- Linux-stable-mirror - lists.linaro.org

[Linux-stable-mirror] [RFC PATCH] mm: fix device-dax pud write-faults triggered by get_user_pages()

by Dan Williams

Currently only get_user_pages_fast() can safely handle the writable gup case due to its use of pud_access_permitted() to check whether the pud entry is writable. In the gup slow path pud_write() is used instead of pud_access_permitted() and to date it has been unimplemented, just calls BUG_ON(). kernel BUG at ./include/linux/hugetlb.h:244! [..] RIP: 0010:follow_devmap_pud+0x482/0x490 [..] Call Trace: follow_page_mask+0x28c/0x6e0 __get_user_pages+0xe4/0x6c0 get_user_pages_unlocked+0x130/0x1b0 get_user_pages_fast+0x89/0xb0 iov_iter_get_pages_alloc+0x114/0x4a0 nfs_direct_read_schedule_iovec+0xd2/0x350 ? nfs_start_io_direct+0x63/0x70 nfs_file_direct_read+0x1e0/0x250 nfs_file_read+0x90/0xc0 Use pud_access_permitted() to implement pud_write(), a later cleanup can remove {pte,pmd,pud}_write and replace them with {pte,pmd,pud}_access_permitted() drectly so that we only have one set of helpers these kinds of checks. For now, implementing pud_write() simplifies -stable backports. Cc: <stable(a)vger.kernel.org> Cc: Dave Hansen <dave.hansen(a)intel.com> Fixes: a00cc7d9dd93 ("mm, x86: add support for PUD-sized transparent hugepages") Signed-off-by: Dan Williams <dan.j.williams(a)intel.com> --- Sending this as RFC for opinion on whether this should just be a pud_flags() & _PAGE_RW check, like pmd_write, or pud_access_permitted() that also takes protection keys into account. include/linux/hugetlb.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/linux/hugetlb.h b/include/linux/hugetlb.h index fbf5b31d47ee..6a142b240ef7 100644 --- a/include/linux/hugetlb.h +++ b/include/linux/hugetlb.h @@ -242,8 +242,7 @@ static inline int pgd_write(pgd_t pgd) #ifndef pud_write static inline int pud_write(pud_t pud) { - BUG(); - return 0; + return pud_access_permitted(pud, WRITE); } #endif

7 years

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] blk-mq: respect queue dead via blk_mq_quiesce_queue

by Ming Lei

On Sun, Nov 05, 2017 at 08:10:08PM +0800, Ming Lei wrote: > blk-mq never respects queue dead, and this may cause use-after-free on > any kind of queue resources. This patch respects the rule by calling > blk_mq_quiesce_queue() when queue is marked as DEAD. > > This patch fixes the following kernel crash: > > [ 42.170824] BUG: unable to handle kernel NULL pointer dereference at (null) > [ 42.172011] IP: blk_mq_flush_busy_ctxs+0x5a/0xe0 > [ 42.172011] PGD 25d8d1067 P4D 25d8d1067 PUD 25d458067 PMD 0 > [ 42.172011] Oops: 0000 [#1] PREEMPT SMP > [ 42.172011] Dumping ftrace buffer: > [ 42.172011] (ftrace buffer empty) > [ 42.172011] Modules linked in: scsi_debug ebtable_filter ebtables ip6table_filter ip6_tables xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c bridge stp llc fuse iptable_filter ip_tables sd_mod sg mptsas mptscsih mptbase crc32c_intel scsi_transport_sas nvme lpc_ich serio_raw ahci virtio_scsi libahci libata nvme_core binfmt_misc dm_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi null_blk configs > [ 42.172011] CPU: 0 PID: 2750 Comm: fio Not tainted 4.14.0-rc7.blk_mq_io_hang+ #507 > [ 42.172011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.9.3-1.fc25 04/01/2014 > [ 42.172011] task: ffff88025dc18000 task.stack: ffffc900028c4000 > [ 42.172011] RIP: 0010:blk_mq_flush_busy_ctxs+0x5a/0xe0 > [ 42.172011] RSP: 0018:ffffc900028c7be0 EFLAGS: 00010246 > [ 42.172011] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff8802775907c8 > [ 42.172011] RDX: 0000000000000000 RSI: ffffc900028c7c50 RDI: ffff88025de25c00 > [ 42.172011] RBP: ffffc900028c7c28 R08: 0000000000000000 R09: ffff8802595692c0 > [ 42.172011] R10: ffffc900028c7e50 R11: 0000000000000008 R12: ffffc900028c7c50 > [ 42.172011] R13: ffff88025de25cd8 R14: ffffc900028c7d78 R15: ffff88025de25c00 > [ 42.172011] FS: 00007faa8653f7c0(0000) GS:ffff88027fc00000(0000) knlGS:0000000000000000 > [ 42.172011] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 42.172011] CR2: 0000000000000000 CR3: 00000002593df006 CR4: 00000000003606f0 > [ 42.172011] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 42.172011] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 42.172011] Call Trace: > [ 42.172011] blk_mq_sched_dispatch_requests+0x1b4/0x1f0 > [ 42.172011] ? preempt_schedule+0x27/0x30 > [ 42.172011] __blk_mq_run_hw_queue+0x8b/0xa0 > [ 42.172011] __blk_mq_delay_run_hw_queue+0xb7/0x100 > [ 42.172011] blk_mq_run_hw_queue+0x14/0x20 > [ 42.172011] blk_mq_sched_insert_requests+0xda/0x120 > [ 42.172011] blk_mq_flush_plug_list+0x179/0x280 > [ 42.172011] blk_flush_plug_list+0x102/0x290 > [ 42.172011] blk_finish_plug+0x2c/0x40 > [ 42.172011] do_io_submit+0x3fa/0x780 > [ 42.172011] SyS_io_submit+0x10/0x20 > [ 42.172011] ? SyS_io_submit+0x10/0x20 > [ 42.172011] entry_SYSCALL_64_fastpath+0x1a/0xa5 > [ 42.172011] RIP: 0033:0x7faa80ff8697 > [ 42.172011] RSP: 002b:00007ffe08236de8 EFLAGS: 00000206 ORIG_RAX: 00000000000000d1 > [ 42.172011] RAX: ffffffffffffffda RBX: 0000000001f1e600 RCX: 00007faa80ff8697 > [ 42.172011] RDX: 000000000208e638 RSI: 0000000000000001 RDI: 00007faa6ecae000 > [ 42.172011] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000001f1e0e0 > [ 42.172011] R10: 0000000000000001 R11: 0000000000000206 R12: 00007faa614f19e0 > [ 42.172011] R13: 00007faa614ff0b0 R14: 00007faa614fef50 R15: 0000000100000000 > [ 42.172011] Code: e0 00 00 00 c7 45 bc 00 00 00 00 85 c0 74 76 4c 8d af d8 00 00 00 49 89 ff 44 8b 45 bc 4c 89 c0 49 c1 e0 06 4d 03 87 e8 00 00 00 <49> 83 38 00 4d 89 c6 74 41 41 8b 8f dc 00 00 00 41 89 c4 31 db > [ 42.172011] RIP: blk_mq_flush_busy_ctxs+0x5a/0xe0 RSP: ffffc900028c7be0 > [ 42.172011] CR2: 0000000000000000 > [ 42.172011] ---[ end trace 2432dfddf9b84061 ]--- > [ 42.172011] Kernel panic - not syncing: Fatal exception > [ 42.172011] Dumping ftrace buffer: > [ 42.172011] (ftrace buffer empty) > [ 42.172011] Kernel Offset: disabled > [ 42.172011] ---[ end Kernel panic - not syncing: Fatal exception > > Cc: stable(a)vger.kernel.org > Signed-off-by: Ming Lei <ming.lei(a)redhat.com> > --- > block/blk-core.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/block/blk-core.c b/block/blk-core.c > index 048be4aa6024..0b121f29e3b1 100644 > --- a/block/blk-core.c > +++ b/block/blk-core.c > @@ -658,6 +658,10 @@ void blk_cleanup_queue(struct request_queue *q) > queue_flag_set(QUEUE_FLAG_DEAD, q); > spin_unlock_irq(lock); > > + /* respect queue DEAD via quiesce for blk-mq */ > + if (q->mq_ops) > + blk_mq_quiesce_queue(q); > + > /* for synchronous bio-based driver finish in-flight integrity i/o */ > blk_flush_integrity(); Hi Jens, Could you consider this patch? This issue can be reproduced easily in heavy IO and device remove test on SCSI. -- Ming

7 years

1
0
0 0

[Linux-stable-mirror] [PATCH v2 04/17] lpfc: Fix crash after bad bar setup on driver attachment

by James Smart

In test cases where an instance of the driver is detached and reattached, the driver will crash on reattachment. There is a compound if statement that will skip over the bar setup if the pci_resource_start call is not successful. The driver erroneously returns success to its bar setup in this scenario even though the bars aren't properly configured. Rework the offending code segment for proper initialization steps. If the pci_resource_start call fails, -ENOMEM is now returned. Sample stack: rport-5:0-10: blocked FC remote port time out: removing rport BUG: unable to handle kernel NULL pointer dereference at (null) ... lpfc_sli4_wait_bmbx_ready+0x32/0x70 [lpfc] ... ... RIP: 0010:... ... lpfc_sli4_wait_bmbx_ready+0x32/0x70 [lpfc] Call Trace: ... lpfc_sli4_post_sync_mbox+0x106/0x4d0 [lpfc] ... ? __alloc_pages_nodemask+0x176/0x420 ... ? __kmalloc+0x2e/0x230 ... lpfc_sli_issue_mbox_s4+0x533/0x720 [lpfc] ... ? mempool_alloc+0x69/0x170 ... ? dma_generic_alloc_coherent+0x8f/0x140 ... lpfc_sli_issue_mbox+0xf/0x20 [lpfc] ... lpfc_sli4_driver_resource_setup+0xa6f/0x1130 [lpfc] ... ? lpfc_pci_probe_one+0x23e/0x16f0 [lpfc] ... lpfc_pci_probe_one+0x445/0x16f0 [lpfc] ... local_pci_probe+0x45/0xa0 ... work_for_cpu_fn+0x14/0x20 ... process_one_work+0x17a/0x440 Cc: <stable(a)vger.kernel.org> # 4.12+ Signed-off-by: Dick Kennedy <dick.kennedy(a)broadcom.com> Signed-off-by: James Smart <james.smart(a)broadcom.com> Reviewed-by: Hannes Reinecke <hare(a)suse.com> --- drivers/scsi/lpfc/lpfc_init.c | 84 ++++++++++++++++++++++++++----------------- 1 file changed, 51 insertions(+), 33 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c index 745aff753396..fc9f91327724 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c @@ -9437,44 +9437,62 @@ lpfc_sli4_pci_mem_setup(struct lpfc_hba *phba) lpfc_sli4_bar0_register_memmap(phba, if_type); } - if ((if_type == LPFC_SLI_INTF_IF_TYPE_0) && - (pci_resource_start(pdev, PCI_64BIT_BAR2))) { - /* - * Map SLI4 if type 0 HBA Control Register base to a kernel - * virtual address and setup the registers. - */ - phba->pci_bar1_map = pci_resource_start(pdev, PCI_64BIT_BAR2); - bar1map_len = pci_resource_len(pdev, PCI_64BIT_BAR2); - phba->sli4_hba.ctrl_regs_memmap_p = - ioremap(phba->pci_bar1_map, bar1map_len); - if (!phba->sli4_hba.ctrl_regs_memmap_p) { - dev_printk(KERN_ERR, &pdev->dev, - "ioremap failed for SLI4 HBA control registers.\n"); + if (if_type == LPFC_SLI_INTF_IF_TYPE_0) { + if (pci_resource_start(pdev, PCI_64BIT_BAR2)) { + /* + * Map SLI4 if type 0 HBA Control Register base to a + * kernel virtual address and setup the registers. + */ + phba->pci_bar1_map = pci_resource_start(pdev, + PCI_64BIT_BAR2); + bar1map_len = pci_resource_len(pdev, PCI_64BIT_BAR2); + phba->sli4_hba.ctrl_regs_memmap_p = + ioremap(phba->pci_bar1_map, + bar1map_len); + if (!phba->sli4_hba.ctrl_regs_memmap_p) { + dev_err(&pdev->dev, + "ioremap failed for SLI4 HBA " + "control registers.\n"); + error = -ENOMEM; + goto out_iounmap_conf; + } + phba->pci_bar2_memmap_p = + phba->sli4_hba.ctrl_regs_memmap_p; + lpfc_sli4_bar1_register_memmap(phba); + } else { + error = -ENOMEM; goto out_iounmap_conf; } - phba->pci_bar2_memmap_p = phba->sli4_hba.ctrl_regs_memmap_p; - lpfc_sli4_bar1_register_memmap(phba); } - if ((if_type == LPFC_SLI_INTF_IF_TYPE_0) && - (pci_resource_start(pdev, PCI_64BIT_BAR4))) { - /* - * Map SLI4 if type 0 HBA Doorbell Register base to a kernel - * virtual address and setup the registers. - */ - phba->pci_bar2_map = pci_resource_start(pdev, PCI_64BIT_BAR4); - bar2map_len = pci_resource_len(pdev, PCI_64BIT_BAR4); - phba->sli4_hba.drbl_regs_memmap_p = - ioremap(phba->pci_bar2_map, bar2map_len); - if (!phba->sli4_hba.drbl_regs_memmap_p) { - dev_printk(KERN_ERR, &pdev->dev, - "ioremap failed for SLI4 HBA doorbell registers.\n"); - goto out_iounmap_ctrl; - } - phba->pci_bar4_memmap_p = phba->sli4_hba.drbl_regs_memmap_p; - error = lpfc_sli4_bar2_register_memmap(phba, LPFC_VF0); - if (error) + if (if_type == LPFC_SLI_INTF_IF_TYPE_0) { + if (pci_resource_start(pdev, PCI_64BIT_BAR4)) { + /* + * Map SLI4 if type 0 HBA Doorbell Register base to + * a kernel virtual address and setup the registers. + */ + phba->pci_bar2_map = pci_resource_start(pdev, + PCI_64BIT_BAR4); + bar2map_len = pci_resource_len(pdev, PCI_64BIT_BAR4); + phba->sli4_hba.drbl_regs_memmap_p = + ioremap(phba->pci_bar2_map, + bar2map_len); + if (!phba->sli4_hba.drbl_regs_memmap_p) { + dev_err(&pdev->dev, + "ioremap failed for SLI4 HBA" + " doorbell registers.\n"); + error = -ENOMEM; + goto out_iounmap_ctrl; + } + phba->pci_bar4_memmap_p = + phba->sli4_hba.drbl_regs_memmap_p; + error = lpfc_sli4_bar2_register_memmap(phba, LPFC_VF0); + if (error) + goto out_iounmap_all; + } else { + error = -ENOMEM; goto out_iounmap_all; + } } return 0; -- 2.13.1

7 years

1
0
0 0

Re: [Linux-stable-mirror] [PATCH v3] scsi: require CAP_SYS_ADMIN to write to procfs interface

by ebiederm＠xmission.com

Aleksa Sarai <asarai(a)suse.de> writes: > On 11/05/2017 01:56 PM, Aleksa Sarai wrote: >> Previously, the only capability effectively required to operate on the >> /proc/scsi interface was CAP_DAC_OVERRIDE (or for some other files, >> having an fsuid of GLOBAL_ROOT_UID was enough). This means that >> semi-privileged processes could interfere with core components of a >> system (such as causing a DoS by removing the underlying SCSI device of >> the host's / mount). > > An alternative to this patch would be to make the open(2) call fail, if you try > to open it write-only or read-write. Not sure which would be preferred (should > it be possible to pass /proc/scsi/scsi to a semi-privileged process to write > to?). Making open fail is very much the preferred solution. Testing for permission on write can be avoided by finding a suid root application whose error output acts like a suid cat. The best current practice for adding this kind of permission check is to add the check in open. For some older use cases where we made this mistake we had to maintian a check during write to avoid breaking userspace. But as this check is new there is no reason to add a check anywhere except in open. Eric

7 years

1
0
0 0

Re: [Linux-stable-mirror] [PATCH 3.16 000/294] 3.16.50-rc1 review

by Guenter Roeck

On Thu, Nov 09, 2017 at 04:59:58PM +0000, Ben Hutchings wrote: > On Thu, 2017-11-09 at 08:03 -0800, Guenter Roeck wrote: > > On Thu, Nov 09, 2017 at 12:40:36PM +0000, Ben Hutchings wrote: > > > On Thu, 2017-11-09 at 13:21 +0100, Arnd Bergmann wrote: > > > > On Thu, Nov 9, 2017 at 1:08 PM, Greg KH <greg(a)kroah.com> wrote: > > > > > On Thu, Nov 09, 2017 at 12:55:30PM +0100, Arnd Bergmann wrote: > > > > > > [...] > > > > > > I think if you upload the branch to the stable-rc git, that should produce > > > > > > the automated build and boot results via email or via the > > > > > > https://kernelci.org/job/ interface. Once there are some results > > > > > > there, I'll go through the list once more to see what warnings > > > > > > and failures remain. > > > > > > > > > > I don't know of a way to have others push to that tree/branch at the > > > > > moment :( > > > > > > > > > > I'll go update that branch now... > > > > > > > > Thanks! > > > > > > > > With the arm-soc tree, we simply have a shared group-id on > > > > gitolite.kernel.org and everyone in that group can push to it. > > > > > > > > If that is the only thing you need, it should be trivial to let Ben > > > > and Sasha push to /pub/scm/linux/kernel/git/stable/*.git as well, > > > > I'm sure helpdesk(a)kernel.org can arrange that. Of course if you are > > > > worried about having multiple accounts with write access to all the > > > > branches, then that wouldn't be enough. > > > > > > I think I'd rather send a pull request to Greg at the start of the > > > review period. > > > > > > > If you change the trees I am supposed to pull from for my builders, > > please let me know. > > If you're happy to keep supporting quilt-in-git then there's no change. > I check your builders page and try to fix up build failures before even > making a release candidate. > Ah yes, kernelci won't pick that up. No problem to keep kerneltests going as long as it adds value. Guenter

7 years

1
0
0 0

Re: [Linux-stable-mirror] [PATCH] net: mvneta: fix handling of the Tx descriptor counter

by Andreas Tobler

Hi Simon, On 08.11.17 18:17, Simon Guinot wrote: > Hi Sven and Andreas, > > Please, can you try with this patch ? Today we, my son and I, repeated the failing scenario and we were able to show that our scenario behaves stable after you patch being applied. Thanks for taking care of this issue. If you need further testing let me know. Regards, Andreas > On Wed, Nov 08, 2017 at 05:58:35PM +0100, Simon Guinot wrote: >> The mvneta controller provides a 8-bit register to update the pending >> Tx descriptor counter. Then, a maximum of 255 Tx descriptors can be >> added at once. In the current code the mvneta_txq_pend_desc_add function >> assumes the caller takes care of this limit. But it is not the case. In >> some situations (xmit_more flag), more than 255 descriptors are added. >> When this happens, the Tx descriptor counter register is updated with a >> wrong value, which breaks the whole Tx queue management. >> >> This patch fixes the issue by allowing the mvneta_txq_pend_desc_add >> function to process more than 255 Tx descriptors. >> >> Fixes: 2a90f7e1d5d0 ("net: mvneta: add xmit_more support") >> Cc: stable(a)vger.kernel.org # 4.11+ >> Signed-off-by: Simon Guinot <simon.guinot(a)sequanux.org> >> --- >> drivers/net/ethernet/marvell/mvneta.c | 16 +++++++++------- >> 1 file changed, 9 insertions(+), 7 deletions(-) >> >> diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c >> index 64a04975bcf8..027c08ce4e5d 100644 >> --- a/drivers/net/ethernet/marvell/mvneta.c >> +++ b/drivers/net/ethernet/marvell/mvneta.c >> @@ -816,11 +816,14 @@ static void mvneta_txq_pend_desc_add(struct mvneta_port *pp, >> { >> u32 val; >> >> - /* Only 255 descriptors can be added at once ; Assume caller >> - * process TX desriptors in quanta less than 256 >> - */ >> - val = pend_desc + txq->pending; >> - mvreg_write(pp, MVNETA_TXQ_UPDATE_REG(txq->id), val); >> + pend_desc += txq->pending; >> + >> + /* Only 255 Tx descriptors can be added at once */ >> + while (pend_desc > 0) { >> + val = min(pend_desc, 255); >> + mvreg_write(pp, MVNETA_TXQ_UPDATE_REG(txq->id), val); >> + pend_desc -= val; >> + } >> txq->pending = 0; >> } >> >> @@ -2413,8 +2416,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) >> if (txq->count >= txq->tx_stop_threshold) >> netif_tx_stop_queue(nq); >> >> - if (!skb->xmit_more || netif_xmit_stopped(nq) || >> - txq->pending + frags > MVNETA_TXQ_DEC_SENT_MASK) >> + if (!skb->xmit_more || netif_xmit_stopped(nq)) >> mvneta_txq_pend_desc_add(pp, txq, frags); >> else >> txq->pending += frags; >> -- >> 2.9.3

7 years

1
0
0 0

Re: [Linux-stable-mirror] [4.4, 06/28] rcu: Allow for page faults in NMI handlers

by Ben Hutchings

On Mon, 2017-10-16 at 18:11 +0200, gregkh(a)linuxfoundation.org wrote: > 4.4-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> > > commit 28585a832602747cbfa88ad8934013177a3aae38 upstream. > > A number of architecture invoke rcu_irq_enter() on exception entry in > order to allow RCU read-side critical sections in the exception handler > when the exception is from an idle or nohz_full CPU. This works, at > least unless the exception happens in an NMI handler. In that case, > rcu_nmi_enter() would already have exited the extended quiescent state, > which would mean that rcu_irq_enter() would (incorrectly) cause RCU > to think that it is again in an extended quiescent state. This will > in turn result in lockdep splats in response to later RCU read-side > critical sections. > > This commit therefore causes rcu_irq_enter() and rcu_irq_exit() to > take no action if there is an rcu_nmi_enter() in effect, thus avoiding > the unscheduled return to RCU quiescent state. This in turn should > make the kernel safe for on-demand RCU voyeurism. > > Link: http://lkml.kernel.org/r/20170922211022.GA18084@linux.vnet.ibm.com > > Cc: stable(a)vger.kernel.org > Fixes: 0be964be0 ("module: Sanitize RCU usage and locking") > > Reported-by: Steven Rostedt <rostedt(a)goodmis.org> > > Signed-off-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> > > Signed-off-by: Steven Rostedt (VMware) <rostedt(a)goodmis.org> > > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > kernel/rcu/tree.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > --- a/kernel/rcu/tree.c > +++ b/kernel/rcu/tree.c > @@ -759,6 +759,12 @@ void rcu_irq_exit(void) > > local_irq_save(flags); > rdtp = this_cpu_ptr(&rcu_dynticks); > + > + /* Page faults can happen in NMI handlers, so check... */ > + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) > + return; Shouldn't there be a local_irq_restore() on this return path? Or does this condition imply that IRQs were already disabled? > + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_exit() invoked with irqs enabled!!!"); I don't see why you added RCU_LOCKDEP_WARN() here. Prior to 4.5 it's not an error to call this function with IRQs disabled. And after calling local_irq_save(), it's redundant to assert that IRQs are disabled. > oldval = rdtp->dynticks_nesting; > rdtp->dynticks_nesting--; > WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && > @@ -887,6 +893,12 @@ void rcu_irq_enter(void) > > local_irq_save(flags); > rdtp = this_cpu_ptr(&rcu_dynticks); > + > + /* Page faults can happen in NMI handlers, so check... */ > + if (READ_ONCE(rdtp->dynticks_nmi_nesting)) > + return; > + > + RCU_LOCKDEP_WARN(!irqs_disabled(), "rcu_irq_enter() invoked with irqs enabled!!!"); Same problems here. Ben. > oldval = rdtp->dynticks_nesting; > rdtp->dynticks_nesting++; > WARN_ON_ONCE(IS_ENABLED(CONFIG_RCU_EQS_DEBUG) && -- Ben Hutchings Software Developer, Codethink Ltd.

7 years

3
2
0 0

[Linux-stable-mirror] [PATCH v2] ASoC: sun8i-codec: Set the BCLK divider

by Maxime Ripard

While the current code was reporting to be able to work in master mode, it failed to do so because the BCLK divider wasn't programmed, meaning that the BCLK would run at the PLL's frequency no matter the sample rate. It was obviously a bit too fast. Add support to retrieve the divider to use, and set it. Since our PLL is not always able to generate a perfect multiple of the sample rate, we'll have to choose the closest divider that matches our setup. Fixes: 36c684936fae ("ASoC: Add sun8i digital audio codec") Cc: <stable(a)vger.kernel.org> Reviewed-by: Chen-Yu Tsai <wens(a)csie.org> Signed-off-by: Maxime Ripard <maxime.ripard(a)free-electrons.com> --- Changes from v1: - Hardcoded the bit width to remain consistent with the rest of the driver --- sound/soc/sunxi/sun8i-codec.c | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/sound/soc/sunxi/sun8i-codec.c b/sound/soc/sunxi/sun8i-codec.c index c2ceca485d6a..7a312168f864 100644 --- a/sound/soc/sunxi/sun8i-codec.c +++ b/sound/soc/sunxi/sun8i-codec.c @@ -73,6 +73,7 @@ #define SUN8I_SYS_SR_CTRL_AIF2_FS_MASK GENMASK(11, 8) #define SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK GENMASK(5, 4) #define SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK GENMASK(8, 6) +#define SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK GENMASK(12, 9) struct sun8i_codec { struct device *dev; @@ -226,12 +227,57 @@ static int sun8i_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) return 0; } +struct sun8i_codec_clk_div { + u8 div; + u8 val; +}; + +static const struct sun8i_codec_clk_div sun8i_codec_bclk_div[] = { + { .div = 1, .val = 0 }, + { .div = 2, .val = 1 }, + { .div = 4, .val = 2 }, + { .div = 6, .val = 3 }, + { .div = 8, .val = 4 }, + { .div = 12, .val = 5 }, + { .div = 16, .val = 6 }, + { .div = 24, .val = 7 }, + { .div = 32, .val = 8 }, + { .div = 48, .val = 9 }, + { .div = 64, .val = 10 }, + { .div = 96, .val = 11 }, + { .div = 128, .val = 12 }, + { .div = 192, .val = 13 }, +}; + +static u8 sun8i_codec_get_bclk_div(struct sun8i_codec *scodec, + unsigned int rate, + unsigned int word_size) +{ + unsigned long clk_rate = clk_get_rate(scodec->clk_module); + unsigned int div = clk_rate / rate / word_size / 2; + unsigned int best_val = 0, best_diff = ~0; + int i; + + for (i = 0; i < ARRAY_SIZE(sun8i_codec_bclk_div); i++) { + const struct sun8i_codec_clk_div *bdiv = &sun8i_codec_bclk_div[i]; + unsigned int diff = abs(bdiv->div - div); + + if (diff < best_diff) { + best_diff = diff; + best_val = bdiv->val; + } + } + + return best_val; +} + static int sun8i_codec_hw_params(struct snd_pcm_substream *substream, struct snd_pcm_hw_params *params, struct snd_soc_dai *dai) { struct sun8i_codec *scodec = snd_soc_codec_get_drvdata(dai->codec); int sample_rate; + u8 bclk_div; /* * The CPU DAI handles only a sample of 16 bits. Configure the @@ -241,6 +287,11 @@ static int sun8i_codec_hw_params(struct snd_pcm_substream *substream, SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_MASK, SUN8I_AIF1CLK_CTRL_AIF1_WORD_SIZ_16); + bclk_div = sun8i_codec_get_bclk_div(scodec, params_rate(params), 16); + regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, + SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV_MASK, + bclk_div << SUN8I_AIF1CLK_CTRL_AIF1_BCLK_DIV); + regmap_update_bits(scodec->regmap, SUN8I_AIF1CLK_CTRL, SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_MASK, SUN8I_AIF1CLK_CTRL_AIF1_LRCK_DIV_16); -- 2.14.3

7 years

2
1
0 0

[Linux-stable-mirror] [GIT PULL] commits for Linux 4.4

by Levin, Alexander (Sasha Levin)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi Greg, Pleae pull commits for Linux 4.4 . I've sent a review request for all commits over a week ago and all comments were addressed. Thanks, Sasha ===== The following changes since commit c54d0707aa09a824413ebb4195c98bfb9b9e1fc0: Linux 4.4.97 (2017-11-08 10:06:31 +0100) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/sashal/linux-stable.git for-greg-4.4-2 for you to fetch changes up to 2f948758f8adbf4e5f78506568f32ae6269a822d: net: dsa: select NET_SWITCHDEV (2017-11-08 15:35:51 -0500) - ---------------------------------------------------------------- Akinobu Mita (2): Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability Alison Schofield (1): iio: trigger: free trigger resource correctly David Lechner (2): dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO Feras Daoud (1): IB/ipoib: Change list_del to list_del_init in the tx object Gilad Ben-Yossef (1): IPsec: do not ignore crypto err in ah4 input Harninder Rai (1): dt-bindings: clockgen: Add compatible string for LS1012A Jason Gunthorpe (1): PCI: mvebu: Handle changes to the bridge windows while enabled Juergen Gross (1): xen/netback: set default upper limit of tx/rx queues to 8 Julian Wiedmann (1): s390/qeth: issue STARTLAN as first IPA command Lars-Peter Clausen (1): [media] adv7604: Initialize drive strength to default when using DT Laurent Pinchart (1): serial: sh-sci: Fix register offsets for the IRDA serial port Li Zhong (2): KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter crypto: vmx - disable preemption to enable vsx in aes_ctr.c Liping Zhang (1): netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family Maciej W. Rozycki (1): video: fbdev: pmag-ba-fb: Remove bad `__init' annotation Nate Watterson (1): iommu/arm-smmu-v3: Clear prior settings when updating STEs Noralf TrÃ¸nnes (1): drm: drm_minor_register(): Clean up debugfs on failure Patrick Bruenn (1): ARM: dts: imx53-qsb-common: fix FEC pinmux config Tony Lindgren (1): ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 Valentin Longchamp (1): powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 Vivien Didelot (1): net: dsa: select NET_SWITCHDEV Volodymyr Bendiuga (1): phy: increase size of MII_BUS_ID_SIZE and bus_id William wu (1): usb: hcd: initialize hcd->flags to 0 when rm hcd Documentation/devicetree/bindings/arm/davinci.txt | 4 + .../devicetree/bindings/clock/qoriq-clock.txt | 1 + .../devicetree/bindings/vendor-prefixes.txt | 1 + arch/arm/boot/dts/imx53-qsb-common.dtsi | 20 ++-- arch/arm/configs/omap2plus_defconfig | 1 + arch/powerpc/boot/dts/fsl/kmcoge4.dts | 4 + arch/powerpc/kvm/book3s_hv_rm_xics.c | 5 +- arch/sh/kernel/cpu/sh3/setup-sh770x.c | 1 - drivers/crypto/vmx/aes_ctr.c | 6 ++ drivers/gpu/drm/drm_drv.c | 2 +- drivers/iio/trigger/iio-trig-interrupt.c | 8 +- drivers/iio/trigger/iio-trig-sysfs.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_cm.c | 2 +- drivers/input/keyboard/mpr121_touchkey.c | 24 +++-- drivers/iommu/arm-smmu-v3.c | 10 +- drivers/media/i2c/adv7604.c | 3 + drivers/net/xen-netback/netback.c | 6 +- drivers/pci/host/pci-mvebu.c | 101 ++++++++++++--------- drivers/s390/net/qeth_core.h | 1 - drivers/s390/net/qeth_core_main.c | 21 ++++- drivers/s390/net/qeth_l2_main.c | 15 --- drivers/s390/net/qeth_l3_main.c | 15 --- drivers/staging/iio/trigger/iio-trig-bfin-timer.c | 4 +- drivers/tty/serial/sh-sci.c | 17 ++-- drivers/usb/core/hcd.c | 1 + drivers/video/fbdev/pmag-ba-fb.c | 2 +- include/linux/phy.h | 8 +- net/dsa/Kconfig | 5 +- net/ipv4/ah4.c | 3 + net/netfilter/nft_meta.c | 28 +++++- 30 files changed, 184 insertions(+), 137 deletions(-) -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJaA2zzAAoJEN6mb/eXdyzcFM0P/iZBjbrfPNDJYW73WHmz1fq0 s4WaAN0yOtt/rnLwBmzy6SohzIcwX8r/P5aJFh4Yyvw0U1X67KtQTZuzL/NM/gs8 iUpCJ5yFmK5+UUlA2aE8qwpBIobuzUvcS3Iy5ZT5j24hLOSPUQ0B7SvLycmZri78 RmvJzEn/f2fozaPDJkvf1YMJOMpf178gOk/XuIiIbaaLLKyfSjPdxm/OgTcmUrfy qYbJxfsI+VznY8bQF2UtBfcqtsS9aXoHQP//OmHXd3q6vvcQFDU/TpCLNP7XxIhM YIR1TGGGzX0uKYN7B93JpSuIBY+AZ4hECo3CTQ1FCszltcWyfaCQy8NrhWZbhwEr gO+v0s4pDCkuVP6sxHUUuQQ/O53cbmSCIZFwFSpB32zsskY6c1Y2ATvFV52Lpb2a M/ALRNJzNj5x/I/esxjgNX4DZ7F7Wql0iVTyAMjRy5SFrLE+/zAI7c/Ma1MVnQeZ PPXj2bdzdJE2UmGE5SwtewHSzVU0u/2UJ+a9FRpR+m36GiVUlmXckaCwCM0s1ein MAA/qWSvOgnWz6Eo8PGdG83nHSRmtiglflsv4/DO4uFKMB8ltcWzsFa8dknkEOag L4pwQZXxhDE62EnYW3gMJowjd6BNEj/ZrBXv9InObCEHsguhPJg5UK+sSL3gosMq +0jIGPSqGfnR7cWycde2 =PAvO -----END PGP SIGNATURE-----

7 years

2
1
0 0

[Linux-stable-mirror] Patch "xen/netback: set default upper limit of tx/rx queues to 8" has been added to the 4.4-stable tree

by gregkh＠linuxfoundation.org

This is a note to let you know that I've just added the patch titled xen/netback: set default upper limit of tx/rx queues to 8 to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… The filename of the patch is: xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable(a)vger.kernel.org> know about it. >From foo@baz Thu Nov 9 18:22:51 CET 2017 From: Juergen Gross <jgross(a)suse.com> Date: Tue, 10 Jan 2017 14:32:52 +0100 Subject: xen/netback: set default upper limit of tx/rx queues to 8 From: Juergen Gross <jgross(a)suse.com> [ Upstream commit 56dd5af9bc23d0d5d23bb207c477715b4c2216c5 ] The default for the maximum number of tx/rx queues of one interface is the number of cpus of the system today. As each queue pair reserves 512 grant pages this default consumes a ridiculous number of grants for large guests. Limit the queue number to 8 as default. This value can be modified via a module parameter if required. Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Signed-off-by: Sasha Levin <alexander.levin(a)verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> --- drivers/net/xen-netback/netback.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/drivers/net/xen-netback/netback.c +++ b/drivers/net/xen-netback/netback.c @@ -67,6 +67,7 @@ module_param(rx_drain_timeout_msecs, uin unsigned int rx_stall_timeout_msecs = 60000; module_param(rx_stall_timeout_msecs, uint, 0444); +#define MAX_QUEUES_DEFAULT 8 unsigned int xenvif_max_queues; module_param_named(max_queues, xenvif_max_queues, uint, 0644); MODULE_PARM_DESC(max_queues, @@ -2157,11 +2158,12 @@ static int __init netback_init(void) if (!xen_domain()) return -ENODEV; - /* Allow as many queues as there are CPUs if user has not + /* Allow as many queues as there are CPUs but max. 8 if user has not * specified a value. */ if (xenvif_max_queues == 0) - xenvif_max_queues = num_online_cpus(); + xenvif_max_queues = min_t(unsigned int, MAX_QUEUES_DEFAULT, + num_online_cpus()); if (fatal_skb_slots < XEN_NETBK_LEGACY_SLOTS_MAX) { pr_info("fatal_skb_slots too small (%d), bump it to XEN_NETBK_LEGACY_SLOTS_MAX (%d)\n", Patches currently in stable-queue which might be from jgross(a)suse.com are queue-4.4/xen-netback-set-default-upper-limit-of-tx-rx-queues-to-8.patch

7 years

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror