- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] randstruct: gcc-plugin: Fix attribute addition" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f39f18f3c3531aa802b58a20d39d96e82eb96c14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060528-osmosis-arose-1289@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f39f18f3c3531aa802b58a20d39d96e82eb96c14 Mon Sep 17 00:00:00 2001 From: Kees Cook <kees(a)kernel.org> Date: Fri, 30 May 2025 15:18:28 -0700 Subject: [PATCH] randstruct: gcc-plugin: Fix attribute addition Based on changes in the 2021 public version of the randstruct out-of-tree GCC plugin[1], more carefully update the attributes on resulting decls, to avoid tripping checks in GCC 15's comptypes_check_enum_int() when it has been configured with "--enable-checking=misc": arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 132 | const struct kexec_file_ops kexec_image_ops = { | ^~~~~~~~~~~~~~ internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 ... Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954… [1] Reported-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Closes: https://github.com/KSPP/linux/issues/367 Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linar… Reported-by: Ingo Saitz <ingo(a)hannover.ccc.de> Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") Tested-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 3222c1070444..ef12c8f929ed 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -123,6 +123,38 @@ static inline tree build_const_char_string(int len, const char *str) return cstr; } +static inline void __add_type_attr(tree type, const char *attr, tree args) +{ + tree oldattr; + + if (type == NULL_TREE) + return; + oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); + if (oldattr != NULL_TREE) { + gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); + return; + } + + TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); +} + +static inline void add_type_attr(tree type, const char *attr, tree args) +{ + tree main_variant = TYPE_MAIN_VARIANT(type); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); + __add_type_attr(main_variant, attr, args); + + for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { + if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) + TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + } +} + #define PASS_INFO(NAME, REF, ID, POS) \ struct register_pass_info NAME##_pass_info = { \ .pass = make_##NAME##_pass(), \ diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 971a1908a8cc..ff65a4f87f24 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -73,6 +73,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f if (TYPE_P(*node)) { type = *node; + } else if (TREE_CODE(*node) == FIELD_DECL) { + *no_add_attrs = false; + return NULL_TREE; } else { gcc_assert(TREE_CODE(*node) == TYPE_DECL); type = TREE_TYPE(*node); @@ -348,15 +351,14 @@ static int relayout_struct(tree type) TREE_CHAIN(newtree[i]) = newtree[i+1]; TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; + add_type_attr(type, "randomize_performed", NULL_TREE); + add_type_attr(type, "designated_init", NULL_TREE); + if (has_flexarray) + add_type_attr(type, "has_flexarray", NULL_TREE); + main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { + for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - if (has_flexarray) - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } /* * force a re-layout of the main variant @@ -424,10 +426,8 @@ static void randomize_type(tree type) if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) relayout_struct(type); - for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { - TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } + add_type_attr(type, "randomize_considered", NULL_TREE); + #ifdef __DEBUG_PLUGIN fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); #ifdef __DEBUG_VERBOSE

3 days, 2 hours

2
2
0 0

FAILED: patch "[PATCH] arm64: dts: marvell: uDPU: define pinctrl state for alarm" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x b04f0d89e880bc2cca6a5c73cf287082c91878da # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052402-pantomime-relative-1605@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b04f0d89e880bc2cca6a5c73cf287082c91878da Mon Sep 17 00:00:00 2001 From: Gabor Juhos <j4g8y7(a)gmail.com> Date: Fri, 9 May 2025 15:48:52 +0200 Subject: [PATCH] arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs The two alarm LEDs of on the uDPU board are stopped working since commit 78efa53e715e ("leds: Init leds class earlier"). The LEDs are driven by the GPIO{15,16} pins of the North Bridge GPIO controller. These pins are part of the 'spi_quad' pin group for which the 'spi' function is selected via the default pinctrl state of the 'spi' node. This is wrong however, since in order to allow controlling the LEDs, the pins should use the 'gpio' function. Before the commit mentined above, the 'spi' function is selected first by the pinctrl core before probing the spi driver, but then it gets overridden to 'gpio' implicitly via the devm_gpiod_get_index_optional() call from the 'leds-gpio' driver. After the commit, the LED subsystem gets initialized before the SPI subsystem, so the function of the pin group remains 'spi' which in turn prevents controlling of the LEDs. Despite the change of the initialization order, the root cause is that the pinctrl state definition is wrong since its initial commit 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board"), To fix the problem, override the function in the 'spi_quad_pins' node to 'gpio' and move the pinctrl state definition from the 'spi' node into the 'leds' node. Cc: stable(a)vger.kernel.org # needs adjustment for < 6.1 Fixes: 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> Signed-off-by: Imre Kaloz <kaloz(a)openwrt.org> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> diff --git a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi index 3a9b6907185d..242820845707 100644 --- a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi @@ -26,6 +26,8 @@ memory@0 { leds { compatible = "gpio-leds"; + pinctrl-names = "default"; + pinctrl-0 = <&spi_quad_pins>; led-power1 { label = "udpu:green:power"; @@ -82,8 +84,6 @@ &sdhci0 { &spi0 { status = "okay"; - pinctrl-names = "default"; - pinctrl-0 = <&spi_quad_pins>; flash@0 { compatible = "jedec,spi-nor"; @@ -108,6 +108,10 @@ partition@180000 { }; }; +&spi_quad_pins { + function = "gpio"; +}; + &pinctrl_nb { i2c2_recovery_pins: i2c2-recovery-pins { groups = "i2c2";

3 days, 2 hours

2
1
0 0

[PATCH for-rc] IB/rdmavt: Fix lock dependency in rvt_send/recv_cq

by Dennis Dalessandro

From: Nick Child <nchild(a)cornelisnetworks.com> This fixes commit 4d809f69695d4e ("IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition") and commit 22cbc6c2681a0a ("IB/rdmavt: add missing locks in rvt_ruc_loopback"). The 2 commits introduced ABBA hard lockup windows. The r_lock always must be grabbed before the s_lock. Simply swapping the order of grabbed locks before calling rvt_send_complete is not acceptable since 99% of the time rvt_send_complete will not need the r_lock, the completion queue is likely not full and therefore a call to rvt_error_qp will never happen. Grabbing both r_lock and s_lock before adding something to a completion queue is overkill. On the otherhand, reverting the above commits will allow for a possible lockdep issue. rvt_send/recv_cq CAN invoke rvt_error_qp. In those cases, they MUST have both r and s locks. It turns out that several callers of rvt_error_qp totally ignored this dependency. Therefore, undo the afformentioned commits AND implement a wrapper function around rvt_error_qp that forces the calling functions to specify what locks they hold. This forces all possible paths to be aware of their ownership of the r and s lock. The wrapper can then obtain the correct locks if it needs to. This is a necessary ugliness to continue to manage layered spinlocks in a function that is called from several possible codepaths. Note there are cases when callers only held the s lock. In order to prevent further ABBA spinlocks we must not attempt to grab the r lock while someone else holds it. If someone holds it we must drop the s lock and grab r then s. Fixes: 4d809f69695d4e ("IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition") Fixes: 22cbc6c2681a0a ("IB/rdmavt: add missing locks in rvt_ruc_loopback"). Cc: stable(a)vger.kernel.org Signed-off-by: Nick Child <nchild(a)cornelisnetworks.com> Signed-off-by: Dennis Dalessandro <dennis.dalessandro(a)cornelisnetworks.com> --- drivers/infiniband/hw/hfi1/qp.c | 3 + drivers/infiniband/hw/hfi1/rc.c | 47 ++++++++------ drivers/infiniband/hw/hfi1/tid_rdma.c | 16 +++-- drivers/infiniband/hw/hfi1/uc.c | 9 ++- drivers/infiniband/hw/hfi1/ud.c | 11 ++- drivers/infiniband/hw/hfi1/verbs.c | 9 ++- drivers/infiniband/hw/hfi1/verbs.h | 5 +- drivers/infiniband/sw/rdmavt/qp.c | 110 +++++++++++++++++++++++---------- include/rdma/rdmavt_qp.h | 35 ++++++++--- 9 files changed, 165 insertions(+), 80 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/qp.c b/drivers/infiniband/hw/hfi1/qp.c index f3d8c0c193ac..d4e4fa1ce7a7 100644 --- a/drivers/infiniband/hw/hfi1/qp.c +++ b/drivers/infiniband/hw/hfi1/qp.c @@ -895,7 +895,8 @@ static void hfi1_qp_iter_cb(struct rvt_qp *qp, u64 v) spin_lock_irq(&qp->r_lock); spin_lock(&qp->s_hlock); spin_lock(&qp->s_lock); - lastwqe = rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + lastwqe = rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_RS); spin_unlock(&qp->s_lock); spin_unlock(&qp->s_hlock); spin_unlock_irq(&qp->r_lock); diff --git a/drivers/infiniband/hw/hfi1/rc.c b/drivers/infiniband/hw/hfi1/rc.c index b36242c9d42c..b3edd0030c7e 100644 --- a/drivers/infiniband/hw/hfi1/rc.c +++ b/drivers/infiniband/hw/hfi1/rc.c @@ -357,11 +357,7 @@ static int make_rc_ack(struct hfi1_ibdev *dev, struct rvt_qp *qp, return 1; error_qp: spin_unlock_irqrestore(&qp->s_lock, ps->flags); - spin_lock_irqsave(&qp->r_lock, ps->flags); - spin_lock(&qp->s_lock); - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); - spin_unlock(&qp->s_lock); - spin_unlock_irqrestore(&qp->r_lock, ps->flags); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, RVT_QP_LOCK_STATE_NONE); spin_lock_irqsave(&qp->s_lock, ps->flags); bail: qp->s_ack_state = OP(ACKNOWLEDGE); @@ -448,7 +444,8 @@ int hfi1_make_rc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) clear_ahg(qp); wqe = rvt_get_swqe_ptr(qp, qp->s_last); hfi1_trdma_send_complete(qp, wqe, qp->s_last != qp->s_acked ? - IB_WC_SUCCESS : IB_WC_WR_FLUSH_ERR); + IB_WC_SUCCESS : IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_S); /* will get called again */ goto done_free_tx; } @@ -523,7 +520,8 @@ int hfi1_make_rc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) } rvt_send_complete(qp, wqe, err ? IB_WC_LOC_PROT_ERR - : IB_WC_SUCCESS); + : IB_WC_SUCCESS, + RVT_QP_LOCK_STATE_S); if (local_ops) atomic_dec(&qp->local_ops_pending); goto done_free_tx; @@ -1063,7 +1061,8 @@ int hfi1_make_rc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) hfi1_kern_exp_rcv_clear_all(req); hfi1_kern_clear_hw_flow(priv->rcd, qp); - hfi1_trdma_send_complete(qp, wqe, IB_WC_LOC_QP_OP_ERR); + hfi1_trdma_send_complete(qp, wqe, IB_WC_LOC_QP_OP_ERR, + RVT_QP_LOCK_STATE_S); goto bail; } req->state = TID_REQUEST_RESEND; @@ -1601,8 +1600,10 @@ void hfi1_restart_rc(struct rvt_qp *qp, u32 psn, int wait) } hfi1_trdma_send_complete(qp, wqe, - IB_WC_RETRY_EXC_ERR); - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + IB_WC_RETRY_EXC_ERR, + RVT_QP_LOCK_STATE_RS); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_RS); } return; } else { /* need to handle delayed completion */ @@ -1795,7 +1796,7 @@ void hfi1_rc_send_complete(struct rvt_qp *qp, struct hfi1_opa_header *opah) rvt_qp_complete_swqe(qp, wqe, ib_hfi1_wc_opcode[wqe->wr.opcode], - IB_WC_SUCCESS); + IB_WC_SUCCESS, RVT_QP_LOCK_STATE_S); } /* * If we were waiting for sends to complete before re-sending, @@ -1827,6 +1828,7 @@ struct rvt_swqe *do_rc_completion(struct rvt_qp *qp, { struct hfi1_qp_priv *priv = qp->priv; + lockdep_assert_held(&qp->r_lock); lockdep_assert_held(&qp->s_lock); /* * Don't decrement refcount and don't generate a @@ -1838,10 +1840,10 @@ struct rvt_swqe *do_rc_completion(struct rvt_qp *qp, cmp_psn(qp->s_sending_psn, qp->s_sending_hpsn) > 0) { trdma_clean_swqe(qp, wqe); trace_hfi1_qp_send_completion(qp, wqe, qp->s_last); - rvt_qp_complete_swqe(qp, - wqe, + rvt_qp_complete_swqe(qp, wqe, ib_hfi1_wc_opcode[wqe->wr.opcode], - IB_WC_SUCCESS); + IB_WC_SUCCESS, + RVT_QP_LOCK_STATE_RS); } else { struct hfi1_pportdata *ppd = ppd_from_ibp(ibp); @@ -1958,7 +1960,7 @@ static void update_qp_retry_state(struct rvt_qp *qp, u32 psn, u32 spsn, * * This is called from rc_rcv_resp() to process an incoming RC ACK * for the given QP. - * May be called at interrupt level, with the QP s_lock held. + * May be called at interrupt level. Both r and s lock should be held. * Returns 1 if OK, 0 if current operation should be aborted (NAK). */ int do_rc_ack(struct rvt_qp *qp, u32 aeth, u32 psn, int opcode, @@ -1973,6 +1975,7 @@ int do_rc_ack(struct rvt_qp *qp, u32 aeth, u32 psn, int opcode, int diff; struct rvt_dev_info *rdi; + lockdep_assert_held(&qp->r_lock); lockdep_assert_held(&qp->s_lock); /* * Note that NAKs implicitly ACK outstanding SEND and RDMA write @@ -2232,8 +2235,10 @@ int do_rc_ack(struct rvt_qp *qp, u32 aeth, u32 psn, int opcode, if (wqe->wr.opcode == IB_WR_TID_RDMA_READ) hfi1_kern_read_tid_flow_free(qp); - hfi1_trdma_send_complete(qp, wqe, status); - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + hfi1_trdma_send_complete(qp, wqe, status, + RVT_QP_LOCK_STATE_RS); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_RS); } break; @@ -2265,6 +2270,7 @@ static void rdma_seq_err(struct rvt_qp *qp, struct hfi1_ibport *ibp, u32 psn, { struct rvt_swqe *wqe; + lockdep_assert_held(&qp->r_lock); lockdep_assert_held(&qp->s_lock); /* Remove QP from retry timer */ rvt_stop_rc_timers(qp); @@ -2472,8 +2478,8 @@ static void rc_rcv_resp(struct hfi1_packet *packet) status = IB_WC_LOC_LEN_ERR; ack_err: if (qp->s_last == qp->s_acked) { - rvt_send_complete(qp, wqe, status); - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + rvt_send_complete(qp, wqe, status, RVT_QP_LOCK_STATE_RS); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, RVT_QP_LOCK_STATE_RS); } ack_done: spin_unlock_irqrestore(&qp->s_lock, flags); @@ -2963,7 +2969,8 @@ void hfi1_rc_rcv(struct hfi1_packet *packet) wc.dlid_path_bits = 0; wc.port_num = 0; /* Signal completion event if the solicited bit is set. */ - rvt_recv_cq(qp, &wc, ib_bth_is_solicited(ohdr)); + rvt_recv_cq(qp, &wc, ib_bth_is_solicited(ohdr), + RVT_QP_LOCK_STATE_R); break; case OP(RDMA_WRITE_ONLY): diff --git a/drivers/infiniband/hw/hfi1/tid_rdma.c b/drivers/infiniband/hw/hfi1/tid_rdma.c index eafd2f157e32..e7b58e7ad233 100644 --- a/drivers/infiniband/hw/hfi1/tid_rdma.c +++ b/drivers/infiniband/hw/hfi1/tid_rdma.c @@ -2569,7 +2569,7 @@ void hfi1_rc_rcv_tid_rdma_read_resp(struct hfi1_packet *packet) * all remaining requests. */ if (qp->s_last == qp->s_acked) - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, RVT_QP_LOCK_STATE_RS); ack_done: spin_unlock_irqrestore(&qp->s_lock, flags); @@ -4195,13 +4195,14 @@ void hfi1_rc_rcv_tid_rdma_write_resp(struct hfi1_packet *packet) ack_op_err: status = IB_WC_LOC_QP_OP_ERR; ack_err: - rvt_error_qp(qp, status); + rvt_error_qp(qp, status, RVT_QP_LOCK_STATE_RS); ack_done: if (fecn) qp->s_flags |= RVT_S_ECN; spin_unlock_irqrestore(&qp->s_lock, flags); } +/* called with s_lock held */ bool hfi1_build_tid_rdma_packet(struct rvt_swqe *wqe, struct ib_other_headers *ohdr, u32 *bth1, u32 *bth2, u32 *len) @@ -4218,8 +4219,9 @@ bool hfi1_build_tid_rdma_packet(struct rvt_swqe *wqe, bool last_pkt; if (!tidlen) { - hfi1_trdma_send_complete(qp, wqe, IB_WC_REM_INV_RD_REQ_ERR); - rvt_error_qp(qp, IB_WC_REM_INV_RD_REQ_ERR); + hfi1_trdma_send_complete(qp, wqe, IB_WC_REM_INV_RD_REQ_ERR, + RVT_QP_LOCK_STATE_S); + rvt_error_qp(qp, IB_WC_REM_INV_RD_REQ_ERR, RVT_QP_LOCK_STATE_S); } *len = min_t(u32, qp->pmtu, tidlen - flow->tid_offset); @@ -4816,8 +4818,10 @@ static void hfi1_tid_retry_timeout(struct timer_list *t) (u64)priv->tid_retry_timeout_jiffies); wqe = rvt_get_swqe_ptr(qp, qp->s_acked); - hfi1_trdma_send_complete(qp, wqe, IB_WC_RETRY_EXC_ERR); - rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + hfi1_trdma_send_complete(qp, wqe, IB_WC_RETRY_EXC_ERR, + RVT_QP_LOCK_STATE_RS); + rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_RS); } else { wqe = rvt_get_swqe_ptr(qp, qp->s_acked); req = wqe_to_tid_req(wqe); diff --git a/drivers/infiniband/hw/hfi1/uc.c b/drivers/infiniband/hw/hfi1/uc.c index 33d2c2a218e2..e758aa55421b 100644 --- a/drivers/infiniband/hw/hfi1/uc.c +++ b/drivers/infiniband/hw/hfi1/uc.c @@ -47,7 +47,8 @@ int hfi1_make_uc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) } clear_ahg(qp); wqe = rvt_get_swqe_ptr(qp, qp->s_last); - rvt_send_complete(qp, wqe, IB_WC_WR_FLUSH_ERR); + rvt_send_complete(qp, wqe, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_S); goto done_free_tx; } @@ -100,7 +101,8 @@ int hfi1_make_uc_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) local_ops = 1; } rvt_send_complete(qp, wqe, err ? IB_WC_LOC_PROT_ERR - : IB_WC_SUCCESS); + : IB_WC_SUCCESS, + RVT_QP_LOCK_STATE_S); if (local_ops) atomic_dec(&qp->local_ops_pending); goto done_free_tx; @@ -430,7 +432,8 @@ void hfi1_uc_rcv(struct hfi1_packet *packet) wc.dlid_path_bits = 0; wc.port_num = 0; /* Signal completion event if the solicited bit is set. */ - rvt_recv_cq(qp, &wc, ib_bth_is_solicited(ohdr)); + rvt_recv_cq(qp, &wc, ib_bth_is_solicited(ohdr), + RVT_QP_LOCK_STATE_R); break; case OP(RDMA_WRITE_FIRST): diff --git a/drivers/infiniband/hw/hfi1/ud.c b/drivers/infiniband/hw/hfi1/ud.c index 89d1bae8f824..1e54c9a2087b 100644 --- a/drivers/infiniband/hw/hfi1/ud.c +++ b/drivers/infiniband/hw/hfi1/ud.c @@ -213,7 +213,8 @@ static void ud_loopback(struct rvt_qp *sqp, struct rvt_swqe *swqe) wc.dlid_path_bits = rdma_ah_get_dlid(ah_attr) & ((1 << ppd->lmc) - 1); wc.port_num = qp->port_num; /* Signal completion event if the solicited bit is set. */ - rvt_recv_cq(qp, &wc, swqe->wr.send_flags & IB_SEND_SOLICITED); + rvt_recv_cq(qp, &wc, swqe->wr.send_flags & IB_SEND_SOLICITED, + RVT_QP_LOCK_STATE_R); ibp->rvp.n_loop_pkts++; bail_unlock: spin_unlock_irqrestore(&qp->r_lock, flags); @@ -458,7 +459,8 @@ int hfi1_make_ud_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) goto bail; } wqe = rvt_get_swqe_ptr(qp, qp->s_last); - rvt_send_complete(qp, wqe, IB_WC_WR_FLUSH_ERR); + rvt_send_complete(qp, wqe, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_S); goto done_free_tx; } @@ -500,7 +502,8 @@ int hfi1_make_ud_req(struct rvt_qp *qp, struct hfi1_pkt_state *ps) ud_loopback(qp, wqe); spin_lock_irqsave(&qp->s_lock, tflags); ps->flags = tflags; - rvt_send_complete(qp, wqe, IB_WC_SUCCESS); + rvt_send_complete(qp, wqe, IB_WC_SUCCESS, + RVT_QP_LOCK_STATE_S); goto done_free_tx; } } @@ -1015,7 +1018,7 @@ void hfi1_ud_rcv(struct hfi1_packet *packet) dlid & ((1 << ppd_from_ibp(ibp)->lmc) - 1); wc.port_num = qp->port_num; /* Signal completion event if the solicited bit is set. */ - rvt_recv_cq(qp, &wc, solicited); + rvt_recv_cq(qp, &wc, solicited, RVT_QP_LOCK_STATE_R); return; drop: diff --git a/drivers/infiniband/hw/hfi1/verbs.c b/drivers/infiniband/hw/hfi1/verbs.c index 3cbbfccdd8cd..c7743e17cb33 100644 --- a/drivers/infiniband/hw/hfi1/verbs.c +++ b/drivers/infiniband/hw/hfi1/verbs.c @@ -592,7 +592,8 @@ static void verbs_sdma_complete( spin_lock(&qp->s_lock); if (tx->wqe) { - rvt_send_complete(qp, tx->wqe, IB_WC_SUCCESS); + rvt_send_complete(qp, tx->wqe, IB_WC_SUCCESS, + RVT_QP_LOCK_STATE_S); } else if (qp->ibqp.qp_type == IB_QPT_RC) { struct hfi1_opa_header *hdr; @@ -1060,7 +1061,8 @@ int hfi1_verbs_send_pio(struct rvt_qp *qp, struct hfi1_pkt_state *ps, pio_bail: spin_lock_irqsave(&qp->s_lock, flags); if (qp->s_wqe) { - rvt_send_complete(qp, qp->s_wqe, wc_status); + rvt_send_complete(qp, qp->s_wqe, wc_status, + RVT_QP_LOCK_STATE_S); } else if (qp->ibqp.qp_type == IB_QPT_RC) { if (unlikely(wc_status == IB_WC_GENERAL_ERR)) hfi1_rc_verbs_aborted(qp, &ps->s_txreq->phdr.hdr); @@ -1268,7 +1270,8 @@ int hfi1_verbs_send(struct rvt_qp *qp, struct hfi1_pkt_state *ps) hfi1_cdbg(PIO, "%s() Failed. Completing with err", __func__); spin_lock_irqsave(&qp->s_lock, flags); - rvt_send_complete(qp, qp->s_wqe, IB_WC_GENERAL_ERR); + rvt_send_complete(qp, qp->s_wqe, IB_WC_GENERAL_ERR, + RVT_QP_LOCK_STATE_S); spin_unlock_irqrestore(&qp->s_lock, flags); } return -EINVAL; diff --git a/drivers/infiniband/hw/hfi1/verbs.h b/drivers/infiniband/hw/hfi1/verbs.h index 070e4f0babe8..a6d3023adcc8 100644 --- a/drivers/infiniband/hw/hfi1/verbs.h +++ b/drivers/infiniband/hw/hfi1/verbs.h @@ -446,10 +446,11 @@ void hfi1_wait_kmem(struct rvt_qp *qp); static inline void hfi1_trdma_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe, - enum ib_wc_status status) + enum ib_wc_status status, + enum rvt_qp_lock_state lock_state) { trdma_clean_swqe(qp, wqe); - rvt_send_complete(qp, wqe, status); + rvt_send_complete(qp, wqe, status, lock_state); } extern const enum ib_wc_opcode ib_hfi1_wc_opcode[]; diff --git a/drivers/infiniband/sw/rdmavt/qp.c b/drivers/infiniband/sw/rdmavt/qp.c index e825e2ef7966..d6d314de2930 100644 --- a/drivers/infiniband/sw/rdmavt/qp.c +++ b/drivers/infiniband/sw/rdmavt/qp.c @@ -703,7 +703,8 @@ void rvt_qp_mr_clean(struct rvt_qp *qp, u32 lkey) if (rvt_ss_has_lkey(&qp->r_sge, lkey) || rvt_qp_sends_has_lkey(qp, lkey) || rvt_qp_acks_has_lkey(qp, lkey)) - lastwqe = rvt_error_qp(qp, IB_WC_LOC_PROT_ERR); + lastwqe = rvt_error_qp(qp, IB_WC_LOC_PROT_ERR, + RVT_QP_LOCK_STATE_RS); check_lwqe: spin_unlock(&qp->s_lock); spin_unlock(&qp->s_hlock); @@ -1271,18 +1272,7 @@ int rvt_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *init_attr, return ret; } -/** - * rvt_error_qp - put a QP into the error state - * @qp: the QP to put into the error state - * @err: the receive completion error to signal if a RWQE is active - * - * Flushes both send and receive work queues. - * - * Return: true if last WQE event should be generated. - * The QP r_lock and s_lock should be held and interrupts disabled. - * If we are already in error state, just return. - */ -int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err) +static int __rvt_error_qp_locked(struct rvt_qp *qp, enum ib_wc_status err) { struct ib_wc wc; int ret = 0; @@ -1362,6 +1352,64 @@ int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err) bail: return ret; } + +/** + * rvt_error_qp - put a QP into the error state + * @qp: the QP to put into the error state + * @err: the receive completion error to signal if a RWQE is active + * @lock_state: caller ownership representation of r and s lock + * + * Flushes both send and receive work queues. + * + * Return: true if last WQE event should be generated. + * The QP r_lock and s_lock should be held and interrupts disabled. + * If we are already in error state, just return. + */ +int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err, + enum rvt_qp_lock_state lock_state) +{ + int ret; + + switch (lock_state) { + case RVT_QP_LOCK_STATE_NONE: + unsigned long flags; + + /* only case where caller may not have handled irqs */ + spin_lock_irqsave(&qp->r_lock, flags); + spin_lock(&qp->s_lock); + ret = __rvt_error_qp_locked(qp, err); + spin_unlock(&qp->s_lock); + spin_unlock_irqrestore(&qp->r_lock, flags); + break; + + case RVT_QP_LOCK_STATE_S: + /* r_lock -> s_lock ordering can be broken here iff + * no one else is using the r_lock at the moment + */ + if (!spin_trylock(&qp->r_lock)) { + /* otherwise we must respect ordering */ + spin_unlock(&qp->s_lock); + spin_lock(&qp->r_lock); + spin_lock(&qp->s_lock); + } + ret = __rvt_error_qp_locked(qp, err); + spin_unlock(&qp->r_lock); + break; + + case RVT_QP_LOCK_STATE_R: + spin_lock(&qp->s_lock); + ret = __rvt_error_qp_locked(qp, err); + spin_unlock(&qp->s_lock); + break; + + case RVT_QP_LOCK_STATE_RS: + fallthrough; + default: + ret = __rvt_error_qp_locked(qp, err); + } + + return ret; +} EXPORT_SYMBOL(rvt_error_qp); /* @@ -1549,7 +1597,8 @@ int rvt_modify_qp(struct ib_qp *ibqp, struct ib_qp_attr *attr, break; case IB_QPS_ERR: - lastwqe = rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR); + lastwqe = rvt_error_qp(qp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_RS); break; default: @@ -2460,15 +2509,13 @@ void rvt_comm_est(struct rvt_qp *qp) } EXPORT_SYMBOL(rvt_comm_est); +/* assumes r_lock is held */ void rvt_rc_error(struct rvt_qp *qp, enum ib_wc_status err) { - unsigned long flags; int lastwqe; - spin_lock_irqsave(&qp->s_lock, flags); - lastwqe = rvt_error_qp(qp, err); - spin_unlock_irqrestore(&qp->s_lock, flags); - + lockdep_assert_held(&qp->r_lock); + lastwqe = rvt_error_qp(qp, err, RVT_QP_LOCK_STATE_R); if (lastwqe) { struct ib_event ev; @@ -2772,10 +2819,11 @@ void rvt_qp_iter(struct rvt_dev_info *rdi, EXPORT_SYMBOL(rvt_qp_iter); /* - * This should be called with s_lock and r_lock held. + * This should be called with s_lock held. */ void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe, - enum ib_wc_status status) + enum ib_wc_status status, + enum rvt_qp_lock_state lock_state) { u32 old_last, last; struct rvt_dev_info *rdi; @@ -2787,7 +2835,7 @@ void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe, old_last = qp->s_last; trace_rvt_qp_send_completion(qp, wqe, old_last); last = rvt_qp_complete_swqe(qp, wqe, rdi->wc_opcode[wqe->wr.opcode], - status); + status, lock_state); if (qp->s_acked == old_last) qp->s_acked = last; if (qp->s_cur == old_last) @@ -3123,7 +3171,8 @@ void rvt_ruc_loopback(struct rvt_qp *sqp) wc.sl = rdma_ah_get_sl(&qp->remote_ah_attr); wc.port_num = 1; /* Signal completion event if the solicited bit is set. */ - rvt_recv_cq(qp, &wc, wqe->wr.send_flags & IB_SEND_SOLICITED); + rvt_recv_cq(qp, &wc, wqe->wr.send_flags & IB_SEND_SOLICITED, + RVT_QP_LOCK_STATE_R); send_comp: spin_unlock_irqrestore(&qp->r_lock, flags); @@ -3131,9 +3180,7 @@ void rvt_ruc_loopback(struct rvt_qp *sqp) rvp->n_loop_pkts++; flush_send: sqp->s_rnr_retry = sqp->s_rnr_retry_cnt; - spin_lock(&sqp->r_lock); - rvt_send_complete(sqp, wqe, send_status); - spin_unlock(&sqp->r_lock); + rvt_send_complete(sqp, wqe, send_status, RVT_QP_LOCK_STATE_S); if (local_ops) { atomic_dec(&sqp->local_ops_pending); local_ops = 0; @@ -3187,18 +3234,15 @@ void rvt_ruc_loopback(struct rvt_qp *sqp) spin_unlock_irqrestore(&qp->r_lock, flags); serr_no_r_lock: spin_lock_irqsave(&sqp->s_lock, flags); - spin_lock(&sqp->r_lock); - rvt_send_complete(sqp, wqe, send_status); - spin_unlock(&sqp->r_lock); + rvt_send_complete(sqp, wqe, send_status, RVT_QP_LOCK_STATE_S); if (sqp->ibqp.qp_type == IB_QPT_RC) { int lastwqe; - spin_lock(&sqp->r_lock); - lastwqe = rvt_error_qp(sqp, IB_WC_WR_FLUSH_ERR); - spin_unlock(&sqp->r_lock); - + lastwqe = rvt_error_qp(sqp, IB_WC_WR_FLUSH_ERR, + RVT_QP_LOCK_STATE_S); sqp->s_flags &= ~RVT_S_BUSY; spin_unlock_irqrestore(&sqp->s_lock, flags); + if (lastwqe) { struct ib_event ev; diff --git a/include/rdma/rdmavt_qp.h b/include/rdma/rdmavt_qp.h index d67892944193..35339bbe39cc 100644 --- a/include/rdma/rdmavt_qp.h +++ b/include/rdma/rdmavt_qp.h @@ -137,6 +137,16 @@ #define RVT_SEND_OR_FLUSH_OR_RECV_OK \ (RVT_PROCESS_SEND_OK | RVT_FLUSH_SEND | RVT_PROCESS_RECV_OK) +/* + * Internal relay of held Queue Pair lock state + */ +enum rvt_qp_lock_state { + RVT_QP_LOCK_STATE_NONE = 0, + RVT_QP_LOCK_STATE_S, + RVT_QP_LOCK_STATE_R, + RVT_QP_LOCK_STATE_RS +}; + /* * Internal send flags */ @@ -767,7 +777,8 @@ rvt_qp_swqe_incr(struct rvt_qp *qp, u32 val) return val; } -int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err); +int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err, + enum rvt_qp_lock_state lock_state); /** * rvt_recv_cq - add a new entry to completion queue @@ -775,18 +786,20 @@ int rvt_error_qp(struct rvt_qp *qp, enum ib_wc_status err); * @qp: receive queue * @wc: work completion entry to add * @solicited: true if @entry is solicited + * @lock_state: caller ownership representation of r and s lock * * This is wrapper function for rvt_enter_cq function call by * receive queue. If rvt_cq_enter return false, it means cq is * full and the qp is put into error state. */ static inline void rvt_recv_cq(struct rvt_qp *qp, struct ib_wc *wc, - bool solicited) + bool solicited, + enum rvt_qp_lock_state lock_state) { struct rvt_cq *cq = ibcq_to_rvtcq(qp->ibqp.recv_cq); if (unlikely(!rvt_cq_enter(cq, wc, solicited))) - rvt_error_qp(qp, IB_WC_LOC_QP_OP_ERR); + rvt_error_qp(qp, IB_WC_LOC_QP_OP_ERR, lock_state); } /** @@ -795,18 +808,20 @@ static inline void rvt_recv_cq(struct rvt_qp *qp, struct ib_wc *wc, * @qp: send queue * @wc: work completion entry to add * @solicited: true if @entry is solicited + * @lock_state: caller ownership representation of r and s lock * * This is wrapper function for rvt_enter_cq function call by * send queue. If rvt_cq_enter return false, it means cq is * full and the qp is put into error state. */ static inline void rvt_send_cq(struct rvt_qp *qp, struct ib_wc *wc, - bool solicited) + bool solicited, + enum rvt_qp_lock_state lock_state) { struct rvt_cq *cq = ibcq_to_rvtcq(qp->ibqp.send_cq); if (unlikely(!rvt_cq_enter(cq, wc, solicited))) - rvt_error_qp(qp, IB_WC_LOC_QP_OP_ERR); + rvt_error_qp(qp, IB_WC_LOC_QP_OP_ERR, lock_state); } /** @@ -829,13 +844,15 @@ static inline u32 rvt_qp_complete_swqe(struct rvt_qp *qp, struct rvt_swqe *wqe, enum ib_wc_opcode opcode, - enum ib_wc_status status) + enum ib_wc_status status, + enum rvt_qp_lock_state lock_state) { bool need_completion; u64 wr_id; u32 byte_len, last; int flags = wqe->wr.send_flags; + lockdep_assert_held(&qp->s_lock); rvt_qp_wqe_unreserve(qp, flags); rvt_put_qp_swqe(qp, wqe); @@ -860,7 +877,8 @@ rvt_qp_complete_swqe(struct rvt_qp *qp, .qp = &qp->ibqp, .byte_len = byte_len, }; - rvt_send_cq(qp, &w, status != IB_WC_SUCCESS); + rvt_send_cq(qp, &w, status != IB_WC_SUCCESS, + lock_state); } return last; } @@ -886,7 +904,8 @@ void rvt_copy_sge(struct rvt_qp *qp, struct rvt_sge_state *ss, void *data, u32 length, bool release, bool copy_last); void rvt_send_complete(struct rvt_qp *qp, struct rvt_swqe *wqe, - enum ib_wc_status status); + enum ib_wc_status status, + enum rvt_qp_lock_state lock_state); void rvt_ruc_loopback(struct rvt_qp *qp); /**

3 days, 3 hours

2
1
0 0

FAILED: patch "[PATCH] arm64: dts: marvell: uDPU: define pinctrl state for alarm" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b04f0d89e880bc2cca6a5c73cf287082c91878da # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025052401-unbiased-designate-2089@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b04f0d89e880bc2cca6a5c73cf287082c91878da Mon Sep 17 00:00:00 2001 From: Gabor Juhos <j4g8y7(a)gmail.com> Date: Fri, 9 May 2025 15:48:52 +0200 Subject: [PATCH] arm64: dts: marvell: uDPU: define pinctrl state for alarm LEDs The two alarm LEDs of on the uDPU board are stopped working since commit 78efa53e715e ("leds: Init leds class earlier"). The LEDs are driven by the GPIO{15,16} pins of the North Bridge GPIO controller. These pins are part of the 'spi_quad' pin group for which the 'spi' function is selected via the default pinctrl state of the 'spi' node. This is wrong however, since in order to allow controlling the LEDs, the pins should use the 'gpio' function. Before the commit mentined above, the 'spi' function is selected first by the pinctrl core before probing the spi driver, but then it gets overridden to 'gpio' implicitly via the devm_gpiod_get_index_optional() call from the 'leds-gpio' driver. After the commit, the LED subsystem gets initialized before the SPI subsystem, so the function of the pin group remains 'spi' which in turn prevents controlling of the LEDs. Despite the change of the initialization order, the root cause is that the pinctrl state definition is wrong since its initial commit 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board"), To fix the problem, override the function in the 'spi_quad_pins' node to 'gpio' and move the pinctrl state definition from the 'spi' node into the 'leds' node. Cc: stable(a)vger.kernel.org # needs adjustment for < 6.1 Fixes: 0d45062cfc89 ("arm64: dts: marvell: Add device tree for uDPU board") Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> Signed-off-by: Imre Kaloz <kaloz(a)openwrt.org> Signed-off-by: Gregory CLEMENT <gregory.clement(a)bootlin.com> diff --git a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi index 3a9b6907185d..242820845707 100644 --- a/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi +++ b/arch/arm64/boot/dts/marvell/armada-3720-uDPU.dtsi @@ -26,6 +26,8 @@ memory@0 { leds { compatible = "gpio-leds"; + pinctrl-names = "default"; + pinctrl-0 = <&spi_quad_pins>; led-power1 { label = "udpu:green:power"; @@ -82,8 +84,6 @@ &sdhci0 { &spi0 { status = "okay"; - pinctrl-names = "default"; - pinctrl-0 = <&spi_quad_pins>; flash@0 { compatible = "jedec,spi-nor"; @@ -108,6 +108,10 @@ partition@180000 { }; }; +&spi_quad_pins { + function = "gpio"; +}; + &pinctrl_nb { i2c2_recovery_pins: i2c2-recovery-pins { groups = "i2c2";

3 days, 3 hours

2
1
0 0

FAILED: patch "[PATCH] randstruct: gcc-plugin: Fix attribute addition" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f39f18f3c3531aa802b58a20d39d96e82eb96c14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025060528-ramble-bulge-34cb@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f39f18f3c3531aa802b58a20d39d96e82eb96c14 Mon Sep 17 00:00:00 2001 From: Kees Cook <kees(a)kernel.org> Date: Fri, 30 May 2025 15:18:28 -0700 Subject: [PATCH] randstruct: gcc-plugin: Fix attribute addition Based on changes in the 2021 public version of the randstruct out-of-tree GCC plugin[1], more carefully update the attributes on resulting decls, to avoid tripping checks in GCC 15's comptypes_check_enum_int() when it has been configured with "--enable-checking=misc": arch/arm64/kernel/kexec_image.c:132:14: internal compiler error: in comptypes_check_enum_int, at c/c-typeck.cc:1519 132 | const struct kexec_file_ops kexec_image_ops = { | ^~~~~~~~~~~~~~ internal_error(char const*, ...), at gcc/gcc/diagnostic-global-context.cc:517 fancy_abort(char const*, int, char const*), at gcc/gcc/diagnostic.cc:1803 comptypes_check_enum_int(tree_node*, tree_node*, bool*), at gcc/gcc/c/c-typeck.cc:1519 ... Link: https://archive.org/download/grsecurity/grsecurity-3.1-5.10.41-202105280954… [1] Reported-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Closes: https://github.com/KSPP/linux/issues/367 Closes: https://lore.kernel.org/lkml/20250530000646.104457-1-thiago.bauermann@linar… Reported-by: Ingo Saitz <ingo(a)hannover.ccc.de> Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745 Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin") Tested-by: Thiago Jung Bauermann <thiago.bauermann(a)linaro.org> Link: https://lore.kernel.org/r/20250530221824.work.623-kees@kernel.org Signed-off-by: Kees Cook <kees(a)kernel.org> diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h index 3222c1070444..ef12c8f929ed 100644 --- a/scripts/gcc-plugins/gcc-common.h +++ b/scripts/gcc-plugins/gcc-common.h @@ -123,6 +123,38 @@ static inline tree build_const_char_string(int len, const char *str) return cstr; } +static inline void __add_type_attr(tree type, const char *attr, tree args) +{ + tree oldattr; + + if (type == NULL_TREE) + return; + oldattr = lookup_attribute(attr, TYPE_ATTRIBUTES(type)); + if (oldattr != NULL_TREE) { + gcc_assert(TREE_VALUE(oldattr) == args || TREE_VALUE(TREE_VALUE(oldattr)) == TREE_VALUE(args)); + return; + } + + TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); + TYPE_ATTRIBUTES(type) = tree_cons(get_identifier(attr), args, TYPE_ATTRIBUTES(type)); +} + +static inline void add_type_attr(tree type, const char *attr, tree args) +{ + tree main_variant = TYPE_MAIN_VARIANT(type); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + __add_type_attr(TYPE_CANONICAL(main_variant), attr, args); + __add_type_attr(main_variant, attr, args); + + for (type = TYPE_NEXT_VARIANT(main_variant); type; type = TYPE_NEXT_VARIANT(type)) { + if (!lookup_attribute(attr, TYPE_ATTRIBUTES(type))) + TYPE_ATTRIBUTES(type) = TYPE_ATTRIBUTES(main_variant); + + __add_type_attr(TYPE_CANONICAL(type), attr, args); + } +} + #define PASS_INFO(NAME, REF, ID, POS) \ struct register_pass_info NAME##_pass_info = { \ .pass = make_##NAME##_pass(), \ diff --git a/scripts/gcc-plugins/randomize_layout_plugin.c b/scripts/gcc-plugins/randomize_layout_plugin.c index 971a1908a8cc..ff65a4f87f24 100644 --- a/scripts/gcc-plugins/randomize_layout_plugin.c +++ b/scripts/gcc-plugins/randomize_layout_plugin.c @@ -73,6 +73,9 @@ static tree handle_randomize_layout_attr(tree *node, tree name, tree args, int f if (TYPE_P(*node)) { type = *node; + } else if (TREE_CODE(*node) == FIELD_DECL) { + *no_add_attrs = false; + return NULL_TREE; } else { gcc_assert(TREE_CODE(*node) == TYPE_DECL); type = TREE_TYPE(*node); @@ -348,15 +351,14 @@ static int relayout_struct(tree type) TREE_CHAIN(newtree[i]) = newtree[i+1]; TREE_CHAIN(newtree[num_fields - 1]) = NULL_TREE; + add_type_attr(type, "randomize_performed", NULL_TREE); + add_type_attr(type, "designated_init", NULL_TREE); + if (has_flexarray) + add_type_attr(type, "has_flexarray", NULL_TREE); + main_variant = TYPE_MAIN_VARIANT(type); - for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) { + for (variant = main_variant; variant; variant = TYPE_NEXT_VARIANT(variant)) TYPE_FIELDS(variant) = newtree[0]; - TYPE_ATTRIBUTES(variant) = copy_list(TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("randomize_performed"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - TYPE_ATTRIBUTES(variant) = tree_cons(get_identifier("designated_init"), NULL_TREE, TYPE_ATTRIBUTES(variant)); - if (has_flexarray) - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("has_flexarray"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } /* * force a re-layout of the main variant @@ -424,10 +426,8 @@ static void randomize_type(tree type) if (lookup_attribute("randomize_layout", TYPE_ATTRIBUTES(TYPE_MAIN_VARIANT(type))) || is_pure_ops_struct(type)) relayout_struct(type); - for (variant = TYPE_MAIN_VARIANT(type); variant; variant = TYPE_NEXT_VARIANT(variant)) { - TYPE_ATTRIBUTES(type) = copy_list(TYPE_ATTRIBUTES(type)); - TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("randomize_considered"), NULL_TREE, TYPE_ATTRIBUTES(type)); - } + add_type_attr(type, "randomize_considered", NULL_TREE); + #ifdef __DEBUG_PLUGIN fprintf(stderr, "Marking randomize_considered on struct %s\n", ORIG_TYPE_NAME(type)); #ifdef __DEBUG_VERBOSE

3 days, 3 hours

2
2
0 0

[PATCH] ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids()

by Miaoqian Lin

If krealloc_array() fails in iort_rmr_alloc_sids(), the function returns NULL but does not free the original 'sids' allocation. This results in a memory leak since the caller overwrites the original pointer with the NULL return value. Fixes: 491cf4a6735a ("ACPI/IORT: Add support to retrieve IORT RMR reserved regions") Cc: <stable(a)vger.kernel.org> Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- This follows the same pattern as the fix in commit 06615967d488 ("bpf, verifier: Fix memory leak in array reallocation for stack state"). --- drivers/acpi/arm64/iort.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/arm64/iort.c b/drivers/acpi/arm64/iort.c index 98759d6199d3..65f0f56ad753 100644 --- a/drivers/acpi/arm64/iort.c +++ b/drivers/acpi/arm64/iort.c @@ -937,8 +937,10 @@ static u32 *iort_rmr_alloc_sids(u32 *sids, u32 count, u32 id_start, new_sids = krealloc_array(sids, count + new_count, sizeof(*new_sids), GFP_KERNEL); - if (!new_sids) + if (!new_sids) { + kfree(sids); return NULL; + } for (i = count; i < total_count; i++) new_sids[i] = id_start++; -- 2.39.5 (Apple Git-154)

3 days, 3 hours

4
3
0 0

[PATCH v6.16.y] drm/dp: Change AUX DPCD probe address to DP_TRAINING_PATTERN_SET

by Imre Deak

commit d34d6feaf4a76833effcec0b148b65946b04cde8 upstream. Change the AUX DPCD probe address to DP_TRAINING_PATTERN_SET. Using DP_DPCD_REV for this is not compliant with the DP Standard and it leads to link training failures at least on a DP2.0 docking station when using UHBR link rates. This patch is a revert of commit 944e732be9c3 ("drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS") and the corresponding fix for commit 05981233cf2e ("Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS") in the v6.16.y tree. This change is only meant to be applied in the v6.16.y tree, not in earlier stable trees. Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Sasha Levin <sashal(a)kernel.org> Cc: dri-devel(a)lists.freedesktop.org Cc: stable(a)vger.kernel.org # v6.16 Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c index f2a6559a27100..ea78c6c8ca7a6 100644 --- a/drivers/gpu/drm/display/drm_dp_helper.c +++ b/drivers/gpu/drm/display/drm_dp_helper.c @@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset, * monitor doesn't power down exactly after the throw away read. */ if (!aux->is_remote) { - ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV); + ret = drm_dp_dpcd_probe(aux, DP_TRAINING_PATTERN_SET); if (ret < 0) return ret; } -- 2.49.1

3 days, 3 hours

1
0
0 0

[GIT PULL 6.18 1/2] xfs: improve online repair reap calculations

by Darrick J. Wong

Hi Carlos, Please pull this branch with changes for xfs. As usual, I did a test-merge with the main upstream branch as of a few minutes ago, and didn't see any conflicts. Please let me know if you encounter any problems. --D The following changes since commit b320789d6883cc00ac78ce83bccbfe7ed58afcf0: Linux 6.17-rc4 (2025-08-31 15:33:07 -0700) are available in the Git repository at: https://git.kernel.org/pub/scm/linux/kernel/git/djwong/xfs-linux.git tags/fix-scrub-reap-calculations_2025-09-05 for you to fetch changes up to 07c34f8cef69cb8eeef69c18d6cf0c04fbee3cb3: xfs: use deferred reaping for data device cow extents (2025-09-05 08:48:23 -0700) ---------------------------------------------------------------- xfs: improve online repair reap calculations [6.18 v2 1/2] A few months ago, the multi-fsblock untorn writes patchset added a bunch of log intent item helper functions to estimate the number of intent items that could be added to a particular transaction. Those helpers enabled us to compute a safe upper bound on the number of blocks that could be written in an untorn fashion with filesystem-provided out of place writes. Currently, the online fsck code employs static limits on the number of intent items that it's willing to accrue to a single transaction when it's trying to reap what it thinks are the old blocks from a corrupt structure. There have been no problems reported with this approach after years of testing, but static limits are scary and gross because overestimating the intent item limit could result in transaction overflows and dead filesystems; and underestimating causes unnecessary overhead. This series uses the new log intent item size helpers to estimate the limits dynamically based on worst-case per-block repair work vs. the size of the scrub transaction. After several months of testing this, there don't seem to be any problems here either. v2: rearrange patches, add review tags This has been running on the djcloud for months with no problems. Enjoy! Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> ---------------------------------------------------------------- Darrick J. Wong (9): xfs: use deferred intent items for reaping crosslinked blocks xfs: prepare reaping code for dynamic limits xfs: convert the ifork reap code to use xreap_state xfs: compute per-AG extent reap limits dynamically xfs: compute data device CoW staging extent reap limits dynamically xfs: compute realtime device CoW staging extent reap limits dynamically xfs: compute file mapping reap limits dynamically xfs: remove static reap limits from repair.h xfs: use deferred reaping for data device cow extents fs/xfs/scrub/repair.h | 8 - fs/xfs/scrub/trace.h | 45 ++++ fs/xfs/scrub/newbt.c | 9 + fs/xfs/scrub/reap.c | 622 ++++++++++++++++++++++++++++++++++++++++---------- fs/xfs/scrub/trace.c | 1 + 5 files changed, 554 insertions(+), 131 deletions(-)

3 days, 3 hours

1
0
0 0

[PATCH 6.16 000/142] 6.16.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.5 release. There are 142 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.5-rc1 Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data Mason Chang <mason-cw.chang(a)mediatek.com> thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: request the waitqueue irq *after* initializing SCM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: initialize tzmem before marking SCM as available Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: take struct device as argument in SHM bridge enable Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> firmware: qcom: scm: remove unused arguments from SHM bridge routines Eric Dumazet <edumazet(a)google.com> net: rose: fix a typo in rose_clear_routes() Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx12: set MQD as appriopriate for queue types Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/gfx11: set MQD as appriopriate for queue types Jesse.Zhang <Jesse.Zhang(a)amd.com> drm/amdgpu: update firmware version checks for user queue support Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/userq: fix error handling of invalid doorbell Yang Wang <kevinyang.wang(a)amd.com> drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode Ma Ke <make24(a)iscas.ac.cn> drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv Nathan Chancellor <nathan(a)kernel.org> drm/msm/dpu: Initialize crtc_state to NULL in dpu_plane_virtual_atomic_check() Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Clear the scratch_pt pointer on error Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Steve French <stfrench(a)microsoft.com> smb3 client: fix return code mapping of remap_file_range Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shuhao Fu <sfual(a)cse.ust.hk> fs/smb: Fix inconsistent refcnt update Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Bart Van Assche <bvanassche(a)acm.org> blk-zoned: Fix a lockdep complaint about recursive locking Kees Cook <kees(a)kernel.org> arm64: mm: Fix CFI failure due to kpti_ng_pgd_alloc function signature Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Matt Coffin <mcoffin13(a)gmail.com> HID: logitech: Add ids for G PRO 2 LIGHTSPEED Antheas Kapenekakis <lkml(a)antheas.dev> HID: quirks: add support for Legion Go dual dinput modes Martin Hilgendorf <martin.hilgendorf(a)posteo.de> HID: elecom: add support for ELECOM M-DT2DRBK Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation K Prateek Nayak <kprateek.nayak(a)amd.com> x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Handle the case of no BIOS microcode Suchit Karunakaran <suchitkarunakaran(a)gmail.com> x86/cpu/intel: Fix the constant_tsc model check for Pentium 4 Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: fix stack overrun when loading vlenb Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Louis-Alexis Eyraud <louisalexis.eyraud(a)collabora.com> drm/mediatek: mtk_hdmi: Fix inverted parameters in some regmap_update_bits calls Jens Axboe <axboe(a)kernel.dk> io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths Neil Mandir <neil.mandir(a)seco.com> net: macb: Disable clocks once Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Alexander Duyck <alexanderduyck(a)fb.com> fbnic: Move phylink resume out of service_task and into open/close Eric Dumazet <edumazet(a)google.com> l2tp: do not use sock_hold() in pppol2tp_session_get_sock() Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: include node references in rose_neigh refcount Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: convert 'use' field to refcount_t Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: split remove and free operations in rose_remove_neigh() Qingyue Zhang <chunzhennn(a)qq.com> io_uring/kbuf: fix signedness in this_len calculation Dipayaan Roy <dipayanroy(a)linux.microsoft.com> net: hv_netvsc: fix loss of early receive events from host during channel open. Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: Set CIC bit only for TX queues with COE Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Correct supported speed modes Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Prevent flow steering mode changes in switchdev mode Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset when SFs are present Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix lockdep assertion on sync reset unload event Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Reload auxiliary drivers on fw_activate Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix uninitialized variables in mlx5hws_pat_calc_nop error flow Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow Lama Kayal <lkayal(a)nvidia.com> net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix stats context reservation logic Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Adjust TX rings if reservation is less than requested Sreekanth Reddy <sreekanth.reddy(a)broadcom.com> bnxt_en: Fix memory corruption when FW resources change during ifdown Sean Anderson <sean.anderson(a)linux.dev> net: macb: Fix offset error in gem_update_stats Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Nilay Shroff <nilay(a)linux.ibm.com> block: validate QoS before calling __rq_qos_done_bio() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Don't trigger rebind on initial dma-buf validation Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe/vm: Don't pin the vm_resv during validation Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> drm/xe/xe_sync: avoid race during ufence signaling Jan Kiszka <jan.kiszka(a)siemens.com> efi: stmm: Fix incorrect buffer allocation method Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Vladimir Riabchun <ferr.lambarginio(a)gmail.com> mISDN: hfcpci: Fix warning when deleting uninitialized timer Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Fix NIX X2P calibration failures Subbaraya Sundeep <sbhatta(a)marvell.com> octeontx2: Set appropriate PF, VF masks and shifts based on silicon Chenyuan Yang <chenyuan0y(a)gmail.com> drm/msm/dpu: Add a null ptr check for dpu_encoder_needs_modeset Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> dt-bindings: display/msm: qcom,mdp5: drop lut clock Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: fix ixgbe_orom_civd_info struct layout Michal Kubiak <michal.kubiak(a)intel.com> ice: fix incorrect counter for buffer allocation failures Jacob Keller <jacob.e.keller(a)intel.com> ice: use fixed adapter index for E825C embedded devices Jacob Keller <jacob.e.keller(a)intel.com> ice: don't leave device non-functional if Tx scheduler config fails Emil Tantilov <emil.s.tantilov(a)intel.com> ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused memory target test Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-vf: Fix max packet length errors Mina Almasry <almasrymina(a)google.com> page_pool: fix incorrect mp_ops error handling Pavel Shpakovskiy <pashpakovskii(a)salutedevices.com> Bluetooth: hci_sync: fix set_local_name race condition Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_event: Disconnect device when BIG sync is lost Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Mark connection as closed during suspend disconnect Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_conn: Make unacked packet handling more robust luoguangfei <15388634752(a)163.com> net: macb: fix unregister_netdev call order in macb_remove() Joshua Hay <joshua.a.hay(a)intel.com> idpf: stop Tx if there are insufficient buffer resources Joshua Hay <joshua.a.hay(a)intel.com> idpf: replace flow scheduling buffer ring with buffer pool Joshua Hay <joshua.a.hay(a)intel.com> idpf: simplify and fix splitq Tx packet rollback error path Joshua Hay <joshua.a.hay(a)intel.com> idpf: add support for Tx refillqs in flow scheduling mode José Expósito <jose.exposito89(a)gmail.com> HID: input: report battery status changes immediately José Expósito <jose.exposito89(a)gmail.com> HID: input: rename hidinput_set_battery_charge_status() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Jason-JH Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Add error handling for old state CRTC in atomic_disable Ayushi Makhija <quic_amakhija(a)quicinc.com> drm/msm: update the high bitfield of certain DSI registers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/dpu: correct dpu_plane_virtual_atomic_check() Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> drm/msm/kms: move snapshot init earlier in KMS init Even Xu <even.xu(a)intel.com> HID: intel-thc-hid: Intel-quicki2c: Enhance driver re-install flow Aaron Ma <aaron.ma(a)canonical.com> HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Aaron Ma <aaron.ma(a)canonical.com> HID: intel-thc-hid: intel-quicki2c: Fix ACPI dsd ICRS/ISUB length Oreoluwa Babatunde <oreoluwa.babatunde(a)oss.qualcomm.com> of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Defer fd_install in SUBMIT ioctl Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Dongcheng Yan <dongcheng.yan(a)intel.com> platform/x86: int3472: add hpd pin support Fengnan Chang <changfengnan(a)bytedance.com> io_uring/io-wq: add check free worker before create new worker Junli Liu <liujunli(a)lixiang.com> erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC Yuezhang Mo <Yuezhang.Mo(a)sony.com> erofs: Fallback to normal access if DAX is not supported on extra device Shuming Fan <shumingf(a)realtek.com> ASoC: rt1320: fix random cycle mute issue Shuming Fan <shumingf(a)realtek.com> ASoC: rt721: fix FU33 Boost Volume control not working Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in rename(2) Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in unlink(2) Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Namhyung Kim <namhyung(a)kernel.org> vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER Igor Torrente <igor.torrente(a)collabora.com> Revert "virtio: reject shm region if length is zero" Ian Rogers <irogers(a)google.com> perf symbol-minimal: Fix ehdr reading in filename__read_build_id Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Steven Rostedt <rostedt(a)goodmis.org> fgraph: Copy args in intermediate storage with entry Dan Carpenter <dan.carpenter(a)linaro.org> of: dynamic: Fix use after free in of_changeset_add_prop_helper() Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename the etop node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: lantiq: danube: add missing burst length property Lorenzo Bianconi <lorenzo(a)kernel.org> pinctrl: airoha: Fix return value in pinconf callbacks Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency Rob Herring (Arm) <robh(a)kernel.org> of: reserved_mem: Add missing IORESOURCE_MEM flag on resources Lizhi Hou <lizhi.hou(a)amd.com> of: dynamic: Fix memleak when of_pci_add_properties() failed Ye Weihua <yeweihua4(a)huawei.com> trace/fgraph: Fix the warning caused by missing unregister notifier Tao Chen <chen.dylane(a)linux.dev> rtla: Check pkg-config install Tao Chen <chen.dylane(a)linux.dev> tools/latency-collector: Check pkg-config install Yunseong Kim <ysk(a)kzalloc.com> perf: Avoid undefined behavior from stopping/starting inactive events ------------- Diffstat: .../devicetree/bindings/display/msm/qcom,mdp5.yaml | 1 - Makefile | 4 +- arch/arm64/include/asm/mmu.h | 7 + arch/arm64/kernel/cpufeature.c | 5 +- arch/arm64/mm/mmu.c | 7 - arch/mips/boot/dts/lantiq/danube_easy50712.dts | 5 +- arch/mips/lantiq/xway/sysctrl.c | 10 +- arch/powerpc/kernel/kvm.c | 8 +- arch/riscv/kvm/vcpu_vector.c | 2 + arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/microcode/amd.c | 22 +- arch/x86/kernel/cpu/topology_amd.c | 27 +- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- block/blk-rq-qos.h | 13 +- block/blk-zoned.c | 11 +- drivers/atm/atmtcp.c | 17 +- drivers/crypto/marvell/octeontx2/otx2_cpt_common.h | 5 +- drivers/crypto/marvell/octeontx2/otx2_cptpf_mbox.c | 13 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 4 +- drivers/crypto/marvell/octeontx2/otx2_cptvf_mbox.c | 6 +- drivers/firmware/efi/stmm/tee_stmm_efi.c | 21 +- drivers/firmware/qcom/qcom_scm.c | 95 +++-- drivers/firmware/qcom/qcom_scm.h | 1 + drivers/firmware/qcom/qcom_tzmem.c | 11 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_userq.c | 1 + drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 8 +- drivers/gpu/drm/amd/pm/amdgpu_pm.c | 18 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 21 +- drivers/gpu/drm/mediatek/mtk_hdmi.c | 8 +- drivers/gpu/drm/mediatek/mtk_plane.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 2 + drivers/gpu/drm/msm/disp/dpu1/dpu_plane.c | 4 +- drivers/gpu/drm/msm/msm_gem_submit.c | 14 +- drivers/gpu/drm/msm/msm_kms.c | 10 +- drivers/gpu/drm/msm/registers/display/dsi.xml | 28 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/gm200.c | 15 +- drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 5 +- drivers/gpu/drm/xe/xe_bo.c | 8 +- drivers/gpu/drm/xe/xe_sync.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/gpu/drm/xe/xe_vm.h | 15 +- drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-elecom.c | 2 + drivers/hid/hid-ids.h | 4 + drivers/hid/hid-input-test.c | 10 +- drivers/hid/hid-input.c | 51 ++- drivers/hid/hid-logitech-dj.c | 4 + drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-multitouch.c | 8 + drivers/hid/hid-ntrig.c | 3 + drivers/hid/hid-quirks.c | 3 + .../intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 1 + .../intel-thc-hid/intel-quicki2c/quicki2c-dev.h | 2 + .../hid/intel-thc-hid/intel-thc/intel-thc-dev.c | 4 +- drivers/hid/wacom_wac.c | 1 + drivers/isdn/hardware/mISDN/hfcpci.c | 12 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 36 +- drivers/net/ethernet/cadence/macb_main.c | 11 +- drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/intel/ice/ice.h | 1 + drivers/net/ethernet/intel/ice/ice_adapter.c | 49 ++- drivers/net/ethernet/intel/ice/ice_adapter.h | 4 +- drivers/net/ethernet/intel/ice/ice_ddp.c | 44 ++- drivers/net/ethernet/intel/ice/ice_idc.c | 10 +- drivers/net/ethernet/intel/ice/ice_main.c | 16 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 2 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 61 ++- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 411 ++++++++++++--------- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 38 +- drivers/net/ethernet/intel/ixgbe/ixgbe_e610.c | 2 +- drivers/net/ethernet/intel/ixgbe/ixgbe_type_e610.h | 2 +- drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 7 + .../net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 6 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.c | 30 +- drivers/net/ethernet/marvell/octeontx2/af/rvu.h | 66 +++- .../net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 68 ++-- .../net/ethernet/marvell/octeontx2/af/rvu_cn10k.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_cpt.c | 4 +- .../ethernet/marvell/octeontx2/af/rvu_debugfs.c | 22 +- .../net/ethernet/marvell/octeontx2/af/rvu_nix.c | 54 +-- .../net/ethernet/marvell/octeontx2/af/rvu_npc.c | 8 +- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.c | 16 +- .../ethernet/marvell/octeontx2/af/rvu_npc_hash.h | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_rep.c | 13 +- .../net/ethernet/marvell/octeontx2/af/rvu_sdp.c | 10 +- .../net/ethernet/marvell/octeontx2/af/rvu_switch.c | 8 +- .../ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 2 +- .../ethernet/marvell/octeontx2/nic/cn10k_ipsec.h | 2 +- .../ethernet/marvell/octeontx2/nic/otx2_common.c | 4 +- .../ethernet/marvell/octeontx2/nic/otx2_common.h | 12 +- .../net/ethernet/marvell/octeontx2/nic/otx2_pf.c | 24 +- .../net/ethernet/marvell/octeontx2/nic/otx2_reg.h | 30 -- .../net/ethernet/marvell/octeontx2/nic/otx2_tc.c | 3 +- .../net/ethernet/marvell/octeontx2/nic/otx2_vf.c | 10 + drivers/net/ethernet/marvell/octeontx2/nic/rep.c | 20 +- drivers/net/ethernet/marvell/octeontx2/nic/rep.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 15 +- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 132 ++++--- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + .../net/ethernet/mellanox/mlx5/core/sf/devlink.c | 10 + drivers/net/ethernet/mellanox/mlx5/core/sf/sf.h | 6 + .../mellanox/mlx5/core/steering/hws/action.c | 2 +- .../mellanox/mlx5/core/steering/hws/pat_arg.c | 6 +- .../mellanox/mlx5/core/steering/hws/pool.c | 1 + drivers/net/ethernet/meta/fbnic/fbnic_netdev.c | 4 + drivers/net/ethernet/meta/fbnic/fbnic_pci.c | 2 - .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 13 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 9 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +- drivers/net/hyperv/netvsc.c | 17 +- drivers/net/hyperv/rndis_filter.c | 23 +- drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 +- drivers/net/usb/qmi_wwan.c | 3 + drivers/of/dynamic.c | 9 +- drivers/of/of_reserved_mem.c | 17 +- drivers/pinctrl/Kconfig | 1 + drivers/pinctrl/mediatek/pinctrl-airoha.c | 8 +- drivers/platform/x86/intel/int3472/discrete.c | 6 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/thermal/mediatek/lvts_thermal.c | 74 +++- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/erofs/super.c | 24 +- fs/erofs/zdata.c | 13 +- fs/smb/client/cifsfs.c | 14 + fs/smb/client/inode.c | 34 +- fs/smb/client/smb2inode.c | 7 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/dma-map-ops.h | 3 + include/linux/firmware/qcom/qcom_scm.h | 5 +- include/linux/platform_data/x86/int3472.h | 1 + include/linux/soc/marvell/silicons.h | 25 ++ include/linux/virtio_config.h | 2 - include/net/bluetooth/hci_sync.h | 2 +- include/net/rose.h | 18 +- include/uapi/linux/vhost.h | 4 +- io_uring/io-wq.c | 8 + io_uring/kbuf.c | 20 +- kernel/dma/contiguous.c | 2 - kernel/dma/pool.c | 4 +- kernel/events/core.c | 6 + kernel/trace/fgraph.c | 1 + kernel/trace/trace.c | 4 +- kernel/trace/trace_functions_graph.c | 22 +- net/atm/common.c | 15 +- net/bluetooth/hci_conn.c | 58 ++- net/bluetooth/hci_event.c | 25 +- net/bluetooth/hci_sync.c | 6 +- net/bluetooth/mgmt.c | 9 +- net/core/page_pool.c | 6 +- net/ipv4/route.c | 10 +- net/l2tp/l2tp_ppp.c | 25 +- net/rose/af_rose.c | 13 +- net/rose/rose_in.c | 12 +- net/rose/rose_route.c | 62 ++-- net/rose/rose_timer.c | 2 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- sound/soc/codecs/rt1320-sdw.c | 3 +- sound/soc/codecs/rt721-sdca.c | 2 + sound/soc/codecs/rt721-sdca.h | 4 + tools/perf/util/symbol-minimal.c | 55 ++- tools/tracing/latency/Makefile.config | 8 + tools/tracing/rtla/Makefile.config | 8 + 177 files changed, 1765 insertions(+), 987 deletions(-)

3 days, 3 hours

15
160
0 0

[PATCHSET 6.18 v2 1/2] xfs: improve online repair reap calculations

by Darrick J. Wong

Hi all, A few months ago, the multi-fsblock untorn writes patchset added a bunch of log intent item helper functions to estimate the number of intent items that could be added to a particular transaction. Those helpers enabled us to compute a safe upper bound on the number of blocks that could be written in an untorn fashion with filesystem-provided out of place writes. Currently, the online fsck code employs static limits on the number of intent items that it's willing to accrue to a single transaction when it's trying to reap what it thinks are the old blocks from a corrupt structure. There have been no problems reported with this approach after years of testing, but static limits are scary and gross because overestimating the intent item limit could result in transaction overflows and dead filesystems; and underestimating causes unnecessary overhead. This series uses the new log intent item size helpers to estimate the limits dynamically based on worst-case per-block repair work vs. the size of the scrub transaction. After several months of testing this, there don't seem to be any problems here either. v2: rearrange patches, add review tags If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fi… --- Commits in this patchset: * xfs: use deferred intent items for reaping crosslinked blocks * xfs: prepare reaping code for dynamic limits * xfs: convert the ifork reap code to use xreap_state * xfs: compute per-AG extent reap limits dynamically * xfs: compute data device CoW staging extent reap limits dynamically * xfs: compute realtime device CoW staging extent reap limits dynamically * xfs: compute file mapping reap limits dynamically * xfs: remove static reap limits from repair.h * xfs: use deferred reaping for data device cow extents --- fs/xfs/scrub/repair.h | 8 - fs/xfs/scrub/trace.h | 45 ++++ fs/xfs/scrub/newbt.c | 9 + fs/xfs/scrub/reap.c | 622 +++++++++++++++++++++++++++++++++++++++---------- fs/xfs/scrub/trace.c | 1 5 files changed, 554 insertions(+), 131 deletions(-)

3 days, 3 hours

1
1
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror