This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
------------- Pseudo-Shortlog of commits:
Greg Kroah-Hartman gregkh@linuxfoundation.org Linux 5.15.160-rc1
Akira Yokosawa akiyks@gmail.com docs: kernel_include.py: Cope with docutils 0.21
Thomas Weißschuh linux@weissschuh.net admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET
Jarkko Sakkinen jarkko@kernel.org KEYS: trusted: Do not use WARN when encode fails
AngeloGioacchino Del Regno angelogioacchino.delregno@collabora.com remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
Daniel Thompson daniel.thompson@linaro.org serial: kgdboc: Fix NMI-safety problems from keyboard reset code
Heikki Krogerus heikki.krogerus@linux.intel.com usb: typec: ucsi: displayport: Fix potential deadlock
Carlos Llamas cmllamas@google.com binder: fix max_thread type inconsistency
Srinivasan Shanmugam srinivasan.shanmugam@amd.com drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
Sean Christopherson seanjc@google.com KVM: x86: Clear "has_error_code", not "error_code", for RM exception injection
Eric Dumazet edumazet@google.com netlink: annotate data-races around sk->sk_err
Eric Dumazet edumazet@google.com netlink: annotate lockless accesses to nlk->max_recvmsg_len
Jakub Kicinski kuba@kernel.org net: tls: handle backlogging of crypto requests
Jakub Kicinski kuba@kernel.org tls: fix race between async notify and socket close
Jakub Kicinski kuba@kernel.org net: tls: factor out tls_*crypt_async_wait()
Sabrina Dubroca sd@queasysnail.net tls: extract context alloc/initialization out of tls_set_sw_offload
Jakub Kicinski kuba@kernel.org tls: rx: simplify async wait
Doug Berger opendmb@gmail.com net: bcmgenet: synchronize UMAC_CMD access
Doug Berger opendmb@gmail.com net: bcmgenet: synchronize EXT_RGMII_OOB_CTRL access
Harshit Mogalapalli harshit.m.mogalapalli@oracle.com Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
Jarkko Sakkinen jarkko@kernel.org KEYS: trusted: Fix memory leak in tpm2_key_encode()
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
Sergey Shtylyov s.shtylyov@omp.ru pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin()
Jose Fernandez josef@netflix.com drm/amd/display: Fix division by zero in setup_dsc_config
-------------
Diffstat:
.../admin-guide/hw-vuln/core-scheduling.rst | 4 +- Documentation/sphinx/kernel_include.py | 1 - Makefile | 4 +- arch/x86/kvm/x86.c | 11 +- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 + drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 +- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 + drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 + drivers/net/ethernet/broadcom/genet/bcmmii.c | 4 + drivers/pinctrl/core.c | 14 +- drivers/remoteproc/mtk_scp.c | 10 +- drivers/tty/serial/kgdboc.c | 30 +++- drivers/usb/typec/ucsi/displayport.c | 4 - fs/nfs/callback.c | 9 +- fs/nfsd/nfs4proc.c | 5 +- fs/nfsd/nfssvc.c | 12 -- include/net/tls.h | 6 - net/netlink/af_netlink.c | 23 +-- net/sunrpc/svc_xprt.c | 16 +- net/tls/tls_sw.c | 199 +++++++++++---------- security/keys/trusted-keys/trusted_tpm2.c | 25 ++- tools/testing/selftests/vm/map_hugetlb.c | 7 - 25 files changed, 243 insertions(+), 175 deletions(-)
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jose Fernandez josef@netflix.com
commit 130afc8a886183a94cf6eab7d24f300014ff87ba upstream.
When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero.
The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected.
kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu
After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113.
Reviewed-by: Rodrigo Siqueira Rodrigo.Siqueira@amd.com Signed-off-by: Jose Fernandez josef@netflix.com Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3113 Signed-off-by: Rodrigo Siqueira Rodrigo.Siqueira@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com Cc: "Limonciello, Mario" mario.limonciello@amd.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c +++ b/drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c @@ -939,7 +939,12 @@ static bool setup_dsc_config( if (!is_dsc_possible) goto done;
- dsc_cfg->num_slices_v = pic_height/slice_height; + if (slice_height > 0) { + dsc_cfg->num_slices_v = pic_height / slice_height; + } else { + is_dsc_possible = false; + goto done; + }
if (target_bandwidth_kbps > 0) { is_dsc_possible = decide_dsc_target_bpp_x16(
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sergey Shtylyov s.shtylyov@omp.ru
commit ecfe9a015d3e1e46504d5b3de7eef1f2d186194a upstream.
pinctrl_register_one_pin() doesn't check the result of radix_tree_insert() despite they both may return a negative error code. Linus Walleij said he has copied the radix tree code from kernel/irq/ where the functions calling radix_tree_insert() are *void* themselves; I think it makes more sense to propagate the errors from radix_tree_insert() upstream if we can do that...
Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool.
Signed-off-by: Sergey Shtylyov s.shtylyov@omp.ru Link: https://lore.kernel.org/r/20230719202253.13469-3-s.shtylyov@omp.ru Signed-off-by: Linus Walleij linus.walleij@linaro.org Cc: "Hemdan, Hagar Gamal Halim" hagarhem@amazon.de Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/pinctrl/core.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-)
--- a/drivers/pinctrl/core.c +++ b/drivers/pinctrl/core.c @@ -205,6 +205,7 @@ static int pinctrl_register_one_pin(stru const struct pinctrl_pin_desc *pin) { struct pin_desc *pindesc; + int error;
pindesc = pin_desc_get(pctldev, pin->number); if (pindesc) { @@ -226,18 +227,25 @@ static int pinctrl_register_one_pin(stru } else { pindesc->name = kasprintf(GFP_KERNEL, "PIN%u", pin->number); if (!pindesc->name) { - kfree(pindesc); - return -ENOMEM; + error = -ENOMEM; + goto failed; } pindesc->dynamic_name = true; }
pindesc->drv_data = pin->drv_data;
- radix_tree_insert(&pctldev->pin_desc_tree, pin->number, pindesc); + error = radix_tree_insert(&pctldev->pin_desc_tree, pin->number, pindesc); + if (error) + goto failed; + pr_debug("registered pin %d (%s) on %s\n", pin->number, pindesc->name, pctldev->desc->name); return 0; + +failed: + kfree(pindesc); + return error; }
static int pinctrl_register_pins(struct pinctrl_dev *pctldev,
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown neilb@suse.de
commit 3903902401451b1cd9d797a8c79769eb26ac7fe5 upstream.
The original implementation of nfsd used signals to stop threads during shutdown. In Linux 2.3.46pre5 nfsd gained the ability to shutdown threads internally it if was asked to run "0" threads. After this user-space transitioned to using "rpc.nfsd 0" to stop nfsd and sending signals to threads was no longer an important part of the API.
In commit 3ebdbe5203a8 ("SUNRPC: discard svo_setup and rename svc_set_num_threads_sync()") (v5.17-rc1~75^2~41) we finally removed the use of signals for stopping threads, using kthread_stop() instead.
This patch makes the "obvious" next step and removes the ability to signal nfsd threads - or any svc threads. nfsd stops allowing signals and we don't check for their delivery any more.
This will allow for some simplification in later patches.
A change worth noting is in nfsd4_ssc_setup_dul(). There was previously a signal_pending() check which would only succeed when the thread was being shut down. It should really have tested kthread_should_stop() as well. Now it just does the latter, not the former.
Signed-off-by: NeilBrown neilb@suse.de Reviewed-by: Jeff Layton jlayton@kernel.org Signed-off-by: Chuck Lever chuck.lever@oracle.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- fs/nfs/callback.c | 9 +-------- fs/nfsd/nfs4proc.c | 5 ++--- fs/nfsd/nfssvc.c | 12 ------------ net/sunrpc/svc_xprt.c | 16 ++++++---------- 4 files changed, 9 insertions(+), 33 deletions(-)
--- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -80,9 +80,6 @@ nfs4_callback_svc(void *vrqstp) set_freezable();
while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); /* * Listen for a request on the socket */ @@ -112,11 +109,7 @@ nfs41_callback_svc(void *vrqstp) set_freezable();
while (!kthread_freezable_should_stop(NULL)) { - - if (signal_pending(current)) - flush_signals(current); - - prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_INTERRUPTIBLE); + prepare_to_wait(&serv->sv_cb_waitq, &wq, TASK_IDLE); spin_lock_bh(&serv->sv_cb_lock); if (!list_empty(&serv->sv_cb_list)) { req = list_first_entry(&serv->sv_cb_list, --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1317,12 +1317,11 @@ try_again: /* found a match */ if (ni->nsui_busy) { /* wait - and try again */ - prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, - TASK_INTERRUPTIBLE); + prepare_to_wait(&nn->nfsd_ssc_waitq, &wait, TASK_IDLE); spin_unlock(&nn->nfsd_ssc_lock);
/* allow 20secs for mount/unmount for now - revisit */ - if (signal_pending(current) || + if (kthread_should_stop() || (schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); --- a/fs/nfsd/nfssvc.c +++ b/fs/nfsd/nfssvc.c @@ -938,15 +938,6 @@ nfsd(void *vrqstp)
current->fs->umask = 0;
- /* - * thread is spawned with all signals set to SIG_IGN, re-enable - * the ones that will bring down the thread - */ - allow_signal(SIGKILL); - allow_signal(SIGHUP); - allow_signal(SIGINT); - allow_signal(SIGQUIT); - atomic_inc(&nfsdstats.th_cnt);
set_freezable(); @@ -971,9 +962,6 @@ nfsd(void *vrqstp) validate_process_creds(); }
- /* Clear signals before calling svc_exit_thread() */ - flush_signals(current); - atomic_dec(&nfsdstats.th_cnt);
out: --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -700,8 +700,8 @@ static int svc_alloc_arg(struct svc_rqst /* Made progress, don't sleep yet */ continue;
- set_current_state(TASK_INTERRUPTIBLE); - if (signalled() || kthread_should_stop()) { + set_current_state(TASK_IDLE); + if (kthread_should_stop()) { set_current_state(TASK_RUNNING); return -EINTR; } @@ -736,7 +736,7 @@ rqst_should_sleep(struct svc_rqst *rqstp return false;
/* are we shutting down? */ - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return false;
/* are we freezing? */ @@ -758,11 +758,7 @@ static struct svc_xprt *svc_get_next_xpr if (rqstp->rq_xprt) goto out_found;
- /* - * We have to be able to interrupt this wait - * to bring down the daemons ... - */ - set_current_state(TASK_INTERRUPTIBLE); + set_current_state(TASK_IDLE); smp_mb__before_atomic(); clear_bit(SP_CONGESTED, &pool->sp_flags); clear_bit(RQ_BUSY, &rqstp->rq_flags); @@ -784,7 +780,7 @@ static struct svc_xprt *svc_get_next_xpr if (!time_left) atomic_long_inc(&pool->sp_stats.threads_timedout);
- if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) return ERR_PTR(-EINTR); return ERR_PTR(-EAGAIN); out_found: @@ -882,7 +878,7 @@ int svc_recv(struct svc_rqst *rqstp, lon try_to_freeze(); cond_resched(); err = -EINTR; - if (signalled() || kthread_should_stop()) + if (kthread_should_stop()) goto out;
xprt = svc_get_next_xprt(rqstp, timeout);
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen jarkko@kernel.org
commit ffcaa2172cc1a85ddb8b783de96d38ca8855e248 upstream.
'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case.
Cc: stable@vger.kernel.org # +v5.13 Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen jarkko@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- security/keys/trusted-keys/trusted_tpm2.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-)
--- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -38,6 +38,7 @@ static int tpm2_key_encode(struct truste u8 *end_work = scratch + SCRATCH_SIZE; u8 *priv, *pub; u16 priv_len, pub_len; + int ret;
priv_len = get_unaligned_be16(src) + 2; priv = src; @@ -57,8 +58,10 @@ static int tpm2_key_encode(struct truste unsigned char bool[3], *w = bool; /* tag 0 is emptyAuth */ w = asn1_encode_boolean(w, w + sizeof(bool), true); - if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) - return PTR_ERR(w); + if (WARN(IS_ERR(w), "BUG: Boolean failed to encode")) { + ret = PTR_ERR(w); + goto err; + } work = asn1_encode_tag(work, end_work, 0, bool, w - bool); }
@@ -69,8 +72,10 @@ static int tpm2_key_encode(struct truste * trigger, so if it does there's something nefarious going on */ if (WARN(work - scratch + pub_len + priv_len + 14 > SCRATCH_SIZE, - "BUG: scratch buffer is too small")) - return -EINVAL; + "BUG: scratch buffer is too small")) { + ret = -EINVAL; + goto err; + }
work = asn1_encode_integer(work, end_work, options->keyhandle); work = asn1_encode_octet_string(work, end_work, pub, pub_len); @@ -79,10 +84,17 @@ static int tpm2_key_encode(struct truste work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) - return PTR_ERR(work1); + if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + ret = PTR_ERR(work1); + goto err; + }
+ kfree(scratch); return work1 - payload->blob; + +err: + kfree(scratch); + return ret; }
struct tpm2_key_context {
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
This reverts commit 0d29b474fb90ff35920642f378d9baace9b47edd which is commit 91b80cc5b39f00399e8e2d17527cad2c7fa535e2 upstream.
map_hugetlb.c:18:10: fatal error: vm_util.h: No such file or directory 18 | #include "vm_util.h" | ^~~~~~~~~~~ compilation terminated.
vm_util.h is not present in 5.15.y, as commit:642bc52aed9c ("selftests: vm: bring common functions to a new file") is not present in stable kernels <=6.1.y
Signed-off-by: Harshit Mogalapalli harshit.m.mogalapalli@oracle.com --- tools/testing/selftests/vm/map_hugetlb.c | 7 ------- 1 file changed, 7 deletions(-)
--- a/tools/testing/selftests/vm/map_hugetlb.c +++ b/tools/testing/selftests/vm/map_hugetlb.c @@ -15,7 +15,6 @@ #include <unistd.h> #include <sys/mman.h> #include <fcntl.h> -#include "vm_util.h"
#define LENGTH (256UL*1024*1024) #define PROTECTION (PROT_READ | PROT_WRITE) @@ -71,16 +70,10 @@ int main(int argc, char **argv) { void *addr; int ret; - size_t hugepage_size; size_t length = LENGTH; int flags = FLAGS; int shift = 0;
- hugepage_size = default_huge_page_size(); - /* munmap with fail if the length is not page aligned */ - if (hugepage_size > length) - length = hugepage_size; - if (argc > 1) length = atol(argv[1]) << 20; if (argc > 2) {
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Berger opendmb@gmail.com
commit d85cf67a339685beae1d0aee27b7f61da95455be upstream.
The EXT_RGMII_OOB_CTRL register can be written from different contexts. It is predominantly written from the adjust_link handler which is synchronized by the phydev->lock, but can also be written from a different context when configuring the mii in bcmgenet_mii_config().
The chances of contention are quite low, but it is conceivable that adjust_link could occur during resume when WoL is enabled so use the phydev->lock synchronizer in bcmgenet_mii_config() to be sure.
Fixes: afe3f907d20f ("net: bcmgenet: power on MII block for all MII modes") Cc: stable@vger.kernel.org Signed-off-by: Doug Berger opendmb@gmail.com Acked-by: Florian Fainelli florian.fainelli@broadcom.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -264,6 +264,7 @@ int bcmgenet_mii_config(struct net_devic * block for the interface to work */ if (priv->ext_phy) { + mutex_lock(&phydev->lock); reg = bcmgenet_ext_readl(priv, EXT_RGMII_OOB_CTRL); reg &= ~ID_MODE_DIS; reg |= id_mode_dis; @@ -272,6 +273,7 @@ int bcmgenet_mii_config(struct net_devic else reg |= RGMII_MODE_EN; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL); + mutex_unlock(&phydev->lock); }
if (init)
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Berger opendmb@gmail.com
commit 0d5e2a82232605b337972fb2c7d0cbc46898aca1 upstream.
The UMAC_CMD register is written from different execution contexts and has insufficient synchronization protections to prevent possible corruption. Of particular concern are the acceses from the phy_device delayed work context used by the adjust_link call and the BH context that may be used by the ndo_set_rx_mode call.
A spinlock is added to the driver to protect contended register accesses (i.e. reg_lock) and it is used to synchronize accesses to UMAC_CMD.
Fixes: 1c1008c793fa ("net: bcmgenet: add main driver file") Cc: stable@vger.kernel.org Signed-off-by: Doug Berger opendmb@gmail.com Acked-by: Florian Fainelli florian.fainelli@broadcom.com Signed-off-by: David S. Miller davem@davemloft.net Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/net/ethernet/broadcom/genet/bcmgenet.c | 12 +++++++++++- drivers/net/ethernet/broadcom/genet/bcmgenet.h | 2 ++ drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c | 6 ++++++ drivers/net/ethernet/broadcom/genet/bcmmii.c | 2 ++ 4 files changed, 21 insertions(+), 1 deletion(-)
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.c @@ -2424,14 +2424,18 @@ static void umac_enable_set(struct bcmge { u32 reg;
+ spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); - if (reg & CMD_SW_RESET) + if (reg & CMD_SW_RESET) { + spin_unlock_bh(&priv->reg_lock); return; + } if (enable) reg |= mask; else reg &= ~mask; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock);
/* UniMAC stops on a packet boundary, wait for a full-size packet * to be processed @@ -2447,8 +2451,10 @@ static void reset_umac(struct bcmgenet_p udelay(10);
/* issue soft reset and disable MAC while updating its registers */ + spin_lock_bh(&priv->reg_lock); bcmgenet_umac_writel(priv, CMD_SW_RESET, UMAC_CMD); udelay(2); + spin_unlock_bh(&priv->reg_lock); }
static void bcmgenet_intr_disable(struct bcmgenet_priv *priv) @@ -3576,16 +3582,19 @@ static void bcmgenet_set_rx_mode(struct * 3. The number of filters needed exceeds the number filters * supported by the hardware. */ + spin_lock(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if ((dev->flags & (IFF_PROMISC | IFF_ALLMULTI)) || (nfilter > MAX_MDF_FILTER)) { reg |= CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); bcmgenet_umac_writel(priv, 0, UMAC_MDF_CTRL); return; } else { reg &= ~CMD_PROMISC; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock(&priv->reg_lock); }
/* update MDF filter */ @@ -3979,6 +3988,7 @@ static int bcmgenet_probe(struct platfor goto err; }
+ spin_lock_init(&priv->reg_lock); spin_lock_init(&priv->lock);
SET_NETDEV_DEV(dev, &pdev->dev); --- a/drivers/net/ethernet/broadcom/genet/bcmgenet.h +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet.h @@ -572,6 +572,8 @@ struct bcmgenet_rxnfc_rule { /* device context */ struct bcmgenet_priv { void __iomem *base; + /* reg_lock: lock to serialize access to shared registers */ + spinlock_t reg_lock; enum bcmgenet_version version; struct net_device *dev;
--- a/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c +++ b/drivers/net/ethernet/broadcom/genet/bcmgenet_wol.c @@ -133,6 +133,7 @@ int bcmgenet_wol_power_down_cfg(struct b }
/* Can't suspend with WoL if MAC is still in reset */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); if (reg & CMD_SW_RESET) reg &= ~CMD_SW_RESET; @@ -140,6 +141,7 @@ int bcmgenet_wol_power_down_cfg(struct b /* disable RX */ reg &= ~CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); mdelay(10);
if (priv->wolopts & (WAKE_MAGIC | WAKE_MAGICSECURE)) { @@ -185,6 +187,7 @@ int bcmgenet_wol_power_down_cfg(struct b }
/* Enable CRC forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); priv->crc_fwd_en = 1; reg |= CMD_CRC_FWD; @@ -192,6 +195,7 @@ int bcmgenet_wol_power_down_cfg(struct b /* Receiver must be enabled for WOL MP detection */ reg |= CMD_RX_EN; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock);
reg = UMAC_IRQ_MPD_R; if (hfb_enable) @@ -238,7 +242,9 @@ void bcmgenet_wol_power_up_cfg(struct bc }
/* Disable CRC Forward */ + spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~CMD_CRC_FWD; bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock); } --- a/drivers/net/ethernet/broadcom/genet/bcmmii.c +++ b/drivers/net/ethernet/broadcom/genet/bcmmii.c @@ -91,6 +91,7 @@ void bcmgenet_mii_setup(struct net_devic reg |= RGMII_LINK; bcmgenet_ext_writel(priv, reg, EXT_RGMII_OOB_CTRL);
+ spin_lock_bh(&priv->reg_lock); reg = bcmgenet_umac_readl(priv, UMAC_CMD); reg &= ~((CMD_SPEED_MASK << CMD_SPEED_SHIFT) | CMD_HD_EN | @@ -103,6 +104,7 @@ void bcmgenet_mii_setup(struct net_devic reg |= CMD_TX_EN | CMD_RX_EN; } bcmgenet_umac_writel(priv, reg, UMAC_CMD); + spin_unlock_bh(&priv->reg_lock);
priv->eee.eee_active = phy_init_eee(phydev, 0) >= 0; bcmgenet_eee_enable_set(dev,
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski kuba@kernel.org
commit 37943f047bfb88ba4dfc7a522563f57c86d088a0 upstream.
Since we are protected from async completions by decrypt_compl_lock we can drop the async_notify and reinit the completion before we start waiting.
Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: David S. Miller davem@davemloft.net Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close") Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- include/net/tls.h | 1 - net/tls/tls_sw.c | 14 ++------------ 2 files changed, 2 insertions(+), 13 deletions(-)
--- a/include/net/tls.h +++ b/include/net/tls.h @@ -150,7 +150,6 @@ struct tls_sw_context_rx { atomic_t decrypt_pending; /* protect crypto_wait with decrypt_pending*/ spinlock_t decrypt_compl_lock; - bool async_notify; };
struct tls_record_info { --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -174,7 +174,6 @@ static void tls_decrypt_done(struct cryp struct scatterlist *sg; struct sk_buff *skb; unsigned int pages; - int pending;
skb = (struct sk_buff *)req->data; tls_ctx = tls_get_ctx(skb->sk); @@ -222,9 +221,7 @@ static void tls_decrypt_done(struct cryp kfree(aead_req);
spin_lock_bh(&ctx->decrypt_compl_lock); - pending = atomic_dec_return(&ctx->decrypt_pending); - - if (!pending && ctx->async_notify) + if (!atomic_dec_return(&ctx->decrypt_pending)) complete(&ctx->async_wait.completion); spin_unlock_bh(&ctx->decrypt_compl_lock); } @@ -1917,7 +1914,7 @@ recv_end:
/* Wait for all previously submitted records to be decrypted */ spin_lock_bh(&ctx->decrypt_compl_lock); - ctx->async_notify = true; + reinit_completion(&ctx->async_wait.completion); pending = atomic_read(&ctx->decrypt_pending); spin_unlock_bh(&ctx->decrypt_compl_lock); if (pending) { @@ -1929,15 +1926,8 @@ recv_end: decrypted = 0; goto end; } - } else { - reinit_completion(&ctx->async_wait.completion); }
- /* There can be no concurrent accesses, since we have no - * pending decrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); - /* Drain records from the rx_list & copy if required */ if (is_peek || is_kvec) err = process_rx_list(ctx, msg, &control, copied,
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca sd@queasysnail.net
commit 615580cbc99af0da2d1c7226fab43a3d5003eb97 upstream.
Simplify tls_set_sw_offload a bit.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: David S. Miller davem@davemloft.net Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close") [v5.15: fixed contextual conflicts from unavailable init_waitqueue_head and skb_queue_head_init calls in tls_set_sw_offload and init_ctx_rx] Cc: stable@vger.kernel.org # 5.15 Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/tls/tls_sw.c | 82 ++++++++++++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 33 deletions(-)
--- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -2291,6 +2291,46 @@ void tls_sw_strparser_arm(struct sock *s strp_check_rcv(&rx_ctx->strp); }
+static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct sock *sk) +{ + struct tls_sw_context_tx *sw_ctx_tx; + + if (!ctx->priv_ctx_tx) { + sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL); + if (!sw_ctx_tx) + return NULL; + } else { + sw_ctx_tx = ctx->priv_ctx_tx; + } + + crypto_init_wait(&sw_ctx_tx->async_wait); + spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + INIT_LIST_HEAD(&sw_ctx_tx->tx_list); + INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); + sw_ctx_tx->tx_work.sk = sk; + + return sw_ctx_tx; +} + +static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx) +{ + struct tls_sw_context_rx *sw_ctx_rx; + + if (!ctx->priv_ctx_rx) { + sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL); + if (!sw_ctx_rx) + return NULL; + } else { + sw_ctx_rx = ctx->priv_ctx_rx; + } + + crypto_init_wait(&sw_ctx_rx->async_wait); + spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); + skb_queue_head_init(&sw_ctx_rx->rx_list); + + return sw_ctx_rx; +} + int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx) { struct tls_context *tls_ctx = tls_get_ctx(sk); @@ -2317,46 +2357,22 @@ int tls_set_sw_offload(struct sock *sk, }
if (tx) { - if (!ctx->priv_ctx_tx) { - sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL); - if (!sw_ctx_tx) { - rc = -ENOMEM; - goto out; - } - ctx->priv_ctx_tx = sw_ctx_tx; - } else { - sw_ctx_tx = - (struct tls_sw_context_tx *)ctx->priv_ctx_tx; - } - } else { - if (!ctx->priv_ctx_rx) { - sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL); - if (!sw_ctx_rx) { - rc = -ENOMEM; - goto out; - } - ctx->priv_ctx_rx = sw_ctx_rx; - } else { - sw_ctx_rx = - (struct tls_sw_context_rx *)ctx->priv_ctx_rx; - } - } + ctx->priv_ctx_tx = init_ctx_tx(ctx, sk); + if (!ctx->priv_ctx_tx) + return -ENOMEM;
- if (tx) { - crypto_init_wait(&sw_ctx_tx->async_wait); - spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + sw_ctx_tx = ctx->priv_ctx_tx; crypto_info = &ctx->crypto_send.info; cctx = &ctx->tx; aead = &sw_ctx_tx->aead_send; - INIT_LIST_HEAD(&sw_ctx_tx->tx_list); - INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); - sw_ctx_tx->tx_work.sk = sk; } else { - crypto_init_wait(&sw_ctx_rx->async_wait); - spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); + ctx->priv_ctx_rx = init_ctx_rx(ctx); + if (!ctx->priv_ctx_rx) + return -ENOMEM; + + sw_ctx_rx = ctx->priv_ctx_rx; crypto_info = &ctx->crypto_recv.info; cctx = &ctx->rx; - skb_queue_head_init(&sw_ctx_rx->rx_list); aead = &sw_ctx_rx->aead_recv; }
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski kuba@kernel.org
commit c57ca512f3b68ddcd62bda9cc24a8f5584ab01b1 upstream.
Factor out waiting for async encrypt and decrypt to finish. There are already multiple copies and a subsequent fix will need more. No functional changes.
Note that crypto_wait_req() returns wait->err
Signed-off-by: Jakub Kicinski kuba@kernel.org Reviewed-by: Simon Horman horms@kernel.org Reviewed-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: David S. Miller davem@davemloft.net Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close") [v5.15: removed changes in tls_sw_splice_eof and adjusted waiting factor out for async descrypt in tls_sw_recvmsg] Cc: stable@vger.kernel.org # 5.15 Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/tls/tls_sw.c | 90 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 41 deletions(-)
--- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -226,6 +226,20 @@ static void tls_decrypt_done(struct cryp spin_unlock_bh(&ctx->decrypt_compl_lock); }
+static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) +{ + int pending; + + spin_lock_bh(&ctx->decrypt_compl_lock); + reinit_completion(&ctx->async_wait.completion); + pending = atomic_read(&ctx->decrypt_pending); + spin_unlock_bh(&ctx->decrypt_compl_lock); + if (pending) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + + return ctx->async_wait.err; +} + static int tls_do_decryption(struct sock *sk, struct sk_buff *skb, struct scatterlist *sgin, @@ -496,6 +510,28 @@ static void tls_encrypt_done(struct cryp schedule_delayed_work(&ctx->tx_work.work, 1); }
+static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) +{ + int pending; + + spin_lock_bh(&ctx->encrypt_compl_lock); + ctx->async_notify = true; + + pending = atomic_read(&ctx->encrypt_pending); + spin_unlock_bh(&ctx->encrypt_compl_lock); + if (pending) + crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + else + reinit_completion(&ctx->async_wait.completion); + + /* There can be no concurrent accesses, since we have no + * pending encrypt operations + */ + WRITE_ONCE(ctx->async_notify, false); + + return ctx->async_wait.err; +} + static int tls_do_encryption(struct sock *sk, struct tls_context *tls_ctx, struct tls_sw_context_tx *ctx, @@ -946,7 +982,6 @@ int tls_sw_sendmsg(struct sock *sk, stru int num_zc = 0; int orig_size; int ret = 0; - int pending;
if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL | MSG_CMSG_COMPAT)) @@ -1115,24 +1150,12 @@ trim_sgl: if (!num_async) { goto send_end; } else if (num_zc) { - /* Wait for pending encryptions to get completed */ - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - if (pending) - crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - else - reinit_completion(&ctx->async_wait.completion); + int err;
- /* There can be no concurrent accesses, since we have no - * pending encrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); - - if (ctx->async_wait.err) { - ret = ctx->async_wait.err; + /* Wait for pending encryptions to get completed */ + err = tls_encrypt_async_wait(ctx); + if (err) { + ret = err; copied = 0; } } @@ -1910,22 +1933,14 @@ pick_next_record:
recv_end: if (async) { - int pending; - /* Wait for all previously submitted records to be decrypted */ - spin_lock_bh(&ctx->decrypt_compl_lock); - reinit_completion(&ctx->async_wait.completion); - pending = atomic_read(&ctx->decrypt_pending); - spin_unlock_bh(&ctx->decrypt_compl_lock); - if (pending) { - err = crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - if (err) { - /* one of async decrypt failed */ - tls_err_abort(sk, err); - copied = 0; - decrypted = 0; - goto end; - } + err = tls_decrypt_async_wait(ctx); + if (err) { + /* one of async decrypt failed */ + tls_err_abort(sk, err); + copied = 0; + decrypted = 0; + goto end; }
/* Drain records from the rx_list & copy if required */ @@ -2144,16 +2159,9 @@ void tls_sw_release_resources_tx(struct struct tls_context *tls_ctx = tls_get_ctx(sk); struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx); struct tls_rec *rec, *tmp; - int pending;
/* Wait for any pending async encryptions to complete */ - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - - if (pending) - crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + tls_encrypt_async_wait(ctx);
tls_tx_records(sk, -1);
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski kuba@kernel.org
commit aec7961916f3f9e88766e2688992da6980f11b8d upstream.
The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization.
Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires.
Reported-by: valis sec@valis.email Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic") Signed-off-by: Jakub Kicinski kuba@kernel.org Reviewed-by: Simon Horman horms@kernel.org Reviewed-by: Eric Dumazet edumazet@google.com Reviewed-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: David S. Miller davem@davemloft.net [v5.15: fixed contextual conflicts in struct tls_sw_context_rx and func init_ctx_rx; replaced DEBUG_NET_WARN_ON_ONCE with BUILD_BUG_ON_INVALID since they're equivalent when DEBUG_NET is not defined] Cc: stable@vger.kernel.org # 5.15 Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- include/net/tls.h | 5 ----- net/tls/tls_sw.c | 43 ++++++++++--------------------------------- 2 files changed, 10 insertions(+), 38 deletions(-)
--- a/include/net/tls.h +++ b/include/net/tls.h @@ -128,9 +128,6 @@ struct tls_sw_context_tx { struct tls_rec *open_rec; struct list_head tx_list; atomic_t encrypt_pending; - /* protect crypto_wait with encrypt_pending */ - spinlock_t encrypt_compl_lock; - int async_notify; u8 async_capable:1;
#define BIT_TX_SCHEDULED 0 @@ -148,8 +145,6 @@ struct tls_sw_context_rx { struct sk_buff *recv_pkt; u8 async_capable:1; atomic_t decrypt_pending; - /* protect crypto_wait with decrypt_pending*/ - spinlock_t decrypt_compl_lock; };
struct tls_record_info { --- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -220,22 +220,15 @@ static void tls_decrypt_done(struct cryp
kfree(aead_req);
- spin_lock_bh(&ctx->decrypt_compl_lock); - if (!atomic_dec_return(&ctx->decrypt_pending)) + if (atomic_dec_and_test(&ctx->decrypt_pending)) complete(&ctx->async_wait.completion); - spin_unlock_bh(&ctx->decrypt_compl_lock); }
static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx) { - int pending; - - spin_lock_bh(&ctx->decrypt_compl_lock); - reinit_completion(&ctx->async_wait.completion); - pending = atomic_read(&ctx->decrypt_pending); - spin_unlock_bh(&ctx->decrypt_compl_lock); - if (pending) + if (!atomic_dec_and_test(&ctx->decrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); + atomic_inc(&ctx->decrypt_pending);
return ctx->async_wait.err; } @@ -271,6 +264,7 @@ static int tls_do_decryption(struct sock aead_request_set_callback(aead_req, CRYPTO_TFM_REQ_MAY_BACKLOG, tls_decrypt_done, skb); + BUILD_BUG_ON_INVALID(atomic_read(&ctx->decrypt_pending) < 1); atomic_inc(&ctx->decrypt_pending); } else { aead_request_set_callback(aead_req, @@ -460,7 +454,6 @@ static void tls_encrypt_done(struct cryp struct sk_msg *msg_en; struct tls_rec *rec; bool ready = false; - int pending;
rec = container_of(aead_req, struct tls_rec, aead_req); msg_en = &rec->msg_encrypted; @@ -495,12 +488,8 @@ static void tls_encrypt_done(struct cryp ready = true; }
- spin_lock_bh(&ctx->encrypt_compl_lock); - pending = atomic_dec_return(&ctx->encrypt_pending); - - if (!pending && ctx->async_notify) + if (atomic_dec_and_test(&ctx->encrypt_pending)) complete(&ctx->async_wait.completion); - spin_unlock_bh(&ctx->encrypt_compl_lock);
if (!ready) return; @@ -512,22 +501,9 @@ static void tls_encrypt_done(struct cryp
static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx) { - int pending; - - spin_lock_bh(&ctx->encrypt_compl_lock); - ctx->async_notify = true; - - pending = atomic_read(&ctx->encrypt_pending); - spin_unlock_bh(&ctx->encrypt_compl_lock); - if (pending) + if (!atomic_dec_and_test(&ctx->encrypt_pending)) crypto_wait_req(-EINPROGRESS, &ctx->async_wait); - else - reinit_completion(&ctx->async_wait.completion); - - /* There can be no concurrent accesses, since we have no - * pending encrypt operations - */ - WRITE_ONCE(ctx->async_notify, false); + atomic_inc(&ctx->encrypt_pending);
return ctx->async_wait.err; } @@ -571,6 +547,7 @@ static int tls_do_encryption(struct sock
/* Add the record in tx_list */ list_add_tail((struct list_head *)&rec->list, &ctx->tx_list); + BUILD_BUG_ON_INVALID(atomic_read(&ctx->encrypt_pending) < 1); atomic_inc(&ctx->encrypt_pending);
rc = crypto_aead_encrypt(aead_req); @@ -2312,7 +2289,7 @@ static struct tls_sw_context_tx *init_ct }
crypto_init_wait(&sw_ctx_tx->async_wait); - spin_lock_init(&sw_ctx_tx->encrypt_compl_lock); + atomic_set(&sw_ctx_tx->encrypt_pending, 1); INIT_LIST_HEAD(&sw_ctx_tx->tx_list); INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler); sw_ctx_tx->tx_work.sk = sk; @@ -2333,7 +2310,7 @@ static struct tls_sw_context_rx *init_ct }
crypto_init_wait(&sw_ctx_rx->async_wait); - spin_lock_init(&sw_ctx_rx->decrypt_compl_lock); + atomic_set(&sw_ctx_rx->decrypt_pending, 1); skb_queue_head_init(&sw_ctx_rx->rx_list);
return sw_ctx_rx;
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski kuba@kernel.org
commit 8590541473188741055d27b955db0777569438e3 upstream.
Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0.
Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical.
Fixes: a54667f6728c ("tls: Add support for encryption using async offload accelerator") Fixes: 94524d8fc965 ("net/tls: Add support for async decryption of tls records") Co-developed-by: Sabrina Dubroca sd@queasysnail.net Signed-off-by: Sabrina Dubroca sd@queasysnail.net Link: https://lore.kernel.org/netdev/9681d1febfec295449a62300938ed2ae66983f28.1694... Signed-off-by: Jakub Kicinski kuba@kernel.org Reviewed-by: Simon Horman horms@kernel.org Signed-off-by: David S. Miller davem@davemloft.net [v5.15: fixed contextual merge-conflicts in tls_decrypt_done and tls_encrypt_done] Cc: stable@vger.kernel.org # 5.15 Signed-off-by: Shaoying Xu shaoyi@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/tls/tls_sw.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
--- a/net/tls/tls_sw.c +++ b/net/tls/tls_sw.c @@ -175,6 +175,17 @@ static void tls_decrypt_done(struct cryp struct sk_buff *skb; unsigned int pages;
+ /* If requests get too backlogged crypto API returns -EBUSY and calls + * ->complete(-EINPROGRESS) immediately followed by ->complete(0) + * to make waiting for backlog to flush with crypto_wait_req() easier. + * First wait converts -EBUSY -> -EINPROGRESS, and the second one + * -EINPROGRESS -> 0. + * We have a single struct crypto_async_request per direction, this + * scheme doesn't help us, so just ignore the first ->complete(). + */ + if (err == -EINPROGRESS) + return; + skb = (struct sk_buff *)req->data; tls_ctx = tls_get_ctx(skb->sk); ctx = tls_sw_ctx_rx(tls_ctx); @@ -273,6 +284,10 @@ static int tls_do_decryption(struct sock }
ret = crypto_aead_decrypt(aead_req); + if (ret == -EBUSY) { + ret = tls_decrypt_async_wait(ctx); + ret = ret ?: -EINPROGRESS; + } if (ret == -EINPROGRESS) { if (darg->async) return 0; @@ -455,6 +470,9 @@ static void tls_encrypt_done(struct cryp struct tls_rec *rec; bool ready = false;
+ if (err == -EINPROGRESS) /* see the comment in tls_decrypt_done() */ + return; + rec = container_of(aead_req, struct tls_rec, aead_req); msg_en = &rec->msg_encrypted;
@@ -551,6 +569,10 @@ static int tls_do_encryption(struct sock atomic_inc(&ctx->encrypt_pending);
rc = crypto_aead_encrypt(aead_req); + if (rc == -EBUSY) { + rc = tls_encrypt_async_wait(ctx); + rc = rc ?: -EINPROGRESS; + } if (!rc || rc != -EINPROGRESS) { atomic_dec(&ctx->encrypt_pending); sge->offset -= prot->prepend_size;
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet edumazet@google.com
commit a1865f2e7d10dde00d35a2122b38d2e469ae67ed upstream.
syzbot reported a data-race in data-race in netlink_recvmsg() [1]
Indeed, netlink_recvmsg() can be run concurrently, and netlink_dump() also needs protection.
[1] BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
read to 0xffff888141840b38 of 8 bytes by task 23057 on cpu 0: netlink_recvmsg+0xea/0x730 net/netlink/af_netlink.c:1988 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] __sys_recvfrom+0x1ee/0x2e0 net/socket.c:2194 __do_sys_recvfrom net/socket.c:2212 [inline] __se_sys_recvfrom net/socket.c:2208 [inline] __x64_sys_recvfrom+0x78/0x90 net/socket.c:2208 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
write to 0xffff888141840b38 of 8 bytes by task 23037 on cpu 1: netlink_recvmsg+0x114/0x730 net/netlink/af_netlink.c:1989 sock_recvmsg_nosec net/socket.c:1017 [inline] sock_recvmsg net/socket.c:1038 [inline] ____sys_recvmsg+0x156/0x310 net/socket.c:2720 ___sys_recvmsg net/socket.c:2762 [inline] do_recvmmsg+0x2e5/0x710 net/socket.c:2856 __sys_recvmmsg net/socket.c:2935 [inline] __do_sys_recvmmsg net/socket.c:2958 [inline] __se_sys_recvmmsg net/socket.c:2951 [inline] __x64_sys_recvmmsg+0xe2/0x160 net/socket.c:2951 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x0000000000000000 -> 0x0000000000001000
Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 23037 Comm: syz-executor.2 Not tainted 6.3.0-rc4-syzkaller-00195-g5a57b48fdfcb #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
Fixes: 9063e21fb026 ("netlink: autosize skb lengthes") Reported-by: syzbot syzkaller@googlegroups.com Signed-off-by: Eric Dumazet edumazet@google.com Reviewed-by: Simon Horman simon.horman@corigine.com Link: https://lore.kernel.org/r/20230403214643.768555-1-edumazet@google.com Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: yenchia.chen yenchia.chen@mediatek.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/netlink/af_netlink.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-)
--- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1935,7 +1935,7 @@ static int netlink_recvmsg(struct socket struct sock *sk = sock->sk; struct netlink_sock *nlk = nlk_sk(sk); int noblock = flags & MSG_DONTWAIT; - size_t copied; + size_t copied, max_recvmsg_len; struct sk_buff *skb, *data_skb; int err, ret;
@@ -1968,9 +1968,10 @@ static int netlink_recvmsg(struct socket #endif
/* Record the max length of recvmsg() calls for future allocations */ - nlk->max_recvmsg_len = max(nlk->max_recvmsg_len, len); - nlk->max_recvmsg_len = min_t(size_t, nlk->max_recvmsg_len, - SKB_WITH_OVERHEAD(32768)); + max_recvmsg_len = max(READ_ONCE(nlk->max_recvmsg_len), len); + max_recvmsg_len = min_t(size_t, max_recvmsg_len, + SKB_WITH_OVERHEAD(32768)); + WRITE_ONCE(nlk->max_recvmsg_len, max_recvmsg_len);
copied = data_skb->len; if (len < copied) { @@ -2219,6 +2220,7 @@ static int netlink_dump(struct sock *sk) struct netlink_ext_ack extack = {}; struct netlink_callback *cb; struct sk_buff *skb = NULL; + size_t max_recvmsg_len; struct module *module; int err = -ENOBUFS; int alloc_min_size; @@ -2241,8 +2243,9 @@ static int netlink_dump(struct sock *sk) cb = &nlk->cb; alloc_min_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE);
- if (alloc_min_size < nlk->max_recvmsg_len) { - alloc_size = nlk->max_recvmsg_len; + max_recvmsg_len = READ_ONCE(nlk->max_recvmsg_len); + if (alloc_min_size < max_recvmsg_len) { + alloc_size = max_recvmsg_len; skb = alloc_skb(alloc_size, (GFP_KERNEL & ~__GFP_DIRECT_RECLAIM) | __GFP_NOWARN | __GFP_NORETRY);
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet edumazet@google.com
commit d0f95894fda7d4f895b29c1097f92d7fee278cb2 upstream.
syzbot caught another data-race in netlink when setting sk->sk_err.
Annotate all of them for good measure.
BUG: KCSAN: data-race in netlink_recvmsg / netlink_recvmsg
write to 0xffff8881613bb220 of 4 bytes by task 28147 on cpu 0: netlink_recvmsg+0x448/0x780 net/netlink/af_netlink.c:1994 sock_recvmsg_nosec net/socket.c:1027 [inline] sock_recvmsg net/socket.c:1049 [inline] __sys_recvfrom+0x1f4/0x2e0 net/socket.c:2229 __do_sys_recvfrom net/socket.c:2247 [inline] __se_sys_recvfrom net/socket.c:2243 [inline] __x64_sys_recvfrom+0x78/0x90 net/socket.c:2243 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
write to 0xffff8881613bb220 of 4 bytes by task 28146 on cpu 1: netlink_recvmsg+0x448/0x780 net/netlink/af_netlink.c:1994 sock_recvmsg_nosec net/socket.c:1027 [inline] sock_recvmsg net/socket.c:1049 [inline] __sys_recvfrom+0x1f4/0x2e0 net/socket.c:2229 __do_sys_recvfrom net/socket.c:2247 [inline] __se_sys_recvfrom net/socket.c:2243 [inline] __x64_sys_recvfrom+0x78/0x90 net/socket.c:2243 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd
value changed: 0x00000000 -> 0x00000016
Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 28146 Comm: syz-executor.0 Not tainted 6.6.0-rc3-syzkaller-00055-g9ed22ae6be81 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/06/2023
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Eric Dumazet edumazet@google.com Reported-by: syzbot syzkaller@googlegroups.com Reviewed-by: Simon Horman horms@kernel.org Link: https://lore.kernel.org/r/20231003183455.3410550-1-edumazet@google.com Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: yenchia.chen yenchia.chen@mediatek.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- net/netlink/af_netlink.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
--- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -352,7 +352,7 @@ static void netlink_overrun(struct sock if (!(nlk->flags & NETLINK_F_RECV_NO_ENOBUFS)) { if (!test_and_set_bit(NETLINK_S_CONGESTED, &nlk_sk(sk)->state)) { - sk->sk_err = ENOBUFS; + WRITE_ONCE(sk->sk_err, ENOBUFS); sk_error_report(sk); } } @@ -1591,7 +1591,7 @@ static int do_one_set_err(struct sock *s goto out; }
- sk->sk_err = p->code; + WRITE_ONCE(sk->sk_err, p->code); sk_error_report(sk); out: return ret; @@ -2006,7 +2006,7 @@ static int netlink_recvmsg(struct socket atomic_read(&sk->sk_rmem_alloc) <= sk->sk_rcvbuf / 2) { ret = netlink_dump(sk); if (ret) { - sk->sk_err = -ret; + WRITE_ONCE(sk->sk_err, -ret); sk_error_report(sk); } } @@ -2442,7 +2442,7 @@ void netlink_ack(struct sk_buff *in_skb,
skb = nlmsg_new(payload + tlvlen, GFP_KERNEL); if (!skb) { - NETLINK_CB(in_skb).sk->sk_err = ENOBUFS; + WRITE_ONCE(NETLINK_CB(in_skb).sk->sk_err, ENOBUFS); sk_error_report(NETLINK_CB(in_skb).sk); return; }
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson seanjc@google.com
commit 6c41468c7c12d74843bb414fc00307ea8a6318c3 upstream.
When injecting an exception into a vCPU in Real Mode, suppress the error code by clearing the flag that tracks whether the error code is valid, not by clearing the error code itself. The "typo" was introduced by recent fix for SVM's funky Paged Real Mode.
Opportunistically hoist the logic above the tracepoint so that the trace is coherent with respect to what is actually injected (this was also the behavior prior to the buggy commit).
Fixes: b97f07458373 ("KVM: x86: determine if an exception has an error code only when injecting it.") Cc: stable@vger.kernel.org Cc: Maxim Levitsky mlevitsk@redhat.com Signed-off-by: Sean Christopherson seanjc@google.com Message-Id: 20230322143300.2209476-2-seanjc@google.com Signed-off-by: Paolo Bonzini pbonzini@redhat.com [nsaenz: backport to 5.15.y] Signed-off-by: Nicolas Saenz Julienne nsaenz@amazon.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Acked-by: Sean Christopherson seanjc@google.com --- arch/x86/kvm/x86.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -9134,13 +9134,20 @@ int kvm_check_nested_events(struct kvm_v
static void kvm_inject_exception(struct kvm_vcpu *vcpu) { + /* + * Suppress the error code if the vCPU is in Real Mode, as Real Mode + * exceptions don't report error codes. The presence of an error code + * is carried with the exception and only stripped when the exception + * is injected as intercepted #PF VM-Exits for AMD's Paged Real Mode do + * report an error code despite the CPU being in Real Mode. + */ + vcpu->arch.exception.has_error_code &= is_protmode(vcpu); + trace_kvm_inj_exception(vcpu->arch.exception.nr, vcpu->arch.exception.has_error_code, vcpu->arch.exception.error_code, vcpu->arch.exception.injected);
- if (vcpu->arch.exception.error_code && !is_protmode(vcpu)) - vcpu->arch.exception.error_code = false; static_call(kvm_x86_queue_exception)(vcpu); }
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivasan Shanmugam srinivasan.shanmugam@amd.com
commit b8d55a90fd55b767c25687747e2b24abd1ef8680 upstream.
Return invalid error code -EINVAL for invalid block id.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)
Suggested-by: Hawking Zhang Hawking.Zhang@amd.com Cc: Tao Zhou tao.zhou1@amd.com Cc: Hawking Zhang Hawking.Zhang@amd.com Cc: Christian König christian.koenig@amd.com Cc: Alex Deucher alexander.deucher@amd.com Signed-off-by: Srinivasan Shanmugam srinivasan.shanmugam@amd.com Reviewed-by: Hawking Zhang Hawking.Zhang@amd.com Signed-off-by: Alex Deucher alexander.deucher@amd.com [Ajay: applied AMDGPU_RAS_BLOCK_COUNT condition to amdgpu_ras_query_error_status() as amdgpu_ras_query_error_status_helper() not present in v5.15 amdgpu_ras_query_error_status_helper() was introduced in 8cc0f5669eb6] Signed-off-by: Ajay Kaher ajay.kaher@broadcom.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c | 3 +++ 1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c @@ -820,6 +820,9 @@ int amdgpu_ras_query_error_status(struct if (!obj) return -EINVAL;
+ if (!info || info->head.block == AMDGPU_RAS_BLOCK_COUNT) + return -EINVAL; + switch (info->head.block) { case AMDGPU_RAS_BLOCK__UMC: if (adev->umc.ras_funcs &&
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Llamas cmllamas@google.com
commit 42316941335644a98335f209daafa4c122f28983 upstream.
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from size_t to __u32 in order to avoid incompatibility issues between 32 and 64-bit kernels. However, the internal types used to copy from user and store the value were never updated. Use u32 to fix the inconsistency.
Fixes: a9350fc859ae ("staging: android: binder: fix BINDER_SET_MAX_THREADS declaration") Reported-by: Arve Hjønnevåg arve@android.com Cc: stable@vger.kernel.org Signed-off-by: Carlos Llamas cmllamas@google.com Reviewed-by: Alice Ryhl aliceryhl@google.com Link: https://lore.kernel.org/r/20240421173750.3117808-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/android/binder.c | 2 +- drivers/android/binder_internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/android/binder.c +++ b/drivers/android/binder.c @@ -5165,7 +5165,7 @@ static long binder_ioctl(struct file *fi goto err; break; case BINDER_SET_MAX_THREADS: { - int max_threads; + u32 max_threads;
if (copy_from_user(&max_threads, ubuf, sizeof(max_threads))) { --- a/drivers/android/binder_internal.h +++ b/drivers/android/binder_internal.h @@ -420,7 +420,7 @@ struct binder_proc { struct list_head todo; struct binder_stats stats; struct list_head delivered_death; - int max_threads; + u32 max_threads; int requested_threads; int requested_threads_started; int tmp_ref;
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heikki Krogerus heikki.krogerus@linux.intel.com
commit b791a67f68121d69108640d4a3e591d210ffe850 upstream.
The function ucsi_displayport_work() does not access the connector, so it also must not acquire the connector lock.
This fixes a potential deadlock scenario:
ucsi_displayport_work() -> lock(&con->lock) typec_altmode_vdm() dp_altmode_vdm() dp_altmode_work() typec_altmode_enter() ucsi_displayport_enter() -> lock(&con->lock)
Reported-by: Mathias Nyman mathias.nyman@linux.intel.com Fixes: af8622f6a585 ("usb: typec: ucsi: Support for DisplayPort alt mode") Cc: stable@vger.kernel.org Signed-off-by: Heikki Krogerus heikki.krogerus@linux.intel.com Link: https://lore.kernel.org/r/20240507134316.161999-1-heikki.krogerus@linux.inte... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/usb/typec/ucsi/displayport.c | 4 ---- 1 file changed, 4 deletions(-)
--- a/drivers/usb/typec/ucsi/displayport.c +++ b/drivers/usb/typec/ucsi/displayport.c @@ -275,8 +275,6 @@ static void ucsi_displayport_work(struct struct ucsi_dp *dp = container_of(work, struct ucsi_dp, work); int ret;
- mutex_lock(&dp->con->lock); - ret = typec_altmode_vdm(dp->alt, dp->header, dp->vdo_data, dp->vdo_size); if (ret) @@ -285,8 +283,6 @@ static void ucsi_displayport_work(struct dp->vdo_data = NULL; dp->vdo_size = 0; dp->header = 0; - - mutex_unlock(&dp->con->lock); }
void ucsi_displayport_remove_partner(struct typec_altmode *alt)
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Thompson daniel.thompson@linaro.org
commit b2aba15ad6f908d1a620fd97f6af5620c3639742 upstream.
Currently, when kdb is compiled with keyboard support, then we will use schedule_work() to provoke reset of the keyboard status. Unfortunately schedule_work() gets called from the kgdboc post-debug-exception handler. That risks deadlock since schedule_work() is not NMI-safe and, even on platforms where the NMI is not directly used for debugging, the debug trap can have NMI-like behaviour depending on where breakpoints are placed.
Fix this by using the irq work system, which is NMI-safe, to defer the call to schedule_work() to a point when it is safe to call.
Reported-by: Liuye liu.yeC@h3c.com Closes: https://lore.kernel.org/all/20240228025602.3087748-1-liu.yeC@h3c.com/ Cc: stable@vger.kernel.org Reviewed-by: Douglas Anderson dianders@chromium.org Acked-by: Greg Kroah-Hartman gregkh@linuxfoundation.org Link: https://lore.kernel.org/r/20240424-kgdboc_fix_schedule_work-v2-1-50f5a490aec... Signed-off-by: Daniel Thompson daniel.thompson@linaro.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/tty/serial/kgdboc.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c @@ -19,6 +19,7 @@ #include <linux/console.h> #include <linux/vt_kern.h> #include <linux/input.h> +#include <linux/irq_work.h> #include <linux/module.h> #include <linux/platform_device.h> #include <linux/serial_core.h> @@ -48,6 +49,25 @@ static struct kgdb_io kgdboc_earlycon_i static int (*earlycon_orig_exit)(struct console *con); #endif /* IS_BUILTIN(CONFIG_KGDB_SERIAL_CONSOLE) */
+/* + * When we leave the debug trap handler we need to reset the keyboard status + * (since the original keyboard state gets partially clobbered by kdb use of + * the keyboard). + * + * The path to deliver the reset is somewhat circuitous. + * + * To deliver the reset we register an input handler, reset the keyboard and + * then deregister the input handler. However, to get this done right, we do + * have to carefully manage the calling context because we can only register + * input handlers from task context. + * + * In particular we need to trigger the action from the debug trap handler with + * all its NMI and/or NMI-like oddities. To solve this the kgdboc trap exit code + * (the "post_exception" callback) uses irq_work_queue(), which is NMI-safe, to + * schedule a callback from a hardirq context. From there we have to defer the + * work again, this time using schedule_work(), to get a callback using the + * system workqueue, which runs in task context. + */ #ifdef CONFIG_KDB_KEYBOARD static int kgdboc_reset_connect(struct input_handler *handler, struct input_dev *dev, @@ -99,10 +119,17 @@ static void kgdboc_restore_input_helper(
static DECLARE_WORK(kgdboc_restore_input_work, kgdboc_restore_input_helper);
+static void kgdboc_queue_restore_input_helper(struct irq_work *unused) +{ + schedule_work(&kgdboc_restore_input_work); +} + +static DEFINE_IRQ_WORK(kgdboc_restore_input_irq_work, kgdboc_queue_restore_input_helper); + static void kgdboc_restore_input(void) { if (likely(system_state == SYSTEM_RUNNING)) - schedule_work(&kgdboc_restore_input_work); + irq_work_queue(&kgdboc_restore_input_irq_work); }
static int kgdboc_register_kbd(char **cptr) @@ -133,6 +160,7 @@ static void kgdboc_unregister_kbd(void) i--; } } + irq_work_sync(&kgdboc_restore_input_irq_work); flush_work(&kgdboc_restore_input_work); } #else /* ! CONFIG_KDB_KEYBOARD */
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: AngeloGioacchino Del Regno angelogioacchino.delregno@collabora.com
commit 331f91d86f71d0bb89a44217cc0b2a22810bbd42 upstream.
The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well.
Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic.
To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core).
Fixes: 3efa0ea743b7 ("remoteproc/mediatek: read IPI buffer offset from FW") Signed-off-by: AngeloGioacchino Del Regno angelogioacchino.delregno@collabora.com Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20240321084614.45253-2-angelogioacchino.delregno@c... Signed-off-by: Mathieu Poirier mathieu.poirier@linaro.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- drivers/remoteproc/mtk_scp.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/remoteproc/mtk_scp.c +++ b/drivers/remoteproc/mtk_scp.c @@ -126,7 +126,7 @@ static int scp_elf_read_ipi_buf_addr(str static int scp_ipi_init(struct mtk_scp *scp, const struct firmware *fw) { int ret; - size_t offset; + size_t buf_sz, offset;
/* read the ipi buf addr from FW itself first */ ret = scp_elf_read_ipi_buf_addr(scp, fw, &offset); @@ -138,6 +138,14 @@ static int scp_ipi_init(struct mtk_scp * } dev_info(scp->dev, "IPI buf addr %#010zx\n", offset);
+ /* Make sure IPI buffer fits in the L2TCM range assigned to this core */ + buf_sz = sizeof(*scp->recv_buf) + sizeof(*scp->send_buf); + + if (scp->sram_size < buf_sz + offset) { + dev_err(scp->dev, "IPI buffer does not fit in SRAM.\n"); + return -EOVERFLOW; + } + scp->recv_buf = (struct mtk_share_obj __iomem *) (scp->sram_base + offset); scp->send_buf = (struct mtk_share_obj __iomem *)
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarkko Sakkinen jarkko@kernel.org
commit 050bf3c793a07f96bd1e2fd62e1447f731ed733b upstream.
When asn1_encode_sequence() fails, WARN is not the correct solution.
1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set.
It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it.
Replace WARN with pr_err, and print the return value instead, which is only useful piece of information.
Cc: stable@vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen jarkko@kernel.org Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- security/keys/trusted-keys/trusted_tpm2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
--- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -84,8 +84,9 @@ static int tpm2_key_encode(struct truste work1 = payload->blob; work1 = asn1_encode_sequence(work1, work1 + sizeof(payload->blob), scratch, work - scratch); - if (WARN(IS_ERR(work1), "BUG: ASN.1 encoder failed")) { + if (IS_ERR(work1)) { ret = PTR_ERR(work1); + pr_err("BUG: ASN.1 encoder failed with %d\n", ret); goto err; }
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Weißschuh linux@weissschuh.net
commit 8af2d1ab78f2342f8c4c3740ca02d86f0ebfac5a upstream.
sched_core_share_pid() copies the cookie to userspace with put_user(id, (u64 __user *)uaddr), expecting 64 bits of space. The "unsigned long" datatype that is documented in core-scheduling.rst however is only 32 bits large on 32 bit architectures.
Document "unsigned long long" as the correct data type that is always 64bits large.
This matches what the selftest cs_prctl_test.c has been doing all along.
Fixes: 0159bb020ca9 ("Documentation: Add usecases, design and interface for core scheduling") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/util-linux/df7a25a0-7923-4f8b-a527-5e6f0064074d@t-8c... Signed-off-by: Thomas Weißschuh linux@weissschuh.net Reviewed-by: Chris Hyser chris.hyser@oracle.com Signed-off-by: Jonathan Corbet corbet@lwn.net Link: https://lore.kernel.org/r/20240423-core-scheduling-cookie-v1-1-5753a35f8dfc@... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- Documentation/admin-guide/hw-vuln/core-scheduling.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
--- a/Documentation/admin-guide/hw-vuln/core-scheduling.rst +++ b/Documentation/admin-guide/hw-vuln/core-scheduling.rst @@ -66,8 +66,8 @@ arg4: will be performed for all tasks in the task group of ``pid``.
arg5: - userspace pointer to an unsigned long for storing the cookie returned by - ``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands. + userspace pointer to an unsigned long long for storing the cookie returned + by ``PR_SCHED_CORE_GET`` command. Should be 0 for all other commands.
In order for a process to push a cookie to, or pull a cookie from a process, it is required to have the ptrace access mode: `PTRACE_MODE_READ_REALCREDS` to the
5.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: Akira Yokosawa akiyks@gmail.com
commit d43ddd5c91802a46354fa4c4381416ef760676e2 upstream.
Running "make htmldocs" on a newly installed Sphinx 7.3.7 ends up in a build error:
Sphinx parallel build error: AttributeError: module 'docutils.nodes' has no attribute 'reprunicode'
docutils 0.21 has removed nodes.reprunicode, quote from release note [1]:
* Removed objects:
docutils.nodes.reprunicode, docutils.nodes.ensure_str() Python 2 compatibility hacks
Sphinx 7.3.0 supports docutils 0.21 [2]:
kernel_include.py, whose origin is misc.py of docutils, uses reprunicode.
Upstream docutils removed the offending line from the corresponding file (docutils/docutils/parsers/rst/directives/misc.py) in January 2022. Quoting the changelog [3]:
Deprecate `nodes.reprunicode` and `nodes.ensure_str()`.
Drop uses of the deprecated constructs (not required with Python 3).
Do the same for kernel_include.py.
Tested against: - Sphinx 2.4.5 (docutils 0.17.1) - Sphinx 3.4.3 (docutils 0.17.1) - Sphinx 5.3.0 (docutils 0.18.1) - Sphinx 6.2.1 (docutils 0.19) - Sphinx 7.2.6 (docutils 0.20.1) - Sphinx 7.3.7 (docutils 0.21.2)
Link: http://www.docutils.org/RELEASE-NOTES.html#release-0-21-2024-04-09 [1] Link: https://www.sphinx-doc.org/en/master/changes.html#release-7-3-0-released-apr... [2] Link: https://github.com/docutils/docutils/commit/c8471ce47a24 [3] Signed-off-by: Akira Yokosawa akiyks@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Jonathan Corbet corbet@lwn.net Link: https://lore.kernel.org/r/faf5fa45-2a9d-4573-9d2e-3930bdc1ed65@gmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org --- Documentation/sphinx/kernel_include.py | 1 - 1 file changed, 1 deletion(-)
--- a/Documentation/sphinx/kernel_include.py +++ b/Documentation/sphinx/kernel_include.py @@ -94,7 +94,6 @@ class KernelInclude(Include): # HINT: this is the only line I had to change / commented out: #path = utils.relative_path(None, path)
- path = nodes.reprunicode(path) encoding = self.options.get( 'encoding', self.state.document.settings.input_encoding) e_handler=self.state.document.settings.input_encoding_error_handler
Hello,
On Thu, 23 May 2024 15:12:56 +0200 Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
This rc kernel passes DAMON functionality test[1] on my test machine. Attaching the test results summary below. Please note that I retrieved the kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park sj@kernel.org
[1] https://github.com/awslabs/damon-tests/tree/next/corr [2] 0aee1934e6e2 ("Linux 5.15.160-rc1")
Thanks, SJ
[...]
---
ok 1 selftests: damon: debugfs_attrs.sh ok 1 selftests: damon-tests: kunit.sh ok 2 selftests: damon-tests: huge_count_read_write.sh ok 3 selftests: damon-tests: buffer_overflow.sh ok 4 selftests: damon-tests: rm_contexts.sh ok 5 selftests: damon-tests: record_null_deref.sh ok 6 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh ok 7 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh ok 8 selftests: damon-tests: damo_tests.sh ok 9 selftests: damon-tests: masim-record.sh ok 10 selftests: damon-tests: build_i386.sh ok 11 selftests: damon-tests: build_arm64.sh ok 12 selftests: damon-tests: build_m68k.sh ok 13 selftests: damon-tests: build_i386_idle_flag.sh ok 14 selftests: damon-tests: build_i386_highpte.sh ok 15 selftests: damon-tests: build_nomemcg.sh [33m [92mPASS [39m
On Thu, May 23, 2024 at 03:12:56PM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Tested-by: Mark Brown broonie@kernel.org
On 5/23/24 06:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on BMIPS_GENERIC:
Tested-by: Florian Fainelli florian.fainelli@broadcom.com
Hi Greg,
On 23/05/24 18:42, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
No problems seen on x86_64 and aarch64 with our testing.
Tested-by: Harshit Mogalapalli harshit.m.mogalapalli@oracle.com
Thanks, Harshit
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
On Thu, 23 May 2024 at 15:19, Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
Results from Linaro’s test farm. No regressions on arm64, arm, x86_64, and i386.
Tested-by: Linux Kernel Functional Testing lkft@linaro.org
## Build Summary * arc: 5 total, 5 passed, 0 failed * arm: 102 total, 102 passed, 0 failed * arm64: 31 total, 31 passed, 0 failed * i386: 25 total, 25 passed, 0 failed * mips: 22 total, 22 passed, 0 failed * parisc: 3 total, 3 passed, 0 failed * powerpc: 24 total, 24 passed, 0 failed * riscv: 8 total, 8 passed, 0 failed * s390: 9 total, 9 passed, 0 failed * sh: 10 total, 10 passed, 0 failed * sparc: 6 total, 6 passed, 0 failed * x86_64: 27 total, 27 passed, 0 failed
## Test suites summary * boot * kselftest-android * kselftest-arm64 * kselftest-breakpoints * kselftest-capabilities * kselftest-cgroup * kselftest-clone3 * kselftest-core * kselftest-cpu-hotplug * kselftest-cpufreq * kselftest-drivers-dma-buf * kselftest-efivarfs * kselftest-exec * kselftest-filesystems * kselftest-filesystems-binderfs * kselftest-filesystems-epoll * kselftest-firmware * kselftest-fpu * kselftest-ftrace * kselftest-futex * kselftest-gpio * kselftest-intel_pstate * kselftest-ipc * kselftest-ir * kselftest-kcmp * kselftest-kexec * kselftest-kvm * kselftest-lib * kselftest-membarrier * kselftest-memfd * kselftest-memory-hotplug * kselftest-mincore * kselftest-mm * kselftest-mount * kselftest-mqueue * kselftest-net * kselftest-net-forwarding * kselftest-net-mptcp * kselftest-netfilter * kselftest-nsfs * kselftest-openat2 * kselftest-pid_namespace * kselftest-pidfd * kselftest-proc * kselftest-pstore * kselftest-ptrace * kselftest-rseq * kselftest-rtc * kselftest-seccomp * kselftest-sigaltstack * kselftest-size * kselftest-splice * kselftest-static_keys * kselftest-sync * kselftest-sysctl * kselftest-tc-testing * kselftest-timens * kselftest-timers * kselftest-tmpfs * kselftest-tpm2 * kselftest-user * kselftest-user_events * kselftest-vDSO * kselftest-watchdog * kselftest-x86 * kselftest-zram * kunit * kvm-unit-tests * libgpiod * log-parser-boot * log-parser-test * ltp-cap_bounds * ltp-commands * ltp-containers * ltp-controllers * ltp-crypto * ltp-cve * ltp-fcntl-locktests * ltp-filecaps * ltp-fs * ltp-fs_bind * ltp-fs_perms_simple * ltp-hugetlb * ltp-io * ltp-ipc * ltp-math * ltp-mm * ltp-nptl * ltp-pty * ltp-sched * ltp-securebits * ltp-smoke * ltp-smoketest * ltp-syscalls * ltp-tracing * perf * rcutorture
-- Linaro LKFT https://lkft.linaro.org
On 5/23/24 07:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan skhan@linuxfoundation.org
thanks, -- Shuah
On 5/23/24 6:12 AM, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos re@w6rz.net
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Test results for stable-v5.15: 10 builds: 10 pass, 0 fail 26 boots: 26 pass, 0 fail 102 tests: 100 pass, 2 fail
Linux version: 5.15.160-rc1-g7c7f29d3b2af Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000, tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000, tegra20-ventana, tegra210-p2371-2180, tegra210-p3450-0000, tegra30-cardhu-a04
Test failures: tegra186-p2771-0000: pm-system-suspend.sh tegra194-p2972-0000: pm-system-suspend.sh
Jon
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
thanks,
greg k-h
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Jon
[0] https://lore.kernel.org/lkml/b363e394-7549-4b9e-b71b-d97cd13f9607@alliedtele...
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
So, it could be something missing, or it could be that patch has a problem.
It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
Jon
[0] https://lore.kernel.org/lkml/b363e394-7549-4b9e-b71b-d97cd13f9607@alliedtele...
-- nvpublic
-- Chuck Lever
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem.
It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
Jon
On 29/05/24 02:18, Jon Hunter wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc...
or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
It's probably not much help but for the oops I originally reported we've been carrying "nfsd: don't allow nfsd threads to be signalled" locally and that resolved it. Now that we've updated to 5.15.160 and dropped the local patch it's still resolved for us. Our systems don't make use of suspend so they won't hit any issue related to that.
So, it could be something missing, or it could be that patch has a problem.
It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
Jon
On May 28, 2024, at 10:18 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below.
thanks,
greg k-h
Pseudo-Shortlog of commits:
...
NeilBrown neilb@suse.de nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem. It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
That helps. It would be very helpful to have a reproducer I can use to confirm we have a fix. I'm sure this will be a process that involves a non-trivial number of iterations.
-- Chuck Lever
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 10:18 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote:
Hi Greg,
On 23/05/2024 14:12, Greg Kroah-Hartman wrote: > This is the start of the stable review cycle for the 5.15.160 release. > There are 23 patches in this series, all will be posted as a response > to this one. If anyone has any issues with these being applied, please > let me know. > > Responses should be made by Sat, 25 May 2024 13:03:15 +0000. > Anything received after that time might be too late. > > The whole patch series can be found in one patch at: > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... > or in the git tree and branch at: > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y > and the diffstat can be found below. > > thanks, > > greg k-h > > ------------- > Pseudo-Shortlog of commits:
...
> NeilBrown neilb@suse.de > nfsd: don't allow nfsd threads to be signalled.
I am seeing a suspend regression on a couple boards and bisect is pointing to the above commit. Reverting this commit does fix the issue.
Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem. It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
That helps. It would be very helpful to have a reproducer I can use to confirm we have a fix. I'm sure this will be a process that involves a non-trivial number of iterations.
Missing upstream patch is
Commit 9bd4161c5917 ("SUNRPC: change service idle list to be an llist")
This contains some freezer-related changes which probably should have been a separate patch.
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
NeilBrown
On May 28, 2024, at 6:01 PM, NeilBrown neilb@suse.de wrote:
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 10:18 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote:
On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote: > Hi Greg, > > On 23/05/2024 14:12, Greg Kroah-Hartman wrote: >> This is the start of the stable review cycle for the 5.15.160 release. >> There are 23 patches in this series, all will be posted as a response >> to this one. If anyone has any issues with these being applied, please >> let me know. >> >> Responses should be made by Sat, 25 May 2024 13:03:15 +0000. >> Anything received after that time might be too late. >> >> The whole patch series can be found in one patch at: >> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... >> or in the git tree and branch at: >> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y >> and the diffstat can be found below. >> >> thanks, >> >> greg k-h >> >> ------------- >> Pseudo-Shortlog of commits: > > ... > >> NeilBrown neilb@suse.de >> nfsd: don't allow nfsd threads to be signalled. > > > I am seeing a suspend regression on a couple boards and bisect is pointing > to the above commit. Reverting this commit does fix the issue. Ugh, that fixes the report from others. Can you cc: everyone on that and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem. It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
That helps. It would be very helpful to have a reproducer I can use to confirm we have a fix. I'm sure this will be a process that involves a non-trivial number of iterations.
Missing upstream patch is
Commit 9bd4161c5917 ("SUNRPC: change service idle list to be an llist")
This contains some freezer-related changes which probably should have been a separate patch.
Thanks for tracking that down.
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
My understanding is that the stable maintainers prefer a backport of a patch (or patches) that are already applied to Linus' tree.
-- Chuck Lever
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 6:01 PM, NeilBrown neilb@suse.de wrote:
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 10:18 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 25/05/2024 15:20, Greg Kroah-Hartman wrote: > On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote: >> Hi Greg, >> >> On 23/05/2024 14:12, Greg Kroah-Hartman wrote: >>> This is the start of the stable review cycle for the 5.15.160 release. >>> There are 23 patches in this series, all will be posted as a response >>> to this one. If anyone has any issues with these being applied, please >>> let me know. >>> >>> Responses should be made by Sat, 25 May 2024 13:03:15 +0000. >>> Anything received after that time might be too late. >>> >>> The whole patch series can be found in one patch at: >>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... >>> or in the git tree and branch at: >>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y >>> and the diffstat can be found below. >>> >>> thanks, >>> >>> greg k-h >>> >>> ------------- >>> Pseudo-Shortlog of commits: >> >> ... >> >>> NeilBrown neilb@suse.de >>> nfsd: don't allow nfsd threads to be signalled. >> >> >> I am seeing a suspend regression on a couple boards and bisect is pointing >> to the above commit. Reverting this commit does fix the issue. > Ugh, that fixes the report from others. Can you cc: everyone on that > and figure out what is going on, as this keeps going back and forth...
Adding Chuck, Neil and Chris from the bug report here [0].
With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ...
Freezing of tasks failed after 20.002 seconds (1 tasks refusing to freeze, wq_busy=0):
The boards appear to hang at that point. So may be something else missing?
Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem. It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
That helps. It would be very helpful to have a reproducer I can use to confirm we have a fix. I'm sure this will be a process that involves a non-trivial number of iterations.
Missing upstream patch is
Commit 9bd4161c5917 ("SUNRPC: change service idle list to be an llist")
This contains some freezer-related changes which probably should have been a separate patch.
Thanks for tracking that down.
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
My understanding is that the stable maintainers prefer a backport of a patch (or patches) that are already applied to Linus' tree.
They also preferred a full backport of fs/nfsd/.. That hasn't gone so well :-)
In this case we would need
Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic")
to get TASK_FREEZABLE. I doubt that would be a good choice.
NeilBrown
-- Chuck Lever
On May 28, 2024, at 7:44 PM, NeilBrown neilb@suse.de wrote:
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 6:01 PM, NeilBrown neilb@suse.de wrote:
On Wed, 29 May 2024, Chuck Lever III wrote:
On May 28, 2024, at 10:18 AM, Jon Hunter jonathanh@nvidia.com wrote:
On 28/05/2024 14:14, Chuck Lever III wrote:
> On May 28, 2024, at 5:04 AM, Jon Hunter jonathanh@nvidia.com wrote: > > > On 25/05/2024 15:20, Greg Kroah-Hartman wrote: >> On Sat, May 25, 2024 at 12:13:28AM +0100, Jon Hunter wrote: >>> Hi Greg, >>> >>> On 23/05/2024 14:12, Greg Kroah-Hartman wrote: >>>> This is the start of the stable review cycle for the 5.15.160 release. >>>> There are 23 patches in this series, all will be posted as a response >>>> to this one. If anyone has any issues with these being applied, please >>>> let me know. >>>> >>>> Responses should be made by Sat, 25 May 2024 13:03:15 +0000. >>>> Anything received after that time might be too late. >>>> >>>> The whole patch series can be found in one patch at: >>>> https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.160-rc... >>>> or in the git tree and branch at: >>>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y >>>> and the diffstat can be found below. >>>> >>>> thanks, >>>> >>>> greg k-h >>>> >>>> ------------- >>>> Pseudo-Shortlog of commits: >>> >>> ... >>> >>>> NeilBrown neilb@suse.de >>>> nfsd: don't allow nfsd threads to be signalled. >>> >>> >>> I am seeing a suspend regression on a couple boards and bisect is pointing >>> to the above commit. Reverting this commit does fix the issue. >> Ugh, that fixes the report from others. Can you cc: everyone on that >> and figure out what is going on, as this keeps going back and forth... > > > Adding Chuck, Neil and Chris from the bug report here [0]. > > With the above applied to v5.15.y, I am seeing suspend on 2 of our boards fail. These boards are using NFS and on entry to suspend I am now seeing ... > > Freezing of tasks failed after 20.002 seconds (1 tasks refusing to > freeze, wq_busy=0): > > The boards appear to hang at that point. So may be something else missing? Note that we don't have access to hardware like this, so we haven't tested that patch (even the upstream version) with suspend on that hardware.
No problem, I would not expect you to have this particular hardware :-)
So, it could be something missing, or it could be that patch has a problem. It would help us to know if you observe the same issue with an upstream kernel, if that is possible.
I don't observe this with either mainline, -next or any other stable branch. So that would suggest that something else is missing from linux-5.15.y.
That helps. It would be very helpful to have a reproducer I can use to confirm we have a fix. I'm sure this will be a process that involves a non-trivial number of iterations.
Missing upstream patch is
Commit 9bd4161c5917 ("SUNRPC: change service idle list to be an llist")
This contains some freezer-related changes which probably should have been a separate patch.
Thanks for tracking that down.
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
My understanding is that the stable maintainers prefer a backport of a patch (or patches) that are already applied to Linus' tree.
They also preferred a full backport of fs/nfsd/.. That hasn't gone so well :-)
Really? I count about 350 patches in the initial backport. Those patches include nearly every NFSD patch from v5.16 up to the end of v6.2. We agreed to stop once the filecache fixes had been applied; no-one asked for a "full backport" from torvalds/HEAD.
Only two more patches have been applied since then. Three if you count this one. All of these issues have been very narrow corner cases or obscure test failures.
That is quite good, if you ask me. I don't see a problem, given the monumental task and lack of NFSD stable testing infrastructure before I began.
In this case we would need
Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic")
to get TASK_FREEZABLE. I doubt that would be a good choice.
I will let Greg and Sasha decide how they want to proceed, but it would be wise to include this detail in your patch description.
-- Chuck Lever
On Wed, 29 May 2024, NeilBrown wrote:
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
There is no TASK_FREEZABLE before v6.1. This isn't due to a missed backport. It is simply because of differences in the freezer in older kernels.
Please test this patch.
Thanks, NeilBrown
From 416bd6ae9a598e64931d34b76aa58f39b11841cd Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de --- net/sunrpc/svc_xprt.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..12e9293bd12b 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -764,10 +764,12 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) clear_bit(RQ_BUSY, &rqstp->rq_flags); smp_mb__after_atomic();
+ freezer_do_not_count(); if (likely(rqst_should_sleep(rqstp))) time_left = schedule_timeout(timeout); else __set_current_state(TASK_RUNNING); + freezer_count();
try_to_freeze();
On 29/05/2024 00:42, NeilBrown wrote:
On Wed, 29 May 2024, NeilBrown wrote:
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
There is no TASK_FREEZABLE before v6.1. This isn't due to a missed backport. It is simply because of differences in the freezer in older kernels.
Please test this patch.
Thanks, NeilBrown
From 416bd6ae9a598e64931d34b76aa58f39b11841cd Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
net/sunrpc/svc_xprt.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..12e9293bd12b 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -764,10 +764,12 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) clear_bit(RQ_BUSY, &rqstp->rq_flags); smp_mb__after_atomic();
- freezer_do_not_count(); if (likely(rqst_should_sleep(rqstp))) time_left = schedule_timeout(timeout); else __set_current_state(TASK_RUNNING);
- freezer_count();
try_to_freeze();
Thanks. I gave this a try on top of v5.15.160-rc1, but I am still seeing the following and the board hangs ...
Freezing of tasks failed after 20.004 seconds (1 tasks refusing to freeze, wq_busy=0):
So unfortunately this does not fix it :-(
Jon
On Wed, 29 May 2024, Jon Hunter wrote:
On 29/05/2024 00:42, NeilBrown wrote:
On Wed, 29 May 2024, NeilBrown wrote:
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
There is no TASK_FREEZABLE before v6.1. This isn't due to a missed backport. It is simply because of differences in the freezer in older kernels.
Please test this patch.
Thanks, NeilBrown
From 416bd6ae9a598e64931d34b76aa58f39b11841cd Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
net/sunrpc/svc_xprt.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..12e9293bd12b 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -764,10 +764,12 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) clear_bit(RQ_BUSY, &rqstp->rq_flags); smp_mb__after_atomic();
- freezer_do_not_count(); if (likely(rqst_should_sleep(rqstp))) time_left = schedule_timeout(timeout); else __set_current_state(TASK_RUNNING);
- freezer_count();
try_to_freeze();
Thanks. I gave this a try on top of v5.15.160-rc1, but I am still seeing the following and the board hangs ...
Freezing of tasks failed after 20.004 seconds (1 tasks refusing to freeze, wq_busy=0):
So unfortunately this does not fix it :-(
Thanks for testing. I can only guess that you had an active NFSv4.1 mount and that the callback thread was causing problems. Please try this. I also changed to use freezable_schedule* which seems like a better interface to do the same thing.
If this doesn't fix it, we'll probably need to ask someone who remembers the old freezer code.
Thanks, NeilBrown
From 518f0c1150f988b3fe8e5e0d053a25c3aa6c7d44 Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
To make this work with only upstream requests we would need Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") which allows non-interruptible sleeps to be woken by the freezer.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de --- fs/nfs/callback.c | 2 +- fs/nfsd/nfs4proc.c | 3 ++- net/sunrpc/svc_xprt.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 46a0a2d6962e..8fe143cad4a2 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -124,7 +124,7 @@ nfs41_callback_svc(void *vrqstp) } else { spin_unlock_bh(&serv->sv_cb_lock); if (!kthread_should_stop()) - schedule(); + freezable_schedule(); finish_wait(&serv->sv_cb_waitq, &wq); } } diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 6779291efca9..e0ff2212866a 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -38,6 +38,7 @@ #include <linux/slab.h> #include <linux/kthread.h> #include <linux/namei.h> +#include <linux/freezer.h>
#include <linux/sunrpc/addr.h> #include <linux/nfs_ssc.h> @@ -1322,7 +1323,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr,
/* allow 20secs for mount/unmount for now - revisit */ if (kthread_should_stop() || - (schedule_timeout(20*HZ) == 0)) { + (freezable_schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); return nfserr_eagain; diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..3cf53e3140a5 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -705,7 +705,7 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) set_current_state(TASK_RUNNING); return -EINTR; } - schedule_timeout(msecs_to_jiffies(500)); + freezable_schedule_timeout(msecs_to_jiffies(500)); } rqstp->rq_page_end = &rqstp->rq_pages[pages]; rqstp->rq_pages[pages] = NULL; /* this might be seen in nfsd_splice_actor() */ @@ -765,7 +765,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) smp_mb__after_atomic();
if (likely(rqst_should_sleep(rqstp))) - time_left = schedule_timeout(timeout); + time_left = freezable_schedule_timeout(timeout); else __set_current_state(TASK_RUNNING);
On 29/05/2024 21:59, NeilBrown wrote:
...
Thanks for testing. I can only guess that you had an active NFSv4.1 mount and that the callback thread was causing problems. Please try this. I also changed to use freezable_schedule* which seems like a better interface to do the same thing.
If this doesn't fix it, we'll probably need to ask someone who remembers the old freezer code.
Thanks, NeilBrown
From 518f0c1150f988b3fe8e5e0d053a25c3aa6c7d44 Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
To make this work with only upstream requests we would need Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") which allows non-interruptible sleeps to be woken by the freezer.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
fs/nfs/callback.c | 2 +- fs/nfsd/nfs4proc.c | 3 ++- net/sunrpc/svc_xprt.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 46a0a2d6962e..8fe143cad4a2 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -124,7 +124,7 @@ nfs41_callback_svc(void *vrqstp) } else { spin_unlock_bh(&serv->sv_cb_lock); if (!kthread_should_stop())
schedule();
freezable_schedule(); finish_wait(&serv->sv_cb_waitq, &wq);diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 6779291efca9..e0ff2212866a 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -38,6 +38,7 @@ #include <linux/slab.h> #include <linux/kthread.h> #include <linux/namei.h> +#include <linux/freezer.h> #include <linux/sunrpc/addr.h> #include <linux/nfs_ssc.h> @@ -1322,7 +1323,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, /* allow 20secs for mount/unmount for now - revisit */ if (kthread_should_stop() ||
(schedule_timeout(20*HZ) == 0)) {
(freezable_schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); return nfserr_eagain;diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..3cf53e3140a5 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -705,7 +705,7 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) set_current_state(TASK_RUNNING); return -EINTR; }
schedule_timeout(msecs_to_jiffies(500));
freezable_schedule_timeout(msecs_to_jiffies(500));@@ -765,7 +765,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) smp_mb__after_atomic(); if (likely(rqst_should_sleep(rqstp)))
time_left = schedule_timeout(timeout);
time_left = freezable_schedule_timeout(timeout);
That did the trick! Suspend is now working again on top of v5.15.160-rc1 with this change.
Feel free to add my ...
Tested-by: Jon Hunter jonathanh@nvidia.com
Thanks Jon
On Thu, May 30, 2024 at 01:11:47PM +0100, Jon Hunter wrote:
On 29/05/2024 21:59, NeilBrown wrote:
...
Thanks for testing. I can only guess that you had an active NFSv4.1 mount and that the callback thread was causing problems. Please try this. I also changed to use freezable_schedule* which seems like a better interface to do the same thing.
If this doesn't fix it, we'll probably need to ask someone who remembers the old freezer code.
Thanks, NeilBrown
From 518f0c1150f988b3fe8e5e0d053a25c3aa6c7d44 Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
To make this work with only upstream requests we would need Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") which allows non-interruptible sleeps to be woken by the freezer.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
fs/nfs/callback.c | 2 +- fs/nfsd/nfs4proc.c | 3 ++- net/sunrpc/svc_xprt.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 46a0a2d6962e..8fe143cad4a2 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -124,7 +124,7 @@ nfs41_callback_svc(void *vrqstp) } else { spin_unlock_bh(&serv->sv_cb_lock); if (!kthread_should_stop())
schedule();
freezable_schedule(); finish_wait(&serv->sv_cb_waitq, &wq);diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 6779291efca9..e0ff2212866a 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -38,6 +38,7 @@ #include <linux/slab.h> #include <linux/kthread.h> #include <linux/namei.h> +#include <linux/freezer.h> #include <linux/sunrpc/addr.h> #include <linux/nfs_ssc.h> @@ -1322,7 +1323,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr, /* allow 20secs for mount/unmount for now - revisit */ if (kthread_should_stop() ||
(schedule_timeout(20*HZ) == 0)) {
(freezable_schedule_timeout(20*HZ) == 0)) { finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); return nfserr_eagain;diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..3cf53e3140a5 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -705,7 +705,7 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) set_current_state(TASK_RUNNING); return -EINTR; }
schedule_timeout(msecs_to_jiffies(500));
freezable_schedule_timeout(msecs_to_jiffies(500));@@ -765,7 +765,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) smp_mb__after_atomic(); if (likely(rqst_should_sleep(rqstp)))
time_left = schedule_timeout(timeout);
time_left = freezable_schedule_timeout(timeout);That did the trick! Suspend is now working again on top of v5.15.160-rc1 with this change.
Feel free to add my ...
Tested-by: Jon Hunter jonathanh@nvidia.com
Since I've heard no objections, I've added this to nfsd-5.15.y for testing. I plan to send it along to stable@ when testing completes.
On May 29, 2024, at 4:59 PM, NeilBrown neilb@suse.de wrote:
On Wed, 29 May 2024, Jon Hunter wrote:
On 29/05/2024 00:42, NeilBrown wrote:
On Wed, 29 May 2024, NeilBrown wrote:
We probably just need to add "| TASK_FREEZABLE" in one or two places. I'll post a patch for testing in a little while.
There is no TASK_FREEZABLE before v6.1. This isn't due to a missed backport. It is simply because of differences in the freezer in older kernels.
Please test this patch.
Thanks, NeilBrown
From 416bd6ae9a598e64931d34b76aa58f39b11841cd Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
net/sunrpc/svc_xprt.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..12e9293bd12b 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -764,10 +764,12 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) clear_bit(RQ_BUSY, &rqstp->rq_flags); smp_mb__after_atomic();
freezer_do_not_count(); if (likely(rqst_should_sleep(rqstp))) time_left = schedule_timeout(timeout); else __set_current_state(TASK_RUNNING);
freezer_count();
try_to_freeze();
Thanks. I gave this a try on top of v5.15.160-rc1, but I am still seeing the following and the board hangs ...
Freezing of tasks failed after 20.004 seconds (1 tasks refusing to freeze, wq_busy=0):
So unfortunately this does not fix it :-(
Thanks for testing. I can only guess that you had an active NFSv4.1 mount and that the callback thread was causing problems. Please try this. I also changed to use freezable_schedule* which seems like a better interface to do the same thing.
If this doesn't fix it, we'll probably need to ask someone who remembers the old freezer code.
Thanks, NeilBrown
From 518f0c1150f988b3fe8e5e0d053a25c3aa6c7d44 Mon Sep 17 00:00:00 2001 From: NeilBrown neilb@suse.de Date: Wed, 29 May 2024 09:38:22 +1000 Subject: [PATCH] sunrpc: exclude from freezer when waiting for requests:
Prior to v6.1, the freezer will only wake a kernel thread from an uninterruptible sleep. Since we changed svc_get_next_xprt() to use and IDLE sleep the freezer cannot wake it. we need to tell the freezer to ignore it instead.
To make this work with only upstream requests we would need Commit f5d39b020809 ("freezer,sched: Rewrite core freezer logic") which allows non-interruptible sleeps to be woken by the freezer.
Fixes: 9b8a8e5e8129 ("nfsd: don't allow nfsd threads to be signalled.") Signed-off-by: NeilBrown neilb@suse.de
fs/nfs/callback.c | 2 +- fs/nfsd/nfs4proc.c | 3 ++- net/sunrpc/svc_xprt.c | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c index 46a0a2d6962e..8fe143cad4a2 100644 --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -124,7 +124,7 @@ nfs41_callback_svc(void *vrqstp) } else { spin_unlock_bh(&serv->sv_cb_lock); if (!kthread_should_stop())
- schedule();
- freezable_schedule();
finish_wait(&serv->sv_cb_waitq, &wq); } } diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 6779291efca9..e0ff2212866a 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -38,6 +38,7 @@ #include <linux/slab.h> #include <linux/kthread.h> #include <linux/namei.h> +#include <linux/freezer.h>
#include <linux/sunrpc/addr.h> #include <linux/nfs_ssc.h> @@ -1322,7 +1323,7 @@ static __be32 nfsd4_ssc_setup_dul(struct nfsd_net *nn, char *ipaddr,
/* allow 20secs for mount/unmount for now - revisit */ if (kthread_should_stop() ||
- (schedule_timeout(20*HZ) == 0)) {
- (freezable_schedule_timeout(20*HZ) == 0)) {
finish_wait(&nn->nfsd_ssc_waitq, &wait); kfree(work); return nfserr_eagain; diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c index b19592673eef..3cf53e3140a5 100644 --- a/net/sunrpc/svc_xprt.c +++ b/net/sunrpc/svc_xprt.c @@ -705,7 +705,7 @@ static int svc_alloc_arg(struct svc_rqst *rqstp) set_current_state(TASK_RUNNING); return -EINTR; }
- schedule_timeout(msecs_to_jiffies(500));
- freezable_schedule_timeout(msecs_to_jiffies(500));
} rqstp->rq_page_end = &rqstp->rq_pages[pages]; rqstp->rq_pages[pages] = NULL; /* this might be seen in nfsd_splice_actor() */ @@ -765,7 +765,7 @@ static struct svc_xprt *svc_get_next_xprt(struct svc_rqst *rqstp, long timeout) smp_mb__after_atomic();
if (likely(rqst_should_sleep(rqstp)))
- time_left = schedule_timeout(timeout);
- time_left = freezable_schedule_timeout(timeout);
else __set_current_state(TASK_RUNNING);
-- 2.44.0
I will merge this into nfsd-5.10.
I can also run this past NFSD's upstream CI and send it along to stable if you would like.
-- Chuck Lever
On Thu, May 23, 2024 at 03:12:56PM +0200, Greg Kroah-Hartman wrote:
This is the start of the stable review cycle for the 5.15.160 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know.
Responses should be made by Sat, 25 May 2024 13:03:15 +0000. Anything received after that time might be too late.
No regressions found on WSL (x86 and arm64).
Built, booted, and reviewed dmesg.
Thank you. :)
Tested-by: Kelsey Steele kelseysteele@linux.microsoft.com
linux-stable-mirror@lists.linaro.org
-
Anders Roxell -
Chris Packham -
Chuck Lever -
Chuck Lever III
-
Florian Fainelli -
Greg Kroah-Hartman -
Harshit Mogalapalli -
Jon Hunter -
Kelsey Steele -
Mark Brown -
NeilBrown -
Ron Economos -
SeongJae Park -
Shuah Khan