 0000:00:18.7: [1022:1447] type 00 class 0x060000 conventional PCI endpoint [ 0.297074] pci 0000:01:00.0: [2646:5013] type 00 class 0x010802 PCIe Endpoint [ 0.297122] pci 0000:01:00.0: BAR 0 [mem 0xfc700000-0xfc703fff 64bit] [ 0.297723] pci 0000:01:00.0: 31.504 Gb/s available PCIe bandwidth, limited by 8.0 GT/s PCIe x4 link at 0000:00:01.1 (capable of 63.012 Gb/s with 16.0 GT/s PCIe x4 link) [ 0.298140] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.298197] pci 0000:02:00.0: [1022:43d5] type 00 class 0x0c0330 PCIe Legacy Endpoint [ 0.298216] pci 0000:02:00.0: BAR 0 [mem 0xfc6a0000-0xfc6a7fff 64bit] [ 0.298259] pci 0000:02:00.0: enabling Extended Tags [ 0.298320] pci 0000:02:00.0: PME# supported from D3hot D3cold [ 0.298462] pci 0000:02:00.1: [1022:43c8] type 00 class 0x010601 PCIe Legacy Endpoint [ 0.298512] pci 0000:02:00.1: BAR 5 [mem 0xfc680000-0xfc69ffff] [ 0.298521] pci 0000:02:00.1: ROM [mem 0xfc600000-0xfc67ffff pref] [ 0.298527] pci 0000:02:00.1: enabling Extended Tags [ 0.298571] pci 0000:02:00.1: PME# supported from D3hot D3cold [ 0.298655] pci 0000:02:00.2: [1022:43c6] type 01 class 0x060400 PCIe Switch Upstream Port [ 0.298686] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.298692] pci 0000:02:00.2: bridge window [io 0xf000-0xffff] [ 0.298694] pci 0000:02:00.2: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.298717] pci 0000:02:00.2: enabling Extended Tags [ 0.298766] pci 0000:02:00.2: PME# supported from D3hot D3cold [ 0.298869] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.298954] pci 0000:03:00.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.298985] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.299019] pci 0000:03:00.0: enabling Extended Tags [ 0.299086] pci 0000:03:00.0: PME# supported from D3hot D3cold [ 0.299197] pci 0000:03:01.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.299228] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.299235] pci 0000:03:01.0: bridge window [io 0xf000-0xffff] [ 0.299238] pci 0000:03:01.0: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.299262] pci 0000:03:01.0: enabling Extended Tags [ 0.299329] pci 0000:03:01.0: PME# supported from D3hot D3cold [ 0.299439] pci 0000:03:04.0: [1022:43c7] type 01 class 0x060400 PCIe Switch Downstream Port [ 0.299471] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.299503] pci 0000:03:04.0: enabling Extended Tags [ 0.299569] pci 0000:03:04.0: PME# supported from D3hot D3cold [ 0.299691] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.299738] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.299816] pci 0000:05:00.0: [10ec:8168] type 00 class 0x020000 PCIe Endpoint [ 0.299845] pci 0000:05:00.0: BAR 0 [io 0xf000-0xf0ff] [ 0.299883] pci 0000:05:00.0: BAR 2 [mem 0xfc504000-0xfc504fff 64bit] [ 0.299907] pci 0000:05:00.0: BAR 4 [mem 0xfc500000-0xfc503fff 64bit] [ 0.300072] pci 0000:05:00.0: supports D1 D2 [ 0.300072] pci 0000:05:00.0: PME# supported from D0 D1 D2 D3hot D3cold [ 0.300342] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.300390] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.300468] pci 0000:07:00.0: [10de:01d1] type 00 class 0x030000 PCIe Endpoint [ 0.300480] pci 0000:07:00.0: BAR 0 [mem 0xfb000000-0xfbffffff] [ 0.300490] pci 0000:07:00.0: BAR 1 [mem 0xe0000000-0xefffffff 64bit pref] [ 0.300500] pci 0000:07:00.0: BAR 3 [mem 0xfa000000-0xfaffffff 64bit] [ 0.300513] pci 0000:07:00.0: ROM [mem 0xfc000000-0xfc01ffff pref] [ 0.300528] pci 0000:07:00.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 0.300624] pci 0000:07:00.0: disabling ASPM on pre-1.1 PCIe device. You can enable it with 'pcie_aspm=force' [ 0.300632] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.300673] pci 0000:08:00.0: [1022:148a] type 00 class 0x130000 PCIe Endpoint [ 0.300708] pci 0000:08:00.0: enabling Extended Tags [ 0.300842] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.300887] pci 0000:09:00.0: [1022:1485] type 00 class 0x130000 PCIe Endpoint [ 0.300929] pci 0000:09:00.0: enabling Extended Tags [ 0.301077] pci 0000:09:00.1: [1022:1486] type 00 class 0x108000 PCIe Endpoint [ 0.301097] pci 0000:09:00.1: BAR 2 [mem 0xfc300000-0xfc3fffff] [ 0.301112] pci 0000:09:00.1: BAR 5 [mem 0xfc400000-0xfc401fff] [ 0.301121] pci 0000:09:00.1: enabling Extended Tags [ 0.301242] pci 0000:09:00.3: [1022:149c] type 00 class 0x0c0330 PCIe Endpoint [ 0.301254] pci 0000:09:00.3: BAR 0 [mem 0xfc200000-0xfc2fffff 64bit] [ 0.301283] pci 0000:09:00.3: enabling Extended Tags [ 0.301328] pci 0000:09:00.3: PME# supported from D0 D3hot D3cold [ 0.301424] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.301699] ACPI: PCI: Interrupt link LNKA configured for IRQ 0 [ 0.301733] ACPI: PCI: Interrupt link LNKB configured for IRQ 0 [ 0.301762] ACPI: PCI: Interrupt link LNKC configured for IRQ 0 [ 0.301798] ACPI: PCI: Interrupt link LNKD configured for IRQ 0 [ 0.301831] ACPI: PCI: Interrupt link LNKE configured for IRQ 0 [ 0.301857] ACPI: PCI: Interrupt link LNKF configured for IRQ 0 [ 0.301884] ACPI: PCI: Interrupt link LNKG configured for IRQ 0 [ 0.301910] ACPI: PCI: Interrupt link LNKH configured for IRQ 0 [ 0.302340] iommu: Default domain type: Translated [ 0.302340] iommu: DMA domain TLB invalidation policy: lazy mode [ 0.302429] SCSI subsystem initialized [ 0.302435] libata version 3.00 loaded. [ 0.302435] ACPI: bus type USB registered [ 0.302435] usbcore: registered new interface driver usbfs [ 0.302435] usbcore: registered new interface driver hub [ 0.302435] usbcore: registered new device driver usb [ 0.302435] pps_core: LinuxPPS API ver. 1 registered [ 0.302435] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti(a)linux.it> [ 0.302435] PTP clock support registered [ 0.302435] EDAC MC: Ver: 3.0.0 [ 0.302592] NetLabel: Initializing [ 0.302592] NetLabel: domain hash size = 128 [ 0.302592] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 0.302592] NetLabel: unlabeled traffic allowed by default [ 0.302592] mctp: management component transport protocol core [ 0.302592] NET: Registered PF_MCTP protocol family [ 0.302592] PCI: Using ACPI for IRQ routing [ 0.306769] PCI: pci_cache_line_size set to 64 bytes [ 0.307148] e820: reserve RAM buffer [mem 0x0009d400-0x0009ffff] [ 0.307149] e820: reserve RAM buffer [mem 0x09bff000-0x0bffffff] [ 0.307150] e820: reserve RAM buffer [mem 0x0a200000-0x0bffffff] [ 0.307151] e820: reserve RAM buffer [mem 0x0b000000-0x0bffffff] [ 0.307151] e820: reserve RAM buffer [mem 0xbb3f8000-0xbbffffff] [ 0.307152] e820: reserve RAM buffer [mem 0xbf000000-0xbfffffff] [ 0.307153] e820: reserve RAM buffer [mem 0x43f300000-0x43fffffff] [ 0.307162] pci 0000:07:00.0: vgaarb: setting as boot VGA device [ 0.307162] pci 0000:07:00.0: vgaarb: bridge control possible [ 0.307162] pci 0000:07:00.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 0.307162] vgaarb: loaded [ 0.307162] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 [ 0.307162] hpet0: 3 comparators, 32-bit 14.318180 MHz counter [ 0.309045] clocksource: Switched to clocksource tsc-early [ 0.309129] VFS: Disk quotas dquot_6.6.0 [ 0.309136] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.309176] pnp: PnP ACPI init [ 0.309228] system 00:00: [mem 0xf0000000-0xf7ffffff] has been reserved [ 0.309248] system 00:01: [mem 0xfeb80000-0xfebfffff] has been reserved [ 0.309292] system 00:02: [mem 0xfd100000-0xfd1fffff] has been reserved [ 0.309428] system 00:04: [io 0x0280-0x028f] has been reserved [ 0.309429] system 00:04: [io 0x0290-0x029f] has been reserved [ 0.309430] system 00:04: [io 0x02a0-0x02af] has been reserved [ 0.309431] system 00:04: [io 0x02b0-0x02bf] has been reserved [ 0.309595] pnp 00:05: [dma 0 disabled] [ 0.309755] system 00:06: [io 0x04d0-0x04d1] has been reserved [ 0.309756] system 00:06: [io 0x040b] has been reserved [ 0.309757] system 00:06: [io 0x04d6] has been reserved [ 0.309758] system 00:06: [io 0x0c00-0x0c01] has been reserved [ 0.309758] system 00:06: [io 0x0c14] has been reserved [ 0.309759] system 00:06: [io 0x0c50-0x0c51] has been reserved [ 0.309760] system 00:06: [io 0x0c52] has been reserved [ 0.309761] system 00:06: [io 0x0c6c] has been reserved [ 0.309762] system 00:06: [io 0x0c6f] has been reserved [ 0.309762] system 00:06: [io 0x0cd8-0x0cdf] has been reserved [ 0.309763] system 00:06: [io 0x0800-0x089f] has been reserved [ 0.309764] system 00:06: [io 0x0b00-0x0b0f] has been reserved [ 0.309765] system 00:06: [io 0x0b20-0x0b3f] has been reserved [ 0.309766] system 00:06: [io 0x0900-0x090f] has been reserved [ 0.309767] system 00:06: [io 0x0910-0x091f] has been reserved [ 0.309768] system 00:06: [mem 0xfec00000-0xfec00fff] could not be reserved [ 0.309769] system 00:06: [mem 0xfec01000-0xfec01fff] could not be reserved [ 0.309770] system 00:06: [mem 0xfedc0000-0xfedc0fff] has been reserved [ 0.309772] system 00:06: [mem 0xfee00000-0xfee00fff] has been reserved [ 0.309772] system 00:06: [mem 0xfed80000-0xfed8ffff] could not be reserved [ 0.309774] system 00:06: [mem 0xfec10000-0xfec10fff] has been reserved [ 0.309775] system 00:06: [mem 0xff000000-0xffffffff] has been reserved [ 0.310078] pnp: PnP ACPI: found 7 devices [ 0.315286] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 0.315327] NET: Registered PF_INET protocol family [ 0.315450] IP idents hash table entries: 262144 (order: 9, 2097152 bytes, linear) [ 0.325182] tcp_listen_portaddr_hash hash table entries: 8192 (order: 5, 131072 bytes, linear) [ 0.325198] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear) [ 0.325255] TCP established hash table entries: 131072 (order: 8, 1048576 bytes, linear) [ 0.325462] TCP bind hash table entries: 65536 (order: 9, 2097152 bytes, linear) [ 0.325561] TCP: Hash tables configured (established 131072 bind 65536) [ 0.325609] MPTCP token hash table entries: 16384 (order: 6, 393216 bytes, linear) [ 0.325643] UDP hash table entries: 8192 (order: 6, 262144 bytes, linear) [ 0.325673] UDP-Lite hash table entries: 8192 (order: 6, 262144 bytes, linear) [ 0.325718] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 0.325724] NET: Registered PF_XDP protocol family [ 0.325734] pci 0000:00:01.1: PCI bridge to [bus 01] [ 0.325737] pci 0000:00:01.1: bridge window [mem 0xfc700000-0xfc7fffff] [ 0.325743] pci 0000:03:00.0: PCI bridge to [bus 04] [ 0.325754] pci 0000:03:01.0: PCI bridge to [bus 05] [ 0.325756] pci 0000:03:01.0: bridge window [io 0xf000-0xffff] [ 0.325760] pci 0000:03:01.0: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.325768] pci 0000:03:04.0: PCI bridge to [bus 06] [ 0.325778] pci 0000:02:00.2: PCI bridge to [bus 03-06] [ 0.325780] pci 0000:02:00.2: bridge window [io 0xf000-0xffff] [ 0.325784] pci 0000:02:00.2: bridge window [mem 0xfc500000-0xfc5fffff] [ 0.325791] pci 0000:00:01.3: PCI bridge to [bus 02-06] [ 0.325793] pci 0000:00:01.3: bridge window [io 0xf000-0xffff] [ 0.325795] pci 0000:00:01.3: bridge window [mem 0xfc500000-0xfc6fffff] [ 0.325801] pci 0000:00:03.1: PCI bridge to [bus 07] [ 0.325803] pci 0000:00:03.1: bridge window [mem 0xfa000000-0xfc0fffff] [ 0.325805] pci 0000:00:03.1: bridge window [mem 0xe0000000-0xefffffff 64bit pref] [ 0.325809] pci 0000:00:07.1: PCI bridge to [bus 08] [ 0.325815] pci 0000:00:08.1: PCI bridge to [bus 09] [ 0.325817] pci 0000:00:08.1: bridge window [mem 0xfc200000-0xfc4fffff] [ 0.325822] pci_bus 0000:00: resource 4 [io 0x0000-0x03af window] [ 0.325823] pci_bus 0000:00: resource 5 [io 0x03e0-0x0cf7 window] [ 0.325824] pci_bus 0000:00: resource 6 [io 0x03b0-0x03df window] [ 0.325825] pci_bus 0000:00: resource 7 [io 0x0d00-0xffff window] [ 0.325826] pci_bus 0000:00: resource 8 [mem 0x000a0000-0x000dffff window] [ 0.325827] pci_bus 0000:00: resource 9 [mem 0xc0000000-0xfec2ffff window] [ 0.325828] pci_bus 0000:00: resource 10 [mem 0xfee00000-0xffffffff window] [ 0.325829] pci_bus 0000:01: resource 1 [mem 0xfc700000-0xfc7fffff] [ 0.325830] pci_bus 0000:02: resource 0 [io 0xf000-0xffff] [ 0.325830] pci_bus 0000:02: resource 1 [mem 0xfc500000-0xfc6fffff] [ 0.325831] pci_bus 0000:03: resource 0 [io 0xf000-0xffff] [ 0.325832] pci_bus 0000:03: resource 1 [mem 0xfc500000-0xfc5fffff] [ 0.325833] pci_bus 0000:05: resource 0 [io 0xf000-0xffff] [ 0.325834] pci_bus 0000:05: resource 1 [mem 0xfc500000-0xfc5fffff] [ 0.325835] pci_bus 0000:07: resource 1 [mem 0xfa000000-0xfc0fffff] [ 0.325835] pci_bus 0000:07: resource 2 [mem 0xe0000000-0xefffffff 64bit pref] [ 0.325836] pci_bus 0000:09: resource 1 [mem 0xfc200000-0xfc4fffff] [ 0.326214] PCI: CLS 64 bytes, default 64 [ 0.326225] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.326226] software IO TLB: mapped [mem 0x00000000b73f8000-0x00000000bb3f8000] (64MB) [ 0.326256] LVT offset 0 assigned for vector 0x400 [ 0.326258] Trying to unpack rootfs image as initramfs... [ 0.330895] perf: AMD IBS detected (0x000003ff) [ 0.332400] Initialise system trusted keyrings [ 0.332408] Key type blacklist registered [ 0.332434] workingset: timestamp_bits=41 max_order=22 bucket_order=0 [ 0.332439] zbud: loaded [ 0.332545] integrity: Platform Keyring initialized [ 0.332547] integrity: Machine keyring initialized [ 0.340673] Key type asymmetric registered [ 0.340675] Asymmetric key parser 'x509' registered [ 0.340833] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 242) [ 0.340872] io scheduler mq-deadline registered [ 0.340873] io scheduler kyber registered [ 0.340883] io scheduler bfq registered [ 0.341928] pcieport 0000:00:01.1: PME: Signaling with IRQ 26 [ 0.341969] pcieport 0000:00:01.1: AER: enabled with IRQ 26 [ 0.342065] pcieport 0000:00:01.3: PME: Signaling with IRQ 27 [ 0.342106] pcieport 0000:00:01.3: AER: enabled with IRQ 27 [ 0.342197] pcieport 0000:00:03.1: PME: Signaling with IRQ 28 [ 0.342233] pcieport 0000:00:03.1: AER: enabled with IRQ 28 [ 0.342365] pcieport 0000:00:07.1: PME: Signaling with IRQ 30 [ 0.342398] pcieport 0000:00:07.1: AER: enabled with IRQ 30 [ 0.342472] pcieport 0000:00:08.1: PME: Signaling with IRQ 31 [ 0.342513] pcieport 0000:00:08.1: AER: enabled with IRQ 31 [ 0.342969] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4 [ 0.343044] input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input0 [ 0.343059] ACPI: button: Power Button [PWRB] [ 0.343075] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input1 [ 0.345501] ACPI: button: Power Button [PWRF] [ 0.348832] Estimated ratio of average max frequency by base frequency (times 1024): 1232 [ 0.348846] Monitor-Mwait will be used to enter C-1 state [ 0.348851] ACPI: \_PR_.C000: Found 2 idle states [ 0.348921] ACPI: \_PR_.C002: Found 2 idle states [ 0.348993] ACPI: \_PR_.C004: Found 2 idle states [ 0.349043] ACPI: \_PR_.C006: Found 2 idle states [ 0.349091] ACPI: \_PR_.C008: Found 2 idle states [ 0.349141] ACPI: \_PR_.C00A: Found 2 idle states [ 0.349211] ACPI: \_PR_.C00C: Found 2 idle states [ 0.349282] ACPI: \_PR_.C00E: Found 2 idle states [ 0.349349] ACPI: \_PR_.C010: Found 2 idle states [ 0.349418] ACPI: \_PR_.C012: Found 2 idle states [ 0.349492] ACPI: \_PR_.C014: Found 2 idle states [ 0.349562] ACPI: \_PR_.C016: Found 2 idle states [ 0.349611] ACPI: \_PR_.C001: Found 2 idle states [ 0.349659] ACPI: \_PR_.C003: Found 2 idle states [ 0.349727] ACPI: \_PR_.C005: Found 2 idle states [ 0.349795] ACPI: \_PR_.C007: Found 2 idle states [ 0.349860] ACPI: \_PR_.C009: Found 2 idle states [ 0.349946] ACPI: \_PR_.C00B: Found 2 idle states [ 0.350021] ACPI: \_PR_.C00D: Found 2 idle states [ 0.350087] ACPI: \_PR_.C00F: Found 2 idle states [ 0.350154] ACPI: \_PR_.C011: Found 2 idle states [ 0.350218] ACPI: \_PR_.C013: Found 2 idle states [ 0.350281] ACPI: \_PR_.C015: Found 2 idle states [ 0.350343] ACPI: \_PR_.C017: Found 2 idle states [ 0.350506] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled [ 0.350656] 00:05: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A [ 0.352195] Non-volatile memory driver v1.3 [ 0.352196] Linux agpgart interface v0.103 [ 0.352232] ACPI: bus type drm_connector registered [ 0.353115] ahci 0000:02:00.1: version 3.0 [ 0.353228] ahci 0000:02:00.1: SSS flag set, parallel bus scan disabled [ 0.353271] ahci 0000:02:00.1: AHCI vers 0001.0301, 32 command slots, 6 Gbps, SATA mode [ 0.353273] ahci 0000:02:00.1: 4/8 ports implemented (port mask 0x33) [ 0.353274] ahci 0000:02:00.1: flags: 64bit ncq sntf stag pm led clo only pmp pio slum part sxs deso sadm sds apst [ 0.353572] scsi host0: ahci [ 0.353635] scsi host1: ahci [ 0.353687] scsi host2: ahci [ 0.353746] scsi host3: ahci [ 0.353791] scsi host4: ahci [ 0.353847] scsi host5: ahci [ 0.353896] scsi host6: ahci [ 0.353947] scsi host7: ahci [ 0.353963] ata1: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680100 irq 37 lpm-pol 3 [ 0.353965] ata2: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680180 irq 37 lpm-pol 3 [ 0.353966] ata3: DUMMY [ 0.353966] ata4: DUMMY [ 0.353968] ata5: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680300 irq 37 lpm-pol 3 [ 0.353969] ata6: SATA max UDMA/133 abar m131072@0xfc680000 port 0xfc680380 irq 37 lpm-pol 3 [ 0.353970] ata7: DUMMY [ 0.353970] ata8: DUMMY [ 0.354035] usbcore: registered new interface driver usbserial_generic [ 0.354038] usbserial: USB Serial support registered for generic [ 0.354075] rtc_cmos 00:03: RTC can wake from S4 [ 0.354252] rtc_cmos 00:03: registered as rtc0 [ 0.354279] rtc_cmos 00:03: setting system clock to 2024-08-20T18:06:09 UTC (1724177169) [ 0.354298] rtc_cmos 00:03: alarms up to one month, y3k, 114 bytes nvram [ 0.354326] amd_pstate: driver load is disabled, boot with specific mode to enable this [ 0.354436] ledtrig-cpu: registered to indicate activity on CPUs [ 0.354502] vesafb: mode is 640x480x32, linelength=2560, pages=0 [ 0.354503] vesafb: scrolling: redraw [ 0.354504] vesafb: Truecolor: size=8:8:8:8, shift=24:16:8:0 [ 0.354510] vesafb: framebuffer at 0xe0000000, mapped to 0x000000002650fc98, using 1216k, total 1216k [ 0.354529] fbcon: Deferring console take-over [ 0.354529] fb0: VESA VGA frame buffer device [ 0.354537] hid: raw HID events driver (C) Jiri Kosina [ 0.354575] drop_monitor: Initializing network drop monitor service [ 0.354633] Initializing XFRM netlink socket [ 0.354652] NET: Registered PF_INET6 protocol family [ 0.452105] Freeing initrd memory: 180616K [ 0.454777] Segment Routing with IPv6 [ 0.454779] RPL Segment Routing with IPv6 [ 0.454790] In-situ OAM (IOAM) with IPv6 [ 0.454814] NET: Registered PF_PACKET protocol family [ 0.455609] microcode: Current revision: 0x08701030 [ 0.455889] resctrl: L3 allocation detected [ 0.455890] resctrl: MB allocation detected [ 0.455890] resctrl: L3 monitoring detected [ 0.455908] IPI shorthand broadcast: enabled [ 0.456871] sched_clock: Marking stable (455603833, 280415)->(458727803, -2843555) [ 0.456945] Timer migration: 2 hierarchy levels; 8 children per group; 2 crossnode level [ 0.457050] registered taskstats version 1 [ 0.457399] Loading compiled-in X.509 certificates [ 0.459726] Loaded X.509 cert 'Build time autogenerated kernel key: 95ece764cfce3af14865b3218c7a308c3720a6eb' [ 0.462211] zswap: loaded using pool lz4/z3fold [ 0.462238] Demotion targets for Node 0: null [ 0.462369] Key type .fscrypt registered [ 0.462370] Key type fscrypt-provisioning registered [ 0.462570] PM: Magic number: 4:490:140 [ 0.462634] acpi device:11: hash matches [ 0.462713] RAS: Correctable Errors collector initialized. [ 0.470364] clk: Disabling unused clocks [ 0.470366] PM: genpd: Disabling unused power domains [ 0.831843] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 0.832472] ata1.00: ATA-9: ADATA SU800, 02K0S86D, max UDMA/133 [ 0.832490] ata1.00: 1000215216 sectors, multi 1: LBA48 NCQ (depth 32), AA [ 0.832852] ata1.00: Features: Dev-Sleep [ 0.833307] ata1.00: configured for UDMA/133 [ 0.845169] ahci 0000:02:00.1: port does not support device sleep [ 0.845260] scsi 0:0:0:0: Direct-Access ATA ADATA SU800 S86D PQ: 0 ANSI: 5 [ 0.845395] sd 0:0:0:0: [sda] 1000215216 512-byte logical blocks: (512 GB/477 GiB) [ 0.845401] sd 0:0:0:0: [sda] Write Protect is off [ 0.845402] sd 0:0:0:0: [sda] Mode Sense: 00 3a 00 00 [ 0.845407] sd 0:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA [ 0.845416] sd 0:0:0:0: [sda] Preferred minimum I/O size 512 bytes [ 0.846320] sda: sda1 sda2 sda3 [ 0.846366] sd 0:0:0:0: [sda] Attached SCSI disk [ 1.157224] ata2: SATA link down (SStatus 0 SControl 300) [ 1.334043] tsc: Refined TSC clocksource calibration: 4099.997 MHz [ 1.334052] clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0x3b195c4884e, max_idle_ns: 440795370048 ns [ 1.334137] clocksource: Switched to clocksource tsc [ 1.471596] ata5: SATA link down (SStatus 0 SControl 330) [ 1.783765] ata6: SATA link down (SStatus 0 SControl 330) [ 1.784892] Freeing unused decrypted memory: 2028K [ 1.785158] Freeing unused kernel image (initmem) memory: 3500K [ 1.785169] Write protecting the kernel read-only data: 32768k [ 1.785391] Freeing unused kernel image (rodata/data gap) memory: 924K [ 1.795786] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1.795790] rodata_test: all tests were successful [ 1.795793] Run /init as init process [ 1.795794] with arguments: [ 1.795795] /init [ 1.795796] with environment: [ 1.795796] HOME=/ [ 1.795797] TERM=linux [ 1.795797] BOOT_IMAGE=/boot/vmlinuz-linux-nvme [ 1.800790] fbcon: Taking over console [ 1.800836] Console: switching to colour frame buffer device 80x30 [ 1.906539] xhci_hcd 0000:02:00.0: xHCI Host Controller [ 1.906546] xhci_hcd 0000:02:00.0: new USB bus registered, assigned bus number 1 [ 1.910104] nvme nvme0: pci function 0000:01:00.0 [ 1.915230] nvme nvme0: D3 entry latency set to 10 seconds [ 1.917840] nvme nvme0: 24/0/0 default/read/poll queues [ 1.920256] nvme0n1: p1 p2 p3 [ 1.961860] xhci_hcd 0000:02:00.0: hcc params 0x0200ef81 hci version 0x110 quirks 0x0000000000000010 [ 1.962019] xhci_hcd 0000:02:00.0: xHCI Host Controller [ 1.962021] xhci_hcd 0000:02:00.0: new USB bus registered, assigned bus number 2 [ 1.962023] xhci_hcd 0000:02:00.0: Host supports USB 3.1 Enhanced SuperSpeed [ 1.962078] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.10 [ 1.962080] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962081] usb usb1: Product: xHCI Host Controller [ 1.962082] usb usb1: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962083] usb usb1: SerialNumber: 0000:02:00.0 [ 1.962164] hub 1-0:1.0: USB hub found [ 1.962177] hub 1-0:1.0: 10 ports detected [ 1.962384] usb usb2: We don't know the algorithms for LPM for this host, disabling LPM. [ 1.962397] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.10 [ 1.962398] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962399] usb usb2: Product: xHCI Host Controller [ 1.962400] usb usb2: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962401] usb usb2: SerialNumber: 0000:02:00.0 [ 1.962441] hub 2-0:1.0: USB hub found [ 1.962448] hub 2-0:1.0: 4 ports detected [ 1.962499] usb: port power management may be unreliable [ 1.962604] xhci_hcd 0000:09:00.3: xHCI Host Controller [ 1.962607] xhci_hcd 0000:09:00.3: new USB bus registered, assigned bus number 3 [ 1.962704] xhci_hcd 0000:09:00.3: hcc params 0x0278ffe5 hci version 0x110 quirks 0x0000000000000010 [ 1.962847] xhci_hcd 0000:09:00.3: xHCI Host Controller [ 1.962848] xhci_hcd 0000:09:00.3: new USB bus registered, assigned bus number 4 [ 1.962850] xhci_hcd 0000:09:00.3: Host supports USB 3.1 Enhanced SuperSpeed [ 1.962868] usb usb3: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 6.10 [ 1.962869] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.962870] usb usb3: Product: xHCI Host Controller [ 1.962871] usb usb3: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.962872] usb usb3: SerialNumber: 0000:09:00.3 [ 1.962908] hub 3-0:1.0: USB hub found [ 1.962913] hub 3-0:1.0: 4 ports detected [ 1.963006] usb usb4: We don't know the algorithms for LPM for this host, disabling LPM. [ 1.963016] usb usb4: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 6.10 [ 1.963017] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.963018] usb usb4: Product: xHCI Host Controller [ 1.963019] usb usb4: Manufacturer: Linux 6.10.6-12 xhci-hcd [ 1.963019] usb usb4: SerialNumber: 0000:09:00.3 [ 1.963057] hub 4-0:1.0: USB hub found [ 1.963062] hub 4-0:1.0: 4 ports detected [ 2.205258] Console: switching to colour dummy device 80x25 [ 2.205272] nouveau 0000:07:00.0: vgaarb: deactivate vga console [ 2.205298] nouveau 0000:07:00.0: NVIDIA G72 (046100a3) [ 2.415140] nouveau 0000:07:00.0: bios: version 05.72.22.43.35 [ 2.415405] nouveau 0000:07:00.0: fb: 128 MiB DDR2 [ 2.469167] nouveau 0000:07:00.0: DRM: VRAM: 124 MiB [ 2.469168] nouveau 0000:07:00.0: DRM: GART: 512 MiB [ 2.469169] nouveau 0000:07:00.0: DRM: TMDS table version 1.1 [ 2.469170] nouveau 0000:07:00.0: DRM: TMDS table script pointers not stubbed [ 2.469171] nouveau 0000:07:00.0: DRM: DCB version 3.0 [ 2.469172] nouveau 0000:07:00.0: DRM: DCB outp 00: 01000300 00000028 [ 2.469173] nouveau 0000:07:00.0: DRM: DCB outp 01: 02011310 00000028 [ 2.469174] nouveau 0000:07:00.0: DRM: DCB outp 02: 01011312 00000000 [ 2.469175] nouveau 0000:07:00.0: DRM: DCB outp 03: 020223f1 00c0c080 [ 2.469176] nouveau 0000:07:00.0: DRM: DCB conn 00: 0000 [ 2.469177] nouveau 0000:07:00.0: DRM: DCB conn 01: 2130 [ 2.469178] nouveau 0000:07:00.0: DRM: DCB conn 02: 0210 [ 2.469178] nouveau 0000:07:00.0: DRM: DCB conn 03: 0211 [ 2.469179] nouveau 0000:07:00.0: DRM: DCB conn 04: 0213 [ 2.469699] nouveau 0000:07:00.0: DRM: MM: using M2MF for buffer copies [ 2.475140] [drm] Initialized nouveau 1.4.0 20120801 for 0000:07:00.0 on minor 0 [ 2.475159] nouveau 0000:07:00.0: DRM: Setting dpms mode 3 on TV encoder (output 3) [ 2.583625] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.693635] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.806972] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 2.923646] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 3.001689] SGI XFS with ACLs, security attributes, realtime, scrub, repair, quota, no debug enabled [ 3.008914] XFS (nvme0n1p2): Mounting V5 Filesystem 78029aac-358d-4ce1-b48f-0c910bc10436 [ 3.018967] XFS (nvme0n1p2): Ending clean mount [ 3.036959] nouveau 0000:07:00.0: [drm] Cannot find any crtc or sizes [ 3.075285] systemd[1]: systemd 255-1-arch running in system mode (+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified) [ 3.075289] systemd[1]: Detected architecture x86-64. [ 3.075905] systemd[1]: Hostname set to <minimyth2-aarch64-next>. [ 3.310464] systemd[1]: bpf-lsm: LSM BPF program attached [ 3.377445] systemd[1]: /etc/systemd/system/sleep-on-inactivity.service:6: Failed to parse service type, ignoring: daemon [ 3.387664] systemd[1]: Queued start job for default target Graphical Interface. [ 3.430634] systemd[1]: Created slice Slice /system/getty. [ 3.430786] systemd[1]: Created slice Slice /system/modprobe. [ 3.430902] systemd[1]: Created slice Slice /system/systemd-fsck. [ 3.431019] systemd[1]: Created slice Slice /system/tmux. [ 3.431098] systemd[1]: Created slice User and Session Slice. [ 3.431139] systemd[1]: Started Dispatch Password Requests to Console Directory Watch. [ 3.431170] systemd[1]: Started Forward Password Requests to Wall Directory Watch. [ 3.431258] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. [ 3.431288] systemd[1]: Reached target Local Encrypted Volumes. [ 3.431305] systemd[1]: Reached target Local Integrity Protected Volumes. [ 3.431326] systemd[1]: Reached target Host and Network Name Lookups. [ 3.431340] systemd[1]: Reached target Path Units. [ 3.431356] systemd[1]: Reached target Remote File Systems. [ 3.431373] systemd[1]: Reached target Slice Units. [ 3.431395] systemd[1]: Reached target Local Verity Protected Volumes. [ 3.431436] systemd[1]: Listening on Device-mapper event daemon FIFOs. [ 3.431703] systemd[1]: Listening on LVM2 poll daemon socket. [ 3.433732] systemd[1]: Listening on RPCbind Server Activation Socket. [ 3.433777] systemd[1]: Reached target RPC Port Mapper. [ 3.434505] systemd[1]: Listening on Process Core Dump Socket. [ 3.434584] systemd[1]: Listening on Journal Socket (/dev/log). [ 3.434645] systemd[1]: Listening on Journal Socket. [ 3.434869] systemd[1]: Listening on Network Service Netlink Socket. [ 3.434907] systemd[1]: TPM2 PCR Extension (Varlink) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.435321] systemd[1]: Listening on udev Control Socket. [ 3.435391] systemd[1]: Listening on udev Kernel Socket. [ 3.435975] systemd[1]: Mounting Huge Pages File System... [ 3.436279] systemd[1]: Mounting POSIX Message Queue File System... [ 3.436538] systemd[1]: Mounting NFSD configuration filesystem... [ 3.436808] systemd[1]: Mounting Kernel Debug File System... [ 3.437086] systemd[1]: Mounting Kernel Trace File System... [ 3.437125] systemd[1]: Kernel Module supporting RPCSEC_GSS was skipped because of an unmet condition check (ConditionPathExists=/etc/krb5.keytab). [ 3.437457] systemd[1]: Starting Create List of Static Device Nodes... [ 3.437763] systemd[1]: Starting Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling... [ 3.438071] systemd[1]: Starting Load Kernel Module configfs... [ 3.438401] systemd[1]: Starting Load Kernel Module dm_mod... [ 3.438723] systemd[1]: Starting Load Kernel Module drm... [ 3.439207] systemd[1]: Starting Load Kernel Module fuse... [ 3.439538] systemd[1]: Starting Load Kernel Module loop... [ 3.439620] systemd[1]: File System Check on Root Device was skipped because of an unmet condition check (ConditionPathIsReadWrite=!/). [ 3.440337] systemd[1]: Starting Journal Service... [ 3.440915] systemd[1]: Starting Load Kernel Modules... [ 3.441337] systemd[1]: Starting Generate network units from Kernel command line... [ 3.441383] systemd[1]: TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.441775] systemd[1]: Starting Remount Root and Kernel File Systems... [ 3.441831] systemd[1]: TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.442213] systemd[1]: Starting Coldplug All udev Devices... [ 3.442990] systemd[1]: Mounted Huge Pages File System. [ 3.443083] systemd[1]: Mounted POSIX Message Queue File System. [ 3.443150] systemd[1]: Mounted Kernel Debug File System. [ 3.443216] systemd[1]: Mounted Kernel Trace File System. [ 3.443349] systemd[1]: Finished Create List of Static Device Nodes. [ 3.443534] systemd[1]: modprobe(a)configfs.service: Deactivated successfully. [ 3.443605] systemd[1]: Finished Load Kernel Module configfs. [ 3.443773] systemd[1]: modprobe(a)drm.service: Deactivated successfully. [ 3.443822] systemd[1]: Finished Load Kernel Module drm. [ 3.444207] systemd[1]: Mounting Kernel Configuration File System... [ 3.444519] systemd[1]: Starting Create Static Device Nodes in /dev gracefully... [ 3.445620] systemd[1]: Finished Generate network units from Kernel command line. [ 3.445676] systemd[1]: Reached target Preparation for Network. [ 3.445980] loop: module loaded [ 3.446215] systemd[1]: modprobe(a)loop.service: Deactivated successfully. [ 3.446270] systemd[1]: Finished Load Kernel Module loop. [ 3.446764] systemd[1]: Finished Remount Root and Kernel File Systems. [ 3.447242] systemd[1]: Rebuild Hardware Database was skipped because of an unmet condition check (ConditionNeedsUpdate=/etc). [ 3.447577] systemd[1]: Starting Load/Save OS Random Seed... [ 3.447602] systemd[1]: TPM2 SRK Setup was skipped because of an unmet condition check (ConditionSecurity=measured-uki). [ 3.447816] systemd[1]: Mounted Kernel Configuration File System. [ 3.449700] systemd-journald[483]: Collecting audit messages is disabled. [ 3.451114] device-mapper: uevent: version 1.0.3 [ 3.451200] device-mapper: ioctl: 4.48.0-ioctl (2023-03-01) initialised: dm-devel(a)lists.linux.dev [ 3.451287] fuse: init (API version 7.40) [ 3.451539] systemd[1]: modprobe(a)dm_mod.service: Deactivated successfully. [ 3.451597] systemd[1]: Finished Load Kernel Module dm_mod. [ 3.451744] systemd[1]: modprobe(a)fuse.service: Deactivated successfully. [ 3.451795] systemd[1]: Finished Load Kernel Module fuse. [ 3.452157] systemd[1]: Mounting FUSE Control File System... [ 3.452195] systemd[1]: Repartition Root Disk was skipped because no trigger condition checks were met. [ 3.453918] systemd[1]: Finished Load/Save OS Random Seed. [ 3.454982] systemd[1]: Mounted FUSE Control File System. [ 3.455999] sd 0:0:0:0: Attached scsi generic sg0 type 0 [ 3.462659] systemd[1]: Finished Create Static Device Nodes in /dev gracefully. [ 3.462745] systemd[1]: Create System Users was skipped because no trigger condition checks were met. [ 3.463073] systemd[1]: Starting Create Static Device Nodes in /dev... [ 3.469292] systemd[1]: Started Journal Service. [ 3.473672] systemd-journald[483]: Received client request to flush runtime journal. [ 3.476629] systemd-journald[483]: /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/system.journal: Journal file uses a different sequence number ID, rotating. [ 3.476633] systemd-journald[483]: Rotating system journal. [ 3.483888] RPC: Registered named UNIX socket transport module. [ 3.483891] RPC: Registered udp transport module. [ 3.483892] RPC: Registered tcp transport module. [ 3.483892] RPC: Registered tcp-with-tls transport module. [ 3.483893] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 3.484834] nct6775: Found NCT6779D or compatible chip at 0x2e:0x290 [ 3.545102] ryzen_smu: CPUID: family 0x17, model 0x71, stepping 0x0, package 0x2 [ 3.545142] piix4_smbus 0000:00:14.0: SMBus Host Controller at 0xb00, revision 0 [ 3.545147] piix4_smbus 0000:00:14.0: Using register 0x02 for SMBus port selection [ 3.545167] input: PC Speaker as /devices/platform/pcspkr/input/input2 [ 3.545281] piix4_smbus 0000:00:14.0: Auxiliary SMBus Host Controller at 0xb20 [ 3.545285] ryzen_smu: SMU v46.73.0 [ 3.546291] acpi_cpufreq: overriding BIOS provided _PSD data [ 3.551915] RAPL PMU: API unit is 2^-32 Joules, 1 fixed counters, 163840 ms ovfl timer [ 3.551917] RAPL PMU: hw unit of domain package 2^-16 Joules [ 3.553285] ccp 0000:09:00.1: ccp: unable to access the device: you might be running a broken BIOS. [ 3.553298] ccp 0000:09:00.1: psp enabled [ 3.558005] cryptd: max_cpu_qlen set to 1000 [ 3.563149] sp5100_tco: SP5100/SB800 TCO WatchDog Timer Driver [ 3.563215] sp5100-tco sp5100-tco: Using 0xfeb00000 for watchdog MMIO address [ 3.563443] sp5100-tco sp5100-tco: initialized. heartbeat=60 sec (nowayout=0) [ 3.572167] AVX2 version of gcm_enc/dec engaged. [ 3.572209] AES CTR mode by8 optimization enabled [ 3.634695] Adding 16776188k swap on /dev/nvme0n1p3. Priority:-2 extents:1 across:16776188k SS [ 3.636579] r8169 0000:05:00.0 eth0: RTL8168h/8111h, 9c:6b:00:00:6d:71, XID 541, IRQ 79 [ 3.636585] r8169 0000:05:00.0 eth0: jumbo features [frames: 9194 bytes, tx checksumming: ko] [ 3.644292] r8169 0000:05:00.0 enp5s0: renamed from eth0 [ 3.721283] kvm_amd: TSC scaling supported [ 3.721286] kvm_amd: Nested Virtualization enabled [ 3.721287] kvm_amd: Nested Paging enabled [ 3.721288] kvm_amd: LBR virtualization supported [ 3.721289] kvm_amd: SEV enabled (ASIDs 1 - 509) [ 3.721289] kvm_amd: SEV-ES disabled (ASIDs 0 - 0) [ 3.721312] kvm_amd: Virtual VMLOAD VMSAVE supported [ 3.721313] kvm_amd: Virtual GIF supported [ 3.729283] MCE: In-kernel MCE decoding enabled. [ 3.765212] AMD Address Translation Library initialized [ 3.765252] intel_rapl_common: Found RAPL domain package [ 3.765257] intel_rapl_common: Found RAPL domain core [ 3.766513] cfg80211: Loading compiled-in X.509 certificates for regulatory database [ 3.768252] Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' [ 3.768356] Loaded X.509 cert 'wens: 61c038651aabdcf94bd0ac7ff06c7248db18c600' [ 3.768582] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 3.768585] cfg80211: failed to load regulatory.db [ 4.564164] EXT4-fs (sda2): mounted filesystem b6d62eed-a5ba-4cf0-a2d7-6404683db3e3 r/w with ordered data mode. Quota mode: none. [ 4.659302] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this. [ 4.696961] Generic FE-GE Realtek PHY r8169-0-500:00: attached PHY driver (mii_bus:phy_addr=r8169-0-500:00, irq=MAC) [ 4.887113] r8169 0000:05:00.0 enp5s0: Link is Down [ 4.917880] br0: port 1(enp5s0) entered blocking state [ 4.917883] br0: port 1(enp5s0) entered disabled state [ 4.917889] r8169 0000:05:00.0 enp5s0: entered allmulticast mode [ 4.917970] r8169 0000:05:00.0 enp5s0: entered promiscuous mode [ 4.929839] tun: Universal TUN/TAP device driver, 1.6 [ 5.965626] br0: port 2(tap0) entered blocking state [ 5.965631] br0: port 2(tap0) entered disabled state [ 5.965641] tap0: entered allmulticast mode [ 5.965683] tap0: entered promiscuous mode [ 5.965710] br0: port 2(tap0) entered blocking state [ 5.965711] br0: port 2(tap0) entered forwarding state [ 5.986178] Bridge firewalling registered [ 6.077746] RPC: Registered rdma transport module. [ 6.077749] RPC: Registered rdma backchannel transport module. [ 6.201067] NFSD: Using nfsdcld client tracking operations. [ 6.201069] NFSD: no clients to reclaim, skipping NFSv4 grace period (net f0000000) [ 8.035190] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 8.035240] br0: port 1(enp5s0) entered blocking state [ 8.035244] br0: port 1(enp5s0) entered forwarding state [ 11.275932] netfs: FS-Cache loaded [ 11.313446] Key type dns_resolver registered [ 11.468243] NFS: Registering the id_resolver key type [ 11.468249] Key type id_resolver registered [ 11.468250] Key type id_legacy registered [ 619.427729] nouveau 0000:07:00.0: fifo: CACHE_ERROR - ch 0 [(udev-worker)[348]] subc 4 mthd 0000 data 00000039 [ 619.427757] nouveau 0000:07:00.0: fifo: CACHE_ERROR - ch 0 [(udev-worker)[348]] subc 4 mthd 0180 data 80000006 [ 622.607683] PM: suspend entry (deep) [ 622.612781] Filesystems sync: 0.005 seconds [ 622.613128] Freezing user space processes [ 622.614262] Freezing user space processes completed (elapsed 0.001 seconds) [ 622.614265] OOM killer disabled. [ 622.614266] Freezing remaining freezable tasks [ 622.615362] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [ 622.615391] printk: Suspending console(s) (use no_console_suspend to debug) [ 622.618100] serial 00:05: disabled [ 622.618143] r8169 0000:05:00.0 enp5s0: Link is Down [ 622.653931] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 622.654096] ata1.00: Entering standby power mode [ 622.717981] ACPI: PM: Preparing to enter system sleep state S3 [ 623.247496] ACPI: PM: Saving platform NVS memory [ 623.247597] Disabling non-boot CPUs ... [ 623.249082] smpboot: CPU 1 is now offline [ 623.250726] smpboot: CPU 2 is now offline [ 623.252344] smpboot: CPU 3 is now offline [ 623.254070] smpboot: CPU 4 is now offline [ 623.255710] smpboot: CPU 5 is now offline [ 623.257304] smpboot: CPU 6 is now offline [ 623.259019] smpboot: CPU 7 is now offline [ 623.260713] smpboot: CPU 8 is now offline [ 623.262291] smpboot: CPU 9 is now offline [ 623.263847] smpboot: CPU 10 is now offline [ 623.265360] smpboot: CPU 11 is now offline [ 623.266966] smpboot: CPU 12 is now offline [ 623.268544] smpboot: CPU 13 is now offline [ 623.270111] smpboot: CPU 14 is now offline [ 623.271657] smpboot: CPU 15 is now offline [ 623.273135] smpboot: CPU 16 is now offline [ 623.274750] smpboot: CPU 17 is now offline [ 623.276257] smpboot: CPU 18 is now offline [ 623.277731] smpboot: CPU 19 is now offline [ 623.279351] smpboot: CPU 20 is now offline [ 623.280835] smpboot: CPU 21 is now offline [ 623.282273] smpboot: CPU 22 is now offline [ 623.283897] smpboot: CPU 23 is now offline [ 623.284335] ACPI: PM: Low-level resume complete [ 623.284354] ACPI: PM: Restoring platform NVS memory [ 623.284413] LVT offset 0 assigned for vector 0x400 [ 623.284914] Enabling non-boot CPUs ... [ 623.284961] smpboot: Booting Node 0 Processor 1 APIC 0x2 [ 623.287428] ACPI: \_PR_.C002: Found 2 idle states [ 623.287895] CPU1 is up [ 623.287919] smpboot: Booting Node 0 Processor 2 APIC 0x4 [ 623.290265] ACPI: \_PR_.C004: Found 2 idle states [ 623.291326] CPU2 is up [ 623.291342] smpboot: Booting Node 0 Processor 3 APIC 0x8 [ 623.293803] ACPI: \_PR_.C006: Found 2 idle states [ 623.294532] CPU3 is up [ 623.294549] smpboot: Booting Node 0 Processor 4 APIC 0xa [ 623.296931] ACPI: \_PR_.C008: Found 2 idle states [ 623.297604] CPU4 is up [ 623.297622] smpboot: Booting Node 0 Processor 5 APIC 0xc [ 623.300009] ACPI: \_PR_.C00A: Found 2 idle states [ 623.300825] CPU5 is up [ 623.300842] smpboot: Booting Node 0 Processor 6 APIC 0x10 [ 623.303308] ACPI: \_PR_.C00C: Found 2 idle states [ 623.304162] CPU6 is up [ 623.304180] smpboot: Booting Node 0 Processor 7 APIC 0x12 [ 623.306577] ACPI: \_PR_.C00E: Found 2 idle states [ 623.307493] CPU7 is up [ 623.307512] smpboot: Booting Node 0 Processor 8 APIC 0x14 [ 623.309918] ACPI: \_PR_.C010: Found 2 idle states [ 623.310831] CPU8 is up [ 623.310849] smpboot: Booting Node 0 Processor 9 APIC 0x18 [ 623.313337] ACPI: \_PR_.C012: Found 2 idle states [ 623.314177] CPU9 is up [ 623.314196] smpboot: Booting Node 0 Processor 10 APIC 0x1a [ 623.316611] ACPI: \_PR_.C014: Found 2 idle states [ 623.317508] CPU10 is up [ 623.317528] smpboot: Booting Node 0 Processor 11 APIC 0x1c [ 623.319936] ACPI: \_PR_.C016: Found 2 idle states [ 623.320847] CPU11 is up [ 623.320863] smpboot: Booting Node 0 Processor 12 APIC 0x1 [ 623.323316] ACPI: \_PR_.C001: Found 2 idle states [ 623.324222] CPU12 is up [ 623.324256] smpboot: Booting Node 0 Processor 13 APIC 0x3 [ 623.326660] ACPI: \_PR_.C003: Found 2 idle states [ 623.327530] CPU13 is up [ 623.327549] smpboot: Booting Node 0 Processor 14 APIC 0x5 [ 623.329935] ACPI: \_PR_.C005: Found 2 idle states [ 623.330858] CPU14 is up [ 623.330876] smpboot: Booting Node 0 Processor 15 APIC 0x9 [ 623.333278] ACPI: \_PR_.C007: Found 2 idle states [ 623.334209] CPU15 is up [ 623.334230] smpboot: Booting Node 0 Processor 16 APIC 0xb [ 623.336655] ACPI: \_PR_.C009: Found 2 idle states [ 623.337538] CPU16 is up [ 623.337556] smpboot: Booting Node 0 Processor 17 APIC 0xd [ 623.339984] ACPI: \_PR_.C00B: Found 2 idle states [ 623.340870] CPU17 is up [ 623.340888] smpboot: Booting Node 0 Processor 18 APIC 0x11 [ 623.343311] ACPI: \_PR_.C00D: Found 2 idle states [ 623.344217] CPU18 is up [ 623.344238] smpboot: Booting Node 0 Processor 19 APIC 0x13 [ 623.346664] ACPI: \_PR_.C00F: Found 2 idle states [ 623.347547] CPU19 is up [ 623.347567] smpboot: Booting Node 0 Processor 20 APIC 0x15 [ 623.349994] ACPI: \_PR_.C011: Found 2 idle states [ 623.350883] CPU20 is up [ 623.350900] smpboot: Booting Node 0 Processor 21 APIC 0x19 [ 623.353338] ACPI: \_PR_.C013: Found 2 idle states [ 623.354237] CPU21 is up [ 623.354260] smpboot: Booting Node 0 Processor 22 APIC 0x1b [ 623.356699] ACPI: \_PR_.C015: Found 2 idle states [ 623.357561] CPU22 is up [ 623.357576] smpboot: Booting Node 0 Processor 23 APIC 0x1d [ 623.360011] ACPI: \_PR_.C017: Found 2 idle states [ 623.360897] CPU23 is up [ 623.362651] ACPI: PM: Waking up from system sleep state S3 [ 623.364743] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [ 623.364746] usb usb1: root hub lost power or was reset [ 623.364747] usb usb2: root hub lost power or was reset [ 623.365217] serial 00:05: activated [ 623.422418] nvme nvme0: D3 entry latency set to 10 seconds [ 623.423896] nvme nvme0: 24/0/0 default/read/poll queues [ 623.564151] r8169 0000:05:00.0 enp5s0: Link is Down [ 623.564446] OOM killer enabled. [ 623.564447] Restarting tasks ... done. [ 623.564748] random: crng reseeded on system resumption [ 623.565010] PM: suspend exit [ 623.630810] br0: port 1(enp5s0) entered disabled state [ 623.680471] ata5: SATA link down (SStatus 0 SControl 330) [ 623.680496] ata6: SATA link down (SStatus 0 SControl 330) [ 623.680521] ata2: SATA link down (SStatus 0 SControl 300) [ 623.834259] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [ 623.836103] sd 0:0:0:0: [sda] Starting disk [ 623.836969] ata1.00: configured for UDMA/133 [ 623.847173] ahci 0000:02:00.1: port does not support device sleep [ 626.666788] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 626.666812] br0: port 1(enp5s0) entered blocking state [ 626.666815] br0: port 1(enp5s0) entered forwarding state [ 628.418137] systemd-journald[483]: /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/user-1000.journal: Journal file uses a different sequence number ID, rotating. [ 5156.157003] r8169 0000:05:00.0 enp5s0: Link is Down [ 5156.157055] br0: port 1(enp5s0) entered disabled state [ 5171.228350] nfs: server 192.168.1.254 not responding, timed out [ 5171.384430] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5171.384449] br0: port 1(enp5s0) entered blocking state [ 5171.384453] br0: port 1(enp5s0) entered forwarding state [ 5171.760464] r8169 0000:05:00.0 enp5s0: Link is Down [ 5172.399804] br0: port 1(enp5s0) entered disabled state [ 5173.253100] nfs: server 192.168.1.254 not responding, timed out [ 5175.003514] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5175.003552] br0: port 1(enp5s0) entered blocking state [ 5175.003558] br0: port 1(enp5s0) entered forwarding state [ 5175.283114] nfs: server 192.168.1.254 not responding, timed out [ 5177.306424] nfs: server 192.168.1.254 not responding, timed out [ 5179.333093] nfs: server 192.168.1.254 not responding, timed out [ 5181.359766] nfs: server 192.168.1.254 not responding, timed out [ 5183.386423] nfs: server 192.168.1.254 not responding, timed out [ 5183.410951] r8169 0000:05:00.0 enp5s0: Link is Down [ 5183.410995] br0: port 1(enp5s0) entered disabled state [ 5185.413101] nfs: server 192.168.1.254 not responding, timed out [ 5186.590549] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5186.590566] br0: port 1(enp5s0) entered blocking state [ 5186.590570] br0: port 1(enp5s0) entered forwarding state [ 5187.439771] nfs: server 192.168.1.254 not responding, timed out [ 5189.468715] nfs: server 192.168.1.254 not responding, timed out [ 5191.496418] nfs: server 192.168.1.254 not responding, timed out [ 5193.519762] nfs: server 192.168.1.254 not responding, timed out [ 5195.546419] nfs: server 192.168.1.254 not responding, timed out [ 5197.576429] nfs: server 192.168.1.254 not responding, timed out [ 5199.599761] nfs: server 192.168.1.254 not responding, timed out [ 5201.626429] nfs: server 192.168.1.254 not responding, timed out [ 5203.174817] r8169 0000:05:00.0 enp5s0: Link is Down [ 5203.174868] br0: port 1(enp5s0) entered disabled state [ 5203.653086] nfs: server 192.168.1.254 not responding, timed out [ 5205.679768] nfs: server 192.168.1.254 not responding, timed out [ 5206.322990] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [ 5206.323024] br0: port 1(enp5s0) entered blocking state [ 5206.323027] br0: port 1(enp5s0) entered forwarding state [ 5207.706426] nfs: server 192.168.1.254 not responding, timed out [ 5209.733086] nfs: server 192.168.1.254 not responding, timed out [ 5211.759747] nfs: server 192.168.1.254 not responding, timed out [ 5215.066419] nfs: server 192.168.1.254 not responding, timed out [ 5218.266424] nfs: server 192.168.1.254 not responding, timed out [ 5221.469748] nfs: server 192.168.1.254 not responding, timed out [ 5224.666438] nfs: server 192.168.1.254 not responding, timed out [ 5227.866414] nfs: server 192.168.1.254 not responding, timed out [ 5231.069775] nfs: server 192.168.1.254 not responding, timed out [ 5234.266419] nfs: server 192.168.1.254 not responding, timed out [ 5237.466416] nfs: server 192.168.1.254 not responding, timed out [ 5240.666428] nfs: server 192.168.1.254 not responding, timed out [ 5243.866414] nfs: server 192.168.1.254 not responding, timed out [ 5247.066413] nfs: server 192.168.1.254 not responding, timed out [ 5250.269761] nfs: server 192.168.1.254 not responding, timed out [ 5253.466428] nfs: server 192.168.1.254 not responding, timed out [ 5256.666411] nfs: server 192.168.1.254 not responding, timed out [ 5259.866413] nfs: server 192.168.1.254 not responding, timed out [ 5263.066423] nfs: server 192.168.1.254 not responding, timed out [ 5266.266415] nfs: server 192.168.1.254 not responding, timed out [ 5269.466403] nfs: server 192.168.1.254 not responding, timed out [ 5272.666810] nfs: server 192.168.1.254 not responding, timed out [ 5275.869734] nfs: server 192.168.1.254 not responding, timed out [ 5279.066401] nfs: server 192.168.1.254 not responding, timed out [ 5282.266406] nfs: server 192.168.1.254 not responding, timed out [ 5285.469740] nfs: server 192.168.1.254 not responding, timed out [ 5288.669735] nfs: server 192.168.1.254 not responding, timed out [ 5291.866410] nfs: server 192.168.1.254 not responding, timed out [ 5295.069727] nfs: server 192.168.1.254 not responding, timed out [ 5298.266401] nfs: server 192.168.1.254 not responding, timed out [ 5301.466399] nfs: server 192.168.1.254 not responding, timed out [ 5304.669731] nfs: server 192.168.1.254 not responding, timed out [ 5307.866402] nfs: server 192.168.1.254 not responding, timed out [ 5311.066411] nfs: server 192.168.1.254 not responding, timed out [ 5314.266398] nfs: server 192.168.1.254 not responding, timed out [ 5317.466413] nfs: server 192.168.1.254 not responding, timed out [ 5320.666398] nfs: server 192.168.1.254 not responding, timed out [ 5323.869759] nfs: server 192.168.1.254 not responding, timed out [ 5327.066392] nfs: server 192.168.1.254 not responding, timed out [12205.194840] hrtimer: interrupt took 9891 ns [75056.352583] PM: suspend entry (deep) [75056.360356] Filesystems sync: 0.007 seconds [75056.360576] Freezing user space processes [75056.361699] Freezing user space processes completed (elapsed 0.001 seconds) [75056.361701] OOM killer disabled. [75056.361701] Freezing remaining freezable tasks [75056.362790] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [75056.362806] printk: Suspending console(s) (use no_console_suspend to debug) [75056.365493] serial 00:05: disabled [75056.365545] r8169 0000:05:00.0 enp5s0: Link is Down [75056.397790] sd 0:0:0:0: [sda] Synchronizing SCSI cache [75056.397935] ata1.00: Entering standby power mode [75056.467281] ACPI: PM: Preparing to enter system sleep state S3 [75056.991314] ACPI: PM: Saving platform NVS memory [75056.991416] Disabling non-boot CPUs ... [75056.992892] smpboot: CPU 1 is now offline [75056.994740] smpboot: CPU 2 is now offline [75056.996410] smpboot: CPU 3 is now offline [75056.998198] smpboot: CPU 4 is now offline [75056.999862] smpboot: CPU 5 is now offline [75057.001498] smpboot: CPU 6 is now offline [75057.003243] smpboot: CPU 7 is now offline [75057.004888] smpboot: CPU 8 is now offline [75057.006604] smpboot: CPU 9 is now offline [75057.008250] smpboot: CPU 10 is now offline [75057.009916] smpboot: CPU 11 is now offline [75057.011616] smpboot: CPU 12 is now offline [75057.013213] smpboot: CPU 13 is now offline [75057.014746] smpboot: CPU 14 is now offline [75057.016319] smpboot: CPU 15 is now offline [75057.017912] smpboot: CPU 16 is now offline [75057.019635] smpboot: CPU 17 is now offline [75057.021170] smpboot: CPU 18 is now offline [75057.022666] smpboot: CPU 19 is now offline [75057.024356] smpboot: CPU 20 is now offline [75057.025938] smpboot: CPU 21 is now offline [75057.028006] smpboot: CPU 22 is now offline [75057.029565] smpboot: CPU 23 is now offline [75057.030071] ACPI: PM: Low-level resume complete [75057.030089] ACPI: PM: Restoring platform NVS memory [75057.030148] LVT offset 0 assigned for vector 0x400 [75057.030650] Enabling non-boot CPUs ... [75057.030700] smpboot: Booting Node 0 Processor 1 APIC 0x2 [75057.033526] ACPI: \_PR_.C002: Found 2 idle states [75057.034714] CPU1 is up [75057.034731] smpboot: Booting Node 0 Processor 2 APIC 0x4 [75057.037094] ACPI: \_PR_.C004: Found 2 idle states [75057.038026] CPU2 is up [75057.038041] smpboot: Booting Node 0 Processor 3 APIC 0x8 [75057.040492] ACPI: \_PR_.C006: Found 2 idle states [75057.041397] CPU3 is up [75057.041421] smpboot: Booting Node 0 Processor 4 APIC 0xa [75057.043808] ACPI: \_PR_.C008: Found 2 idle states [75057.044712] CPU4 is up [75057.044730] smpboot: Booting Node 0 Processor 5 APIC 0xc [75057.047125] ACPI: \_PR_.C00A: Found 2 idle states [75057.048037] CPU5 is up [75057.048060] smpboot: Booting Node 0 Processor 6 APIC 0x10 [75057.050536] ACPI: \_PR_.C00C: Found 2 idle states [75057.051388] CPU6 is up [75057.051407] smpboot: Booting Node 0 Processor 7 APIC 0x12 [75057.053811] ACPI: \_PR_.C00E: Found 2 idle states [75057.054717] CPU7 is up [75057.054734] smpboot: Booting Node 0 Processor 8 APIC 0x14 [75057.057150] ACPI: \_PR_.C010: Found 2 idle states [75057.058059] CPU8 is up [75057.058077] smpboot: Booting Node 0 Processor 9 APIC 0x18 [75057.060560] ACPI: \_PR_.C012: Found 2 idle states [75057.061401] CPU9 is up [75057.061418] smpboot: Booting Node 0 Processor 10 APIC 0x1a [75057.063827] ACPI: \_PR_.C014: Found 2 idle states [75057.064731] CPU10 is up [75057.064750] smpboot: Booting Node 0 Processor 11 APIC 0x1c [75057.067166] ACPI: \_PR_.C016: Found 2 idle states [75057.068071] CPU11 is up [75057.068090] smpboot: Booting Node 0 Processor 12 APIC 0x1 [75057.070526] ACPI: \_PR_.C001: Found 2 idle states [75057.071447] CPU12 is up [75057.071484] smpboot: Booting Node 0 Processor 13 APIC 0x3 [75057.073879] ACPI: \_PR_.C003: Found 2 idle states [75057.074754] CPU13 is up [75057.074772] smpboot: Booting Node 0 Processor 14 APIC 0x5 [75057.077156] ACPI: \_PR_.C005: Found 2 idle states [75057.078081] CPU14 is up [75057.078099] smpboot: Booting Node 0 Processor 15 APIC 0x9 [75057.080501] ACPI: \_PR_.C007: Found 2 idle states [75057.081435] CPU15 is up [75057.081457] smpboot: Booting Node 0 Processor 16 APIC 0xb [75057.083875] ACPI: \_PR_.C009: Found 2 idle states [75057.084764] CPU16 is up [75057.084780] smpboot: Booting Node 0 Processor 17 APIC 0xd [75057.087196] ACPI: \_PR_.C00B: Found 2 idle states [75057.088110] CPU17 is up [75057.088128] smpboot: Booting Node 0 Processor 18 APIC 0x11 [75057.090536] ACPI: \_PR_.C00D: Found 2 idle states [75057.091448] CPU18 is up [75057.091465] smpboot: Booting Node 0 Processor 19 APIC 0x13 [75057.093881] ACPI: \_PR_.C00F: Found 2 idle states [75057.094779] CPU19 is up [75057.094796] smpboot: Booting Node 0 Processor 20 APIC 0x15 [75057.097225] ACPI: \_PR_.C011: Found 2 idle states [75057.098121] CPU20 is up [75057.098161] smpboot: Booting Node 0 Processor 21 APIC 0x19 [75057.100580] ACPI: \_PR_.C013: Found 2 idle states [75057.101466] CPU21 is up [75057.101484] smpboot: Booting Node 0 Processor 22 APIC 0x1b [75057.103928] ACPI: \_PR_.C015: Found 2 idle states [75057.104797] CPU22 is up [75057.104819] smpboot: Booting Node 0 Processor 23 APIC 0x1d [75057.107262] ACPI: \_PR_.C017: Found 2 idle states [75057.108145] CPU23 is up [75057.109940] ACPI: PM: Waking up from system sleep state S3 [75057.112374] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [75057.112379] usb usb1: root hub lost power or was reset [75057.112380] usb usb2: root hub lost power or was reset [75057.112874] serial 00:05: activated [75057.170027] nvme nvme0: D3 entry latency set to 10 seconds [75057.171504] nvme nvme0: 24/0/0 default/read/poll queues [75057.281384] r8169 0000:05:00.0 enp5s0: Link is Down [75057.284773] OOM killer enabled. [75057.284774] Restarting tasks ... done. [75057.285005] random: crng reseeded on system resumption [75057.285023] PM: suspend exit [75057.398045] br0: port 1(enp5s0) entered disabled state [75057.424388] ata5: SATA link down (SStatus 0 SControl 330) [75057.424414] ata6: SATA link down (SStatus 0 SControl 330) [75057.424439] ata2: SATA link down (SStatus 0 SControl 300) [75057.581459] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [75057.583307] sd 0:0:0:0: [sda] Starting disk [75057.584229] ata1.00: configured for UDMA/133 [75057.594442] ahci 0000:02:00.1: port does not support device sleep [75060.372242] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [75060.372266] br0: port 1(enp5s0) entered blocking state [75060.372269] br0: port 1(enp5s0) entered forwarding state [75860.665039] PM: suspend entry (deep) [75860.683829] Filesystems sync: 0.018 seconds [75860.684080] Freezing user space processes [75860.685216] Freezing user space processes completed (elapsed 0.001 seconds) [75860.685218] OOM killer disabled. [75860.685218] Freezing remaining freezable tasks [75860.686305] Freezing remaining freezable tasks completed (elapsed 0.001 seconds) [75860.686325] printk: Suspending console(s) (use no_console_suspend to debug) [75860.688973] serial 00:05: disabled [75860.689113] r8169 0000:05:00.0 enp5s0: Link is Down [75860.711191] sd 0:0:0:0: [sda] Synchronizing SCSI cache [75860.711309] ata1.00: Entering standby power mode [75860.775098] ACPI: PM: Preparing to enter system sleep state S3 [75861.311474] ACPI: PM: Saving platform NVS memory [75861.311568] Disabling non-boot CPUs ... [75861.313034] smpboot: CPU 1 is now offline [75861.314741] smpboot: CPU 2 is now offline [75861.316431] smpboot: CPU 3 is now offline [75861.318020] smpboot: CPU 4 is now offline [75861.319647] smpboot: CPU 5 is now offline [75861.321225] smpboot: CPU 6 is now offline [75861.322861] smpboot: CPU 7 is now offline [75861.324575] smpboot: CPU 8 is now offline [75861.326157] smpboot: CPU 9 is now offline [75861.327669] smpboot: CPU 10 is now offline [75861.329244] smpboot: CPU 11 is now offline [75861.330891] smpboot: CPU 12 is now offline [75861.332412] smpboot: CPU 13 is now offline [75861.333886] smpboot: CPU 14 is now offline [75861.335405] smpboot: CPU 15 is now offline [75861.336907] smpboot: CPU 16 is now offline [75861.338481] smpboot: CPU 17 is now offline [75861.339952] smpboot: CPU 18 is now offline [75861.341446] smpboot: CPU 19 is now offline [75861.343097] smpboot: CPU 20 is now offline [75861.344578] smpboot: CPU 21 is now offline [75861.346499] smpboot: CPU 22 is now offline [75861.348026] smpboot: CPU 23 is now offline [75861.348456] ACPI: PM: Low-level resume complete [75861.348475] ACPI: PM: Restoring platform NVS memory [75861.348534] LVT offset 0 assigned for vector 0x400 [75861.349037] Enabling non-boot CPUs ... [75861.349087] smpboot: Booting Node 0 Processor 1 APIC 0x2 [75861.351551] ACPI: \_PR_.C002: Found 2 idle states [75861.352276] CPU1 is up [75861.352291] smpboot: Booting Node 0 Processor 2 APIC 0x4 [75861.354667] ACPI: \_PR_.C004: Found 2 idle states [75861.355335] CPU2 is up [75861.355351] smpboot: Booting Node 0 Processor 3 APIC 0x8 [75861.357813] ACPI: \_PR_.C006: Found 2 idle states [75861.358510] CPU3 is up [75861.358527] smpboot: Booting Node 0 Processor 4 APIC 0xa [75861.360917] ACPI: \_PR_.C008: Found 2 idle states [75861.361813] CPU4 is up [75861.361832] smpboot: Booting Node 0 Processor 5 APIC 0xc [75861.364234] ACPI: \_PR_.C00A: Found 2 idle states [75861.365154] CPU5 is up [75861.365172] smpboot: Booting Node 0 Processor 6 APIC 0x10 [75861.367652] ACPI: \_PR_.C00C: Found 2 idle states [75861.368500] CPU6 is up [75861.368517] smpboot: Booting Node 0 Processor 7 APIC 0x12 [75861.370927] ACPI: \_PR_.C00E: Found 2 idle states [75861.371830] CPU7 is up [75861.371848] smpboot: Booting Node 0 Processor 8 APIC 0x14 [75861.374262] ACPI: \_PR_.C010: Found 2 idle states [75861.375169] CPU8 is up [75861.375186] smpboot: Booting Node 0 Processor 9 APIC 0x18 [75861.377671] ACPI: \_PR_.C012: Found 2 idle states [75861.378512] CPU9 is up [75861.378528] smpboot: Booting Node 0 Processor 10 APIC 0x1a [75861.380949] ACPI: \_PR_.C014: Found 2 idle states [75861.381842] CPU10 is up [75861.381858] smpboot: Booting Node 0 Processor 11 APIC 0x1c [75861.384278] ACPI: \_PR_.C016: Found 2 idle states [75861.385180] CPU11 is up [75861.385200] smpboot: Booting Node 0 Processor 12 APIC 0x1 [75861.387643] ACPI: \_PR_.C001: Found 2 idle states [75861.388560] CPU12 is up [75861.388602] smpboot: Booting Node 0 Processor 13 APIC 0x3 [75861.391005] ACPI: \_PR_.C003: Found 2 idle states [75861.391863] CPU13 is up [75861.391880] smpboot: Booting Node 0 Processor 14 APIC 0x5 [75861.394265] ACPI: \_PR_.C005: Found 2 idle states [75861.395193] CPU14 is up [75861.395209] smpboot: Booting Node 0 Processor 15 APIC 0x9 [75861.397613] ACPI: \_PR_.C007: Found 2 idle states [75861.398544] CPU15 is up [75861.398563] smpboot: Booting Node 0 Processor 16 APIC 0xb [75861.400975] ACPI: \_PR_.C009: Found 2 idle states [75861.401874] CPU16 is up [75861.401915] smpboot: Booting Node 0 Processor 17 APIC 0xd [75861.404341] ACPI: \_PR_.C00B: Found 2 idle states [75861.405223] CPU17 is up [75861.405248] smpboot: Booting Node 0 Processor 18 APIC 0x11 [75861.407671] ACPI: \_PR_.C00D: Found 2 idle states [75861.408572] CPU18 is up [75861.408594] smpboot: Booting Node 0 Processor 19 APIC 0x13 [75861.411029] ACPI: \_PR_.C00F: Found 2 idle states [75861.411898] CPU19 is up [75861.411922] smpboot: Booting Node 0 Processor 20 APIC 0x15 [75861.414359] ACPI: \_PR_.C011: Found 2 idle states [75861.415241] CPU20 is up [75861.415264] smpboot: Booting Node 0 Processor 21 APIC 0x19 [75861.417703] ACPI: \_PR_.C013: Found 2 idle states [75861.418595] CPU21 is up [75861.418617] smpboot: Booting Node 0 Processor 22 APIC 0x1b [75861.421070] ACPI: \_PR_.C015: Found 2 idle states [75861.421911] CPU22 is up [75861.421935] smpboot: Booting Node 0 Processor 23 APIC 0x1d [75861.424382] ACPI: \_PR_.C017: Found 2 idle states [75861.425257] CPU23 is up [75861.427033] ACPI: PM: Waking up from system sleep state S3 [75861.429340] xhci_hcd 0000:02:00.0: xHC error in resume, USBSTS 0x401, Reinit [75861.429344] usb usb1: root hub lost power or was reset [75861.429345] usb usb2: root hub lost power or was reset [75861.429734] serial 00:05: activated [75861.486937] nvme nvme0: D3 entry latency set to 10 seconds [75861.488395] nvme nvme0: 24/0/0 default/read/poll queues [75861.621838] r8169 0000:05:00.0 enp5s0: Link is Down [75861.622169] OOM killer enabled. [75861.622171] Restarting tasks ... done. [75861.622401] random: crng reseeded on system resumption [75861.622421] PM: suspend exit [75861.718489] br0: port 1(enp5s0) entered disabled state [75861.741232] ata5: SATA link down (SStatus 0 SControl 330) [75861.741258] ata6: SATA link down (SStatus 0 SControl 330) [75861.741490] ata2: SATA link down (SStatus 0 SControl 300) [75861.898589] ata1: SATA link up 6.0 Gbps (SStatus 133 SControl 300) [75861.900341] sd 0:0:0:0: [sda] Starting disk [75861.901250] ata1.00: configured for UDMA/133 [75861.911447] ahci 0000:02:00.1: port does not support device sleep [75864.693199] r8169 0000:05:00.0 enp5s0: Link is Up - 1Gbps/Full - flow control rx/tx [75864.693223] br0: port 1(enp5s0) entered blocking state [75864.693226] br0: port 1(enp5s0) entered forwarding state [86041.349844] ------------[ cut here ]------------ [86041.349850] kernel BUG at mm/zswap.c:1005! [86041.349862] Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [86041.349867] CPU: 5 PID: 2798071 Comm: llvm-tblgen Not tainted 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.349872] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.349876] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.349884] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.349889] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.349892] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.349894] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.349897] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.349899] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.349902] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.349904] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.349908] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.349910] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.349914] Call Trace: [86041.349918] <TASK> [86041.349920] ? die+0x36/0x90 [86041.349925] ? do_trap+0xdd/0x100 [86041.349929] ? zswap_decompress+0x1ef/0x200 [86041.349932] ? do_error_trap+0x6a/0x90 [86041.349935] ? zswap_decompress+0x1ef/0x200 [86041.349938] ? exc_invalid_op+0x50/0x70 [86041.349943] ? zswap_decompress+0x1ef/0x200 [86041.349946] ? asm_exc_invalid_op+0x1a/0x20 [86041.349951] ? zswap_decompress+0x1ef/0x200 [86041.349955] zswap_load+0x109/0x120 [86041.349958] swap_read_folio+0x64/0x450 [86041.349963] swapin_readahead+0x463/0x4e0 [86041.349967] do_swap_page+0x436/0xd70 [86041.349972] ? __pte_offset_map+0x1b/0x180 [86041.349976] __handle_mm_fault+0x85d/0x1070 [86041.349979] ? sched_tick+0xee/0x2f0 [86041.349985] handle_mm_fault+0x18d/0x320 [86041.349988] do_user_addr_fault+0x177/0x6a0 [86041.349993] exc_page_fault+0x7e/0x180 [86041.349996] asm_exc_page_fault+0x26/0x30 [86041.350000] RIP: 0033:0x7453b9 [86041.350019] Code: 00 48 8d 0c 49 4c 8d 04 ca 48 8b 0f 4c 39 c2 75 19 e9 7f 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c2 18 49 39 d0 74 6b <48> 39 0a 75 f2 48 89 84 24 90 00 00 00 4c 39 73 10 0f 84 2f 02 00 [86041.350024] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.350027] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.350030] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.350032] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.350035] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.350038] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.350041] </TASK> [86041.350043] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.350106] [last unloaded: nouveau] [86041.350125] ---[ end trace 0000000000000000 ]--- [86041.350128] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.350131] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.350137] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.350139] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.350142] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.350145] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.350147] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.350150] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.350152] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.350156] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.350158] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.350162] ------------[ cut here ]------------ [86041.350164] WARNING: CPU: 5 PID: 2798071 at kernel/exit.c:825 do_exit+0x88b/0xac0 [86041.350170] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.350211] [last unloaded: nouveau] [86041.350231] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.350236] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.350239] RIP: 0010:do_exit+0x88b/0xac0 [86041.350242] Code: 89 a3 48 06 00 00 48 89 6c 24 10 48 8b 83 68 08 00 00 e9 ff fd ff ff 48 8b bb 28 06 00 00 31 f6 e8 da e1 ff ff e9 a1 fd ff ff <0f> 0b e9 eb f7 ff ff 4c 89 e6 bf 05 06 00 00 e8 c1 2b 01 00 e9 66 [86041.350248] RSP: 0000:ffffb98f823ebed8 EFLAGS: 00010282 [86041.350250] RAX: 0000000400000000 RBX: ffff9bf042adc100 RCX: 0000000000000000 [86041.350252] RDX: 0000000000000001 RSI: 0000000000002710 RDI: ffff9bef09907380 [86041.350255] RBP: ffff9bef81c55580 R08: 0000000000000000 R09: 0000000000000003 [86041.350258] R10: ffffb98f823eb850 R11: ffff9bf23f2ad7a8 R12: 000000000000000b [86041.350261] R13: ffff9bef09907380 R14: ffffffffa65fa463 R15: ffffb98f823ebae8 [86041.350263] FS: 00007f4bda31d280(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.350267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.350269] CR2: 000000001665d010 CR3: 0000000191a2c000 CR4: 0000000000350ef0 [86041.350272] Call Trace: [86041.350274] <TASK> [86041.350276] ? __warn+0x80/0x120 [86041.350280] ? do_exit+0x88b/0xac0 [86041.350283] ? report_bug+0x164/0x190 [86041.350288] ? handle_bug+0x3c/0x80 [86041.350291] ? exc_invalid_op+0x17/0x70 [86041.350294] ? asm_exc_invalid_op+0x1a/0x20 [86041.350297] ? do_exit+0x88b/0xac0 [86041.350300] ? do_exit+0x6f/0xac0 [86041.350303] ? do_user_addr_fault+0x177/0x6a0 [86041.350307] make_task_dead+0x81/0x170 [86041.350310] rewind_stack_and_make_dead+0x16/0x20 [86041.350314] RIP: 0033:0x7453b9 [86041.350319] Code: 00 48 8d 0c 49 4c 8d 04 ca 48 8b 0f 4c 39 c2 75 19 e9 7f 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 48 83 c2 18 49 39 d0 74 6b <48> 39 0a 75 f2 48 89 84 24 90 00 00 00 4c 39 73 10 0f 84 2f 02 00 [86041.350324] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.350327] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.350330] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.350332] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.350335] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.350337] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.350341] </TASK> [86041.350342] ---[ end trace 0000000000000000 ]--- [86041.579617] BUG: kernel NULL pointer dereference, address: 0000000000000008 [86041.579627] #PF: supervisor write access in kernel mode [86041.579630] #PF: error_code(0x0002) - not-present page [86041.579632] PGD 0 P4D 0 [86041.579636] Oops: Oops: 0002 [#2] PREEMPT SMP NOPTI [86041.579640] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D W 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.579645] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.579649] RIP: 0010:__blk_flush_plug+0x89/0x150 [86041.579655] Code: de 48 89 5c 24 08 48 89 5c 24 10 48 39 c1 74 7c 49 8b 46 20 48 8b 34 24 48 39 c6 74 5b 49 8b 4e 20 49 8b 56 28 48 8b 44 24 08 <48> 89 59 08 48 89 4c 24 08 48 89 02 48 89 50 08 49 89 76 20 49 89 [86041.579660] RSP: 0018:ffffb98f823ebc30 EFLAGS: 00010286 [86041.579662] RAX: ffffb98f823ebc38 RBX: ffffb98f823ebc38 RCX: 0000000000000000 [86041.579665] RDX: 0000000101887e59 RSI: ffffb98f823ebce8 RDI: ffffb98f823ebcc8 [86041.579667] RBP: 0000000000000001 R08: ffff9bef14e7c248 R09: 0000000000000050 [86041.579669] R10: 0000000000400023 R11: 0000000000000001 R12: dead000000000122 [86041.579672] R13: dead000000000100 R14: ffffb98f823ebcc8 R15: 0000000000000000 [86041.579674] FS: 0000000000000000(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.579677] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.579679] CR2: 0000000000000008 CR3: 0000000103bfe000 CR4: 0000000000350ef0 [86041.579682] Call Trace: [86041.579685] <TASK> [86041.579689] ? __die+0x23/0x70 [86041.579694] ? page_fault_oops+0x173/0x5a0 [86041.579698] ? exc_page_fault+0x7e/0x180 [86041.579702] ? asm_exc_page_fault+0x26/0x30 [86041.579706] ? __blk_flush_plug+0x89/0x150 [86041.579709] schedule+0x99/0xf0 [86041.579714] schedule_preempt_disabled+0x15/0x30 [86041.579716] rwsem_down_write_slowpath+0x1eb/0x640 [86041.579720] down_write+0x5a/0x60 [86041.579723] free_pgtables+0xc6/0x1e0 [86041.579728] exit_mmap+0x16b/0x3a0 [86041.579733] __mmput+0x3e/0x130 [86041.579736] do_exit+0x2ac/0xac0 [86041.579741] ? do_user_addr_fault+0x177/0x6a0 [86041.579743] make_task_dead+0x81/0x170 [86041.579746] rewind_stack_and_make_dead+0x16/0x20 [86041.579750] RIP: 0033:0x7453b9 [86041.579768] Code: Unable to access opcode bytes at 0x74538f. [86041.579770] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.579772] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.579774] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.579776] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.579778] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.579781] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.579784] </TASK> [86041.579785] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.579842] [last unloaded: nouveau] [86041.579858] CR2: 0000000000000008 [86041.579861] ---[ end trace 0000000000000000 ]--- [86041.579863] RIP: 0010:zswap_decompress+0x1ef/0x200 [86041.579867] Code: ef e8 95 2a ce ff 84 c0 0f 85 1f ff ff ff e9 fb fe ff ff 0f 0b 48 8d 7b 10 e8 0d a9 a4 00 c7 43 10 00 00 00 00 8b 43 30 eb 86 <0f> 0b 0f 0b e8 f8 9b a3 00 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [86041.579872] RSP: 0000:ffffb98f823ebb90 EFLAGS: 00010282 [86041.579875] RAX: 00000000ffffffea RBX: ffff9bf22e8c1e08 RCX: ffff9bef137774ba [86041.579877] RDX: 0000000000000002 RSI: 0000000000000438 RDI: ffff9bf22e8b2af0 [86041.579880] RBP: ffff9bef58cd2b98 R08: ffff9bee8baf07e0 R09: ffff9bef13777080 [86041.579882] R10: 0000000000000022 R11: ffff9bee8baf1000 R12: fffff782422ebc00 [86041.579884] R13: ffff9bef13777080 R14: ffff9bef01e3d6e0 R15: ffff9bf22e8c1e48 [86041.579886] FS: 0000000000000000(0000) GS:ffff9bf22e880000(0000) knlGS:0000000000000000 [86041.579889] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86041.579891] CR2: 0000000000000008 CR3: 0000000103bfe000 CR4: 0000000000350ef0 [86041.579893] note: llvm-tblgen[2798071] exited with irqs disabled [86041.579895] Fixing recursive fault but reboot is needed! [86041.579897] BUG: scheduling while atomic: llvm-tblgen/2798071/0x00000000 [86041.579899] Modules linked in: tls rpcsec_gss_krb5 nfsv4 dns_resolver nfs netfs rpcrdma rdma_cm iw_cm ib_cm ib_core br_netfilter iptable_filter xt_physdev tun bridge stp llc ext4 crc16 mbcache jbd2 amd_atl intel_rapl_msr intel_rapl_common cfg80211 edac_mce_amd kvm_amd rfkill kvm crct10dif_pclmul crc32_pclmul polyval_clmulni r8169 polyval_generic gf128mul ghash_clmulni_intel sha512_ssse3 realtek sha256_ssse3 sha1_ssse3 aesni_intel mdio_devres crypto_simd sp5100_tco k10temp gpio_amdpt cryptd wmi_bmof pcspkr ccp libphy i2c_piix4 acpi_cpufreq rapl zenpower ryzen_smu gpio_generic mac_hid nfsd auth_rpcgss nfs_acl lockd grace nct6775 nct6775_core hwmon_vid sg sunrpc crypto_user fuse dm_mod loop nfnetlink bpf_preload ip_tables x_tables xfs libcrc32c crc32c_generic drm_ttm_helper ttm video gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi nvme crc32c_intel drm_display_helper xhci_pci nvme_core xhci_pci_renesas wmi virtio_net net_failover failover dimlib virtio_blk virtio_pci virtio_pci_legacy_dev virtio_pci_modern_dev [86041.579933] [last unloaded: nouveau] [86041.579950] CPU: 5 PID: 2798071 Comm: llvm-tblgen Tainted: G D W 6.10.6-12 #1 349ceb515693b41153483eac7819a5fb2832d2bf [86041.579954] Hardware name: To Be Filled By O.E.M. B450M Pro4-F R2.0/B450M Pro4-F R2.0, BIOS P10.08 01/19/2024 [86041.579957] Call Trace: [86041.579959] <TASK> [86041.579960] dump_stack_lvl+0x64/0x80 [86041.579965] __schedule_bug+0x56/0x70 [86041.579970] __schedule+0x10d1/0x1520 [86041.579973] ? __wake_up_klogd.part.0+0x3c/0x60 [86041.579978] ? vprintk_emit+0x176/0x2a0 [86041.579981] ? _printk+0x64/0x80 [86041.579984] do_task_dead+0x42/0x50 [86041.579988] make_task_dead+0x149/0x170 [86041.579991] rewind_stack_and_make_dead+0x16/0x20 [86041.579994] RIP: 0033:0x7453b9 [86041.579997] Code: Unable to access opcode bytes at 0x74538f. [86041.579999] RSP: 002b:00007ffe67b93c80 EFLAGS: 00010206 [86041.580002] RAX: 0000000016659250 RBX: 00007ffe67b93db0 RCX: 000000000f1aad40 [86041.580004] RDX: 000000001665d010 RSI: 00007ffe67b93cd8 RDI: 00007ffe67b93cd0 [86041.580006] RBP: 0000000000000001 R08: 000000001665d088 R09: 0000000000000000 [86041.580008] R10: 00007f4bda030610 R11: 00007f4bda0d6200 R12: 0000000016661210 [86041.580011] R13: 00007ffe67b94a58 R14: 000000000ba280a8 R15: 0000000000000006 [86041.580014] </TASK> [86260.530317] systemd[1]: systemd-journald.service: State 'stop-watchdog' timed out. Killing. [86260.530377] systemd[1]: systemd-journald.service: Killing process 483 (systemd-journal) with signal SIGKILL. [86350.780590] systemd[1]: systemd-journald.service: Processes still around after SIGKILL. Ignoring. [86441.030515] systemd[1]: systemd-journald.service: State 'final-sigterm' timed out. Killing. [86441.030574] systemd[1]: systemd-journald.service: Killing process 483 (systemd-journal) with signal SIGKILL. [86531.280569] systemd[1]: systemd-journald.service: Processes still around after final SIGKILL. Entering failed mode. [86531.280585] systemd[1]: systemd-journald.service: Failed with result 'watchdog'. [86531.280685] systemd[1]: systemd-journald.service: Unit process 483 (systemd-journal) remains running after unit stopped. [86531.289108] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [86531.289280] systemd[1]: systemd-journald.service: Found left-over process 483 (systemd-journal) in control group while starting unit. Ignoring. [86531.289285] systemd[1]: systemd-journald.service: This usually indicates unclean termination of a previous run, or service implementation deficiencies. [86531.323344] systemd[1]: Starting Journal Service... [86531.330820] systemd-journald[2799374]: Collecting audit messages is disabled. [86531.331902] systemd-journald[2799374]: File /var/log/journal/1a15c5c01ee34ffb8beb42df7c18ff94/system.journal corrupted or uncleanly shut down, renaming and replacing. [86531.338702] systemd[1]: Started Journal Service. [root@minimyth2-x8664 piotro]#

1 year, 4 months

2
2
0 0

[PATCH] driver core: Fix an uninitialized variable is used by __device_attach()

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> An uninitialized variable @data.have_async may be used as analyzed by the following inline comments: static int __device_attach(struct device *dev, bool allow_async) { // if @allow_async is true. ... struct device_attach_data data = { .dev = dev, .check_async = allow_async, .want_async = false, }; // @data.have_async is not initialized. ... ret = bus_for_each_drv(dev->bus, NULL, &data, __device_attach_driver); // @data.have_async must not be set by __device_attach_driver() if // @dev->bus does not have driver which allows probe asynchronously if (!ret && allow_async && data.have_async) { // Above @data.have_async is not uninitialized but used. ... } ... } It may be unnecessary to trigger the second pass probing asynchronous drivers for the device @dev. Fixed by initializing @data.have_async to false. Fixes: 765230b5f084 ("driver-core: add asynchronous probing support for drivers") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- drivers/base/dd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/base/dd.c b/drivers/base/dd.c index 9b745ba54de1..b0c44b0846aa 100644 --- a/drivers/base/dd.c +++ b/drivers/base/dd.c @@ -1021,6 +1021,7 @@ static int __device_attach(struct device *dev, bool allow_async) .dev = dev, .check_async = allow_async, .want_async = false, + .have_async = false, }; if (dev->parent) --- base-commit: 87ee9981d1f86ee9b1623a46c7f9e4ac24461fe4 change-id: 20240823-fix_have_async-3a135618d91b Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

1 year, 4 months

3
11
0 0

[tip: irq/urgent] irqchip/gic-v3: Init SRE before poking sysregs

by tip-bot2 for Mark Rutland

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 71c8e2a7c822ee557b07d9bb49028dd269c87b2e Gitweb: https://git.kernel.org/tip/71c8e2a7c822ee557b07d9bb49028dd269c87b2e Author: Mark Rutland <mark.rutland(a)arm.com> AuthorDate: Thu, 22 Aug 2024 11:23:08 +01:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 23 Aug 2024 12:45:45 +02:00 irqchip/gic-v3: Init SRE before poking sysregs The GICv3 driver pokes GICv3 system registers in gic_prio_init() before gic_cpu_sys_reg_init() ensures that GICv3 system registers have been enabled by writing to ICC_SRE_EL1.SRE. On arm64 this is benign as has_useable_gicv3_cpuif() runs earlier during cpufeature detection, and this enables the GICv3 system registers. On 32-bit arm when booting on an FVP using the boot-wrapper, the accesses in gic_prio_init() end up being UNDEFINED and crashes the kernel during boot. This is a regression introduced by the addition of gic_prio_init(). Fix this by factoring out the SRE initialization into a new function and calling it early in the three paths where SRE may not have been initialized: (1) gic_init_bases(), before the primary CPU pokes GICv3 sysregs in gic_prio_init(). (2) gic_starting_cpu(), before secondary CPUs initialize GICv3 sysregs in gic_cpu_init(). (3) gic_cpu_pm_notifier(), before CPUs re-initialize GICv3 sysregs in gic_cpu_sys_reg_init(). Fixes: d447bf09a4013541 ("irqchip/gic-v3: Detect GICD_CTRL.DS and SCR_EL3.FIQ earlier") Signed-off-by: Mark Rutland <mark.rutland(a)arm.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-gic-v3.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c index c19083b..74f21e0 100644 --- a/drivers/irqchip/irq-gic-v3.c +++ b/drivers/irqchip/irq-gic-v3.c @@ -1154,14 +1154,8 @@ static void gic_update_rdist_properties(void) gic_data.rdists.has_vpend_valid_dirty ? "Valid+Dirty " : ""); } -static void gic_cpu_sys_reg_init(void) +static void gic_cpu_sys_reg_enable(void) { - int i, cpu = smp_processor_id(); - u64 mpidr = gic_cpu_to_affinity(cpu); - u64 need_rss = MPIDR_RS(mpidr); - bool group0; - u32 pribits; - /* * Need to check that the SRE bit has actually been set. If * not, it means that SRE is disabled at EL2. We're going to @@ -1172,6 +1166,16 @@ static void gic_cpu_sys_reg_init(void) if (!gic_enable_sre()) pr_err("GIC: unable to set SRE (disabled at EL2), panic ahead\n"); +} + +static void gic_cpu_sys_reg_init(void) +{ + int i, cpu = smp_processor_id(); + u64 mpidr = gic_cpu_to_affinity(cpu); + u64 need_rss = MPIDR_RS(mpidr); + bool group0; + u32 pribits; + pribits = gic_get_pribits(); group0 = gic_has_group0(); @@ -1333,6 +1337,7 @@ static int gic_check_rdist(unsigned int cpu) static int gic_starting_cpu(unsigned int cpu) { + gic_cpu_sys_reg_enable(); gic_cpu_init(); if (gic_dist_supports_lpis()) @@ -1498,6 +1503,7 @@ static int gic_cpu_pm_notifier(struct notifier_block *self, if (cmd == CPU_PM_EXIT) { if (gic_dist_security_disabled()) gic_enable_redist(true); + gic_cpu_sys_reg_enable(); gic_cpu_sys_reg_init(); } else if (cmd == CPU_PM_ENTER && gic_dist_security_disabled()) { gic_write_grpen1(0); @@ -2070,6 +2076,7 @@ static int __init gic_init_bases(phys_addr_t dist_phys_base, gic_update_rdist_properties(); + gic_cpu_sys_reg_enable(); gic_prio_init(); gic_dist_init(); gic_cpu_init();

1 year, 4 months

1
0
0 0

FAILED: patch "[PATCH] i2c: tegra: Do not mark ACPI devices as irq safe" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 14d069d92951a3e150c0a81f2ca3b93e54da913b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081950-amaze-wriggle-3057@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 14d069d92951 ("i2c: tegra: Do not mark ACPI devices as irq safe") 4f5d68c85914 ("i2c: tegra: allow VI support to be compiled out") a55efa7edf37 ("i2c: tegra: allow DVC support to be compiled out") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 14d069d92951a3e150c0a81f2ca3b93e54da913b Mon Sep 17 00:00:00 2001 From: Breno Leitao <leitao(a)debian.org> Date: Tue, 13 Aug 2024 09:12:53 -0700 Subject: [PATCH] i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 ... Call trace: __might_sleep __mutex_lock_common mutex_lock_nested acpi_subsys_runtime_resume rpm_resume tegra_i2c_xfer The problem arises because during __pm_runtime_resume(), the spinlock &dev->power.lock is acquired before rpm_resume() is called. Later, rpm_resume() invokes acpi_subsys_runtime_resume(), which relies on mutexes, triggering the error. To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpi_subsys_runtime_resume() on mutexes. Fixes: bd2fdedbf2ba ("i2c: tegra: Add the ACPI support") Cc: <stable(a)vger.kernel.org> # v5.17+ Co-developed-by: Michael van der Westhuizen <rmikey(a)meta.com> Signed-off-by: Michael van der Westhuizen <rmikey(a)meta.com> Signed-off-by: Breno Leitao <leitao(a)debian.org> Reviewed-by: Dmitry Osipenko <digetx(a)gmail.com> Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-tegra.c b/drivers/i2c/busses/i2c-tegra.c index 85b31edc558d..1df5b4204142 100644 --- a/drivers/i2c/busses/i2c-tegra.c +++ b/drivers/i2c/busses/i2c-tegra.c @@ -1802,9 +1802,9 @@ static int tegra_i2c_probe(struct platform_device *pdev) * domain. * * VI I2C device shouldn't be marked as IRQ-safe because VI I2C won't - * be used for atomic transfers. + * be used for atomic transfers. ACPI device is not IRQ safe also. */ - if (!IS_VI(i2c_dev)) + if (!IS_VI(i2c_dev) && !has_acpi_companion(i2c_dev->dev)) pm_runtime_irq_safe(i2c_dev->dev); pm_runtime_enable(i2c_dev->dev);

1 year, 4 months

2
2
0 0

[PATCH v2 03/36] soc: fsl: cpm1: tsa: Fix tsa_write8()

by Herve Codina

The tsa_write8() parameter is an u32 value. This is not consistent with the function itself. Indeed, tsa_write8() writes an 8bits value. Be consistent and use an u8 parameter value. Fixes: 1d4ba0b81c1c ("soc: fsl: cpm1: Add support for TSA") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/soc/fsl/qe/tsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/soc/fsl/qe/tsa.c b/drivers/soc/fsl/qe/tsa.c index 6c5741cf5e9d..53968ea84c88 100644 --- a/drivers/soc/fsl/qe/tsa.c +++ b/drivers/soc/fsl/qe/tsa.c @@ -140,7 +140,7 @@ static inline void tsa_write32(void __iomem *addr, u32 val) iowrite32be(val, addr); } -static inline void tsa_write8(void __iomem *addr, u32 val) +static inline void tsa_write8(void __iomem *addr, u8 val) { iowrite8(val, addr); } -- 2.45.0

1 year, 4 months

2
1
0 0

[PATCH v2 01/36] soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode

by Herve Codina

The TRNSYNC feature is available (and enabled) only in transparent mode. Since commit 7cc9bda9c163 ("soc: fsl: cpm1: qmc: Handle timeslot entries at channel start() and stop()") TRNSYNC register is updated in transparent and hdlc mode. In hdlc mode, the address of the TRNSYNC register is used by the QMC for other internal purpose. Even if no weird results were observed in hdlc mode, touching this register in this mode is wrong. Update TRNSYNC only in transparent mode. Fixes: 7cc9bda9c163 ("soc: fsl: cpm1: qmc: Handle timeslot entries at channel start() and stop()") Cc: stable(a)vger.kernel.org Signed-off-by: Herve Codina <herve.codina(a)bootlin.com> --- drivers/soc/fsl/qe/qmc.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/drivers/soc/fsl/qe/qmc.c b/drivers/soc/fsl/qe/qmc.c index 76bb496305a0..bacabf731dcb 100644 --- a/drivers/soc/fsl/qe/qmc.c +++ b/drivers/soc/fsl/qe/qmc.c @@ -940,11 +940,13 @@ static int qmc_chan_start_rx(struct qmc_chan *chan) goto end; } - ret = qmc_setup_chan_trnsync(chan->qmc, chan); - if (ret) { - dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", - chan->id, ret); - goto end; + if (chan->mode == QMC_TRANSPARENT) { + ret = qmc_setup_chan_trnsync(chan->qmc, chan); + if (ret) { + dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", + chan->id, ret); + goto end; + } } /* Restart the receiver */ @@ -982,11 +984,13 @@ static int qmc_chan_start_tx(struct qmc_chan *chan) goto end; } - ret = qmc_setup_chan_trnsync(chan->qmc, chan); - if (ret) { - dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", - chan->id, ret); - goto end; + if (chan->mode == QMC_TRANSPARENT) { + ret = qmc_setup_chan_trnsync(chan->qmc, chan); + if (ret) { + dev_err(chan->qmc->dev, "chan %u: setup TRNSYNC failed (%d)\n", + chan->id, ret); + goto end; + } } /* -- 2.45.0

1 year, 4 months

2
1
0 0

[PATCH] usb: dwc3: qcom: fix NULL pointer dereference on dwc3_qcom_read_usb2_speed

by Faisal Hassan

Null pointer dereference occurs when accessing 'hcd' to detect speed from dwc3_qcom_suspend after the xhci-hcd is unbound. To avoid this issue, ensure to check for NULL in dwc3_qcom_read_usb2_speed. echo xhci-hcd.0.auto > /sys/bus/platform/drivers/xhci-hcd/unbind xhci_plat_remove() -> usb_put_hcd() -> hcd_release() -> kfree(hcd) Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 Call trace: dwc3_qcom_suspend.part.0+0x17c/0x2d0 [dwc3_qcom] dwc3_qcom_runtime_suspend+0x2c/0x40 [dwc3_qcom] pm_generic_runtime_suspend+0x30/0x44 __rpm_callback+0x4c/0x190 rpm_callback+0x6c/0x80 rpm_suspend+0x10c/0x620 pm_runtime_work+0xc8/0xe0 process_one_work+0x1e4/0x4f4 worker_thread+0x64/0x43c kthread+0xec/0x100 ret_from_fork+0x10/0x20 Fixes: c5f14abeb52b ("usb: dwc3: qcom: fix peripheral and OTG suspend") Cc: stable(a)vger.kernel.org Signed-off-by: Faisal Hassan <quic_faisalh(a)quicinc.com> --- drivers/usb/dwc3/dwc3-qcom.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/dwc3/dwc3-qcom.c b/drivers/usb/dwc3/dwc3-qcom.c index 88fb6706a18d..0c7846478655 100644 --- a/drivers/usb/dwc3/dwc3-qcom.c +++ b/drivers/usb/dwc3/dwc3-qcom.c @@ -319,13 +319,15 @@ static bool dwc3_qcom_is_host(struct dwc3_qcom *qcom) static enum usb_device_speed dwc3_qcom_read_usb2_speed(struct dwc3_qcom *qcom, int port_index) { struct dwc3 *dwc = platform_get_drvdata(qcom->dwc3); - struct usb_device *udev; + struct usb_device __maybe_unused *udev; struct usb_hcd __maybe_unused *hcd; /* * FIXME: Fix this layering violation. */ hcd = platform_get_drvdata(dwc->xhci); + if (!hcd) + return USB_SPEED_UNKNOWN; #ifdef CONFIG_USB udev = usb_hub_find_child(hcd->self.root_hub, port_index + 1); -- 2.17.1

1 year, 4 months

5
9
0 0

[PATCH] pidfd: prevent creation of pidfds for kthreads

by Christian Brauner

It's currently possible to create pidfds for kthreads but it is unclear what that is supposed to mean. Until we have use-cases for it and we figured out what behavior we want block the creation of pidfds for kthreads. Fixes: 32fcb426ec00 ("pid: add pidfd_open()") Cc: stable(a)vger.kernel.org Signed-off-by: Christian Brauner <brauner(a)kernel.org> --- kernel/fork.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/kernel/fork.c b/kernel/fork.c index cc760491f201..18bdc87209d0 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -2053,11 +2053,24 @@ static int __pidfd_prepare(struct pid *pid, unsigned int flags, struct file **re */ int pidfd_prepare(struct pid *pid, unsigned int flags, struct file **ret) { - bool thread = flags & PIDFD_THREAD; - - if (!pid || !pid_has_task(pid, thread ? PIDTYPE_PID : PIDTYPE_TGID)) + if (!pid) return -EINVAL; + scoped_guard(rcu) { + struct task_struct *tsk; + + if (flags & PIDFD_THREAD) + tsk = pid_task(pid, PIDTYPE_PID); + else + tsk = pid_task(pid, PIDTYPE_TGID); + if (!tsk) + return -EINVAL; + + /* Don't create pidfds for kernel threads for now. */ + if (tsk->flags & PF_KTHREAD) + return -EINVAL; + } + return __pidfd_prepare(pid, flags, ret); } @@ -2403,6 +2416,12 @@ __latent_entropy struct task_struct *copy_process( if (clone_flags & CLONE_PIDFD) { int flags = (clone_flags & CLONE_THREAD) ? PIDFD_THREAD : 0; + /* Don't create pidfds for kernel threads for now. */ + if (args->kthread) { + retval = -EINVAL; + goto bad_fork_free_pid; + } + /* Note that no task has been attached to @pid yet. */ retval = __pidfd_prepare(pid, flags, &pidfile); if (retval < 0) -- 2.43.0

1 year, 4 months

6
12
0 0

[PATCH RESEND] pinctrl: single: fix potential NULL dereference in pcs_get_function()

by Ma Ke

pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Cc: stable(a)vger.kernel.org Fixes: 571aec4df5b7 ("pinctrl: single: Use generic pinmux helpers for managing functions") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/pinctrl/pinctrl-single.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/pinctrl/pinctrl-single.c b/drivers/pinctrl/pinctrl-single.c index 4c6bfabb6bd7..4da3c3f422b6 100644 --- a/drivers/pinctrl/pinctrl-single.c +++ b/drivers/pinctrl/pinctrl-single.c @@ -345,6 +345,8 @@ static int pcs_get_function(struct pinctrl_dev *pctldev, unsigned pin, return -ENOTSUPP; fselector = setting->func; function = pinmux_generic_get_function(pctldev, fselector); + if (!function) + return -EINVAL; *func = function->data; if (!(*func)) { dev_err(pcs->dev, "%s could not find function%i\n", -- 2.25.1

1 year, 4 months

2
2
0 0

Please apply commit 31e97d7c9ae3 ("media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)") to 6.1.y

by Salvatore Bonaccorso

Hi While building 6.1.106 based verson for Debian I noticed that all 32bit architectures did fail to build: https://buildd.debian.org/status/fetch.php?pkg=linux&arch=i386&ver=6.1.106-… The problem is known as https://lore.kernel.org/lkml/18c6df0d-45ed-450c-9eda-95160a2bbb8e@gmail.com/ This now affects as well 6.1.y as the commits 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants") and 4ead534fba42 ("minmax: allow comparisons of 'int' against 'unsigned char/short'") were backported to 6.1.106. Thus, can you please pick as well 31e97d7c9ae3 ("media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)") for 6.1.y? Note I suspect it is required as well for 5.15.164 (as the commits were backported there as well and 31e97d7c9ae3 now missing there). Regards, Salvatore

1 year, 4 months

2
1
0 0

[PATCH v3 01/10] OPP: Fix support for required OPPs for multiple PM domains

by Ulf Hansson

It has turned out that having _set_required_opps() to recursively call dev_pm_opp_set_opp() to set the required OPPs, doesn't really work as well as we expected. More precisely, at each recursive call to dev_pm_opp_set_opp() we are changing an OPP for a required_dev that belongs to a required-OPP table. The problem with this, is that we may have several devices sharing the same required-OPP table, which leads to an incorrect behaviour in regards to aggregating the per device votes. To fix the problem for a required-OPP table belonging to a PM domain, which is the only existing usecase for now, let's simply replace the call to dev_pm_opp_set_opp() in _set_required_opps() by a call to _set_opp_level(). Moving forward we may potentially need to add support for other types of required-OPP tables. In this case, the aggregation needs to be thought of. Fixes: e37440e7e2c2 ("OPP: Call dev_pm_opp_set_opp() for required OPPs") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- Changes in v3: - Clarified the commitmsg. Changes in v2: - Clarified the commitmsg. - Addressed some comments from Viresh. - Drop calls to _add_opp_dev() for required_devs. --- drivers/opp/core.c | 56 ++++++++++++++++++---------------------------- 1 file changed, 22 insertions(+), 34 deletions(-) diff --git a/drivers/opp/core.c b/drivers/opp/core.c index 5f4598246a87..494f8860220d 100644 --- a/drivers/opp/core.c +++ b/drivers/opp/core.c @@ -1061,6 +1061,27 @@ static int _set_opp_bw(const struct opp_table *opp_table, return 0; } +static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) +{ + unsigned int level = 0; + int ret = 0; + + if (opp) { + if (opp->level == OPP_LEVEL_UNSET) + return 0; + + level = opp->level; + } + + /* Request a new performance state through the device's PM domain. */ + ret = dev_pm_domain_set_performance_state(dev, level); + if (ret) + dev_err(dev, "Failed to set performance state %u (%d)\n", level, + ret); + + return ret; +} + /* This is only called for PM domain for now */ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, struct dev_pm_opp *opp, bool up) @@ -1091,7 +1112,7 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, if (devs[index]) { required_opp = opp ? opp->required_opps[index] : NULL; - ret = dev_pm_opp_set_opp(devs[index], required_opp); + ret = _set_opp_level(devs[index], required_opp); if (ret) return ret; } @@ -1102,27 +1123,6 @@ static int _set_required_opps(struct device *dev, struct opp_table *opp_table, return 0; } -static int _set_opp_level(struct device *dev, struct dev_pm_opp *opp) -{ - unsigned int level = 0; - int ret = 0; - - if (opp) { - if (opp->level == OPP_LEVEL_UNSET) - return 0; - - level = opp->level; - } - - /* Request a new performance state through the device's PM domain. */ - ret = dev_pm_domain_set_performance_state(dev, level); - if (ret) - dev_err(dev, "Failed to set performance state %u (%d)\n", level, - ret); - - return ret; -} - static void _find_current_opp(struct device *dev, struct opp_table *opp_table) { struct dev_pm_opp *opp = ERR_PTR(-ENODEV); @@ -2457,18 +2457,6 @@ static int _opp_attach_genpd(struct opp_table *opp_table, struct device *dev, } } - /* - * Add the virtual genpd device as a user of the OPP table, so - * we can call dev_pm_opp_set_opp() on it directly. - * - * This will be automatically removed when the OPP table is - * removed, don't need to handle that here. - */ - if (!_add_opp_dev(virt_dev, opp_table->required_opp_tables[index])) { - ret = -ENOMEM; - goto err; - } - opp_table->required_devs[index] = virt_dev; index++; name++; -- 2.34.1

1 year, 4 months

1
0
0 0

[PATCH 1/3] thermal: of: Fix OF node leak in thermal_of_trips_init() error path

by Krzysztof Kozlowski

Terminating for_each_child_of_node() loop requires dropping OF node reference, so bailing out after thermal_of_populate_trip() error misses this. Solve the OF node reference leak with scoped for_each_child_of_node_scoped(). Fixes: d0c75fa2c17f ("thermal/of: Initialize trip points separately") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/thermal/thermal_of.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c index aa34b6e82e26..30f8d6e70484 100644 --- a/drivers/thermal/thermal_of.c +++ b/drivers/thermal/thermal_of.c @@ -125,7 +125,7 @@ static int thermal_of_populate_trip(struct device_node *np, static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *ntrips) { struct thermal_trip *tt; - struct device_node *trips, *trip; + struct device_node *trips; int ret, count; trips = of_get_child_by_name(np, "trips"); @@ -150,7 +150,7 @@ static struct thermal_trip *thermal_of_trips_init(struct device_node *np, int *n *ntrips = count; count = 0; - for_each_child_of_node(trips, trip) { + for_each_child_of_node_scoped(trips, trip) { ret = thermal_of_populate_trip(trip, &tt[count++]); if (ret) goto out_kfree; -- 2.43.0

1 year, 4 months

5
14
0 0

[PATCH] binder: fix UAF caused by offsets overwrite

by Carlos Llamas

Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites the offsets section. This eventually triggers an error that attempts to unwind the processed objects. However, at this point the offsets used to index these objects are now corrupted. Unwinding with corrupted offsets can result in decrements of arbitrary nodes and lead to their premature release. Other users of such nodes are left with a dangling pointer triggering a use-after-free. This issue is made evident by the following KASAN report (trimmed): ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff47fc91598f04 by task binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util Not tainted 6.11.0-rc4 #1 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Allocated by task 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Freed by task 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ================================================================== To avoid this issue, let's check that the raw data copy is within the boundaries of the data section. Fixes: 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") Cc: Todd Kjos <tkjos(a)google.com> Cc: stable(a)vger.kernel.org Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- drivers/android/binder.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/android/binder.c b/drivers/android/binder.c index 905290c98c3c..e8643c69d426 100644 --- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -3422,6 +3422,7 @@ static void binder_transaction(struct binder_proc *proc, */ copy_size = object_offset - user_offset; if (copy_size && (user_offset > object_offset || + object_offset > tr->data_size || binder_alloc_copy_user_to_buffer( &target_proc->alloc, t->buffer, user_offset, -- 2.46.0.295.g3b9ea8a38a-goog

1 year, 4 months

1
0
0 0

+ revert-mm-skip-cma-pages-when-they-are-not-available-update.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: revert-mm-skip-cma-pages-when-they-are-not-available-update has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-skip-cma-pages-when-they-are-not-available-update.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: revert-mm-skip-cma-pages-when-they-are-not-available-update Date: Wed, 21 Aug 2024 20:26:07 +0100 also revert b7108d66318a ("Multi-gen LRU: skip CMA pages when they are not eligible"), per Johannes Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Link: https://lkml.kernel.org/r/357ac325-4c61-497a-92a3-bdbd230d5ec9@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Acked-by: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available-update +++ a/mm/vmscan.c @@ -4253,25 +4253,6 @@ void lru_gen_soft_reclaim(struct mem_cgr #endif /* CONFIG_MEMCG */ -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /****************************************************************************** * the eviction ******************************************************************************/ @@ -4319,7 +4300,7 @@ static bool sort_folio(struct lruvec *lr } /* ineligible */ - if (zone > sc->reclaim_idx || skip_cma(folio, sc)) { + if (zone > sc->reclaim_idx) { gen = folio_inc_gen(lruvec, folio, false); list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); return true; _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are revert-mm-skip-cma-pages-when-they-are-not-available.patch revert-mm-skip-cma-pages-when-they-are-not-available-update.patch

1 year, 4 months

1
0
0 0

[PATCH RESEND] drm/amd/display: avoid using null object of framebuffer

by Ma Ke

Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. Cc: stable(a)vger.kernel.org Fixes: 5d945cbcd4b1 ("drm/amd/display: Create a file dedicated to planes") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c index a83bd0331c3b..5cb11cc2d063 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c @@ -28,6 +28,7 @@ #include <drm/drm_blend.h> #include <drm/drm_gem_atomic_helper.h> #include <drm/drm_plane_helper.h> +#include <drm/drm_gem_framebuffer_helper.h> #include <drm/drm_fourcc.h> #include "amdgpu.h" @@ -935,10 +936,14 @@ static int amdgpu_dm_plane_helper_prepare_fb(struct drm_plane *plane, } afb = to_amdgpu_framebuffer(new_state->fb); - obj = new_state->fb->obj[0]; + obj = drm_gem_fb_get_obj(new_state->fb, 0); + if (!obj) { + DRM_ERROR("Failed to get obj from framebuffer\n"); + return -EINVAL; + } + rbo = gem_to_amdgpu_bo(obj); adev = amdgpu_ttm_adev(rbo->tbo.bdev); - r = amdgpu_bo_reserve(rbo, true); if (r) { dev_err(adev->dev, "fail to reserve bo (%d)\n", r); -- 2.25.1

1 year, 4 months

2
3
0 0

FAILED: patch "[PATCH] riscv: entry: always initialize regs->a0 to -ENOSYS" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 61119394631f219e23ce98bcc3eb993a64a8ea64 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081917-flanked-clear-e564@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 61119394631f ("riscv: entry: always initialize regs->a0 to -ENOSYS") 05d450aabd73 ("riscv: Support RANDOMIZE_KSTACK_OFFSET") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61119394631f219e23ce98bcc3eb993a64a8ea64 Mon Sep 17 00:00:00 2001 From: Celeste Liu <coelacanthushex(a)gmail.com> Date: Thu, 27 Jun 2024 22:23:39 +0800 Subject: [PATCH] riscv: entry: always initialize regs->a0 to -ENOSYS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise when the tracer changes syscall number to -1, the kernel fails to initialize a0 with -ENOSYS and subsequently fails to return the error code of the failed syscall to userspace. For example, it will break strace syscall tampering. Fixes: 52449c17bdd1 ("riscv: entry: set a0 = -ENOSYS only when syscall != -1") Reported-by: "Dmitry V. Levin" <ldv(a)strace.io> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Cc: stable(a)vger.kernel.org Signed-off-by: Celeste Liu <CoelacanthusHex(a)gmail.com> Link: https://lore.kernel.org/r/20240627142338.5114-2-CoelacanthusHex@gmail.com Signed-off-by: Palmer Dabbelt <palmer(a)rivosinc.com> diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 05a16b1f0aee..51ebfd23e007 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -319,6 +319,7 @@ void do_trap_ecall_u(struct pt_regs *regs) regs->epc += 4; regs->orig_a0 = regs->a0; + regs->a0 = -ENOSYS; riscv_v_vstate_discard(regs); @@ -328,8 +329,7 @@ void do_trap_ecall_u(struct pt_regs *regs) if (syscall >= 0 && syscall < NR_syscalls) syscall_handler(regs, syscall); - else if (syscall != -1) - regs->a0 = -ENOSYS; + /* * Ultimately, this value will get limited by KSTACK_OFFSET_MAX(), * so the maximum stack offset is 1k bytes (10 bits).

1 year, 4 months

2
1
0 0

[PATCH 1/2] soc: qcom: pmic_glink: fix scope of __pmic_glink_lock in pmic_glink_rpmsg_probe()

by Krzysztof Kozlowski

File-scope "__pmic_glink_lock" mutex protects the filke-scope "__pmic_glink", thus reference to it should be obtained under the lock, just like pmic_glink_rpmsg_remove() is doing. Otherwise we have a race during if PMIC GLINK device removal: the pmic_glink_rpmsg_probe() function could store local reference before mutex in driver removal is acquired. Fixes: 58ef4ece1e41 ("soc: qcom: pmic_glink: Introduce base PMIC GLINK driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/soc/qcom/pmic_glink.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/soc/qcom/pmic_glink.c b/drivers/soc/qcom/pmic_glink.c index 9606222993fd..452f30a9354d 100644 --- a/drivers/soc/qcom/pmic_glink.c +++ b/drivers/soc/qcom/pmic_glink.c @@ -217,10 +217,11 @@ static void pmic_glink_pdr_callback(int state, char *svc_path, void *priv) static int pmic_glink_rpmsg_probe(struct rpmsg_device *rpdev) { - struct pmic_glink *pg = __pmic_glink; + struct pmic_glink *pg; int ret = 0; mutex_lock(&__pmic_glink_lock); + pg = __pmic_glink; if (!pg) { ret = dev_err_probe(&rpdev->dev, -ENODEV, "no pmic_glink device to attach to\n"); goto out_unlock; -- 2.43.0

1 year, 4 months

1
0
0 0

[PATCH v3 0/2] bfs: fix null-ptr-deref and possible warning in bfs_move_block() func

by kovalev＠altlinux.org

https://syzkaller.appspot.com/bug?extid=d98fd19acd08b36ff422 [PATCH v3 1/2] bfs: prevent null pointer dereference in bfs_move_block() v3: Changed the error handling [PATCH v3 2/2] bfs: ensure buffer is marked uptodate before marking it dirty v3: Replaced the buffer up-to-date check with an error exit by forcefully setting the buffer as up-to-date before call mark_buffer_dirty()

1 year, 4 months

1
2
0 0

[PATCH 6.1.y 2/2 V2] KVM: x86: Fix lapic timer interrupt lost after loading a snapshot.

by David Hunter

From: Haitao Shan <hshan(a)google.com> When running android emulator (which is based on QEMU 2.12) on certain Intel hosts with kernel version 6.3-rc1 or above, guest will freeze after loading a snapshot. This is almost 100% reproducible. By default, the android emulator will use snapshot to speed up the next launching of the same android guest. So this breaks the android emulator badly. I tested QEMU 8.0.4 from Debian 12 with an Ubuntu 22.04 guest by running command "loadvm" after "savevm". The same issue is observed. At the same time, none of our AMD platforms is impacted. More experiments show that loading the KVM module with "enable_apicv=false" can workaround it. The issue started to show up after commit 8e6ed96cdd50 ("KVM: x86: fire timer when it is migrated and expired, and in oneshot mode"). However, as is pointed out by Sean Christopherson, it is introduced by commit 967235d32032 ("KVM: vmx: clear pending interrupts on KVM_SET_LAPIC"). commit 8e6ed96cdd50 ("KVM: x86: fire timer when it is migrated and expired, and in oneshot mode") just makes it easier to hit the issue. Having both commits, the oneshot lapic timer gets fired immediately inside the KVM_SET_LAPIC call when loading the snapshot. On Intel platforms with APIC virtualization and posted interrupt processing, this eventually leads to setting the corresponding PIR bit. However, the whole PIR bits get cleared later in the same KVM_SET_LAPIC call by apicv_post_state_restore. This leads to timer interrupt lost. The fix is to move vmx_apicv_post_state_restore to the beginning of the KVM_SET_LAPIC call and rename to vmx_apicv_pre_state_restore. What vmx_apicv_post_state_restore does is actually clearing any former apicv state and this behavior is more suitable to carry out in the beginning. Fixes: 967235d32032 ("KVM: vmx: clear pending interrupts on KVM_SET_LAPIC") Cc: stable(a)vger.kernel.org Suggested-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: Haitao Shan <hshan(a)google.com> Link: https://lore.kernel.org/r/20230913000215.478387-1-hshan@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> Signed-off-by: David Hunter <david.hunter.linux(a)gmail.com> --- arch/x86/kvm/vmx/vmx.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 87abf4eebf8a..4040075bbd5a 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -8203,6 +8203,7 @@ static struct kvm_x86_ops vmx_x86_ops __initdata = { .load_eoi_exitmap = vmx_load_eoi_exitmap, .apicv_pre_state_restore = vmx_apicv_pre_state_restore, .check_apicv_inhibit_reasons = vmx_check_apicv_inhibit_reasons, + .required_apicv_inhibits = VMX_REQUIRED_APICV_INHIBITS, .hwapic_irr_update = vmx_hwapic_irr_update, .hwapic_isr_update = vmx_hwapic_isr_update, .guest_apic_has_interrupt = vmx_guest_apic_has_interrupt, -- 2.43.0

1 year, 4 months

1
1
0 0

[PATCH v2 2/7] media: sun4i_csi: Implement link validate for sun4i_csi subdev

by Laurent Pinchart

The sun4i_csi driver doesn't implement link validation for the subdev it registers, leaving the link between the subdev and its source unvalidated. Fix it, using the v4l2_subdev_link_validate() helper. Fixes: 577bbf23b758 ("media: sunxi: Add A10 CSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Acked-by: Chen-Yu Tsai <wens(a)csie.org> --- drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c index 097a3a08ef7d..dbb26c7b2f8d 100644 --- a/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c +++ b/drivers/media/platform/sunxi/sun4i-csi/sun4i_csi.c @@ -39,6 +39,10 @@ static const struct media_entity_operations sun4i_csi_video_entity_ops = { .link_validate = v4l2_subdev_link_validate, }; +static const struct media_entity_operations sun4i_csi_subdev_entity_ops = { + .link_validate = v4l2_subdev_link_validate, +}; + static int sun4i_csi_notify_bound(struct v4l2_async_notifier *notifier, struct v4l2_subdev *subdev, struct v4l2_async_connection *asd) @@ -214,6 +218,7 @@ static int sun4i_csi_probe(struct platform_device *pdev) subdev->internal_ops = &sun4i_csi_subdev_internal_ops; subdev->flags = V4L2_SUBDEV_FL_HAS_DEVNODE | V4L2_SUBDEV_FL_HAS_EVENTS; subdev->entity.function = MEDIA_ENT_F_VID_IF_BRIDGE; + subdev->entity.ops = &sun4i_csi_subdev_entity_ops; subdev->owner = THIS_MODULE; snprintf(subdev->name, sizeof(subdev->name), "sun4i-csi-0"); v4l2_set_subdevdata(subdev, csi); -- Regards, Laurent Pinchart

1 year, 4 months

1
0
0 0

[PATCH V3] video/aperture: optionally match the device in sysfb_disable()

by Alex Deucher

In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not. v2: Fix build when CONFIG_SCREEN_INFO is not set v3: Move device check into the mutex Drop primary variable in aperture_remove_conflicting_pci_devices() Drop __init on pci sysfb_pci_dev_is_enabled() Fixes: 5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device") Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/firmware/sysfb.c | 19 +++++++++++++------ drivers/of/platform.c | 2 +- drivers/video/aperture.c | 11 +++-------- include/linux/sysfb.h | 4 ++-- 4 files changed, 19 insertions(+), 17 deletions(-) diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c index 880ffcb50088..ac4680dc463f 100644 --- a/drivers/firmware/sysfb.c +++ b/drivers/firmware/sysfb.c @@ -39,6 +39,8 @@ static struct platform_device *pd; static DEFINE_MUTEX(disable_lock); static bool disabled; +static struct device *sysfb_parent_dev(const struct screen_info *si); + static bool sysfb_unregister(void) { if (IS_ERR_OR_NULL(pd)) @@ -52,6 +54,7 @@ static bool sysfb_unregister(void) /** * sysfb_disable() - disable the Generic System Framebuffers support + * @dev: the device to check if non-NULL * * This disables the registration of system framebuffer devices that match the * generic drivers that make use of the system framebuffer set up by firmware. @@ -61,17 +64,21 @@ static bool sysfb_unregister(void) * Context: The function can sleep. A @disable_lock mutex is acquired to serialize * against sysfb_init(), that registers a system framebuffer device. */ -void sysfb_disable(void) +void sysfb_disable(struct device *dev) { + struct screen_info *si = &screen_info; + mutex_lock(&disable_lock); - sysfb_unregister(); - disabled = true; + if (!dev || dev == sysfb_parent_dev(si)) { + sysfb_unregister(); + disabled = true; + } mutex_unlock(&disable_lock); } EXPORT_SYMBOL_GPL(sysfb_disable); #if defined(CONFIG_PCI) -static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) +static bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) { /* * TODO: Try to integrate this code into the PCI subsystem @@ -87,13 +94,13 @@ static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) return true; } #else -static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) +static bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) { return false; } #endif -static __init struct device *sysfb_parent_dev(const struct screen_info *si) +static struct device *sysfb_parent_dev(const struct screen_info *si) { struct pci_dev *pdev; diff --git a/drivers/of/platform.c b/drivers/of/platform.c index 389d4ea6bfc1..ef622d41eb5b 100644 --- a/drivers/of/platform.c +++ b/drivers/of/platform.c @@ -592,7 +592,7 @@ static int __init of_platform_default_populate_init(void) * This can happen for example on DT systems that do EFI * booting and may provide a GOP handle to the EFI stub. */ - sysfb_disable(); + sysfb_disable(NULL); of_platform_device_create(node, NULL, NULL); of_node_put(node); } diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c index 561be8feca96..2b5a1e666e9b 100644 --- a/drivers/video/aperture.c +++ b/drivers/video/aperture.c @@ -293,7 +293,7 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si * ask for this, so let's assume that a real driver for the display * was already probed and prevent sysfb to register devices later. */ - sysfb_disable(); + sysfb_disable(NULL); aperture_detach_devices(base, size); @@ -346,15 +346,10 @@ EXPORT_SYMBOL(__aperture_remove_legacy_vga_devices); */ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *name) { - bool primary = false; resource_size_t base, size; int bar, ret = 0; - if (pdev == vga_default_device()) - primary = true; - - if (primary) - sysfb_disable(); + sysfb_disable(&pdev->dev); for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { if (!(pci_resource_flags(pdev, bar) & IORESOURCE_MEM)) @@ -370,7 +365,7 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na * that consumes the VGA framebuffer I/O range. Remove this * device as well. */ - if (primary) + if (pdev == vga_default_device()) ret = __aperture_remove_legacy_vga_devices(pdev); return ret; diff --git a/include/linux/sysfb.h b/include/linux/sysfb.h index c9cb657dad08..bef5f06a91de 100644 --- a/include/linux/sysfb.h +++ b/include/linux/sysfb.h @@ -58,11 +58,11 @@ struct efifb_dmi_info { #ifdef CONFIG_SYSFB -void sysfb_disable(void); +void sysfb_disable(struct device *dev); #else /* CONFIG_SYSFB */ -static inline void sysfb_disable(void) +static inline void sysfb_disable(struct device *dev) { } -- 2.46.0

1 year, 4 months

3
3
0 0

[PATCH] usb: cdnsp: fix for Link TRB with TC

by Pawel Laszczak

Stop Endpoint command on LINK TRB with TC bit set to 1 causes that internal cycle bit can have incorrect state after command complete. In consequence empty transfer ring can be incorrectly detected when EP is resumed. NOP TRB before LINK TRB avoid such scenario. Stop Endpoint command is then on NOP TRB and internal cycle bit is not changed and have correct value. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index e1b5801fdddf..9a5577a772af 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -811,6 +811,7 @@ struct cdnsp_stream_info { * generate Missed Service Error Event. * Set skip flag when receive a Missed Service Error Event and * process the missed tds on the endpoint ring. + * @wa1_nop_trb: hold pointer to NOP trb. */ struct cdnsp_ep { struct usb_ep endpoint; @@ -838,6 +839,8 @@ struct cdnsp_ep { #define EP_UNCONFIGURED BIT(7) bool skip; + union cdnsp_trb *wa1_nop_trb; + }; /** diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 275a6a2fa671..75724e60653c 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -1904,6 +1904,23 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) if (ret) return ret; + /* + * workaround 1: STOP EP command on LINK TRB with TC bit set to 1 + * causes that internal cycle bit can have incorrect state after + * command complete. In consequence empty transfer ring can be + * incorrectly detected when EP is resumed. + * NOP TRB before LINK TRB avoid such scenario. STOP EP command is + * then on NOP TRB and internal cycle bit is not changed and have + * correct value. + */ + if (pep->wa1_nop_trb) { + field = le32_to_cpu(pep->wa1_nop_trb->trans_event.flags); + field ^= TRB_CYCLE; + + pep->wa1_nop_trb->trans_event.flags = cpu_to_le32(field); + pep->wa1_nop_trb = NULL; + } + /* * Don't give the first TRB to the hardware (by toggling the cycle bit) * until we've finished creating all the other TRBs. The ring's cycle @@ -1999,6 +2016,17 @@ int cdnsp_queue_bulk_tx(struct cdnsp_device *pdev, struct cdnsp_request *preq) send_addr = addr; } + if (cdnsp_trb_is_link(ring->enqueue + 1)) { + field = TRB_TYPE(TRB_TR_NOOP) | TRB_IOC; + if (!ring->cycle_state) + field |= TRB_CYCLE; + + pep->wa1_nop_trb = ring->enqueue; + + cdnsp_queue_trb(pdev, ring, 0, 0x0, 0x0, + TRB_INTR_TARGET(0), field); + } + cdnsp_check_trb_math(preq, enqd_len); ret = cdnsp_giveback_first_trb(pdev, pep, preq->request.stream_id, start_cycle, start_trb); -- 2.43.0

1 year, 4 months

2
3
0 0

[PATCH net v3] net: ngbe: Fix phy mode set to external phy

by Mengyuan Lou

The MAC only has add the TX delay and it can not be modified. MAC and PHY are both set the TX delay cause transmission problems. So just disable TX delay in PHY, when use rgmii to attach to external phy, set PHY_INTERFACE_MODE_RGMII_RXID to phy drivers. And it is does not matter to internal phy. Fixes: bc2426d74aa3 ("net: ngbe: convert phylib to phylink") Signed-off-by: Mengyuan Lou <mengyuanlou(a)net-swift.com> Cc: stable(a)vger.kernel.org # 6.3+ --- v3: -Rebase the fix commit for net. v2: -Add a comment for the code modification. -Add the problem in commit messages. https://lore.kernel.org/netdev/E9C427FDDCF0CBC3+20240812103025.42417-1-meng… v1: https://lore.kernel.org/netdev/C1587837D62D1BC0+20240806082520.29193-1-meng… drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c index ec54b18c5fe7..a5e9b779c44d 100644 --- a/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c +++ b/drivers/net/ethernet/wangxun/ngbe/ngbe_mdio.c @@ -124,8 +124,12 @@ static int ngbe_phylink_init(struct wx *wx) MAC_SYM_PAUSE | MAC_ASYM_PAUSE; config->mac_managed_pm = true; - phy_mode = PHY_INTERFACE_MODE_RGMII_ID; - __set_bit(PHY_INTERFACE_MODE_RGMII_ID, config->supported_interfaces); + /* The MAC only has add the Tx delay and it can not be modified. + * So just disable TX delay in PHY, and it is does not matter to + * internal phy. + */ + phy_mode = PHY_INTERFACE_MODE_RGMII_RXID; + __set_bit(PHY_INTERFACE_MODE_RGMII_RXID, config->supported_interfaces); phylink = phylink_create(config, NULL, phy_mode, &ngbe_mac_ops); if (IS_ERR(phylink)) -- 2.43.2

1 year, 4 months

3
2
0 0

[PATCH 01/12] KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3

by Marc Zyngier

On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the shape of a UNDEF exception. Reported-by: Alexander Potapenko <glider(a)google.com> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/kvm/sys_regs.c | 6 ++++++ arch/arm64/kvm/vgic/vgic.h | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/arch/arm64/kvm/sys_regs.c b/arch/arm64/kvm/sys_regs.c index c90324060436..31e49da867ff 100644 --- a/arch/arm64/kvm/sys_regs.c +++ b/arch/arm64/kvm/sys_regs.c @@ -33,6 +33,7 @@ #include <trace/events/kvm.h> #include "sys_regs.h" +#include "vgic/vgic.h" #include "trace.h" @@ -435,6 +436,11 @@ static bool access_gic_sgi(struct kvm_vcpu *vcpu, { bool g1; + if (!kvm_has_gicv3(vcpu->kvm)) { + kvm_inject_undefined(vcpu); + return false; + } + if (!p->is_write) return read_from_write_only(vcpu, p, r); diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h index ba8f790431bd..8532bfe3fed4 100644 --- a/arch/arm64/kvm/vgic/vgic.h +++ b/arch/arm64/kvm/vgic/vgic.h @@ -346,4 +346,11 @@ void vgic_v4_configure_vsgis(struct kvm *kvm); void vgic_v4_get_vlpi_state(struct vgic_irq *irq, bool *val); int vgic_v4_request_vpe_irq(struct kvm_vcpu *vcpu, int irq); +static inline bool kvm_has_gicv3(struct kvm *kvm) +{ + return (static_branch_unlikely(&kvm_vgic_global_state.gicv3_cpuif) && + irqchip_in_kernel(kvm) && + kvm->arch.vgic.vgic_model == KVM_DEV_TYPE_ARM_VGIC_V3); +} + #endif -- 2.39.2

1 year, 4 months

2
4
0 0

[PATCH] firmware_loader: Block path traversal

by Jann Horn

Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace; the ones I could find (not counting interfaces that require root privileges) are: - lpfc_sli4_request_firmware_update() seems to construct the firmware filename from "ModelName", a string that was previously parsed out of some descriptor ("Vital Product Data") in lpfc_fill_vpd() - nfp_net_fw_find() seems to construct a firmware filename from a model name coming from nfp_hwinfo_lookup(pf->hwinfo, "nffw.partno"), which I think parses some descriptor that was read from the device. (But this case likely isn't exploitable because the format string looks like "netronome/nic_%s", and there shouldn't be any *folders* starting with "netronome/nic_". The previous case was different because there, the "%s" is *at the start* of the format string.) - module_flash_fw_schedule() is reachable from the ETHTOOL_MSG_MODULE_FW_FLASH_ACT netlink command, which is marked as GENL_UNS_ADMIN_PERM (meaning CAP_NET_ADMIN inside a user namespace is enough to pass the privilege check), and takes a userspace-provided firmware name. (But I think to reach this case, you need to have CAP_NET_ADMIN over a network namespace that a special kind of ethernet device is mapped into, so I think this is not a viable attack path in practice.) For what it's worth, I went looking and haven't found any USB device drivers that use the firmware loader dangerously. Cc: stable(a)vger.kernel.org Fixes: abb139e75c2c ("firmware: teach the kernel to load firmware files directly from the filesystem") Signed-off-by: Jann Horn <jannh(a)google.com> --- I wasn't sure whether to mark this one for stable or not - but I think since there seems to be at least one PCI device model which could trigger firmware loading with directory traversal, we should probably backport the fix? --- drivers/base/firmware_loader/main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/base/firmware_loader/main.c b/drivers/base/firmware_loader/main.c index a03ee4b11134..a32be64f3bf5 100644 --- a/drivers/base/firmware_loader/main.c +++ b/drivers/base/firmware_loader/main.c @@ -864,7 +864,15 @@ _request_firmware(const struct firmware **firmware_p, const char *name, if (!firmware_p) return -EINVAL; - if (!name || name[0] == '\0') { + /* + * Reject firmware file names with "/../" sequences in them. + * There are drivers that construct firmware file names from + * device-supplied strings, and we don't want some device to be able + * to tell us "I would like to be sent my firmware from + * ../../../etc/shadow, please". + */ + if (!name || name[0] == '\0' || + strstr(name, "/../") != NULL || strncmp(name, "../", 3) == 0) { ret = -EINVAL; goto out; } --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240820-firmware-traversal-6df8501b0fe4 -- Jann Horn <jannh(a)google.com>

1 year, 4 months

4
7
0 0

Patch "drm/amd/display: Don't register panel_power_savings on OLED panels"

by Gergo Koteles

Hi Greg, I think commit 76cb763e6ea62e838ccc8f7a1ea4246d690fccc9 should be applied to 6.10 kernel to disable Adaptive Backlight Management for OLED displays. Thanks, Gergo Koteles

1 year, 4 months

2
1
0 0

[PATCH 5.15.y 00/18] Backport "make svc_stat per-net instead of global"

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> Following up on https://lore.kernel.org/linux-nfs/d4b235df-4ee5-4824-9d48-e3b3c1f1f4d1@orac… Here is a backport series targeting origin/linux-5.15.y that closes the information leak described in the above thread. Review comments welcome. Chuck Lever (6): NFSD: Refactor nfsd_reply_cache_free_locked() NFSD: Rename nfsd_reply_cache_alloc() NFSD: Replace nfsd_prune_bucket() NFSD: Refactor the duplicate reply cache shrinker NFSD: Rewrite synopsis of nfsd_percpu_counters_init() NFSD: Fix frame size warning in svc_export_parse() Jeff Layton (2): nfsd: move reply cache initialization into nfsd startup nfsd: move init of percpu reply_cache_stats counters back to nfsd_init_net Josef Bacik (10): sunrpc: don't change ->sv_stats if it doesn't exist nfsd: stop setting ->pg_stats for unused stats sunrpc: pass in the sv_stats struct through svc_create_pooled sunrpc: remove ->pg_stats from svc_program sunrpc: use the struct net as the svc proc private nfsd: rename NFSD_NET_* to NFSD_STATS_* nfsd: expose /proc/net/sunrpc/nfsd in net namespaces nfsd: make all of the nfsd stats per-network namespace nfsd: remove nfsd_stats, make th_cnt a global counter nfsd: make svc_stat per-network namespace instead of global fs/lockd/svc.c | 3 - fs/nfs/callback.c | 3 - fs/nfsd/export.c | 32 ++++-- fs/nfsd/export.h | 4 +- fs/nfsd/netns.h | 25 ++++- fs/nfsd/nfs4proc.c | 6 +- fs/nfsd/nfscache.c | 202 ++++++++++++++++++++++--------------- fs/nfsd/nfsctl.c | 24 ++--- fs/nfsd/nfsd.h | 1 + fs/nfsd/nfsfh.c | 3 +- fs/nfsd/nfssvc.c | 24 +++-- fs/nfsd/stats.c | 52 ++++------ fs/nfsd/stats.h | 83 ++++++--------- fs/nfsd/trace.h | 22 ++++ fs/nfsd/vfs.c | 6 +- include/linux/sunrpc/svc.h | 5 +- net/sunrpc/stats.c | 2 +- net/sunrpc/svc.c | 36 ++++--- 18 files changed, 302 insertions(+), 231 deletions(-) -- 2.45.2

1 year, 4 months

2
19
0 0

[PATCH 6.6.y] stm32mp15: WARNING after poweroff command

by Christoph Niedermaier

Hi stable team, I would suggest to apply the patch 470a66268856 ("i2c: stm32f7: Add atomic_xfer method to driver") from 6.7-rc1 to the stable Kernel 6.6.y. Here is why: After the commit 6e9df38f359a ("mfd: stpmic1: Add PMIC poweroff via sys-off handler") from 6.5-rc1 the following WARNING appears after calling the poweroff command: [ 791.813369] systemd-shutdown[1]: Syncing filesystems and block devices. [ 792.865580] systemd-shutdown[1]: Sending SIGTERM to remaining processes... [ 792.921103] systemd-journald[101]: Received SIGTERM from PID 1 (systemd-shutdow). [ 792.936515] systemd-shutdown[1]: Sending SIGKILL to remaining processes... [ 792.968715] systemd-shutdown[1]: Unmounting file systems. [ 792.979332] (sd-remount)[315]: Remounting '/' read-only with options ''. [ 793.219266] EXT4-fs (mmcblk2p4): re-mounted f7da42a1-2eed-4d39-a31e-e0ffadb97b28 ro. Quota mode: disabled. [ 793.238398] systemd-shutdown[1]: All filesystems unmounted. [ 793.242736] systemd-shutdown[1]: Deactivating swaps. [ 793.248004] systemd-shutdown[1]: All swaps deactivated. [ 793.252937] systemd-shutdown[1]: Detaching loop devices. [ 793.272548] systemd-shutdown[1]: All loop devices detached. [ 793.276918] systemd-shutdown[1]: Stopping MD devices. [ 793.282790] systemd-shutdown[1]: All MD devices stopped. [ 793.287128] systemd-shutdown[1]: Detaching DM devices. [ 793.292995] systemd-shutdown[1]: All DM devices detached. [ 793.297731] systemd-shutdown[1]: All filesystems, swaps, loop devices, MD devices and DM devices detached. [ 793.320636] systemd-shutdown[1]: Syncing filesystems and block devices. [ 793.326078] systemd-shutdown[1]: Powering off. [ 793.348421] reboot: Power down [ 793.350129] ------------[ cut here ]------------ [ 793.354691] WARNING: CPU: 0 PID: 1 at drivers/i2c/i2c-core.h:42 i2c_transfer+0x5d/0x7c [ 793.362617] No atomic I2C transfer handler for 'i2c-2' [ 793.367780] Modules linked in: [ 793.370838] CPU: 0 PID: 1 Comm: systemd-shutdow Not tainted 6.6.41-lardisbox2-00053-g41e0b7f0166f #12 [ 793.380047] Hardware name: STM32 (Device Tree Support) [ 793.385122] unwind_backtrace from show_stack+0xb/0xc [ 793.390215] show_stack from dump_stack_lvl+0x2b/0x34 [ 793.395202] dump_stack_lvl from __warn+0x5d/0xc4 [ 793.399993] __warn from warn_slowpath_fmt+0x55/0xa8 [ 793.404887] warn_slowpath_fmt from i2c_transfer+0x5d/0x7c [ 793.410387] i2c_transfer from regmap_i2c_read+0x41/0x6c [ 793.415681] regmap_i2c_read from _regmap_raw_read+0x87/0xe8 [ 793.421378] _regmap_raw_read from _regmap_bus_read+0x21/0x38 [ 793.427079] _regmap_bus_read from _regmap_read+0x55/0x9c [ 793.432477] _regmap_read from _regmap_update_bits+0x71/0xa4 [ 793.438175] _regmap_update_bits from regmap_update_bits_base+0x2f/0x42 [ 793.444784] regmap_update_bits_base from stpmic1_power_off+0x19/0x20 [ 793.451188] stpmic1_power_off from sys_off_notify+0x1b/0x38 [ 793.456880] sys_off_notify from notifier_call_chain+0x57/0x78 [ 793.462668] notifier_call_chain from atomic_notifier_call_chain+0x11/0x16 [ 793.469562] atomic_notifier_call_chain from do_kernel_power_off+0x21/0x38 [ 793.476461] do_kernel_power_off from __do_sys_reboot+0xdf/0x150 [ 793.482456] __do_sys_reboot from ret_fast_syscall+0x1/0x5c [ 793.488042] Exception stack(0xf0815fa8 to 0xf0815ff0) [ 793.493017] 5fa0: 00000000 00000000 fee1dead 28121969 4321fedc 00000000 [ 793.501218] 5fc0: 00000000 00000000 00000000 00000058 0001884c 00000003 00000000 00018140 [ 793.509414] 5fe0: 00000058 bee18c34 b6c20cdd b6b995a6 [ 793.514478] ---[ end trace 000000000000000 This can be eliminated by backporting the above mentioned patch. I tested it with a DHCOM stm32mp157c on a PDK2 board. Thanks and regards Christoph

1 year, 4 months

2
1
0 0

Re: Patch "gtp: pull network headers in gtp_dev_xmit()" has been added to the 6.10-stable tree

by Pablo Neira Ayuso

Hi Sasha, Greg, Could you cherry-pick this patch for other -stable kernels? I confirm this applies up to >= 4.19-stable since it already includes pskb_inet_may_pull(). Thanks. On Mon, Aug 19, 2024 at 10:20:22AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > gtp: pull network headers in gtp_dev_xmit() > > to the 6.10-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > gtp-pull-network-headers-in-gtp_dev_xmit.patch > and it can be found in the queue-6.10 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 70c490935879f95a7d81403d107e7aa9a0bd7b31 > Author: Eric Dumazet <edumazet(a)google.com> > Date: Thu Aug 8 13:24:55 2024 +0000 > > gtp: pull network headers in gtp_dev_xmit() > > [ Upstream commit 3a3be7ff9224f424e485287b54be00d2c6bd9c40 ] > > syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] > > We must make sure the IPv4 or Ipv6 header is pulled in skb->head > before accessing fields in them. > > Use pskb_inet_may_pull() to fix this issue. > > [1] > BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] > BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > ipv6_pdp_find drivers/net/gtp.c:220 [inline] > gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] > gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281 > __netdev_start_xmit include/linux/netdevice.h:4913 [inline] > netdev_start_xmit include/linux/netdevice.h:4922 [inline] > xmit_one net/core/dev.c:3580 [inline] > dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596 > __dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423 > dev_queue_xmit include/linux/netdevice.h:3105 [inline] > packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 > packet_snd net/packet/af_packet.c:3145 [inline] > packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > Uninit was created at: > slab_post_alloc_hook mm/slub.c:3994 [inline] > slab_alloc_node mm/slub.c:4037 [inline] > kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080 > kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583 > __alloc_skb+0x363/0x7b0 net/core/skbuff.c:674 > alloc_skb include/linux/skbuff.h:1320 [inline] > alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526 > sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815 > packet_alloc_skb net/packet/af_packet.c:2994 [inline] > packet_snd net/packet/af_packet.c:3088 [inline] > packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177 > sock_sendmsg_nosec net/socket.c:730 [inline] > __sock_sendmsg+0x30f/0x380 net/socket.c:745 > __sys_sendto+0x685/0x830 net/socket.c:2204 > __do_sys_sendto net/socket.c:2216 [inline] > __se_sys_sendto net/socket.c:2212 [inline] > __x64_sys_sendto+0x125/0x1d0 net/socket.c:2212 > x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45 > do_syscall_x64 arch/x86/entry/common.c:52 [inline] > do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 > entry_SYSCALL_64_after_hwframe+0x77/0x7f > > CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 > > Fixes: 999cb275c807 ("gtp: add IPv6 support") > Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)") > Signed-off-by: Eric Dumazet <edumazet(a)google.com> > Cc: Harald Welte <laforge(a)gnumonks.org> > Reviewed-by: Pablo Neira Ayuso <pablo(a)netfilter.org> > Link: https://patch.msgid.link/20240808132455.3413916-1-edumazet@google.com > Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c > index 427b91aca50d3..0696faf60013e 100644 > --- a/drivers/net/gtp.c > +++ b/drivers/net/gtp.c > @@ -1269,6 +1269,9 @@ static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev) > if (skb_cow_head(skb, dev->needed_headroom)) > goto tx_err; > > + if (!pskb_inet_may_pull(skb)) > + goto tx_err; > + > skb_reset_inner_headers(skb); > > /* PDP context lookups in gtp_build_skb_*() need rcu read-side lock. */

1 year, 4 months

2
1
0 0

+ padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: padata: honor the caller's alignment in case of chunk_size 0 has been added to the -mm mm-hotfixes-unstable branch. Its filename is padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kamlesh Gurudasani <kamlesh(a)ti.com> Subject: padata: honor the caller's alignment in case of chunk_size 0 Date: Thu, 22 Aug 2024 02:32:52 +0530 In the case where we are forcing the ps.chunk_size to be at least 1, we are ignoring the caller's alignment. Move the forcing of ps.chunk_size to be at least 1 before rounding it up to caller's alignment, so that caller's alignment is honored. While at it, use max() to force the ps.chunk_size to be at least 1 to improve readability. Link: https://lkml.kernel.org/r/20240822-max-v1-1-cb4bc5b1c101@ti.com Fixes: 6d45e1c948a8 ("padata: Fix possible divide-by-0 panic in padata_mt_helper()") Signed-off-by: Kamlesh Gurudasani <kamlesh(a)ti.com> Cc: Daniel Jordan <daniel.m.jordan(a)oracle.com> Cc: Herbert Xu <herbert(a)gondor.apana.org.au> Cc: Steffen Klassert <steffen.klassert(a)secunet.com> Cc: Waiman Long <longman(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/padata.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/kernel/padata.c~padata-honor-the-callers-alignment-in-case-of-chunk_size-0 +++ a/kernel/padata.c @@ -509,21 +509,17 @@ void __init padata_do_multithreaded(stru /* * Chunk size is the amount of work a helper does per call to the - * thread function. Load balance large jobs between threads by + * thread function. Load balance large jobs between threads by * increasing the number of chunks, guarantee at least the minimum * chunk size from the caller, and honor the caller's alignment. + * Ensure chunk_size is at least 1 to prevent divide-by-0 + * panic in padata_mt_helper(). */ ps.chunk_size = job->size / (ps.nworks * load_balance_factor); ps.chunk_size = max(ps.chunk_size, job->min_chunk); + ps.chunk_size = max(ps.chunk_size, 1ul); ps.chunk_size = roundup(ps.chunk_size, job->align); - /* - * chunk_size can be 0 if the caller sets min_chunk to 0. So force it - * to at least 1 to prevent divide-by-0 panic in padata_mt_helper().` - */ - if (!ps.chunk_size) - ps.chunk_size = 1U; - list_for_each_entry(pw, &works, pw_list) if (job->numa_aware) { int old_node = atomic_read(&last_used_nid); _ Patches currently in -mm which might be from kamlesh(a)ti.com are padata-honor-the-callers-alignment-in-case-of-chunk_size-0.patch

1 year, 4 months

1
0
0 0

+ revert-mm-skip-cma-pages-when-they-are-not-available.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "mm: skip CMA pages when they are not available" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-mm-skip-cma-pages-when-they-are-not-available.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Usama Arif <usamaarif642(a)gmail.com> Subject: Revert "mm: skip CMA pages when they are not available" Date: Wed, 21 Aug 2024 20:26:07 +0100 This reverts commit 5da226dbfce3a2f44978c2c7cf88166e69a6788b. lruvec->lru_lock is highly contended and is held when calling isolate_lru_folios. If the lru has a large number of CMA folios consecutively, while the allocation type requested is not MIGRATE_MOVABLE, isolate_lru_folios can hold the lock for a very long time while it skips those. For FIO workload, ~150million order=0 folios were skipped to isolate a few ZONE_DMA folios [1]. This can cause lockups [1] and high memory pressure for extended periods of time [2]. [1] https://lore.kernel.org/all/CAOUHufbkhMZYz20aM_3rHZ3OcK4m2puji2FGpUpn_-DevG… [2] https://lore.kernel.org/all/ZrssOrcJIDy8hacI@gmail.com/ Link: https://lkml.kernel.org/r/9060a32d-b2d7-48c0-8626-1db535653c54@gmail.com Fixes: 5da226dbfce3 ("mm: skip CMA pages when they are not available") Signed-off-by: Usama Arif <usamaarif642(a)gmail.com> Cc: Bharata B Rao <bharata(a)amd.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Rik van Riel <riel(a)surriel.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Yu Zhao <yuzhao(a)google.com> Cc: Zhaoyang Huang <huangzhaoyang(a)gmail.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) --- a/mm/vmscan.c~revert-mm-skip-cma-pages-when-they-are-not-available +++ a/mm/vmscan.c @@ -1604,25 +1604,6 @@ static __always_inline void update_lru_s } -#ifdef CONFIG_CMA -/* - * It is waste of effort to scan and reclaim CMA pages if it is not available - * for current allocation context. Kswapd can not be enrolled as it can not - * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL - */ -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return !current_is_kswapd() && - gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && - folio_migratetype(folio) == MIGRATE_CMA; -} -#else -static bool skip_cma(struct folio *folio, struct scan_control *sc) -{ - return false; -} -#endif - /* * Isolating page from the lruvec to fill in @dst list by nr_to_scan times. * @@ -1669,8 +1650,7 @@ static unsigned long isolate_lru_folios( nr_pages = folio_nr_pages(folio); total_scan += nr_pages; - if (folio_zonenum(folio) > sc->reclaim_idx || - skip_cma(folio, sc)) { + if (folio_zonenum(folio) > sc->reclaim_idx) { nr_skipped[folio_zonenum(folio)] += nr_pages; move_to = &folios_skipped; goto move; @@ -4273,6 +4253,25 @@ void lru_gen_soft_reclaim(struct mem_cgr #endif /* CONFIG_MEMCG */ +#ifdef CONFIG_CMA +/* + * It is waste of effort to scan and reclaim CMA pages if it is not available + * for current allocation context. Kswapd can not be enrolled as it can not + * distinguish this scenario by using sc->gfp_mask = GFP_KERNEL + */ +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return !current_is_kswapd() && + gfp_migratetype(sc->gfp_mask) != MIGRATE_MOVABLE && + folio_migratetype(folio) == MIGRATE_CMA; +} +#else +static bool skip_cma(struct folio *folio, struct scan_control *sc) +{ + return false; +} +#endif + /****************************************************************************** * the eviction ******************************************************************************/ _ Patches currently in -mm which might be from usamaarif642(a)gmail.com are revert-mm-skip-cma-pages-when-they-are-not-available.patch

1 year, 4 months

1
0
0 0

RE: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit

by Li, Roman

[Public] Thank you, Jiri, for your feedback. I've dropped this patch from DC v.3.2.297. We will follow-up on this separately and merge it after you do confirm the issue you reported is fixed. Thanks, Roman > -----Original Message----- > From: Jiri Slaby <jirislaby(a)kernel.org> > Sent: Monday, August 19, 2024 4:37 AM > To: Li, Roman <Roman.Li(a)amd.com>; amd-gfx(a)lists.freedesktop.org > Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Lin, Wayne > <Wayne.Lin(a)amd.com>; Gutierrez, Agustin <Agustin.Gutierrez(a)amd.com>; > Chung, ChiaHsuan (Tom) <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry > <Jerry.Zuo(a)amd.com>; Mohamed, Zaeem <Zaeem.Mohamed(a)amd.com> > Subject: Re: RE: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > > On 16. 08. 24, 21:30, Li, Roman wrote: > > [Public] > > > > Wiil update commit message as: > > > > ------------- > > drm/amd/display: Fix MST DSC lightup > > > > [Why] > > Secondary monitor does not come up due to MST DSC bw calculation > regression. > > This patch is only related to this. It does not fix that issue on its own at all. > > > [How] > > Fix bug in try_disable_dsc() > > This update is worse than the original, IMO. > > Could you write saner commit logs in the whole amdgpu overall? > > If you insist on those [why] and [how] parts, something like: > """ > [Why] > The linked commit below misreverted one hunk in try_disable_dsc(). > > [How] > Fix that by using proper (original) 'max_kbps' instead of bogus 'stream_kbps'. > "" > > > Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > > Regression") > > > > Cc: mario.limonciello(a)amd.com > > Cc: alexander.deucher(a)amd.com > > Cc: stable(a)vger.kernel.org > > Reported-by: jirislaby(a)kernel.org > > Care to fix up your machinery so that listed people are really CCed? I received a > copy of neither the original (4b6564cb120c), nor this one. > > Nor any mentions in the linked #3495 at all. > > I would have told you that 4b6564cb120c is bogus. Immediately when it hit > me as it differs from our (SUSE) in-tree revert in exactly this hunk. If I have > known about this in the first place... > > And you would have received a Tested-by if it had worked. > > Given all the above, amdgpu workflow appears to be very ill. Please fix it. > > > Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3495 > > Closes: https://bugzilla.suse.com/show_bug.cgi?id=1228093 > > Reviewed-by: Roman Li <roman.li(a)amd.com> > > Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > > Signed-off-by: Roman Li <roman.li(a)amd.com> > > Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> > > > > > >> -----Original Message----- > >> From: Roman.Li(a)amd.com <Roman.Li(a)amd.com> > >> Sent: Thursday, August 15, 2024 6:45 PM > >> To: amd-gfx(a)lists.freedesktop.org > >> Cc: Wentland, Harry <Harry.Wentland(a)amd.com>; Li, Sun peng (Leo) > >> <Sunpeng.Li(a)amd.com>; Siqueira, Rodrigo <Rodrigo.Siqueira(a)amd.com>; > >> Pillai, Aurabindo <Aurabindo.Pillai(a)amd.com>; Li, Roman > >> <Roman.Li(a)amd.com>; Lin, Wayne <Wayne.Lin(a)amd.com>; Gutierrez, > >> Agustin <Agustin.Gutierrez(a)amd.com>; Chung, ChiaHsuan (Tom) > >> <ChiaHsuan.Chung(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com>; > Mohamed, > >> Zaeem <Zaeem.Mohamed(a)amd.com>; Zuo, Jerry <Jerry.Zuo(a)amd.com> > >> Subject: [PATCH 12/13] drm/amd/display: Fix a typo in revert commit > >> > >> From: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> > >> A typo is fixed for "drm/amd/display: Fix MST BW calculation Regression" > >> > >> Fixes: 4b6564cb120c ("drm/amd/display: Fix MST BW calculation > >> Regression") > >> > >> Reviewed-by: Roman Li <roman.li(a)amd.com> > >> Signed-off-by: Fangzhi Zuo <Jerry.Zuo(a)amd.com> > >> Signed-off-by: Roman Li <roman.li(a)amd.com> > >> --- > >> drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | > 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git > >> a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> index 958fad0d5307..5e08ca700c3f 100644 > >> --- > a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> +++ > b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c > >> @@ -1066,7 +1066,7 @@ static int try_disable_dsc(struct > >> drm_atomic_state *state, > >> vars[next_index].dsc_enabled = false; > >> vars[next_index].bpp_x16 = 0; > >> } else { > >> - vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.stream_kbps, > >> fec_overhead_multiplier_x1000); > >> + vars[next_index].pbn = > >> kbps_to_peak_pbn(params[next_index].bw_range.max_kbps, > >> fec_overhead_multiplier_x1000); > >> ret = drm_dp_atomic_find_time_slots(state, > >> > >> params[next_index].port->mgr, > >> > >> params[next_index].port, > > > thanks, > -- > js > suse labs

1 year, 4 months

3
4
0 0

[PATCH] net: stmmac: Check NULL ptr on lvts_data in qcom_ethqos_probe()

by Ma Ke

of_device_get_match_data() can return NULL if of_match_device failed, and the pointer 'data' was dereferenced without checking against NULL. Add checking of pointer 'data' in qcom_ethqos_probe(). Cc: stable(a)vger.kernel.org Fixes: a7c30e62d4b8 ("net: stmmac: Add driver for Qualcomm ethqos") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c index 901a3c1959fa..f18393fe58a4 100644 --- a/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c +++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c @@ -838,6 +838,9 @@ static int qcom_ethqos_probe(struct platform_device *pdev) ethqos->mac_base = stmmac_res.addr; data = of_device_get_match_data(dev); + if (!data) + return -ENODEV; + ethqos->por = data->por; ethqos->num_por = data->num_por; ethqos->rgmii_config_loopback_en = data->rgmii_config_loopback_en; -- 2.25.1

1 year, 4 months

3
2
0 0

[PATCH] bpftool: check for NULL ptr of btf in codegen_subskel_datasecs

by Ma Ke

bpf_object__btf() can return NULL value. If bpf_object__btf returns null, do not progress through codegen_subskel_datasecs(). This avoids a null ptr dereference. Found by code review, complie tested only. Cc: stable(a)vger.kernel.org Fixes: 00389c58ffe9 ("bpftool: Add support for subskeletons") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- tools/bpf/bpftool/gen.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/bpf/bpftool/gen.c b/tools/bpf/bpftool/gen.c index 5a4d3240689e..7ce62f280310 100644 --- a/tools/bpf/bpftool/gen.c +++ b/tools/bpf/bpftool/gen.c @@ -334,6 +334,9 @@ static int codegen_subskel_datasecs(struct bpf_object *obj, const char *obj_name const char *sec_name, *var_name; __u32 var_type_id; + if (!btf) + return -EINVAL; + d = btf_dump__new(btf, codegen_btf_dump_printf, NULL, NULL); if (!d) return -errno; -- 2.25.1

1 year, 4 months

2
1
0 0

[PATCH v2] gfs2: fix double destroy_workqueue error

by Julian Sun

When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue again. This issue can be fixed by setting the work queue pointer to NULL after the first destroy_workqueue() call and checking for a NULL pointer before attempting to destroy the work queue again. Reported-by: syzbot+d34c2a269ed512c531b0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d34c2a269ed512c531b0 Fixes: 30e388d57367 ("gfs2: Switch to a per-filesystem glock workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/gfs2/glock.c | 1 + fs/gfs2/ops_fstype.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 32991cb22023..5838039d78e3 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -2273,6 +2273,7 @@ void gfs2_gl_hash_clear(struct gfs2_sbd *sdp) gfs2_free_dead_glocks(sdp); glock_hash_walk(dump_glock_func, sdp); destroy_workqueue(sdp->sd_glock_wq); + sdp->sd_glock_wq = NULL; } static const char *state2str(unsigned state) diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 0561edd6cc86..5c0e1b24d6ec 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1308,7 +1308,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) fail_delete_wq: destroy_workqueue(sdp->sd_delete_wq); fail_glock_wq: - destroy_workqueue(sdp->sd_glock_wq); + if (sdp->sd_glock_wq) + destroy_workqueue(sdp->sd_glock_wq); fail_free: free_sbd(sdp); sb->s_fs_info = NULL; -- 2.39.2

1 year, 4 months

2
1
0 0

KASAN: null-ptr-deref in bpf_core_calc_relo_insn

by Liu RuiTong

https://bugzilla.kernel.org/show_bug.cgi?id=219181#c0 Hello,I found a bug in the Linux kernel version 6.11.0-rc4 using syzkaller. The poc file is ``` //gcc poc.c -o poc --static #define _GNU_SOURCE #include <endian.h> #include <errno.h> #include <pthread.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/syscall.h> #include <sys/types.h> #include <time.h> #include <unistd.h> #include <linux/futex.h> #ifndef __NR_bpf #define __NR_bpf 321 #endif static void sleep_ms(uint64_t ms) { usleep(ms * 1000); } static uint64_t current_time_ms(void) { struct timespec ts; if (clock_gettime(CLOCK_MONOTONIC, &ts)) exit(1); return (uint64_t)ts.tv_sec * 1000 + (uint64_t)ts.tv_nsec / 1000000; } static void thread_start(void* (*fn)(void*), void* arg) { pthread_t th; pthread_attr_t attr; pthread_attr_init(&attr); pthread_attr_setstacksize(&attr, 128 << 10); int i = 0; for (; i < 100; i++) { if (pthread_create(&th, &attr, fn, arg) == 0) { pthread_attr_destroy(&attr); return; } if (errno == EAGAIN) { usleep(50); continue; } break; } exit(1); } #define BITMASK(bf_off,bf_len) (((1ull << (bf_len)) - 1) << (bf_off)) #define STORE_BY_BITMASK(type,htobe,addr,val,bf_off,bf_len) *(type*)(addr) = htobe((htobe(*(type*)(addr)) & ~BITMASK((bf_off), (bf_len))) | (((type)(val) << (bf_off)) & BITMASK((bf_off), (bf_len)))) typedef struct { int state; } event_t; static void event_init(event_t* ev) { ev->state = 0; } static void event_reset(event_t* ev) { ev->state = 0; } static void event_set(event_t* ev) { if (ev->state) exit(1); __atomic_store_n(&ev->state, 1, __ATOMIC_RELEASE); syscall(SYS_futex, &ev->state, FUTEX_WAKE | FUTEX_PRIVATE_FLAG, 1000000); } static void event_wait(event_t* ev) { while (!__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, 0); } static int event_isset(event_t* ev) { return __atomic_load_n(&ev->state, __ATOMIC_ACQUIRE); } static int event_timedwait(event_t* ev, uint64_t timeout) { uint64_t start = current_time_ms(); uint64_t now = start; for (;;) { uint64_t remain = timeout - (now - start); struct timespec ts; ts.tv_sec = remain / 1000; ts.tv_nsec = (remain % 1000) * 1000 * 1000; syscall(SYS_futex, &ev->state, FUTEX_WAIT | FUTEX_PRIVATE_FLAG, 0, &ts); if (__atomic_load_n(&ev->state, __ATOMIC_ACQUIRE)) return 1; now = current_time_ms(); if (now - start > timeout) return 0; } } struct thread_t { int created, call; event_t ready, done; }; static struct thread_t threads[16]; static void execute_call(int call); static int running; static void* thr(void* arg) { struct thread_t* th = (struct thread_t*)arg; for (;;) { event_wait(&th->ready); event_reset(&th->ready); execute_call(th->call); __atomic_fetch_sub(&running, 1, __ATOMIC_RELAXED); event_set(&th->done); } return 0; } static void loop(void) { if (write(1, "executing program\n", sizeof("executing program\n") - 1)) { } int i, call, thread; for (call = 0; call < 3; call++) { for (thread = 0; thread < (int)(sizeof(threads) / sizeof(threads[0])); thread++) { struct thread_t* th = &threads[thread]; if (!th->created) { th->created = 1; event_init(&th->ready); event_init(&th->done); event_set(&th->done); thread_start(thr, th); } if (!event_isset(&th->done)) continue; event_reset(&th->done); th->call = call; __atomic_fetch_add(&running, 1, __ATOMIC_RELAXED); event_set(&th->ready); if (call == 1) break; event_timedwait(&th->done, 50); break; } } for (i = 0; i < 100 && __atomic_load_n(&running, __ATOMIC_RELAXED); i++) sleep_ms(1); } uint64_t r[1] = {0xffffffffffffffff}; void execute_call(int call) { intptr_t res = 0; switch (call) { case 0: *(uint64_t*)0x20004e40 = 0x20004c80; *(uint16_t*)0x20004c80 = 0xeb9f; *(uint8_t*)0x20004c82 = 1; *(uint8_t*)0x20004c83 = 0; *(uint32_t*)0x20004c84 = 0x18; *(uint32_t*)0x20004c88 = 0; *(uint32_t*)0x20004c8c = 0xc; *(uint32_t*)0x20004c90 = 0xc; *(uint32_t*)0x20004c94 = 0xa; *(uint32_t*)0x20004c98 = 8; *(uint16_t*)0x20004c9c = 0; *(uint8_t*)0x20004c9e = 0; STORE_BY_BITMASK(uint8_t, , 0x20004c9f, 5, 0, 7); STORE_BY_BITMASK(uint8_t, , 0x20004c9f, 0, 7, 1); *(uint32_t*)0x20004ca0 = 6; *(uint8_t*)0x20004ca4 = 0; *(uint8_t*)0x20004ca5 = 0x30; *(uint8_t*)0x20004ca6 = 0; *(uint8_t*)0x20004ca7 = 0x30; *(uint8_t*)0x20004ca8 = 0x61; *(uint8_t*)0x20004ca9 = 0x1e; *(uint8_t*)0x20004caa = 0x2f; *(uint8_t*)0x20004cab = 0x30; *(uint8_t*)0x20004cac = 0x2e; *(uint8_t*)0x20004cad = 0; *(uint64_t*)0x20004e48 = 0; *(uint32_t*)0x20004e50 = 0x2e; *(uint32_t*)0x20004e54 = 0; *(uint32_t*)0x20004e58 = 1; *(uint32_t*)0x20004e5c = 0x40; res = syscall(__NR_bpf, /*cmd=*/0x12ul, /*arg=*/0x20004e40ul, /*size=*/0x20ul); if (res != -1) r[0] = res; break; case 1: *(uint32_t*)0x20000480 = 6; *(uint32_t*)0x20000484 = 0x27; *(uint64_t*)0x20000488 = 0x20000d40; *(uint8_t*)0x20000d40 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d41, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d41, 0, 4, 4); *(uint16_t*)0x20000d42 = 0; *(uint32_t*)0x20000d44 = 8; *(uint8_t*)0x20000d48 = 0; *(uint8_t*)0x20000d49 = 0; *(uint16_t*)0x20000d4a = 0; *(uint32_t*)0x20000d4c = 7; *(uint8_t*)0x20000d50 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d51, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d51, 1, 4, 4); *(uint16_t*)0x20000d52 = 0; *(uint32_t*)0x20000d54 = -1; *(uint8_t*)0x20000d58 = 0; *(uint8_t*)0x20000d59 = 0; *(uint16_t*)0x20000d5a = 0; *(uint32_t*)0x20000d5c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000d60, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d60, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d60, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d61, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d61, 0, 4, 4); *(uint16_t*)0x20000d62 = 0; *(uint32_t*)0x20000d64 = 0x14; STORE_BY_BITMASK(uint8_t, , 0x20000d68, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d68, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d68, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d69, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d69, 0, 4, 4); *(uint16_t*)0x20000d6a = 0; *(uint32_t*)0x20000d6c = 0; *(uint8_t*)0x20000d70 = 0x85; *(uint8_t*)0x20000d71 = 0; *(uint16_t*)0x20000d72 = 0; *(uint32_t*)0x20000d74 = 0x83; STORE_BY_BITMASK(uint8_t, , 0x20000d78, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d78, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d78, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d79, 9, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d79, 0, 4, 4); *(uint16_t*)0x20000d7a = 0; *(uint32_t*)0x20000d7c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000d80, 5, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000d80, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000d80, 5, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d81, 9, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d81, 0, 4, 4); *(uint16_t*)0x20000d82 = 1; *(uint32_t*)0x20000d84 = 0; *(uint8_t*)0x20000d88 = 0x95; *(uint8_t*)0x20000d89 = 0; *(uint16_t*)0x20000d8a = 0; *(uint32_t*)0x20000d8c = 0; *(uint8_t*)0x20000d90 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000d91, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000d91, 1, 4, 4); *(uint16_t*)0x20000d92 = 0; *(uint32_t*)0x20000d94 = -1; *(uint8_t*)0x20000d98 = 0; *(uint8_t*)0x20000d99 = 0; *(uint16_t*)0x20000d9a = 0; *(uint32_t*)0x20000d9c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000da0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000da0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000da0, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000da1, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000da1, 0, 4, 4); *(uint16_t*)0x20000da2 = 0; *(uint32_t*)0x20000da4 = 0; *(uint8_t*)0x20000da8 = 0x85; *(uint8_t*)0x20000da9 = 0; *(uint16_t*)0x20000daa = 0; *(uint32_t*)0x20000dac = 0x86; *(uint8_t*)0x20000db0 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000db1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000db1, 0, 4, 4); *(uint16_t*)0x20000db2 = 0; *(uint32_t*)0x20000db4 = 0x25702020; *(uint8_t*)0x20000db8 = 0; *(uint8_t*)0x20000db9 = 0; *(uint16_t*)0x20000dba = 0; *(uint32_t*)0x20000dbc = 0x20202000; STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 3, 2); STORE_BY_BITMASK(uint8_t, , 0x20000dc0, 3, 5, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc1, 0xa, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc1, 1, 4, 4); *(uint16_t*)0x20000dc2 = 0xfff8; *(uint32_t*)0x20000dc4 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dc8, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc9, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dc9, 0xa, 4, 4); *(uint16_t*)0x20000dca = 0; *(uint32_t*)0x20000dcc = 0; STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dd0, 0, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd1, 0, 4, 4); *(uint16_t*)0x20000dd2 = 0; *(uint32_t*)0x20000dd4 = 0xfffffff8; STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000dd8, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd9, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000dd9, 0, 4, 4); *(uint16_t*)0x20000dda = 0; *(uint32_t*)0x20000ddc = 8; STORE_BY_BITMASK(uint8_t, , 0x20000de0, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000de0, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000de0, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000de1, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000de1, 0, 4, 4); *(uint16_t*)0x20000de2 = 0; *(uint32_t*)0x20000de4 = 0xffff; *(uint8_t*)0x20000de8 = 0x85; *(uint8_t*)0x20000de9 = 0; *(uint16_t*)0x20000dea = 0; *(uint32_t*)0x20000dec = 6; *(uint8_t*)0x20000df0 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000df1, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000df1, 0, 4, 4); *(uint16_t*)0x20000df2 = 0; *(uint32_t*)0x20000df4 = 0x256c6c64; *(uint8_t*)0x20000df8 = 0; *(uint8_t*)0x20000df9 = 0; *(uint16_t*)0x20000dfa = 0; *(uint32_t*)0x20000dfc = 0x20202000; STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 3, 2); STORE_BY_BITMASK(uint8_t, , 0x20000e00, 3, 5, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e01, 0xa, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e01, 1, 4, 4); *(uint16_t*)0x20000e02 = 0xfff8; *(uint32_t*)0x20000e04 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e08, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e08, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e08, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e09, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e09, 0xa, 4, 4); *(uint16_t*)0x20000e0a = 0; *(uint32_t*)0x20000e0c = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e10, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e10, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e10, 0, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e11, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e11, 0, 4, 4); *(uint16_t*)0x20000e12 = 0; *(uint32_t*)0x20000e14 = 0xfffffff8; STORE_BY_BITMASK(uint8_t, , 0x20000e18, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e18, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e18, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e19, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e19, 0, 4, 4); *(uint16_t*)0x20000e1a = 0; *(uint32_t*)0x20000e1c = 8; STORE_BY_BITMASK(uint8_t, , 0x20000e20, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e20, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e20, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e21, 3, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e21, 0, 4, 4); *(uint16_t*)0x20000e22 = 0; *(uint32_t*)0x20000e24 = 7; *(uint8_t*)0x20000e28 = 0x85; *(uint8_t*)0x20000e29 = 0; *(uint16_t*)0x20000e2a = 0; *(uint32_t*)0x20000e2c = 6; *(uint8_t*)0x20000e30 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000e31, 8, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e31, 5, 4, 4); *(uint16_t*)0x20000e32 = 0; *(uint32_t*)0x20000e34 = 1; *(uint8_t*)0x20000e38 = 0; *(uint8_t*)0x20000e39 = 0; *(uint16_t*)0x20000e3a = 0; *(uint32_t*)0x20000e3c = 0; *(uint8_t*)0x20000e40 = 0x18; STORE_BY_BITMASK(uint8_t, , 0x20000e41, 6, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e41, 6, 4, 4); *(uint16_t*)0x20000e42 = 0; *(uint32_t*)0x20000e44 = 4; *(uint8_t*)0x20000e48 = 0; *(uint8_t*)0x20000e49 = 0; *(uint16_t*)0x20000e4a = 0; *(uint32_t*)0x20000e4c = 0xfffffffb; STORE_BY_BITMASK(uint8_t, , 0x20000e50, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e50, 1, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e50, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e51, 1, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e51, 9, 4, 4); *(uint16_t*)0x20000e52 = 0; *(uint32_t*)0x20000e54 = 0; STORE_BY_BITMASK(uint8_t, , 0x20000e58, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e58, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e59, 2, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e59, 0, 4, 4); *(uint16_t*)0x20000e5a = 0; *(uint32_t*)0x20000e5c = 0; *(uint8_t*)0x20000e60 = 0x85; *(uint8_t*)0x20000e61 = 0; *(uint16_t*)0x20000e62 = 0; *(uint32_t*)0x20000e64 = 0x84; STORE_BY_BITMASK(uint8_t, , 0x20000e68, 7, 0, 3); STORE_BY_BITMASK(uint8_t, , 0x20000e68, 0, 3, 1); STORE_BY_BITMASK(uint8_t, , 0x20000e68, 0xb, 4, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e69, 0, 0, 4); STORE_BY_BITMASK(uint8_t, , 0x20000e69, 0, 4, 4); *(uint16_t*)0x20000e6a = 0; *(uint32_t*)0x20000e6c = 0; *(uint8_t*)0x20000e70 = 0x95; *(uint8_t*)0x20000e71 = 0; *(uint16_t*)0x20000e72 = 0; *(uint32_t*)0x20000e74 = 0; *(uint64_t*)0x20000490 = 0x20000040; memcpy((void*)0x20000040, "GPL\000", 4); *(uint32_t*)0x20000498 = 0xb; *(uint32_t*)0x2000049c = 0xc0; *(uint64_t*)0x200004a0 = 0x20000c80; *(uint32_t*)0x200004a8 = 0x41100; *(uint32_t*)0x200004ac = 0x38; memset((void*)0x200004b0, 0, 16); *(uint32_t*)0x200004c0 = 0; *(uint32_t*)0x200004c4 = 0x25; *(uint32_t*)0x200004c8 = r[0]; *(uint32_t*)0x200004cc = 8; *(uint64_t*)0x200004d0 = 0; *(uint32_t*)0x200004d8 = 0; *(uint32_t*)0x200004dc = 0x10; *(uint64_t*)0x200004e0 = 0x200002c0; *(uint32_t*)0x200002c0 = 0; *(uint32_t*)0x200002c4 = 0; *(uint32_t*)0x200002c8 = 0; *(uint32_t*)0x200002cc = 9; *(uint32_t*)0x200004e8 = 1; *(uint32_t*)0x200004ec = 0; *(uint32_t*)0x200004f0 = 0; *(uint32_t*)0x200004f4 = 9; *(uint64_t*)0x200004f8 = 0x20000380; *(uint32_t*)0x20000380 = -1; *(uint32_t*)0x20000384 = -1; *(uint32_t*)0x20000388 = -1; *(uint64_t*)0x20000500 = 0x200003c0; *(uint32_t*)0x200003c0 = 1; *(uint32_t*)0x200003c4 = 4; *(uint32_t*)0x200003c8 = 0xb; *(uint32_t*)0x200003cc = 6; *(uint32_t*)0x200003d0 = 2; *(uint32_t*)0x200003d4 = 2; *(uint32_t*)0x200003d8 = 1; *(uint32_t*)0x200003dc = 0; *(uint32_t*)0x200003e0 = 5; *(uint32_t*)0x200003e4 = 4; *(uint32_t*)0x200003e8 = 0xe; *(uint32_t*)0x200003ec = 0xb; *(uint32_t*)0x200003f0 = 2; *(uint32_t*)0x200003f4 = 0x1000003; *(uint32_t*)0x200003f8 = 2; *(uint32_t*)0x200003fc = 3; *(uint32_t*)0x20000400 = 2; *(uint32_t*)0x20000404 = 5; *(uint32_t*)0x20000408 = 0xa; *(uint32_t*)0x2000040c = 5; *(uint32_t*)0x20000410 = 3; *(uint32_t*)0x20000414 = 1; *(uint32_t*)0x20000418 = 0xa; *(uint32_t*)0x2000041c = 3; *(uint32_t*)0x20000420 = 3; *(uint32_t*)0x20000424 = 3; *(uint32_t*)0x20000428 = 5; *(uint32_t*)0x2000042c = 8; *(uint32_t*)0x20000430 = 3; *(uint32_t*)0x20000434 = 1; *(uint32_t*)0x20000438 = 5; *(uint32_t*)0x2000043c = 5; *(uint32_t*)0x20000440 = 0; *(uint32_t*)0x20000444 = 2; *(uint32_t*)0x20000448 = 0; *(uint32_t*)0x2000044c = 7; *(uint32_t*)0x20000508 = 0x10; *(uint32_t*)0x2000050c = 0x10000; syscall(__NR_bpf, /*cmd=*/5ul, /*arg=*/0x20000480ul, /*size=*/0x90ul); break; case 2: *(uint32_t*)0x20000440 = -1; *(uint64_t*)0x20000448 = 0x200003c0; *(uint32_t*)0x200003c0 = 0; *(uint64_t*)0x20000450 = 0; *(uint64_t*)0x20000458 = 0; syscall(__NR_bpf, /*cmd=*/2ul, /*arg=*/0x20000440ul, /*size=*/0x20ul); break; } } int main(void) { syscall(__NR_mmap, /*addr=*/0x1ffff000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x20000000ul, /*len=*/0x1000000ul, /*prot=PROT_WRITE|PROT_READ|PROT_EXEC*/7ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); syscall(__NR_mmap, /*addr=*/0x21000000ul, /*len=*/0x1000ul, /*prot=*/0ul, /*flags=MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE*/0x32ul, /*fd=*/-1, /*offset=*/0ul); const char* reason; (void)reason; loop(); return 0; } ``` And here is the crash information ``` [ 89.482115] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI [ 89.482639] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 89.482979] CPU: 1 UID: 0 PID: 214 Comm: test Not tainted 6.11.0-rc4 #1 [ 89.483276] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 89.483632] RIP: 0010:bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.483885] Code: 48 8b 85 28 fd ff ff 4c 89 ef 44 8b 70 04 44 89 f6 e8 96 a5 f8 ff 48 89 c2 49 89 c4 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14c [ 89.484686] RSP: 0018:ffff888108f373d0 EFLAGS: 00010246 [ 89.484924] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff816c8b8b [ 89.485247] RDX: 0000000000000000 RSI: ffffffff816c8bea RDI: 0000000000000004 [ 89.485563] RBP: ffff888108f376c0 R08: ffff888108f37778 R09: ffff88810991c000 [ 89.485880] R10: 0000000000000004 R11: ffff888103ab1c90 R12: 0000000000000000 [ 89.486197] R13: ffff888103ddfe00 R14: 0000000000000004 R15: ffff88810991c000 [ 89.486514] FS: 00007f94a2d15640(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.486874] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.487128] CR2: 0000000020000480 CR3: 0000000106058000 CR4: 00000000003006f0 [ 89.487439] Call Trace: [ 89.487553] <TASK> [ 89.487654] ? show_regs+0x93/0xa0 [ 89.487815] ? die_addr+0x50/0xd0 [ 89.487972] ? exc_general_protection+0x19f/0x320 [ 89.488185] ? asm_exc_general_protection+0x26/0x30 [ 89.488405] ? btf_type_by_id+0xeb/0x1a0 [ 89.488584] ? btf_type_by_id+0x14a/0x1a0 [ 89.488766] ? bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.488989] ? __printk_safe_exit+0x9/0x20 [ 89.489175] ? stack_depot_save_flags+0x616/0x7c0 [ 89.489392] ? bpf_prog_load+0x151c/0x2450 [ 89.489594] ? kasan_save_stack+0x34/0x50 [ 89.489792] ? kasan_save_stack+0x24/0x50 [ 89.489987] ? __pfx_bpf_core_calc_relo_insn+0x10/0x10 [ 89.490231] ? bpf_check+0x6744/0xba00 [ 89.490415] ? bpf_prog_load+0x151c/0x2450 [ 89.490612] ? __sys_bpf+0x12be/0x5290 [ 89.490795] ? __x64_sys_bpf+0x78/0xc0 [ 89.490979] ? do_syscall_64+0xa6/0x1a0 [ 89.491167] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.491417] ? __pfx_vsnprintf+0x10/0x10 [ 89.491611] ? sort_r+0x45/0x5f0 [ 89.491774] ? _copy_to_user+0x77/0x90 [ 89.491954] ? bpf_verifier_vlog+0x25b/0x690 [ 89.492150] ? __pfx_sort+0x10/0x10 [ 89.492314] ? verbose+0xde/0x170 [ 89.492470] ? kasan_unpoison+0x27/0x60 [ 89.492648] ? __kasan_slab_alloc+0x30/0x70 [ 89.492837] ? __kmalloc_cache_noprof+0xf0/0x270 [ 89.493050] bpf_core_apply+0x48b/0xaf0 [ 89.493228] ? btf_name_by_offset+0x13a/0x180 [ 89.493431] ? __pfx_bpf_core_apply+0x10/0x10 [ 89.493631] ? __pfx_check_btf_line+0x10/0x10 [ 89.493830] ? bpf_check_uarg_tail_zero+0x142/0x1c0 [ 89.494051] ? __pfx_bpf_check_uarg_tail_zero+0x10/0x10 [ 89.494286] bpf_check+0x6744/0xba00 [ 89.494458] ? kasan_save_stack+0x34/0x50 [ 89.494653] ? kasan_save_stack+0x24/0x50 [ 89.494848] ? kasan_save_track+0x14/0x30 [ 89.495039] ? __kasan_kmalloc+0x7f/0x90 [ 89.495232] ? __pfx_bpf_check+0x10/0x10 [ 89.495426] ? pcpu_chunk_relocate+0x145/0x1c0 [ 89.495640] ? mutex_unlock+0x7e/0xd0 [ 89.495820] ? kasan_unpoison+0x27/0x60 [ 89.496008] ? __kasan_slab_alloc+0x30/0x70 [ 89.496208] ? __kmalloc_cache_noprof+0xf0/0x270 [ 89.496430] ? kasan_save_track+0x14/0x30 [ 89.496622] ? __kasan_kmalloc+0x7f/0x90 [ 89.496810] ? selinux_bpf_prog_load+0x15b/0x1c0 [ 89.497024] bpf_prog_load+0x151c/0x2450 [ 89.497206] ? __pfx_bpf_prog_load+0x10/0x10 [ 89.497405] ? avc_has_perm+0x175/0x2f0 [ 89.497585] ? __pte_offset_map+0x12f/0x1f0 [ 89.497774] ? bpf_check_uarg_tail_zero+0x142/0x1c0 [ 89.497994] ? selinux_bpf+0xdd/0x120 [ 89.498163] ? security_bpf+0x8d/0xb0 [ 89.498333] __sys_bpf+0x12be/0x5290 [ 89.498500] ? folio_add_lru+0x58/0x80 [ 89.498675] ? __pfx___sys_bpf+0x10/0x10 [ 89.498855] ? __pfx_down_read_trylock+0x10/0x10 [ 89.499069] ? __pfx___handle_mm_fault+0x10/0x10 [ 89.499283] ? do_user_addr_fault+0x595/0x1220 [ 89.499524] __x64_sys_bpf+0x78/0xc0 [ 89.499738] ? exc_page_fault+0xae/0x180 [ 89.499928] do_syscall_64+0xa6/0x1a0 [ 89.500109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.500361] RIP: 0033:0x44ceed [ 89.500512] Code: c3 e8 d7 1e 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 018 [ 89.501348] RSP: 002b:00007f94a2d15178 EFLAGS: 00000287 ORIG_RAX: 0000000000000141 [ 89.501695] RAX: ffffffffffffffda RBX: 00007f94a2d15640 RCX: 000000000044ceed [ 89.502013] RDX: 0000000000000090 RSI: 0000000020000480 RDI: 0000000000000005 [ 89.502323] RBP: 00007f94a2d151a0 R08: 0000000000000000 R09: 0000000000000000 [ 89.502635] R10: 0000000000000000 R11: 0000000000000287 R12: 00007f94a2d15640 [ 89.502949] R13: 0000000000000000 R14: 00000000004160d0 R15: 00007f94a2cf5000 [ 89.503269] </TASK> [ 89.503376] Modules linked in: [ 89.503586] ---[ end trace 0000000000000000 ]--- [ 89.503793] RIP: 0010:bpf_core_calc_relo_insn+0x11e/0x1e90 [ 89.504045] Code: 48 8b 85 28 fd ff ff 4c 89 ef 44 8b 70 04 44 89 f6 e8 96 a5 f8 ff 48 89 c2 49 89 c4 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <0f> b6 14c [ 89.504860] RSP: 0018:ffff888108f373d0 EFLAGS: 00010246 [ 89.505112] RAX: dffffc0000000000 RBX: dffffc0000000000 RCX: ffffffff816c8b8b [ 89.505441] RDX: 0000000000000000 RSI: ffffffff816c8bea RDI: 0000000000000004 [ 89.505768] RBP: ffff888108f376c0 R08: ffff888108f37778 R09: ffff88810991c000 [ 89.506099] R10: 0000000000000004 R11: ffff888103ab1c90 R12: 0000000000000000 [ 89.506427] R13: ffff888103ddfe00 R14: 0000000000000004 R15: ffff88810991c000 [ 89.506754] FS: 00007f94a2d15640(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 89.507129] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.507398] CR2: 0000000020000480 CR3: 0000000106058000 CR4: 00000000003006f0 ``` I use gdb debug it,and found that the lack of a NULL check before using local_type has led to a null pointer dereference vulnerability. ``` ───────────────────────────────────────────────────────────────────────────[ REGISTERS / show-flags off / show-compact-regs off ]─────────────────────────────────────────────────────────────────────────── RAX 0xdffffc0000000000 RBX 0xdffffc0000000000 RCX 0xffffffff816c8b8b (btf_type_by_id+235) ◂— 0x404be85576e53944 RDX 0x0 RDI 0x4 RSI 0xffffffff816c8bea (btf_type_by_id+330) ◂— 0xe0894c5d5be43145 R8 0xffff88811669f778 ◂— 0x0 R9 0xffff888115f48000 ◂— 0x0 R10 0x4 R11 0xffff888104562080 ◂— 0x0 R12 0x0 R13 0xffff8881135b7000 —▸ 0xffff8881166280c2 ◂— 0x0 R14 0x4 R15 0xffff888115f48000 ◂— 0x0 RBP 0xffff88811669f6c0 —▸ 0xffff88811669f798 —▸ 0xffffffff8160fcb0 (check_btf_line) ◂— 0x56415741e5894855 RSP 0xffff88811669f3d0 ◂— 0x1ffff11022cd3e92 *RIP 0xffffffff8173e51e (bpf_core_calc_relo_insn+286) ◂— 0x83e0894c0214b60f ────────────────────────────────────────────────────────────────────────────────────[ DISASM / x86-64 / set emulate on ]──────────────────────────────────────────────────────────────────────────────────── 0xffffffff8173e505 <bpf_core_calc_relo_insn+261> call btf_type_by_id <btf_type_by_id> 0xffffffff8173e50a <bpf_core_calc_relo_insn+266> mov rdx, rax 0xffffffff8173e50d <bpf_core_calc_relo_insn+269> mov r12, rax 0xffffffff8173e510 <bpf_core_calc_relo_insn+272> movabs rax, 0xdffffc0000000000 0xffffffff8173e51a <bpf_core_calc_relo_insn+282> shr rdx, 3 <fixed_percpu_data+3> ► 0xffffffff8173e51e <bpf_core_calc_relo_insn+286> movzx edx, byte ptr [rdx + rax] 0xffffffff8173e522 <bpf_core_calc_relo_insn+290> mov rax, r12 0xffffffff8173e525 <bpf_core_calc_relo_insn+293> and eax, 7 <fixed_percpu_data+7> 0xffffffff8173e528 <bpf_core_calc_relo_insn+296> add eax, 3 <fixed_percpu_data+3> 0xffffffff8173e52b <bpf_core_calc_relo_insn+299> cmp al, dl 0xffffffff8173e52d <bpf_core_calc_relo_insn+301> jl bpf_core_calc_relo_insn+311 <bpf_core_calc_relo_insn+311> ─────────────────────────────────────────────────────────────────────────────────────────────[ SOURCE (CODE) ]────────────────────────────────────────────────────────────────────────────────────────────── In file: /home/ubuntu/fuzz/linux-6.11-rc4/tools/lib/bpf/relo_core.c:1300 1295 char spec_buf[256]; 1296 int i, j, err; 1297 1298 local_id = relo->type_id; 1299 local_type = btf_type_by_id(local_btf, local_id); ► 1300 local_name = btf__name_by_offset(local_btf, local_type->name_off); 1301 if (!local_name) 1302 return -EINVAL; 1303 1304 err = bpf_core_parse_spec(prog_name, local_btf, relo, local_spec); 1305 if (err) { ─────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]────────────────────────────────────────────────────────────────────────────────────────────────── ```

1 year, 4 months

3
5
0 0

[PATCH] fuse: use unsigned type for getxattr/listxattr size truncation

by Jann Horn

The existing code uses min_t(ssize_t, outarg.size, XATTR_LIST_MAX) when parsing the FUSE daemon's response to a zero-length getxattr/listxattr request. On 32-bit kernels, where ssize_t and outarg.size are the same size, this is wrong: The min_t() will pass through any size values that are negative when interpreted as signed. fuse_listxattr() will then return this userspace-supplied negative value, which callers will treat as an error value. This kind of bug pattern can lead to fairly bad security bugs because of how error codes are used in the Linux kernel. If a caller were to convert the numeric error into an error pointer, like so: struct foo *func(...) { int len = fuse_getxattr(..., NULL, 0); if (len < 0) return ERR_PTR(len); ... } then it would end up returning this userspace-supplied negative value cast to a pointer - but the caller of this function wouldn't recognize it as an error pointer (IS_ERR_VALUE() only detects values in the narrow range in which legitimate errno values are), and so it would just be treated as a kernel pointer. I think there is at least one theoretical codepath where this could happen, but that path would involve virtio-fs with submounts plus some weird SELinux configuration, so I think it's probably not a concern in practice. Cc: stable(a)vger.kernel.org Fixes: 63401ccdb2ca ("fuse: limit xattr returned size") Signed-off-by: Jann Horn <jannh(a)google.com> --- fs/fuse/xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c index 5b423fdbb13f..9f568d345c51 100644 --- a/fs/fuse/xattr.c +++ b/fs/fuse/xattr.c @@ -81,7 +81,7 @@ ssize_t fuse_getxattr(struct inode *inode, const char *name, void *value, } ret = fuse_simple_request(fm, &args); if (!ret && !size) - ret = min_t(ssize_t, outarg.size, XATTR_SIZE_MAX); + ret = min_t(size_t, outarg.size, XATTR_SIZE_MAX); if (ret == -ENOSYS) { fm->fc->no_getxattr = 1; ret = -EOPNOTSUPP; @@ -143,7 +143,7 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size) } ret = fuse_simple_request(fm, &args); if (!ret && !size) - ret = min_t(ssize_t, outarg.size, XATTR_LIST_MAX); + ret = min_t(size_t, outarg.size, XATTR_LIST_MAX); if (ret > 0 && size) ret = fuse_verify_xattr_list(list, ret); if (ret == -ENOSYS) { --- base-commit: b0da640826ba3b6506b4996a6b23a429235e6923 change-id: 20240819-fuse-oob-error-fix-664d082176d5 -- Jann Horn <jannh(a)google.com>

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PTE is changed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 40b760cfd44566bca791c80e0720d70d75382b84 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081933-cheddar-oak-0777@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 40b760cfd445 ("mm/numa: no task_numa_fault() call if PTE is changed") d2136d749d76 ("mm: support multi-size THP numa balancing") 6b0ed7b3c775 ("mm: factor out the numa mapping rebuilding into a new helper") ec1778807a80 ("mm: mprotect: use a folio in change_pte_range()") 6695cf68b15c ("mm: memory: use a folio in do_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:04 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PTE is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index 34f8402d2046..3c01d68065be 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5295,7 +5295,7 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (unlikely(!pte_same(old_pte, vmf->orig_pte))) { pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + return 0; } pte = pte_modify(old_pte, vma->vm_page_prot); @@ -5358,23 +5358,19 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { nid = target_nid; flags |= TNF_MIGRATED; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, - vmf->address, &vmf->ptl); - if (unlikely(!vmf->pte)) - goto out; - if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { - pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, nr_pages, flags); - return 0; + flags |= TNF_MIGRATE_FAIL; + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, + vmf->address, &vmf->ptl); + if (unlikely(!vmf->pte)) + return 0; + if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); + return 0; + } out_map: /* * Make it present again, depending on how arch implements @@ -5387,7 +5383,10 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PTE is changed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 40b760cfd44566bca791c80e0720d70d75382b84 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081932-vastly-ice-7932@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 40b760cfd445 ("mm/numa: no task_numa_fault() call if PTE is changed") d2136d749d76 ("mm: support multi-size THP numa balancing") 6b0ed7b3c775 ("mm: factor out the numa mapping rebuilding into a new helper") ec1778807a80 ("mm: mprotect: use a folio in change_pte_range()") 6695cf68b15c ("mm: memory: use a folio in do_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 40b760cfd44566bca791c80e0720d70d75382b84 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:04 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PTE is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") restructured do_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pte_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-2-ziy@nvidia.com Fixes: b99a342d4f11 ("NUMA balancing: reduce TLB flush via delaying mapping on hint page fault") Signed-off-by: Zi Yan <ziy(a)nvidia.com> Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/memory.c b/mm/memory.c index 34f8402d2046..3c01d68065be 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -5295,7 +5295,7 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (unlikely(!pte_same(old_pte, vmf->orig_pte))) { pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + return 0; } pte = pte_modify(old_pte, vma->vm_page_prot); @@ -5358,23 +5358,19 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { nid = target_nid; flags |= TNF_MIGRATED; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, - vmf->address, &vmf->ptl); - if (unlikely(!vmf->pte)) - goto out; - if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { - pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, nr_pages, flags); - return 0; + flags |= TNF_MIGRATE_FAIL; + vmf->pte = pte_offset_map_lock(vma->vm_mm, vmf->pmd, + vmf->address, &vmf->ptl); + if (unlikely(!vmf->pte)) + return 0; + if (unlikely(!pte_same(ptep_get(vmf->pte), vmf->orig_pte))) { + pte_unmap_unlock(vmf->pte, vmf->ptl); + return 0; + } out_map: /* * Make it present again, depending on how arch implements @@ -5387,7 +5383,10 @@ static vm_fault_t do_numa_page(struct vm_fault *vmf) numa_rebuild_single_mapping(vmf, vma, vmf->address, vmf->pte, writable); pte_unmap_unlock(vmf->pte, vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, nr_pages, flags); + return 0; } static inline vm_fault_t create_huge_pmd(struct vm_fault *vmf)

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081953-corncob-gab-6fce@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") 4e096ae1801e ("mm: convert migrate_pages() to work on folios") 2ef7dbb26990 ("migrate_pages: try migrate in batch asynchronously firstly") a21d2133215b ("migrate_pages: move split folios processing out of migrate_pages_batch()") fb3592c41a44 ("migrate_pages: fix deadlock in batched migration") f9366f4c2a29 ("include/linux/migrate.h: remove unneeded externs") cd7755800eb5 ("mm: change to return bool for isolate_movable_page()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 6f7d760e86fa ("migrate_pages: move THP/hugetlb migration support check to simplify code") 7e12beb8ca2a ("migrate_pages: batch flushing TLB") ebe75e475106 ("migrate_pages: share more code between _unmap and _move") 80562ba0d837 ("migrate_pages: move migrate_folio_unmap()") 5dfab109d519 ("migrate_pages: batch _unmap and _move") 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap() and _move()") 42012e0436d4 ("migrate_pages: restrict number of pages to migrate in batch") e5bfff8b10e4 ("migrate_pages: separate hugetlb folios migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081952-handstand-rematch-5948@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") 4e096ae1801e ("mm: convert migrate_pages() to work on folios") 2ef7dbb26990 ("migrate_pages: try migrate in batch asynchronously firstly") a21d2133215b ("migrate_pages: move split folios processing out of migrate_pages_batch()") fb3592c41a44 ("migrate_pages: fix deadlock in batched migration") f9366f4c2a29 ("include/linux/migrate.h: remove unneeded externs") cd7755800eb5 ("mm: change to return bool for isolate_movable_page()") f7f9c00dfaff ("mm: change to return bool for isolate_lru_page()") be2d57563822 ("mm: change to return bool for folio_isolate_lru()") 6f7d760e86fa ("migrate_pages: move THP/hugetlb migration support check to simplify code") 7e12beb8ca2a ("migrate_pages: batch flushing TLB") ebe75e475106 ("migrate_pages: share more code between _unmap and _move") 80562ba0d837 ("migrate_pages: move migrate_folio_unmap()") 5dfab109d519 ("migrate_pages: batch _unmap and _move") 64c8902ed441 ("migrate_pages: split unmap_and_move() to _unmap() and _move()") 42012e0436d4 ("migrate_pages: restrict number of pages to migrate in batch") e5bfff8b10e4 ("migrate_pages: separate hugetlb folios migration") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081951-fable-brewery-9048@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") 667ffc31aa95 ("mm: huge_memory: use a folio in do_huge_pmd_numa_page()") 73eab3ca481e ("mm: migrate: convert migrate_misplaced_page() to migrate_misplaced_folio()") 2ac9e99f3b21 ("mm: migrate: convert numamigrate_isolate_page() to numamigrate_isolate_folio()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/numa: no task_numa_fault() call if PMD is changed" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x fd8c35a92910f4829b7c99841f39b1b952c259d5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081950-jolliness-crux-7fe1@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: fd8c35a92910 ("mm/numa: no task_numa_fault() call if PMD is changed") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fd8c35a92910f4829b7c99841f39b1b952c259d5 Mon Sep 17 00:00:00 2001 From: Zi Yan <ziy(a)nvidia.com> Date: Fri, 9 Aug 2024 10:59:05 -0400 Subject: [PATCH] mm/numa: no task_numa_fault() call if PMD is changed When handling a numa page fault, task_numa_fault() should be called by a process that restores the page table of the faulted folio to avoid duplicated stats counting. Commit c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") restructured do_huge_pmd_numa_page() and did not avoid task_numa_fault() call in the second page table check after a numa migration failure. Fix it by making all !pmd_same() return immediately. This issue can cause task_numa_fault() being called more than necessary and lead to unexpected numa balancing results (It is hard to tell whether the issue will cause positive or negative performance impact due to duplicated numa fault counting). Link: https://lkml.kernel.org/r/20240809145906.1513458-3-ziy@nvidia.com Fixes: c5b5a3dd2c1f ("mm: thp: refactor NUMA fault handling") Reported-by: "Huang, Ying" <ying.huang(a)intel.com> Closes: https://lore.kernel.org/linux-mm/87zfqfw0yw.fsf@yhuang6-desk2.ccr.corp.inte… Signed-off-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: "Huang, Ying" <ying.huang(a)intel.com> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Yang Shi <shy828301(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f4be468e06a4..67c86a5d64a6 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1685,7 +1685,7 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { spin_unlock(vmf->ptl); - goto out; + return 0; } pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1728,22 +1728,16 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) if (!migrate_misplaced_folio(folio, vma, target_nid)) { flags |= TNF_MIGRATED; nid = target_nid; - } else { - flags |= TNF_MIGRATE_FAIL; - vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); - if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { - spin_unlock(vmf->ptl); - goto out; - } - goto out_map; + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } -out: - if (nid != NUMA_NO_NODE) - task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); - - return 0; - + flags |= TNF_MIGRATE_FAIL; + vmf->ptl = pmd_lock(vma->vm_mm, vmf->pmd); + if (unlikely(!pmd_same(oldpmd, *vmf->pmd))) { + spin_unlock(vmf->ptl); + return 0; + } out_map: /* Restore the PMD */ pmd = pmd_modify(oldpmd, vma->vm_page_prot); @@ -1753,7 +1747,10 @@ vm_fault_t do_huge_pmd_numa_page(struct vm_fault *vmf) set_pmd_at(vma->vm_mm, haddr, vmf->pmd, pmd); update_mmu_cache_pmd(vma, vmf->address, vmf->pmd); spin_unlock(vmf->ptl); - goto out; + + if (nid != NUMA_NO_NODE) + task_numa_fault(last_cpupid, nid, HPAGE_PMD_NR, flags); + return 0; } /*

1 year, 4 months

2
1
0 0

Re: Patch "serial: pch: Don't disable interrupts while acquiring lock in ISR." has been added to the 6.6-stable tree

by Sebastian Andrzej Siewior

On 2024-08-21 09:34:36 [-0400], Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > serial: pch: Don't disable interrupts while acquiring lock in ISR. > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > serial-pch-don-t-disable-interrupts-while-acquiring-.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. I don't think this needs to be backported. It was part of a cleanup series. It is not wrong, but also not needed. Unless it is needed as a dependency for another patch, I wouldn't bother. Sebastian

1 year, 4 months

1
0
0 0

[v3] usb: dwc3: Avoid waking up gadget during startxfer

by Prashanth K

When operating in High-Speed, it is observed that DSTS[USBLNKST] doesn't update link state immediately after receiving the wakeup interrupt. Since wakeup event handler calls the resume callbacks, there is a chance that function drivers can perform an ep queue, which in turn tries to perform remote wakeup from send_gadget_ep_cmd(STARTXFER). This happens because DSTS[[21:18] wasn't updated to U0 yet, it's observed that the latency of DSTS can be in order of milli-seconds. Hence avoid calling gadget_wakeup during startxfer to prevent unnecessarily issuing remote wakeup to host. Fixes: c36d8e947a56 ("usb: dwc3: gadget: put link to U0 before Start Transfer") Cc: <stable(a)vger.kernel.org> Suggested-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com> Signed-off-by: Prashanth K <quic_prashk(a)quicinc.com> --- v3: Added notes on top the function definition. v2: Refactored the patch as suggested in v1 discussion. drivers/usb/dwc3/gadget.c | 31 +++++++------------------------ 1 file changed, 7 insertions(+), 24 deletions(-) diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c index 89fc690fdf34..d4f2f0e1f031 100644 --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c @@ -287,6 +287,13 @@ static int __dwc3_gadget_wakeup(struct dwc3 *dwc, bool async); * * Caller should handle locking. This function will issue @cmd with given * @params to @dep and wait for its completion. + * + * According to databook, if the link is in L1/L2/U3 while issuing StartXfer command, + * software must bring the link back to L0/U0 by performing remote wakeup. But we don't + * expect ep_queue to trigger a remote wakeup; instead it should be done by wakeup ops. + * + * After receiving wakeup event, device should no longer be in U3, and any link + * transition afterwards needs to be adressed with wakeup ops. */ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned int cmd, struct dwc3_gadget_ep_cmd_params *params) @@ -327,30 +334,6 @@ int dwc3_send_gadget_ep_cmd(struct dwc3_ep *dep, unsigned int cmd, dwc3_writel(dwc->regs, DWC3_GUSB2PHYCFG(0), reg); } - if (DWC3_DEPCMD_CMD(cmd) == DWC3_DEPCMD_STARTTRANSFER) { - int link_state; - - /* - * Initiate remote wakeup if the link state is in U3 when - * operating in SS/SSP or L1/L2 when operating in HS/FS. If the - * link state is in U1/U2, no remote wakeup is needed. The Start - * Transfer command will initiate the link recovery. - */ - link_state = dwc3_gadget_get_link_state(dwc); - switch (link_state) { - case DWC3_LINK_STATE_U2: - if (dwc->gadget->speed >= USB_SPEED_SUPER) - break; - - fallthrough; - case DWC3_LINK_STATE_U3: - ret = __dwc3_gadget_wakeup(dwc, false); - dev_WARN_ONCE(dwc->dev, ret, "wakeup failed --> %d\n", - ret); - break; - } - } - /* * For some commands such as Update Transfer command, DEPCMDPARn * registers are reserved. Since the driver often sends Update Transfer -- 2.25.1

1 year, 4 months

2
2
0 0

[PATCH v2 7/9] vdpa: solidrun: Fix potential UB bug with devres

by Philipp Stanner

In psnet_open_pf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the string on the heap through devm_kasprintf(). Cc: stable(a)vger.kernel.org # v6.3 Fixes: 51a8f9d7f587 ("virtio: vdpa: new SolidNET DPU driver.") Reported-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Closes: https://lore.kernel.org/all/74e9109a-ac59-49e2-9b1d-d825c9c9f891@wanadoo.fr/ Suggested-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Philipp Stanner <pstanner(a)redhat.com> --- drivers/vdpa/solidrun/snet_main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/vdpa/solidrun/snet_main.c b/drivers/vdpa/solidrun/snet_main.c index 99428a04068d..4d42a05d70fc 100644 --- a/drivers/vdpa/solidrun/snet_main.c +++ b/drivers/vdpa/solidrun/snet_main.c @@ -555,7 +555,7 @@ static const struct vdpa_config_ops snet_config_ops = { static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) { - char name[50]; + char *name; int ret, i, mask = 0; /* We don't know which BAR will be used to communicate.. * We will map every bar with len > 0. @@ -573,7 +573,10 @@ static int psnet_open_pf_bar(struct pci_dev *pdev, struct psnet *psnet) return -ENODEV; } - snprintf(name, sizeof(name), "psnet[%s]-bars", pci_name(pdev)); + name = devm_kasprintf(&pdev->dev, GFP_KERNEL, "psnet[%s]-bars", pci_name(pdev)); + if (!name) + return -ENOMEM; + ret = pcim_iomap_regions(pdev, mask, name); if (ret) { SNET_ERR(pdev, "Failed to request and map PCI BARs\n"); -- 2.46.0

1 year, 4 months

3
3
0 0

[PATCH] usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function

by Pawel Laszczak

Patch fixes the incorrect "stream_id" table index instead of "ep_index" used in cdnsp_get_hw_deq function. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index 75724e60653c..e0e97a138666 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -402,7 +402,7 @@ static u64 cdnsp_get_hw_deq(struct cdnsp_device *pdev, struct cdnsp_stream_ctx *st_ctx; struct cdnsp_ep *pep; - pep = &pdev->eps[stream_id]; + pep = &pdev->eps[ep_index]; if (pep->ep_state & EP_HAS_STREAMS) { st_ctx = &pep->stream_info.stream_ctx_array[stream_id]; -- 2.43.0

1 year, 4 months

2
1
0 0

[PATCH v2 RESEND] EDAC/altera: Fix possible null pointer dereference

by Ma Ke

In altr_s10_sdram_check_ecc_deps(), of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. of_translate_address() is the same. Found by code review. Cc: stable(a)vger.kernel.org Fixes: e1bca853dddc ("EDAC/altera: Add SDRAM ECC check for U-Boot") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the check of of_translate_address() as suggestions. --- drivers/edac/altera_edac.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c index fe89f5c4837f..4fbfa338e05f 100644 --- a/drivers/edac/altera_edac.c +++ b/drivers/edac/altera_edac.c @@ -1086,6 +1086,7 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) struct arm_smccc_res result; struct device_node *np; phys_addr_t sdram_addr; + const __be32 *sdram_addrp; u32 read_reg; int ret; @@ -1093,8 +1094,14 @@ static int altr_s10_sdram_check_ecc_deps(struct altr_edac_device_dev *device) if (!np) goto sdram_err; - sdram_addr = of_translate_address(np, of_get_address(np, 0, - NULL, NULL)); + sdram_addrp = of_get_address(np, 0, NULL, NULL); + if (!sdram_addrp) + return -EINVAL; + + sdram_addr = of_translate_address(np, sdram_addrp); + if (sdram_addr == OF_BAD_ADDR) + return -EINVAL; + of_node_put(np); sdram_ecc_addr = (unsigned long)sdram_addr + prv->ecc_en_ofst; arm_smccc_smc(INTEL_SIP_SMC_REG_READ, sdram_ecc_addr, -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH v3 RESEND] pps: add an error check in parport_attach

by Ma Ke

In parport_attach, the return value of ida_alloc is unchecked, witch leads to the use of an invalid index value. To address this issue, index should be checked. When the index value is abnormal, the device should be freed. Found by code review, compile tested only. Cc: stable(a)vger.kernel.org Fixes: fb56d97df70e ("pps: client: use new parport device model") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified Fixes tag as suggestions. Changes in v2: - removed error output as suggestions. --- drivers/pps/clients/pps_parport.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/pps/clients/pps_parport.c b/drivers/pps/clients/pps_parport.c index 63d03a0df5cc..abaffb4e1c1c 100644 --- a/drivers/pps/clients/pps_parport.c +++ b/drivers/pps/clients/pps_parport.c @@ -149,6 +149,9 @@ static void parport_attach(struct parport *port) } index = ida_alloc(&pps_client_index, GFP_KERNEL); + if (index < 0) + goto err_free_device; + memset(&pps_client_cb, 0, sizeof(pps_client_cb)); pps_client_cb.private = device; pps_client_cb.irq_func = parport_irq; @@ -159,7 +162,7 @@ static void parport_attach(struct parport *port) index); if (!device->pardev) { pr_err("couldn't register with %s\n", port->name); - goto err_free; + goto err_free_ida; } if (parport_claim_or_block(device->pardev) < 0) { @@ -187,8 +190,9 @@ static void parport_attach(struct parport *port) parport_release(device->pardev); err_unregister_dev: parport_unregister_device(device->pardev); -err_free: +err_free_ida: ida_free(&pps_client_index, index); +err_free_device: kfree(device); } -- 2.25.1

1 year, 4 months

1
0
0 0

[PATCH net 00/14] mptcp: pm: fix IDs not being reusable

by Matthieu Baerts (NGI0)

Here are more fixes for the MPTCP in-kernel path-manager. In this series, the fixes are around the endpoint IDs not being reusable for on-going connections when re-creating endpoints with previously used IDs. - Patch 1 fixes this case for endpoints being used to send ADD_ADDR. Patch 2 validates this fix. The issue is present since v5.10. - Patch 3 fixes this case for endpoints being used to establish new subflows. Patch 4 validates this fix. The issue is present since v5.10. - Patch 5 fixes this case when all endpoints are flushed. Patch 6 validates this fix. The issue is present since v5.13. - Patch 7 removes a helper that is confusing, and introduced in v5.10. It helps simplifying the next patches. - Patch 8 makes sure a 'subflow' counter is only decremented when removing a 'subflow' endpoint. Can be backported up to v5.13. - Patch 9 is similar, but for a 'signal' counter. Can be backported up to v5.10. - Patch 10 checks the last max accepted ADD_ADDR limit before accepting new ADD_ADDR. For v5.10 as well. - Patch 11 removes a wrong restriction for the userspace PM, added during a refactoring in v6.5. - Patch 12 makes sure the fullmesh mode sets the ID 0 when a new subflow using the source address of the initial subflow is created. Patch 13 covers this case. This issue is present since v5.15. - Patch 14 avoid possible UaF when selecting an address from the endpoints list. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Matthieu Baerts (NGI0) (14): mptcp: pm: re-using ID of unused removed ADD_ADDR selftests: mptcp: join: check re-using ID of unused ADD_ADDR mptcp: pm: re-using ID of unused removed subflows selftests: mptcp: join: check re-using ID of closed subflow mptcp: pm: re-using ID of unused flushed subflows selftests: mptcp: join: test for flush/re-add endpoints mptcp: pm: remove mptcp_pm_remove_subflow() mptcp: pm: only mark 'subflow' endp as available mptcp: pm: only decrement add_addr_accepted for MPJ req mptcp: pm: check add_addr_accept_max before accepting new ADD_ADDR mptcp: pm: only in-kernel cannot have entries with ID 0 mptcp: pm: fullmesh: select the right ID later selftests: mptcp: join: validate fullmesh endp on 1st sf mptcp: pm: avoid possible UaF when selecting endp net/mptcp/pm.c | 13 --- net/mptcp/pm_netlink.c | 142 ++++++++++++++++-------- net/mptcp/protocol.h | 3 - tools/testing/selftests/net/mptcp/mptcp_join.sh | 76 +++++++++++-- 4 files changed, 160 insertions(+), 74 deletions(-) --- base-commit: 565d121b69980637f040eb4d84289869cdaabedf change-id: 20240819-net-mptcp-pm-reusing-id-eb08827b7be6 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 year, 4 months

2
15
0 0

[PATCH] scsi: iscsi: fix reference count leak in cxgbi_check_route()

by Ma Ke

cxgbi_check_route() dont release the reference acquired by ip_dev_find() which introducing a reference count leak. We could remedy this by insuring the reference is released.ip_dev_find(). Cc: stable(a)vger.kernel.org Fixes: 9ba682f01e2f ("[SCSI] libcxgbi: common library for cxgb3i and cxgb4i") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/scsi/cxgbi/libcxgbi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/scsi/cxgbi/libcxgbi.c b/drivers/scsi/cxgbi/libcxgbi.c index bf75940f2be1..6b0f1e8dac40 100644 --- a/drivers/scsi/cxgbi/libcxgbi.c +++ b/drivers/scsi/cxgbi/libcxgbi.c @@ -670,6 +670,7 @@ cxgbi_check_route(struct sockaddr *dst_addr, int ifindex) "route to %pI4 :%u, ndev p#%d,%s, cdev 0x%p.\n", &daddr->sin_addr.s_addr, ntohs(daddr->sin_port), port, ndev->name, cdev); + dev_put(ndev); csk = cxgbi_sock_create(cdev); if (!csk) { -- 2.25.1

1 year, 4 months

2
1
0 0

+ maple_tree-remove-rcu_read_lock-from-mt_validate.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: remove rcu_read_lock() from mt_validate() has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-remove-rcu_read_lock-from-mt_validate.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)Oracle.com> Subject: maple_tree: remove rcu_read_lock() from mt_validate() Date: Tue, 20 Aug 2024 13:54:17 -0400 The write lock should be held when validating the tree to avoid updates racing with checks. Holding the rcu read lock during a large tree validation may also cause a prolonged rcu read window and "rcu_preempt detected stalls" warnings. Link: https://lore.kernel.org/all/0000000000001d12d4062005aea1@google.com/ Link: https://lkml.kernel.org/r/20240820175417.2782532-1-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)Oracle.com> Reported-by: syzbot+036af2f0c7338a33b0cd(a)syzkaller.appspotmail.com Cc: Hillf Danton <hdanton(a)sina.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: "Paul E. McKenney" <paulmck(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) --- a/lib/maple_tree.c~maple_tree-remove-rcu_read_lock-from-mt_validate +++ a/lib/maple_tree.c @@ -7566,14 +7566,14 @@ static void mt_validate_nulls(struct map * 2. The gap is correctly set in the parents */ void mt_validate(struct maple_tree *mt) + __must_hold(mas->tree->ma_lock) { unsigned char end; MA_STATE(mas, mt, 0, 0); - rcu_read_lock(); mas_start(&mas); if (!mas_is_active(&mas)) - goto done; + return; while (!mte_is_leaf(mas.node)) mas_descend(&mas); @@ -7594,9 +7594,6 @@ void mt_validate(struct maple_tree *mt) mas_dfs_postorder(&mas, ULONG_MAX); } mt_validate_nulls(mt); -done: - rcu_read_unlock(); - } EXPORT_SYMBOL_GPL(mt_validate); _ Patches currently in -mm which might be from Liam.Howlett(a)Oracle.com are maple_tree-remove-rcu_read_lock-from-mt_validate.patch

1 year, 4 months

1
0
0 0

[PATCH V2] video/aperture: match the pci device when calling sysfb_disable()

by Alex Deucher

In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not. v2: Fix build when CONFIG_SCREEN_INFO is not set Fixes: 5ae3716cfdcd ("video/aperture: Only remove sysfb on the default vga pci device") Cc: Javier Martinez Canillas <javierm(a)redhat.com> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Helge Deller <deller(a)gmx.de> Cc: Sam Ravnborg <sam(a)ravnborg.org> Cc: Daniel Vetter <daniel.vetter(a)ffwll.ch> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org --- drivers/firmware/sysfb.c | 11 +++++++++-- drivers/of/platform.c | 2 +- drivers/video/aperture.c | 5 ++--- include/linux/sysfb.h | 4 ++-- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/drivers/firmware/sysfb.c b/drivers/firmware/sysfb.c index 880ffcb500887..033a044af2646 100644 --- a/drivers/firmware/sysfb.c +++ b/drivers/firmware/sysfb.c @@ -39,6 +39,8 @@ static struct platform_device *pd; static DEFINE_MUTEX(disable_lock); static bool disabled; +static struct device *sysfb_parent_dev(const struct screen_info *si); + static bool sysfb_unregister(void) { if (IS_ERR_OR_NULL(pd)) @@ -52,6 +54,7 @@ static bool sysfb_unregister(void) /** * sysfb_disable() - disable the Generic System Framebuffers support + * @dev: the device to check if non-NULL * * This disables the registration of system framebuffer devices that match the * generic drivers that make use of the system framebuffer set up by firmware. @@ -61,8 +64,12 @@ static bool sysfb_unregister(void) * Context: The function can sleep. A @disable_lock mutex is acquired to serialize * against sysfb_init(), that registers a system framebuffer device. */ -void sysfb_disable(void) +void sysfb_disable(struct device *dev) { + struct screen_info *si = &screen_info; + + if (dev && dev != sysfb_parent_dev(si)) + return; mutex_lock(&disable_lock); sysfb_unregister(); disabled = true; @@ -93,7 +100,7 @@ static __init bool sysfb_pci_dev_is_enabled(struct pci_dev *pdev) } #endif -static __init struct device *sysfb_parent_dev(const struct screen_info *si) +static struct device *sysfb_parent_dev(const struct screen_info *si) { struct pci_dev *pdev; diff --git a/drivers/of/platform.c b/drivers/of/platform.c index 389d4ea6bfc15..ef622d41eb5b2 100644 --- a/drivers/of/platform.c +++ b/drivers/of/platform.c @@ -592,7 +592,7 @@ static int __init of_platform_default_populate_init(void) * This can happen for example on DT systems that do EFI * booting and may provide a GOP handle to the EFI stub. */ - sysfb_disable(); + sysfb_disable(NULL); of_platform_device_create(node, NULL, NULL); of_node_put(node); } diff --git a/drivers/video/aperture.c b/drivers/video/aperture.c index 561be8feca96c..b23d85ceea104 100644 --- a/drivers/video/aperture.c +++ b/drivers/video/aperture.c @@ -293,7 +293,7 @@ int aperture_remove_conflicting_devices(resource_size_t base, resource_size_t si * ask for this, so let's assume that a real driver for the display * was already probed and prevent sysfb to register devices later. */ - sysfb_disable(); + sysfb_disable(NULL); aperture_detach_devices(base, size); @@ -353,8 +353,7 @@ int aperture_remove_conflicting_pci_devices(struct pci_dev *pdev, const char *na if (pdev == vga_default_device()) primary = true; - if (primary) - sysfb_disable(); + sysfb_disable(&pdev->dev); for (bar = 0; bar < PCI_STD_NUM_BARS; ++bar) { if (!(pci_resource_flags(pdev, bar) & IORESOURCE_MEM)) diff --git a/include/linux/sysfb.h b/include/linux/sysfb.h index c9cb657dad08a..bef5f06a91de6 100644 --- a/include/linux/sysfb.h +++ b/include/linux/sysfb.h @@ -58,11 +58,11 @@ struct efifb_dmi_info { #ifdef CONFIG_SYSFB -void sysfb_disable(void); +void sysfb_disable(struct device *dev); #else /* CONFIG_SYSFB */ -static inline void sysfb_disable(void) +static inline void sysfb_disable(struct device *dev) { } -- 2.46.0

1 year, 4 months

4
3
0 0

[PATCH v2] usb: dwc3: core: Prevent USB core invalid event buffer address access

by Selvarasu Ganesan

This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues. The problem arises from the following sequence. 1. In dwc3_gadget_suspend, there is a chance of a timeout when moving the USB core to the halt state after clearing the run/stop bit by software. 2. In dwc3_core_exit, the event buffer is cleared regardless of the USB core's status, which may lead to an SMMU faults and other memory issues. if the USB core tries to access the event buffer address. To prevent this issue, this commit ensures that the event buffer address is not cleared by software when the USB core is active during runtime suspend by checking its status before clearing the buffer address. Cc: stable(a)vger.kernel.org Fixes: 89d7f9629946 ("usb: dwc3: core: Skip setting event buffers for host only controllers") Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com> --- Changes in v2: - Added separate check for USB controller status before cleaning the event buffer. - Link to v1: https://lore.kernel.org/lkml/20240722145617.537-1-selvarasu.g@samsung.com/ --- drivers/usb/dwc3/core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/usb/dwc3/core.c b/drivers/usb/dwc3/core.c index 734de2a8bd21..5b67d9bca71b 100644 --- a/drivers/usb/dwc3/core.c +++ b/drivers/usb/dwc3/core.c @@ -564,10 +564,15 @@ int dwc3_event_buffers_setup(struct dwc3 *dwc) void dwc3_event_buffers_cleanup(struct dwc3 *dwc) { struct dwc3_event_buffer *evt; + u32 reg; if (!dwc->ev_buf) return; + reg = dwc3_readl(dwc->regs, DWC3_DSTS); + if (!(reg & DWC3_DSTS_DEVCTRLHLT)) + return; + evt = dwc->ev_buf; evt->lpos = 0; -- 2.17.1

1 year, 4 months

3
8
0 0

[PATCH v2] cxgb4: add forgotten u64 ivlan cast before shift

by Nikolay Kuratov

It is done everywhere in cxgb4 code, e.g. in is_filter_exact_match() There is no reason it should not be done here Found by Linux Verification Center (linuxtesting.org) with SVACE Signed-off-by: Nikolay Kuratov <kniv(a)yandex-team.ru> Cc: stable(a)vger.kernel.org Fixes: 12b276fbf6e0 ("cxgb4: add support to create hash filters") Reviewed-by: Simon Horman <horms(a)kernel.org> --- v2: Wrap line to 80 characters drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c index 786ceae34488..dd9e68465e69 100644 --- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c +++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c @@ -1244,7 +1244,8 @@ static u64 hash_filter_ntuple(struct ch_filter_specification *fs, * in the Compressed Filter Tuple. */ if (tp->vlan_shift >= 0 && fs->mask.ivlan) - ntuple |= (FT_VLAN_VLD_F | fs->val.ivlan) << tp->vlan_shift; + ntuple |= (u64)(FT_VLAN_VLD_F | + fs->val.ivlan) << tp->vlan_shift; if (tp->port_shift >= 0 && fs->mask.iport) ntuple |= (u64)fs->val.iport << tp->port_shift; -- 2.34.1

1 year, 4 months

4
3
0 0

[PATCH v5] scsi: sd: Ignore command SYNC CACHE error if format in progress

by Yihang Li

If formatting a suspended disk (such as formatting with different DIF type), the disk will be resuming first, and then the format command will submit to the disk through SG_IO ioctl. When the disk is processing the format command, the system does not submit other commands to the disk. Therefore, the system attempts to suspend the disk again and sends the SYNC CACHE command. However, the SYNC CACHE command will fail because the disk is in the formatting process, which will cause the runtime_status of the disk to error and it is difficult for user to recover it. Error info like: [ 669.925325] sd 6:0:6:0: [sdg] Synchronizing SCSI cache [ 670.202371] sd 6:0:6:0: [sdg] Synchronize Cache(10) failed: Result: hostbyte=0x00 driverbyte=DRIVER_OK [ 670.216300] sd 6:0:6:0: [sdg] Sense Key : 0x2 [current] [ 670.221860] sd 6:0:6:0: [sdg] ASC=0x4 ASCQ=0x4 To solve the issue, ignore the error and return success/0 when formatting in progress. Cc: stable(a)vger.kernel.org Signed-off-by: Yihang Li <liyihang9(a)huawei.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> --- Changes since v4: - Rename the commit title. - Ignore the SYNC command error during formatting as suggested by Damien. Changes since v3: - Add Cc tag for kernel stable. Changes since v2: - Add Reviewed-by for Bart. Changes since v1: - Updated and added error information to the patch description. --- drivers/scsi/sd.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c index adeaa8ab9951..2d7240a24b52 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c @@ -1823,13 +1823,15 @@ static int sd_sync_cache(struct scsi_disk *sdkp) (sshdr.asc == 0x74 && sshdr.ascq == 0x71)) /* drive is password locked */ /* this is no error here */ return 0; + /* - * This drive doesn't support sync and there's not much - * we can do because this is called during shutdown - * or suspend so just return success so those operations - * can proceed. + * If a format is in progress or if the drive does not + * support sync, there is not much we can do because + * this is called during shutdown or suspend so just + * return success so those operations can proceed. */ - if (sshdr.sense_key == ILLEGAL_REQUEST) + if ((sshdr.asc == 0x04 && sshdr.ascq == 0x04) || + sshdr.sense_key == ILLEGAL_REQUEST) return 0; } -- 2.33.0

1 year, 4 months

3
7
0 0

[PATCH] phy: qualcomm: Check NULL ptr on lvts_data in qcom_ipq806x_usb_phy_probe()

by Ma Ke

of_device_get_match_data() can return NULL if of_match_device failed, and the pointer 'data' was dereferenced without checking against NULL. Add checking of pointer 'data' in qcom_ipq806x_usb_phy_probe(). Cc: stable(a)vger.kernel.org Fixes: ef19b117b834 ("phy: qualcomm: add qcom ipq806x dwc usb phy driver") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c b/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c index 06392ed7c91b..9b9fd9c1b1f7 100644 --- a/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c +++ b/drivers/phy/qualcomm/phy-qcom-ipq806x-usb.c @@ -492,6 +492,8 @@ static int qcom_ipq806x_usb_phy_probe(struct platform_device *pdev) return -ENOMEM; data = of_device_get_match_data(&pdev->dev); + if (!data) + return -ENODEV; phy_dwc3->dev = &pdev->dev; -- 2.25.1

1 year, 4 months

3
2
0 0

[PATCH 6.10 000/263] 6.10.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.5 release. There are 263 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Wed, 14 Aug 2024 16:00:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.5-rc1 Filipe Manana <fdmanana(a)suse.com> btrfs: fix double inode unlock for direct IO sync writes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: test both signal & subflow Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: ability to invert ADD_ADDR check Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: do not ignore 'subflow' if 'signal' flag is also set Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: don't try to create sf if alloc failed Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: reduce indentation blocks Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Defer handling mst up request in resume Swapnil Patel <swapnil.patel(a)amd.com> drm/amd/display: Change ASSR disable sequence Natanel Roizenman <natanel.roizenman(a)amd.com> drm/amd/display: Add null check in resource_log_pipe_topology_update Michal Kubiak <michal.kubiak(a)intel.com> idpf: fix memleak in vport interrupt configuration Filipe Manana <fdmanana(a)suse.com> btrfs: fix corruption after buffer fault in during direct IO append write Ivan Lipski <ivlipski(a)amd.com> Revert "drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update" Sung-huai Wang <danny.wang(a)amd.com> Revert "drm/amd/display: Handle HPD_IRQ for internal link" Jens Axboe <axboe(a)kernel.dk> block: use the right type for stub rq_integrity_vec() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: deny endp with signal + subflow + port Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: fully established after ADD_ADDR echo on MPJ Bill Wendling <morbo(a)google.com> drm/radeon: Remove __counted_by from StateArray.states[] Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Bind I2C lifetime to DRM device Thomas Zimmermann <tzimmermann(a)suse.de> drm/mgag200: Set DDC timeout in milliseconds Dragan Simic <dsimic(a)manjaro.org> drm/lima: Mark simple_ondemand governor as softdep Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Skip CSN if topology probing is not done yet Lucas Stach <l.stach(a)pengutronix.de> drm/bridge: analogix_dp: properly handle zero sized AUX transactions Yang Yingliang <yangyingliang(a)huawei.com> sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate() Yang Yingliang <yangyingliang(a)huawei.com> sched/core: Introduce sched_set_rq_on/offline() helper Yang Yingliang <yangyingliang(a)huawei.com> sched/smt: Fix unbalance sched_smt_present dec/inc Yang Yingliang <yangyingliang(a)huawei.com> sched/smt: Introduce sched_smt_present_inc/dec() helper Andi Kleen <ak(a)linux.intel.com> x86/mtrr: Check if fixed MTRRs exist before saving them Chen Yu <yu.c.chen(a)intel.com> x86/paravirt: Fix incorrect virt spinlock setting on bare metal Qu Wenruo <wqu(a)suse.com> btrfs: avoid using fixed char array size for tree names Dmitry Safonov <0x7f454c46(a)gmail.com> net/tcp: Disable TCP-AO static key after RCU grace period Muchun Song <muchun.song(a)linux.dev> mm: list_lru: fix UAF for memory cgroup Nico Pache <npache(a)redhat.com> selftests: mm: add s390 to ARCH check Mathias Krause <minipli(a)grsecurity.net> eventfs: Use SRCU for freeing eventfs_inodes Mathias Krause <minipli(a)grsecurity.net> eventfs: Don't return NULL in eventfs_create_dir() Steve French <stfrench(a)microsoft.com> smb3: fix setting SecurityFlags when encryption is required Waiman Long <longman(a)redhat.com> padata: Fix possible divide-by-0 panic in padata_mt_helper() Tze-nan Wu <Tze-nan.Wu(a)mediatek.com> tracing: Fix overflow in get_free_elt() Steven Rostedt <rostedt(a)goodmis.org> tracing: Have format file honor EVENT_FILE_FL_FREED Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Round constant_charge_voltage writes down Hans de Goede <hdegoede(a)redhat.com> power: supply: axp288_charger: Fix constant_charge_voltage writes Neil Armstrong <neil.armstrong(a)linaro.org> power: supply: qcom_battmgr: return EAGAIN when firmware service is not up Miao Wang <shankerwangmiao(a)gmail.com> LoongArch: Enable general EFI poweroff method Shay Drory <shayd(a)nvidia.com> genirq/irqdesc: Honor caller provided affinity in alloc_desc() Yong-Xuan Wang <yongxuan.wang(a)sifive.com> irqchip/riscv-aplic: Retrigger MSI interrupt on source configuration Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com> irqchip/xilinx: Fix shift out of bounds Andrey Konovalov <andreyknvl(a)gmail.com> kcov: properly check for softirq context Konrad Dybcio <konrad.dybcio(a)linaro.org> spmi: pmic-arb: Pass the correct of_node to irq_domain_add_tree Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix a possible DMA corruption Mikulas Patocka <mpatocka(a)redhat.com> parisc: fix unaligned accesses in BPF Shakeel Butt <shakeel.butt(a)linux.dev> memcg: protect concurrent access to mem_cgroup_idr Max Krummenacher <max.krummenacher(a)toradex.com> tty: vt: conmakehash: cope with abs_srctree no longer in env Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix invalid FIFO access with special register set Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix TX fifo corruption George Kennedy <george.kennedy(a)oracle.com> serial: core: check uartclk for zero to avoid divide by zero Thomas Gleixner <tglx(a)linutronix.de> timekeeping: Fix bogus clock_was_set() invocation in do_adjtimex() Justin Stitt <justinstitt(a)google.com> ntp: Safeguard against time_constant overflow Steven Rostedt <rostedt(a)goodmis.org> tracefs: Use generic inode RCU for synchronizing freeing Mathias Krause <minipli(a)grsecurity.net> tracefs: Fix inode allocation Francesco Dolcini <francesco.dolcini(a)toradex.com> arm64: dts: ti: k3-am62-verdin-dahlia: Keep CTRL_SLEEP_MOCI# regulator on Dan Williams <dan.j.williams(a)intel.com> driver core: Fix uevent_show() vs driver detach race Justin Stitt <justinstitt(a)google.com> ntp: Clamp maxerror and esterror to operating range David Collins <quic_collinsd(a)quicinc.com> spmi: pmic-arb: add missing newline in dev_err format strings Jason Wang <jasowang(a)redhat.com> vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler Jean-Michel Hautbois <jeanmichel.hautbois(a)yoseli.org> media: v4l: Fix missing tabular column hint for Y14P format Thomas Gleixner <tglx(a)linutronix.de> tick/broadcast: Move per CPU pointer access into the atomic section Vamshi Gajjela <vamshigajjela(a)google.com> scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> scsi: ufs: core: Do not set link to OFF state while waking up from hibernation Peter Wang <peter.wang(a)mediatek.com> scsi: ufs: core: Fix deadlock during RTC update Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES Chris Wulff <crwulff(a)gmail.com> usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed. Tudor Ambarus <tudor.ambarus(a)linaro.org> usb: gadget: f_fs: restore ffs_func_disable() functionality Prashanth K <quic_prashk(a)quicinc.com> usb: gadget: u_serial: Set start_delayed during suspend Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix the response for FB info with block 0xff Chris Wulff <crwulff(a)gmail.com> usb: gadget: core: Check for unset descriptor Konrad Dybcio <konrad.dybcio(a)linaro.org> usb: typec: fsa4480: Check if the chip is really there Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> USB: serial: debug: do not echo input by default Oliver Neukum <oneukum(a)suse.com> usb: vhci-hcd: Do not drop references before new references are gained Takashi Iwai <tiwai(a)suse.de> ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 Dustin L. Howett <dustin(a)howett.net> ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks Steven 'Steve' Kendall <skend(a)chromium.org> ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list Takashi Iwai <tiwai(a)suse.de> ALSA: line6: Fix racy access to midibuf Jens Axboe <axboe(a)kernel.dk> io_uring/net: don't pick multiple buffers for non-bundle send Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure expanded bundle send gets marked for cleanup Jens Axboe <axboe(a)kernel.dk> io_uring/net: ensure expanded bundle recv gets marked for cleanup Dave Airlie <airlied(a)redhat.com> drm/test: fix the gem shmem test to map the sg table. Dnyaneshwar Bhadane <dnyaneshwar.bhadane(a)intel.com> drm/i915/display: correct dual pps handling for MTL_PCH+ Ma Ke <make24(a)iscas.ac.cn> drm/client: fix null pointer dereference in drm_client_modeset_probe Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Adjust vma offset for framebuffer mmap offset Joshua Ashton <joshua(a)froggi.es> drm/amdgpu: Forward soft recovery errors to userspace Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Andi Shyti <andi.shyti(a)linux.intel.com> drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Linus Torvalds <torvalds(a)linux-foundation.org> module: make waiting for a concurrent module loader interruptible Linus Torvalds <torvalds(a)linux-foundation.org> module: warn about excessively long module waits Gleb Korobeynikov <gkorobeynikov(a)astralinux.ru> cifs: cifs_inval_name_dfs_link_error: correct the check for fullpath Jerome Brunet <jbrunet(a)baylibre.com> ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT Matthew Brost <matthew.brost(a)intel.com> drm/xe: Take ref to VM in delayed snapshot Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Minor cleanup in LRC handling Karthik Poosa <karthik.poosa(a)intel.com> drm/xe/hwmon: Fix PL1 disable flow in xe_hwmon_power_max_write Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use dma_fence_chain_free in chain fence unused as a sync Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/rtp: Fix off-by-one when processing rules Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Re-add ScratchAmp quirk entries Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Fix scldiv calculation Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd David Gow <david(a)davidgow.net> drm/i915: Attempt to get pages without eviction first David Gow <david(a)davidgow.net> drm/i915: Allow evicting to use the requested placement Gaosheng Cui <cuigaosheng1(a)huawei.com> i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume Simon Ser <contact(a)emersion.fr> drm/atomic: allow no-op FB_ID updates for async flips Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Handle OTP read latency over SoundWire Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Revert support for dual-ownership of ASP registers Gaosheng Cui <cuigaosheng1(a)huawei.com> i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs-amp-lib: Fix NULL pointer crash if efi.get_variable is NULL Masami Hiramatsu (Google) <mhiramat(a)kernel.org> kprobes: Fix to check symbol prefixes correctly Menglong Dong <menglong8.dong(a)gmail.com> bpf: kprobe: remove unused declaring of bpf_kprobe_override Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Send alert notifications to all devices if source not found Curtis Malainey <cujomalainey(a)chromium.org> ASoC: SOF: Remove libraries from topology lookups Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for bh2228fv Jerome Audu <jau(a)free.fr> ASoC: sti: add missing probe entry for player and reader Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa884x: Correct Soundwire ports mask Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa884x: parse port-mapping information Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa883x: Correct Soundwire ports mask Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs: wsa883x: parse port-mapping information Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wsa881x: Correct Soundwire ports mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd939x-sdw: Correct Soundwire ports mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask Guenter Roeck <linux(a)roeck-us.net> i2c: smbus: Improve handling of stuck alerts Jeff Layton <jlayton(a)kernel.org> nfsd: don't set SVC_SOCK_ANONYMOUS when creating nfsd sockets Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround (again) Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A725 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X1C definitions Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Expand speculative SSBS workaround Mark Rutland <mark.rutland(a)arm.com> arm64: errata: Unify speculative SSBS errata logic Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X925 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-A720 definitions Mark Rutland <mark.rutland(a)arm.com> arm64: cputype: Add Cortex-X3 definitions Willem de Bruijn <willemb(a)google.com> net: drop bad gso csum_start and offset in virtio_net_hdr Zheng Zucheng <zhengzucheng(a)huawei.com> sched/cputime: Fix mul_u64_u64_div_u64() precision for cputime Huacai Chen <chenhuacai(a)kernel.org> irqchip/loongarch-cpu: Fix return value of lpic_gsi_to_irq() Arseniy Krasnov <avkrasnov(a)salutedevices.com> irqchip/meson-gpio: Convert meson_gpio_irq_controller::lock to 'raw_spinlock_t' Bingbu Cao <bingbu.cao(a)intel.com> media: intel/ipu6: select AUXILIARY_BUS in Kconfig Arnd Bergmann <arnd(a)arndb.de> media: ipu-bridge: fix ipu6 Kconfig dependencies Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES Johan Hovold <johan+linaro(a)kernel.org> scsi: Revert "scsi: sd: Do not repeat the starting disk message" Paul E. McKenney <paulmck(a)kernel.org> clocksource: Fix brown-bag boolean thinko in cs_watchdog_read() Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> profiling: remove profile=sleep support Rik van Riel <riel(a)surriel.com> mm, slub: do not call do_slab_free for kfence object Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fix a race to wake a sync task Wojciech Gładysz <wojciech.gladysz(a)infogain.com> ext4: sanity check for NULL pointer after ext4_force_shutdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Prevent release of buffer in I/O Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Fix null pointer deref in dcn20_resource.c Kemeng Shi <shikemeng(a)huaweicloud.com> jbd2: avoid memleak in jbd2_journal_write_metadata_buffer Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix uninitialized variable in ext4_inlinedir_to_tree Chi Zhiling <chizhiling(a)kylinos.cn> media: xc2028: avoid use-after-free in load_firmware_cb() Rodrigo Siqueira <rodrigo.siqueira(a)amd.com> drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 Michal Pecio <michal.pecio(a)gmail.com> media: uvcvideo: Fix the bandwdith quirk on USB 3.x Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Ignore empty TS packets Abdulrasaq Lawani <abdulrasaqolawani(a)gmail.com> media: i2c: ov5647: replacing of_node_put with __free(device_node) Alex Hung <alex.hung(a)amd.com> drm/amd/display: Add null checker before passing variables Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: remove dpp pipes on failure to update pipe params Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute Wenjing Liu <wenjing.liu(a)amd.com> drm/amd/display: reduce ODM slice count to initial new dc state only when needed Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Wake DMCUB before sending a command for replay feature Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update Ming Qian <ming.qian(a)nxp.com> media: amphion: Remove lock in s_ctrl callback Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Bob Zhou <bob.zhou(a)amd.com> drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Victor Skvortsov <victor.skvortsov(a)amd.com> drm/amdgpu: Add lock around VF RLCG interface Jesse Zhang <jesse.zhang(a)amd.com> drm/admgpu: fix dereferencing null pointer context Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu: Fix the null pointer dereference to ras_manager Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the null pointer dereference for smu7 Jonathan Cavitt <jonathan.cavitt(a)intel.com> drm/xe/xe_guc_submit: Fix exec queue stop race condition Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> drm/amd/amdkfd: Fix a resource leak in svm_range_validate_and_map() Ma Jun <Jun.Ma2(a)amd.com> drm/amdgpu/pm: Fix the param type of set_power_profile_mode Tim Huang <Tim.Huang(a)amd.com> drm/amdgpu: fix potential resource leak warning Michael Strauss <michael.strauss(a)amd.com> drm/amd/display: Add delay to improve LTTPR UHBR interop Sung-huai Wang <danny.wang(a)amd.com> drm/amd/display: Handle HPD_IRQ for internal link Matthew Auld <matthew.auld(a)intel.com> drm/xe/preempt_fence: enlarge the fence critical section Luke Wang <ziniu.wang_1(a)nxp.com> Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading Filipe Manana <fdmanana(a)suse.com> btrfs: fix bitmap leak when loading free space cache on duplicate entry Filipe Manana <fdmanana(a)suse.com> btrfs: fix data race when accessing the last_trans field of a root Filipe Manana <fdmanana(a)suse.com> btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() Filipe Manana <fdmanana(a)suse.com> btrfs: do not BUG_ON() when freeing tree block after error Qu Wenruo <wqu(a)suse.com> btrfs: do not clear page dirty inside extent_write_locked_range() Ido Schimmel <idosch(a)nvidia.com> mlxsw: pci: Lock configuration space of upstream bridge during reset Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> net: stmmac: qcom-ethqos: enable SGMII loopback during DMA reset on sa8775p-ride-r3 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: don't give key data to userspace Matt Bobrowski <mattbobrowski(a)google.com> bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Roman Smirnov <r.smirnov(a)omp.ru> udf: prevent integer overflow in udf_bitmap_free_blocks() Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211: fix NULL dereference at band check in starting tx ba session FUJITA Tomonori <fujita.tomonori(a)gmail.com> PCI: Add Edimax Vendor ID to pci_ids.h Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't retry after unix_state_lock_nested() in unix_stream_connect(). Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: pci: fix RX tag race condition resulting in wrong RX length Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix send_signal test with nested CONFIG_PARAVIRT Dragos Tatulea <dtatulea(a)nvidia.com> net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtlwifi: handle return value of usb init TX/RX Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix race due to setting ATH12K_FLAG_EXT_IRQ_ENABLED too early Johannes Berg <johannes.berg(a)intel.com> wifi: nl80211: disallow setting special AP channel widths Zhang Rui <rui.zhang(a)intel.com> thermal: intel: hfi: Give HFI instances package scope Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MJ Tamim Khan <tamim(a)fusetak.com> ACPI: resource: Skip IRQ override on Asus Vivobook Pro N6506MU Viresh Kumar <viresh.kumar(a)linaro.org> xen: privcmd: Switch from mutex to spinlock for irqfds Sibi Sankar <quic_sibis(a)quicinc.com> soc: qcom: icc-bwmon: Allow for interrupts to be shared across instances Perry Yuan <perry.yuan(a)amd.com> cpufreq: amd-pstate: auto-load pstate driver by default Mario Limonciello <mario.limonciello(a)amd.com> cpufreq: amd-pstate: Allow users to write 'default' EPP string Thomas Weißschuh <linux(a)weissschuh.net> ACPI: SBS: manage alarm sysfs attribute through psy core Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: create alarm sysfs attribute atomically Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> clocksource/drivers/sh_cmt: Address race condition for clock events Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix rcu_barrier() VS post CPUHP_TEARDOWN_CPU invocation Mikulas Patocka <mpatocka(a)redhat.com> block: change rq_integrity_vec to respect the iterator Keith Busch <kbusch(a)kernel.org> nvme: apple: fix device reference counting Breno Leitao <leitao(a)debian.org> debugobjects: Annotate racy debug variables Yu Kuai <yukuai3(a)huawei.com> md/raid5: avoid BUG_ON() while continue reshape after reassembling Li Nan <linan122(a)huawei.com> md: change the return value type of md_write_start to void Li Nan <linan122(a)huawei.com> md: do not delete safemode_timer in mddev_suspend Paul E. McKenney <paulmck(a)kernel.org> rcutorture: Fix rcu_torture_fwd_cb_cr() data race Ben Walsh <ben(a)jubnut.com> platform/chrome: cros_ec_lpc: Add a new quirk for ACPI id Frederic Weisbecker <frederic(a)kernel.org> Revert "rcu-tasks: Fix synchronize_rcu_tasks() VS zap_pid_ns_processes()" Wilken Gottwalt <wilken.gottwalt(a)posteo.net> hwmon: corsair-psu: add USB id of HX1200i Series 2023 psu Hagar Hemdan <hagarhem(a)amazon.com> gpio: prevent potential speculation leaks in gpio_device_get_desc() Richard Fitzgerald <rf(a)opensource.cirrus.com> regmap: kunit: Fix memory leaks in gen_regmap() and gen_raw_regmap() Martin Whitaker <foss(a)martin-whitaker.me.uk> net: dsa: microchip: disable EEE for KSZ8567/KSZ9567/KSZ9896/KSZ9897. Arnd Bergmann <arnd(a)arndb.de> net: pse-pd: tps23881: include missing bitfield.h header Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Stop PPS on driver remove Florian Fainelli <florian.fainelli(a)broadcom.com> net: bcmgenet: Properly overlay PHY and MAC Wake-on-LAN capabilities James Chapman <jchapman(a)katalix.com> l2tp: fix lockdep splat Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: fix UAFs when destroying the queues Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: fix memory leaks and crashes while performing a soft reset Michael Chan <michael.chan(a)broadcom.com> bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl() Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() Zhengchao Shao <shaozhengchao(a)huawei.com> net/smc: add the max value of fallback reason count Anton Khirnov <anton(a)khirnov.net> Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() Grzegorz Nitka <grzegorz.nitka(a)intel.com> ice: Fix reset handler Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix Wake-on-LAN check to not return an error Eric Dumazet <edumazet(a)google.com> net: linkwatch: use system_unbound_wq Nikolay Aleksandrov <razor(a)blackwall.org> net: bridge: mcast: wait for previous gc cycles when removing port Daniele Palmas <dnlplm(a)gmail.com> net: usb: qmi_wwan: fix memory leak for not ip packets Heng Qi <hengqi(a)linux.alibaba.com> virtio-net: unbreak vq resizing when coalescing is not negotiated Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix use of netif_carrier_ok() Kyle Swenson <kyle.swenson(a)est.tech> net: pse-pd: tps23881: Fix the device ID check Kuniyuki Iwashima <kuniyu(a)amazon.com> sctp: Fix null-ptr-deref in reuseport_add_sock(). Nikita Travkin <nikita(a)trvn.ru> power: supply: rt5033: Bring back i2c_set_clientdata Paulo Alcantara <pc(a)manguebit.com> smb: client: handle lack of FSCTL_GET_REPARSE_POINT support Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_entry_text() for i386 Peter Zijlstra <peterz(a)infradead.org> x86/mm: Fix pti_clone_pgtable() alignment assumption Laura Nao <laura.nao(a)collabora.com> selftests: ksft: Fix finished() helper exit code on skipped tests Li Huafei <lihuafei1(a)huawei.com> perf/x86: Fix smp_processor_id()-in-preemptible warnings Kan Liang <kan.liang(a)linux.intel.com> perf/x86: Support counter mask Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Support the PEBS event mask Uros Bizjak <ubizjak(a)gmail.com> perf/x86/amd: Use try_cmpxchg() in events/amd/{un,}core.c Peter Zijlstra <peterz(a)infradead.org> jump_label: Fix the fix, brown paper bags galore Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> platform/x86/intel/ifs: Initialize union ifs_status to zero Yipeng Zou <zouyipeng(a)huawei.com> irqchip/mbigen: Fix mbigen node address layout Hans de Goede <hdegoede(a)redhat.com> platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Zhenyu Wang <zhenyuw(a)linux.intel.com> perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Add Lunarlake support Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Add Arrowlake support Uros Bizjak <ubizjak(a)gmail.com> locking/pvqspinlock: Correct the type of "old" variable in pv_kick_node() Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode() ------------- Diffstat: Documentation/admin-guide/cifs/usage.rst | 2 +- Documentation/admin-guide/kernel-parameters.txt | 4 +- Documentation/arch/arm64/silicon-errata.rst | 34 ++- Documentation/hwmon/corsair-psu.rst | 6 +- .../userspace-api/media/v4l/pixfmt-yuv-luma.rst | 4 +- Makefile | 4 +- arch/arm64/Kconfig | 58 +++-- arch/arm64/boot/dts/ti/k3-am62-verdin-dahlia.dtsi | 22 -- arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 6 - arch/arm64/include/asm/cpucaps.h | 2 +- arch/arm64/include/asm/cputype.h | 10 + arch/arm64/kernel/cpu_errata.c | 26 ++- arch/arm64/kernel/proton-pack.c | 2 +- arch/loongarch/kernel/efi.c | 6 + arch/parisc/Kconfig | 1 + arch/parisc/include/asm/cache.h | 11 +- arch/parisc/net/bpf_jit_core.c | 2 +- arch/x86/events/amd/core.c | 28 +-- arch/x86/events/amd/uncore.c | 8 +- arch/x86/events/core.c | 116 +++++----- arch/x86/events/intel/core.c | 164 +++++++------ arch/x86/events/intel/cstate.c | 35 ++- arch/x86/events/intel/ds.c | 34 ++- arch/x86/events/intel/knc.c | 2 +- arch/x86/events/intel/p4.c | 10 +- arch/x86/events/intel/p6.c | 2 +- arch/x86/events/perf_event.h | 62 ++++- arch/x86/events/zhaoxin/core.c | 12 +- arch/x86/include/asm/intel_ds.h | 1 + arch/x86/include/asm/qspinlock.h | 12 +- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- arch/x86/kernel/paravirt.c | 7 +- arch/x86/mm/pti.c | 8 +- drivers/acpi/battery.c | 16 +- drivers/acpi/resource.c | 14 ++ drivers/acpi/sbs.c | 23 +- drivers/base/core.c | 13 +- drivers/base/module.c | 4 + drivers/base/regmap/regmap-kunit.c | 72 +++--- drivers/bluetooth/btnxpuart.c | 2 +- drivers/clocksource/sh_cmt.c | 13 +- drivers/cpufreq/amd-pstate.c | 32 ++- drivers/cpufreq/amd-pstate.h | 1 + drivers/gpio/gpiolib.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_psp_ta.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_virt.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm_sdma.c | 5 + drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 10 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 255 +++++++++++++-------- drivers/gpu/drm/amd/display/dc/core/dc_resource.c | 58 +++-- drivers/gpu/drm/amd/display/dc/core/dc_state.c | 67 ++++-- drivers/gpu/drm/amd/display/dc/dce/dmub_replay.c | 9 +- .../drm/amd/display/dc/hwss/dcn10/dcn10_hwseq.c | 49 ++-- .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 3 + .../hwss/link_hwss_hpo_fixed_vs_pe_retimer_dp.c | 5 + drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../dc/link/protocols/link_dp_irq_handler.c | 3 +- .../amd/display/dc/resource/dcn20/dcn20_resource.c | 9 +- drivers/gpu/drm/amd/pm/powerplay/amd_powerplay.c | 8 +- drivers/gpu/drm/amd/pm/powerplay/hwmgr/pp_psm.c | 8 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 55 ++--- .../gpu/drm/amd/pm/powerplay/hwmgr/smu8_hwmgr.c | 14 +- .../gpu/drm/amd/pm/powerplay/hwmgr/vega10_hwmgr.c | 36 ++- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 +- drivers/gpu/drm/bridge/analogix/analogix_dp_reg.c | 5 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 11 + drivers/gpu/drm/drm_atomic_uapi.c | 15 +- drivers/gpu/drm/drm_client_modeset.c | 5 + drivers/gpu/drm/i915/display/intel_backlight.c | 3 + drivers/gpu/drm/i915/display/intel_pps.c | 3 + drivers/gpu/drm/i915/gem/i915_gem_mman.c | 55 ++++- drivers/gpu/drm/i915/gem/i915_gem_ttm.c | 13 +- drivers/gpu/drm/lima/lima_drv.c | 1 + drivers/gpu/drm/mgag200/mgag200_i2c.c | 8 +- drivers/gpu/drm/radeon/pptable.h | 2 +- drivers/gpu/drm/tests/drm_gem_shmem_test.c | 11 + drivers/gpu/drm/xe/regs/xe_engine_regs.h | 4 +- drivers/gpu/drm/xe/xe_guc_submit.c | 2 +- drivers/gpu/drm/xe/xe_hwmon.c | 3 +- drivers/gpu/drm/xe/xe_lrc.c | 17 +- drivers/gpu/drm/xe/xe_preempt_fence.c | 14 +- drivers/gpu/drm/xe/xe_rtp.c | 2 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/hwmon/corsair-psu.c | 7 +- drivers/i2c/busses/i2c-qcom-geni.c | 5 +- drivers/i2c/i2c-smbus.c | 64 +++++- drivers/irqchip/irq-loongarch-cpu.c | 6 +- drivers/irqchip/irq-mbigen.c | 20 +- drivers/irqchip/irq-meson-gpio.c | 14 +- drivers/irqchip/irq-riscv-aplic-msi.c | 32 ++- drivers/irqchip/irq-xilinx-intc.c | 2 +- drivers/md/md.c | 15 +- drivers/md/md.h | 2 +- drivers/md/raid1.c | 3 +- drivers/md/raid10.c | 3 +- drivers/md/raid5.c | 23 +- drivers/media/i2c/ov5647.c | 11 +- drivers/media/pci/intel/ipu6/Kconfig | 3 +- drivers/media/platform/amphion/vdec.c | 2 - drivers/media/platform/amphion/venc.c | 2 - drivers/media/tuners/xc2028.c | 9 +- drivers/media/usb/uvc/uvc_video.c | 37 ++- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 2 + drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 125 +++++----- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 13 +- drivers/net/dsa/bcm_sf2.c | 4 +- drivers/net/dsa/microchip/ksz_common.c | 16 ++ drivers/net/ethernet/broadcom/bnxt/bnxt.c | 13 +- drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 14 +- drivers/net/ethernet/freescale/fec_ptp.c | 3 + drivers/net/ethernet/google/gve/gve_ethtool.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 12 +- drivers/net/ethernet/intel/ice/ice_main.c | 2 + drivers/net/ethernet/intel/idpf/idpf_lib.c | 48 ++-- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 43 +--- drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 + drivers/net/ethernet/mellanox/mlxsw/pci.c | 6 + .../ethernet/stmicro/stmmac/dwmac-qcom-ethqos.c | 23 ++ drivers/net/pse-pd/tps23881.c | 5 +- drivers/net/usb/qmi_wwan.c | 1 + drivers/net/virtio_net.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 1 + drivers/net/wireless/ath/ath12k/pci.c | 4 +- drivers/net/wireless/realtek/rtlwifi/usb.c | 34 ++- drivers/net/wireless/realtek/rtw89/pci.c | 13 +- drivers/nvme/host/apple.c | 27 ++- drivers/nvme/host/pci.c | 6 +- drivers/platform/chrome/cros_ec_lpc.c | 50 +++- drivers/platform/x86/intel/ifs/runtest.c | 2 +- drivers/platform/x86/intel/vbtn.c | 9 + drivers/power/supply/axp288_charger.c | 24 +- drivers/power/supply/qcom_battmgr.c | 8 +- drivers/power/supply/rt5033_battery.c | 1 + drivers/s390/char/sclp_sd.c | 10 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 11 + drivers/scsi/mpt3sas/mpt3sas_base.c | 20 +- drivers/scsi/sd.c | 5 +- drivers/soc/qcom/icc-bwmon.c | 12 +- drivers/spi/spi-fsl-lpspi.c | 6 +- drivers/spi/spidev.c | 1 + drivers/spmi/spmi-pmic-arb.c | 11 +- drivers/thermal/intel/intel_hfi.c | 30 +-- drivers/tty/serial/sc16is7xx.c | 25 +- drivers/tty/serial/serial_core.c | 8 + drivers/tty/vt/conmakehash.c | 20 +- drivers/ufs/core/ufshcd-priv.h | 5 + drivers/ufs/core/ufshcd.c | 19 +- drivers/usb/gadget/function/f_fs.c | 6 +- drivers/usb/gadget/function/f_midi2.c | 21 +- drivers/usb/gadget/function/u_audio.c | 42 +++- drivers/usb/gadget/function/u_serial.c | 1 + drivers/usb/gadget/udc/core.c | 10 +- drivers/usb/serial/usb_debug.c | 7 + drivers/usb/typec/mux/fsa4480.c | 14 ++ drivers/usb/usbip/vhci_hcd.c | 9 +- drivers/vhost/vdpa.c | 8 +- drivers/xen/privcmd.c | 25 +- fs/btrfs/ctree.c | 57 +++-- fs/btrfs/ctree.h | 11 + fs/btrfs/defrag.c | 2 +- fs/btrfs/disk-io.c | 4 +- fs/btrfs/extent-tree.c | 46 ++-- fs/btrfs/extent-tree.h | 8 +- fs/btrfs/extent_io.c | 4 +- fs/btrfs/file.c | 60 +++-- fs/btrfs/free-space-cache.c | 1 + fs/btrfs/free-space-tree.c | 10 +- fs/btrfs/ioctl.c | 6 +- fs/btrfs/print-tree.c | 2 +- fs/btrfs/qgroup.c | 6 +- fs/btrfs/relocation.c | 8 +- fs/btrfs/transaction.c | 8 +- fs/buffer.c | 2 + fs/ext4/inline.c | 6 +- fs/ext4/inode.c | 5 + fs/jbd2/journal.c | 1 + fs/nfsd/nfsctl.c | 3 +- fs/smb/client/cifs_debug.c | 2 +- fs/smb/client/cifsglob.h | 8 +- fs/smb/client/inode.c | 17 +- fs/smb/client/misc.c | 9 +- fs/smb/client/reparse.c | 4 + fs/smb/client/reparse.h | 19 +- fs/smb/client/smb2inode.c | 2 + fs/smb/client/smb2pdu.c | 3 + fs/tracefs/event_inode.c | 4 +- fs/tracefs/inode.c | 12 +- fs/tracefs/internal.h | 5 +- fs/udf/balloc.c | 36 ++- include/linux/blk-integrity.h | 16 +- include/linux/fs.h | 2 +- include/linux/pci_ids.h | 2 + include/linux/profile.h | 1 - include/linux/rcupdate.h | 2 - include/linux/trace_events.h | 1 - include/linux/virtio_net.h | 16 +- include/sound/cs35l56.h | 14 +- io_uring/net.c | 7 +- kernel/bpf/verifier.c | 17 +- kernel/irq/irqdesc.c | 1 + kernel/jump_label.c | 4 +- kernel/kcov.c | 15 +- kernel/kprobes.c | 4 +- kernel/locking/qspinlock_paravirt.h | 2 +- kernel/module/main.c | 41 +++- kernel/padata.c | 7 + kernel/pid_namespace.c | 17 -- kernel/profile.c | 11 +- kernel/rcu/rcutorture.c | 2 +- kernel/rcu/tasks.h | 16 +- kernel/rcu/tree.c | 10 +- kernel/sched/core.c | 68 ++++-- kernel/sched/cputime.c | 6 + kernel/sched/stats.c | 10 - kernel/time/clocksource.c | 2 +- kernel/time/ntp.c | 9 +- kernel/time/tick-broadcast.c | 3 +- kernel/time/timekeeping.c | 2 +- kernel/trace/trace.h | 23 ++ kernel/trace/trace_events.c | 33 +-- kernel/trace/trace_events_hist.c | 4 +- kernel/trace/trace_events_inject.c | 2 +- kernel/trace/trace_events_trigger.c | 6 +- kernel/trace/tracing_map.c | 6 +- lib/debugobjects.c | 21 +- mm/list_lru.c | 28 ++- mm/memcontrol.c | 22 +- mm/slub.c | 3 + net/bluetooth/hci_sync.c | 14 ++ net/bluetooth/l2cap_core.c | 1 + net/bridge/br_multicast.c | 4 +- net/core/link_watch.c | 4 +- net/ipv4/tcp_ao.c | 43 ++-- net/ipv4/tcp_offload.c | 3 + net/ipv4/udp_offload.c | 4 + net/l2tp/l2tp_core.c | 15 +- net/mac80211/agg-tx.c | 4 +- net/mptcp/options.c | 3 +- net/mptcp/pm_netlink.c | 47 ++-- net/sctp/input.c | 19 +- net/smc/smc_stats.h | 2 +- net/sunrpc/sched.c | 4 +- net/unix/af_unix.c | 34 +-- net/wireless/nl80211.c | 37 ++- sound/pci/hda/patch_hdmi.c | 2 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/cs-amp-lib.c | 2 +- sound/soc/codecs/cs35l56-sdw.c | 77 +++++++ sound/soc/codecs/cs35l56-shared.c | 101 ++------ sound/soc/codecs/cs35l56.c | 205 ++--------------- sound/soc/codecs/cs35l56.h | 1 - sound/soc/codecs/wcd938x-sdw.c | 4 +- sound/soc/codecs/wcd939x-sdw.c | 4 +- sound/soc/codecs/wsa881x.c | 2 +- sound/soc/codecs/wsa883x.c | 10 +- sound/soc/codecs/wsa884x.c | 10 +- sound/soc/meson/axg-fifo.c | 26 +-- sound/soc/sof/mediatek/mt8195/mt8195.c | 2 +- sound/soc/sti/sti_uniperif.c | 2 +- sound/soc/sti/uniperif.h | 1 + sound/soc/sti/uniperif_player.c | 1 + sound/soc/sti/uniperif_reader.c | 1 + sound/usb/line6/driver.c | 5 + sound/usb/quirks-table.h | 4 + .../testing/selftests/bpf/prog_tests/send_signal.c | 3 +- tools/testing/selftests/devices/ksft.py | 2 +- tools/testing/selftests/mm/Makefile | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 55 +++-- 274 files changed, 2691 insertions(+), 1727 deletions(-)

1 year, 4 months

15
290
0 0

[PATCH v4 1/2] locking/lockdep: Forcing subclasses to have same name pointer as their parent class

by botta633

From: Ahmed Ehab <bottaawesome633(a)gmail.com> Preventing lockdep_set_subclass from creating a new instance of the string literal. Hence, we will always have the same class->name among parent and subclasses. This prevents kernel panics when looking up a lock class while comparing class locks and class names. Reported-by: <syzbot+7f4a6f7f7051474e40ad(a)syzkaller.appspotmail.com> Fixes: de8f5e4f2dc1f ("lockdep: Introduce wait-type checks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Ahmed Ehab <bottaawesome633(a)gmail.com> --- v3->v4: - Fixed subject line truncation. include/linux/lockdep.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/lockdep.h b/include/linux/lockdep.h index 08b0d1d9d78b..df8fa5929de7 100644 --- a/include/linux/lockdep.h +++ b/include/linux/lockdep.h @@ -173,7 +173,7 @@ static inline void lockdep_init_map(struct lockdep_map *lock, const char *name, (lock)->dep_map.lock_type) #define lockdep_set_subclass(lock, sub) \ - lockdep_init_map_type(&(lock)->dep_map, #lock, (lock)->dep_map.key, sub,\ + lockdep_init_map_type(&(lock)->dep_map, (lock)->dep_map.name, (lock)->dep_map.key, sub,\ (lock)->dep_map.wait_type_inner, \ (lock)->dep_map.wait_type_outer, \ (lock)->dep_map.lock_type) -- 2.45.2

1 year, 4 months

2
4
0 0

[tip: x86/urgent] x86/kaslr: Expose and use the end of the physical memory address space

by tip-bot2 for Thomas Gleixner

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Gitweb: https://git.kernel.org/tip/ea72ce5da22806d5713f3ffb39a6d5ae73841f93 Author: Thomas Gleixner <tglx(a)linutronix.de> AuthorDate: Wed, 14 Aug 2024 00:29:36 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 13:44:57 +02:00 x86/kaslr: Expose and use the end of the physical memory address space iounmap() on x86 occasionally fails to unmap because the provided valid ioremap address is not below high_memory. It turned out that this happens due to KASLR. KASLR uses the full address space between PAGE_OFFSET and vaddr_end to randomize the starting points of the direct map, vmalloc and vmemmap regions. It thereby limits the size of the direct map by using the installed memory size plus an extra configurable margin for hot-plug memory. This limitation is done to gain more randomization space because otherwise only the holes between the direct map, vmalloc, vmemmap and vaddr_end would be usable for randomizing. The limited direct map size is not exposed to the rest of the kernel, so the memory hot-plug and resource management related code paths still operate under the assumption that the available address space can be determined with MAX_PHYSMEM_BITS. request_free_mem_region() allocates from (1 << MAX_PHYSMEM_BITS) - 1 downwards. That means the first allocation happens past the end of the direct map and if unlucky this address is in the vmalloc space, which causes high_memory to become greater than VMALLOC_START and consequently causes iounmap() to fail for valid ioremap addresses. MAX_PHYSMEM_BITS cannot be changed for that because the randomization does not align with address bit boundaries and there are other places which actually require to know the maximum number of address bits. All remaining usage sites of MAX_PHYSMEM_BITS have been analyzed and found to be correct. Cure this by exposing the end of the direct map via PHYSMEM_END and use that for the memory hot-plug and resource management related places instead of relying on MAX_PHYSMEM_BITS. In the KASLR case PHYSMEM_END maps to a variable which is initialized by the KASLR initialization and otherwise it is based on MAX_PHYSMEM_BITS as before. To prevent future hickups add a check into add_pages() to catch callers trying to add memory above PHYSMEM_END. Fixes: 0483e1fa6e09 ("x86/mm: Implement ASLR for kernel memory regions") Reported-by: Max Ramanouski <max8rr8(a)gmail.com> Reported-by: Alistair Popple <apopple(a)nvidia.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-By: Max Ramanouski <max8rr8(a)gmail.com> Tested-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Alistair Popple <apopple(a)nvidia.com> Reviewed-by: Kees Cook <kees(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/87ed6soy3z.ffs@tglx --- arch/x86/include/asm/page_64.h | 1 +- arch/x86/include/asm/pgtable_64_types.h | 4 +++- arch/x86/mm/init_64.c | 4 +++- arch/x86/mm/kaslr.c | 32 +++++++++++++++++++----- include/linux/mm.h | 4 +++- kernel/resource.c | 6 +---- mm/memory_hotplug.c | 2 +- mm/sparse.c | 2 +- 8 files changed, 43 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h index af4302d..f3d257c 100644 --- a/arch/x86/include/asm/page_64.h +++ b/arch/x86/include/asm/page_64.h @@ -17,6 +17,7 @@ extern unsigned long phys_base; extern unsigned long page_offset_base; extern unsigned long vmalloc_base; extern unsigned long vmemmap_base; +extern unsigned long physmem_end; static __always_inline unsigned long __phys_addr_nodebug(unsigned long x) { diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h index 9053dfe..a98e534 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h @@ -140,6 +140,10 @@ extern unsigned int ptrs_per_p4d; # define VMEMMAP_START __VMEMMAP_BASE_L4 #endif /* CONFIG_DYNAMIC_MEMORY_LAYOUT */ +#ifdef CONFIG_RANDOMIZE_MEMORY +# define PHYSMEM_END physmem_end +#endif + /* * End of the region for which vmalloc page tables are pre-allocated. * For non-KMSAN builds, this is the same as VMALLOC_END. diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c index d8dbeac..ff25364 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -958,8 +958,12 @@ static void update_end_of_memory_vars(u64 start, u64 size) int add_pages(int nid, unsigned long start_pfn, unsigned long nr_pages, struct mhp_params *params) { + unsigned long end = ((start_pfn + nr_pages) << PAGE_SHIFT) - 1; int ret; + if (WARN_ON_ONCE(end > PHYSMEM_END)) + return -ERANGE; + ret = __add_pages(nid, start_pfn, nr_pages, params); WARN_ON_ONCE(ret); diff --git a/arch/x86/mm/kaslr.c b/arch/x86/mm/kaslr.c index 37db264..230f1de 100644 --- a/arch/x86/mm/kaslr.c +++ b/arch/x86/mm/kaslr.c @@ -47,13 +47,24 @@ static const unsigned long vaddr_end = CPU_ENTRY_AREA_BASE; */ static __initdata struct kaslr_memory_region { unsigned long *base; + unsigned long *end; unsigned long size_tb; } kaslr_regions[] = { - { &page_offset_base, 0 }, - { &vmalloc_base, 0 }, - { &vmemmap_base, 0 }, + { + .base = &page_offset_base, + .end = &physmem_end, + }, + { + .base = &vmalloc_base, + }, + { + .base = &vmemmap_base, + }, }; +/* The end of the possible address space for physical memory */ +unsigned long physmem_end __ro_after_init; + /* Get size in bytes used by the memory region */ static inline unsigned long get_padding(struct kaslr_memory_region *region) { @@ -82,6 +93,8 @@ void __init kernel_randomize_memory(void) BUILD_BUG_ON(vaddr_end != CPU_ENTRY_AREA_BASE); BUILD_BUG_ON(vaddr_end > __START_KERNEL_map); + /* Preset the end of the possible address space for physical memory */ + physmem_end = ((1ULL << MAX_PHYSMEM_BITS) - 1); if (!kaslr_memory_enabled()) return; @@ -128,11 +141,18 @@ void __init kernel_randomize_memory(void) vaddr += entropy; *kaslr_regions[i].base = vaddr; + /* Calculate the end of the region */ + vaddr += get_padding(&kaslr_regions[i]); /* - * Jump the region and add a minimum padding based on - * randomization alignment. + * KASLR trims the maximum possible size of the + * direct-map. Update the physmem_end boundary. + * No rounding required as the region starts + * PUD aligned and size is in units of TB. */ - vaddr += get_padding(&kaslr_regions[i]); + if (kaslr_regions[i].end) + *kaslr_regions[i].end = __pa_nodebug(vaddr - 1); + + /* Add a minimum padding based on randomization alignment. */ vaddr = round_up(vaddr + 1, PUD_SIZE); remain_entropy -= entropy; } diff --git a/include/linux/mm.h b/include/linux/mm.h index c4b238a..b386415 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -97,6 +97,10 @@ extern const int mmap_rnd_compat_bits_max; extern int mmap_rnd_compat_bits __read_mostly; #endif +#ifndef PHYSMEM_END +# define PHYSMEM_END ((1ULL << MAX_PHYSMEM_BITS) - 1) +#endif + #include <asm/page.h> #include <asm/processor.h> diff --git a/kernel/resource.c b/kernel/resource.c index 14777af..a83040f 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -1826,8 +1826,7 @@ static resource_size_t gfr_start(struct resource *base, resource_size_t size, if (flags & GFR_DESCENDING) { resource_size_t end; - end = min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + end = min_t(resource_size_t, base->end, PHYSMEM_END); return end - size + 1; } @@ -1844,8 +1843,7 @@ static bool gfr_continue(struct resource *base, resource_size_t addr, * @size did not wrap 0. */ return addr > addr - size && - addr <= min_t(resource_size_t, base->end, - (1ULL << MAX_PHYSMEM_BITS) - 1); + addr <= min_t(resource_size_t, base->end, PHYSMEM_END); } static resource_size_t gfr_next(resource_size_t addr, resource_size_t size, diff --git a/mm/memory_hotplug.c b/mm/memory_hotplug.c index 66267c2..951878a 100644 --- a/mm/memory_hotplug.c +++ b/mm/memory_hotplug.c @@ -1681,7 +1681,7 @@ struct range __weak arch_get_mappable_range(void) struct range mhp_get_pluggable_range(bool need_mapping) { - const u64 max_phys = (1ULL << MAX_PHYSMEM_BITS) - 1; + const u64 max_phys = PHYSMEM_END; struct range mhp_range; if (need_mapping) { diff --git a/mm/sparse.c b/mm/sparse.c index e4b8300..0c3bff8 100644 --- a/mm/sparse.c +++ b/mm/sparse.c @@ -129,7 +129,7 @@ static inline int sparse_early_nid(struct mem_section *section) static void __meminit mminit_validate_memmodel_limits(unsigned long *start_pfn, unsigned long *end_pfn) { - unsigned long max_sparsemem_pfn = 1UL << (MAX_PHYSMEM_BITS-PAGE_SHIFT); + unsigned long max_sparsemem_pfn = (PHYSMEM_END + 1) >> PAGE_SHIFT; /* * Sanity checks - do not allow an architecture to pass

1 year, 4 months

1
0
0 0

[PATCH v2 1/2] cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put

by Krzysztof Kozlowski

Two return statements in sbi_cpuidle_dt_init_states() did not drop the OF node reference count. Solve the issue and simplify entire error handling with scoped/cleanup.h. Fixes: 6abf32f1d9c5 ("cpuidle: Add RISC-V SBI CPU idle driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Re-write commit msg, because this is actually a fix. --- drivers/cpuidle/cpuidle-riscv-sbi.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/drivers/cpuidle/cpuidle-riscv-sbi.c b/drivers/cpuidle/cpuidle-riscv-sbi.c index a6e123dfe394..5bb3401220d2 100644 --- a/drivers/cpuidle/cpuidle-riscv-sbi.c +++ b/drivers/cpuidle/cpuidle-riscv-sbi.c @@ -8,6 +8,7 @@ #define pr_fmt(fmt) "cpuidle-riscv-sbi: " fmt +#include <linux/cleanup.h> #include <linux/cpuhotplug.h> #include <linux/cpuidle.h> #include <linux/cpumask.h> @@ -236,19 +237,16 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, { struct sbi_cpuidle_data *data = per_cpu_ptr(&sbi_cpuidle_data, cpu); struct device_node *state_node; - struct device_node *cpu_node; u32 *states; int i, ret; - cpu_node = of_cpu_device_node_get(cpu); + struct device_node *cpu_node __free(device_node) = of_cpu_device_node_get(cpu); if (!cpu_node) return -ENODEV; states = devm_kcalloc(dev, state_count, sizeof(*states), GFP_KERNEL); - if (!states) { - ret = -ENOMEM; - goto fail; - } + if (!states) + return -ENOMEM; /* Parse SBI specific details from state DT nodes */ for (i = 1; i < state_count; i++) { @@ -264,10 +262,8 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, pr_debug("sbi-state %#x index %d\n", states[i], i); } - if (i != state_count) { - ret = -ENODEV; - goto fail; - } + if (i != state_count) + return -ENODEV; /* Initialize optional data, used for the hierarchical topology. */ ret = sbi_dt_cpu_init_topology(drv, data, state_count, cpu); @@ -277,10 +273,7 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, /* Store states in the per-cpu struct. */ data->states = states; -fail: - of_node_put(cpu_node); - - return ret; + return 0; } static void sbi_cpuidle_deinit_cpu(int cpu) -- 2.43.0

1 year, 4 months

3
2
0 0

It is correct to introduce new sys calls to stable versions?

by Miao Wang

Hi, Greg I saw you have included commit 7697a0fe0154 ("LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h") in your stable trees, which actually introduced new sys calls newfstatat and fstat to Loongarch. I wonder if it is correct to add new syscalls, which actually changes the kernel features, in stable releases, as it might confuse downstream developers because they may assume the existence of a certain feature after a certain version. Cheers, Miao Wang

1 year, 4 months

5
9
0 0

[PATCH RESEND] erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails

by Gao Xiang

If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. [1] https://lore.kernel.org/r/000000000000f7b96e062018c6e3@google.com Reported-by: syzbot+242ee56aaa9585553766(a)syzkaller.appspotmail.com Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()") Cc: <stable(a)vger.kernel.org> # 6.10+ Cc: Chunhai Guo <guochunhai(a)vivo.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- RESEND: Add missing link and reported-by. fs/erofs/zutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index 9b53883e5caf..37afe2024840 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -111,7 +111,8 @@ int z_erofs_gbuf_growsize(unsigned int nrpages) out: if (i < z_erofs_gbuf_count && tmp_pages) { for (j = 0; j < nrpages; ++j) - if (tmp_pages[j] && tmp_pages[j] != gbuf->pages[j]) + if (tmp_pages[j] && (j >= gbuf->nrpages || + tmp_pages[j] != gbuf->pages[j])) __free_page(tmp_pages[j]); kfree(tmp_pages); } -- 2.43.5

1 year, 4 months

2
1
0 0

[PATCH 6.10 00/25] 6.10.6-rc3 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.6 release. There are 25 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 19 Aug 2024 08:53:52 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.6-rc3… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.6-rc3 Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "drm/amd/display: Refactor function dm_dp_mst_is_port_support_mode()" Niklas Cassel <cassel(a)kernel.org> Revert "ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error" Sean Young <sean(a)mess.org> media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amdgpu/display: Fix null pointer dereference in dc_stream_program_cursor_position Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Solve mst monitors blank out problem after resume Kees Cook <kees(a)kernel.org> binfmt_flat: Fix corruption when not offsetting data start Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: add a mutex to synchronize VPC commands Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: introduce a generic notification chain Shyam Sundar S K <Shyam-sundar.S-k(a)amd.com> platform/x86/amd/pmf: Fix to Update HPD Data When ALS is Disabled Takashi Iwai <tiwai(a)suse.de> ALSA: usb: Fix UBSAN warning in parse_audio_unit() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Do copy_to_user out of run_lock Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG Edward Adam Davis <eadavis(a)qq.com> jfs: fix null ptr deref in dtInsertEntry Willem de Bruijn <willemb(a)google.com> fou: remove warn in gue_gro_receive on unsupported protocol Chao Yu <chao(a)kernel.org> f2fs: fix to cover read extent cache access with lock Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC yunshui <jiangyunshui(a)kylinos.cn> bpf, net: Use DEV_STAT_INC() Simon Trimmer <simont(a)opensource.cirrus.com> ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value WangYuli <wangyuli(a)uniontech.com> nvme/pci: Add APST quirk for Lenovo N60z laptop Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define __ARCH_WANT_NEW_STAT in unistd.h Fangzhi Zuo <jerry.zuo(a)amd.com> drm/amd/display: Prevent IPX From Link Detect and Set Mode Harry Wentland <harry.wentland(a)amd.com> drm/amd/display: Separate setting and programming of cursor Wayne Lin <wayne.lin(a)amd.com> drm/amd/display: Defer handling mst up request in resume Kees Cook <kees(a)kernel.org> exec: Fix ToCToU between perm check and set-uid/gid usage ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/uapi/asm/unistd.h | 1 + drivers/ata/libata-scsi.c | 15 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 236 ++++++++------------- .../drm/amd/display/amdgpu_dm/amdgpu_dm_plane.c | 6 +- drivers/gpu/drm/amd/display/dc/core/dc_stream.c | 94 +++++--- drivers/gpu/drm/amd/display/dc/dc_stream.h | 8 + .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 2 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +-- drivers/nvme/host/pci.c | 7 + drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/amd/pmf/spc.c | 32 +-- drivers/platform/x86/ideapad-laptop.c | 148 +++++++++++-- drivers/platform/x86/ideapad-laptop.h | 9 + drivers/platform/x86/lenovo-ymc.c | 60 +----- fs/binfmt_flat.c | 4 +- fs/exec.c | 8 +- fs/f2fs/extent_cache.c | 50 ++--- fs/f2fs/f2fs.h | 2 +- fs/f2fs/gc.c | 10 + fs/f2fs/inode.c | 10 +- fs/jfs/jfs_dmap.c | 2 + fs/jfs/jfs_dtree.c | 2 + fs/ntfs3/frecord.c | 75 ++++++- net/core/filter.c | 8 +- net/ipv4/fou_core.c | 2 +- sound/soc/codecs/cs35l56-shared.c | 1 + sound/usb/mixer.c | 7 + 29 files changed, 492 insertions(+), 361 deletions(-)

1 year, 4 months

8
8
0 0

[PATCH] ACPI: platform-profile: Fix CFI violation when accessing sysfs files

by Nathan Chancellor

When an attribute group is created with sysfs_create_group(), the ->sysfs_ops() callback is set to kobj_sysfs_ops, which sets the ->show() and ->store() callbacks to kobj_attr_show() and kobj_attr_store() respectively. These functions use container_of() to get the respective callback from the passed attribute, meaning that these callbacks need to be the same type as the callbacks in 'struct kobj_attribute'. However, the platform_profile sysfs functions have the type of the ->show() and ->store() callbacks in 'struct device_attribute', which results a CFI violation when accessing platform_profile or platform_profile_choices under /sys/firmware/acpi because the types do not match: CFI failure at kobj_attr_show+0x19/0x30 (target: platform_profile_choices_show+0x0/0x140; expected type: 0x7a69590c) This happens to work because the layout of 'struct kobj_attribute' and 'struct device_attribute' are the same, so the container_of() cast happens to allow the callbacks to still work. Change the type of platform_profile_choices_show() and platform_profile_{show,store}() to match the callbacks in 'struct kobj_attribute' and update the attribute variables to match, which resolves the CFI violation. Cc: stable(a)vger.kernel.org Fixes: a2ff95e018f1 ("ACPI: platform: Add platform profile support") Reported-by: John Rowley <lkml(a)johnrowley.me> Closes: https://github.com/ClangBuiltLinux/linux/issues/2047 Tested-by: John Rowley <lkml(a)johnrowley.me> Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/acpi/platform_profile.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/acpi/platform_profile.c b/drivers/acpi/platform_profile.c index d2f7fd7743a1..11278f785526 100644 --- a/drivers/acpi/platform_profile.c +++ b/drivers/acpi/platform_profile.c @@ -22,8 +22,8 @@ static const char * const profile_names[] = { }; static_assert(ARRAY_SIZE(profile_names) == PLATFORM_PROFILE_LAST); -static ssize_t platform_profile_choices_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_choices_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { int len = 0; @@ -49,8 +49,8 @@ static ssize_t platform_profile_choices_show(struct device *dev, return len; } -static ssize_t platform_profile_show(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_show(struct kobject *kobj, + struct kobj_attribute *attr, char *buf) { enum platform_profile_option profile = PLATFORM_PROFILE_BALANCED; @@ -77,8 +77,8 @@ static ssize_t platform_profile_show(struct device *dev, return sysfs_emit(buf, "%s\n", profile_names[profile]); } -static ssize_t platform_profile_store(struct device *dev, - struct device_attribute *attr, +static ssize_t platform_profile_store(struct kobject *kobj, + struct kobj_attribute *attr, const char *buf, size_t count) { int err, i; @@ -115,12 +115,12 @@ static ssize_t platform_profile_store(struct device *dev, return count; } -static DEVICE_ATTR_RO(platform_profile_choices); -static DEVICE_ATTR_RW(platform_profile); +static struct kobj_attribute attr_platform_profile_choices = __ATTR_RO(platform_profile_choices); +static struct kobj_attribute attr_platform_profile = __ATTR_RW(platform_profile); static struct attribute *platform_profile_attrs[] = { - &dev_attr_platform_profile_choices.attr, - &dev_attr_platform_profile.attr, + &attr_platform_profile_choices.attr, + &attr_platform_profile.attr, NULL }; --- base-commit: 47ac09b91befbb6a235ab620c32af719f8208399 change-id: 20240819-acpi-platform_profile-fix-cfi-violation-de278753bd5f Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 year, 4 months

3
3
0 0

[PATCH v2] sched/core: handle affine_move_task failure case gracefully

by Daniel Vacek

CPU hangs were reported while offlining/onlining CPUs on s390. Analyzing the vmcore data shows `stop_one_cpu_nowait()` in `affine_move_task()` can fail when racing with off-/on-lining resulting in a deadlock waiting for the pending migration stop work completion which is never done. Fix this by gracefully handling such condition. Fixes: 9e81889c7648 ("sched: Fix affine_move_task() self-concurrency") Cc: stable(a)vger.kernel.org Reported-by: Bill Peters <wpeters(a)atpco.net> Tested-by: Bill Peters <wpeters(a)atpco.net> Signed-off-by: Daniel Vacek <neelx(a)redhat.com> --- kernel/sched/core.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/sched/core.c b/kernel/sched/core.c index f3951e4a55e5b..40a3c9ff74077 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c @@ -2871,8 +2871,25 @@ static int affine_move_task(struct rq *rq, struct task_struct *p, struct rq_flag preempt_disable(); task_rq_unlock(rq, p, rf); if (!stop_pending) { - stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, - &pending->arg, &pending->stop_work); + stop_pending = + stop_one_cpu_nowait(cpu_of(rq), migration_cpu_stop, + &pending->arg, &pending->stop_work); + /* + * The state resulting in this failure is not expected + * at this point. At least report a WARNING to be able + * to panic and further debug if reproduced. + */ + if (WARN_ON(!stop_pending)) { + /* + * Then try to handle the failure gracefully + * to prevent the deadlock a few lines later. + */ + rq = task_rq_lock(p, rf); + pending->stop_pending = false; + p->migration_pending = NULL; + task_rq_unlock(rq, p, rf); + complete_all(&pending->done); + } } preempt_enable(); -- 2.43.0

1 year, 4 months

2
1
0 0

Re: Patch "drm/amdkfd: Move dma unmapping after TLB flush" has been added to the 6.1-stable tree

by Felix Kuehling

This patch introduced a regression. If you want to backport it, I'd recommend including this fix as well: commit 9c29282ecbeeb1b43fced3055c6a5bb244b9390b Author: Lang Yu <Lang.Yu(a)amd.com> Date: Thu Jan 11 12:27:07 2024 +0800 drm/amdkfd: reserve the BO before validating it Fix a warning. v2: Avoid unmapping attachment repeatedly when ERESTARTSYS. v3: Lock the BO before accessing ttm->sg to avoid race conditions.(Felix) [ 41.708711] WARNING: CPU: 0 PID: 1463 at drivers/gpu/drm/ttm/ttm_bo.c:846 ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.708989] Call Trace: [ 41.708992] <TASK> [ 41.708996] ? show_regs+0x6c/0x80 [ 41.709000] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709008] ? __warn+0x93/0x190 [ 41.709014] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709024] ? report_bug+0x1f9/0x210 [ 41.709035] ? handle_bug+0x46/0x80 [ 41.709041] ? exc_invalid_op+0x1d/0x80 [ 41.709048] ? asm_exc_invalid_op+0x1f/0x30 [ 41.709057] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709185] ? ttm_bo_validate+0x146/0x1b0 [ttm] [ 41.709197] ? amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x2c/0x80 [amdgpu] [ 41.709337] ? srso_alias_return_thunk+0x5/0x7f [ 41.709346] kfd_mem_dmaunmap_attachment+0x9e/0x1e0 [amdgpu] [ 41.709467] amdgpu_amdkfd_gpuvm_dmaunmap_mem+0x56/0x80 [amdgpu] [ 41.709586] kfd_ioctl_unmap_memory_from_gpu+0x1b7/0x300 [amdgpu] [ 41.709710] kfd_ioctl+0x1ec/0x650 [amdgpu] [ 41.709822] ? __pfx_kfd_ioctl_unmap_memory_from_gpu+0x10/0x10 [amdgpu] [ 41.709945] ? srso_alias_return_thunk+0x5/0x7f [ 41.709949] ? tomoyo_file_ioctl+0x20/0x30 [ 41.709959] __x64_sys_ioctl+0x9c/0xd0 [ 41.709967] do_syscall_64+0x3f/0x90 [ 41.709973] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Fixes: 101b8104307e ("drm/amdkfd: Move dma unmapping after TLB flush") Signed-off-by: Lang Yu <Lang.Yu(a)amd.com> Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Regards, Felix On 2024-08-20 8:03, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > drm/amdkfd: Move dma unmapping after TLB flush > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > drm-amdkfd-move-dma-unmapping-after-tlb-flush.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 24c08b999ba308592aa69e131bc36fe9fcfcd5be > Author: Philip Yang <Philip.Yang(a)amd.com> > Date: Mon Sep 11 14:44:22 2023 -0400 > > drm/amdkfd: Move dma unmapping after TLB flush > > [ Upstream commit 101b8104307eac734f2dfa4d3511430b0b631c73 ] > > Otherwise GPU may access the stale mapping and generate IOMMU > IO_PAGE_FAULT. > > Move this to inside p->mutex to prevent multiple threads mapping and > unmapping concurrently race condition. > > After kfd_mem_dmaunmap_attachment is removed from unmap_bo_from_gpuvm, > kfd_mem_dmaunmap_attachment is called if failed to map to GPUs, and > before free the mem attachment in case failed to unmap from GPUs. > > Signed-off-by: Philip Yang <Philip.Yang(a)amd.com> > Reviewed-by: Felix Kuehling <Felix.Kuehling(a)amd.com> > Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > index dbc842590b253..585d608c10e8e 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.h > @@ -286,6 +286,7 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu(struct amdgpu_device *adev, > struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv); > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv); > int amdgpu_amdkfd_gpuvm_sync_memory( > struct amdgpu_device *adev, struct kgd_mem *mem, bool intr); > int amdgpu_amdkfd_gpuvm_map_gtt_bo_to_kernel(struct kgd_mem *mem, > diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > index 7d5fbaaba72f7..3e7f4d8dc9d13 100644 > --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c > @@ -719,7 +719,7 @@ kfd_mem_dmaunmap_sg_bo(struct kgd_mem *mem, > enum dma_data_direction dir; > > if (unlikely(!ttm->sg)) { > - pr_err("SG Table of BO is UNEXPECTEDLY NULL"); > + pr_debug("SG Table of BO is NULL"); > return; > } > > @@ -1226,8 +1226,6 @@ static void unmap_bo_from_gpuvm(struct kgd_mem *mem, > amdgpu_vm_clear_freed(adev, vm, &bo_va->last_pt_update); > > amdgpu_sync_fence(sync, bo_va->last_pt_update); > - > - kfd_mem_dmaunmap_attachment(mem, entry); > } > > static int update_gpuvm_pte(struct kgd_mem *mem, > @@ -1282,6 +1280,7 @@ static int map_bo_to_gpuvm(struct kgd_mem *mem, > > update_gpuvm_pte_failed: > unmap_bo_from_gpuvm(mem, entry, sync); > + kfd_mem_dmaunmap_attachment(mem, entry); > return ret; > } > > @@ -1852,8 +1851,10 @@ int amdgpu_amdkfd_gpuvm_free_memory_of_gpu( > mem->va + bo_size * (1 + mem->aql_queue)); > > /* Remove from VM internal data structures */ > - list_for_each_entry_safe(entry, tmp, &mem->attachments, list) > + list_for_each_entry_safe(entry, tmp, &mem->attachments, list) { > + kfd_mem_dmaunmap_attachment(mem, entry); > kfd_mem_detach(entry); > + } > > ret = unreserve_bo_and_vms(&ctx, false, false); > > @@ -2024,6 +2025,23 @@ int amdgpu_amdkfd_gpuvm_map_memory_to_gpu( > return ret; > } > > +void amdgpu_amdkfd_gpuvm_dmaunmap_mem(struct kgd_mem *mem, void *drm_priv) > +{ > + struct kfd_mem_attachment *entry; > + struct amdgpu_vm *vm; > + > + vm = drm_priv_to_vm(drm_priv); > + > + mutex_lock(&mem->lock); > + > + list_for_each_entry(entry, &mem->attachments, list) { > + if (entry->bo_va->base.vm == vm) > + kfd_mem_dmaunmap_attachment(mem, entry); > + } > + > + mutex_unlock(&mem->lock); > +} > + > int amdgpu_amdkfd_gpuvm_unmap_memory_from_gpu( > struct amdgpu_device *adev, struct kgd_mem *mem, void *drm_priv) > { > diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > index b0f475d51ae7e..2b21ce967e766 100644 > --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c > @@ -1400,17 +1400,21 @@ static int kfd_ioctl_unmap_memory_from_gpu(struct file *filep, > goto sync_memory_failed; > } > } > - mutex_unlock(&p->mutex); > > - if (flush_tlb) { > - /* Flush TLBs after waiting for the page table updates to complete */ > - for (i = 0; i < args->n_devices; i++) { > - peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > - if (WARN_ON_ONCE(!peer_pdd)) > - continue; > + /* Flush TLBs after waiting for the page table updates to complete */ > + for (i = 0; i < args->n_devices; i++) { > + peer_pdd = kfd_process_device_data_by_id(p, devices_arr[i]); > + if (WARN_ON_ONCE(!peer_pdd)) > + continue; > + if (flush_tlb) > kfd_flush_tlb(peer_pdd, TLB_FLUSH_HEAVYWEIGHT); > - } > + > + /* Remove dma mapping after tlb flush to avoid IO_PAGE_FAULT */ > + amdgpu_amdkfd_gpuvm_dmaunmap_mem(mem, peer_pdd->drm_priv); > } > + > + mutex_unlock(&p->mutex); > + > kfree(devices_arr); > > return 0;

1 year, 4 months

1
0
0 0

[PATCH v9 2/6] RISC-V: Scalar unaligned access emulated on hotplug CPUs

by Jesse Taube

The check_unaligned_access_emulated() function should have been called during CPU hotplug to ensure that if all CPUs had emulated unaligned accesses, the new CPU also does. This patch adds the call to check_unaligned_access_emulated() in the hotplug path. Fixes: 55e0bf49a0d0 ("RISC-V: Probe misaligned access speed in parallel") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V5 -> V6: - New patch V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes V8 -> V9: - No changes --- arch/riscv/kernel/unaligned_access_speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/riscv/kernel/unaligned_access_speed.c b/arch/riscv/kernel/unaligned_access_speed.c index 160628a2116d..f3508cc54f91 100644 --- a/arch/riscv/kernel/unaligned_access_speed.c +++ b/arch/riscv/kernel/unaligned_access_speed.c @@ -191,6 +191,7 @@ static int riscv_online_cpu(unsigned int cpu) if (per_cpu(misaligned_access_speed, cpu) != RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN) goto exit; + check_unaligned_access_emulated(NULL); buf = alloc_pages(GFP_KERNEL, MISALIGNED_BUFFER_ORDER); if (!buf) { pr_warn("Allocation failure, not measuring misaligned performance\n"); -- 2.45.2

1 year, 4 months

1
0
0 0

[PATCH v9 1/6] RISC-V: Check scalar unaligned access on all CPUs

by Jesse Taube

Originally, the check_unaligned_access_emulated_all_cpus function only checked the boot hart. This fixes the function to check all harts. Fixes: 71c54b3d169d ("riscv: report misaligned accesses emulation to hwprobe") Signed-off-by: Jesse Taube <jesse(a)rivosinc.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Evan Green <evan(a)rivosinc.com> Cc: stable(a)vger.kernel.org --- V1 -> V2: - New patch V2 -> V3: - Split patch V3 -> V4: - Re-add check for a system where a heterogeneous CPU is hotplugged into a previously homogenous system. V4 -> V5: - Change work_struct *unused to work_struct *work __always_unused V5 -> V6: - Change check_unaligned_access_emulated to extern V6 -> V7: - No changes V7 -> V8: - Rebase onto fixes V8 -> V9: - No changes --- arch/riscv/include/asm/cpufeature.h | 2 ++ arch/riscv/kernel/traps_misaligned.c | 14 +++++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/arch/riscv/include/asm/cpufeature.h b/arch/riscv/include/asm/cpufeature.h index 45f9c1171a48..dfa5cdddd367 100644 --- a/arch/riscv/include/asm/cpufeature.h +++ b/arch/riscv/include/asm/cpufeature.h @@ -8,6 +8,7 @@ #include <linux/bitmap.h> #include <linux/jump_label.h> +#include <linux/workqueue.h> #include <asm/hwcap.h> #include <asm/alternative-macros.h> #include <asm/errno.h> @@ -60,6 +61,7 @@ void riscv_user_isa_enable(void); #if defined(CONFIG_RISCV_MISALIGNED) bool check_unaligned_access_emulated_all_cpus(void); +void check_unaligned_access_emulated(struct work_struct *work __always_unused); void unaligned_emulation_finish(void); bool unaligned_ctl_available(void); DECLARE_PER_CPU(long, misaligned_access_speed); diff --git a/arch/riscv/kernel/traps_misaligned.c b/arch/riscv/kernel/traps_misaligned.c index 192cd5603e95..1ad981b2c7a3 100644 --- a/arch/riscv/kernel/traps_misaligned.c +++ b/arch/riscv/kernel/traps_misaligned.c @@ -526,11 +526,11 @@ int handle_misaligned_store(struct pt_regs *regs) return 0; } -static bool check_unaligned_access_emulated(int cpu) +void check_unaligned_access_emulated(struct work_struct *work __always_unused) { + int cpu = smp_processor_id(); long *mas_ptr = per_cpu_ptr(&misaligned_access_speed, cpu); unsigned long tmp_var, tmp_val; - bool misaligned_emu_detected; *mas_ptr = RISCV_HWPROBE_MISALIGNED_SCALAR_UNKNOWN; @@ -538,19 +538,16 @@ static bool check_unaligned_access_emulated(int cpu) " "REG_L" %[tmp], 1(%[ptr])\n" : [tmp] "=r" (tmp_val) : [ptr] "r" (&tmp_var) : "memory"); - misaligned_emu_detected = (*mas_ptr == RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED); /* * If unaligned_ctl is already set, this means that we detected that all * CPUS uses emulated misaligned access at boot time. If that changed * when hotplugging the new cpu, this is something we don't handle. */ - if (unlikely(unaligned_ctl && !misaligned_emu_detected)) { + if (unlikely(unaligned_ctl && (*mas_ptr != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED))) { pr_crit("CPU misaligned accesses non homogeneous (expected all emulated)\n"); while (true) cpu_relax(); } - - return misaligned_emu_detected; } bool check_unaligned_access_emulated_all_cpus(void) @@ -562,8 +559,11 @@ bool check_unaligned_access_emulated_all_cpus(void) * accesses emulated since tasks requesting such control can run on any * CPU. */ + schedule_on_each_cpu(check_unaligned_access_emulated); + for_each_online_cpu(cpu) - if (!check_unaligned_access_emulated(cpu)) + if (per_cpu(misaligned_access_speed, cpu) + != RISCV_HWPROBE_MISALIGNED_SCALAR_EMULATED) return false; unaligned_ctl = true; -- 2.45.2

1 year, 4 months

1
0
0 0

[PATCH] remoteproc: k3-r5: Fix driver shutdown

by Jan Kiszka

From: Jan Kiszka <jan.kiszka(a)siemens.com> When k3_r5_cluster_rproc_exit is run, core 1 is shutdown and removed first. When core 0 should then be stopped before its removal, it will find core1->rproc as NULL already and crashes. Happens on rmmod e.g. Fixes: 3c8a9066d584 ("remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kiszka <jan.kiszka(a)siemens.com> --- There might be one more because I can still make this driver crash after an operator error. Were error scenarios tested at all? drivers/remoteproc/ti_k3_r5_remoteproc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/remoteproc/ti_k3_r5_remoteproc.c b/drivers/remoteproc/ti_k3_r5_remoteproc.c index eb09d2e9b32a..9ebd7a34e638 100644 --- a/drivers/remoteproc/ti_k3_r5_remoteproc.c +++ b/drivers/remoteproc/ti_k3_r5_remoteproc.c @@ -646,7 +646,8 @@ static int k3_r5_rproc_stop(struct rproc *rproc) /* do not allow core 0 to stop before core 1 */ core1 = list_last_entry(&cluster->cores, struct k3_r5_core, elem); - if (core != core1 && core1->rproc->state != RPROC_OFFLINE) { + if (core != core1 && core1->rproc && + core1->rproc->state != RPROC_OFFLINE) { dev_err(dev, "%s: can not stop core 0 before core 1\n", __func__); ret = -EPERM; -- 2.43.0

1 year, 4 months

2
6
0 0

[tip: irq/urgent] irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe()

by tip-bot2 for Dan Carpenter

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: efe81b7bdf7d882d0ce3d183f1571321046da8f1 Gitweb: https://git.kernel.org/tip/efe81b7bdf7d882d0ce3d183f1571321046da8f1 Author: Dan Carpenter <dan.carpenter(a)linaro.org> AuthorDate: Tue, 20 Aug 2024 11:42:40 +03:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 17:05:32 +02:00 irqchip/riscv-aplic: Fix an IS_ERR() vs NULL bug in probe() The devm_platform_ioremap_resource() function doesn't return NULL, it returns error pointers. Fix the error handling to match. Fixes: 2333df5ae51e ("irqchip: Add RISC-V advanced PLIC driver for direct-mode") Signed-off-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Jinjie Ruan <ruanjinjie(a)huawei.com> Reviewed-by: Anup Patel <anup(a)brainfault.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/a5a628d6-81d8-4933-81a8-64aad4743ec4@stanley.mo… --- drivers/irqchip/irq-riscv-aplic-main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-riscv-aplic-main.c b/drivers/irqchip/irq-riscv-aplic-main.c index 28dd175..981fad6 100644 --- a/drivers/irqchip/irq-riscv-aplic-main.c +++ b/drivers/irqchip/irq-riscv-aplic-main.c @@ -175,9 +175,9 @@ static int aplic_probe(struct platform_device *pdev) /* Map the MMIO registers */ regs = devm_platform_ioremap_resource(pdev, 0); - if (!regs) { + if (IS_ERR(regs)) { dev_err(dev, "failed map MMIO registers\n"); - return -ENOMEM; + return PTR_ERR(regs); } /*

1 year, 4 months

1
0
0 0

[PATCH v3] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init

by Ma Ke

We fail to perform an of_node_put() when of_address_to_resource() fails, leading to a refcount leak. Address this by moving the error handling path outside of the loop and making it common to all failure modes. Cc: stable(a)vger.kernel.org Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v3: - modified the description information. Changed the added 'put' function to 'of_node_put' (the previous incorrect function was 'of_put_node'). Changes in v2: - modified the patch according to suggestions. --- drivers/irqchip/irq-gic-v2m.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..be35c5349986 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -407,12 +407,12 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, &res, 0); - if (ret) { - of_node_put(child); + if (ret) break; - } } + if (ret && child) + of_node_put(child); if (!ret) ret = gicv2m_allocate_domains(parent); if (ret) -- 2.25.1

1 year, 4 months

3
2
0 0

[tip: irq/urgent] irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform

by tip-bot2 for Anup Patel

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 4d936f10ff80274841537a26d1fbfe9984de0ef9 Gitweb: https://git.kernel.org/tip/4d936f10ff80274841537a26d1fbfe9984de0ef9 Author: Anup Patel <apatel(a)ventanamicro.com> AuthorDate: Tue, 20 Aug 2024 09:18:50 +05:30 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Tue, 20 Aug 2024 16:45:20 +02:00 irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform The latest Linux RISC-V no longer boots on the Allwinner D1 platform because the sun4i_timer driver fails to get an interrupt from PLIC due to the recent conversion of the PLIC to a platform driver. Converting the sun4i timer to a platform driver does not work either because the D1 does not have a SBI timer available so early boot hangs. See the 'Closes:' link for deeper analysis. The real fix requires enabling the SBI time extension in the platform firmware (OpenSBI) and convert sun4i_timer into platform driver. Unfortunately, the real fix involves changing multiple places and can't be achieved in a short duration and aside of that requires users to update firmware. As a work-around, retrofit PLIC probing such that the PLIC is probed early only for the Allwinner D1 platform and probed as a regular platform driver for rest of the RISC-V platforms. In the process, partially revert some of the previous changes because the PLIC device pointer is not available in all probing paths. Fixes: e306a894bd51 ("irqchip/sifive-plic: Chain to parent IRQ after handlers are ready") Fixes: 8ec99b033147 ("irqchip/sifive-plic: Convert PLIC driver into a platform driver") Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Signed-off-by: Anup Patel <apatel(a)ventanamicro.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Samuel Holland <samuel.holland(a)sifive.com> Tested-by: Emil Renner Berthing <emil.renner.berthing(a)canonical.com> Tested-by: Charlie Jenkins <charlie(a)rivosinc.com> Reviewed-by: Samuel Holland <samuel.holland(a)sifive.com> Reviewed-by: Charlie Jenkins <charlie(a)rivosinc.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240820034850.3189912-1-apatel@ventanamicro.com Closes: https://lore.kernel.org/lkml/20240814145642.344485-1-emil.renner.berthing@c… --- drivers/irqchip/irq-sifive-plic.c | 115 +++++++++++++++++------------ 1 file changed, 71 insertions(+), 44 deletions(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 9e22f7e..4d9ea71 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -3,6 +3,7 @@ * Copyright (C) 2017 SiFive * Copyright (C) 2018 Christoph Hellwig */ +#define pr_fmt(fmt) "riscv-plic: " fmt #include <linux/cpu.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -63,7 +64,7 @@ #define PLIC_QUIRK_EDGE_INTERRUPT 0 struct plic_priv { - struct device *dev; + struct fwnode_handle *fwnode; struct cpumask lmask; struct irq_domain *irqdomain; void __iomem *regs; @@ -378,8 +379,8 @@ static void plic_handle_irq(struct irq_desc *desc) int err = generic_handle_domain_irq(handler->priv->irqdomain, hwirq); if (unlikely(err)) { - dev_warn_ratelimited(handler->priv->dev, - "can't find mapping for hwirq %lu\n", hwirq); + pr_warn_ratelimited("%pfwP: can't find mapping for hwirq %lu\n", + handler->priv->fwnode, hwirq); } } @@ -408,7 +409,8 @@ static int plic_starting_cpu(unsigned int cpu) enable_percpu_irq(plic_parent_irq, irq_get_trigger_type(plic_parent_irq)); else - dev_warn(handler->priv->dev, "cpu%d: parent irq not available\n", cpu); + pr_warn("%pfwP: cpu%d: parent irq not available\n", + handler->priv->fwnode, cpu); plic_set_threshold(handler, PLIC_ENABLE_THRESHOLD); return 0; @@ -424,38 +426,36 @@ static const struct of_device_id plic_match[] = { {} }; -static int plic_parse_nr_irqs_and_contexts(struct platform_device *pdev, +static int plic_parse_nr_irqs_and_contexts(struct fwnode_handle *fwnode, u32 *nr_irqs, u32 *nr_contexts) { - struct device *dev = &pdev->dev; int rc; /* * Currently, only OF fwnode is supported so extend this * function for ACPI support. */ - if (!is_of_node(dev->fwnode)) + if (!is_of_node(fwnode)) return -EINVAL; - rc = of_property_read_u32(to_of_node(dev->fwnode), "riscv,ndev", nr_irqs); + rc = of_property_read_u32(to_of_node(fwnode), "riscv,ndev", nr_irqs); if (rc) { - dev_err(dev, "riscv,ndev property not available\n"); + pr_err("%pfwP: riscv,ndev property not available\n", fwnode); return rc; } - *nr_contexts = of_irq_count(to_of_node(dev->fwnode)); + *nr_contexts = of_irq_count(to_of_node(fwnode)); if (WARN_ON(!(*nr_contexts))) { - dev_err(dev, "no PLIC context available\n"); + pr_err("%pfwP: no PLIC context available\n", fwnode); return -EINVAL; } return 0; } -static int plic_parse_context_parent(struct platform_device *pdev, u32 context, +static int plic_parse_context_parent(struct fwnode_handle *fwnode, u32 context, u32 *parent_hwirq, int *parent_cpu) { - struct device *dev = &pdev->dev; struct of_phandle_args parent; unsigned long hartid; int rc; @@ -464,10 +464,10 @@ static int plic_parse_context_parent(struct platform_device *pdev, u32 context, * Currently, only OF fwnode is supported so extend this * function for ACPI support. */ - if (!is_of_node(dev->fwnode)) + if (!is_of_node(fwnode)) return -EINVAL; - rc = of_irq_parse_one(to_of_node(dev->fwnode), context, &parent); + rc = of_irq_parse_one(to_of_node(fwnode), context, &parent); if (rc) return rc; @@ -480,48 +480,55 @@ static int plic_parse_context_parent(struct platform_device *pdev, u32 context, return 0; } -static int plic_probe(struct platform_device *pdev) +static int plic_probe(struct fwnode_handle *fwnode) { int error = 0, nr_contexts, nr_handlers = 0, cpu, i; - struct device *dev = &pdev->dev; unsigned long plic_quirks = 0; struct plic_handler *handler; u32 nr_irqs, parent_hwirq; struct plic_priv *priv; irq_hw_number_t hwirq; + void __iomem *regs; - if (is_of_node(dev->fwnode)) { + if (is_of_node(fwnode)) { const struct of_device_id *id; - id = of_match_node(plic_match, to_of_node(dev->fwnode)); + id = of_match_node(plic_match, to_of_node(fwnode)); if (id) plic_quirks = (unsigned long)id->data; + + regs = of_iomap(to_of_node(fwnode), 0); + if (!regs) + return -ENOMEM; + } else { + return -ENODEV; } - error = plic_parse_nr_irqs_and_contexts(pdev, &nr_irqs, &nr_contexts); + error = plic_parse_nr_irqs_and_contexts(fwnode, &nr_irqs, &nr_contexts); if (error) - return error; + goto fail_free_regs; - priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); - if (!priv) - return -ENOMEM; + priv = kzalloc(sizeof(*priv), GFP_KERNEL); + if (!priv) { + error = -ENOMEM; + goto fail_free_regs; + } - priv->dev = dev; + priv->fwnode = fwnode; priv->plic_quirks = plic_quirks; priv->nr_irqs = nr_irqs; + priv->regs = regs; - priv->regs = devm_platform_ioremap_resource(pdev, 0); - if (WARN_ON(!priv->regs)) - return -EIO; - - priv->prio_save = devm_bitmap_zalloc(dev, nr_irqs, GFP_KERNEL); - if (!priv->prio_save) - return -ENOMEM; + priv->prio_save = bitmap_zalloc(nr_irqs, GFP_KERNEL); + if (!priv->prio_save) { + error = -ENOMEM; + goto fail_free_priv; + } for (i = 0; i < nr_contexts; i++) { - error = plic_parse_context_parent(pdev, i, &parent_hwirq, &cpu); + error = plic_parse_context_parent(fwnode, i, &parent_hwirq, &cpu); if (error) { - dev_warn(dev, "hwirq for context%d not found\n", i); + pr_warn("%pfwP: hwirq for context%d not found\n", fwnode, i); continue; } @@ -543,7 +550,7 @@ static int plic_probe(struct platform_device *pdev) } if (cpu < 0) { - dev_warn(dev, "Invalid cpuid for context %d\n", i); + pr_warn("%pfwP: Invalid cpuid for context %d\n", fwnode, i); continue; } @@ -554,7 +561,7 @@ static int plic_probe(struct platform_device *pdev) */ handler = per_cpu_ptr(&plic_handlers, cpu); if (handler->present) { - dev_warn(dev, "handler already present for context %d.\n", i); + pr_warn("%pfwP: handler already present for context %d.\n", fwnode, i); plic_set_threshold(handler, PLIC_DISABLE_THRESHOLD); goto done; } @@ -568,8 +575,8 @@ static int plic_probe(struct platform_device *pdev) i * CONTEXT_ENABLE_SIZE; handler->priv = priv; - handler->enable_save = devm_kcalloc(dev, DIV_ROUND_UP(nr_irqs, 32), - sizeof(*handler->enable_save), GFP_KERNEL); + handler->enable_save = kcalloc(DIV_ROUND_UP(nr_irqs, 32), + sizeof(*handler->enable_save), GFP_KERNEL); if (!handler->enable_save) goto fail_cleanup_contexts; done: @@ -581,7 +588,7 @@ done: nr_handlers++; } - priv->irqdomain = irq_domain_add_linear(to_of_node(dev->fwnode), nr_irqs + 1, + priv->irqdomain = irq_domain_add_linear(to_of_node(fwnode), nr_irqs + 1, &plic_irqdomain_ops, priv); if (WARN_ON(!priv->irqdomain)) goto fail_cleanup_contexts; @@ -619,13 +626,13 @@ done: } } - dev_info(dev, "mapped %d interrupts with %d handlers for %d contexts.\n", - nr_irqs, nr_handlers, nr_contexts); + pr_info("%pfwP: mapped %d interrupts with %d handlers for %d contexts.\n", + fwnode, nr_irqs, nr_handlers, nr_contexts); return 0; fail_cleanup_contexts: for (i = 0; i < nr_contexts; i++) { - if (plic_parse_context_parent(pdev, i, &parent_hwirq, &cpu)) + if (plic_parse_context_parent(fwnode, i, &parent_hwirq, &cpu)) continue; if (parent_hwirq != RV_IRQ_EXT || cpu < 0) continue; @@ -634,17 +641,37 @@ fail_cleanup_contexts: handler->present = false; handler->hart_base = NULL; handler->enable_base = NULL; + kfree(handler->enable_save); handler->enable_save = NULL; handler->priv = NULL; } - return -ENOMEM; + bitmap_free(priv->prio_save); +fail_free_priv: + kfree(priv); +fail_free_regs: + iounmap(regs); + return error; +} + +static int plic_platform_probe(struct platform_device *pdev) +{ + return plic_probe(pdev->dev.fwnode); } static struct platform_driver plic_driver = { .driver = { .name = "riscv-plic", .of_match_table = plic_match, + .suppress_bind_attrs = true, }, - .probe = plic_probe, + .probe = plic_platform_probe, }; builtin_platform_driver(plic_driver); + +static int __init plic_early_probe(struct device_node *node, + struct device_node *parent) +{ + return plic_probe(&node->fwnode); +} + +IRQCHIP_DECLARE(riscv, "allwinner,sun20i-d1-plic", plic_early_probe);

1 year, 4 months

1
0
0 0

[PATCH] gfs2: fix double destroy_workqueue error

by Julian Sun

When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue again. This issue can be fixed by setting the work queue pointer to NULL after the first destroy_workqueue() call and checking for a NULL pointer before attempting to destroy the work queue again. Reported-by: syzbot+d34c2a269ed512c531b0(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d34c2a269ed512c531b0 Fixes: 30e388d57367 ("gfs2: Switch to a per-filesystem glock workqueue") Cc: stable(a)vger.kernel.org Signed-off-by: Julian Sun <sunjunchao2870(a)gmail.com> --- fs/gfs2/glock.c | 1 + fs/gfs2/ops_fstype.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/gfs2/glock.c b/fs/gfs2/glock.c index 12a769077ea0..4775c2cb8ae1 100644 --- a/fs/gfs2/glock.c +++ b/fs/gfs2/glock.c @@ -2249,6 +2249,7 @@ void gfs2_gl_hash_clear(struct gfs2_sbd *sdp) gfs2_free_dead_glocks(sdp); glock_hash_walk(dump_glock_func, sdp); destroy_workqueue(sdp->sd_glock_wq); + sdp->sd_glock_wq = NULL; } static const char *state2str(unsigned state) diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index ff1f3e3dc65c..c1a7ff713c84 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1305,7 +1305,8 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) gfs2_delete_debugfs_file(sdp); gfs2_sys_fs_del(sdp); fail_delete_wq: - destroy_workqueue(sdp->sd_delete_wq); + if (sdp->sd_delete_wq) + destroy_workqueue(sdp->sd_delete_wq); fail_glock_wq: destroy_workqueue(sdp->sd_glock_wq); fail_free: -- 2.39.2

1 year, 4 months

2
3
0 0

Re: Patch "rust: work around `bindgen` 0.69.0 issue" has been added to the 6.1-stable tree

by Miguel Ojeda

On Tue, Aug 20, 2024 at 2:04 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > rust: work around `bindgen` 0.69.0 issue > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > rust-work-around-bindgen-0.69.0-issue.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. This should not hurt as a dependency of the other, but just in case: it does not do anything and the comments may be confusing, since we pin bindgen's version in the stable/LTS versions. Thanks! Cheers, Miguel

1 year, 4 months

1
0
0 0

[PATCH] platform/x86: ISST: Fix return value on last invalid resource

by Srinivas Pandruvada

When only the last resource is invalid, tpmi_sst_dev_add() is returing error even if there are other valid resources before. This function should return error when there are no valid resources. Here tpmi_sst_dev_add() is returning "ret" variable. But this "ret" variable contains the failure status of last call to sst_main(), which failed for the invalid resource. But there may be other valid resources before the last entry. To address this, do not update "ret" variable for sst_main() return status. Fixes: 9d1d36268f3d ("platform/x86: ISST: Support partitioned systems") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> # 6.10+ --- drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c index 7fa360073f6e..404582307109 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_tpmi_core.c @@ -1549,8 +1549,7 @@ int tpmi_sst_dev_add(struct auxiliary_device *auxdev) goto unlock_free; } - ret = sst_main(auxdev, &pd_info[i]); - if (ret) { + if (sst_main(auxdev, &pd_info[i])) { /* * This entry is not valid, hardware can partially * populate dies. In this case MMIO will have 0xFFs. -- 2.45.0

1 year, 4 months

2
1
0 0

[PATCH v2] usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()

by Zijun Hu

From: Zijun Hu <quic_zijuhu(a)quicinc.com> Device attribute group @usb3_hardware_lpm_attr_group is merged by add_power_attributes(), but it is not unmerged explicitly, fixed by unmerging it in remove_power_attributes(). Fixes: 655fe4effe0f ("usbcore: add sysfs support to xHCI usb3 hardware LPM") Cc: stable(a)vger.kernel.org Signed-off-by: Zijun Hu <quic_zijuhu(a)quicinc.com> --- Changes in v2: - Add stable tag - Link to v1: https://lore.kernel.org/r/20240814-sysfs_fix-v1-1-2224a29a259b@quicinc.com --- drivers/usb/core/sysfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c index d83231d6736a..61b6d978892c 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -670,6 +670,7 @@ static int add_power_attributes(struct device *dev) static void remove_power_attributes(struct device *dev) { + sysfs_unmerge_group(&dev->kobj, &usb3_hardware_lpm_attr_group); sysfs_unmerge_group(&dev->kobj, &usb2_hardware_lpm_attr_group); sysfs_unmerge_group(&dev->kobj, &power_attr_group); } --- base-commit: ca7df2c7bb5f83fe46aa9ce998b7352c6b28f3a1 change-id: 20240814-sysfs_fix-2206de9b0179 Best regards, -- Zijun Hu <quic_zijuhu(a)quicinc.com>

1 year, 4 months

1
0
0 0

[PATCH] erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails

by Gao Xiang

If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking against gbuf->nrpages in advance. Fixes: d6db47e571dc ("erofs: do not use pagepool in z_erofs_gbuf_growsize()") Cc: <stable(a)vger.kernel.org> # 6.10+ Cc: Chunhai Guo <guochunhai(a)vivo.com> Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- fs/erofs/zutil.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/erofs/zutil.c b/fs/erofs/zutil.c index 9b53883e5caf..37afe2024840 100644 --- a/fs/erofs/zutil.c +++ b/fs/erofs/zutil.c @@ -111,7 +111,8 @@ int z_erofs_gbuf_growsize(unsigned int nrpages) out: if (i < z_erofs_gbuf_count && tmp_pages) { for (j = 0; j < nrpages; ++j) - if (tmp_pages[j] && tmp_pages[j] != gbuf->pages[j]) + if (tmp_pages[j] && (j >= gbuf->nrpages || + tmp_pages[j] != gbuf->pages[j])) __free_page(tmp_pages[j]); kfree(tmp_pages); } -- 2.43.5

1 year, 4 months

2
3
0 0

[PATCH] usb: xhci: fixes lost of data for xHCI Cadence Controllers

by Pawel Laszczak

Stream endpoint can skip part of TD during next transfer initialization after beginning stopped during active stream data transfer. The Set TR Dequeue Pointer command does not clear all internal transfer-related variables that position stream endpoint on transfer ring. USB Controller stores all endpoint state information within RsvdO fields inside endpoint context structure. For stream endpoints, all relevant information regarding particular StreamID is stored within corresponding Stream Endpoint context. Whenever driver wants to stop stream endpoint traffic, it invokes Stop Endpoint command which forces the controller to dump all endpoint state-related variables into RsvdO spaces into endpoint context and stream endpoint context. Whenever driver wants to reinitialize endpoint starting point on Transfer Ring, it uses the Set TR Dequeue Pointer command to update dequeue pointer for particular stream in Stream Endpoint Context. When stream endpoint is forced to stop active transfer in the middle of TD, it dumps an information about TRB bytes left in RsvdO fields in Stream Endpoint Context which will be used in next transfer initialization to designate starting point for XDMA. This field is not cleared during Set TR Dequeue Pointer command which causes XDMA to skip over transfer ring and leads to data loss on stream pipe. Patch fixes this by clearing out all RsvdO fields before initializing new transfer via that StreamID. Field Rsvd0 is reserved field, so patch should not have impact for other xHCI controllers. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: <stable(a)vger.kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/host/xhci-ring.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c index 1dde53f6eb31..7fc1c4efcae2 100644 --- a/drivers/usb/host/xhci-ring.c +++ b/drivers/usb/host/xhci-ring.c @@ -1385,7 +1385,20 @@ static void xhci_handle_cmd_set_deq(struct xhci_hcd *xhci, int slot_id, if (ep->ep_state & EP_HAS_STREAMS) { struct xhci_stream_ctx *ctx = &ep->stream_info->stream_ctx_array[stream_id]; + u32 edtl; + deq = le64_to_cpu(ctx->stream_ring) & SCTX_DEQ_MASK; + edtl = EVENT_TRB_LEN(le32_to_cpu(ctx->reserved[1])); + + /* + * Existing Cadence xHCI controllers store some endpoint state information + * within Rsvd0 fields of Stream Endpoint context. This field is not + * cleared during Set TR Dequeue Pointer command which causes XDMA to skip + * over transfer ring and leads to data loss on stream pipe. + * To fix this issue driver must clear Rsvd0 field. + */ + ctx->reserved[1] = 0; + ctx->reserved[0] = cpu_to_le32(edtl); } else { deq = le64_to_cpu(ep_ctx->deq) & ~EP_CTX_CYCLE_MASK; } -- 2.43.0

1 year, 4 months

2
2
0 0

[PATCH v2 1/3] drm/xe: Read out rawclk_freq for display

by Maarten Lankhorst

Failing to read out rawclk makes it impossible to read out backlight, which results in backlight not working when the backlight is off during boot, or when reloading the module. Signed-off-by: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Fixes: 44e694958b95 ("drm/xe/display: Implement display support") Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/display/xe_display.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/gpu/drm/xe/display/xe_display.c b/drivers/gpu/drm/xe/display/xe_display.c index 30dfdac9f6fa9..79add15c6c4c7 100644 --- a/drivers/gpu/drm/xe/display/xe_display.c +++ b/drivers/gpu/drm/xe/display/xe_display.c @@ -159,6 +159,9 @@ int xe_display_init_noirq(struct xe_device *xe) intel_display_device_info_runtime_init(xe); + RUNTIME_INFO(xe)->rawclk_freq = intel_read_rawclk(xe); + drm_dbg(&xe->drm, "rawclk rate: %d kHz\n", RUNTIME_INFO(xe)->rawclk_freq); + err = intel_display_driver_probe_noirq(xe); if (err) { intel_opregion_cleanup(display); -- 2.45.2

1 year, 4 months

2
2
0 0

[PATCH v2] irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init

by Ma Ke

Add the missing of_node_put() to release the refcount incremented by of_find_matching_node(). Cc: stable(a)vger.kernel.org Fixes: 4266ab1a8ff5 ("irqchip/gic-v2m: Refactor to prepare for ACPI support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> --- Changes in v2: - modified the patch according to suggestions. --- drivers/irqchip/irq-gic-v2m.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/irqchip/irq-gic-v2m.c b/drivers/irqchip/irq-gic-v2m.c index 51af63c046ed..d5988012eb40 100644 --- a/drivers/irqchip/irq-gic-v2m.c +++ b/drivers/irqchip/irq-gic-v2m.c @@ -407,12 +407,12 @@ static int __init gicv2m_of_init(struct fwnode_handle *parent_handle, ret = gicv2m_init_one(&child->fwnode, spi_start, nr_spis, &res, 0); - if (ret) { - of_node_put(child); + if (ret) break; - } } + if (ret && child) + of_put_node(child); if (!ret) ret = gicv2m_allocate_domains(parent); if (ret) -- 2.25.1

1 year, 4 months

2
1
0 0

FAILED: patch "[PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 61ebe5a747da649057c37be1c37eb934b4af79ca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024081917-rubber-cable-a9ab@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 61ebe5a747da ("mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0") 88ae5fb755b0 ("mm: vmalloc: enable memory allocation profiling") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 61ebe5a747da649057c37be1c37eb934b4af79ca Mon Sep 17 00:00:00 2001 From: Hailong Liu <hailong.liu(a)oppo.com> Date: Thu, 8 Aug 2024 20:19:56 +0800 Subject: [PATCH] mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags includes __GFP_NOFAIL with high order in vm_area_alloc_pages() and page allocation failed for high order, the pages** may contain two different page shifts (high order and order-0). This could lead __vmap_pages_range_noflush() to perform incorrect mappings, potentially resulting in memory corruption. Users might encounter this as follows (vmap_allow_huge = true, 2M is for PMD_SIZE): kvmalloc(2M, __GFP_NOFAIL|GFP_X) __vmalloc_node_range_noprof(vm_flags=VM_ALLOW_HUGE_VMAP) vm_area_alloc_pages(order=9) ---> order-9 allocation failed and fallback to order-0 vmap_pages_range() vmap_pages_range_noflush() __vmap_pages_range_noflush(page_shift = 21) ----> wrong mapping happens We can remove the fallback code because if a high-order allocation fails, __vmalloc_node_range_noprof() will retry with order-0. Therefore, it is unnecessary to fallback to order-0 here. Therefore, fix this by removing the fallback code. Link: https://lkml.kernel.org/r/20240808122019.3361-1-hailong.liu@oppo.com Fixes: e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations") Signed-off-by: Hailong Liu <hailong.liu(a)oppo.com> Reported-by: Tangquan Zheng <zhengtangquan(a)oppo.com> Reviewed-by: Baoquan He <bhe(a)redhat.com> Reviewed-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Acked-by: Barry Song <baohua(a)kernel.org> Acked-by: Michal Hocko <mhocko(a)suse.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/vmalloc.c b/mm/vmalloc.c index 6b783baf12a1..af2de36549d6 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -3584,15 +3584,8 @@ vm_area_alloc_pages(gfp_t gfp, int nid, page = alloc_pages_noprof(alloc_gfp, order); else page = alloc_pages_node_noprof(nid, alloc_gfp, order); - if (unlikely(!page)) { - if (!nofail) - break; - - /* fall back to the zero order allocations */ - alloc_gfp |= __GFP_NOFAIL; - order = 0; - continue; - } + if (unlikely(!page)) + break; /* * Higher order allocations must be able to be treated as

1 year, 4 months

2
1
0 0

[PATCH v2 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes

by Bjorn Andersson

Amit and Johan both reported a NULL pointer dereference in the pmic_glink client code during initialization, and Stephen Boyd pointed out the problem (race condition). While investigating, and writing the fix, I noticed that ucsi_unregister() is called in atomic context but tries to sleep, and I also noticed that the condition for when to inform the pmic_glink client drivers when the remote has gone down is just wrong. So, let's fix all three. As mentioned in the commit message for the UCSI fix, I have a series in the works that makes the GLINK callback happen in a sleepable context, which would remove the need for the clients list to be protected by a spinlock, and removing the work scheduling. This is however not -rc material... In addition to the NULL pointer dereference, there is the -ECANCELED issue reported here: https://lore.kernel.org/all/Zqet8iInnDhnxkT9@hovoldconsulting.com/ Johan reports that these fixes do not address that issue. Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- Changes in v2: - Refer to the correct commit in the ucsi_unregister() patch. - Updated wording in the same commit message about the new error message in the log. - Changed the data type of the introduced state variables, opted to go for a bool as we only represent two states (and I would like to further clean this up going forward) - Initialized the spinlock - Link to v1: https://lore.kernel.org/r/20240818-pmic-glink-v6-11-races-v1-0-f87c577e0bc9… --- Bjorn Andersson (3): soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section soc: qcom: pmic_glink: Actually communicate with remote goes down drivers/power/supply/qcom_battmgr.c | 16 ++++++++----- drivers/soc/qcom/pmic_glink.c | 40 ++++++++++++++++++++++---------- drivers/soc/qcom/pmic_glink_altmode.c | 17 +++++++++----- drivers/usb/typec/ucsi/ucsi_glink.c | 43 ++++++++++++++++++++++++++--------- include/linux/soc/qcom/pmic_glink.h | 11 +++++---- 5 files changed, 87 insertions(+), 40 deletions(-) --- base-commit: 2fd613d27928293eaa87788b10e8befb6805cd42 change-id: 20240818-pmic-glink-v6-11-races-363f5964c339 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

1 year, 4 months

3
9
0 0

[PATCH 0/3] soc: qcom: pmic_glink: v6.11-rc bug fixes

by Bjorn Andersson

Amit and Johan both reported a NULL pointer dereference in the pmic_glink client code during initialization, and Stephen Boyd pointed out the problem (race condition). While investigating, and writing the fix, I noticed that ucsi_unregister() is called in atomic context but tries to sleep, and I also noticed that the condition for when to inform the pmic_glink client drivers when the remote has gone down is just wrong. So, let's fix all three. As mentioned in the commit message for the UCSI fix, I have a series in the works that makes the GLINK callback happen in a sleepable context, which would remove the need for the clients list to be protected by a spinlock, and removing the work scheduling. This is however not -rc material... In addition to the NULL pointer dereference, there is the -ECANCELED issue reported here: https://lore.kernel.org/all/Zqet8iInnDhnxkT9@hovoldconsulting.com/ I have not yet been able to either reproduce this or convince myself that this is the same issue. Signed-off-by: Bjorn Andersson <quic_bjorande(a)quicinc.com> --- Bjorn Andersson (3): soc: qcom: pmic_glink: Fix race during initialization usb: typec: ucsi: Move unregister out of atomic section soc: qcom: pmic_glink: Actually communicate with remote goes down drivers/power/supply/qcom_battmgr.c | 16 ++++++++----- drivers/soc/qcom/pmic_glink.c | 40 +++++++++++++++++++++---------- drivers/soc/qcom/pmic_glink_altmode.c | 17 +++++++++----- drivers/usb/typec/ucsi/ucsi_glink.c | 44 ++++++++++++++++++++++++++--------- include/linux/soc/qcom/pmic_glink.h | 11 +++++---- 5 files changed, 88 insertions(+), 40 deletions(-) --- base-commit: 296c871d2904cff2b4742702ef94512ab467a8e3 change-id: 20240818-pmic-glink-v6-11-races-363f5964c339 Best regards, -- Bjorn Andersson <quic_bjorande(a)quicinc.com>

1 year, 4 months

7
23
0 0

[PATCH 5.15.y] block: use "unsigned long" for blk_validate_block_size().

by David Hunter

Since lo_simple_ioctl(LOOP_SET_BLOCK_SIZE) and ioctl(NBD_SET_BLKSIZE) pass user-controlled "unsigned long arg" to blk_validate_block_size(), "unsigned long" should be used for validation. Signed-off-by: Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Link: https://lore.kernel.org/r/9ecbf057-4375-c2db-ab53-e4cc0dff953d@i-love.sakur… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> (cherry picked from commit 37ae5a0f5287a52cf51242e76ccf198d02ffe495) Signed-off-by: David Hunter <david.hunter.linux(a)gmail.com> --- include/linux/blkdev.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h index 905844172cfd..c6d57814988d 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h @@ -235,7 +235,7 @@ struct request { void *end_io_data; }; -static inline int blk_validate_block_size(unsigned int bsize) +static inline int blk_validate_block_size(unsigned long bsize) { if (bsize < 512 || bsize > PAGE_SIZE || !is_power_of_2(bsize)) return -EINVAL; -- 2.43.0

1 year, 4 months

1
1
0 0

+ mm-krealloc-consider-spare-memory-for-__gfp_zero.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm: krealloc: consider spare memory for __GFP_ZERO has been added to the -mm mm-unstable branch. Its filename is mm-krealloc-consider-spare-memory-for-__gfp_zero.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Danilo Krummrich <dakr(a)kernel.org> Subject: mm: krealloc: consider spare memory for __GFP_ZERO Date: Tue, 13 Aug 2024 00:34:34 +0200 As long as krealloc() is called with __GFP_ZERO consistently, starting with the initial memory allocation, __GFP_ZERO should be fully honored. However, if for an existing allocation krealloc() is called with a decreased size, it is not ensured that the spare portion the allocation is zeroed. Thus, if krealloc() is subsequently called with a larger size again, __GFP_ZERO can't be fully honored, since we don't know the previous size, but only the bucket size. Example: buf = kzalloc(64, GFP_KERNEL); memset(buf, 0xff, 64); buf = krealloc(buf, 48, GFP_KERNEL | __GFP_ZERO); /* After this call the last 16 bytes are still 0xff. */ buf = krealloc(buf, 64, GFP_KERNEL | __GFP_ZERO); Fix this, by explicitly setting spare memory to zero, when shrinking an allocation with __GFP_ZERO flag set or init_on_alloc enabled. Link: https://lkml.kernel.org/r/20240812223707.32049-1-dakr@kernel.org Signed-off-by: Danilo Krummrich <dakr(a)kernel.org> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Acked-by: David Rientjes <rientjes(a)google.com> Cc: Christoph Lameter <cl(a)linux.com> Cc: Hyeonggon Yoo <42.hyeyoo(a)gmail.com> Cc: Joonsoo Kim <iamjoonsoo.kim(a)lge.com> Cc: Pekka Enberg <penberg(a)kernel.org> Cc: Roman Gushchin <roman.gushchin(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/slab_common.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/mm/slab_common.c~mm-krealloc-consider-spare-memory-for-__gfp_zero +++ a/mm/slab_common.c @@ -1273,6 +1273,13 @@ __do_krealloc(const void *p, size_t new_ /* If the object still fits, repoison it precisely. */ if (ks >= new_size) { + /* Zero out spare memory. */ + if (want_init_on_alloc(flags)) { + kasan_disable_current(); + memset((void *)p + new_size, 0, ks - new_size); + kasan_enable_current(); + } + p = kasan_krealloc((void *)p, new_size, flags); return (void *)p; } _ Patches currently in -mm which might be from dakr(a)kernel.org are mm-vmalloc-implement-vrealloc.patch mm-vmalloc-implement-vrealloc-fix.patch mm-vmalloc-implement-vrealloc-fix-2.patch mm-vmalloc-implement-vrealloc-fix-3.patch mm-vmalloc-implement-vrealloc-fix-4.patch mm-kvmalloc-align-kvrealloc-with-krealloc.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix-2.patch mm-kvmalloc-align-kvrealloc-with-krealloc-fix-3.patch mm-krealloc-consider-spare-memory-for-__gfp_zero.patch mm-krealloc-clarify-valid-usage-of-__gfp_zero.patch

1 year, 4 months

1
0
0 0