- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] Patch "USB: ulpi: fix bus-node lookup" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: ulpi: fix bus-node lookup to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-ulpi-fix-bus-node-lookup.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 33c309ebc797b908029fd3a0851aefe697e9b598 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan(a)kernel.org> Date: Sat, 11 Nov 2017 16:31:18 +0100 Subject: USB: ulpi: fix bus-node lookup From: Johan Hovold <johan(a)kernel.org> commit 33c309ebc797b908029fd3a0851aefe697e9b598 upstream. Fix bus-node lookup during registration, which ended up searching the whole device tree depth-first starting at the parent (or grand parent) rather than just matching on its children. To make things worse, the parent (or grand-parent) node could end being prematurely freed as well. Fixes: ef6a7bcfb01c ("usb: ulpi: Support device discovery via DT") Reported-by: Peter Robinson <pbrobinson(a)gmail.com> Reported-by: Stephen Boyd <sboyd(a)codeaurora.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/common/ulpi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/usb/common/ulpi.c +++ b/drivers/usb/common/ulpi.c @@ -183,9 +183,9 @@ static int ulpi_of_register(struct ulpi /* Find a ulpi bus underneath the parent or the grandparent */ parent = ulpi->dev.parent; if (parent->of_node) - np = of_find_node_by_name(parent->of_node, "ulpi"); + np = of_get_child_by_name(parent->of_node, "ulpi"); else if (parent->parent && parent->parent->of_node) - np = of_find_node_by_name(parent->parent->of_node, "ulpi"); + np = of_get_child_by_name(parent->parent->of_node, "ulpi"); if (!np) return 0; Patches currently in stable-queue which might be from johan(a)kernel.org are queue-4.14/staging-greybus-loopback-fix-iteration-count-on-async-path.patch queue-4.14/usb-serial-usb_debug-add-new-usb-device-id.patch queue-4.14/spi-spi-axi-fix-potential-use-after-free-after-deregistration.patch queue-4.14/usb-ulpi-fix-bus-node-lookup.patch queue-4.14/usb-serial-option-add-quectel-bg96-id.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: hub: Cycle HUB power when initialization fails" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hub: Cycle HUB power when initialization fails to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-hub-cycle-hub-power-when-initialization-fails.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 973593a960ddac0f14f0d8877d2d0abe0afda795 Mon Sep 17 00:00:00 2001 From: Mike Looijmans <mike.looijmans(a)topic.nl> Date: Thu, 9 Nov 2017 13:16:46 +0100 Subject: usb: hub: Cycle HUB power when initialization fails From: Mike Looijmans <mike.looijmans(a)topic.nl> commit 973593a960ddac0f14f0d8877d2d0abe0afda795 upstream. Sometimes the USB device gets confused about the state of the initialization and the connection fails. In particular, the device thinks that it's already set up and running while the host thinks the device still needs to be configured. To work around this issue, power-cycle the hub's output to issue a sort of "reset" to the device. This makes the device restart its state machine and then the initialization succeeds. This fixes problems where the kernel reports a list of errors like this: usb 1-1.3: device not accepting address 19, error -71 The end result is a non-functioning device. After this patch, the sequence becomes like this: usb 1-1.3: new high-speed USB device number 18 using ci_hdrc usb 1-1.3: device not accepting address 18, error -71 usb 1-1.3: new high-speed USB device number 19 using ci_hdrc usb 1-1.3: device not accepting address 19, error -71 usb 1-1-port3: attempt power cycle usb 1-1.3: new high-speed USB device number 21 using ci_hdrc usb-storage 1-1.3:1.2: USB Mass Storage device detected Signed-off-by: Mike Looijmans <mike.looijmans(a)topic.nl> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hub.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -4935,6 +4935,15 @@ loop: usb_put_dev(udev); if ((status == -ENOTCONN) || (status == -ENOTSUPP)) break; + + /* When halfway through our retry count, power-cycle the port */ + if (i == (SET_CONFIG_TRIES / 2) - 1) { + dev_info(&port_dev->dev, "attempt power cycle\n"); + usb_hub_set_port_power(hdev, hub, port1, false); + msleep(2 * hub_power_on_good_delay(hub)); + usb_hub_set_port_power(hdev, hub, port1, true); + msleep(hub_power_on_good_delay(hub)); + } } if (hub->hdev->parent || !hcd->driver->port_handed_over || Patches currently in stable-queue which might be from mike.looijmans(a)topic.nl are queue-4.14/usb-hub-cycle-hub-power-when-initialization-fails.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: host: fix incorrect updating of offset" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: host: fix incorrect updating of offset to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-host-fix-incorrect-updating-of-offset.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1d5a31582ef046d3b233f0da1a68ae26519b2f0a Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Tue, 7 Nov 2017 16:45:04 +0000 Subject: usb: host: fix incorrect updating of offset From: Colin Ian King <colin.king(a)canonical.com> commit 1d5a31582ef046d3b233f0da1a68ae26519b2f0a upstream. The variable temp is incorrectly being updated, instead it should be offset otherwise the loop just reads the same capability value and loops forever. Thanks to Alan Stern for pointing out the correct fix to my original fix. Fix also cleans up clang warning: drivers/usb/host/ehci-dbg.c:840:4: warning: Value stored to 'temp' is never read Fixes: d49d43174400 ("USB: misc ehci updates") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ehci-dbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/host/ehci-dbg.c +++ b/drivers/usb/host/ehci-dbg.c @@ -837,7 +837,7 @@ static ssize_t fill_registers_buffer(str default: /* unknown */ break; } - temp = (cap >> 8) & 0xff; + offset = (cap >> 8) & 0xff; } } #endif Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-4.14/staging-rtl8188eu-avoid-a-null-dereference-on-pmlmepriv.patch queue-4.14/usb-host-fix-incorrect-updating-of-offset.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "USB: core: Add type-specific length check of BOS descriptors" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: core: Add type-specific length check of BOS descriptors to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-core-add-type-specific-length-check-of-bos-descriptors.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 81cf4a45360f70528f1f64ba018d61cb5767249a Mon Sep 17 00:00:00 2001 From: Masakazu Mokuno <masakazu.mokuno(a)gmail.com> Date: Fri, 10 Nov 2017 01:25:50 +0900 Subject: USB: core: Add type-specific length check of BOS descriptors From: Masakazu Mokuno <masakazu.mokuno(a)gmail.com> commit 81cf4a45360f70528f1f64ba018d61cb5767249a upstream. As most of BOS descriptors are longer in length than their header 'struct usb_dev_cap_header', comparing solely with it is not sufficient to avoid out-of-bounds access to BOS descriptors. This patch adds descriptor type specific length check in usb_get_bos_descriptor() to fix the issue. Signed-off-by: Masakazu Mokuno <masakazu.mokuno(a)gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/config.c | 28 ++++++++++++++++++++++++---- include/uapi/linux/usb/ch9.h | 3 +++ 2 files changed, 27 insertions(+), 4 deletions(-) --- a/drivers/usb/core/config.c +++ b/drivers/usb/core/config.c @@ -905,14 +905,25 @@ void usb_release_bos_descriptor(struct u } } +static const __u8 bos_desc_len[256] = { + [USB_CAP_TYPE_WIRELESS_USB] = USB_DT_USB_WIRELESS_CAP_SIZE, + [USB_CAP_TYPE_EXT] = USB_DT_USB_EXT_CAP_SIZE, + [USB_SS_CAP_TYPE] = USB_DT_USB_SS_CAP_SIZE, + [USB_SSP_CAP_TYPE] = USB_DT_USB_SSP_CAP_SIZE(1), + [CONTAINER_ID_TYPE] = USB_DT_USB_SS_CONTN_ID_SIZE, + [USB_PTM_CAP_TYPE] = USB_DT_USB_PTM_ID_SIZE, +}; + /* Get BOS descriptor set */ int usb_get_bos_descriptor(struct usb_device *dev) { struct device *ddev = &dev->dev; struct usb_bos_descriptor *bos; struct usb_dev_cap_header *cap; + struct usb_ssp_cap_descriptor *ssp_cap; unsigned char *buffer; - int length, total_len, num, i; + int length, total_len, num, i, ssac; + __u8 cap_type; int ret; bos = kzalloc(sizeof(struct usb_bos_descriptor), GFP_KERNEL); @@ -965,7 +976,13 @@ int usb_get_bos_descriptor(struct usb_de dev->bos->desc->bNumDeviceCaps = i; break; } + cap_type = cap->bDevCapabilityType; length = cap->bLength; + if (bos_desc_len[cap_type] && length < bos_desc_len[cap_type]) { + dev->bos->desc->bNumDeviceCaps = i; + break; + } + total_len -= length; if (cap->bDescriptorType != USB_DT_DEVICE_CAPABILITY) { @@ -973,7 +990,7 @@ int usb_get_bos_descriptor(struct usb_de continue; } - switch (cap->bDevCapabilityType) { + switch (cap_type) { case USB_CAP_TYPE_WIRELESS_USB: /* Wireless USB cap descriptor is handled by wusb */ break; @@ -986,8 +1003,11 @@ int usb_get_bos_descriptor(struct usb_de (struct usb_ss_cap_descriptor *)buffer; break; case USB_SSP_CAP_TYPE: - dev->bos->ssp_cap = - (struct usb_ssp_cap_descriptor *)buffer; + ssp_cap = (struct usb_ssp_cap_descriptor *)buffer; + ssac = (le32_to_cpu(ssp_cap->bmAttributes) & + USB_SSP_SUBLINK_SPEED_ATTRIBS) + 1; + if (length >= USB_DT_USB_SSP_CAP_SIZE(ssac)) + dev->bos->ssp_cap = ssp_cap; break; case CONTAINER_ID_TYPE: dev->bos->ss_id = --- a/include/uapi/linux/usb/ch9.h +++ b/include/uapi/linux/usb/ch9.h @@ -876,6 +876,8 @@ struct usb_wireless_cap_descriptor { /* __u8 bReserved; } __attribute__((packed)); +#define USB_DT_USB_WIRELESS_CAP_SIZE 11 + /* USB 2.0 Extension descriptor */ #define USB_CAP_TYPE_EXT 2 @@ -1068,6 +1070,7 @@ struct usb_ptm_cap_descriptor { __u8 bDevCapabilityType; } __attribute__((packed)); +#define USB_DT_USB_PTM_ID_SIZE 3 /* * The size of the descriptor for the Sublink Speed Attribute Count * (SSAC) specified in bmAttributes[4:0]. Patches currently in stable-queue which might be from masakazu.mokuno(a)gmail.com are queue-4.14/usb-core-add-type-specific-length-check-of-bos-descriptors.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "staging: ccree: fix leak of import() after init()" has been added to the 4.14-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled staging: ccree: fix leak of import() after init() to the 4.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: staging-ccree-fix-leak-of-import-after-init.patch and it can be found in the queue-4.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From c5f39d07860c35e5e4c63188139465af790f86ce Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef <gilad(a)benyossef.com> Date: Thu, 9 Nov 2017 09:16:09 +0000 Subject: staging: ccree: fix leak of import() after init() From: Gilad Ben-Yossef <gilad(a)benyossef.com> commit c5f39d07860c35e5e4c63188139465af790f86ce upstream. crypto_ahash_import() may be called either after crypto_ahash_init() or without such call. Right now we always internally call init() as part of import(), thus leaking memory and mappings if the user has already called init() herself. Fix this by only calling init() internally if the state is not already initialized. Fixes: commit 454527d0d94f ("staging: ccree: fix hash import/export") Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com> Reviewed-by: Dan Carpenter <dan.carpenter(a)oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/staging/ccree/ssi_hash.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/drivers/staging/ccree/ssi_hash.c +++ b/drivers/staging/ccree/ssi_hash.c @@ -1790,9 +1790,12 @@ static int ssi_ahash_import(struct ahash } in += sizeof(u32); - rc = ssi_hash_init(state, ctx); - if (rc) - goto out; + /* call init() to allocate bufs if the user hasn't */ + if (!state->digest_buff) { + rc = ssi_hash_init(state, ctx); + if (rc) + goto out; + } dma_sync_single_for_cpu(dev, state->digest_buff_dma_addr, ctx->inter_digestsize, DMA_BIDIRECTIONAL); Patches currently in stable-queue which might be from gilad(a)benyossef.com are queue-4.14/staging-ccree-fix-leak-of-import-after-init.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "USB: usbfs: Filter flags passed in from user space" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: usbfs: Filter flags passed in from user space to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-usbfs-filter-flags-passed-in-from-user-space.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 446f666da9f019ce2ffd03800995487e79a91462 Mon Sep 17 00:00:00 2001 From: Oliver Neukum <oneukum(a)suse.com> Date: Thu, 23 Nov 2017 16:39:52 +0100 Subject: USB: usbfs: Filter flags passed in from user space From: Oliver Neukum <oneukum(a)suse.com> commit 446f666da9f019ce2ffd03800995487e79a91462 upstream. USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints. Improve sanity checking. Reported-by: Andrey Konovalov <andreyknvl(a)google.com> Signed-off-by: Oliver Neukum <oneukum(a)suse.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -1290,14 +1290,18 @@ static int proc_do_submiturb(struct usb_ int number_of_packets = 0; unsigned int stream_id = 0; void *buf; - - if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP | - USBDEVFS_URB_SHORT_NOT_OK | + unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK | USBDEVFS_URB_BULK_CONTINUATION | USBDEVFS_URB_NO_FSBR | USBDEVFS_URB_ZERO_PACKET | - USBDEVFS_URB_NO_INTERRUPT)) - return -EINVAL; + USBDEVFS_URB_NO_INTERRUPT; + /* USBDEVFS_URB_ISO_ASAP is a special case */ + if (uurb->type == USBDEVFS_URB_TYPE_ISO) + mask |= USBDEVFS_URB_ISO_ASAP; + + if (uurb->flags & ~mask) + return -EINVAL; + if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX) return -EINVAL; if (uurb->buffer_length > 0 && !uurb->buffer) Patches currently in stable-queue which might be from oneukum(a)suse.com are queue-3.18/usb-usbfs-filter-flags-passed-in-from-user-space.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "USB: Increase usbfs transfer limit" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: Increase usbfs transfer limit to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-increase-usbfs-transfer-limit.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1129d270cbfbb7e2b1ec3dede4a13930bdd10e41 Mon Sep 17 00:00:00 2001 From: Mateusz Berezecki <mateuszb(a)fastmail.fm> Date: Wed, 21 Dec 2016 09:19:14 -0800 Subject: USB: Increase usbfs transfer limit From: Mateusz Berezecki <mateuszb(a)fastmail.fm> commit 1129d270cbfbb7e2b1ec3dede4a13930bdd10e41 upstream. Promote a variable keeping track of USB transfer memory usage to a wider data type and allow for higher bandwidth transfers from a large number of USB devices connected to a single host. Signed-off-by: Mateusz Berezecki <mateuszb(a)fastmail.fm> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 43 ++++++++++++++++--------------------------- 1 file changed, 16 insertions(+), 27 deletions(-) --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -113,42 +113,35 @@ enum snoop_when { #define USB_DEVICE_DEV MKDEV(USB_DEVICE_MAJOR, 0) /* Limit on the total amount of memory we can allocate for transfers */ -static unsigned usbfs_memory_mb = 16; +static u32 usbfs_memory_mb = 16; module_param(usbfs_memory_mb, uint, 0644); MODULE_PARM_DESC(usbfs_memory_mb, "maximum MB allowed for usbfs buffers (0 = no limit)"); -/* Hard limit, necessary to avoid arithmetic overflow */ -#define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000) - -static atomic_t usbfs_memory_usage; /* Total memory currently allocated */ +static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */ /* Check whether it's okay to allocate more memory for a transfer */ -static int usbfs_increase_memory_usage(unsigned amount) +static int usbfs_increase_memory_usage(u64 amount) { - unsigned lim; + u64 lim; - /* - * Convert usbfs_memory_mb to bytes, avoiding overflows. - * 0 means use the hard limit (effectively unlimited). - */ lim = ACCESS_ONCE(usbfs_memory_mb); - if (lim == 0 || lim > (USBFS_XFER_MAX >> 20)) - lim = USBFS_XFER_MAX; - else - lim <<= 20; + lim <<= 20; - atomic_add(amount, &usbfs_memory_usage); - if (atomic_read(&usbfs_memory_usage) <= lim) - return 0; - atomic_sub(amount, &usbfs_memory_usage); - return -ENOMEM; + atomic64_add(amount, &usbfs_memory_usage); + + if (lim > 0 && atomic64_read(&usbfs_memory_usage) > lim) { + atomic64_sub(amount, &usbfs_memory_usage); + return -ENOMEM; + } + + return 0; } /* Memory for a transfer is being deallocated */ -static void usbfs_decrease_memory_usage(unsigned amount) +static void usbfs_decrease_memory_usage(u64 amount) { - atomic_sub(amount, &usbfs_memory_usage); + atomic64_sub(amount, &usbfs_memory_usage); } static int connected(struct usb_dev_state *ps) @@ -1077,7 +1070,7 @@ static int proc_bulk(struct usb_dev_stat if (!usb_maxpacket(dev, pipe, !(bulk.ep & USB_DIR_IN))) return -EINVAL; len1 = bulk.len; - if (len1 >= USBFS_XFER_MAX) + if (len1 >= (INT_MAX - sizeof(struct urb))) return -EINVAL; ret = usbfs_increase_memory_usage(len1 + sizeof(struct urb)); if (ret) @@ -1420,10 +1413,6 @@ static int proc_do_submiturb(struct usb_ return -EINVAL; } - if (uurb->buffer_length >= USBFS_XFER_MAX) { - ret = -EINVAL; - goto error; - } if (uurb->buffer_length > 0 && !access_ok(is_in ? VERIFY_WRITE : VERIFY_READ, uurb->buffer, uurb->buffer_length)) { Patches currently in stable-queue which might be from mateuszb(a)fastmail.fm are queue-3.18/usb-increase-usbfs-transfer-limit.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: hub: Cycle HUB power when initialization fails" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: hub: Cycle HUB power when initialization fails to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-hub-cycle-hub-power-when-initialization-fails.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 973593a960ddac0f14f0d8877d2d0abe0afda795 Mon Sep 17 00:00:00 2001 From: Mike Looijmans <mike.looijmans(a)topic.nl> Date: Thu, 9 Nov 2017 13:16:46 +0100 Subject: usb: hub: Cycle HUB power when initialization fails From: Mike Looijmans <mike.looijmans(a)topic.nl> commit 973593a960ddac0f14f0d8877d2d0abe0afda795 upstream. Sometimes the USB device gets confused about the state of the initialization and the connection fails. In particular, the device thinks that it's already set up and running while the host thinks the device still needs to be configured. To work around this issue, power-cycle the hub's output to issue a sort of "reset" to the device. This makes the device restart its state machine and then the initialization succeeds. This fixes problems where the kernel reports a list of errors like this: usb 1-1.3: device not accepting address 19, error -71 The end result is a non-functioning device. After this patch, the sequence becomes like this: usb 1-1.3: new high-speed USB device number 18 using ci_hdrc usb 1-1.3: device not accepting address 18, error -71 usb 1-1.3: new high-speed USB device number 19 using ci_hdrc usb 1-1.3: device not accepting address 19, error -71 usb 1-1-port3: attempt power cycle usb 1-1.3: new high-speed USB device number 21 using ci_hdrc usb-storage 1-1.3:1.2: USB Mass Storage device detected Signed-off-by: Mike Looijmans <mike.looijmans(a)topic.nl> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/hub.c | 9 +++++++++ 1 file changed, 9 insertions(+) --- a/drivers/usb/core/hub.c +++ b/drivers/usb/core/hub.c @@ -4816,6 +4816,15 @@ loop: usb_put_dev(udev); if ((status == -ENOTCONN) || (status == -ENOTSUPP)) break; + + /* When halfway through our retry count, power-cycle the port */ + if (i == (SET_CONFIG_TRIES / 2) - 1) { + dev_info(&port_dev->dev, "attempt power cycle\n"); + usb_hub_set_port_power(hdev, hub, port1, false); + msleep(2 * hub_power_on_good_delay(hub)); + usb_hub_set_port_power(hdev, hub, port1, true); + msleep(hub_power_on_good_delay(hub)); + } } if (hub->hdev->parent || !hcd->driver->port_handed_over || Patches currently in stable-queue which might be from mike.looijmans(a)topic.nl are queue-3.18/usb-hub-cycle-hub-power-when-initialization-fails.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "usb: host: fix incorrect updating of offset" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled usb: host: fix incorrect updating of offset to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-host-fix-incorrect-updating-of-offset.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 1d5a31582ef046d3b233f0da1a68ae26519b2f0a Mon Sep 17 00:00:00 2001 From: Colin Ian King <colin.king(a)canonical.com> Date: Tue, 7 Nov 2017 16:45:04 +0000 Subject: usb: host: fix incorrect updating of offset From: Colin Ian King <colin.king(a)canonical.com> commit 1d5a31582ef046d3b233f0da1a68ae26519b2f0a upstream. The variable temp is incorrectly being updated, instead it should be offset otherwise the loop just reads the same capability value and loops forever. Thanks to Alan Stern for pointing out the correct fix to my original fix. Fix also cleans up clang warning: drivers/usb/host/ehci-dbg.c:840:4: warning: Value stored to 'temp' is never read Fixes: d49d43174400 ("USB: misc ehci updates") Signed-off-by: Colin Ian King <colin.king(a)canonical.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/host/ehci-dbg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/usb/host/ehci-dbg.c +++ b/drivers/usb/host/ehci-dbg.c @@ -850,7 +850,7 @@ static ssize_t fill_registers_buffer(str default: /* unknown */ break; } - temp = (cap >> 8) & 0xff; + offset = (cap >> 8) & 0xff; } } #endif Patches currently in stable-queue which might be from colin.king(a)canonical.com are queue-3.18/usb-host-fix-incorrect-updating-of-offset.patch queue-3.18/net-sctp-fix-array-overrun-read-on-sctp_timer_tbl.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "USB: devio: Prevent integer overflow in proc_do_submiturb()" has been added to the 3.18-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled USB: devio: Prevent integer overflow in proc_do_submiturb() to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: usb-devio-prevent-integer-overflow-in-proc_do_submiturb.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 57999d1107c1e60c2ca7088f2ac0f819e2f554b3 Mon Sep 17 00:00:00 2001 From: Dan Carpenter <dan.carpenter(a)oracle.com> Date: Fri, 22 Sep 2017 23:43:25 +0300 Subject: USB: devio: Prevent integer overflow in proc_do_submiturb() From: Dan Carpenter <dan.carpenter(a)oracle.com> commit 57999d1107c1e60c2ca7088f2ac0f819e2f554b3 upstream. There used to be an integer overflow check in proc_do_submiturb() but we removed it. It turns out that it's still required. The uurb->buffer_length variable is a signed integer and it's controlled by the user. It can lead to an integer overflow when we do: num_sgs = DIV_ROUND_UP(uurb->buffer_length, USB_SG_SIZE); If we strip away the macro then that line looks like this: num_sgs = (uurb->buffer_length + USB_SG_SIZE - 1) / USB_SG_SIZE; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ It's the first addition which can overflow. Fixes: 1129d270cbfb ("USB: Increase usbfs transfer limit") Signed-off-by: Dan Carpenter <dan.carpenter(a)oracle.com> Acked-by: Alan Stern <stern(a)rowland.harvard.edu> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/usb/core/devio.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -118,6 +118,9 @@ module_param(usbfs_memory_mb, uint, 0644 MODULE_PARM_DESC(usbfs_memory_mb, "maximum MB allowed for usbfs buffers (0 = no limit)"); +/* Hard limit, necessary to avoid arithmetic overflow */ +#define USBFS_XFER_MAX (UINT_MAX / 2 - 1000000) + static atomic64_t usbfs_memory_usage; /* Total memory currently allocated */ /* Check whether it's okay to allocate more memory for a transfer */ @@ -1295,6 +1298,8 @@ static int proc_do_submiturb(struct usb_ USBDEVFS_URB_ZERO_PACKET | USBDEVFS_URB_NO_INTERRUPT)) return -EINVAL; + if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX) + return -EINVAL; if (uurb->buffer_length > 0 && !uurb->buffer) return -EINVAL; if (!(uurb->type == USBDEVFS_URB_TYPE_CONTROL && Patches currently in stable-queue which might be from dan.carpenter(a)oracle.com are queue-3.18/usb-devio-prevent-integer-overflow-in-proc_do_submiturb.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf: Update kerneldoc for sync_file_create" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf: Update kerneldoc for sync_file_create to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-update-kerneldoc-for-sync_file_create.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 24a367348a017555f982a9ee137070a7a821fa97 Mon Sep 17 00:00:00 2001 From: Daniel Vetter <daniel.vetter(a)ffwll.ch> Date: Fri, 9 Dec 2016 19:53:06 +0100 Subject: dma-buf: Update kerneldoc for sync_file_create From: Daniel Vetter <daniel.vetter(a)ffwll.ch> commit 24a367348a017555f982a9ee137070a7a821fa97 upstream. This was missed when adding a dma_fence_get call. While at it also remove the kerneldoc for the static inline helper - no point documenting internals down to every detail. Fixes: 30cd85dd6edc ("dma-buf/sync_file: hold reference to fence when creating sync_file") Cc: Gustavo Padovan <gustavo.padovan(a)collabora.co.uk> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: linux-doc(a)vger.kernel.org Cc: Jonathan Corbet <corbet(a)lwn.net> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Signed-off-by: Daniel Vetter <daniel.vetter(a)intel.com> Reviewed-by: Gustavo Padovan <gustavo.padovan(a)collabora.co.uk> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> Link: http://patchwork.freedesktop.org/patch/msgid/20161209185309.1682-3-daniel.v… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sync_file.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) --- a/drivers/dma-buf/sync_file.c +++ b/drivers/dma-buf/sync_file.c @@ -67,9 +67,10 @@ static void fence_check_cb_func(struct f * sync_file_create() - creates a sync file * @fence: fence to add to the sync_fence * - * Creates a sync_file containg @fence. Once this is called, the sync_file - * takes ownership of @fence. The sync_file can be released with - * fput(sync_file->file). Returns the sync_file or NULL in case of error. + * Creates a sync_file containg @fence. This function acquires and additional + * reference of @fence for the newly-created &sync_file, if it succeeds. The + * sync_file can be released with fput(sync_file->file). Returns the + * sync_file or NULL in case of error. */ struct sync_file *sync_file_create(struct fence *fence) { @@ -90,13 +91,6 @@ struct sync_file *sync_file_create(struc } EXPORT_SYMBOL(sync_file_create); -/** - * sync_file_fdget() - get a sync_file from an fd - * @fd: fd referencing a fence - * - * Ensures @fd references a valid sync_file, increments the refcount of the - * backing file. Returns the sync_file or NULL in case of error. - */ static struct sync_file *sync_file_fdget(int fd) { struct file *file = fget(fd); Patches currently in stable-queue which might be from daniel.vetter(a)ffwll.ch are queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-update-kerneldoc-for-sync_file_create.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sync_file: hold reference to fence when creating sync_file" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sync_file: hold reference to fence when creating sync_file to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sync_file-hold-reference-to-fence-when-creating-sync_file.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 30cd85dd6edc86ea8d8589efb813f1fad41ef233 Mon Sep 17 00:00:00 2001 From: Gustavo Padovan <gustavo.padovan(a)collabora.co.uk> Date: Wed, 19 Oct 2016 15:48:32 -0200 Subject: dma-buf/sync_file: hold reference to fence when creating sync_file From: Gustavo Padovan <gustavo.padovan(a)collabora.co.uk> commit 30cd85dd6edc86ea8d8589efb813f1fad41ef233 upstream. fence referencing was out of balance. It was not taking any ref to the fence at creating time, but it was putting a reference when freeing the sync file. This patch fixes the balancing issue by getting a reference for the fence when creating the sync_file. Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.co.uk> Signed-off-by: Sean Paul <seanpaul(a)chromium.org> Link: http://patchwork.freedesktop.org/patch/msgid/1476899313-22241-1-git-send-em… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sync_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dma-buf/sync_file.c +++ b/drivers/dma-buf/sync_file.c @@ -79,7 +79,7 @@ struct sync_file *sync_file_create(struc if (!sync_file) return NULL; - sync_file->fence = fence; + sync_file->fence = fence_get(fence); snprintf(sync_file->name, sizeof(sync_file->name), "%s-%s%llu-%d", fence->ops->get_driver_name(fence), Patches currently in stable-queue which might be from gustavo.padovan(a)collabora.co.uk are queue-4.9/dma-buf-sync_file-hold-reference-to-fence-when-creating-sync_file.patch queue-4.9/dma-buf-update-kerneldoc-for-sync_file_create.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-fence: Wrap querying the fence->status" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-fence: Wrap querying the fence->status to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-fence-wrap-querying-the-fence-status.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d6c99f4bf093a58d3ab47caaec74b81f18bc4e3f Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 4 Jan 2017 14:12:21 +0000 Subject: dma-fence: Wrap querying the fence->status From: Chris Wilson <chris(a)chris-wilson.co.uk> commit d6c99f4bf093a58d3ab47caaec74b81f18bc4e3f upstream. The fence->status is an optional field that is only valid once the fence has been signaled. (Driver may fill the fence->status with an error code prior to calling dma_fence_signal().) Given the restriction upon its validity, wrap querying of the fence->status into a helper dma_fence_get_status(). Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Reviewed-by: Sumit Semwal <sumit.semwal(a)linaro.org> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> Link: http://patchwork.freedesktop.org/patch/msgid/20170104141222.6992-2-chris@ch… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/fence.c | 25 +++++++++++++++++++++++++ drivers/dma-buf/sync_debug.c | 20 ++++++++++---------- drivers/dma-buf/sync_file.c | 6 ++---- include/linux/fence.h | 24 ++++++++++++++++++++++++ 4 files changed, 61 insertions(+), 14 deletions(-) --- a/drivers/dma-buf/fence.c +++ b/drivers/dma-buf/fence.c @@ -281,6 +281,31 @@ int fence_add_callback(struct fence *fen EXPORT_SYMBOL(fence_add_callback); /** + * fence_get_status - returns the status upon completion + * @fence: [in] the fence to query + * + * This wraps fence_get_status_locked() to return the error status + * condition on a signaled fence. See fence_get_status_locked() for more + * details. + * + * Returns 0 if the fence has not yet been signaled, 1 if the fence has + * been signaled without an error condition, or a negative error code + * if the fence has been completed in err. + */ +int fence_get_status(struct fence *fence) +{ + unsigned long flags; + int status; + + spin_lock_irqsave(fence->lock, flags); + status = fence_get_status_locked(fence); + spin_unlock_irqrestore(fence->lock, flags); + + return status; +} +EXPORT_SYMBOL(fence_get_status); + +/** * fence_remove_callback - remove a callback from the signaling list * @fence: [in] the fence to wait on * @cb: [in] the callback to remove --- a/drivers/dma-buf/sync_debug.c +++ b/drivers/dma-buf/sync_debug.c @@ -62,29 +62,29 @@ void sync_file_debug_remove(struct sync_ static const char *sync_status_str(int status) { - if (status == 0) - return "signaled"; + if (status < 0) + return "error"; if (status > 0) - return "active"; + return "signaled"; - return "error"; + return "active"; } -static void sync_print_fence(struct seq_file *s, struct fence *fence, bool show) +static void sync_print_fence(struct seq_file *s, + struct fence *fence, bool show) { - int status = 1; struct sync_timeline *parent = fence_parent(fence); + int status; - if (fence_is_signaled_locked(fence)) - status = fence->status; + status = fence_get_status_locked(fence); seq_printf(s, " %s%sfence %s", show ? parent->name : "", show ? "_" : "", sync_status_str(status)); - if (status <= 0) { + if (status) { struct timespec64 ts64 = ktime_to_timespec64(fence->timestamp); @@ -133,7 +133,7 @@ static void sync_print_sync_file(struct int i; seq_printf(s, "[%p] %s: %s\n", sync_file, sync_file->name, - sync_status_str(!fence_is_signaled(sync_file->fence))); + sync_status_str(fence_get_status(sync_file->fence))); if (fence_is_array(sync_file->fence)) { struct fence_array *array = to_fence_array(sync_file->fence); --- a/drivers/dma-buf/sync_file.c +++ b/drivers/dma-buf/sync_file.c @@ -377,10 +377,8 @@ static void sync_fill_fence_info(struct sizeof(info->obj_name)); strlcpy(info->driver_name, fence->ops->get_driver_name(fence), sizeof(info->driver_name)); - if (fence_is_signaled(fence)) - info->status = fence->status >= 0 ? 1 : fence->status; - else - info->status = 0; + + info->status = fence_get_status(fence); info->timestamp_ns = ktime_to_ns(fence->timestamp); } --- a/include/linux/fence.h +++ b/include/linux/fence.h @@ -334,6 +334,30 @@ static inline struct fence *fence_later( return fence_is_signaled(f2) ? NULL : f2; } +/** + * fence_get_status_locked - returns the status upon completion + * @fence: [in] the fence to query + * + * Drivers can supply an optional error status condition before they signal + * the fence (to indicate whether the fence was completed due to an error + * rather than success). The value of the status condition is only valid + * if the fence has been signaled, fence_get_status_locked() first checks + * the signal state before reporting the error status. + * + * Returns 0 if the fence has not yet been signaled, 1 if the fence has + * been signaled without an error condition, or a negative error code + * if the fence has been completed in err. + */ +static inline int fence_get_status_locked(struct fence *fence) +{ + if (fence_is_signaled_locked(fence)) + return fence->status < 0 ? fence->status : 1; + else + return 0; +} + +int fence_get_status(struct fence *fence); + signed long fence_wait_timeout(struct fence *, bool intr, signed long timeout); signed long fence_wait_any_timeout(struct fence **fences, uint32_t count, bool intr, signed long timeout); Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-fence: Introduce drm_fence_set_error() helper" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-fence: Introduce drm_fence_set_error() helper to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-fence-introduce-drm_fence_set_error-helper.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a009e975da5c7d42a7f5eaadc54946eb5f76c9af Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 4 Jan 2017 14:12:22 +0000 Subject: dma-fence: Introduce drm_fence_set_error() helper From: Chris Wilson <chris(a)chris-wilson.co.uk> commit a009e975da5c7d42a7f5eaadc54946eb5f76c9af upstream. The dma_fence.error field (formerly known as dma_fence.status) is an optional field that may be set by drivers before calling dma_fence_signal(). The field can be used to indicate that the fence was completed in err rather than with success, and is visible to other consumers of the fence and to userspace via sync_file. This patch renames the field from status to error so that its meaning is hopefully more clear (and distinct from dma_fence_get_status() which is a composite between the error state and signal state) and adds a helper that validates the preconditions of when it is suitable to adjust the error field. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Reviewed-by: Sumit Semwal <sumit.semwal(a)linaro.org> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> Link: http://patchwork.freedesktop.org/patch/msgid/20170104141222.6992-3-chris@ch… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/fence.c | 2 +- include/linux/fence.h | 30 +++++++++++++++++++++++++----- 2 files changed, 26 insertions(+), 6 deletions(-) --- a/drivers/dma-buf/fence.c +++ b/drivers/dma-buf/fence.c @@ -551,7 +551,7 @@ fence_init(struct fence *fence, const st fence->context = context; fence->seqno = seqno; fence->flags = 0UL; - fence->status = 0; + fence->error = 0; trace_fence_init(fence); } --- a/include/linux/fence.h +++ b/include/linux/fence.h @@ -47,7 +47,7 @@ struct fence_cb; * can be compared to decide which fence would be signaled later. * @flags: A mask of FENCE_FLAG_* defined below * @timestamp: Timestamp when the fence was signaled. - * @status: Optional, only valid if < 0, must be set before calling + * @error: Optional, only valid if < 0, must be set before calling * fence_signal, indicates that the fence has completed with an error. * * the flags member must be manipulated and read using the appropriate @@ -79,7 +79,7 @@ struct fence { unsigned seqno; unsigned long flags; ktime_t timestamp; - int status; + int error; }; enum fence_flag_bits { @@ -132,7 +132,7 @@ struct fence_cb { * or some failure occurred that made it impossible to enable * signaling. True indicates successful enabling. * - * fence->status may be set in enable_signaling, but only when false is + * fence->error may be set in enable_signaling, but only when false is * returned. * * Calling fence_signal before enable_signaling is called allows @@ -144,7 +144,7 @@ struct fence_cb { * the second time will be a noop since it was already signaled. * * Notes on signaled: - * May set fence->status if returning true. + * May set fence->error if returning true. * * Notes on wait: * Must not be NULL, set to fence_default_wait for default implementation. @@ -351,13 +351,33 @@ static inline struct fence *fence_later( static inline int fence_get_status_locked(struct fence *fence) { if (fence_is_signaled_locked(fence)) - return fence->status < 0 ? fence->status : 1; + return fence->error ?: 1; else return 0; } int fence_get_status(struct fence *fence); +/** + * fence_set_error - flag an error condition on the fence + * @fence: [in] the fence + * @error: [in] the error to store + * + * Drivers can supply an optional error status condition before they signal + * the fence, to indicate that the fence was completed due to an error + * rather than success. This must be set before signaling (so that the value + * is visible before any waiters on the signal callback are woken). This + * helper exists to help catching erroneous setting of #fence.error. + */ +static inline void fence_set_error(struct fence *fence, + int error) +{ + BUG_ON(test_bit(FENCE_FLAG_SIGNALED_BIT, &fence->flags)); + BUG_ON(error >= 0 || error < -MAX_ERRNO); + + fence->error = error; +} + signed long fence_wait_timeout(struct fence *, bool intr, signed long timeout); signed long fence_wait_any_timeout(struct fence **fences, uint32_t count, bool intr, signed long timeout); Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-fence: Clear fence->status during dma_fence_init()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-fence: Clear fence->status during dma_fence_init() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-fence-clear-fence-status-during-dma_fence_init.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 83dd1376fd92f33bdeca9e83d479534a4e7f870b Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Wed, 4 Jan 2017 14:12:20 +0000 Subject: dma-fence: Clear fence->status during dma_fence_init() From: Chris Wilson <chris(a)chris-wilson.co.uk> commit 83dd1376fd92f33bdeca9e83d479534a4e7f870b upstream. As the fence->status is an optional field that may be set before dma_fence_signal() is called to convey that the fence completed with an error, we have to ensure that it is always set to zero on initialisation so that the typical use (i.e. unset) always flags a successful completion. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Reviewed-by: Tvrtko Ursulin <tvrtko.ursulin(a)intel.com> Reviewed-by: Daniel Vetter <daniel.vetter(a)ffwll.ch> Reviewed-by: Sumit Semwal <sumit.semwal(a)linaro.org> Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> Link: http://patchwork.freedesktop.org/patch/msgid/20170104141222.6992-1-chris@ch… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/fence.c | 1 + 1 file changed, 1 insertion(+) --- a/drivers/dma-buf/fence.c +++ b/drivers/dma-buf/fence.c @@ -526,6 +526,7 @@ fence_init(struct fence *fence, const st fence->context = context; fence->seqno = seqno; fence->flags = 0UL; + fence->status = 0; trace_fence_init(fence); } Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw_sync: force signal all unsignaled fences on dying timeline" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw_sync: force signal all unsignaled fences on dying timeline to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From ea4d5a270b57fa8d4871f372ca9b97b7697fdfda Mon Sep 17 00:00:00 2001 From: Dominik Behr <dbehr(a)chromium.org> Date: Thu, 7 Sep 2017 16:02:46 -0300 Subject: dma-buf/sw_sync: force signal all unsignaled fences on dying timeline From: Dominik Behr <dbehr(a)chromium.org> commit ea4d5a270b57fa8d4871f372ca9b97b7697fdfda upstream. To avoid hanging userspace components that might have been waiting on the active fences of the destroyed timeline we need to signal with error all remaining fences on such timeline. This restore the default behaviour of the Android sw_sync framework, which Android still relies on. It was broken on the dma fence conversion a few years ago and never fixed. v2: Do not bother with cleanup do the list (Chris Wilson) Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Dominik Behr <dbehr(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: https://patchwork.freedesktop.org/patch/msgid/20170907190246.16425-2-gustav… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -321,8 +321,16 @@ static int sw_sync_debugfs_open(struct i static int sw_sync_debugfs_release(struct inode *inode, struct file *file) { struct sync_timeline *obj = file->private_data; + struct sync_pt *pt, *next; - smp_wmb(); + spin_lock_irq(&obj->lock); + + list_for_each_entry_safe(pt, next, &obj->pt_list, link) { + fence_set_error(&pt->base, -ENOENT); + fence_signal_locked(&pt->base); + } + + spin_unlock_irq(&obj->lock); sync_timeline_put(obj); return 0; Patches currently in stable-queue which might be from dbehr(a)chromium.org are queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw_sync: move timeline_fence_ops around" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw_sync: move timeline_fence_ops around to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw_sync-move-timeline_fence_ops-around.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 150b6a9d7d6fffb95c0a5349960a10569e8218b5 Mon Sep 17 00:00:00 2001 From: Gustavo Padovan <gustavo.padovan(a)collabora.com> Date: Sat, 29 Jul 2017 12:22:15 -0300 Subject: dma-buf/sw_sync: move timeline_fence_ops around From: Gustavo Padovan <gustavo.padovan(a)collabora.com> commit 150b6a9d7d6fffb95c0a5349960a10569e8218b5 upstream. We are going to use timeline_fence_signaled() in a internal function in the next commit. Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Link: https://patchwork.freedesktop.org/patch/msgid/20170729152217.8362-1-gustavo… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 138 +++++++++++++++++++++++----------------------- 1 file changed, 69 insertions(+), 69 deletions(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -125,6 +125,75 @@ static void sync_timeline_put(struct syn kref_put(&obj->kref, sync_timeline_free); } +static const char *timeline_fence_get_driver_name(struct fence *fence) +{ + return "sw_sync"; +} + +static const char *timeline_fence_get_timeline_name(struct fence *fence) +{ + struct sync_timeline *parent = fence_parent(fence); + + return parent->name; +} + +static void timeline_fence_release(struct fence *fence) +{ + struct sync_pt *pt = fence_to_sync_pt(fence); + struct sync_timeline *parent = fence_parent(fence); + + if (!list_empty(&pt->link)) { + unsigned long flags; + + spin_lock_irqsave(fence->lock, flags); + if (!list_empty(&pt->link)) { + list_del(&pt->link); + rb_erase(&pt->node, &parent->pt_tree); + } + spin_unlock_irqrestore(fence->lock, flags); + } + + sync_timeline_put(parent); + fence_free(fence); +} + +static bool timeline_fence_signaled(struct fence *fence) +{ + struct sync_timeline *parent = fence_parent(fence); + + return !__fence_is_later(fence->seqno, parent->value); +} + +static bool timeline_fence_enable_signaling(struct fence *fence) +{ + return true; +} + +static void timeline_fence_value_str(struct fence *fence, + char *str, int size) +{ + snprintf(str, size, "%d", fence->seqno); +} + +static void timeline_fence_timeline_value_str(struct fence *fence, + char *str, int size) +{ + struct sync_timeline *parent = fence_parent(fence); + + snprintf(str, size, "%d", parent->value); +} + +static const struct fence_ops timeline_fence_ops = { + .get_driver_name = timeline_fence_get_driver_name, + .get_timeline_name = timeline_fence_get_timeline_name, + .enable_signaling = timeline_fence_enable_signaling, + .signaled = timeline_fence_signaled, + .wait = fence_default_wait, + .release = timeline_fence_release, + .fence_value_str = timeline_fence_value_str, + .timeline_value_str = timeline_fence_timeline_value_str, +}; + /** * sync_timeline_signal() - signal a status change on a sync_timeline * @obj: sync_timeline to signal @@ -216,75 +285,6 @@ unlock: return pt; } -static const char *timeline_fence_get_driver_name(struct fence *fence) -{ - return "sw_sync"; -} - -static const char *timeline_fence_get_timeline_name(struct fence *fence) -{ - struct sync_timeline *parent = fence_parent(fence); - - return parent->name; -} - -static void timeline_fence_release(struct fence *fence) -{ - struct sync_pt *pt = fence_to_sync_pt(fence); - struct sync_timeline *parent = fence_parent(fence); - - if (!list_empty(&pt->link)) { - unsigned long flags; - - spin_lock_irqsave(fence->lock, flags); - if (!list_empty(&pt->link)) { - list_del(&pt->link); - rb_erase(&pt->node, &parent->pt_tree); - } - spin_unlock_irqrestore(fence->lock, flags); - } - - sync_timeline_put(parent); - fence_free(fence); -} - -static bool timeline_fence_signaled(struct fence *fence) -{ - struct sync_timeline *parent = fence_parent(fence); - - return !__fence_is_later(fence->seqno, parent->value); -} - -static bool timeline_fence_enable_signaling(struct fence *fence) -{ - return true; -} - -static void timeline_fence_value_str(struct fence *fence, - char *str, int size) -{ - snprintf(str, size, "%d", fence->seqno); -} - -static void timeline_fence_timeline_value_str(struct fence *fence, - char *str, int size) -{ - struct sync_timeline *parent = fence_parent(fence); - - snprintf(str, size, "%d", parent->value); -} - -static const struct fence_ops timeline_fence_ops = { - .get_driver_name = timeline_fence_get_driver_name, - .get_timeline_name = timeline_fence_get_timeline_name, - .enable_signaling = timeline_fence_enable_signaling, - .signaled = timeline_fence_signaled, - .wait = fence_default_wait, - .release = timeline_fence_release, - .fence_value_str = timeline_fence_value_str, - .timeline_value_str = timeline_fence_timeline_value_str, -}; - /* * *WARNING* * Patches currently in stable-queue which might be from gustavo.padovan(a)collabora.com are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw_sync: clean up list before signaling the fence" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw_sync: clean up list before signaling the fence to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3792b7c1a70815fe4e954221c096f9278638fd21 Mon Sep 17 00:00:00 2001 From: Gustavo Padovan <gustavo.padovan(a)collabora.com> Date: Sat, 29 Jul 2017 12:22:16 -0300 Subject: dma-buf/sw_sync: clean up list before signaling the fence From: Gustavo Padovan <gustavo.padovan(a)collabora.com> commit 3792b7c1a70815fe4e954221c096f9278638fd21 upstream. If userspace already dropped its own reference by closing the sw_sync fence fd we might end up in a deadlock where dma_fence_is_signaled_locked() will trigger the release of the fence and thus try to hold the lock to remove the fence from the list. dma_fence_is_signaled_locked() tries to release/free the fence and hold the lock in the process. We fix that by changing the order operation and clean up the list and rb-tree first. v2: Drop fence get/put dance and manipulate the list first (Chris Wilson) Cc: Chris Wilson <chris(a)chris-wilson.co.uk> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Reviewed-by: Chris Wilson <chris(a)chris-wilson.co.uk> Link: https://patchwork.freedesktop.org/patch/msgid/20170729152217.8362-2-gustavo… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -213,11 +213,21 @@ static void sync_timeline_signal(struct obj->value += inc; list_for_each_entry_safe(pt, next, &obj->pt_list, link) { - if (!fence_is_signaled_locked(&pt->base)) + if (!timeline_fence_signaled(&pt->base)) break; list_del_init(&pt->link); rb_erase(&pt->node, &obj->pt_tree); + + /* + * A signal callback may release the last reference to this + * fence, causing it to be freed. That operation has to be + * last to avoid a use after free inside this loop, and must + * be after we remove the fence from the timeline in order to + * prevent deadlocking on timeline->lock inside + * timeline_fence_release(). + */ + fence_signal_locked(&pt->base); } spin_unlock_irq(&obj->lock); Patches currently in stable-queue which might be from gustavo.padovan(a)collabora.com are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: Use an rbtree to sort fences in the timeline" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: Use an rbtree to sort fences in the timeline to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From f1e8c67123cf171e2b0357e885e426328b241d7d Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 22:12:53 +0100 Subject: dma-buf/sw-sync: Use an rbtree to sort fences in the timeline From: Chris Wilson <chris(a)chris-wilson.co.uk> commit f1e8c67123cf171e2b0357e885e426328b241d7d upstream. Reduce the list iteration when incrementing the timeline by storing the fences in increasing order. v2: Prevent spinlock recursion on free during create v3: Fixup rebase conflict inside comments that escaped the compiler. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629211253.22766-1-chris@c… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 49 +++++++++++++++++++++++++++++++++++++------ drivers/dma-buf/sync_debug.h | 5 ++++ 2 files changed, 48 insertions(+), 6 deletions(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -96,6 +96,7 @@ struct sync_timeline *sync_timeline_crea obj->context = fence_context_alloc(1); strlcpy(obj->name, name, sizeof(obj->name)); + obj->pt_tree = RB_ROOT; INIT_LIST_HEAD(&obj->pt_list); spin_lock_init(&obj->lock); @@ -142,9 +143,13 @@ static void sync_timeline_signal(struct obj->value += inc; - list_for_each_entry_safe(pt, next, &obj->pt_list, link) - if (fence_is_signaled_locked(&pt->base)) - list_del_init(&pt->link); + list_for_each_entry_safe(pt, next, &obj->pt_list, link) { + if (!fence_is_signaled_locked(&pt->base)) + break; + + list_del_init(&pt->link); + rb_erase(&pt->node, &obj->pt_tree); + } spin_unlock_irq(&obj->lock); } @@ -174,8 +179,38 @@ static struct sync_pt *sync_pt_create(st INIT_LIST_HEAD(&pt->link); spin_lock_irq(&obj->lock); - if (!fence_is_signaled_locked(&pt->base)) - list_add_tail(&pt->link, &obj->pt_list); + if (!fence_is_signaled_locked(&pt->base)) { + struct rb_node **p = &obj->pt_tree.rb_node; + struct rb_node *parent = NULL; + + while (*p) { + struct sync_pt *other; + int cmp; + + parent = *p; + other = rb_entry(parent, typeof(*pt), node); + cmp = value - other->base.seqno; + if (cmp > 0) { + p = &parent->rb_right; + } else if (cmp < 0) { + p = &parent->rb_left; + } else { + if (fence_get_rcu(&other->base)) { + fence_put(&pt->base); + pt = other; + goto unlock; + } + p = &parent->rb_left; + } + } + rb_link_node(&pt->node, parent, p); + rb_insert_color(&pt->node, &obj->pt_tree); + + parent = rb_next(&pt->node); + list_add_tail(&pt->link, + parent ? &rb_entry(parent, typeof(*pt), node)->link : &obj->pt_list); + } +unlock: spin_unlock_irq(&obj->lock); return pt; @@ -202,8 +237,10 @@ static void timeline_fence_release(struc unsigned long flags; spin_lock_irqsave(fence->lock, flags); - if (!list_empty(&pt->link)) + if (!list_empty(&pt->link)) { list_del(&pt->link); + rb_erase(&pt->node, &parent->pt_tree); + } spin_unlock_irqrestore(fence->lock, flags); } --- a/drivers/dma-buf/sync_debug.h +++ b/drivers/dma-buf/sync_debug.h @@ -14,6 +14,7 @@ #define _LINUX_SYNC_H #include <linux/list.h> +#include <linux/rbtree.h> #include <linux/spinlock.h> #include <linux/fence.h> @@ -25,6 +26,7 @@ * @kref: reference count on fence. * @name: name of the sync_timeline. Useful for debugging * @lock: lock protecting @pt_list and @value + * @pt_tree: rbtree of active (unsignaled/errored) sync_pts * @pt_list: list of active (unsignaled/errored) sync_pts * @sync_timeline_list: membership in global sync_timeline_list */ @@ -36,6 +38,7 @@ struct sync_timeline { u64 context; int value; + struct rb_root pt_tree; struct list_head pt_list; spinlock_t lock; @@ -51,10 +54,12 @@ static inline struct sync_timeline *fenc * struct sync_pt - sync_pt object * @base: base fence object * @link: link on the sync timeline's list + * @node: node in the sync timeline's tree */ struct sync_pt { struct fence base; struct list_head link; + struct rb_node node; }; #ifdef CONFIG_SW_SYNC Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: sync_pt is private and of fixed size" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: sync_pt is private and of fixed size to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 3b52ce44e720c240afc4c4b03140d7b7811b23bd Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 13:59:28 +0100 Subject: dma-buf/sw-sync: sync_pt is private and of fixed size From: Chris Wilson <chris(a)chris-wilson.co.uk> commit 3b52ce44e720c240afc4c4b03140d7b7811b23bd upstream. Since sync_pt is only allocated from a single location and is no longer the base class for fences (that is struct dma_fence) it no longer needs a generic unsized allocator. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629125930.821-5-chris@chr… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -155,7 +155,6 @@ static void sync_timeline_signal(struct /** * sync_pt_create() - creates a sync pt * @parent: fence's parent sync_timeline - * @size: size to allocate for this pt * @inc: value of the fence * * Creates a new sync_pt as a child of @parent. @size bytes will be @@ -163,15 +162,12 @@ static void sync_timeline_signal(struct * the generic sync_timeline struct. Returns the sync_pt object or * NULL in case of error. */ -static struct sync_pt *sync_pt_create(struct sync_timeline *obj, int size, - unsigned int value) +static struct sync_pt *sync_pt_create(struct sync_timeline *obj, + unsigned int value) { struct sync_pt *pt; - if (size < sizeof(*pt)) - return NULL; - - pt = kzalloc(size, GFP_KERNEL); + pt = kzalloc(sizeof(*pt), GFP_KERNEL); if (!pt) return NULL; @@ -312,7 +308,7 @@ static long sw_sync_ioctl_create_fence(s goto err; } - pt = sync_pt_create(obj, sizeof(*pt), data.value); + pt = sync_pt_create(obj, data.value); if (!pt) { err = -ENOMEM; goto err; Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: Reduce irqsave/irqrestore from known context" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: Reduce irqsave/irqrestore from known context to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From a6aa8fca4d792c72947e341d7842d2f700534335 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 13:59:27 +0100 Subject: dma-buf/sw-sync: Reduce irqsave/irqrestore from known context From: Chris Wilson <chris(a)chris-wilson.co.uk> commit a6aa8fca4d792c72947e341d7842d2f700534335 upstream. If we know the context under which we are called, then we can use the simpler form of spin_lock_irq (saving the save/restore). Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629125930.821-4-chris@chr… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 15 +++++++++------ drivers/dma-buf/sync_debug.c | 14 ++++++-------- 2 files changed, 15 insertions(+), 14 deletions(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -135,12 +135,11 @@ static void sync_timeline_put(struct syn */ static void sync_timeline_signal(struct sync_timeline *obj, unsigned int inc) { - unsigned long flags; struct sync_pt *pt, *next; trace_sync_timeline(obj); - spin_lock_irqsave(&obj->child_list_lock, flags); + spin_lock_irq(&obj->child_list_lock); obj->value += inc; @@ -150,7 +149,7 @@ static void sync_timeline_signal(struct list_del_init(&pt->active_list); } - spin_unlock_irqrestore(&obj->child_list_lock, flags); + spin_unlock_irq(&obj->child_list_lock); } /** @@ -167,7 +166,6 @@ static void sync_timeline_signal(struct static struct sync_pt *sync_pt_create(struct sync_timeline *obj, int size, unsigned int value) { - unsigned long flags; struct sync_pt *pt; if (size < sizeof(*pt)) @@ -177,13 +175,16 @@ static struct sync_pt *sync_pt_create(st if (!pt) return NULL; - spin_lock_irqsave(&obj->child_list_lock, flags); + spin_lock_irq(&obj->child_list_lock); + sync_timeline_get(obj); fence_init(&pt->base, &timeline_fence_ops, &obj->child_list_lock, obj->context, value); list_add_tail(&pt->child_list, &obj->child_list_head); INIT_LIST_HEAD(&pt->active_list); - spin_unlock_irqrestore(&obj->child_list_lock, flags); + + spin_unlock_irq(&obj->child_list_lock); + return pt; } @@ -206,9 +207,11 @@ static void timeline_fence_release(struc unsigned long flags; spin_lock_irqsave(fence->lock, flags); + list_del(&pt->child_list); if (!list_empty(&pt->active_list)) list_del(&pt->active_list); + spin_unlock_irqrestore(fence->lock, flags); sync_timeline_put(parent); --- a/drivers/dma-buf/sync_debug.c +++ b/drivers/dma-buf/sync_debug.c @@ -116,17 +116,16 @@ static void sync_print_fence(struct seq_ static void sync_print_obj(struct seq_file *s, struct sync_timeline *obj) { struct list_head *pos; - unsigned long flags; seq_printf(s, "%s: %d\n", obj->name, obj->value); - spin_lock_irqsave(&obj->child_list_lock, flags); + spin_lock_irq(&obj->child_list_lock); list_for_each(pos, &obj->child_list_head) { struct sync_pt *pt = container_of(pos, struct sync_pt, child_list); sync_print_fence(s, &pt->base, false); } - spin_unlock_irqrestore(&obj->child_list_lock, flags); + spin_unlock_irq(&obj->child_list_lock); } static void sync_print_sync_file(struct seq_file *s, @@ -149,12 +148,11 @@ static void sync_print_sync_file(struct static int sync_debugfs_show(struct seq_file *s, void *unused) { - unsigned long flags; struct list_head *pos; seq_puts(s, "objs:\n--------------\n"); - spin_lock_irqsave(&sync_timeline_list_lock, flags); + spin_lock_irq(&sync_timeline_list_lock); list_for_each(pos, &sync_timeline_list_head) { struct sync_timeline *obj = container_of(pos, struct sync_timeline, @@ -163,11 +161,11 @@ static int sync_debugfs_show(struct seq_ sync_print_obj(s, obj); seq_puts(s, "\n"); } - spin_unlock_irqrestore(&sync_timeline_list_lock, flags); + spin_unlock_irq(&sync_timeline_list_lock); seq_puts(s, "fences:\n--------------\n"); - spin_lock_irqsave(&sync_file_list_lock, flags); + spin_lock_irq(&sync_file_list_lock); list_for_each(pos, &sync_file_list_head) { struct sync_file *sync_file = container_of(pos, struct sync_file, sync_file_list); @@ -175,7 +173,7 @@ static int sync_debugfs_show(struct seq_ sync_print_sync_file(s, sync_file); seq_puts(s, "\n"); } - spin_unlock_irqrestore(&sync_file_list_lock, flags); + spin_unlock_irq(&sync_file_list_lock); return 0; } Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: Fix locking around sync_timeline lists" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: Fix locking around sync_timeline lists to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From d3862e44daa7a0c94d2f6193502a8c49379acfce Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 22:05:32 +0100 Subject: dma-buf/sw-sync: Fix locking around sync_timeline lists From: Chris Wilson <chris(a)chris-wilson.co.uk> commit d3862e44daa7a0c94d2f6193502a8c49379acfce upstream. The sync_pt were not adding themselves atomically to the timeline lists, corruption imminent. Only a single list is required to track the unsignaled sync_pt, so reduce it and rename the lock more appropriately along with using idiomatic names to distinguish a list from links along it. v2: Prevent spinlock recursion on free during create (next patch) and fixup crossref in kerneldoc Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629210532.5617-1-chris@ch… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 48 +++++++++++++++++-------------------------- drivers/dma-buf/sync_debug.c | 9 +++----- drivers/dma-buf/sync_debug.h | 22 +++++++------------ 3 files changed, 31 insertions(+), 48 deletions(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -96,9 +96,8 @@ struct sync_timeline *sync_timeline_crea obj->context = fence_context_alloc(1); strlcpy(obj->name, name, sizeof(obj->name)); - INIT_LIST_HEAD(&obj->child_list_head); - INIT_LIST_HEAD(&obj->active_list_head); - spin_lock_init(&obj->child_list_lock); + INIT_LIST_HEAD(&obj->pt_list); + spin_lock_init(&obj->lock); sync_timeline_debug_add(obj); @@ -139,17 +138,15 @@ static void sync_timeline_signal(struct trace_sync_timeline(obj); - spin_lock_irq(&obj->child_list_lock); + spin_lock_irq(&obj->lock); obj->value += inc; - list_for_each_entry_safe(pt, next, &obj->active_list_head, - active_list) { + list_for_each_entry_safe(pt, next, &obj->pt_list, link) if (fence_is_signaled_locked(&pt->base)) - list_del_init(&pt->active_list); - } + list_del_init(&pt->link); - spin_unlock_irq(&obj->child_list_lock); + spin_unlock_irq(&obj->lock); } /** @@ -171,15 +168,15 @@ static struct sync_pt *sync_pt_create(st if (!pt) return NULL; - spin_lock_irq(&obj->child_list_lock); - sync_timeline_get(obj); - fence_init(&pt->base, &timeline_fence_ops, &obj->child_list_lock, + fence_init(&pt->base, &timeline_fence_ops, &obj->lock, obj->context, value); - list_add_tail(&pt->child_list, &obj->child_list_head); - INIT_LIST_HEAD(&pt->active_list); + INIT_LIST_HEAD(&pt->link); - spin_unlock_irq(&obj->child_list_lock); + spin_lock_irq(&obj->lock); + if (!fence_is_signaled_locked(&pt->base)) + list_add_tail(&pt->link, &obj->pt_list); + spin_unlock_irq(&obj->lock); return pt; } @@ -200,15 +197,15 @@ static void timeline_fence_release(struc { struct sync_pt *pt = fence_to_sync_pt(fence); struct sync_timeline *parent = fence_parent(fence); - unsigned long flags; - spin_lock_irqsave(fence->lock, flags); + if (!list_empty(&pt->link)) { + unsigned long flags; - list_del(&pt->child_list); - if (!list_empty(&pt->active_list)) - list_del(&pt->active_list); - - spin_unlock_irqrestore(fence->lock, flags); + spin_lock_irqsave(fence->lock, flags); + if (!list_empty(&pt->link)) + list_del(&pt->link); + spin_unlock_irqrestore(fence->lock, flags); + } sync_timeline_put(parent); fence_free(fence); @@ -223,13 +220,6 @@ static bool timeline_fence_signaled(stru static bool timeline_fence_enable_signaling(struct fence *fence) { - struct sync_pt *pt = fence_to_sync_pt(fence); - struct sync_timeline *parent = fence_parent(fence); - - if (timeline_fence_signaled(fence)) - return false; - - list_add_tail(&pt->active_list, &parent->active_list_head); return true; } --- a/drivers/dma-buf/sync_debug.c +++ b/drivers/dma-buf/sync_debug.c @@ -119,13 +119,12 @@ static void sync_print_obj(struct seq_fi seq_printf(s, "%s: %d\n", obj->name, obj->value); - spin_lock_irq(&obj->child_list_lock); - list_for_each(pos, &obj->child_list_head) { - struct sync_pt *pt = - container_of(pos, struct sync_pt, child_list); + spin_lock_irq(&obj->lock); + list_for_each(pos, &obj->pt_list) { + struct sync_pt *pt = container_of(pos, struct sync_pt, link); sync_print_fence(s, &pt->base, false); } - spin_unlock_irq(&obj->child_list_lock); + spin_unlock_irq(&obj->lock); } static void sync_print_sync_file(struct seq_file *s, --- a/drivers/dma-buf/sync_debug.h +++ b/drivers/dma-buf/sync_debug.h @@ -24,43 +24,37 @@ * struct sync_timeline - sync object * @kref: reference count on fence. * @name: name of the sync_timeline. Useful for debugging - * @child_list_head: list of children sync_pts for this sync_timeline - * @child_list_lock: lock protecting @child_list_head and fence.status - * @active_list_head: list of active (unsignaled/errored) sync_pts + * @lock: lock protecting @pt_list and @value + * @pt_list: list of active (unsignaled/errored) sync_pts * @sync_timeline_list: membership in global sync_timeline_list */ struct sync_timeline { struct kref kref; char name[32]; - /* protected by child_list_lock */ + /* protected by lock */ u64 context; int value; - struct list_head child_list_head; - spinlock_t child_list_lock; - - struct list_head active_list_head; + struct list_head pt_list; + spinlock_t lock; struct list_head sync_timeline_list; }; static inline struct sync_timeline *fence_parent(struct fence *fence) { - return container_of(fence->lock, struct sync_timeline, - child_list_lock); + return container_of(fence->lock, struct sync_timeline, lock); } /** * struct sync_pt - sync_pt object * @base: base fence object - * @child_list: sync timeline child's list - * @active_list: sync timeline active child's list + * @link: link on the sync timeline's list */ struct sync_pt { struct fence base; - struct list_head child_list; - struct list_head active_list; + struct list_head link; }; #ifdef CONFIG_SW_SYNC Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: Prevent user overflow on timeline advance" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: Prevent user overflow on timeline advance to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8f66d3aa1735bc95ae58d846a157357e8d41abb8 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 13:59:26 +0100 Subject: dma-buf/sw-sync: Prevent user overflow on timeline advance From: Chris Wilson <chris(a)chris-wilson.co.uk> commit 8f66d3aa1735bc95ae58d846a157357e8d41abb8 upstream. The timeline is u32, which limits any single advance to INT_MAX so that we can detect all fences that need signaling. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629125930.821-3-chris@chr… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -345,6 +345,11 @@ static long sw_sync_ioctl_inc(struct syn if (copy_from_user(&value, (void __user *)arg, sizeof(value))) return -EFAULT; + while (value > INT_MAX) { + sync_timeline_signal(obj, INT_MAX); + value -= INT_MAX; + } + sync_timeline_signal(obj, value); return 0; Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 61894b02716f122dd7662d5d89f5b2245ca551e2 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 13:59:25 +0100 Subject: dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound From: Chris Wilson <chris(a)chris-wilson.co.uk> commit 61894b02716f122dd7662d5d89f5b2245ca551e2 upstream. Use the canonical __dma_fence_is_later() to compare the fence seqno against the timeline seqno to check if the fence is signaled. Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629125930.821-2-chris@chr… [s/dma_fence/fence/g - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/dma-buf/sw_sync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dma-buf/sw_sync.c +++ b/drivers/dma-buf/sw_sync.c @@ -219,7 +219,7 @@ static bool timeline_fence_signaled(stru { struct sync_timeline *parent = fence_parent(fence); - return (fence->seqno > parent->value) ? false : true; + return !__fence_is_later(fence->seqno, parent->value); } static bool timeline_fence_enable_signaling(struct fence *fence) Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

[Linux-stable-mirror] Patch "dma-buf/dma-fence: Extract __dma_fence_is_later()" has been added to the 4.9-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled dma-buf/dma-fence: Extract __dma_fence_is_later() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: dma-buf-dma-fence-extract-__dma_fence_is_later.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From 8111477663813caa1a4469cfe6afaae36cd04513 Mon Sep 17 00:00:00 2001 From: Chris Wilson <chris(a)chris-wilson.co.uk> Date: Thu, 29 Jun 2017 13:59:24 +0100 Subject: dma-buf/dma-fence: Extract __dma_fence_is_later() From: Chris Wilson <chris(a)chris-wilson.co.uk> commit 8111477663813caa1a4469cfe6afaae36cd04513 upstream. Often we have the task of comparing two seqno known to be on the same context, so provide a common __dma_fence_is_later(). Signed-off-by: Chris Wilson <chris(a)chris-wilson.co.uk> Cc: Sumit Semwal <sumit.semwal(a)linaro.org> Cc: Sean Paul <seanpaul(a)chromium.org> Cc: Gustavo Padovan <gustavo(a)padovan.org> Reviewed-by: Sean Paul <seanpaul(a)chromium.org> Signed-off-by: Gustavo Padovan <gustavo.padovan(a)collabora.com> Link: http://patchwork.freedesktop.org/patch/msgid/20170629125930.821-1-chris@chr… [renamed to __fence_is_later() - gregkh] Cc: Jisheng Zhang <Jisheng.Zhang(a)synaptics.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- include/linux/fence.h | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) --- a/include/linux/fence.h +++ b/include/linux/fence.h @@ -281,6 +281,19 @@ fence_is_signaled(struct fence *fence) } /** + * __fence_is_later - return if f1 is chronologically later than f2 + * @f1: [in] the first fence's seqno + * @f2: [in] the second fence's seqno from the same context + * + * Returns true if f1 is chronologically later than f2. Both fences must be + * from the same context, since a seqno is not common across contexts. + */ +static inline bool __fence_is_later(u32 f1, u32 f2) +{ + return (int)(f1 - f2) > 0; +} + +/** * fence_is_later - return if f1 is chronologically later than f2 * @f1: [in] the first fence from the same context * @f2: [in] the second fence from the same context @@ -293,7 +306,7 @@ static inline bool fence_is_later(struct if (WARN_ON(f1->context != f2->context)) return false; - return (int)(f1->seqno - f2->seqno) > 0; + return __fence_is_later(f1->seqno, f2->seqno); } /** Patches currently in stable-queue which might be from chris(a)chris-wilson.co.uk are queue-4.9/dma-buf-sw-sync-fix-the-is-signaled-test-to-handle-u32-wraparound.patch queue-4.9/dma-fence-clear-fence-status-during-dma_fence_init.patch queue-4.9/dma-buf-sw-sync-fix-locking-around-sync_timeline-lists.patch queue-4.9/dma-fence-wrap-querying-the-fence-status.patch queue-4.9/dma-buf-sw_sync-clean-up-list-before-signaling-the-fence.patch queue-4.9/dma-buf-sw-sync-reduce-irqsave-irqrestore-from-known-context.patch queue-4.9/dma-buf-sw_sync-move-timeline_fence_ops-around.patch queue-4.9/dma-buf-sw-sync-prevent-user-overflow-on-timeline-advance.patch queue-4.9/dma-fence-introduce-drm_fence_set_error-helper.patch queue-4.9/dma-buf-sw_sync-force-signal-all-unsignaled-fences-on-dying-timeline.patch queue-4.9/dma-buf-sw-sync-use-an-rbtree-to-sort-fences-in-the-timeline.patch queue-4.9/dma-buf-sw-sync-sync_pt-is-private-and-of-fixed-size.patch queue-4.9/dma-buf-dma-fence-extract-__dma_fence_is_later.patch

7 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror