* [PATCH 6.6 000/396] 6.6.24-rc1 review
@ 2024-04-01 15:40 Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 001/396] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Greg Kroah-Hartman
` (407 more replies)
0 siblings, 408 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
This is the start of the stable review cycle for the 6.6.24 release.
There are 396 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.6.24-rc1
Natanael Copa <ncopa@alpinelinux.org>
tools/resolve_btfids: fix build with musl libc
Kevin Loughlin <kevinloughlin@google.com>
x86/sev: Skip ROM range scans and validation for SEV-SNP guests
Xingui Yang <yangxingui@huawei.com>
scsi: libsas: Fix disk not being scanned in after being removed
Xingui Yang <yangxingui@huawei.com>
scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
Muhammad Usama Anjum <usama.anjum@collabora.com>
scsi: lpfc: Correct size for wqe for memset()
Muhammad Usama Anjum <usama.anjum@collabora.com>
scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
Heikki Krogerus <heikki.krogerus@linux.intel.com>
usb: dwc3: pci: Drop duplicate ID
Dave Hansen <dave.hansen@linux.intel.com>
Revert "x86/bugs: Use fixed addressing for VERW operand"
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
x86/bugs: Use fixed addressing for VERW operand
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Delay I/O Abort on PCI error
Saurav Kashyap <skashyap@marvell.com>
scsi: qla2xxx: Change debug message during driver unload
Saurav Kashyap <skashyap@marvell.com>
scsi: qla2xxx: Fix double free of fcport
Saurav Kashyap <skashyap@marvell.com>
scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix command flush on cable pull
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: NVME|FCP prefer flag not being honored
Bikash Hazarika <bhazarika@marvell.com>
scsi: qla2xxx: Update manufacturer detail
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Split FCE|EFT trace control
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Fix N2N stuck connection
Quinn Tran <qutran@marvell.com>
scsi: qla2xxx: Prevent command send on chip reset
Christian A. Ehrhardt <lk@c--e.de>
usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
Christian A. Ehrhardt <lk@c--e.de>
usb: typec: ucsi_acpi: Refactor and fix DELL quirk
Christian A. Ehrhardt <lk@c--e.de>
usb: typec: ucsi: Ack unsupported commands
Christian A. Ehrhardt <lk@c--e.de>
usb: typec: ucsi: Check for notifications after init
Christian A. Ehrhardt <lk@c--e.de>
usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
Kyle Tso <kyletso@google.com>
usb: typec: Return size of buffer if pd_set operation succeeds
yuan linyu <yuanlinyu@hihonor.com>
usb: udc: remove warning when queue disabled ep
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
usb: dwc2: gadget: LPM flow fix
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
usb: dwc2: gadget: Fix exiting from clock gating
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
usb: dwc2: host: Fix ISOC flow in DDMA mode
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
usb: dwc2: host: Fix hibernation flow
Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
usb: dwc2: host: Fix remote wakeup from hibernation
Alan Stern <stern@rowland.harvard.edu>
USB: core: Fix deadlock in port "disable" sysfs attribute
Alan Stern <stern@rowland.harvard.edu>
USB: core: Add hub_get() and hub_put() routines
Alan Stern <stern@rowland.harvard.edu>
USB: core: Fix deadlock in usb_deauthorize_interface()
Thinh Nguyen <Thinh.Nguyen@synopsys.com>
usb: dwc3: Properly set system wakeup
Dan Carpenter <dan.carpenter@linaro.org>
staging: vc04_services: fix information leak in create_component()
Arnd Bergmann <arnd@arndb.de>
staging: vc04_services: changen strncpy() to strscpy_pad()
Guilherme G. Piccoli <gpiccoli@igalia.com>
scsi: core: Fix unremoved procfs host directory regression
Alexander Wetzel <Alexander@wetzel-home.de>
scsi: sg: Avoid sg device teardown race
Damien Le Moal <dlemoal@kernel.org>
scsi: sd: Fix TCG OPAL unlock on system resume
Duoming Zhou <duoming@zju.edu.cn>
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Brett Creeley <brett.creeley@amd.com>
vfio/pds: Make sure migration file isn't accessed after reset
Ilya Bakoulin <ilya.bakoulin@amd.com>
drm/amd/display: Clear OPTC mem select on disable
George Shen <george.shen@amd.com>
drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled
Ilya Bakoulin <ilya.bakoulin@amd.com>
drm/amd/display: Fix hang/underflow when transitioning to ODM4:1
Weitao Wang <WeitaoWang-oc@zhaoxin.com>
USB: UAS: return ENODEV when submit urbs fail with device not attached
Oliver Neukum <oneukum@suse.com>
usb: cdc-wdm: close race between read and workqueue
Alexander Stein <alexander.stein@ew.tq-group.com>
Revert "usb: phy: generic: Get the vbus supply"
Ezra Buehler <ezra.buehler@husqvarnagroup.com>
mtd: spinand: Add support for 5-byte IDs
Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
Chris Wilson <chris@chris-wilson.co.uk>
drm/i915/gt: Reset queue_priority_hint on parking
Jonathon Hall <jonathon.hall@puri.sm>
drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed()
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
drm/i915/hwmon: Fix locking inversion in sysfs getter
Johannes Weiner <hannes@cmpxchg.org>
drm/amdgpu: fix deadlock while reading mqd from debugfs
Eric Huang <jinhuieric.huang@amd.com>
drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
Jocelyn Falempe <jfalempe@redhat.com>
drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
Claus Hansen Ries <chr@terma.com>
net: ll_temac: platform_get_resource replaced by wrong function
Duoming Zhou <duoming@zju.edu.cn>
nouveau/dmem: handle kcalloc() allocation failure
Ye Zhang <ye.zhang@rock-chips.com>
thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
Damien Le Moal <dlemoal@kernel.org>
block: Do not force full zone append completion in req_bio_endio()
Liming Sun <limings@nvidia.com>
sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove()
Mikko Rapeli <mikko.rapeli@linaro.org>
mmc: core: Avoid negative index with array access
Mikko Rapeli <mikko.rapeli@linaro.org>
mmc: core: Initialize mmc_blk_ioc_data
Romain Naour <romain.naour@skf.com>
mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode
Edward Liaw <edliaw@google.com>
selftests/mm: fix ARM related issue with fork after pthread_create
Edward Liaw <edliaw@google.com>
selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM
Johannes Weiner <hannes@cmpxchg.org>
mm: cachestat: fix two shmem bugs
Nathan Chancellor <nathan@kernel.org>
hexagon: vmlinux.lds.S: handle attributes section
Max Filippov <jcmvbkbc@gmail.com>
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
gpio: cdev: sanitize the label before requesting the interrupt
Harry Wentland <harry.wentland@amd.com>
Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR"
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: fw: don't always use FW dump trig
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: mvm: disable MLO for the time being
Johannes Berg <johannes.berg@intel.com>
wifi: cfg80211: add a flag to disable wireless extensions
Felix Fietkau <nbd@nbd.name>
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
Johannes Thumshirn <johannes.thumshirn@wdc.com>
btrfs: zoned: use zone aware sb location for scrub
Johannes Thumshirn <johannes.thumshirn@wdc.com>
btrfs: zoned: don't skip block groups with 100% zone unusable
Tavian Barnes <tavianator@tavianator.com>
btrfs: fix race in read_extent_buffer_pages()
Carlos Maiolino <cem@kernel.org>
tmpfs: fix race on handling dquot rbtree
Zev Weiss <zev@bewilderbeest.net>
ARM: prctl: reject PR_SET_MDWE on pre-ARMv6
Zev Weiss <zev@bewilderbeest.net>
prctl: generalize PR_SET_MDWE support check to be per-arch
Ard Biesheuvel <ardb@kernel.org>
x86/efistub: Reinstate soft limit for initrd loading
Ard Biesheuvel <ardb@kernel.org>
efi/libstub: Cast away type warning in use of max()
Ard Biesheuvel <ardb@kernel.org>
x86/efistub: Add missing boot_params for mixed mode compat entry
John Sperbeck <jsperbeck@google.com>
init: open /initrd.image with O_LARGEFILE
Gergo Koteles <soyer@irl.hu>
ALSA: hda/tas2781: add locks to kcontrols
Gergo Koteles <soyer@irl.hu>
ALSA: hda/tas2781: remove digital gain kcontrol
Kan Liang <kan.liang@linux.intel.com>
perf top: Use evsel's cpus to replace user_requested_cpus
Vitaly Chikunov <vt@altlinux.org>
selftests/mm: Fix build with _FORTIFY_SOURCE
Muhammad Usama Anjum <usama.anjum@collabora.com>
selftests/mm: gup_test: conform test to TAP format output
Zoltan HERPAI <wigyori@uid0.hu>
pwm: img: fix pwm clock lookup
Oleksandr Tymoshenko <ovt@google.com>
efi: fix panic in kdump kernel
Adamos Ttofari <attofari@amazon.de>
x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
Thomas Gleixner <tglx@linutronix.de>
x86/mpparse: Register APIC address only once
KONDO KAZUMA(近藤 和真) <kazuma-kondo@nec.com>
efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address
Masami Hiramatsu (Google) <mhiramat@kernel.org>
kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
Biju Das <biju.das.jz@bp.renesas.com>
irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
Biju Das <biju.das.jz@bp.renesas.com>
irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
Biju Das <biju.das.jz@bp.renesas.com>
irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index
Biju Das <biju.das.jz@bp.renesas.com>
irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
John Ogness <john.ogness@linutronix.de>
printk: Update @console_may_schedule in console_trylock_spinning()
Nicolin Chen <nicolinc@nvidia.com>
iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
Will Deacon <will@kernel.org>
swiotlb: Fix alignment checks when both allocation and DMA masks are present
Will Deacon <will@kernel.org>
swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc()
Will Deacon <will@kernel.org>
swiotlb: Fix double-allocation of slots due to broken alignment handling
André Rösti <an.roesti@gmail.com>
entry: Respect changes to system call number by trace_sys_enter()
Yongqiang Liu <liuyongqiang13@huawei.com>
ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
Ard Biesheuvel <ardb@kernel.org>
ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores
Martin Blumenstingl <martin.blumenstingl@googlemail.com>
clocksource/drivers/arm_global_timer: Fix maximum prescaler value
Ard Biesheuvel <ardb@kernel.org>
x86/sev: Fix position dependent variable references in startup code
Borislav Petkov (AMD) <bp@alien8.de>
x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
Alex Williamson <alex.williamson@redhat.com>
vfio/fsl-mc: Block calling interrupt handler without trigger
Alex Williamson <alex.williamson@redhat.com>
vfio/platform: Create persistent IRQ handlers
Alex Williamson <alex.williamson@redhat.com>
vfio/pci: Create persistent INTx handler
Alex Williamson <alex.williamson@redhat.com>
vfio: Introduce interface to flush virqfd inject workqueue
Josef Bacik <josef@toxicpanda.com>
btrfs: fix deadlock with fiemap and extent locking
Darrick J. Wong <djwong@kernel.org>
xfs: remove conditional building of rt geometry validator functions
Andrey Albershteyn <aalbersh@redhat.com>
xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
Zhang Tianci <zhangtianci.1997@bytedance.com>
xfs: update dir3 leaf block metadata after swap
Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
Long Li <leo.lilong@huawei.com>
xfs: fix perag leak when growfs fails
Long Li <leo.lilong@huawei.com>
xfs: add lock protection when remove perag from radix tree
Eric Sandeen <sandeen@redhat.com>
xfs: short circuit xfs_growfs_data_private() if delta is zero
Dave Chinner <dchinner@redhat.com>
xfs: initialise di_crc in xfs_log_dinode
Darrick J. Wong <djwong@kernel.org>
xfs: add missing nrext64 inode flag check to scrub
Darrick J. Wong <djwong@kernel.org>
xfs: force all buffers to be written during btree bulk load
Darrick J. Wong <djwong@kernel.org>
xfs: fix an off-by-one error in xreap_agextent_binval
Darrick J. Wong <djwong@kernel.org>
xfs: recompute growfsrtfree transaction reservation while growing rt volume
Darrick J. Wong <djwong@kernel.org>
xfs: remove unused fields from struct xbtree_ifakeroot
Darrick J. Wong <djwong@kernel.org>
xfs: make xchk_iget safer in the presence of corrupt inode btrees
Darrick J. Wong <djwong@kernel.org>
xfs: don't allow overly small or large realtime volumes
Darrick J. Wong <djwong@kernel.org>
xfs: fix 32-bit truncation in xfs_compute_rextslog
Darrick J. Wong <djwong@kernel.org>
xfs: make rextslog computation consistent with mkfs
Darrick J. Wong <djwong@kernel.org>
xfs: transfer recovered intent item ownership in ->iop_recover
Darrick J. Wong <djwong@kernel.org>
xfs: pass the xfs_defer_pending object to iop_recover
Darrick J. Wong <djwong@kernel.org>
xfs: use xfs_defer_pending objects to recover intent items
Darrick J. Wong <djwong@kernel.org>
xfs: don't leak recovered attri intent items
Christoph Hellwig <hch@lst.de>
xfs: consider minlen sized extents in xfs_rtallocate_extent_block
Darrick J. Wong <djwong@kernel.org>
xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
Darrick J. Wong <djwong@kernel.org>
xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
Bitterblue Smith <rtl8821cerfe2@gmail.com>
wifi: rtw88: 8821cu: Fix connection failure
Johannes Berg <johannes.berg@intel.com>
wifi: iwlwifi: pcie: fix RB status reading
Jiawei Wang <me@jwang.link>
ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
Ard Biesheuvel <ardb@kernel.org>
x86/efistub: Call mixed mode boot services on the firmware's stack
Alex Deucher <alexander.deucher@amd.com>
drm/amd/display: handle range offsets in VRR ranges
Ville Syrjälä <ville.syrjala@linux.intel.com>
drm/i915: Don't explode when the dig port we don't have an AUX CH
Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
iio: imu: inv_mpu6050: fix FIFO parsing when empty
Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
iio: imu: inv_mpu6050: fix frequency setting when chip is off
Heiner Kallweit <hkallweit1@gmail.com>
i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
Cosmin Tanislav <demonsingur@gmail.com>
iio: accel: adxl367: fix I2C FIFO data register
Cosmin Tanislav <demonsingur@gmail.com>
iio: accel: adxl367: fix DEVID read after reset
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed
Vlastimil Babka <vbabka@suse.cz>
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Fabio Estevam <festevam@denx.de>
ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE
Sumit Garg <sumit.garg@linaro.org>
tee: optee: Fix kernel panic caused by incorrect error handling
Andy Chi <andy.chi@canonical.com>
ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
Bart Van Assche <bvanassche@acm.org>
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
Douglas Anderson <dianders@chromium.org>
Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()"
Nicolas Pitre <nico@fluxnic.net>
vt: fix unicode buffer corruption when deleting characters
Alexander Usyskin <alexander.usyskin@intel.com>
mei: me: add arrow lake point H DID
Alexander Usyskin <alexander.usyskin@intel.com>
mei: me: add arrow lake point S DID
Yicong Yang <yangyicong@hisilicon.com>
serial: port: Don't suspend if the port is still busy
Ekansh Gupta <quic_ekangupt@quicinc.com>
misc: fastrpc: Pass proper arguments to scm call
Hans de Goede <hdegoede@redhat.com>
misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume
Peter Collingbourne <pcc@google.com>
serial: 8250_dw: Do not reclock if already at correct rate
Sherry Sun <sherry.sun@nxp.com>
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
Mathias Nyman <mathias.nyman@linux.intel.com>
xhci: Fix failure to detect ring expansion need.
Mathias Nyman <mathias.nyman@linux.intel.com>
usb: port: Don't try to peer unused USB ports based on location
Krishna Kurapati <quic_kriskura@quicinc.com>
usb: gadget: ncm: Fix handling of zero block length packets
RD Babiera <rdbabiera@google.com>
usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
Alan Stern <stern@rowland.harvard.edu>
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
Kailang Yang <kailang@realtek.com>
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
Nirmoy Das <nirmoy.das@intel.com>
drm/i915: Check before removing mm notifier
Rickard x Andersson <rickaran@axis.com>
tty: serial: imx: Fix broken RS485
Ma Jun <Jun.Ma2@amd.com>
drm/amdgpu/pm: Fix the error of pwm1_enable setting
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Use .flush() call to wake up readers
Paolo Bonzini <pbonzini@redhat.com>
SEV: disable SEV-ES DebugSwap by default
Sean Christopherson <seanjc@google.com>
KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
Sean Christopherson <seanjc@google.com>
KVM: x86: Mark target gfn of emulated atomic instruction as dirty
Edmund Raile <edmund.raile@proton.me>
firewire: ohci: prevent leak of left-over IRQ on unbind
Kees Cook <keescook@chromium.org>
init/Kconfig: lower GCC version check for -Warray-bounds
Max Nguyen <maxwell.nguyen@hp.com>
Input: xpad - add additional HyperX Controller Identifiers
Kamalesh Babulal <kamalesh.babulal@oracle.com>
cgroup/cpuset: Fix retval in update_cpumask()
Badhri Jagan Sridharan <badhri@google.com>
usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices
Geliang Tang <tanggeliang@kylinos.cn>
selftests: mptcp: diag: return KSFT_FAIL not test_cnt
Vlastimil Babka <vbabka@suse.cz>
mm, mmap: fix vma_merge() case 7 with vma_ops->close
Nathan Chancellor <nathan@kernel.org>
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
Andrey Skvortsov <andrej.skvortzov@gmail.com>
crypto: sun8i-ce - Fix use after free in unprepare
Herbert Xu <herbert@gondor.apana.org.au>
crypto: rk3288 - Fix use after free in unprepare
Karol Herbst <kherbst@redhat.com>
drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
Dave Airlie <airlied@redhat.com>
nouveau: lock the client object tree.
Michael Kelley <mhklinux@outlook.com>
Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: reject constant set with timeout
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: disallow anonymous set with timeout flag
Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
Heng Guo <heng.guo@windriver.com>
net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams.
Mario Limonciello <mario.limonciello@amd.com>
drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found
Audra Mitchell <audra@redhat.com>
workqueue: Shorten events_freezable_power_efficient name
Jani Nikula <jani.nikula@intel.com>
drm/bridge: lt8912b: do not return negative values from .get_modes()
Jani Nikula <jani.nikula@intel.com>
drm/bridge: lt8912b: clear the EDID property on failures
Jani Nikula <jani.nikula@intel.com>
drm/bridge: lt8912b: use drm_bridge_edid_read()
Jani Nikula <jani.nikula@intel.com>
drm/bridge: add ->edid_read hook and drm_bridge_edid_read()
Zack Rusin <zack.rusin@broadcom.com>
drm/ttm: Make sure the mapped tt pages are decrypted when needed
Hector Martin <marcan@marcan.st>
wifi: brcmfmac: Demote vendor-specific attach/detach messages to info
Hector Martin <marcan@marcan.st>
wifi: brcmfmac: cfg80211: Use WSEC to set SAE password
Arend van Spriel <arend.vanspriel@broadcom.com>
wifi: brcmfmac: add per-vendor feature detection callback
Anton Altaparmakov <anton@tuxera.com>
x86/pm: Work around false positive kmemleak report in msr_build_context()
Mikulas Patocka <mpatocka@redhat.com>
dm snapshot: fix lockup in dm_exception_table_exit
Leo Ma <hanghong.ma@amd.com>
drm/amd/display: Fix noise issue on HDMI AV mute
Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
drm/amd/display: Return the correct HDCP error code
Philip Yang <Philip.Yang@amd.com>
drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
Conrad Kostecki <conikost@gentoo.org>
ahci: asm1064: asm1166: don't limit reported ports
Andrey Jr. Melnikov <temnota.am@gmail.com>
ahci: asm1064: correct count of reported ports
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64}
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: netlink: access device through ctx instead of peer
Jason A. Donenfeld <Jason@zx2c4.com>
wireguard: netlink: check for dangling peer via is_dead instead of empty list
Yuli Wang <wangyuli@uniontech.com>
LoongArch/crypto: Clean up useless assignment operations
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Define the __io_aw() hook as mmiowb()
Huacai Chen <chenhuacai@kernel.org>
LoongArch: Change __my_cpu_offset definition to avoid mis-optimization
David Hildenbrand <david@redhat.com>
virtio: reenable config if freezing device failed
Alison Schofield <alison.schofield@intel.com>
cxl/trace: Properly initialize cxl_poison region name
Steven Rostedt (Google) <rostedt@goodmis.org>
net: hns3: tracing: fix hclgevf trace event strings
Steven Rostedt (Google) <rostedt@goodmis.org>
drm/i915: Add missing ; to __assign_str() macros in tracepoint code
Steven Rostedt (Google) <rostedt@goodmis.org>
NFSD: Fix nfsd_clid_class use of __string_len() macro
Dragos Tatulea <dtatulea@nvidia.com>
net: esp: fix bad handling of pages from page_pool
Borislav Petkov (AMD) <bp@alien8.de>
x86/CPU/AMD: Update the Zenbleed microcode revisions
Marek Szyprowski <m.szyprowski@samsung.com>
cpufreq: dt: always allocate zeroed cpumask
Miquel Raynal <miquel.raynal@bootlin.com>
mtd: rawnand: Constrain even more when continuous reads are enabled
Miquel Raynal <miquel.raynal@bootlin.com>
mtd: rawnand: Fix and simplify again the continuous read derivations
Eugene Korenevsky <ekorenevsky@astralinux.ru>
cifs: open_cached_dir(): add FILE_READ_EA to desired access
Shyam Prasad N <sprasad@microsoft.com>
cifs: reduce warning log level for server not advertising interfaces
Dan Carpenter <dan.carpenter@linaro.org>
cifs: make cifs_chan_update_iface() a void function
Dan Carpenter <dan.carpenter@linaro.org>
cifs: delete unnecessary NULL checks in cifs_chan_update_iface()
Shyam Prasad N <sprasad@microsoft.com>
cifs: do not let cifs_chan_update_iface deallocate channels
Shyam Prasad N <sprasad@microsoft.com>
cifs: make sure server interfaces are requested only for SMB3+
Shyam Prasad N <sprasad@microsoft.com>
cifs: add xid to query server interface call
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: prevent kernel bug at submit_bh_wbc()
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
Sunmin Jeong <s_min.jeong@samsung.com>
f2fs: truncate page cache before clearing flags when aborting atomic write
Sunmin Jeong <s_min.jeong@samsung.com>
f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
Bart Van Assche <bvanassche@acm.org>
Revert "block/mq-deadline: use correct way to throttling write requests"
Qiang Zhang <qiang4.zhang@intel.com>
memtest: use {READ,WRITE}_ONCE in memory scanning
Jani Nikula <jani.nikula@intel.com>
drm/vc4: hdmi: do not return negative values from .get_modes()
Jani Nikula <jani.nikula@intel.com>
drm/imx/ipuv3: do not return negative values from .get_modes()
Jani Nikula <jani.nikula@intel.com>
drm/exynos: do not return negative values from .get_modes()
Jani Nikula <jani.nikula@intel.com>
drm/panel: do not return negative error codes from drm_panel_get_modes()
Jani Nikula <jani.nikula@intel.com>
drm/probe-helper: warn about negative .get_modes()
Harald Freudenberger <freude@linux.ibm.com>
s390/zcrypt: fix reference counting on zcrypt card objects
Sean Anderson <sean.anderson@linux.dev>
soc: fsl: qbman: Use raw spinlock for cgr_lock
Sean Anderson <sean.anderson@linux.dev>
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
Alexander Aring <aahringo@redhat.com>
dlm: fix user space lkb refcounting
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Fix full_waiters_pending in poll
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Fix resetting of shortest_full
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Do not set shortest_full when full target is hit
Steven Rostedt (Google) <rostedt@goodmis.org>
ring-buffer: Fix waking up ring buffer readers
Pavel Begunkov <asml.silence@gmail.com>
io_uring: clean rings on NO_MMAP alloc fail
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
platform/x86/intel/tpmi: Change vsec offset to u64
Marios Makassikis <mmakassikis@freebox.fr>
ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info
Marios Makassikis <mmakassikis@freebox.fr>
ksmbd: replace generic_fillattr with vfs_getattr
Jeff Layton <jlayton@kernel.org>
server: convert to new timestamp accessors
Lino Sanfilippo <l.sanfilippo@kunbus.com>
tpm,tpm_tis: Avoid warning splat at shutdown
Alex Williamson <alex.williamson@redhat.com>
vfio/platform: Disable virqfds on cleanup
Alex Williamson <alex.williamson@redhat.com>
vfio/pci: Lock external INTx masking ops
Alex Williamson <alex.williamson@redhat.com>
vfio/pci: Disable auto-enable of exclusive INTx IRQ
Frank Wunderlich <frank-w@public-files.de>
thermal/drivers/mediatek: Fix control buffer enablement on MT7896
Steve French <stfrench@microsoft.com>
cifs: allow changing password during remount
Bharath SM <bharathsm@microsoft.com>
cifs: prevent updating file size from server if we have a read/write lease
Paulo Alcantara <pc@manguebit.com>
smb: client: stop revalidating reparse points unnecessarily
Michael Kelley <mhklinux@outlook.com>
PCI: hv: Fix ring buffer size calculation
Niklas Cassel <cassel@kernel.org>
PCI: dwc: endpoint: Fix advertised resizable BAR size
Manivannan Sadhasivam <mani@kernel.org>
PCI: qcom: Enable BDF to SID translation properly
Nathan Chancellor <nathan@kernel.org>
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
Benjamin Coddington <bcodding@redhat.com>
NFS: Read unlock folio on nfs_page_create_from_folio() error
Josef Bacik <josef@toxicpanda.com>
nfs: fix UAF in direct writes
Sam Ravnborg <sam@ravnborg.org>
sparc32: Fix parport build with sparc32
Pavel Begunkov <asml.silence@gmail.com>
io_uring: fix mshot io-wq checks
Jens Axboe <axboe@kernel.dk>
io_uring/net: correctly handle multishot recvmsg retry setup
Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
PCI/AER: Block runtime suspend when handling errors
Samuel Thibault <samuel.thibault@ens-lyon.org>
speakup: Fix 8bit characters from direct synth
Wayne Chang <waynec@nvidia.com>
usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
Wayne Chang <waynec@nvidia.com>
phy: tegra: xusb: Add API to retrieve the port number of phy
Christophe JAILLET <christophe.jaillet@wanadoo.fr>
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
Jerome Brunet <jbrunet@baylibre.com>
nvmem: meson-efuse: fix function pointer type mismatch
Maximilian Heyne <mheyne@amazon.de>
ext4: fix corruption during on-line resize
Josua Mayer <josua@solid-run.com>
hwmon: (amc6821) add of_match table
Mickaël Salaün <mic@digikod.net>
landlock: Warn once if a Landlock action is requested while disabled
Christian Gmeiner <cgmeiner@igalia.com>
drm/etnaviv: Restore some id values
Christian Marangi <ansuelsmth@gmail.com>
leds: trigger: netdev: Fix kernel panic on interface rename trig notify
Marcel Ziswiler <marcel.ziswiler@toradex.com>
Bluetooth: btnxpuart: Fix btnxpuart_close
Dominique Martinet <dominique.martinet@atmark-techno.com>
mmc: core: Fix switch on gp3 partition
Ryan Roberts <ryan.roberts@arm.com>
mm: swap: fix race between free_swap_and_cache() and swapoff()
Fedor Pchelkin <pchelkin@ispras.ru>
mac802154: fix llsec key resources release in mac802154_llsec_key_del
Tony Battersby <tonyb@cybernetics.com>
block: Fix page refcounts for unaligned buffers in __bio_release_pages()
Nathan Chancellor <nathan@kernel.org>
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
Yu Kuai <yukuai3@huawei.com>
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Jarred White <jarredwhite@linux.microsoft.com>
ACPI: CPPC: Use access_width over bit_width for system memory accesses
Paul Menzel <pmenzel@molgen.mpg.de>
PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
Rafael J. Wysocki <rafael.j.wysocki@intel.com>
PCI/PM: Drain runtime-idle callbacks before driver removal
Nick Morrow <morrownr@gmail.com>
wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU
Filipe Manana <fdmanana@suse.com>
btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
Qu Wenruo <wqu@suse.com>
btrfs: qgroup: always free reserved space for extent records
Peter Collingbourne <pcc@google.com>
serial: Lock console when calling into driver before registration
Jonas Gorski <jonas.gorski@gmail.com>
serial: core: only stop transmit when HW fifo is empty
Roger Quadros <rogerq@kernel.org>
usb: dwc3-am62: Disable wakeup at remove
Roger Quadros <rogerq@kernel.org>
usb: dwc3-am62: fix module unload/reload behavior
Jameson Thies <jthies@google.com>
usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
Miklos Szeredi <mszeredi@redhat.com>
fuse: don't unhash root
Miklos Szeredi <mszeredi@redhat.com>
fuse: fix root lookup with nonzero generation
Miklos Szeredi <mszeredi@redhat.com>
fuse: replace remaining make_bad_inode() with fuse_make_bad()
Wolfram Sang <wsa+renesas@sang-engineering.com>
mmc: tmio: avoid concurrent runs of mmc_request_done()
Qingliang Li <qingliang.li@mediatek.com>
PM: sleep: wakeirq: fix wake irq warning in system suspend
Toru Katagiri <Toru.Katagiri@tdk.com>
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
David Woodhouse <dwmw@amazon.co.uk>
KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
Aurélien Jacobs <aurel@gnuage.org>
USB: serial: option: add MeiG Smart SLM320 product
Christian Häggström <christian.haggstrom@orexplore.com>
USB: serial: cp210x: add ID for MGP Instruments PDS100
Cameron Williams <cang1@live.co.uk>
USB: serial: add device ID for VeriFone adapter
Daniel Vogelbacher <daniel@chaospixel.com>
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
Michael Ellerman <mpe@ellerman.id.au>
powerpc/fsl: Fix mfpmr build errors with newer binutils
Prashanth K <quic_prashk@quicinc.com>
usb: xhci: Add error handling in xhci_map_urb_for_dma
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
Gabor Juhos <j4g8y7@gmail.com>
clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
Brett Creeley <brett.creeley@amd.com>
vfio/pds: Always clear the save/restore FDs on reset
Maulik Shah <quic_mkshah@quicinc.com>
PM: suspend: Set mem_sleep_current during kernel command line setup
Shivnandan Kumar <quic_kshivnan@quicinc.com>
cpufreq: Limit resolving a frequency to policy min/max
Akira Yokosawa <akiyks@gmail.com>
docs: Restore "smart quotes" for quotes
Quentin Schulz <quentin.schulz@theobroma-systems.com>
iio: adc: rockchip_saradc: use mask for write_enable bitfield
Quentin Schulz <quentin.schulz@theobroma-systems.com>
iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2
Gui-Dong Han <2045gemini@gmail.com>
md/raid5: fix atomicity violation in raid5_cache_count
Guenter Roeck <linux@roeck-us.net>
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
Guenter Roeck <linux@roeck-us.net>
parisc: Fix csum_ipv6_magic on 64-bit systems
Guenter Roeck <linux@roeck-us.net>
parisc: Fix csum_ipv6_magic on 32-bit systems
Guenter Roeck <linux@roeck-us.net>
parisc: Fix ip_fast_csum
John David Anglin <dave.anglin@bell.net>
parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
Guenter Roeck <linux@roeck-us.net>
parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()
Breno Leitao <leitao@debian.org>
x86/nmi: Fix the inverse "in NMI handler" check
Heming Zhao <heming.zhao@suse.com>
md/md-bitmap: fix incorrect usage for sb_index
Arseniy Krasnov <avkrasnov@salutedevices.com>
mtd: rawnand: meson: fix scrambling mode value in command macro
Zhang Yi <yi.zhang@huawei.com>
ubi: correct the calculation of fastmap size
Richard Weinberger <richard@nod.at>
ubi: Check for too small LEB size in VTBL code
Matthew Wilcox (Oracle) <willy@infradead.org>
ubifs: Set page uptodate in the correct place
Bernd Schubert <bschubert@ddn.com>
fuse: fix VM_MAYSHARE and direct_io_allow_mmap
Jan Kara <jack@suse.cz>
fat: fix uninitialized field in nostale filehandles
Matthew Wilcox (Oracle) <willy@infradead.org>
bounds: support non-power-of-two CONFIG_NR_CPUS
Arnd Bergmann <arnd@arndb.de>
kasan/test: avoid gcc warning for intentional overflow
Damien Le Moal <dlemoal@kernel.org>
block: Clear zone limits for a non-zoned stacked queue
Baokun Li <libaokun1@huawei.com>
ext4: correct best extent lstart adjustment logic
SeongJae Park <sj@kernel.org>
selftests/mqueue: Set timeout to 180 seconds
Damian Muszynski <damian.muszynski@intel.com>
crypto: qat - resolve race condition during AER recovery
Randy Dunlap <rdunlap@infradead.org>
sparc: vDSO: fix return value of __setup handler
Randy Dunlap <rdunlap@infradead.org>
sparc64: NMI watchdog: fix return value of __setup handler
Michael Ellerman <mpe@ellerman.id.au>
powerpc/smp: Increase nr_cpu_ids to include the boot CPU
Michael Ellerman <mpe@ellerman.id.au>
powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl_tpmi: Fix System Domain probing
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl_tpmi: Fix a register bug
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl: Fix locking in TPMI RAPL
Peter Zijlstra <peterz@infradead.org>
sched: Simplify tg_set_cfs_bandwidth()
Zhang Rui <rui.zhang@intel.com>
powercap: intel_rapl: Fix a NULL pointer dereference
Zhang Rui <rui.zhang@intel.com>
thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature
Tor Vic <torvic9@mailbox.org>
cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping
Sean Christopherson <seanjc@google.com>
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: mc: Expand MUST_CONNECT flag to always require an enabled link
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: mc: Rename pad variable to clarify intent
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: mc: Add num_links flag to media_pad
Marek Vasut <marex@denx.de>
media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: mc: Fix flags handling when creating pad links
Laurent Pinchart <laurent.pinchart@ideasonboard.com>
media: mc: Add local pad to pipeline regardless of the link state
Gui-Dong Han <2045gemini@gmail.com>
media: xc4000: Fix atomicity violation in xc4000_get_frequency
Philipp Stanner <pstanner@redhat.com>
pci_iounmap(): Fix MMIO mapping leak
Zack Rusin <zack.rusin@broadcom.com>
drm/vmwgfx: Fix the lifetime of the bo cursor memory
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: max310x: fix NULL pointer dereference in I2C instantiation
Zack Rusin <zack.rusin@broadcom.com>
drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
Duje Mihanović <duje.mihanovic@skole.hr>
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
Roberto Sassu <roberto.sassu@huawei.com>
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
Roberto Sassu <roberto.sassu@huawei.com>
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
Amit Pundir <amit.pundir@linaro.org>
clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
Joakim Zhang <joakim.zhang@cixtech.com>
remoteproc: virtio: Fix wdg cannot recovery remote processor
Krishna chaitanya chundru <quic_krichai@quicinc.com>
arm64: dts: qcom: sc7280: Add additional MSI interrupts
Hidenori Kobayashi <hidenorik@chromium.org>
media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
Arend van Spriel <arend.vanspriel@broadcom.com>
wifi: brcmfmac: avoid invalid list operation when vendor attach fails
Zheng Wang <zyytlz.wz@163.com>
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
Zack Rusin <zack.rusin@broadcom.com>
drm/vmwgfx: Unmap the surface before resetting it on a plane state
Jim Mattson <jmattson@google.com>
KVM: x86: Use a switch statement and macros in __feature_translate()
Jim Mattson <jmattson@google.com>
KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
-------------
Diffstat:
Documentation/admin-guide/kernel-parameters.txt | 4 +-
Documentation/arch/x86/amd-memory-encryption.rst | 16 +-
Documentation/conf.py | 6 +-
.../userspace-api/media/mediactl/media-types.rst | 11 +-
Makefile | 4 +-
arch/arm/Kconfig | 4 +-
arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +-
arch/arm/configs/imx_v6_v7_defconfig | 1 +
arch/arm/include/asm/mman.h | 14 ++
arch/arm/kernel/Makefile | 2 -
arch/arm/kernel/iwmmxt.S | 51 ++--
arch/arm/kernel/pj4-cp0.c | 135 -----------
arch/arm/mm/flush.c | 3 +
arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 +-
.../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 +
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
arch/hexagon/kernel/vmlinux.lds.S | 1 +
arch/loongarch/crypto/crc32-loongarch.c | 2 -
arch/loongarch/include/asm/Kbuild | 1 +
arch/loongarch/include/asm/io.h | 2 +
arch/loongarch/include/asm/percpu.h | 7 +-
arch/loongarch/include/asm/qspinlock.h | 18 --
arch/parisc/include/asm/assembly.h | 18 +-
arch/parisc/include/asm/checksum.h | 10 +-
arch/parisc/include/asm/mman.h | 14 ++
arch/parisc/kernel/unaligned.c | 27 +--
arch/powerpc/include/asm/reg_fsl_emb.h | 11 +-
arch/powerpc/kernel/prom.c | 12 +
arch/powerpc/lib/Makefile | 2 +-
arch/sparc/include/asm/parport.h | 259 +--------------------
arch/sparc/include/asm/parport_64.h | 256 ++++++++++++++++++++
arch/sparc/kernel/nmi.c | 2 +-
arch/sparc/vdso/vma.c | 7 +-
arch/x86/Kconfig | 13 --
arch/x86/boot/compressed/efi_mixed.S | 29 ++-
arch/x86/coco/core.c | 7 +-
arch/x86/include/asm/asm.h | 14 ++
arch/x86/include/asm/coco.h | 8 +-
arch/x86/include/asm/mem_encrypt.h | 15 +-
arch/x86/include/asm/sev.h | 4 +-
arch/x86/include/asm/suspend_32.h | 10 +-
arch/x86/include/asm/x86_init.h | 3 +-
arch/x86/kernel/cpu/amd.c | 10 +-
arch/x86/kernel/eisa.c | 3 +-
arch/x86/kernel/fpu/xstate.c | 5 +-
arch/x86/kernel/fpu/xstate.h | 14 +-
arch/x86/kernel/kprobes/core.c | 11 +-
arch/x86/kernel/mpparse.c | 10 +-
arch/x86/kernel/nmi.c | 2 +-
arch/x86/kernel/probe_roms.c | 10 -
arch/x86/kernel/setup.c | 3 +-
arch/x86/kernel/sev-shared.c | 12 +-
arch/x86/kernel/sev.c | 31 ++-
arch/x86/kernel/x86_init.c | 2 +
arch/x86/kvm/cpuid.c | 21 +-
arch/x86/kvm/lapic.c | 5 +-
arch/x86/kvm/reverse_cpuid.h | 33 ++-
arch/x86/kvm/svm/sev.c | 25 +-
arch/x86/kvm/x86.c | 10 +
arch/x86/kvm/xen.c | 2 +-
arch/x86/kvm/xen.h | 18 ++
arch/x86/mm/mem_encrypt_amd.c | 18 ++
arch/x86/mm/mem_encrypt_identity.c | 38 ++-
block/bio.c | 7 +-
block/blk-mq.c | 9 +-
block/blk-settings.c | 4 +
block/mq-deadline.c | 3 +-
drivers/accessibility/speakup/synth.c | 4 +-
drivers/acpi/cppc_acpi.c | 31 ++-
drivers/ata/ahci.c | 5 -
drivers/ata/libata-eh.c | 5 +-
drivers/ata/libata-scsi.c | 9 +
drivers/base/power/wakeirq.c | 4 +-
drivers/bluetooth/btnxpuart.c | 3 +
drivers/char/tpm/tpm_tis_core.c | 3 +-
drivers/clk/qcom/gcc-ipq5018.c | 3 +
drivers/clk/qcom/gcc-ipq6018.c | 2 +
drivers/clk/qcom/gcc-ipq8074.c | 2 +
drivers/clk/qcom/gcc-ipq9574.c | 1 +
drivers/clk/qcom/gcc-sdm845.c | 1 +
drivers/clk/qcom/mmcc-apq8084.c | 2 +
drivers/clk/qcom/mmcc-msm8974.c | 2 +
drivers/clocksource/arm_global_timer.c | 2 +-
drivers/cpufreq/amd-pstate.c | 2 +-
drivers/cpufreq/cpufreq-dt.c | 2 +-
.../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 +--
drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 +-
drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 +-
drivers/cxl/core/trace.h | 14 +-
drivers/firewire/ohci.c | 2 +
drivers/firmware/efi/efi.c | 2 +
drivers/firmware/efi/libstub/randomalloc.c | 2 +-
drivers/firmware/efi/libstub/x86-stub.c | 1 +
drivers/gpio/gpiolib-cdev.c | 38 ++-
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 ++--
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 49 ++--
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +-
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 17 ++
.../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +
.../amd/display/modules/info_packet/info_packet.c | 13 +-
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +-
drivers/gpu/drm/bridge/lontium-lt8912b.c | 24 +-
drivers/gpu/drm/drm_bridge.c | 46 +++-
drivers/gpu/drm/drm_panel.c | 17 +-
drivers/gpu/drm/drm_probe_helper.c | 7 +
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +-
drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 +
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 +-
drivers/gpu/drm/exynos/exynos_hdmi.c | 4 +-
drivers/gpu/drm/i915/display/icl_dsi.c | 3 +-
drivers/gpu/drm/i915/display/intel_bios.c | 46 +++-
.../drm/i915/display/intel_display_power_well.c | 17 +-
drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +-
drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 +-
drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 +
drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 -
.../gpu/drm/i915/gt/intel_execlists_submission.c | 3 +
drivers/gpu/drm/i915/i915_hwmon.c | 37 +--
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 +-
drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1 +
drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 +-
drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
drivers/gpu/drm/nouveau/nvkm/core/client.c | 1 +
drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 ++-
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +-
drivers/gpu/drm/ttm/ttm_tt.c | 13 ++
drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +-
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +-
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 17 +-
drivers/hwmon/amc6821.c | 11 +
drivers/i2c/busses/i2c-i801.c | 4 +-
drivers/iio/accel/adxl367.c | 8 +-
drivers/iio/accel/adxl367_i2c.c | 2 +-
drivers/iio/adc/rockchip_saradc.c | 6 +-
drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 +
drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 +
drivers/input/joystick/xpad.c | 6 +
drivers/iommu/dma-iommu.c | 9 +
drivers/irqchip/irq-renesas-rzg2l.c | 93 +++++---
drivers/leds/trigger/ledtrig-netdev.c | 4 +-
drivers/md/dm-raid.c | 2 +
drivers/md/dm-snap.c | 4 +-
drivers/md/md-bitmap.c | 9 +-
drivers/md/raid5.c | 14 +-
drivers/media/mc/mc-entity.c | 93 ++++++--
.../platform/nxp/imx8-isi/imx8-isi-crossbar.c | 4 +-
drivers/media/tuners/xc4000.c | 4 +-
drivers/misc/fastrpc.c | 10 +-
drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +-
drivers/misc/mei/hw-me-regs.h | 2 +
drivers/misc/mei/pci-me.c | 2 +
drivers/mmc/core/block.c | 14 +-
drivers/mmc/host/sdhci-of-dwcmshc.c | 28 ++-
drivers/mmc/host/sdhci-omap.c | 3 +
drivers/mmc/host/tmio_mmc_core.c | 2 +
drivers/mtd/nand/raw/meson_nand.c | 2 +-
drivers/mtd/nand/raw/nand_base.c | 48 ++--
drivers/mtd/ubi/fastmap.c | 7 +-
drivers/mtd/ubi/vtbl.c | 6 +
.../ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 +-
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
drivers/net/wireguard/netlink.c | 10 +-
.../broadcom/brcm80211/brcmfmac/bca/core.c | 15 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 60 ++---
.../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 +
.../broadcom/brcm80211/brcmfmac/cyw/core.c | 33 ++-
.../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 +
.../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 1 +
.../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 14 +-
.../wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 39 ++--
.../broadcom/brcm80211/brcmfmac/wcc/core.c | 16 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 15 +-
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 8 +-
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 12 +-
drivers/net/wireless/realtek/rtw88/mac.c | 7 +
drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 46 ++--
drivers/nvmem/meson-efuse.c | 25 +-
drivers/pci/controller/dwc/pcie-designware-ep.c | 7 +-
drivers/pci/controller/dwc/pcie-qcom.c | 10 +
drivers/pci/controller/pci-hyperv.c | 3 +-
drivers/pci/pci-driver.c | 7 +
drivers/pci/pcie/err.c | 20 ++
drivers/pci/quirks.c | 2 +
drivers/phy/tegra/xusb.c | 13 ++
drivers/platform/x86/intel/tpmi.c | 9 +-
drivers/powercap/intel_rapl_common.c | 34 ++-
drivers/powercap/intel_rapl_msr.c | 8 +-
drivers/powercap/intel_rapl_tpmi.c | 15 ++
drivers/pwm/pwm-img.c | 4 +-
drivers/remoteproc/remoteproc_virtio.c | 6 +-
drivers/s390/crypto/zcrypt_api.c | 2 +
drivers/scsi/hosts.c | 7 +-
drivers/scsi/libsas/sas_expander.c | 51 ++--
drivers/scsi/lpfc/lpfc_bsg.c | 4 +-
drivers/scsi/lpfc/lpfc_nvmet.c | 2 +-
drivers/scsi/qla2xxx/qla_attr.c | 14 +-
drivers/scsi/qla2xxx/qla_def.h | 2 +-
drivers/scsi/qla2xxx/qla_gbl.h | 2 +-
drivers/scsi/qla2xxx/qla_init.c | 128 +++++-----
drivers/scsi/qla2xxx/qla_iocb.c | 68 ++++--
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
drivers/scsi/qla2xxx/qla_os.c | 3 +-
drivers/scsi/qla2xxx/qla_target.c | 10 +
drivers/scsi/scsi_scan.c | 34 +++
drivers/scsi/sd.c | 23 +-
drivers/scsi/sg.c | 4 +-
drivers/slimbus/core.c | 4 +-
drivers/soc/fsl/qbman/qman.c | 25 +-
drivers/staging/media/ipu3/ipu3-v4l2.c | 16 +-
.../staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 5 +-
drivers/tee/optee/device.c | 3 +-
drivers/thermal/devfreq_cooling.c | 2 +-
.../int340x_thermal/processor_thermal_device.c | 8 +-
.../intel/int340x_thermal/processor_thermal_rapl.c | 8 +-
drivers/thermal/intel/intel_tcc.c | 12 +-
drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 +-
drivers/thermal/mediatek/auxadc_thermal.c | 3 +
drivers/tty/serial/8250/8250_dw.c | 6 +-
drivers/tty/serial/8250/8250_port.c | 6 -
drivers/tty/serial/fsl_lpuart.c | 7 +-
drivers/tty/serial/imx.c | 22 +-
drivers/tty/serial/max310x.c | 7 +-
drivers/tty/serial/qcom_geni_serial.c | 10 +-
drivers/tty/serial/serial_core.c | 12 +
drivers/tty/serial/serial_port.c | 25 +-
drivers/tty/vt/vt.c | 2 +-
drivers/usb/class/cdc-wdm.c | 6 +-
drivers/usb/core/hub.c | 23 +-
drivers/usb/core/hub.h | 2 +
drivers/usb/core/port.c | 43 +++-
drivers/usb/core/sysfs.c | 16 +-
drivers/usb/dwc2/core.h | 14 ++
drivers/usb/dwc2/core_intr.c | 72 ++++--
drivers/usb/dwc2/gadget.c | 10 +
drivers/usb/dwc2/hcd.c | 49 +++-
drivers/usb/dwc2/hcd_ddma.c | 17 +-
drivers/usb/dwc2/hw.h | 2 +-
drivers/usb/dwc2/platform.c | 2 +-
drivers/usb/dwc3/core.c | 2 +
drivers/usb/dwc3/core.h | 2 +
drivers/usb/dwc3/dwc3-am62.c | 13 +-
drivers/usb/dwc3/dwc3-pci.c | 2 -
drivers/usb/dwc3/gadget.c | 10 +
drivers/usb/dwc3/host.c | 11 +
drivers/usb/gadget/function/f_ncm.c | 2 +-
drivers/usb/gadget/udc/core.c | 4 +-
drivers/usb/gadget/udc/tegra-xudc.c | 39 ++--
drivers/usb/host/xhci-ring.c | 8 +-
drivers/usb/host/xhci.c | 2 +
drivers/usb/phy/phy-generic.c | 7 -
drivers/usb/serial/cp210x.c | 4 +
drivers/usb/serial/ftdi_sio.c | 2 +
drivers/usb/serial/ftdi_sio_ids.h | 6 +
drivers/usb/serial/option.c | 6 +
drivers/usb/storage/isd200.c | 23 +-
drivers/usb/storage/uas.c | 28 ++-
drivers/usb/typec/altmodes/displayport.c | 18 +-
drivers/usb/typec/class.c | 7 +-
drivers/usb/typec/tcpm/tcpm.c | 7 +-
drivers/usb/typec/ucsi/ucsi.c | 56 ++++-
drivers/usb/typec/ucsi/ucsi.h | 4 +-
drivers/usb/typec/ucsi/ucsi_acpi.c | 71 +++---
drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 +-
drivers/vfio/pci/pds/lm.c | 13 ++
drivers/vfio/pci/pds/lm.h | 1 +
drivers/vfio/pci/pds/vfio_dev.c | 4 +-
drivers/vfio/pci/vfio_pci_intrs.c | 180 ++++++++------
drivers/vfio/platform/vfio_platform_irq.c | 105 ++++++---
drivers/vfio/virqfd.c | 21 ++
drivers/virtio/virtio.c | 10 +-
fs/aio.c | 8 +-
fs/btrfs/block-group.c | 3 +-
fs/btrfs/extent_io.c | 75 ++++--
fs/btrfs/qgroup.c | 10 +-
fs/btrfs/scrub.c | 12 +-
fs/btrfs/volumes.c | 2 +-
fs/dlm/user.c | 10 +-
fs/exec.c | 1 +
fs/ext4/mballoc.c | 17 +-
fs/ext4/resize.c | 3 +-
fs/f2fs/f2fs.h | 1 +
fs/f2fs/segment.c | 4 +-
fs/fat/nfs.c | 6 +
fs/fuse/dir.c | 6 +-
fs/fuse/file.c | 8 +-
fs/fuse/fuse_i.h | 1 -
fs/fuse/inode.c | 7 +-
fs/nfs/direct.c | 11 +-
fs/nfs/read.c | 2 +
fs/nfs/write.c | 2 +-
fs/nfsd/trace.h | 2 +-
fs/nilfs2/btree.c | 9 +-
fs/nilfs2/direct.c | 9 +-
fs/nilfs2/inode.c | 2 +-
fs/smb/client/cached_dir.c | 3 +-
fs/smb/client/cifs_debug.c | 2 +
fs/smb/client/cifsglob.h | 5 +
fs/smb/client/cifsproto.h | 8 +-
fs/smb/client/connect.c | 10 +-
fs/smb/client/file.c | 8 +-
fs/smb/client/fs_context.c | 27 ++-
fs/smb/client/inode.c | 17 +-
fs/smb/client/readdir.c | 133 +++++------
fs/smb/client/sess.c | 45 ++--
fs/smb/client/smb2ops.c | 2 +
fs/smb/client/smb2pdu.c | 10 +-
fs/smb/server/smb2pdu.c | 180 +++++++++-----
fs/smb/server/smb_common.c | 11 +-
fs/smb/server/vfs.c | 12 +-
fs/ubifs/file.c | 13 +-
fs/xfs/libxfs/xfs_ag.c | 36 ++-
fs/xfs/libxfs/xfs_ag.h | 2 +
fs/xfs/libxfs/xfs_attr.c | 6 +-
fs/xfs/libxfs/xfs_bmap.c | 75 +++---
fs/xfs/libxfs/xfs_btree_staging.c | 4 +-
fs/xfs/libxfs/xfs_btree_staging.h | 6 -
fs/xfs/libxfs/xfs_da_btree.c | 7 +
fs/xfs/libxfs/xfs_defer.c | 105 ++++++---
fs/xfs/libxfs/xfs_defer.h | 5 +
fs/xfs/libxfs/xfs_format.h | 2 +-
fs/xfs/libxfs/xfs_log_recover.h | 5 +
fs/xfs/libxfs/xfs_rtbitmap.c | 2 +
fs/xfs/libxfs/xfs_rtbitmap.h | 83 +++++++
fs/xfs/libxfs/xfs_sb.c | 20 +-
fs/xfs/libxfs/xfs_sb.h | 2 +
fs/xfs/libxfs/xfs_types.h | 13 ++
fs/xfs/scrub/common.c | 6 +-
fs/xfs/scrub/common.h | 25 ++
fs/xfs/scrub/fscounters.c | 2 +-
fs/xfs/scrub/inode.c | 8 +-
fs/xfs/scrub/reap.c | 2 +-
fs/xfs/scrub/rtbitmap.c | 3 +-
fs/xfs/scrub/rtsummary.c | 3 +-
fs/xfs/scrub/trace.h | 3 +-
fs/xfs/xfs_attr_item.c | 23 +-
fs/xfs/xfs_bmap_item.c | 14 +-
fs/xfs/xfs_buf.c | 44 +++-
fs/xfs/xfs_buf.h | 1 +
fs/xfs/xfs_extfree_item.c | 14 +-
fs/xfs/xfs_fsmap.c | 2 +-
fs/xfs/xfs_fsops.c | 9 +-
fs/xfs/xfs_inode_item.c | 3 +
fs/xfs/xfs_log.c | 1 +
fs/xfs/xfs_log_priv.h | 1 +
fs/xfs/xfs_log_recover.c | 116 ++++-----
fs/xfs/xfs_refcount_item.c | 13 +-
fs/xfs/xfs_rmap_item.c | 14 +-
fs/xfs/xfs_rtalloc.c | 14 +-
fs/xfs/xfs_rtalloc.h | 73 ------
fs/xfs/xfs_trans.h | 4 +-
include/drm/drm_bridge.h | 33 +++
include/drm/drm_modeset_helper_vtables.h | 3 +-
include/drm/ttm/ttm_tt.h | 9 +-
include/linux/cpu.h | 2 +
include/linux/cpufreq.h | 15 +-
include/linux/gfp.h | 9 +
include/linux/hyperv.h | 22 +-
include/linux/intel_rapl.h | 6 +
include/linux/intel_tcc.h | 2 +-
include/linux/libata.h | 1 +
include/linux/mman.h | 8 +
include/linux/mtd/spinand.h | 2 +-
include/linux/nfs_fs.h | 1 +
include/linux/phy/tegra/xusb.h | 1 +
include/linux/ring_buffer.h | 1 +
include/linux/serial_core.h | 3 +-
include/linux/skbuff.h | 10 +
include/linux/vfio.h | 2 +
include/media/media-entity.h | 2 +
include/net/cfg80211.h | 2 +
include/net/cfg802154.h | 1 +
include/scsi/scsi_driver.h | 1 +
include/scsi/scsi_host.h | 1 +
include/uapi/linux/snmp.h | 3 +-
init/Kconfig | 6 +-
init/initramfs.c | 2 +-
io_uring/io_uring.c | 5 +-
io_uring/net.c | 5 +-
kernel/bounds.c | 2 +-
kernel/cgroup/cpuset.c | 2 +-
kernel/dma/swiotlb.c | 37 +--
kernel/entry/common.c | 8 +-
kernel/power/suspend.c | 1 +
kernel/printk/printk.c | 27 ++-
kernel/sched/core.c | 38 +--
kernel/sys.c | 7 +-
kernel/trace/ring_buffer.c | 233 ++++++++++--------
kernel/trace/trace.c | 21 +-
kernel/workqueue.c | 2 +-
lib/pci_iomap.c | 2 +-
mm/compaction.c | 7 +-
mm/filemap.c | 16 ++
mm/kasan/kasan_test.c | 3 +-
mm/memtest.c | 4 +-
mm/mmap.c | 10 +-
mm/page_alloc.c | 10 +-
mm/shmem_quota.c | 10 +-
mm/swapfile.c | 13 +-
mm/vmscan.c | 5 +-
net/bluetooth/hci_core.c | 6 +-
net/bluetooth/hci_sync.c | 5 +-
net/ipv4/esp4.c | 8 +-
net/ipv4/ip_output.c | 2 +
net/ipv4/proc.c | 3 +-
net/ipv6/esp6.c | 8 +-
net/ipv6/ip6_output.c | 6 +-
net/ipv6/mcast.c | 5 +-
net/ipv6/ndisc.c | 2 +-
net/ipv6/proc.c | 3 +-
net/ipv6/raw.c | 2 +-
net/mac80211/cfg.c | 5 +-
net/mac802154/llsec.c | 18 +-
net/netfilter/nf_tables_api.c | 7 +
net/wireless/wext-core.c | 7 +-
net/xfrm/xfrm_user.c | 3 +
scripts/Makefile.extrawarn | 2 +
security/landlock/syscalls.c | 18 +-
security/smack/smack_lsm.c | 12 +-
sound/pci/hda/patch_realtek.c | 13 +-
sound/pci/hda/tas2781_hda_i2c.c | 83 ++++---
sound/sh/aica.c | 17 +-
sound/soc/amd/yc/acp6x-mach.c | 7 -
tools/include/linux/btf_ids.h | 2 +
tools/perf/builtin-top.c | 4 +-
tools/testing/selftests/mm/gup_test.c | 67 +++---
tools/testing/selftests/mm/soft-dirty.c | 2 +-
tools/testing/selftests/mm/split_huge_page_test.c | 2 +-
tools/testing/selftests/mm/uffd-common.c | 3 +
tools/testing/selftests/mm/uffd-common.h | 2 +
tools/testing/selftests/mm/uffd-unit-tests.c | 13 +-
tools/testing/selftests/mqueue/setting | 1 +
tools/testing/selftests/net/mptcp/diag.sh | 6 +-
.../selftests/wireguard/qemu/arch/riscv32.config | 1 +
.../selftests/wireguard/qemu/arch/riscv64.config | 1 +
virt/kvm/async_pf.c | 31 ++-
443 files changed, 4373 insertions(+), 2498 deletions(-)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 001/396] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 002/396] KVM: x86: Use a switch statement and macros in __feature_translate() Greg Kroah-Hartman
` (406 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jim Mattson, Chao Gao,
Sean Christopherson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jim Mattson <jmattson@google.com>
commit eefe5e6682099445f77f2d97d4c525f9ac9d9b07 upstream.
The low five bits {INTEL_PSFD, IPRED_CTRL, RRSBA_CTRL, DDPD_U, BHI_CTRL}
advertise the availability of specific bits in IA32_SPEC_CTRL. Since KVM
dynamically determines the legal IA32_SPEC_CTRL bits for the underlying
hardware, the hard work has already been done. Just let userspace know
that a guest can use these IA32_SPEC_CTRL bits.
The sixth bit (MCDT_NO) states that the processor does not exhibit MXCSR
Configuration Dependent Timing (MCDT) behavior. This is an inherent
property of the physical processor that is inherited by the virtual
CPU. Pass that information on to userspace.
Signed-off-by: Jim Mattson <jmattson@google.com>
Reviewed-by: Chao Gao <chao.gao@intel.com>
Link: https://lore.kernel.org/r/20231024001636.890236-1-jmattson@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/cpuid.c | 21 ++++++++++++++++++---
arch/x86/kvm/reverse_cpuid.h | 12 ++++++++++++
2 files changed, 30 insertions(+), 3 deletions(-)
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -677,6 +677,11 @@ void kvm_set_cpu_caps(void)
F(AMX_COMPLEX)
);
+ kvm_cpu_cap_init_kvm_defined(CPUID_7_2_EDX,
+ F(INTEL_PSFD) | F(IPRED_CTRL) | F(RRSBA_CTRL) | F(DDPD_U) |
+ F(BHI_CTRL) | F(MCDT_NO)
+ );
+
kvm_cpu_cap_mask(CPUID_D_1_EAX,
F(XSAVEOPT) | F(XSAVEC) | F(XGETBV1) | F(XSAVES) | f_xfd
);
@@ -956,13 +961,13 @@ static inline int __do_cpuid_func(struct
break;
/* function 7 has additional index. */
case 7:
- entry->eax = min(entry->eax, 1u);
+ max_idx = entry->eax = min(entry->eax, 2u);
cpuid_entry_override(entry, CPUID_7_0_EBX);
cpuid_entry_override(entry, CPUID_7_ECX);
cpuid_entry_override(entry, CPUID_7_EDX);
- /* KVM only supports 0x7.0 and 0x7.1, capped above via min(). */
- if (entry->eax == 1) {
+ /* KVM only supports up to 0x7.2, capped above via min(). */
+ if (max_idx >= 1) {
entry = do_host_cpuid(array, function, 1);
if (!entry)
goto out;
@@ -972,6 +977,16 @@ static inline int __do_cpuid_func(struct
entry->ebx = 0;
entry->ecx = 0;
}
+ if (max_idx >= 2) {
+ entry = do_host_cpuid(array, function, 2);
+ if (!entry)
+ goto out;
+
+ cpuid_entry_override(entry, CPUID_7_2_EDX);
+ entry->ecx = 0;
+ entry->ebx = 0;
+ entry->eax = 0;
+ }
break;
case 0xa: { /* Architectural Performance Monitoring */
union cpuid10_eax eax;
--- a/arch/x86/kvm/reverse_cpuid.h
+++ b/arch/x86/kvm/reverse_cpuid.h
@@ -16,6 +16,7 @@ enum kvm_only_cpuid_leafs {
CPUID_7_1_EDX,
CPUID_8000_0007_EDX,
CPUID_8000_0022_EAX,
+ CPUID_7_2_EDX,
NR_KVM_CPU_CAPS,
NKVMCAPINTS = NR_KVM_CPU_CAPS - NCAPINTS,
@@ -46,6 +47,14 @@ enum kvm_only_cpuid_leafs {
#define X86_FEATURE_AMX_COMPLEX KVM_X86_FEATURE(CPUID_7_1_EDX, 8)
#define X86_FEATURE_PREFETCHITI KVM_X86_FEATURE(CPUID_7_1_EDX, 14)
+/* Intel-defined sub-features, CPUID level 0x00000007:2 (EDX) */
+#define X86_FEATURE_INTEL_PSFD KVM_X86_FEATURE(CPUID_7_2_EDX, 0)
+#define X86_FEATURE_IPRED_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 1)
+#define KVM_X86_FEATURE_RRSBA_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 2)
+#define X86_FEATURE_DDPD_U KVM_X86_FEATURE(CPUID_7_2_EDX, 3)
+#define X86_FEATURE_BHI_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 4)
+#define X86_FEATURE_MCDT_NO KVM_X86_FEATURE(CPUID_7_2_EDX, 5)
+
/* CPUID level 0x80000007 (EDX). */
#define KVM_X86_FEATURE_CONSTANT_TSC KVM_X86_FEATURE(CPUID_8000_0007_EDX, 8)
@@ -80,6 +89,7 @@ static const struct cpuid_reg reverse_cp
[CPUID_8000_0007_EDX] = {0x80000007, 0, CPUID_EDX},
[CPUID_8000_0021_EAX] = {0x80000021, 0, CPUID_EAX},
[CPUID_8000_0022_EAX] = {0x80000022, 0, CPUID_EAX},
+ [CPUID_7_2_EDX] = { 7, 2, CPUID_EDX},
};
/*
@@ -116,6 +126,8 @@ static __always_inline u32 __feature_tra
return KVM_X86_FEATURE_CONSTANT_TSC;
else if (x86_feature == X86_FEATURE_PERFMON_V2)
return KVM_X86_FEATURE_PERFMON_V2;
+ else if (x86_feature == X86_FEATURE_RRSBA_CTRL)
+ return KVM_X86_FEATURE_RRSBA_CTRL;
return x86_feature;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 002/396] KVM: x86: Use a switch statement and macros in __feature_translate()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 001/396] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 003/396] drm/vmwgfx: Unmap the surface before resetting it on a plane state Greg Kroah-Hartman
` (405 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jim Mattson, Sean Christopherson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jim Mattson <jmattson@google.com>
commit 80c883db87d9ffe2d685e91ba07a087b1c246c78 upstream.
Use a switch statement with macro-generated case statements to handle
translating feature flags in order to reduce the probability of runtime
errors due to copy+paste goofs, to make compile-time errors easier to
debug, and to make the code more readable.
E.g. the compiler won't directly generate an error for duplicate if
statements
if (x86_feature == X86_FEATURE_SGX1)
return KVM_X86_FEATURE_SGX1;
else if (x86_feature == X86_FEATURE_SGX2)
return KVM_X86_FEATURE_SGX1;
and so instead reverse_cpuid_check() will fail due to the untranslated
entry pointing at a Linux-defined leaf, which provides practically no
hint as to what is broken
arch/x86/kvm/reverse_cpuid.h:108:2: error: call to __compiletime_assert_450 declared with 'error' attribute:
BUILD_BUG_ON failed: x86_leaf == CPUID_LNX_4
BUILD_BUG_ON(x86_leaf == CPUID_LNX_4);
^
whereas duplicate case statements very explicitly point at the offending
code:
arch/x86/kvm/reverse_cpuid.h:125:2: error: duplicate case value '361'
KVM_X86_TRANSLATE_FEATURE(SGX2);
^
arch/x86/kvm/reverse_cpuid.h:124:2: error: duplicate case value '360'
KVM_X86_TRANSLATE_FEATURE(SGX1);
^
And without macros, the opposite type of copy+paste goof doesn't generate
any error at compile-time, e.g. this yields no complaints:
case X86_FEATURE_SGX1:
return KVM_X86_FEATURE_SGX1;
case X86_FEATURE_SGX2:
return KVM_X86_FEATURE_SGX1;
Note, __feature_translate() is forcibly inlined and the feature is known
at compile-time, so the code generation between an if-elif sequence and a
switch statement should be identical.
Signed-off-by: Jim Mattson <jmattson@google.com>
Link: https://lore.kernel.org/r/20231024001636.890236-2-jmattson@google.com
[sean: use a macro, rewrite changelog]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/reverse_cpuid.h | 25 ++++++++++++-------------
1 file changed, 12 insertions(+), 13 deletions(-)
--- a/arch/x86/kvm/reverse_cpuid.h
+++ b/arch/x86/kvm/reverse_cpuid.h
@@ -116,20 +116,19 @@ static __always_inline void reverse_cpui
*/
static __always_inline u32 __feature_translate(int x86_feature)
{
- if (x86_feature == X86_FEATURE_SGX1)
- return KVM_X86_FEATURE_SGX1;
- else if (x86_feature == X86_FEATURE_SGX2)
- return KVM_X86_FEATURE_SGX2;
- else if (x86_feature == X86_FEATURE_SGX_EDECCSSA)
- return KVM_X86_FEATURE_SGX_EDECCSSA;
- else if (x86_feature == X86_FEATURE_CONSTANT_TSC)
- return KVM_X86_FEATURE_CONSTANT_TSC;
- else if (x86_feature == X86_FEATURE_PERFMON_V2)
- return KVM_X86_FEATURE_PERFMON_V2;
- else if (x86_feature == X86_FEATURE_RRSBA_CTRL)
- return KVM_X86_FEATURE_RRSBA_CTRL;
+#define KVM_X86_TRANSLATE_FEATURE(f) \
+ case X86_FEATURE_##f: return KVM_X86_FEATURE_##f
- return x86_feature;
+ switch (x86_feature) {
+ KVM_X86_TRANSLATE_FEATURE(SGX1);
+ KVM_X86_TRANSLATE_FEATURE(SGX2);
+ KVM_X86_TRANSLATE_FEATURE(SGX_EDECCSSA);
+ KVM_X86_TRANSLATE_FEATURE(CONSTANT_TSC);
+ KVM_X86_TRANSLATE_FEATURE(PERFMON_V2);
+ KVM_X86_TRANSLATE_FEATURE(RRSBA_CTRL);
+ default:
+ return x86_feature;
+ }
}
static __always_inline u32 __feature_leaf(int x86_feature)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 003/396] drm/vmwgfx: Unmap the surface before resetting it on a plane state
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 001/396] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 002/396] KVM: x86: Use a switch statement and macros in __feature_translate() Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 004/396] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Greg Kroah-Hartman
` (404 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zack Rusin, Stefan Hoffmeister,
Martin Krastev, Maaz Mombasawala, Ian Forbes,
Broadcom internal kernel review list, dri-devel,
Javier Martinez Canillas, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zack Rusin <zack.rusin@broadcom.com>
[ Upstream commit 27571c64f1855881753e6f33c3186573afbab7ba ]
Switch to a new plane state requires unreferencing of all held surfaces.
In the work required for mob cursors the mapped surfaces started being
cached but the variable indicating whether the surface is currently
mapped was not being reset. This leads to crashes as the duplicated
state, incorrectly, indicates the that surface is mapped even when
no surface is present. That's because after unreferencing the surface
it's perfectly possible for the plane to be backed by a bo instead of a
surface.
Reset the surface mapped flag when unreferencing the plane state surface
to fix null derefs in cleanup. Fixes crashes in KDE KWin 6.0 on Wayland:
Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 4 PID: 2533 Comm: kwin_wayland Not tainted 6.7.0-rc3-vmwgfx #2
Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020
RIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]
Code: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>
RSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600
RBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920
R10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00
FS: 00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x171/0x4e0
? exc_page_fault+0x7f/0x180
? asm_exc_page_fault+0x26/0x30
? vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]
drm_atomic_helper_cleanup_planes+0x9b/0xc0
commit_tail+0xd1/0x130
drm_atomic_helper_commit+0x11a/0x140
drm_atomic_commit+0x97/0xd0
? __pfx___drm_printfn_info+0x10/0x10
drm_atomic_helper_update_plane+0xf5/0x160
drm_mode_cursor_universal+0x10e/0x270
drm_mode_cursor_common+0x102/0x230
? __pfx_drm_mode_cursor2_ioctl+0x10/0x10
drm_ioctl_kernel+0xb2/0x110
drm_ioctl+0x26d/0x4b0
? __pfx_drm_mode_cursor2_ioctl+0x10/0x10
? __pfx_drm_ioctl+0x10/0x10
vmw_generic_ioctl+0xa4/0x110 [vmwgfx]
__x64_sys_ioctl+0x94/0xd0
do_syscall_64+0x61/0xe0
? __x64_sys_ioctl+0xaf/0xd0
? syscall_exit_to_user_mode+0x2b/0x40
? do_syscall_64+0x70/0xe0
? __x64_sys_ioctl+0xaf/0xd0
? syscall_exit_to_user_mode+0x2b/0x40
? do_syscall_64+0x70/0xe0
? exc_page_fault+0x7f/0x180
entry_SYSCALL_64_after_hwframe+0x6e/0x76
RIP: 0033:0x7f1e93f279ed
Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff f>
RSP: 002b:00007ffca0faf600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 000055db876ed2c0 RCX: 00007f1e93f279ed
RDX: 00007ffca0faf6c0 RSI: 00000000c02464bb RDI: 0000000000000015
RBP: 00007ffca0faf650 R08: 000055db87184010 R09: 0000000000000007
R10: 000055db886471a0 R11: 0000000000000246 R12: 00007ffca0faf6c0
R13: 00000000c02464bb R14: 0000000000000015 R15: 00007ffca0faf790
</TASK>
Modules linked in: snd_seq_dummy snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_ine>
CR2: 0000000000000028
---[ end trace 0000000000000000 ]---
RIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx]
Code: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f>
RSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027
RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600
RBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920
R10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000
R13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00
FS: 00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Fixes: 485d98d472d5 ("drm/vmwgfx: Add support for CursorMob and CursorBypass 4")
Reported-by: Stefan Hoffmeister <stefan.hoffmeister@econos.de>
Closes: https://gitlab.freedesktop.org/drm/misc/-/issues/34
Cc: Martin Krastev <martin.krastev@broadcom.com>
Cc: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Cc: Ian Forbes <ian.forbes@broadcom.com>
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>
Cc: dri-devel@lists.freedesktop.org
Cc: <stable@vger.kernel.org> # v5.19+
Acked-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20231224052540.605040-1-zack.rusin@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index b51578918cf8d..496ff2a6144c1 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -703,6 +703,10 @@ vmw_du_cursor_plane_prepare_fb(struct drm_plane *plane,
int ret = 0;
if (vps->surf) {
+ if (vps->surf_mapped) {
+ vmw_bo_unmap(vps->surf->res.guest_memory_bo);
+ vps->surf_mapped = false;
+ }
vmw_surface_unreference(&vps->surf);
vps->surf = NULL;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 004/396] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 003/396] drm/vmwgfx: Unmap the surface before resetting it on a plane state Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 005/396] wifi: brcmfmac: avoid invalid list operation when vendor attach fails Greg Kroah-Hartman
` (403 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zheng Wang, Arend van Spriel,
Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zheng Wang <zyytlz.wz@163.com>
[ Upstream commit 0f7352557a35ab7888bc7831411ec8a3cbe20d78 ]
This is the candidate patch of CVE-2023-47233 :
https://nvd.nist.gov/vuln/detail/CVE-2023-47233
In brcm80211 driver,it starts with the following invoking chain
to start init a timeout worker:
->brcmf_usb_probe
->brcmf_usb_probe_cb
->brcmf_attach
->brcmf_bus_started
->brcmf_cfg80211_attach
->wl_init_priv
->brcmf_init_escan
->INIT_WORK(&cfg->escan_timeout_work,
brcmf_cfg80211_escan_timeout_worker);
If we disconnect the USB by hotplug, it will call
brcmf_usb_disconnect to make cleanup. The invoking chain is :
brcmf_usb_disconnect
->brcmf_usb_disconnect_cb
->brcmf_detach
->brcmf_cfg80211_detach
->kfree(cfg);
While the timeout woker may still be running. This will cause
a use-after-free bug on cfg in brcmf_cfg80211_escan_timeout_worker.
Fix it by deleting the timer and canceling the worker in
brcmf_cfg80211_detach.
Fixes: e756af5b30b0 ("brcmfmac: add e-scan support.")
Signed-off-by: Zheng Wang <zyytlz.wz@163.com>
Cc: stable@vger.kernel.org
[arend.vanspriel@broadcom.com: keep timer delete as is and cancel work just before free]
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240107072504.392713-1-arend.vanspriel@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index df9c26593dbe1..567e3a0675d88 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -1179,8 +1179,7 @@ s32 brcmf_notify_escan_complete(struct brcmf_cfg80211_info *cfg,
scan_request = cfg->scan_request;
cfg->scan_request = NULL;
- if (timer_pending(&cfg->escan_timeout))
- del_timer_sync(&cfg->escan_timeout);
+ timer_delete_sync(&cfg->escan_timeout);
if (fw_abort) {
/* Do a scan abort to stop the driver's scan engine */
@@ -8441,6 +8440,7 @@ void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
brcmf_btcoex_detach(cfg);
wiphy_unregister(cfg->wiphy);
wl_deinit_priv(cfg);
+ cancel_work_sync(&cfg->escan_timeout_work);
brcmf_free_wiphy(cfg->wiphy);
kfree(cfg);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 005/396] wifi: brcmfmac: avoid invalid list operation when vendor attach fails
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 004/396] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 006/396] media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Greg Kroah-Hartman
` (402 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arend van Spriel, Kalle Valo,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arend van Spriel <arend.vanspriel@broadcom.com>
[ Upstream commit b822015a1f57268f5b2ff656736dc4004e7097da ]
When the brcmf_fwvid_attach() fails the driver instance is not added
to the vendor list. Hence we should not try to delete it from that
list when the brcmf_fwvid_detach() function is called in cleanup path.
Cc: stable@vger.kernel.org # 6.2.x
Fixes: d6a5c562214f ("wifi: brcmfmac: add support for vendor-specific firmware api")
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240106103835.269149-3-arend.vanspriel@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
index 86eafdb405419..f610818c2b059 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
@@ -187,9 +187,10 @@ void brcmf_fwvid_detach_ops(struct brcmf_pub *drvr)
mutex_lock(&fwvid_list_lock);
- drvr->vops = NULL;
- list_del(&drvr->bus_if->list);
-
+ if (drvr->vops) {
+ drvr->vops = NULL;
+ list_del(&drvr->bus_if->list);
+ }
mutex_unlock(&fwvid_list_lock);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 006/396] media: staging: ipu3-imgu: Set fields before media_entity_pads_init()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 005/396] wifi: brcmfmac: avoid invalid list operation when vendor attach fails Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 007/396] arm64: dts: qcom: sc7280: Add additional MSI interrupts Greg Kroah-Hartman
` (401 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Hidenori Kobayashi,
Sakari Ailus, Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hidenori Kobayashi <hidenorik@chromium.org>
[ Upstream commit 87318b7092670d4086bfec115a0280a60c51c2dd ]
The imgu driver fails to probe with the following message because it
does not set the pad's flags before calling media_entity_pads_init().
[ 14.596315] ipu3-imgu 0000:00:05.0: failed initialize subdev media entity (-22)
[ 14.596322] ipu3-imgu 0000:00:05.0: failed to register subdev0 ret (-22)
[ 14.596327] ipu3-imgu 0000:00:05.0: failed to register pipes (-22)
[ 14.596331] ipu3-imgu 0000:00:05.0: failed to create V4L2 devices (-22)
Fix the initialization order so that the driver probe succeeds. The ops
initialization is also moved together for readability.
Fixes: a0ca1627b450 ("media: staging/intel-ipu3: Add v4l2 driver based on media framework")
Cc: <stable@vger.kernel.org> # 6.7
Cc: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Hidenori Kobayashi <hidenorik@chromium.org>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/staging/media/ipu3/ipu3-v4l2.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/staging/media/ipu3/ipu3-v4l2.c b/drivers/staging/media/ipu3/ipu3-v4l2.c
index e530767e80a5d..55cc44a401bc4 100644
--- a/drivers/staging/media/ipu3/ipu3-v4l2.c
+++ b/drivers/staging/media/ipu3/ipu3-v4l2.c
@@ -1069,6 +1069,11 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu,
struct imgu_media_pipe *imgu_pipe = &imgu->imgu_pipe[pipe];
/* Initialize subdev media entity */
+ imgu_sd->subdev.entity.ops = &imgu_media_ops;
+ for (i = 0; i < IMGU_NODE_NUM; i++) {
+ imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ?
+ MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE;
+ }
r = media_entity_pads_init(&imgu_sd->subdev.entity, IMGU_NODE_NUM,
imgu_sd->subdev_pads);
if (r) {
@@ -1076,11 +1081,6 @@ static int imgu_v4l2_subdev_register(struct imgu_device *imgu,
"failed initialize subdev media entity (%d)\n", r);
return r;
}
- imgu_sd->subdev.entity.ops = &imgu_media_ops;
- for (i = 0; i < IMGU_NODE_NUM; i++) {
- imgu_sd->subdev_pads[i].flags = imgu_pipe->nodes[i].output ?
- MEDIA_PAD_FL_SINK : MEDIA_PAD_FL_SOURCE;
- }
/* Initialize subdev */
v4l2_subdev_init(&imgu_sd->subdev, &imgu_subdev_ops);
@@ -1177,15 +1177,15 @@ static int imgu_v4l2_node_setup(struct imgu_device *imgu, unsigned int pipe,
}
/* Initialize media entities */
+ node->vdev_pad.flags = node->output ?
+ MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK;
+ vdev->entity.ops = NULL;
r = media_entity_pads_init(&vdev->entity, 1, &node->vdev_pad);
if (r) {
dev_err(dev, "failed initialize media entity (%d)\n", r);
mutex_destroy(&node->lock);
return r;
}
- node->vdev_pad.flags = node->output ?
- MEDIA_PAD_FL_SOURCE : MEDIA_PAD_FL_SINK;
- vdev->entity.ops = NULL;
/* Initialize vbq */
vbq->type = node->vdev_fmt.type;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 007/396] arm64: dts: qcom: sc7280: Add additional MSI interrupts
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 006/396] media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 008/396] remoteproc: virtio: Fix wdg cannot recovery remote processor Greg Kroah-Hartman
` (400 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Krishna chaitanya chundru,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krishna chaitanya chundru <quic_krichai@quicinc.com>
[ Upstream commit b8ba66b40da3230a8675cb5dd5c2dea5bce24d62 ]
Current MSI's mapping doesn't have all the vectors. This platform
supports 8 vectors each vector supports 32 MSI's, so total MSI's
supported is 256.
Add all the MSI groups supported for this PCIe instance in this platform.
Fixes: 92e0ee9f83b3 ("arm64: dts: qcom: sc7280: Add PCIe and PHY related nodes")
cc: stable@vger.kernel.org
Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com>
Link: https://lore.kernel.org/r/20231218-additional_msi-v1-1-de6917392684@quicinc.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sc7280.dtsi | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sc7280.dtsi b/arch/arm64/boot/dts/qcom/sc7280.dtsi
index 8e330d2e2e224..b75de7caaa7e5 100644
--- a/arch/arm64/boot/dts/qcom/sc7280.dtsi
+++ b/arch/arm64/boot/dts/qcom/sc7280.dtsi
@@ -2098,8 +2098,16 @@ pcie1: pci@1c08000 {
ranges = <0x01000000 0x0 0x00000000 0x0 0x40200000 0x0 0x100000>,
<0x02000000 0x0 0x40300000 0x0 0x40300000 0x0 0x1fd00000>;
- interrupts = <GIC_SPI 307 IRQ_TYPE_LEVEL_HIGH>;
- interrupt-names = "msi";
+ interrupts = <GIC_SPI 307 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 308 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 309 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 312 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 313 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 314 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 374 IRQ_TYPE_LEVEL_HIGH>,
+ <GIC_SPI 375 IRQ_TYPE_LEVEL_HIGH>;
+ interrupt-names = "msi0", "msi1", "msi2", "msi3",
+ "msi4", "msi5", "msi6", "msi7";
#interrupt-cells = <1>;
interrupt-map-mask = <0 0 0 0x7>;
interrupt-map = <0 0 0 1 &intc 0 0 0 434 IRQ_TYPE_LEVEL_HIGH>,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 008/396] remoteproc: virtio: Fix wdg cannot recovery remote processor
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 007/396] arm64: dts: qcom: sc7280: Add additional MSI interrupts Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 009/396] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Greg Kroah-Hartman
` (399 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Joakim Zhang, Arnaud Pouliquen,
Mathieu Poirier, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Joakim Zhang <joakim.zhang@cixtech.com>
[ Upstream commit b327c72753d6a78de37aed6c35756f2ef62897ee ]
Recovery remote processor failed when wdg irq received:
[ 0.842574] remoteproc remoteproc0: crash detected in cix-dsp-rproc: type watchdog
[ 0.842750] remoteproc remoteproc0: handling crash #1 in cix-dsp-rproc
[ 0.842824] remoteproc remoteproc0: recovering cix-dsp-rproc
[ 0.843342] remoteproc remoteproc0: stopped remote processor cix-dsp-rproc
[ 0.847901] rproc-virtio rproc-virtio.0.auto: Failed to associate buffer
[ 0.847979] remoteproc remoteproc0: failed to probe subdevices for cix-dsp-rproc: -16
The reason is that dma coherent mem would not be released when
recovering the remote processor, due to rproc_virtio_remove()
would not be called, where the mem released. It will fail when
it try to allocate and associate buffer again.
Releasing reserved memory from rproc_virtio_dev_release(), instead of
rproc_virtio_remove().
Fixes: 1d7b61c06dc3 ("remoteproc: virtio: Create platform device for the remoteproc_virtio")
Signed-off-by: Joakim Zhang <joakim.zhang@cixtech.com>
Acked-by: Arnaud Pouliquen <arnaud.pouliquen@foss.st.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231217053659.3245745-1-joakim.zhang@cixtech.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/remoteproc/remoteproc_virtio.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/remoteproc/remoteproc_virtio.c b/drivers/remoteproc/remoteproc_virtio.c
index 83d76915a6ad6..25b66b113b695 100644
--- a/drivers/remoteproc/remoteproc_virtio.c
+++ b/drivers/remoteproc/remoteproc_virtio.c
@@ -351,6 +351,9 @@ static void rproc_virtio_dev_release(struct device *dev)
kfree(vdev);
+ of_reserved_mem_device_release(&rvdev->pdev->dev);
+ dma_release_coherent_memory(&rvdev->pdev->dev);
+
put_device(&rvdev->pdev->dev);
}
@@ -584,9 +587,6 @@ static void rproc_virtio_remove(struct platform_device *pdev)
rproc_remove_subdev(rproc, &rvdev->subdev);
rproc_remove_rvdev(rvdev);
- of_reserved_mem_device_release(&pdev->dev);
- dma_release_coherent_memory(&pdev->dev);
-
put_device(&rproc->dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 009/396] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 008/396] remoteproc: virtio: Fix wdg cannot recovery remote processor Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 010/396] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Greg Kroah-Hartman
` (398 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam, Amit Pundir,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Amit Pundir <amit.pundir@linaro.org>
[ Upstream commit 1d9054e3a4fd36e2949e616f7360bdb81bcc1921 ]
With the addition of RPMh power domain to the GCC node in
device tree, we noticed a significant delay in getting the
UFS driver probed on AOSP which futher led to mount failures
because Android do not support rootwait. So adding a soft
dependency on RPMh power domain which informs modprobe to
load rpmhpd module before gcc-sdm845.
Cc: stable@vger.kernel.org # v5.4+
Fixes: 4b6ea15c0a11 ("arm64: dts: qcom: sdm845: Add missing RPMh power domain to GCC")
Suggested-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20240123062814.2555649-1-amit.pundir@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-sdm845.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/gcc-sdm845.c b/drivers/clk/qcom/gcc-sdm845.c
index 725cd52d2398e..ea4c3bf4fb9bf 100644
--- a/drivers/clk/qcom/gcc-sdm845.c
+++ b/drivers/clk/qcom/gcc-sdm845.c
@@ -4037,3 +4037,4 @@ module_exit(gcc_sdm845_exit);
MODULE_DESCRIPTION("QTI GCC SDM845 Driver");
MODULE_LICENSE("GPL v2");
MODULE_ALIAS("platform:gcc-sdm845");
+MODULE_SOFTDEP("pre: rpmhpd");
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 010/396] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 009/396] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Greg Kroah-Hartman
@ 2024-04-01 15:40 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 011/396] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Greg Kroah-Hartman
` (397 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:40 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Roberto Sassu, Casey Schaufler,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roberto Sassu <roberto.sassu@huawei.com>
[ Upstream commit 9c82169208dde516510aaba6bbd8b13976690c5d ]
Since the SMACK64TRANSMUTE xattr makes sense only for directories, enforce
this restriction in smack_inode_setxattr().
Cc: stable@vger.kernel.org
Fixes: 5c6d1125f8db ("Smack: Transmute labels on specified directories") # v2.6.38.x
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/smack/smack_lsm.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 1f1ea8529421f..0fe3ccec62a52 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1312,7 +1312,8 @@ static int smack_inode_setxattr(struct mnt_idmap *idmap,
check_star = 1;
} else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
check_priv = 1;
- if (size != TRANS_TRUE_SIZE ||
+ if (!S_ISDIR(d_backing_inode(dentry)->i_mode) ||
+ size != TRANS_TRUE_SIZE ||
strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
rc = -EINVAL;
} else
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 011/396] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2024-04-01 15:40 ` [PATCH 6.6 010/396] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 012/396] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Greg Kroah-Hartman
` (396 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Roberto Sassu, Casey Schaufler,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roberto Sassu <roberto.sassu@huawei.com>
[ Upstream commit ac02f007d64eb2769d0bde742aac4d7a5fc6e8a5 ]
If the SMACK64TRANSMUTE xattr is provided, and the inode is a directory,
update the in-memory inode flags by setting SMK_INODE_TRANSMUTE.
Cc: stable@vger.kernel.org
Fixes: 5c6d1125f8db ("Smack: Transmute labels on specified directories") # v2.6.38.x
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/smack/smack_lsm.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0fe3ccec62a52..e1e297deb02e6 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2854,6 +2854,15 @@ static int smack_inode_setsecurity(struct inode *inode, const char *name,
if (value == NULL || size > SMK_LONGLABEL || size == 0)
return -EINVAL;
+ if (strcmp(name, XATTR_SMACK_TRANSMUTE) == 0) {
+ if (!S_ISDIR(inode->i_mode) || size != TRANS_TRUE_SIZE ||
+ strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
+ return -EINVAL;
+
+ nsp->smk_flags |= SMK_INODE_TRANSMUTE;
+ return 0;
+ }
+
skp = smk_import_entry(value, size);
if (IS_ERR(skp))
return PTR_ERR(skp);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 012/396] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 011/396] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 013/396] drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Greg Kroah-Hartman
` (395 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Duje Mihanović,
Krzysztof Kozlowski, Andrew Lunn, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Duje Mihanović <duje.mihanovic@skole.hr>
[ Upstream commit 831e0cd4f9ee15a4f02ae10b67e7fdc10eb2b4fc ]
Fix an obvious spelling error in the PMIC compatible in the MMP2
Brownstone DTS file.
Fixes: 58f1193e6210 ("mfd: max8925: Add dts")
Cc: <stable@vger.kernel.org>
Signed-off-by: Duje Mihanović <duje.mihanovic@skole.hr>
Reported-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Closes: https://lore.kernel.org/linux-devicetree/1410884282-18041-1-git-send-email-k.kozlowski@samsung.com/
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20240125-brownstone-typo-fix-v2-1-45bc48a0c81c@skole.hr
[krzysztof: Just 10 years to take a patch, not bad! Rephrased commit
msg]
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/marvell/mmp2-brownstone.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm/boot/dts/marvell/mmp2-brownstone.dts b/arch/arm/boot/dts/marvell/mmp2-brownstone.dts
index 04f1ae1382e7a..bc64348b82185 100644
--- a/arch/arm/boot/dts/marvell/mmp2-brownstone.dts
+++ b/arch/arm/boot/dts/marvell/mmp2-brownstone.dts
@@ -28,7 +28,7 @@ &uart3 {
&twsi1 {
status = "okay";
pmic: max8925@3c {
- compatible = "maxium,max8925";
+ compatible = "maxim,max8925";
reg = <0x3c>;
interrupts = <1>;
interrupt-parent = <&intcmux4>;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 013/396] drm/vmwgfx: Fix possible null pointer derefence with invalid contexts
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 012/396] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 014/396] serial: max310x: fix NULL pointer dereference in I2C instantiation Greg Kroah-Hartman
` (394 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Niels De Graef, Zack Rusin,
Martin Krastev, Maaz Mombasawala, Ian Forbes,
Broadcom internal kernel review list, dri-devel, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zack Rusin <zack.rusin@broadcom.com>
[ Upstream commit 517621b7060096e48e42f545fa6646fc00252eac ]
vmw_context_cotable can return either an error or a null pointer and its
usage sometimes went unchecked. Subsequent code would then try to access
either a null pointer or an error value.
The invalid dereferences were only possible with malformed userspace
apps which never properly initialized the rendering contexts.
Check the results of vmw_context_cotable to fix the invalid derefs.
Thanks:
ziming zhang(@ezrak1e) from Ant Group Light-Year Security Lab
who was the first person to discover it.
Niels De Graef who reported it and helped to track down the poc.
Fixes: 9c079b8ce8bf ("drm/vmwgfx: Adapt execbuf to the new validation api")
Cc: <stable@vger.kernel.org> # v4.20+
Reported-by: Niels De Graef <ndegraef@redhat.com>
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Cc: Martin Krastev <martin.krastev@broadcom.com>
Cc: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Cc: Ian Forbes <ian.forbes@broadcom.com>
Cc: Broadcom internal kernel review list <bcm-kernel-feedback-list@broadcom.com>
Cc: dri-devel@lists.freedesktop.org
Reviewed-by: Maaz Mombasawala <maaz.mombasawala@broadcom.com>
Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240110200305.94086-1-zack.rusin@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
index 36987ef3fc300..5fef0b31c1179 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c
@@ -447,7 +447,7 @@ static int vmw_resource_context_res_add(struct vmw_private *dev_priv,
vmw_res_type(ctx) == vmw_res_dx_context) {
for (i = 0; i < cotable_max; ++i) {
res = vmw_context_cotable(ctx, i);
- if (IS_ERR(res))
+ if (IS_ERR_OR_NULL(res))
continue;
ret = vmw_execbuf_res_val_add(sw_context, res,
@@ -1266,6 +1266,8 @@ static int vmw_cmd_dx_define_query(struct vmw_private *dev_priv,
return -EINVAL;
cotable_res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_DXQUERY);
+ if (IS_ERR_OR_NULL(cotable_res))
+ return cotable_res ? PTR_ERR(cotable_res) : -EINVAL;
ret = vmw_cotable_notify(cotable_res, cmd->body.queryId);
return ret;
@@ -2484,6 +2486,8 @@ static int vmw_cmd_dx_view_define(struct vmw_private *dev_priv,
return ret;
res = vmw_context_cotable(ctx_node->ctx, vmw_view_cotables[view_type]);
+ if (IS_ERR_OR_NULL(res))
+ return res ? PTR_ERR(res) : -EINVAL;
ret = vmw_cotable_notify(res, cmd->defined_id);
if (unlikely(ret != 0))
return ret;
@@ -2569,8 +2573,8 @@ static int vmw_cmd_dx_so_define(struct vmw_private *dev_priv,
so_type = vmw_so_cmd_to_type(header->id);
res = vmw_context_cotable(ctx_node->ctx, vmw_so_cotables[so_type]);
- if (IS_ERR(res))
- return PTR_ERR(res);
+ if (IS_ERR_OR_NULL(res))
+ return res ? PTR_ERR(res) : -EINVAL;
cmd = container_of(header, typeof(*cmd), header);
ret = vmw_cotable_notify(res, cmd->defined_id);
@@ -2689,6 +2693,8 @@ static int vmw_cmd_dx_define_shader(struct vmw_private *dev_priv,
return -EINVAL;
res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_DXSHADER);
+ if (IS_ERR_OR_NULL(res))
+ return res ? PTR_ERR(res) : -EINVAL;
ret = vmw_cotable_notify(res, cmd->body.shaderId);
if (ret)
return ret;
@@ -3010,6 +3016,8 @@ static int vmw_cmd_dx_define_streamoutput(struct vmw_private *dev_priv,
}
res = vmw_context_cotable(ctx_node->ctx, SVGA_COTABLE_STREAMOUTPUT);
+ if (IS_ERR_OR_NULL(res))
+ return res ? PTR_ERR(res) : -EINVAL;
ret = vmw_cotable_notify(res, cmd->body.soid);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 014/396] serial: max310x: fix NULL pointer dereference in I2C instantiation
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 013/396] drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 015/396] drm/vmwgfx: Fix the lifetime of the bo cursor memory Greg Kroah-Hartman
` (393 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Andy Shevchenko, Hugo Villeneuve,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
[ Upstream commit 0d27056c24efd3d63a03f3edfbcfc4827086b110 ]
When trying to instantiate a max14830 device from userspace:
echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device
we get the following error:
Unable to handle kernel NULL pointer dereference at virtual address...
...
Call trace:
max310x_i2c_probe+0x48/0x170 [max310x]
i2c_device_probe+0x150/0x2a0
...
Add check for validity of devtype to prevent the error, and abort probe
with a meaningful error message.
Fixes: 2e1f2d9a9bdb ("serial: max310x: implement I2C support")
Cc: stable@vger.kernel.org
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Link: https://lore.kernel.org/r/20240118152213.2644269-2-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/max310x.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/max310x.c b/drivers/tty/serial/max310x.c
index 4814aa310dcc5..e339abff926d3 100644
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -1635,13 +1635,16 @@ static unsigned short max310x_i2c_slave_addr(unsigned short addr,
static int max310x_i2c_probe(struct i2c_client *client)
{
- const struct max310x_devtype *devtype =
- device_get_match_data(&client->dev);
+ const struct max310x_devtype *devtype;
struct i2c_client *port_client;
struct regmap *regmaps[4];
unsigned int i;
u8 port_addr;
+ devtype = device_get_match_data(&client->dev);
+ if (!devtype)
+ return dev_err_probe(&client->dev, -ENODEV, "Failed to match device\n");
+
if (client->addr < devtype->slave_addr.min ||
client->addr > devtype->slave_addr.max)
return dev_err_probe(&client->dev, -EINVAL,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 015/396] drm/vmwgfx: Fix the lifetime of the bo cursor memory
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 014/396] serial: max310x: fix NULL pointer dereference in I2C instantiation Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 016/396] pci_iounmap(): Fix MMIO mapping leak Greg Kroah-Hartman
` (392 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Zack Rusin, Martin Krastev,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zack Rusin <zack.rusin@broadcom.com>
[ Upstream commit 9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76 ]
The cleanup can be dispatched while the atomic update is still active,
which means that the memory acquired in the atomic update needs to
not be invalidated by the cleanup. The buffer objects in vmw_plane_state
instead of using the builtin map_and_cache were trying to handle
the lifetime of the mapped memory themselves, leading to crashes.
Use the map_and_cache instead of trying to manage the lifetime of the
buffer objects held by the vmw_plane_state.
Fixes kernel oops'es in IGT's kms_cursor_legacy forked-bo.
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Fixes: bb6780aa5a1d ("drm/vmwgfx: Diff cursors when using cmds")
Cc: <stable@vger.kernel.org> # v6.2+
Reviewed-by: Martin Krastev <martin.krastev@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240126200804.732454-6-zack.rusin@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 13 +------------
1 file changed, 1 insertion(+), 12 deletions(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
index 496ff2a6144c1..5681a1b42aa24 100644
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_kms.c
@@ -184,13 +184,12 @@ static u32 vmw_du_cursor_mob_size(u32 w, u32 h)
*/
static u32 *vmw_du_cursor_plane_acquire_image(struct vmw_plane_state *vps)
{
- bool is_iomem;
if (vps->surf) {
if (vps->surf_mapped)
return vmw_bo_map_and_cache(vps->surf->res.guest_memory_bo);
return vps->surf->snooper.image;
} else if (vps->bo)
- return ttm_kmap_obj_virtual(&vps->bo->map, &is_iomem);
+ return vmw_bo_map_and_cache(vps->bo);
return NULL;
}
@@ -652,22 +651,12 @@ vmw_du_cursor_plane_cleanup_fb(struct drm_plane *plane,
{
struct vmw_cursor_plane *vcp = vmw_plane_to_vcp(plane);
struct vmw_plane_state *vps = vmw_plane_state_to_vps(old_state);
- bool is_iomem;
if (vps->surf_mapped) {
vmw_bo_unmap(vps->surf->res.guest_memory_bo);
vps->surf_mapped = false;
}
- if (vps->bo && ttm_kmap_obj_virtual(&vps->bo->map, &is_iomem)) {
- const int ret = ttm_bo_reserve(&vps->bo->tbo, true, false, NULL);
-
- if (likely(ret == 0)) {
- ttm_bo_kunmap(&vps->bo->map);
- ttm_bo_unreserve(&vps->bo->tbo);
- }
- }
-
vmw_du_cursor_plane_unmap_cm(vps);
vmw_du_put_cursor_mob(vcp, vps);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 016/396] pci_iounmap(): Fix MMIO mapping leak
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 015/396] drm/vmwgfx: Fix the lifetime of the bo cursor memory Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 017/396] media: xc4000: Fix atomicity violation in xc4000_get_frequency Greg Kroah-Hartman
` (391 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Danilo Krummrich, Arnd Bergmann,
Philipp Stanner, Bjorn Helgaas, Arnd Bergmann, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philipp Stanner <pstanner@redhat.com>
[ Upstream commit 7626913652cc786c238e2dd7d8740b17d41b2637 ]
The #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),
which means MMIO mappings are leaked.
Move the guard so we call iounmap() for MMIO mappings.
Fixes: 316e8d79a095 ("pci_iounmap'2: Electric Boogaloo: try to make sense of it all")
Link: https://lore.kernel.org/r/20240131090023.12331-2-pstanner@redhat.com
Reported-by: Danilo Krummrich <dakr@redhat.com>
Suggested-by: Arnd Bergmann <arnd@kernel.org>
Signed-off-by: Philipp Stanner <pstanner@redhat.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Cc: <stable@vger.kernel.org> # v5.15+
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/pci_iomap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/pci_iomap.c b/lib/pci_iomap.c
index ce39ce9f3526e..2829ddb0e316b 100644
--- a/lib/pci_iomap.c
+++ b/lib/pci_iomap.c
@@ -170,8 +170,8 @@ void pci_iounmap(struct pci_dev *dev, void __iomem *p)
if (addr >= start && addr < start + IO_SPACE_LIMIT)
return;
- iounmap(p);
#endif
+ iounmap(p);
}
EXPORT_SYMBOL(pci_iounmap);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 017/396] media: xc4000: Fix atomicity violation in xc4000_get_frequency
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 016/396] pci_iounmap(): Fix MMIO mapping leak Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 018/396] media: mc: Add local pad to pipeline regardless of the link state Greg Kroah-Hartman
` (390 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, BassCheck, Gui-Dong Han,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gui-Dong Han <2045gemini@gmail.com>
[ Upstream commit 36d503ad547d1c75758a6fcdbec2806f1b6aeb41 ]
In xc4000_get_frequency():
*freq = priv->freq_hz + priv->freq_offset;
The code accesses priv->freq_hz and priv->freq_offset without holding any
lock.
In xc4000_set_params():
// Code that updates priv->freq_hz and priv->freq_offset
...
xc4000_get_frequency() and xc4000_set_params() may execute concurrently,
risking inconsistent reads of priv->freq_hz and priv->freq_offset. Since
these related data may update during reading, it can result in incorrect
frequency calculation, leading to atomicity violations.
This possible bug is found by an experimental static analysis tool
developed by our team, BassCheck[1]. This tool analyzes the locking APIs
to extract function pairs that can be concurrently executed, and then
analyzes the instructions in the paired functions to identify possible
concurrency bugs including data races and atomicity violations. The above
possible bug is reported when our tool analyzes the source code of
Linux 6.2.
To address this issue, it is proposed to add a mutex lock pair in
xc4000_get_frequency() to ensure atomicity. With this patch applied, our
tool no longer reports the possible bug, with the kernel configuration
allyesconfig for x86_64. Due to the lack of associated hardware, we cannot
test the patch in runtime testing, and just verify it according to the
code logic.
[1] https://sites.google.com/view/basscheck/
Fixes: 4c07e32884ab ("[media] xc4000: Fix get_frequency()")
Cc: stable@vger.kernel.org
Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Gui-Dong Han <2045gemini@gmail.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/tuners/xc4000.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/tuners/xc4000.c b/drivers/media/tuners/xc4000.c
index 57ded9ff3f043..29bc63021c5aa 100644
--- a/drivers/media/tuners/xc4000.c
+++ b/drivers/media/tuners/xc4000.c
@@ -1515,10 +1515,10 @@ static int xc4000_get_frequency(struct dvb_frontend *fe, u32 *freq)
{
struct xc4000_priv *priv = fe->tuner_priv;
+ mutex_lock(&priv->lock);
*freq = priv->freq_hz + priv->freq_offset;
if (debug) {
- mutex_lock(&priv->lock);
if ((priv->cur_fw.type
& (BASE | FM | DTV6 | DTV7 | DTV78 | DTV8)) == BASE) {
u16 snr = 0;
@@ -1529,8 +1529,8 @@ static int xc4000_get_frequency(struct dvb_frontend *fe, u32 *freq)
return 0;
}
}
- mutex_unlock(&priv->lock);
}
+ mutex_unlock(&priv->lock);
dprintk(1, "%s()\n", __func__);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 018/396] media: mc: Add local pad to pipeline regardless of the link state
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 017/396] media: xc4000: Fix atomicity violation in xc4000_get_frequency Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 019/396] media: mc: Fix flags handling when creating pad links Greg Kroah-Hartman
` (389 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Frieder Schrempf, Laurent Pinchart,
Sakari Ailus, Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit 78f0daa026d4c5e192d31801d1be6caf88250220 ]
When building pipelines by following links, the
media_pipeline_explore_next_link() function only traverses enabled
links. The remote pad of a disabled link is not added to the pipeline,
and neither is the local pad. While the former is correct as disabled
links should not be followed, not adding the local pad breaks processing
of the MEDIA_PAD_FL_MUST_CONNECT flag.
The MEDIA_PAD_FL_MUST_CONNECT flag is checked in the
__media_pipeline_start() function that iterates over all pads after
populating the pipeline. If the pad is not present, the check gets
skipped, rendering it useless.
Fix this by adding the local pad of all links regardless of their state,
only skipping the remote pad for disabled links.
Cc: stable@vger.kernel.org # 6.1
Fixes: ae219872834a ("media: mc: entity: Rewrite media_pipeline_start()")
Reported-by: Frieder Schrempf <frieder.schrempf@kontron.de>
Closes: https://lore.kernel.org/linux-media/7658a15a-80c5-219f-2477-2a94ba6c6ba1@kontron.de
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/mc/mc-entity.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c
index 83468d4a440b3..737fc14e92dd3 100644
--- a/drivers/media/mc/mc-entity.c
+++ b/drivers/media/mc/mc-entity.c
@@ -607,13 +607,6 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
link->source->entity->name, link->source->index,
link->sink->entity->name, link->sink->index);
- /* Skip links that are not enabled. */
- if (!(link->flags & MEDIA_LNK_FL_ENABLED)) {
- dev_dbg(walk->mdev->dev,
- "media pipeline: skipping link (disabled)\n");
- return 0;
- }
-
/* Get the local pad and remote pad. */
if (link->source->entity == pad->entity) {
local = link->source;
@@ -635,13 +628,20 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
}
/*
- * Add the local and remote pads of the link to the pipeline and push
- * them to the stack, if they're not already present.
+ * Add the local pad of the link to the pipeline and push it to the
+ * stack, if not already present.
*/
ret = media_pipeline_add_pad(pipe, walk, local);
if (ret)
return ret;
+ /* Similarly, add the remote pad, but only if the link is enabled. */
+ if (!(link->flags & MEDIA_LNK_FL_ENABLED)) {
+ dev_dbg(walk->mdev->dev,
+ "media pipeline: skipping link (disabled)\n");
+ return 0;
+ }
+
ret = media_pipeline_add_pad(pipe, walk, remote);
if (ret)
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 019/396] media: mc: Fix flags handling when creating pad links
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 018/396] media: mc: Add local pad to pipeline regardless of the link state Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 020/396] media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Greg Kroah-Hartman
` (388 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Sakari Ailus,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit 422f7af75d03d50895938d38bc9cb8be759c440f ]
The media_create_pad_link() function doesn't correctly clear reject link
type flags, nor does it set the DATA_LINK flag. It only works because
the MEDIA_LNK_FL_DATA_LINK flag's value is 0.
Fix it by returning an error if any link type flag is set. This doesn't
introduce any regression, as nobody calls the media_create_pad_link()
function with link type flags (easily checked by grepping for the flag
in the source code, there are very few hits).
Set the MEDIA_LNK_FL_DATA_LINK explicitly, which is a no-op that the
compiler will optimize out, but is still useful to make the code more
explicit and easier to understand.
Cc: stable@vger.kernel.org # 6.1
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/mc/mc-entity.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c
index 737fc14e92dd3..330d876f41945 100644
--- a/drivers/media/mc/mc-entity.c
+++ b/drivers/media/mc/mc-entity.c
@@ -1079,6 +1079,11 @@ media_create_pad_link(struct media_entity *source, u16 source_pad,
struct media_link *link;
struct media_link *backlink;
+ if (flags & MEDIA_LNK_FL_LINK_TYPE)
+ return -EINVAL;
+
+ flags |= MEDIA_LNK_FL_DATA_LINK;
+
if (WARN_ON(!source || !sink) ||
WARN_ON(source_pad >= source->num_pads) ||
WARN_ON(sink_pad >= sink->num_pads))
@@ -1094,7 +1099,7 @@ media_create_pad_link(struct media_entity *source, u16 source_pad,
link->source = &source->pads[source_pad];
link->sink = &sink->pads[sink_pad];
- link->flags = flags & ~MEDIA_LNK_FL_INTERFACE_LINK;
+ link->flags = flags;
/* Initialize graph object embedded at the new link */
media_gobj_create(source->graph_obj.mdev, MEDIA_GRAPH_LINK,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 020/396] media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 019/396] media: mc: Fix flags handling when creating pad links Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 021/396] media: mc: Add num_links flag to media_pad Greg Kroah-Hartman
` (387 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Vasut, Kieran Bingham,
Fabio Estevam, Laurent Pinchart, Sakari Ailus, Hans Verkuil,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Vasut <marex@denx.de>
[ Upstream commit eb2f932100288dbb881eadfed02e1459c6b9504c ]
When translating source to sink streams in the crossbar subdev, the
driver tries to locate the remote subdev connected to the sink pad. The
remote pad may be NULL, if userspace tries to enable a stream that ends
at an unconnected crossbar sink. When that occurs, the driver
dereferences the NULL pad, leading to a crash.
Prevent the crash by checking if the pad is NULL before using it, and
return an error if it is.
Cc: stable@vger.kernel.org # 6.1
Fixes: cf21f328fcaf ("media: nxp: Add i.MX8 ISI driver")
Signed-off-by: Marek Vasut <marex@denx.de>
Reviewed-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Fabio Estevam <festevam@gmail.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Link: https://lore.kernel.org/r/20231201150614.63300-1-marex@denx.de
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c b/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
index 792f031e032ae..44354931cf8a1 100644
--- a/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
+++ b/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
@@ -160,8 +160,14 @@ mxc_isi_crossbar_xlate_streams(struct mxc_isi_crossbar *xbar,
}
pad = media_pad_remote_pad_first(&xbar->pads[sink_pad]);
- sd = media_entity_to_v4l2_subdev(pad->entity);
+ if (!pad) {
+ dev_dbg(xbar->isi->dev,
+ "no pad connected to crossbar input %u\n",
+ sink_pad);
+ return ERR_PTR(-EPIPE);
+ }
+ sd = media_entity_to_v4l2_subdev(pad->entity);
if (!sd) {
dev_dbg(xbar->isi->dev,
"no entity connected to crossbar input %u\n",
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 021/396] media: mc: Add num_links flag to media_pad
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 020/396] media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 022/396] media: mc: Rename pad variable to clarify intent Greg Kroah-Hartman
` (386 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Sakari Ailus,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit baeddf94aa61879b118f2faa37ed126d772670cc ]
Maintain a counter of the links connected to a pad in the media_pad
structure. This helps checking if a pad is connected to anything, which
will be used in the pipeline building code.
Cc: stable@vger.kernel.org # 6.1
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/mc/mc-entity.c | 6 ++++++
include/media/media-entity.h | 2 ++
2 files changed, 8 insertions(+)
diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c
index 330d876f41945..c5f44cbf9f877 100644
--- a/drivers/media/mc/mc-entity.c
+++ b/drivers/media/mc/mc-entity.c
@@ -1025,6 +1025,9 @@ static void __media_entity_remove_link(struct media_entity *entity,
/* Remove the reverse links for a data link. */
if ((link->flags & MEDIA_LNK_FL_LINK_TYPE) == MEDIA_LNK_FL_DATA_LINK) {
+ link->source->num_links--;
+ link->sink->num_links--;
+
if (link->source->entity == entity)
remote = link->sink->entity;
else
@@ -1130,6 +1133,9 @@ media_create_pad_link(struct media_entity *source, u16 source_pad,
sink->num_links++;
source->num_links++;
+ link->source->num_links++;
+ link->sink->num_links++;
+
return 0;
}
EXPORT_SYMBOL_GPL(media_create_pad_link);
diff --git a/include/media/media-entity.h b/include/media/media-entity.h
index 2b6cd343ee9e0..4d95893c89846 100644
--- a/include/media/media-entity.h
+++ b/include/media/media-entity.h
@@ -225,6 +225,7 @@ enum media_pad_signal_type {
* @graph_obj: Embedded structure containing the media object common data
* @entity: Entity this pad belongs to
* @index: Pad index in the entity pads array, numbered from 0 to n
+ * @num_links: Number of links connected to this pad
* @sig_type: Type of the signal inside a media pad
* @flags: Pad flags, as defined in
* :ref:`include/uapi/linux/media.h <media_header>`
@@ -236,6 +237,7 @@ struct media_pad {
struct media_gobj graph_obj; /* must be first field in struct */
struct media_entity *entity;
u16 index;
+ u16 num_links;
enum media_pad_signal_type sig_type;
unsigned long flags;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 022/396] media: mc: Rename pad variable to clarify intent
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 021/396] media: mc: Add num_links flag to media_pad Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 023/396] media: mc: Expand MUST_CONNECT flag to always require an enabled link Greg Kroah-Hartman
` (385 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Sakari Ailus,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit 9ec9109cf9f611e3ec9ed0355afcc7aae5e73176 ]
The pad local variable in the media_pipeline_explore_next_link()
function is used to store the pad through which the entity has been
reached. Rename it to origin to reflect that and make the code easier to
read. This will be even more important in subsequent commits when
expanding the function with additional logic.
Cc: stable@vger.kernel.org # 6.1
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/mc/mc-entity.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c
index c5f44cbf9f877..7da899bc9d08f 100644
--- a/drivers/media/mc/mc-entity.c
+++ b/drivers/media/mc/mc-entity.c
@@ -592,13 +592,13 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
struct media_pipeline_walk *walk)
{
struct media_pipeline_walk_entry *entry = media_pipeline_walk_top(walk);
- struct media_pad *pad;
+ struct media_pad *origin;
struct media_link *link;
struct media_pad *local;
struct media_pad *remote;
int ret;
- pad = entry->pad;
+ origin = entry->pad;
link = list_entry(entry->links, typeof(*link), list);
media_pipeline_walk_pop(walk);
@@ -608,7 +608,7 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
link->sink->entity->name, link->sink->index);
/* Get the local pad and remote pad. */
- if (link->source->entity == pad->entity) {
+ if (link->source->entity == origin->entity) {
local = link->source;
remote = link->sink;
} else {
@@ -620,8 +620,9 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
* Skip links that originate from a different pad than the incoming pad
* that is not connected internally in the entity to the incoming pad.
*/
- if (pad != local &&
- !media_entity_has_pad_interdep(pad->entity, pad->index, local->index)) {
+ if (origin != local &&
+ !media_entity_has_pad_interdep(origin->entity, origin->index,
+ local->index)) {
dev_dbg(walk->mdev->dev,
"media pipeline: skipping link (no route)\n");
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 023/396] media: mc: Expand MUST_CONNECT flag to always require an enabled link
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 022/396] media: mc: Rename pad variable to clarify intent Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 024/396] media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Greg Kroah-Hartman
` (384 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Sakari Ailus,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit b3decc5ce7d778224d266423b542326ad469cb5f ]
The MEDIA_PAD_FL_MUST_CONNECT flag indicates that the pad requires an
enabled link to stream, but only if it has any link at all. This makes
little sense, as if a pad is part of a pipeline, there are very few use
cases for an active link to be mandatory only if links exist at all. A
review of in-tree drivers confirms they all need an enabled link for
pads marked with the MEDIA_PAD_FL_MUST_CONNECT flag.
Expand the scope of the flag by rejecting pads that have no links at
all. This requires modifying the pipeline build code to add those pads
to the pipeline.
Cc: stable@vger.kernel.org # 6.1
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../media/mediactl/media-types.rst | 11 ++--
drivers/media/mc/mc-entity.c | 53 +++++++++++++++----
2 files changed, 48 insertions(+), 16 deletions(-)
diff --git a/Documentation/userspace-api/media/mediactl/media-types.rst b/Documentation/userspace-api/media/mediactl/media-types.rst
index 0ffeece1e0c8e..6332e8395263b 100644
--- a/Documentation/userspace-api/media/mediactl/media-types.rst
+++ b/Documentation/userspace-api/media/mediactl/media-types.rst
@@ -375,12 +375,11 @@ Types and flags used to represent the media graph elements
are origins of links.
* - ``MEDIA_PAD_FL_MUST_CONNECT``
- - If this flag is set and the pad is linked to any other pad, then
- at least one of those links must be enabled for the entity to be
- able to stream. There could be temporary reasons (e.g. device
- configuration dependent) for the pad to need enabled links even
- when this flag isn't set; the absence of the flag doesn't imply
- there is none.
+ - If this flag is set, then for this pad to be able to stream, it must
+ be connected by at least one enabled link. There could be temporary
+ reasons (e.g. device configuration dependent) for the pad to need
+ enabled links even when this flag isn't set; the absence of the flag
+ doesn't imply there is none.
One and only one of ``MEDIA_PAD_FL_SINK`` and ``MEDIA_PAD_FL_SOURCE``
diff --git a/drivers/media/mc/mc-entity.c b/drivers/media/mc/mc-entity.c
index 7da899bc9d08f..21c354067f44a 100644
--- a/drivers/media/mc/mc-entity.c
+++ b/drivers/media/mc/mc-entity.c
@@ -522,14 +522,15 @@ static int media_pipeline_walk_push(struct media_pipeline_walk *walk,
/*
* Move the top entry link cursor to the next link. If all links of the entry
- * have been visited, pop the entry itself.
+ * have been visited, pop the entry itself. Return true if the entry has been
+ * popped.
*/
-static void media_pipeline_walk_pop(struct media_pipeline_walk *walk)
+static bool media_pipeline_walk_pop(struct media_pipeline_walk *walk)
{
struct media_pipeline_walk_entry *entry;
if (WARN_ON(walk->stack.top < 0))
- return;
+ return false;
entry = media_pipeline_walk_top(walk);
@@ -539,7 +540,7 @@ static void media_pipeline_walk_pop(struct media_pipeline_walk *walk)
walk->stack.top);
walk->stack.top--;
- return;
+ return true;
}
entry->links = entry->links->next;
@@ -547,6 +548,8 @@ static void media_pipeline_walk_pop(struct media_pipeline_walk *walk)
dev_dbg(walk->mdev->dev,
"media pipeline: moved entry %u to next link\n",
walk->stack.top);
+
+ return false;
}
/* Free all memory allocated while walking the pipeline. */
@@ -596,11 +599,12 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
struct media_link *link;
struct media_pad *local;
struct media_pad *remote;
+ bool last_link;
int ret;
origin = entry->pad;
link = list_entry(entry->links, typeof(*link), list);
- media_pipeline_walk_pop(walk);
+ last_link = media_pipeline_walk_pop(walk);
dev_dbg(walk->mdev->dev,
"media pipeline: exploring link '%s':%u -> '%s':%u\n",
@@ -625,7 +629,7 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
local->index)) {
dev_dbg(walk->mdev->dev,
"media pipeline: skipping link (no route)\n");
- return 0;
+ goto done;
}
/*
@@ -640,13 +644,44 @@ static int media_pipeline_explore_next_link(struct media_pipeline *pipe,
if (!(link->flags & MEDIA_LNK_FL_ENABLED)) {
dev_dbg(walk->mdev->dev,
"media pipeline: skipping link (disabled)\n");
- return 0;
+ goto done;
}
ret = media_pipeline_add_pad(pipe, walk, remote);
if (ret)
return ret;
+done:
+ /*
+ * If we're done iterating over links, iterate over pads of the entity.
+ * This is necessary to discover pads that are not connected with any
+ * link. Those are dead ends from a pipeline exploration point of view,
+ * but are still part of the pipeline and need to be added to enable
+ * proper validation.
+ */
+ if (!last_link)
+ return 0;
+
+ dev_dbg(walk->mdev->dev,
+ "media pipeline: adding unconnected pads of '%s'\n",
+ local->entity->name);
+
+ media_entity_for_each_pad(origin->entity, local) {
+ /*
+ * Skip the origin pad (already handled), pad that have links
+ * (already discovered through iterating over links) and pads
+ * not internally connected.
+ */
+ if (origin == local || !local->num_links ||
+ !media_entity_has_pad_interdep(origin->entity, origin->index,
+ local->index))
+ continue;
+
+ ret = media_pipeline_add_pad(pipe, walk, local);
+ if (ret)
+ return ret;
+ }
+
return 0;
}
@@ -758,7 +793,6 @@ __must_check int __media_pipeline_start(struct media_pad *pad,
struct media_pad *pad = ppad->pad;
struct media_entity *entity = pad->entity;
bool has_enabled_link = false;
- bool has_link = false;
struct media_link *link;
dev_dbg(mdev->dev, "Validating pad '%s':%u\n", pad->entity->name,
@@ -788,7 +822,6 @@ __must_check int __media_pipeline_start(struct media_pad *pad,
/* Record if the pad has links and enabled links. */
if (link->flags & MEDIA_LNK_FL_ENABLED)
has_enabled_link = true;
- has_link = true;
/*
* Validate the link if it's enabled and has the
@@ -826,7 +859,7 @@ __must_check int __media_pipeline_start(struct media_pad *pad,
* 3. If the pad has the MEDIA_PAD_FL_MUST_CONNECT flag set,
* ensure that it has either no link or an enabled link.
*/
- if ((pad->flags & MEDIA_PAD_FL_MUST_CONNECT) && has_link &&
+ if ((pad->flags & MEDIA_PAD_FL_MUST_CONNECT) &&
!has_enabled_link) {
dev_dbg(mdev->dev,
"Pad '%s':%u must be connected by an enabled link\n",
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 024/396] media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 023/396] media: mc: Expand MUST_CONNECT flag to always require an enabled link Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 025/396] KVM: Always flush async #PF workqueue when vCPU is being destroyed Greg Kroah-Hartman
` (383 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Laurent Pinchart, Sakari Ailus,
Hans Verkuil, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
[ Upstream commit 9b71021b2ea537632b01e51e3f003df24a637858 ]
All the sink pads of the crossbar switch require an active link if
they're part of the pipeline. Mark them with the
MEDIA_PAD_FL_MUST_CONNECT flag to fail pipeline validation if they're
not connected. This allows removing a manual check when translating
streams.
Cc: stable@vger.kernel.org # 6.1
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../media/platform/nxp/imx8-isi/imx8-isi-crossbar.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c b/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
index 44354931cf8a1..c9a4d091b5707 100644
--- a/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
+++ b/drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c
@@ -160,13 +160,6 @@ mxc_isi_crossbar_xlate_streams(struct mxc_isi_crossbar *xbar,
}
pad = media_pad_remote_pad_first(&xbar->pads[sink_pad]);
- if (!pad) {
- dev_dbg(xbar->isi->dev,
- "no pad connected to crossbar input %u\n",
- sink_pad);
- return ERR_PTR(-EPIPE);
- }
-
sd = media_entity_to_v4l2_subdev(pad->entity);
if (!sd) {
dev_dbg(xbar->isi->dev,
@@ -471,7 +464,8 @@ int mxc_isi_crossbar_init(struct mxc_isi_dev *isi)
}
for (i = 0; i < xbar->num_sinks; ++i)
- xbar->pads[i].flags = MEDIA_PAD_FL_SINK;
+ xbar->pads[i].flags = MEDIA_PAD_FL_SINK
+ | MEDIA_PAD_FL_MUST_CONNECT;
for (i = 0; i < xbar->num_sources; ++i)
xbar->pads[i + xbar->num_sinks].flags = MEDIA_PAD_FL_SOURCE;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 025/396] KVM: Always flush async #PF workqueue when vCPU is being destroyed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 024/396] media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 026/396] arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Greg Kroah-Hartman
` (382 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, David Matlack, Xu Yilun,
Vitaly Kuznetsov, Sean Christopherson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit 3d75b8aa5c29058a512db29da7cbee8052724157 ]
Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its
completion queue, e.g. when a VM and all its vCPUs is being destroyed.
KVM must ensure that none of its workqueue callbacks is running when the
last reference to the KVM _module_ is put. Gifting a reference to the
associated VM prevents the workqueue callback from dereferencing freed
vCPU/VM memory, but does not prevent the KVM module from being unloaded
before the callback completes.
Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from
async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will
result in deadlock. async_pf_execute() can't return until kvm_put_kvm()
finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes:
WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]
Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass
CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Workqueue: events async_pf_execute [kvm]
RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]
Call Trace:
<TASK>
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
---[ end trace 0000000000000000 ]---
INFO: task kworker/8:1:251 blocked for more than 120 seconds.
Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000
Workqueue: events async_pf_execute [kvm]
Call Trace:
<TASK>
__schedule+0x33f/0xa40
schedule+0x53/0xc0
schedule_timeout+0x12a/0x140
__wait_for_common+0x8d/0x1d0
__flush_work.isra.0+0x19f/0x2c0
kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]
kvm_arch_destroy_vm+0x78/0x1b0 [kvm]
kvm_put_kvm+0x1c1/0x320 [kvm]
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
If kvm_clear_async_pf_completion_queue() actually flushes the workqueue,
then there's no need to gift async_pf_execute() a reference because all
invocations of async_pf_execute() will be forced to complete before the
vCPU and its VM are destroyed/freed. And that in turn fixes the module
unloading bug as __fput() won't do module_put() on the last vCPU reference
until the vCPU has been freed, e.g. if closing the vCPU file also puts the
last reference to the KVM module.
Note that kvm_check_async_pf_completion() may also take the work item off
the completion queue and so also needs to flush the work queue, as the
work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting
on the workqueue could theoretically delay a vCPU due to waiting for the
work to complete, but that's a very, very small chance, and likely a very
small delay. kvm_arch_async_page_present_queued() unconditionally makes a
new request, i.e. will effectively delay entering the guest, so the
remaining work is really just:
trace_kvm_async_pf_completed(addr, cr2_or_gpa);
__kvm_vcpu_wake_up(vcpu);
mmput(mm);
and mmput() can't drop the last reference to the page tables if the vCPU is
still alive, i.e. the vCPU won't get stuck tearing down page tables.
Add a helper to do the flushing, specifically to deal with "wakeup all"
work items, as they aren't actually work items, i.e. are never placed in a
workqueue. Trying to flush a bogus workqueue entry rightly makes
__flush_work() complain (kudos to whoever added that sanity check).
Note, commit 5f6de5cbebee ("KVM: Prevent module exit until all VMs are
freed") *tried* to fix the module refcounting issue by having VMs grab a
reference to the module, but that only made the bug slightly harder to hit
as it gave async_pf_execute() a bit more time to complete before the KVM
module could be unloaded.
Fixes: af585b921e5d ("KVM: Halt vcpu if page it tries to access is swapped out")
Cc: stable@vger.kernel.org
Cc: David Matlack <dmatlack@google.com>
Reviewed-by: Xu Yilun <yilun.xu@intel.com>
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Link: https://lore.kernel.org/r/20240110011533.503302-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
virt/kvm/async_pf.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
diff --git a/virt/kvm/async_pf.c b/virt/kvm/async_pf.c
index e033c79d528e0..28658b9e0d968 100644
--- a/virt/kvm/async_pf.c
+++ b/virt/kvm/async_pf.c
@@ -87,7 +87,27 @@ static void async_pf_execute(struct work_struct *work)
__kvm_vcpu_wake_up(vcpu);
mmput(mm);
- kvm_put_kvm(vcpu->kvm);
+}
+
+static void kvm_flush_and_free_async_pf_work(struct kvm_async_pf *work)
+{
+ /*
+ * The async #PF is "done", but KVM must wait for the work item itself,
+ * i.e. async_pf_execute(), to run to completion. If KVM is a module,
+ * KVM must ensure *no* code owned by the KVM (the module) can be run
+ * after the last call to module_put(). Note, flushing the work item
+ * is always required when the item is taken off the completion queue.
+ * E.g. even if the vCPU handles the item in the "normal" path, the VM
+ * could be terminated before async_pf_execute() completes.
+ *
+ * Wake all events skip the queue and go straight done, i.e. don't
+ * need to be flushed (but sanity check that the work wasn't queued).
+ */
+ if (work->wakeup_all)
+ WARN_ON_ONCE(work->work.func);
+ else
+ flush_work(&work->work);
+ kmem_cache_free(async_pf_cache, work);
}
void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu)
@@ -114,7 +134,6 @@ void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu)
#else
if (cancel_work_sync(&work->work)) {
mmput(work->mm);
- kvm_put_kvm(vcpu->kvm); /* == work->vcpu->kvm */
kmem_cache_free(async_pf_cache, work);
}
#endif
@@ -126,7 +145,10 @@ void kvm_clear_async_pf_completion_queue(struct kvm_vcpu *vcpu)
list_first_entry(&vcpu->async_pf.done,
typeof(*work), link);
list_del(&work->link);
- kmem_cache_free(async_pf_cache, work);
+
+ spin_unlock(&vcpu->async_pf.lock);
+ kvm_flush_and_free_async_pf_work(work);
+ spin_lock(&vcpu->async_pf.lock);
}
spin_unlock(&vcpu->async_pf.lock);
@@ -151,7 +173,7 @@ void kvm_check_async_pf_completion(struct kvm_vcpu *vcpu)
list_del(&work->queue);
vcpu->async_pf.queued--;
- kmem_cache_free(async_pf_cache, work);
+ kvm_flush_and_free_async_pf_work(work);
}
}
@@ -186,7 +208,6 @@ bool kvm_setup_async_pf(struct kvm_vcpu *vcpu, gpa_t cr2_or_gpa,
work->arch = *arch;
work->mm = current->mm;
mmget(work->mm);
- kvm_get_kvm(work->vcpu->kvm);
INIT_WORK(&work->work, async_pf_execute);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 026/396] arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 025/396] KVM: Always flush async #PF workqueue when vCPU is being destroyed Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 027/396] arm64: dts: qcom: sm8550-mtp: " Greg Kroah-Hartman
` (381 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit 8ca7fbd92c1b28edb5d5df7aeb8bb4886ddb9829 ]
WCD9385 audio codec TX port mapping was copied form HDK8450, but in fact
it is offset by one. Correct it to fix recording via analogue
microphones.
Cc: stable@vger.kernel.org
Fixes: 83fae950c992 ("arm64: dts: qcom: sm8550-qrd: add WCD9385 audio-codec")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20240124164505.293202-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8550-qrd.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8550-qrd.dts b/arch/arm64/boot/dts/qcom/sm8550-qrd.dts
index 2c09ce8aeafd9..7a70cc5942797 100644
--- a/arch/arm64/boot/dts/qcom/sm8550-qrd.dts
+++ b/arch/arm64/boot/dts/qcom/sm8550-qrd.dts
@@ -835,7 +835,7 @@ &swr2 {
wcd_tx: codec@0,3 {
compatible = "sdw20217010d00";
reg = <0 3>;
- qcom,tx-port-mapping = <1 1 2 3>;
+ qcom,tx-port-mapping = <2 2 3 4>;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 027/396] arm64: dts: qcom: sm8550-mtp: correct WCD9385 TX port mapping
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 026/396] arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 028/396] cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Greg Kroah-Hartman
` (380 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Neil Armstrong,
Konrad Dybcio, Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
[ Upstream commit b66966b1bbc0aa58f7af83cbd56d5a206892857c ]
WCD9385 audio codec TX port mapping was copied form HDK8450, but in fact
it is offset by one. Correct it to fix recording via analogue
microphones.
The change is based on QRD8550 and should be correct here as well, but
was not tested on MTP8550.
Cc: stable@vger.kernel.org
Fixes: a541667c86a9 ("arm64: dts: qcom: sm8550-mtp: add WCD9385 audio-codec")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20240124164505.293202-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8550-mtp.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8550-mtp.dts b/arch/arm64/boot/dts/qcom/sm8550-mtp.dts
index f29cce5186acd..c4bfe43471f7c 100644
--- a/arch/arm64/boot/dts/qcom/sm8550-mtp.dts
+++ b/arch/arm64/boot/dts/qcom/sm8550-mtp.dts
@@ -743,7 +743,7 @@ &swr2 {
wcd_tx: codec@0,3 {
compatible = "sdw20217010d00";
reg = <0 3>;
- qcom,tx-port-mapping = <1 1 2 3>;
+ qcom,tx-port-mapping = <2 2 3 4>;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 028/396] cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 027/396] arm64: dts: qcom: sm8550-mtp: " Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 029/396] thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Greg Kroah-Hartman
` (379 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Oleksandr Natalenko, Perry Yuan,
Tor Vic, Mario Limonciello, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tor Vic <torvic9@mailbox.org>
[ Upstream commit b26ffbf800ae3c8d01bdf90d9cd8a37e1606ff06 ]
In the function amd_pstate_adjust_perf(), the 'min_perf' variable is set
to 'highest_perf' instead of 'lowest_perf'.
Fixes: 1d215f0319c2 ("cpufreq: amd-pstate: Add fast switch function for AMD P-State")
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Reviewed-by: Perry Yuan <Perry.Yuan@amd.com>
Signed-off-by: Tor Vic <torvic9@mailbox.org>
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Cc: 6.1+ <stable@vger.kernel.org> # 6.1+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/amd-pstate.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c
index 1791d37fbc53c..07f3419954396 100644
--- a/drivers/cpufreq/amd-pstate.c
+++ b/drivers/cpufreq/amd-pstate.c
@@ -570,7 +570,7 @@ static void amd_pstate_adjust_perf(unsigned int cpu,
if (target_perf < capacity)
des_perf = DIV_ROUND_UP(cap_perf * target_perf, capacity);
- min_perf = READ_ONCE(cpudata->highest_perf);
+ min_perf = READ_ONCE(cpudata->lowest_perf);
if (_min_perf < capacity)
min_perf = DIV_ROUND_UP(cap_perf * _min_perf, capacity);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 029/396] thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 028/396] cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 030/396] powercap: intel_rapl: Fix a NULL pointer dereference Greg Kroah-Hartman
` (378 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Stanislaw Gruszka,
Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit 7251b9e8a007ddd834aa81f8c7ea338884629fec ]
CPU temperature can be negative in some cases. Thus the negative CPU
temperature should not be considered as a failure.
Fix intel_tcc_get_temp() and its users to support negative CPU
temperature.
Fixes: a3c1f066e1c5 ("thermal/intel: Introduce Intel TCC library")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Reviewed-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Cc: 6.3+ <stable@vger.kernel.org> # 6.3+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../intel/int340x_thermal/processor_thermal_device.c | 8 ++++----
drivers/thermal/intel/intel_tcc.c | 12 ++++++------
drivers/thermal/intel/x86_pkg_temp_thermal.c | 8 ++++----
include/linux/intel_tcc.h | 2 +-
4 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/drivers/thermal/intel/int340x_thermal/processor_thermal_device.c b/drivers/thermal/intel/int340x_thermal/processor_thermal_device.c
index 3ca0a2f5937f2..cdf88cadfc4f1 100644
--- a/drivers/thermal/intel/int340x_thermal/processor_thermal_device.c
+++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_device.c
@@ -113,14 +113,14 @@ static int proc_thermal_get_zone_temp(struct thermal_zone_device *zone,
int *temp)
{
int cpu;
- int curr_temp;
+ int curr_temp, ret;
*temp = 0;
for_each_online_cpu(cpu) {
- curr_temp = intel_tcc_get_temp(cpu, false);
- if (curr_temp < 0)
- return curr_temp;
+ ret = intel_tcc_get_temp(cpu, &curr_temp, false);
+ if (ret < 0)
+ return ret;
if (!*temp || curr_temp > *temp)
*temp = curr_temp;
}
diff --git a/drivers/thermal/intel/intel_tcc.c b/drivers/thermal/intel/intel_tcc.c
index 2e5c741c41ca0..5e8b7f34b3951 100644
--- a/drivers/thermal/intel/intel_tcc.c
+++ b/drivers/thermal/intel/intel_tcc.c
@@ -103,18 +103,19 @@ EXPORT_SYMBOL_NS_GPL(intel_tcc_set_offset, INTEL_TCC);
/**
* intel_tcc_get_temp() - returns the current temperature
* @cpu: cpu that the MSR should be run on, nagative value means any cpu.
+ * @temp: pointer to the memory for saving cpu temperature.
* @pkg: true: Package Thermal Sensor. false: Core Thermal Sensor.
*
* Get the current temperature returned by the CPU core/package level
* thermal sensor, in degrees C.
*
- * Return: Temperature in degrees C on success, negative error code otherwise.
+ * Return: 0 on success, negative error code otherwise.
*/
-int intel_tcc_get_temp(int cpu, bool pkg)
+int intel_tcc_get_temp(int cpu, int *temp, bool pkg)
{
u32 low, high;
u32 msr = pkg ? MSR_IA32_PACKAGE_THERM_STATUS : MSR_IA32_THERM_STATUS;
- int tjmax, temp, err;
+ int tjmax, err;
tjmax = intel_tcc_get_tjmax(cpu);
if (tjmax < 0)
@@ -131,9 +132,8 @@ int intel_tcc_get_temp(int cpu, bool pkg)
if (!(low & BIT(31)))
return -ENODATA;
- temp = tjmax - ((low >> 16) & 0x7f);
+ *temp = tjmax - ((low >> 16) & 0x7f);
- /* Do not allow negative CPU temperature */
- return temp >= 0 ? temp : -ENODATA;
+ return 0;
}
EXPORT_SYMBOL_NS_GPL(intel_tcc_get_temp, INTEL_TCC);
diff --git a/drivers/thermal/intel/x86_pkg_temp_thermal.c b/drivers/thermal/intel/x86_pkg_temp_thermal.c
index 11a7f8108bbbf..61c3d450ee605 100644
--- a/drivers/thermal/intel/x86_pkg_temp_thermal.c
+++ b/drivers/thermal/intel/x86_pkg_temp_thermal.c
@@ -108,11 +108,11 @@ static struct zone_device *pkg_temp_thermal_get_dev(unsigned int cpu)
static int sys_get_curr_temp(struct thermal_zone_device *tzd, int *temp)
{
struct zone_device *zonedev = thermal_zone_device_priv(tzd);
- int val;
+ int val, ret;
- val = intel_tcc_get_temp(zonedev->cpu, true);
- if (val < 0)
- return val;
+ ret = intel_tcc_get_temp(zonedev->cpu, &val, true);
+ if (ret < 0)
+ return ret;
*temp = val * 1000;
pr_debug("sys_get_curr_temp %d\n", *temp);
diff --git a/include/linux/intel_tcc.h b/include/linux/intel_tcc.h
index f422612c28d6b..8ff8eabb4a987 100644
--- a/include/linux/intel_tcc.h
+++ b/include/linux/intel_tcc.h
@@ -13,6 +13,6 @@
int intel_tcc_get_tjmax(int cpu);
int intel_tcc_get_offset(int cpu);
int intel_tcc_set_offset(int cpu, int offset);
-int intel_tcc_get_temp(int cpu, bool pkg);
+int intel_tcc_get_temp(int cpu, int *temp, bool pkg);
#endif /* __INTEL_TCC_H__ */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 030/396] powercap: intel_rapl: Fix a NULL pointer dereference
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 029/396] thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 031/396] sched: Simplify tg_set_cfs_bandwidth() Greg Kroah-Hartman
` (377 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit 2d1f5006ff95770da502f8cee2a224a1ff83866e ]
A NULL pointer dereference is triggered when probing the MMIO RAPL
driver on platforms with CPU ID not listed in intel_rapl_common CPU
model list.
This is because the intel_rapl_common module still probes on such
platforms even if 'defaults_msr' is not set after commit 1488ac990ac8
("powercap: intel_rapl: Allow probing without CPUID match"). Thus the
MMIO RAPL rp->priv->defaults is NULL when registering to RAPL framework.
Fix the problem by adding sanity check to ensure rp->priv->rapl_defaults
is always valid.
Fixes: 1488ac990ac8 ("powercap: intel_rapl: Allow probing without CPUID match")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_common.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c
index 2feed036c1cd4..1a739afd47d96 100644
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -759,6 +759,11 @@ static int rapl_config(struct rapl_package *rp)
default:
return -EINVAL;
}
+
+ /* defaults_msr can be NULL on unsupported platforms */
+ if (!rp->priv->defaults || !rp->priv->rpi)
+ return -ENODEV;
+
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 031/396] sched: Simplify tg_set_cfs_bandwidth()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 030/396] powercap: intel_rapl: Fix a NULL pointer dereference Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 032/396] powercap: intel_rapl: Fix locking in TPMI RAPL Greg Kroah-Hartman
` (376 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Zijlstra (Intel), Ingo Molnar,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Zijlstra <peterz@infradead.org>
[ Upstream commit 6fb45460615358157a6d3c990e74f9c1395247e2 ]
Use guards to reduce gotos and simplify control flow.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Stable-dep-of: 1aa09b9379a7 ("powercap: intel_rapl: Fix locking in TPMI RAPL")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/cpu.h | 2 ++
kernel/sched/core.c | 38 +++++++++++++++++++-------------------
2 files changed, 21 insertions(+), 19 deletions(-)
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
index 59dd421a8e35d..e990c180282e7 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -157,6 +157,8 @@ static inline int remove_cpu(unsigned int cpu) { return -EPERM; }
static inline void smp_shutdown_nonboot_cpus(unsigned int primary_cpu) { }
#endif /* !CONFIG_HOTPLUG_CPU */
+DEFINE_LOCK_GUARD_0(cpus_read_lock, cpus_read_lock(), cpus_read_unlock())
+
#ifdef CONFIG_PM_SLEEP_SMP
extern int freeze_secondary_cpus(int primary);
extern void thaw_secondary_cpus(void);
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index a854b71836dd5..1f91e2c12731e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -10868,11 +10868,12 @@ static int tg_set_cfs_bandwidth(struct task_group *tg, u64 period, u64 quota,
* Prevent race between setting of cfs_rq->runtime_enabled and
* unthrottle_offline_cfs_rqs().
*/
- cpus_read_lock();
- mutex_lock(&cfs_constraints_mutex);
+ guard(cpus_read_lock)();
+ guard(mutex)(&cfs_constraints_mutex);
+
ret = __cfs_schedulable(tg, period, quota);
if (ret)
- goto out_unlock;
+ return ret;
runtime_enabled = quota != RUNTIME_INF;
runtime_was_enabled = cfs_b->quota != RUNTIME_INF;
@@ -10882,39 +10883,38 @@ static int tg_set_cfs_bandwidth(struct task_group *tg, u64 period, u64 quota,
*/
if (runtime_enabled && !runtime_was_enabled)
cfs_bandwidth_usage_inc();
- raw_spin_lock_irq(&cfs_b->lock);
- cfs_b->period = ns_to_ktime(period);
- cfs_b->quota = quota;
- cfs_b->burst = burst;
- __refill_cfs_bandwidth_runtime(cfs_b);
+ scoped_guard (raw_spinlock_irq, &cfs_b->lock) {
+ cfs_b->period = ns_to_ktime(period);
+ cfs_b->quota = quota;
+ cfs_b->burst = burst;
- /* Restart the period timer (if active) to handle new period expiry: */
- if (runtime_enabled)
- start_cfs_bandwidth(cfs_b);
+ __refill_cfs_bandwidth_runtime(cfs_b);
- raw_spin_unlock_irq(&cfs_b->lock);
+ /*
+ * Restart the period timer (if active) to handle new
+ * period expiry:
+ */
+ if (runtime_enabled)
+ start_cfs_bandwidth(cfs_b);
+ }
for_each_online_cpu(i) {
struct cfs_rq *cfs_rq = tg->cfs_rq[i];
struct rq *rq = cfs_rq->rq;
- struct rq_flags rf;
- rq_lock_irq(rq, &rf);
+ guard(rq_lock_irq)(rq);
cfs_rq->runtime_enabled = runtime_enabled;
cfs_rq->runtime_remaining = 0;
if (cfs_rq->throttled)
unthrottle_cfs_rq(cfs_rq);
- rq_unlock_irq(rq, &rf);
}
+
if (runtime_was_enabled && !runtime_enabled)
cfs_bandwidth_usage_dec();
-out_unlock:
- mutex_unlock(&cfs_constraints_mutex);
- cpus_read_unlock();
- return ret;
+ return 0;
}
static int tg_set_cfs_quota(struct task_group *tg, long cfs_quota_us)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 032/396] powercap: intel_rapl: Fix locking in TPMI RAPL
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 031/396] sched: Simplify tg_set_cfs_bandwidth() Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 033/396] powercap: intel_rapl_tpmi: Fix a register bug Greg Kroah-Hartman
` (375 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit 1aa09b9379a7a644cd2f75ae0bac82b8783df600 ]
The RAPL framework uses CPU hotplug locking to protect the rapl_packages
list and rp->lead_cpu to guarantee that
1. the RAPL package device is not unprobed and freed
2. the cached rp->lead_cpu is always valid
for operations like powercap sysfs accesses.
Current RAPL APIs assume being called from CPU hotplug callbacks which
hold the CPU hotplug lock, but TPMI RAPL driver invokes the APIs in the
driver's .probe() function without acquiring the CPU hotplug lock.
Fix the problem by providing both locked and lockless versions of RAPL
APIs.
Fixes: 9eef7f9da928 ("powercap: intel_rapl: Introduce RAPL TPMI interface driver")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_common.c | 29 +++++++++++++++++--
drivers/powercap/intel_rapl_msr.c | 8 ++---
.../int340x_thermal/processor_thermal_rapl.c | 8 ++---
include/linux/intel_rapl.h | 6 ++++
4 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/drivers/powercap/intel_rapl_common.c b/drivers/powercap/intel_rapl_common.c
index 1a739afd47d96..9d3e102f1a76b 100644
--- a/drivers/powercap/intel_rapl_common.c
+++ b/drivers/powercap/intel_rapl_common.c
@@ -5,6 +5,7 @@
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/cleanup.h>
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/list.h>
@@ -1504,7 +1505,7 @@ static int rapl_detect_domains(struct rapl_package *rp)
}
/* called from CPU hotplug notifier, hotplug lock held */
-void rapl_remove_package(struct rapl_package *rp)
+void rapl_remove_package_cpuslocked(struct rapl_package *rp)
{
struct rapl_domain *rd, *rd_package = NULL;
@@ -1533,10 +1534,18 @@ void rapl_remove_package(struct rapl_package *rp)
list_del(&rp->plist);
kfree(rp);
}
+EXPORT_SYMBOL_GPL(rapl_remove_package_cpuslocked);
+
+void rapl_remove_package(struct rapl_package *rp)
+{
+ guard(cpus_read_lock)();
+ rapl_remove_package_cpuslocked(rp);
+}
EXPORT_SYMBOL_GPL(rapl_remove_package);
/* caller to ensure CPU hotplug lock is held */
-struct rapl_package *rapl_find_package_domain(int id, struct rapl_if_priv *priv, bool id_is_cpu)
+struct rapl_package *rapl_find_package_domain_cpuslocked(int id, struct rapl_if_priv *priv,
+ bool id_is_cpu)
{
struct rapl_package *rp;
int uid;
@@ -1554,10 +1563,17 @@ struct rapl_package *rapl_find_package_domain(int id, struct rapl_if_priv *priv,
return NULL;
}
+EXPORT_SYMBOL_GPL(rapl_find_package_domain_cpuslocked);
+
+struct rapl_package *rapl_find_package_domain(int id, struct rapl_if_priv *priv, bool id_is_cpu)
+{
+ guard(cpus_read_lock)();
+ return rapl_find_package_domain_cpuslocked(id, priv, id_is_cpu);
+}
EXPORT_SYMBOL_GPL(rapl_find_package_domain);
/* called from CPU hotplug notifier, hotplug lock held */
-struct rapl_package *rapl_add_package(int id, struct rapl_if_priv *priv, bool id_is_cpu)
+struct rapl_package *rapl_add_package_cpuslocked(int id, struct rapl_if_priv *priv, bool id_is_cpu)
{
struct rapl_package *rp;
int ret;
@@ -1603,6 +1619,13 @@ struct rapl_package *rapl_add_package(int id, struct rapl_if_priv *priv, bool id
kfree(rp);
return ERR_PTR(ret);
}
+EXPORT_SYMBOL_GPL(rapl_add_package_cpuslocked);
+
+struct rapl_package *rapl_add_package(int id, struct rapl_if_priv *priv, bool id_is_cpu)
+{
+ guard(cpus_read_lock)();
+ return rapl_add_package_cpuslocked(id, priv, id_is_cpu);
+}
EXPORT_SYMBOL_GPL(rapl_add_package);
static void power_limit_state_save(void)
diff --git a/drivers/powercap/intel_rapl_msr.c b/drivers/powercap/intel_rapl_msr.c
index 250bd41a588c7..b4b6930cacb0b 100644
--- a/drivers/powercap/intel_rapl_msr.c
+++ b/drivers/powercap/intel_rapl_msr.c
@@ -73,9 +73,9 @@ static int rapl_cpu_online(unsigned int cpu)
{
struct rapl_package *rp;
- rp = rapl_find_package_domain(cpu, rapl_msr_priv, true);
+ rp = rapl_find_package_domain_cpuslocked(cpu, rapl_msr_priv, true);
if (!rp) {
- rp = rapl_add_package(cpu, rapl_msr_priv, true);
+ rp = rapl_add_package_cpuslocked(cpu, rapl_msr_priv, true);
if (IS_ERR(rp))
return PTR_ERR(rp);
}
@@ -88,14 +88,14 @@ static int rapl_cpu_down_prep(unsigned int cpu)
struct rapl_package *rp;
int lead_cpu;
- rp = rapl_find_package_domain(cpu, rapl_msr_priv, true);
+ rp = rapl_find_package_domain_cpuslocked(cpu, rapl_msr_priv, true);
if (!rp)
return 0;
cpumask_clear_cpu(cpu, &rp->cpumask);
lead_cpu = cpumask_first(&rp->cpumask);
if (lead_cpu >= nr_cpu_ids)
- rapl_remove_package(rp);
+ rapl_remove_package_cpuslocked(rp);
else if (rp->lead_cpu == cpu)
rp->lead_cpu = lead_cpu;
return 0;
diff --git a/drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c b/drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c
index 2f00fc3bf274a..e964a9375722a 100644
--- a/drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c
+++ b/drivers/thermal/intel/int340x_thermal/processor_thermal_rapl.c
@@ -27,9 +27,9 @@ static int rapl_mmio_cpu_online(unsigned int cpu)
if (topology_physical_package_id(cpu))
return 0;
- rp = rapl_find_package_domain(cpu, &rapl_mmio_priv, true);
+ rp = rapl_find_package_domain_cpuslocked(cpu, &rapl_mmio_priv, true);
if (!rp) {
- rp = rapl_add_package(cpu, &rapl_mmio_priv, true);
+ rp = rapl_add_package_cpuslocked(cpu, &rapl_mmio_priv, true);
if (IS_ERR(rp))
return PTR_ERR(rp);
}
@@ -42,14 +42,14 @@ static int rapl_mmio_cpu_down_prep(unsigned int cpu)
struct rapl_package *rp;
int lead_cpu;
- rp = rapl_find_package_domain(cpu, &rapl_mmio_priv, true);
+ rp = rapl_find_package_domain_cpuslocked(cpu, &rapl_mmio_priv, true);
if (!rp)
return 0;
cpumask_clear_cpu(cpu, &rp->cpumask);
lead_cpu = cpumask_first(&rp->cpumask);
if (lead_cpu >= nr_cpu_ids)
- rapl_remove_package(rp);
+ rapl_remove_package_cpuslocked(rp);
else if (rp->lead_cpu == cpu)
rp->lead_cpu = lead_cpu;
return 0;
diff --git a/include/linux/intel_rapl.h b/include/linux/intel_rapl.h
index 33f21bd85dbf2..f3196f82fd8a1 100644
--- a/include/linux/intel_rapl.h
+++ b/include/linux/intel_rapl.h
@@ -178,6 +178,12 @@ struct rapl_package {
struct rapl_if_priv *priv;
};
+struct rapl_package *rapl_find_package_domain_cpuslocked(int id, struct rapl_if_priv *priv,
+ bool id_is_cpu);
+struct rapl_package *rapl_add_package_cpuslocked(int id, struct rapl_if_priv *priv,
+ bool id_is_cpu);
+void rapl_remove_package_cpuslocked(struct rapl_package *rp);
+
struct rapl_package *rapl_find_package_domain(int id, struct rapl_if_priv *priv, bool id_is_cpu);
struct rapl_package *rapl_add_package(int id, struct rapl_if_priv *priv, bool id_is_cpu);
void rapl_remove_package(struct rapl_package *rp);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 033/396] powercap: intel_rapl_tpmi: Fix a register bug
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 032/396] powercap: intel_rapl: Fix locking in TPMI RAPL Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 034/396] powercap: intel_rapl_tpmi: Fix System Domain probing Greg Kroah-Hartman
` (374 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit faa9130ce716b286d786d59032bacfd9052c2094 ]
Add the missing Domain Info register. This also fixes the bogus
definition of the Interrupt register.
Neither of these two registers was used previously.
Fixes: 9eef7f9da928 ("powercap: intel_rapl: Introduce RAPL TPMI interface driver")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_tpmi.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/powercap/intel_rapl_tpmi.c b/drivers/powercap/intel_rapl_tpmi.c
index 891c90fefd8b7..f1c734ac3c349 100644
--- a/drivers/powercap/intel_rapl_tpmi.c
+++ b/drivers/powercap/intel_rapl_tpmi.c
@@ -40,6 +40,7 @@ enum tpmi_rapl_register {
TPMI_RAPL_REG_ENERGY_STATUS,
TPMI_RAPL_REG_PERF_STATUS,
TPMI_RAPL_REG_POWER_INFO,
+ TPMI_RAPL_REG_DOMAIN_INFO,
TPMI_RAPL_REG_INTERRUPT,
TPMI_RAPL_REG_MAX = 15,
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 034/396] powercap: intel_rapl_tpmi: Fix System Domain probing
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 033/396] powercap: intel_rapl_tpmi: Fix a register bug Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 035/396] powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Greg Kroah-Hartman
` (373 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Rui, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Rui <rui.zhang@intel.com>
[ Upstream commit 903eb9fb85e32810f376a2858aad77c9298f9488 ]
Only domain root packages can enumerate System (Psys) domain.
Whether a package is domain root or not is described in the Bit 0 of the
Domain Info register.
Add support for Domain Info register and fix the System domain probing
accordingly.
Fixes: 9eef7f9da928 ("powercap: intel_rapl: Introduce RAPL TPMI interface driver")
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
Cc: 6.5+ <stable@vger.kernel.org> # 6.5+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/powercap/intel_rapl_tpmi.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/drivers/powercap/intel_rapl_tpmi.c b/drivers/powercap/intel_rapl_tpmi.c
index f1c734ac3c349..f6b7f085977ce 100644
--- a/drivers/powercap/intel_rapl_tpmi.c
+++ b/drivers/powercap/intel_rapl_tpmi.c
@@ -131,6 +131,12 @@ static void trp_release(struct tpmi_rapl_package *trp)
mutex_unlock(&tpmi_rapl_lock);
}
+/*
+ * Bit 0 of TPMI_RAPL_REG_DOMAIN_INFO indicates if the current package is a domain
+ * root or not. Only domain root packages can enumerate System (Psys) Domain.
+ */
+#define TPMI_RAPL_DOMAIN_ROOT BIT(0)
+
static int parse_one_domain(struct tpmi_rapl_package *trp, u32 offset)
{
u8 tpmi_domain_version;
@@ -140,6 +146,7 @@ static int parse_one_domain(struct tpmi_rapl_package *trp, u32 offset)
enum rapl_domain_reg_id reg_id;
int tpmi_domain_size, tpmi_domain_flags;
u64 tpmi_domain_header = readq(trp->base + offset);
+ u64 tpmi_domain_info;
/* Domain Parent bits are ignored for now */
tpmi_domain_version = tpmi_domain_header & 0xff;
@@ -170,6 +177,13 @@ static int parse_one_domain(struct tpmi_rapl_package *trp, u32 offset)
domain_type = RAPL_DOMAIN_PACKAGE;
break;
case TPMI_RAPL_DOMAIN_SYSTEM:
+ if (!(tpmi_domain_flags & BIT(TPMI_RAPL_REG_DOMAIN_INFO))) {
+ pr_warn(FW_BUG "System domain must support Domain Info register\n");
+ return -ENODEV;
+ }
+ tpmi_domain_info = readq(trp->base + offset + TPMI_RAPL_REG_DOMAIN_INFO);
+ if (!(tpmi_domain_info & TPMI_RAPL_DOMAIN_ROOT))
+ return 0;
domain_type = RAPL_DOMAIN_PLATFORM;
break;
case TPMI_RAPL_DOMAIN_MEMORY:
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 035/396] powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 034/396] powercap: intel_rapl_tpmi: Fix System Domain probing Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 036/396] powerpc/smp: Increase nr_cpu_ids to include the boot CPU Greg Kroah-Hartman
` (372 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Ellerman, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 5580e96dad5a439d561d9648ffcbccb739c2a120 ]
If nr_cpu_ids is too low to include at least all the threads of a single
core adjust nr_cpu_ids upwards. This avoids triggering odd bugs in code
that assumes all threads of a core are available.
Cc: stable@vger.kernel.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20231229120107.2281153-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 0b5878c3125b1..58e80076bed5c 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -375,6 +375,12 @@ static int __init early_init_dt_scan_cpus(unsigned long node,
if (IS_ENABLED(CONFIG_PPC64))
boot_cpu_hwid = be32_to_cpu(intserv[found_thread]);
+ if (nr_cpu_ids % nthreads != 0) {
+ set_nr_cpu_ids(ALIGN(nr_cpu_ids, nthreads));
+ pr_warn("nr_cpu_ids was not a multiple of threads_per_core, adjusted to %d\n",
+ nr_cpu_ids);
+ }
+
/*
* PAPR defines "logical" PVR values for cpus that
* meet various levels of the architecture:
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 036/396] powerpc/smp: Increase nr_cpu_ids to include the boot CPU
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 035/396] powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 037/396] sparc64: NMI watchdog: fix return value of __setup handler Greg Kroah-Hartman
` (371 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Ellerman, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 777f81f0a9c780a6443bcf2c7785f0cc2e87c1ef ]
If nr_cpu_ids is too low to include the boot CPU adjust nr_cpu_ids
upward. Otherwise the kernel will BUG when trying to allocate a paca
for the boot CPU and fail to boot.
Cc: stable@vger.kernel.org
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20231229120107.2281153-2-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/kernel/prom.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/powerpc/kernel/prom.c b/arch/powerpc/kernel/prom.c
index 58e80076bed5c..77364729a1b61 100644
--- a/arch/powerpc/kernel/prom.c
+++ b/arch/powerpc/kernel/prom.c
@@ -381,6 +381,12 @@ static int __init early_init_dt_scan_cpus(unsigned long node,
nr_cpu_ids);
}
+ if (boot_cpuid >= nr_cpu_ids) {
+ set_nr_cpu_ids(min(CONFIG_NR_CPUS, ALIGN(boot_cpuid + 1, nthreads)));
+ pr_warn("Boot CPU %d >= nr_cpu_ids, adjusted nr_cpu_ids to %d\n",
+ boot_cpuid, nr_cpu_ids);
+ }
+
/*
* PAPR defines "logical" PVR values for cpus that
* meet various levels of the architecture:
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 037/396] sparc64: NMI watchdog: fix return value of __setup handler
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 036/396] powerpc/smp: Increase nr_cpu_ids to include the boot CPU Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 038/396] sparc: vDSO: " Greg Kroah-Hartman
` (370 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Igor Zhbanov,
David S. Miller, sparclinux, Sam Ravnborg, Andrew Morton,
Arnd Bergmann, Andreas Larsson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 3ed7c61e49d65dacb96db798c0ab6fcd55a1f20f ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings. Also, error return codes don't mean anything to
obsolete_checksetup() -- only non-zero (usually 1) or zero.
So return 1 from setup_nmi_watchdog().
Fixes: e5553a6d0442 ("sparc64: Implement NMI watchdog on capable cpus.")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Link: https://lore.kernel.org/r/20240211052802.22612-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sparc/kernel/nmi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/sparc/kernel/nmi.c b/arch/sparc/kernel/nmi.c
index 17cdfdbf1f3b7..149adc0947530 100644
--- a/arch/sparc/kernel/nmi.c
+++ b/arch/sparc/kernel/nmi.c
@@ -279,7 +279,7 @@ static int __init setup_nmi_watchdog(char *str)
if (!strncmp(str, "panic", 5))
panic_on_timeout = 1;
- return 0;
+ return 1;
}
__setup("nmi_watchdog=", setup_nmi_watchdog);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 038/396] sparc: vDSO: fix return value of __setup handler
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 037/396] sparc64: NMI watchdog: fix return value of __setup handler Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 039/396] crypto: qat - resolve race condition during AER recovery Greg Kroah-Hartman
` (369 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Igor Zhbanov,
David S. Miller, sparclinux, Dan Carpenter, Nick Alcock,
Sam Ravnborg, Andrew Morton, Arnd Bergmann, Andreas Larsson,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
[ Upstream commit 5378f00c935bebb846b1fdb0e79cb76c137c56b5 ]
__setup() handlers should return 1 to obsolete_checksetup() in
init/main.c to indicate that the boot option has been handled.
A return of 0 causes the boot option/value to be listed as an Unknown
kernel parameter and added to init's (limited) argument or environment
strings. Also, error return codes don't mean anything to
obsolete_checksetup() -- only non-zero (usually 1) or zero.
So return 1 from vdso_setup().
Fixes: 9a08862a5d2e ("vDSO for sparc")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Igor Zhbanov <izh1979@gmail.com>
Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru
Cc: "David S. Miller" <davem@davemloft.net>
Cc: sparclinux@vger.kernel.org
Cc: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Nick Alcock <nick.alcock@oracle.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: stable@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Link: https://lore.kernel.org/r/20240211052808.22635-1-rdunlap@infradead.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sparc/vdso/vma.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/arch/sparc/vdso/vma.c b/arch/sparc/vdso/vma.c
index 136c78f28f8ba..1bbf4335de454 100644
--- a/arch/sparc/vdso/vma.c
+++ b/arch/sparc/vdso/vma.c
@@ -449,9 +449,8 @@ static __init int vdso_setup(char *s)
unsigned long val;
err = kstrtoul(s, 10, &val);
- if (err)
- return err;
- vdso_enabled = val;
- return 0;
+ if (!err)
+ vdso_enabled = val;
+ return 1;
}
__setup("vdso=", vdso_setup);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 039/396] crypto: qat - resolve race condition during AER recovery
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 038/396] sparc: vDSO: " Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 040/396] selftests/mqueue: Set timeout to 180 seconds Greg Kroah-Hartman
` (368 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Damian Muszynski, Giovanni Cabiddu,
Herbert Xu, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damian Muszynski <damian.muszynski@intel.com>
[ Upstream commit 7d42e097607c4d246d99225bf2b195b6167a210c ]
During the PCI AER system's error recovery process, the kernel driver
may encounter a race condition with freeing the reset_data structure's
memory. If the device restart will take more than 10 seconds the function
scheduling that restart will exit due to a timeout, and the reset_data
structure will be freed. However, this data structure is used for
completion notification after the restart is completed, which leads
to a UAF bug.
This results in a KFENCE bug notice.
BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]
Use-after-free read at 0x00000000bc56fddf (in kfence-#142):
adf_device_reset_worker+0x38/0xa0 [intel_qat]
process_one_work+0x173/0x340
To resolve this race condition, the memory associated to the container
of the work_struct is freed on the worker if the timeout expired,
otherwise on the function that schedules the worker.
The timeout detection can be done by checking if the caller is
still waiting for completion or not by using completion_done() function.
Fixes: d8cba25d2c68 ("crypto: qat - Intel(R) QAT driver framework")
Cc: <stable@vger.kernel.org>
Signed-off-by: Damian Muszynski <damian.muszynski@intel.com>
Reviewed-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/crypto/intel/qat/qat_common/adf_aer.c | 22 ++++++++++++++-----
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/crypto/intel/qat/qat_common/adf_aer.c b/drivers/crypto/intel/qat/qat_common/adf_aer.c
index a39e70bd4b21b..621d14ea3b81a 100644
--- a/drivers/crypto/intel/qat/qat_common/adf_aer.c
+++ b/drivers/crypto/intel/qat/qat_common/adf_aer.c
@@ -92,7 +92,8 @@ static void adf_device_reset_worker(struct work_struct *work)
if (adf_dev_restart(accel_dev)) {
/* The device hanged and we can't restart it so stop here */
dev_err(&GET_DEV(accel_dev), "Restart device failed\n");
- if (reset_data->mode == ADF_DEV_RESET_ASYNC)
+ if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+ completion_done(&reset_data->compl))
kfree(reset_data);
WARN(1, "QAT: device restart failed. Device is unusable\n");
return;
@@ -100,11 +101,19 @@ static void adf_device_reset_worker(struct work_struct *work)
adf_dev_restarted_notify(accel_dev);
clear_bit(ADF_STATUS_RESTARTING, &accel_dev->status);
- /* The dev is back alive. Notify the caller if in sync mode */
- if (reset_data->mode == ADF_DEV_RESET_SYNC)
- complete(&reset_data->compl);
- else
+ /*
+ * The dev is back alive. Notify the caller if in sync mode
+ *
+ * If device restart will take a more time than expected,
+ * the schedule_reset() function can timeout and exit. This can be
+ * detected by calling the completion_done() function. In this case
+ * the reset_data structure needs to be freed here.
+ */
+ if (reset_data->mode == ADF_DEV_RESET_ASYNC ||
+ completion_done(&reset_data->compl))
kfree(reset_data);
+ else
+ complete(&reset_data->compl);
}
static int adf_dev_aer_schedule_reset(struct adf_accel_dev *accel_dev,
@@ -137,8 +146,9 @@ static int adf_dev_aer_schedule_reset(struct adf_accel_dev *accel_dev,
dev_err(&GET_DEV(accel_dev),
"Reset device timeout expired\n");
ret = -EFAULT;
+ } else {
+ kfree(reset_data);
}
- kfree(reset_data);
return ret;
}
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 040/396] selftests/mqueue: Set timeout to 180 seconds
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 039/396] crypto: qat - resolve race condition during AER recovery Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 041/396] ext4: correct best extent lstart adjustment logic Greg Kroah-Hartman
` (367 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, SeongJae Park, Kees Cook, Shuah Khan,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: SeongJae Park <sj@kernel.org>
[ Upstream commit 85506aca2eb4ea41223c91c5fe25125953c19b13 ]
While mq_perf_tests runs with the default kselftest timeout limit, which
is 45 seconds, the test takes about 60 seconds to complete on i3.metal
AWS instances. Hence, the test always times out. Increase the timeout
to 180 seconds.
Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test")
Cc: <stable@vger.kernel.org> # 5.4.x
Signed-off-by: SeongJae Park <sj@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/mqueue/setting | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tools/testing/selftests/mqueue/setting
diff --git a/tools/testing/selftests/mqueue/setting b/tools/testing/selftests/mqueue/setting
new file mode 100644
index 0000000000000..a953c96aa16e1
--- /dev/null
+++ b/tools/testing/selftests/mqueue/setting
@@ -0,0 +1 @@
+timeout=180
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 041/396] ext4: correct best extent lstart adjustment logic
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 040/396] selftests/mqueue: Set timeout to 180 seconds Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 042/396] block: Clear zone limits for a non-zoned stacked queue Greg Kroah-Hartman
` (366 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, yangerkun, Baokun Li,
Jan Kara, Ojaswin Mujoo, Theodore Tso, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
[ Upstream commit 4fbf8bc733d14bceb16dda46a3f5e19c6a9621c5 ]
When yangerkun review commit 93cdf49f6eca ("ext4: Fix best extent lstart
adjustment logic in ext4_mb_new_inode_pa()"), it was found that the best
extent did not completely cover the original request after adjusting the
best extent lstart in ext4_mb_new_inode_pa() as follows:
original request: 2/10(8)
normalized request: 0/64(64)
best extent: 0/9(9)
When we check if best ex can be kept at start of goal, ac_o_ex.fe_logical
is 2 less than the adjusted best extent logical end 9, so we think the
adjustment is done. But obviously 0/9(9) doesn't cover 2/10(8), so we
should determine here if the original request logical end is less than or
equal to the adjusted best extent logical end.
In addition, add a comment stating when adjusted best_ex will not cover
the original request, and remove the duplicate assertion because adjusting
lstart makes no change to b_ex.fe_len.
Link: https://lore.kernel.org/r/3630fa7f-b432-7afd-5f79-781bc3b2c5ea@huawei.com
Fixes: 93cdf49f6eca ("ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()")
Cc: <stable@kernel.org>
Signed-off-by: yangerkun <yangerkun@huawei.com>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Ojaswin Mujoo <ojaswin@linux.ibm.com>
Link: https://lore.kernel.org/r/20240201141845.1879253-1-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/mballoc.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index ea5ac2636632b..257b70c5ded45 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -5184,10 +5184,16 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
.fe_len = ac->ac_orig_goal_len,
};
loff_t orig_goal_end = extent_logical_end(sbi, &ex);
+ loff_t o_ex_end = extent_logical_end(sbi, &ac->ac_o_ex);
- /* we can't allocate as much as normalizer wants.
- * so, found space must get proper lstart
- * to cover original request */
+ /*
+ * We can't allocate as much as normalizer wants, so we try
+ * to get proper lstart to cover the original request, except
+ * when the goal doesn't cover the original request as below:
+ *
+ * orig_ex:2045/2055(10), isize:8417280 -> normalized:0/2048
+ * best_ex:0/200(200) -> adjusted: 1848/2048(200)
+ */
BUG_ON(ac->ac_g_ex.fe_logical > ac->ac_o_ex.fe_logical);
BUG_ON(ac->ac_g_ex.fe_len < ac->ac_o_ex.fe_len);
@@ -5199,7 +5205,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
* 1. Check if best ex can be kept at end of goal (before
* cr_best_avail trimmed it) and still cover original start
* 2. Else, check if best ex can be kept at start of goal and
- * still cover original start
+ * still cover original end
* 3. Else, keep the best ex at start of original request.
*/
ex.fe_len = ac->ac_b_ex.fe_len;
@@ -5209,7 +5215,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
goto adjust_bex;
ex.fe_logical = ac->ac_g_ex.fe_logical;
- if (ac->ac_o_ex.fe_logical < extent_logical_end(sbi, &ex))
+ if (o_ex_end <= extent_logical_end(sbi, &ex))
goto adjust_bex;
ex.fe_logical = ac->ac_o_ex.fe_logical;
@@ -5217,7 +5223,6 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
ac->ac_b_ex.fe_logical = ex.fe_logical;
BUG_ON(ac->ac_o_ex.fe_logical < ac->ac_b_ex.fe_logical);
- BUG_ON(ac->ac_o_ex.fe_len > ac->ac_b_ex.fe_len);
BUG_ON(extent_logical_end(sbi, &ex) > orig_goal_end);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 042/396] block: Clear zone limits for a non-zoned stacked queue
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 041/396] ext4: correct best extent lstart adjustment logic Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 043/396] kasan/test: avoid gcc warning for intentional overflow Greg Kroah-Hartman
` (365 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Jens Axboe,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
[ Upstream commit c8f6f88d25929ad2f290b428efcae3b526f3eab0 ]
Device mapper may create a non-zoned mapped device out of a zoned device
(e.g., the dm-zoned target). In such case, some queue limit such as the
max_zone_append_sectors and zone_write_granularity endup being non zero
values for a block device that is not zoned. Avoid this by clearing
these limits in blk_stack_limits() when the stacked zoned limit is
false.
Fixes: 3093a479727b ("block: inherit the zoned characteristics in blk_stack_limits")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/r/20240222131724.1803520-1-dlemoal@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-settings.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/block/blk-settings.c b/block/blk-settings.c
index 0046b447268f9..7019b8e204d96 100644
--- a/block/blk-settings.c
+++ b/block/blk-settings.c
@@ -686,6 +686,10 @@ int blk_stack_limits(struct queue_limits *t, struct queue_limits *b,
t->zone_write_granularity = max(t->zone_write_granularity,
b->zone_write_granularity);
t->zoned = max(t->zoned, b->zoned);
+ if (!t->zoned) {
+ t->zone_write_granularity = 0;
+ t->max_zone_append_sectors = 0;
+ }
return ret;
}
EXPORT_SYMBOL(blk_stack_limits);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 043/396] kasan/test: avoid gcc warning for intentional overflow
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 042/396] block: Clear zone limits for a non-zoned stacked queue Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 044/396] bounds: support non-power-of-two CONFIG_NR_CPUS Greg Kroah-Hartman
` (364 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Andrey Konovalov,
Alexander Potapenko, Andrey Ryabinin, Dmitry Vyukov, Marco Elver,
Vincenzo Frascino, Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit e10aea105e9ed14b62a11844fec6aaa87c6935a3 ]
The out-of-bounds test allocates an object that is three bytes too short
in order to validate the bounds checking. Starting with gcc-14, this
causes a compile-time warning as gcc has grown smart enough to understand
the sizeof() logic:
mm/kasan/kasan_test.c: In function 'kmalloc_oob_16':
mm/kasan/kasan_test.c:443:14: error: allocation of insufficient size '13' for type 'struct <anonymous>' with size '16' [-Werror=alloc-size]
443 | ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
| ^
Hide the actual computation behind a RELOC_HIDE() that ensures
the compiler misses the intentional bug.
Link: https://lkml.kernel.org/r/20240212111609.869266-1-arnd@kernel.org
Fixes: 3f15801cdc23 ("lib: add kasan test module")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Andrey Konovalov <andreyknvl@gmail.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Marco Elver <elver@google.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/kasan/kasan_test.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mm/kasan/kasan_test.c b/mm/kasan/kasan_test.c
index b61cc6a42541a..0119075d2e58e 100644
--- a/mm/kasan/kasan_test.c
+++ b/mm/kasan/kasan_test.c
@@ -450,7 +450,8 @@ static void kmalloc_oob_16(struct kunit *test)
/* This test is specifically crafted for the generic mode. */
KASAN_TEST_NEEDS_CONFIG_ON(test, CONFIG_KASAN_GENERIC);
- ptr1 = kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL);
+ /* RELOC_HIDE to prevent gcc from warning about short alloc */
+ ptr1 = RELOC_HIDE(kmalloc(sizeof(*ptr1) - 3, GFP_KERNEL), 0);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr1);
ptr2 = kmalloc(sizeof(*ptr2), GFP_KERNEL);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 044/396] bounds: support non-power-of-two CONFIG_NR_CPUS
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 043/396] kasan/test: avoid gcc warning for intentional overflow Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 045/396] fat: fix uninitialized field in nostale filehandles Greg Kroah-Hartman
` (363 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle),
Rik van Riel, Mel Gorman, Peter Zijlstra, Ingo Molnar,
Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox (Oracle) <willy@infradead.org>
[ Upstream commit f2d5dcb48f7ba9e3ff249d58fc1fa963d374e66a ]
ilog2() rounds down, so for example when PowerPC 85xx sets CONFIG_NR_CPUS
to 24, we will only allocate 4 bits to store the number of CPUs instead of
5. Use bits_per() instead, which rounds up. Found by code inspection.
The effect of this would probably be a misaccounting when doing NUMA
balancing, so to a user, it would only be a performance penalty. The
effects may be more wide-spread; it's hard to tell.
Link: https://lkml.kernel.org/r/20231010145549.1244748-1-willy@infradead.org
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Fixes: 90572890d202 ("mm: numa: Change page last {nid,pid} into {cpu,pid}")
Reviewed-by: Rik van Riel <riel@surriel.com>
Acked-by: Mel Gorman <mgorman@techsingularity.net>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/bounds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/kernel/bounds.c b/kernel/bounds.c
index b529182e8b04f..c5a9fcd2d6228 100644
--- a/kernel/bounds.c
+++ b/kernel/bounds.c
@@ -19,7 +19,7 @@ int main(void)
DEFINE(NR_PAGEFLAGS, __NR_PAGEFLAGS);
DEFINE(MAX_NR_ZONES, __MAX_NR_ZONES);
#ifdef CONFIG_SMP
- DEFINE(NR_CPUS_BITS, ilog2(CONFIG_NR_CPUS));
+ DEFINE(NR_CPUS_BITS, bits_per(CONFIG_NR_CPUS));
#endif
DEFINE(SPINLOCK_SIZE, sizeof(spinlock_t));
#ifdef CONFIG_LRU_GEN
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 045/396] fat: fix uninitialized field in nostale filehandles
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 044/396] bounds: support non-power-of-two CONFIG_NR_CPUS Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 046/396] fuse: fix VM_MAYSHARE and direct_io_allow_mmap Greg Kroah-Hartman
` (362 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+3ce5dea5b1539ff36769,
Jan Kara, OGAWA Hirofumi, Amir Goldstein, Andrew Morton,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
[ Upstream commit fde2497d2bc3a063d8af88b258dbadc86bd7b57c ]
When fat_encode_fh_nostale() encodes file handle without a parent it
stores only first 10 bytes of the file handle. However the length of the
file handle must be a multiple of 4 so the file handle is actually 12
bytes long and the last two bytes remain uninitialized. This is not
great at we potentially leak uninitialized information with the handle
to userspace. Properly initialize the full handle length.
Link: https://lkml.kernel.org/r/20240205122626.13701-1-jack@suse.cz
Reported-by: syzbot+3ce5dea5b1539ff36769@syzkaller.appspotmail.com
Fixes: ea3983ace6b7 ("fat: restructure export_operations")
Signed-off-by: Jan Kara <jack@suse.cz>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fat/nfs.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/fs/fat/nfs.c b/fs/fat/nfs.c
index 3626eb585a983..93c97bf45b061 100644
--- a/fs/fat/nfs.c
+++ b/fs/fat/nfs.c
@@ -130,6 +130,12 @@ fat_encode_fh_nostale(struct inode *inode, __u32 *fh, int *lenp,
fid->parent_i_gen = parent->i_generation;
type = FILEID_FAT_WITH_PARENT;
*lenp = FAT_FID_SIZE_WITH_PARENT;
+ } else {
+ /*
+ * We need to initialize this field because the fh is actually
+ * 12 bytes long
+ */
+ fid->parent_i_pos_hi = 0;
}
return type;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 046/396] fuse: fix VM_MAYSHARE and direct_io_allow_mmap
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 045/396] fat: fix uninitialized field in nostale filehandles Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 047/396] ubifs: Set page uptodate in the correct place Greg Kroah-Hartman
` (361 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Hao Xu, Bernd Schubert,
Amir Goldstein, Miklos Szeredi, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bernd Schubert <bschubert@ddn.com>
[ Upstream commit 9511176bbaee0ac60ecc84e7b01cf5972a59ea17 ]
There were multiple issues with direct_io_allow_mmap:
- fuse_link_write_file() was missing, resulting in warnings in
fuse_write_file_get() and EIO from msync()
- "vma->vm_ops = &fuse_file_vm_ops" was not set, but especially
fuse_page_mkwrite is needed.
The semantics of invalidate_inode_pages2() is so far not clearly defined in
fuse_file_mmap. It dates back to commit 3121bfe76311 ("fuse: fix
"direct_io" private mmap") Though, as direct_io_allow_mmap is a new
feature, that was for MAP_PRIVATE only. As invalidate_inode_pages2() is
calling into fuse_launder_folio() and writes out dirty pages, it should be
safe to call invalidate_inode_pages2 for MAP_PRIVATE and MAP_SHARED as
well.
Cc: Hao Xu <howeyxu@tencent.com>
Cc: stable@vger.kernel.org
Fixes: e78662e818f9 ("fuse: add a new fuse init flag to relax restrictions in no cache mode")
Signed-off-by: Bernd Schubert <bschubert@ddn.com>
Reviewed-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/file.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index a660f1f21540a..cc9651a01351c 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2467,7 +2467,8 @@ static int fuse_file_mmap(struct file *file, struct vm_area_struct *vma)
return fuse_dax_mmap(file, vma);
if (ff->open_flags & FOPEN_DIRECT_IO) {
- /* Can't provide the coherency needed for MAP_SHARED
+ /*
+ * Can't provide the coherency needed for MAP_SHARED
* if FUSE_DIRECT_IO_ALLOW_MMAP isn't set.
*/
if ((vma->vm_flags & VM_MAYSHARE) && !fc->direct_io_allow_mmap)
@@ -2475,7 +2476,10 @@ static int fuse_file_mmap(struct file *file, struct vm_area_struct *vma)
invalidate_inode_pages2(file->f_mapping);
- return generic_file_mmap(file, vma);
+ if (!(vma->vm_flags & VM_MAYSHARE)) {
+ /* MAP_PRIVATE */
+ return generic_file_mmap(file, vma);
+ }
}
if ((vma->vm_flags & VM_SHARED) && (vma->vm_flags & VM_MAYWRITE))
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 047/396] ubifs: Set page uptodate in the correct place
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 046/396] fuse: fix VM_MAYSHARE and direct_io_allow_mmap Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 048/396] ubi: Check for too small LEB size in VTBL code Greg Kroah-Hartman
` (360 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Matthew Wilcox (Oracle),
Zhihao Cheng, Richard Weinberger, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthew Wilcox (Oracle) <willy@infradead.org>
[ Upstream commit 723012cab779eee8228376754e22c6594229bf8f ]
Page cache reads are lockless, so setting the freshly allocated page
uptodate before we've overwritten it with the data it's supposed to have
in it will allow a simultaneous reader to see old data. Move the call
to SetPageUptodate into ubifs_write_end(), which is after we copied the
new data into the page.
Fixes: 1e51764a3c2a ("UBIFS: add new flash file system")
Cc: stable@vger.kernel.org
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ubifs/file.c | 13 ++++---------
1 file changed, 4 insertions(+), 9 deletions(-)
diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index e5382f0b25878..781206d0ec845 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c
@@ -261,9 +261,6 @@ static int write_begin_slow(struct address_space *mapping,
return err;
}
}
-
- SetPageUptodate(page);
- ClearPageError(page);
}
if (PagePrivate(page))
@@ -462,9 +459,6 @@ static int ubifs_write_begin(struct file *file, struct address_space *mapping,
return err;
}
}
-
- SetPageUptodate(page);
- ClearPageError(page);
}
err = allocate_budget(c, page, ui, appending);
@@ -474,10 +468,8 @@ static int ubifs_write_begin(struct file *file, struct address_space *mapping,
* If we skipped reading the page because we were going to
* write all of it, then it is not up to date.
*/
- if (skipped_read) {
+ if (skipped_read)
ClearPageChecked(page);
- ClearPageUptodate(page);
- }
/*
* Budgeting failed which means it would have to force
* write-back but didn't, because we set the @fast flag in the
@@ -568,6 +560,9 @@ static int ubifs_write_end(struct file *file, struct address_space *mapping,
goto out;
}
+ if (len == PAGE_SIZE)
+ SetPageUptodate(page);
+
if (!PagePrivate(page)) {
attach_page_private(page, (void *)1);
atomic_long_inc(&c->dirty_pg_cnt);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 048/396] ubi: Check for too small LEB size in VTBL code
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 047/396] ubifs: Set page uptodate in the correct place Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 049/396] ubi: correct the calculation of fastmap size Greg Kroah-Hartman
` (359 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Chenyuan Yang, Richard Weinberger,
Zhihao Cheng, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Richard Weinberger <richard@nod.at>
[ Upstream commit 68a24aba7c593eafa8fd00f2f76407b9b32b47a9 ]
If the LEB size is smaller than a volume table record we cannot
have volumes.
In this case abort attaching.
Cc: Chenyuan Yang <cy54@illinois.edu>
Cc: stable@vger.kernel.org
Fixes: 801c135ce73d ("UBI: Unsorted Block Images")
Reported-by: Chenyuan Yang <cy54@illinois.edu>
Closes: https://lore.kernel.org/linux-mtd/1433EB7A-FC89-47D6-8F47-23BE41B263B3@illinois.edu/
Signed-off-by: Richard Weinberger <richard@nod.at>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/vtbl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/mtd/ubi/vtbl.c b/drivers/mtd/ubi/vtbl.c
index f700f0e4f2ec4..6e5489e233dd2 100644
--- a/drivers/mtd/ubi/vtbl.c
+++ b/drivers/mtd/ubi/vtbl.c
@@ -791,6 +791,12 @@ int ubi_read_volume_table(struct ubi_device *ubi, struct ubi_attach_info *ai)
* The number of supported volumes is limited by the eraseblock size
* and by the UBI_MAX_VOLUMES constant.
*/
+
+ if (ubi->leb_size < UBI_VTBL_RECORD_SIZE) {
+ ubi_err(ubi, "LEB size too small for a volume record");
+ return -EINVAL;
+ }
+
ubi->vtbl_slots = ubi->leb_size / UBI_VTBL_RECORD_SIZE;
if (ubi->vtbl_slots > UBI_MAX_VOLUMES)
ubi->vtbl_slots = UBI_MAX_VOLUMES;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 049/396] ubi: correct the calculation of fastmap size
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 048/396] ubi: Check for too small LEB size in VTBL code Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 050/396] mtd: rawnand: meson: fix scrambling mode value in command macro Greg Kroah-Hartman
` (358 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zhang Yi, Zhihao Cheng,
Richard Weinberger, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Yi <yi.zhang@huawei.com>
[ Upstream commit 7f174ae4f39e8475adcc09d26c5a43394689ad6c ]
Now that the calculation of fastmap size in ubi_calc_fm_size() is
incorrect since it miss each user volume's ubi_fm_eba structure and the
Internal UBI volume info. Let's correct the calculation.
Cc: stable@vger.kernel.org
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/ubi/fastmap.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/mtd/ubi/fastmap.c b/drivers/mtd/ubi/fastmap.c
index 28c8151a0725d..2cdc29483aee0 100644
--- a/drivers/mtd/ubi/fastmap.c
+++ b/drivers/mtd/ubi/fastmap.c
@@ -85,9 +85,10 @@ size_t ubi_calc_fm_size(struct ubi_device *ubi)
sizeof(struct ubi_fm_scan_pool) +
sizeof(struct ubi_fm_scan_pool) +
(ubi->peb_count * sizeof(struct ubi_fm_ec)) +
- (sizeof(struct ubi_fm_eba) +
- (ubi->peb_count * sizeof(__be32))) +
- sizeof(struct ubi_fm_volhdr) * UBI_MAX_VOLUMES;
+ ((sizeof(struct ubi_fm_eba) +
+ sizeof(struct ubi_fm_volhdr)) *
+ (UBI_MAX_VOLUMES + UBI_INT_VOL_COUNT)) +
+ (ubi->peb_count * sizeof(__be32));
return roundup(size, ubi->leb_size);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 050/396] mtd: rawnand: meson: fix scrambling mode value in command macro
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 049/396] ubi: correct the calculation of fastmap size Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 051/396] md/md-bitmap: fix incorrect usage for sb_index Greg Kroah-Hartman
` (357 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arseniy Krasnov, Stable,
Miquel Raynal, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arseniy Krasnov <avkrasnov@salutedevices.com>
[ Upstream commit ef6f463599e16924cdd02ce5056ab52879dc008c ]
Scrambling mode is enabled by value (1 << 19). NFC_CMD_SCRAMBLER_ENABLE
is already (1 << 19), so there is no need to shift it again in CMDRWGEN
macro.
Signed-off-by: Arseniy Krasnov <avkrasnov@salutedevices.com>
Cc: <Stable@vger.kernel.org>
Fixes: 8fae856c5350 ("mtd: rawnand: meson: add support for Amlogic NAND flash controller")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240210214551.441610-1-avkrasnov@salutedevices.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/meson_nand.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/meson_nand.c b/drivers/mtd/nand/raw/meson_nand.c
index a506e658d4624..439e9593c8ed1 100644
--- a/drivers/mtd/nand/raw/meson_nand.c
+++ b/drivers/mtd/nand/raw/meson_nand.c
@@ -63,7 +63,7 @@
#define CMDRWGEN(cmd_dir, ran, bch, short_mode, page_size, pages) \
( \
(cmd_dir) | \
- ((ran) << 19) | \
+ (ran) | \
((bch) << 14) | \
((short_mode) << 13) | \
(((page_size) & 0x7f) << 6) | \
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 051/396] md/md-bitmap: fix incorrect usage for sb_index
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 050/396] mtd: rawnand: meson: fix scrambling mode value in command macro Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 052/396] x86/nmi: Fix the inverse "in NMI handler" check Greg Kroah-Hartman
` (356 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Heming Zhao, Christoph Hellwig,
Song Liu, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heming Zhao <heming.zhao@suse.com>
[ Upstream commit ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06 ]
Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the
bitmap file") removed page->index from bitmap code, but left wrong code
logic for clustered-md. current code never set slot offset for cluster
nodes, will sometimes cause crash in clustered env.
Call trace (partly):
md_bitmap_file_set_bit+0x110/0x1d8 [md_mod]
md_bitmap_startwrite+0x13c/0x240 [md_mod]
raid1_make_request+0x6b0/0x1c08 [raid1]
md_handle_request+0x1dc/0x368 [md_mod]
md_submit_bio+0x80/0xf8 [md_mod]
__submit_bio+0x178/0x300
submit_bio_noacct_nocheck+0x11c/0x338
submit_bio_noacct+0x134/0x614
submit_bio+0x28/0xdc
submit_bh_wbc+0x130/0x1cc
submit_bh+0x1c/0x28
Fixes: d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file")
Cc: stable@vger.kernel.org # v6.6+
Signed-off-by: Heming Zhao <heming.zhao@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20240223121128.28985-1-heming.zhao@suse.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md-bitmap.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c
index 6f9ff14971f98..42d4c38ba54d5 100644
--- a/drivers/md/md-bitmap.c
+++ b/drivers/md/md-bitmap.c
@@ -234,7 +234,8 @@ static int __write_sb_page(struct md_rdev *rdev, struct bitmap *bitmap,
sector_t doff;
bdev = (rdev->meta_bdev) ? rdev->meta_bdev : rdev->bdev;
- if (pg_index == store->file_pages - 1) {
+ /* we compare length (page numbers), not page offset. */
+ if ((pg_index - store->sb_index) == store->file_pages - 1) {
unsigned int last_page_size = store->bytes & (PAGE_SIZE - 1);
if (last_page_size == 0)
@@ -438,8 +439,8 @@ static void filemap_write_page(struct bitmap *bitmap, unsigned long pg_index,
struct page *page = store->filemap[pg_index];
if (mddev_is_clustered(bitmap->mddev)) {
- pg_index += bitmap->cluster_slot *
- DIV_ROUND_UP(store->bytes, PAGE_SIZE);
+ /* go to node bitmap area starting point */
+ pg_index += store->sb_index;
}
if (store->file)
@@ -952,6 +953,7 @@ static void md_bitmap_file_set_bit(struct bitmap *bitmap, sector_t block)
unsigned long index = file_page_index(store, chunk);
unsigned long node_offset = 0;
+ index += store->sb_index;
if (mddev_is_clustered(bitmap->mddev))
node_offset = bitmap->cluster_slot * store->file_pages;
@@ -982,6 +984,7 @@ static void md_bitmap_file_clear_bit(struct bitmap *bitmap, sector_t block)
unsigned long index = file_page_index(store, chunk);
unsigned long node_offset = 0;
+ index += store->sb_index;
if (mddev_is_clustered(bitmap->mddev))
node_offset = bitmap->cluster_slot * store->file_pages;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 052/396] x86/nmi: Fix the inverse "in NMI handler" check
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 051/396] md/md-bitmap: fix incorrect usage for sb_index Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 053/396] parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Greg Kroah-Hartman
` (355 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Breno Leitao, Thomas Gleixner,
Paul E. McKenney, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit d54e56f31a34fa38fcb5e91df609f9633419a79a ]
Commit 344da544f177 ("x86/nmi: Print reasons why backtrace NMIs are
ignored") creates a super nice framework to diagnose NMIs.
Every time nmi_exc() is called, it increments a per_cpu counter
(nsp->idt_nmi_seq). At its exit, it also increments the same counter. By
reading this counter it can be seen how many times that function was called
(dividing by 2), and, if the function is still being executed, by checking
the idt_nmi_seq's least significant bit.
On the check side (nmi_backtrace_stall_check()), that variable is queried
to check if the NMI is still being executed, but, there is a mistake in the
bitwise operation. That code wants to check if the least significant bit of
the idt_nmi_seq is set or not, but does the opposite, and checks for all
the other bits, which will always be true after the first exc_nmi()
executed successfully.
This appends the misleading string to the dump "(CPU currently in NMI
handler function)"
Fix it by checking the least significant bit, and if it is set, append the
string.
Fixes: 344da544f177 ("x86/nmi: Print reasons why backtrace NMIs are ignored")
Signed-off-by: Breno Leitao <leitao@debian.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Paul E. McKenney <paulmck@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240207165237.1048837-1-leitao@debian.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/nmi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c
index 07e045399348e..87aee638e1a5d 100644
--- a/arch/x86/kernel/nmi.c
+++ b/arch/x86/kernel/nmi.c
@@ -629,7 +629,7 @@ void nmi_backtrace_stall_check(const struct cpumask *btp)
msgp = nmi_check_stall_msg[idx];
if (nsp->idt_ignored_snap != READ_ONCE(nsp->idt_ignored) && (idx & 0x1))
modp = ", but OK because ignore_nmis was set";
- if (nmi_seq & ~0x1)
+ if (nmi_seq & 0x1)
msghp = " (CPU currently in NMI handler function)";
else if (nsp->idt_nmi_seq_snap + 1 == nmi_seq)
msghp = " (CPU exited one NMI handler function)";
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 053/396] parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 052/396] x86/nmi: Fix the inverse "in NMI handler" check Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 054/396] parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Greg Kroah-Hartman
` (354 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Guenter Roeck, Helge Deller,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit e5db6a74571a8baf87a116ea39aab946283362ff ]
Convert to use real temp variables instead of clobbering processor
registers. This aligns the 64-bit inline assembly code with the 32-bit
assembly code which was rewritten with commit 427c1073a2a1
("parisc/unaligned: Rewrite 32-bit inline assembly of emulate_ldd()").
While at it, fix comment in 32-bit rewrite code. Temporary variables are
now used for both 32-bit and 64-bit code, so move their declarations
to the function header.
No functional change intended.
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: stable@vger.kernel.org # v6.0+
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/kernel/unaligned.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
diff --git a/arch/parisc/kernel/unaligned.c b/arch/parisc/kernel/unaligned.c
index c520e551a1652..a8e75e5b884a7 100644
--- a/arch/parisc/kernel/unaligned.c
+++ b/arch/parisc/kernel/unaligned.c
@@ -169,6 +169,7 @@ static int emulate_ldw(struct pt_regs *regs, int toreg, int flop)
static int emulate_ldd(struct pt_regs *regs, int toreg, int flop)
{
unsigned long saddr = regs->ior;
+ unsigned long shift, temp1;
__u64 val = 0;
ASM_EXCEPTIONTABLE_VAR(ret);
@@ -180,25 +181,22 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop)
#ifdef CONFIG_64BIT
__asm__ __volatile__ (
-" depd,z %3,60,3,%%r19\n" /* r19=(ofs&7)*8 */
-" mtsp %4, %%sr1\n"
-" depd %%r0,63,3,%3\n"
-"1: ldd 0(%%sr1,%3),%0\n"
-"2: ldd 8(%%sr1,%3),%%r20\n"
-" subi 64,%%r19,%%r19\n"
-" mtsar %%r19\n"
-" shrpd %0,%%r20,%%sar,%0\n"
+" depd,z %2,60,3,%3\n" /* shift=(ofs&7)*8 */
+" mtsp %5, %%sr1\n"
+" depd %%r0,63,3,%2\n"
+"1: ldd 0(%%sr1,%2),%0\n"
+"2: ldd 8(%%sr1,%2),%4\n"
+" subi 64,%3,%3\n"
+" mtsar %3\n"
+" shrpd %0,%4,%%sar,%0\n"
"3: \n"
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1")
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1")
- : "=r" (val), "+r" (ret)
- : "0" (val), "r" (saddr), "r" (regs->isr)
- : "r19", "r20" );
+ : "+r" (val), "+r" (ret), "+r" (saddr), "=&r" (shift), "=&r" (temp1)
+ : "r" (regs->isr) );
#else
- {
- unsigned long shift, temp1;
__asm__ __volatile__ (
-" zdep %2,29,2,%3\n" /* r19=(ofs&3)*8 */
+" zdep %2,29,2,%3\n" /* shift=(ofs&3)*8 */
" mtsp %5, %%sr1\n"
" dep %%r0,31,2,%2\n"
"1: ldw 0(%%sr1,%2),%0\n"
@@ -214,7 +212,6 @@ static int emulate_ldd(struct pt_regs *regs, int toreg, int flop)
ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b, "%1")
: "+r" (val), "+r" (ret), "+r" (saddr), "=&r" (shift), "=&r" (temp1)
: "r" (regs->isr) );
- }
#endif
DPRINTF("val = 0x%llx\n", val);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 054/396] parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 053/396] parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 055/396] parisc: Fix ip_fast_csum Greg Kroah-Hartman
` (353 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, John David Anglin, Helge Deller,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John David Anglin <dave.anglin@bell.net>
[ Upstream commit 4603fbaa76b5e703b38ac8cc718102834eb6e330 ]
Use add,l to avoid clobbering the C/B bits in the PSW.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # v5.10+
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/assembly.h | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/arch/parisc/include/asm/assembly.h b/arch/parisc/include/asm/assembly.h
index 5937d5edaba1e..000a28e1c5e8d 100644
--- a/arch/parisc/include/asm/assembly.h
+++ b/arch/parisc/include/asm/assembly.h
@@ -97,26 +97,28 @@
* version takes two arguments: a src and destination register.
* However, the source and destination registers can not be
* the same register.
+ *
+ * We use add,l to avoid clobbering the C/B bits in the PSW.
*/
.macro tophys grvirt, grphys
- ldil L%(__PAGE_OFFSET), \grphys
- sub \grvirt, \grphys, \grphys
+ ldil L%(-__PAGE_OFFSET), \grphys
+ addl \grvirt, \grphys, \grphys
.endm
-
+
.macro tovirt grphys, grvirt
ldil L%(__PAGE_OFFSET), \grvirt
- add \grphys, \grvirt, \grvirt
+ addl \grphys, \grvirt, \grvirt
.endm
.macro tophys_r1 gr
- ldil L%(__PAGE_OFFSET), %r1
- sub \gr, %r1, \gr
+ ldil L%(-__PAGE_OFFSET), %r1
+ addl \gr, %r1, \gr
.endm
-
+
.macro tovirt_r1 gr
ldil L%(__PAGE_OFFSET), %r1
- add \gr, %r1, \gr
+ addl \gr, %r1, \gr
.endm
.macro delay value
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 055/396] parisc: Fix ip_fast_csum
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 054/396] parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 056/396] parisc: Fix csum_ipv6_magic on 32-bit systems Greg Kroah-Hartman
` (352 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Palmer Dabbelt, Guenter Roeck,
Charlie Jenkins, Helge Deller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit a2abae8f0b638c31bb9799d9dd847306e0d005bd ]
IP checksum unit tests report the following error when run on hppa/hppa64.
# test_ip_fast_csum: ASSERTION FAILED at lib/checksum_kunit.c:463
Expected ( u64)csum_result == ( u64)expected, but
( u64)csum_result == 33754 (0x83da)
( u64)expected == 10946 (0x2ac2)
not ok 4 test_ip_fast_csum
0x83da is the expected result if the IP header length is 20 bytes. 0x2ac2
is the expected result if the IP header length is 24 bytes. The test fails
with an IP header length of 24 bytes. It appears that ip_fast_csum()
always returns the checksum for a 20-byte header, no matter how long
the header actually is.
Code analysis shows a suspicious assembler sequence in ip_fast_csum().
" addc %0, %3, %0\n"
"1: ldws,ma 4(%1), %3\n"
" addib,< 0, %2, 1b\n" <---
While my understanding of HPPA assembler is limited, it does not seem
to make much sense to subtract 0 from a register and to expect the result
to ever be negative. Subtracting 1 from the length parameter makes more
sense. On top of that, the operation should be repeated if and only if
the result is still > 0, so change the suspicious instruction to
" addib,> -1, %2, 1b\n"
The IP checksum unit test passes after this change.
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/checksum.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
index 3c43baca7b397..f705e5dd10742 100644
--- a/arch/parisc/include/asm/checksum.h
+++ b/arch/parisc/include/asm/checksum.h
@@ -40,7 +40,7 @@ static inline __sum16 ip_fast_csum(const void *iph, unsigned int ihl)
" addc %0, %5, %0\n"
" addc %0, %3, %0\n"
"1: ldws,ma 4(%1), %3\n"
-" addib,< 0, %2, 1b\n"
+" addib,> -1, %2, 1b\n"
" addc %0, %3, %0\n"
"\n"
" extru %0, 31, 16, %4\n"
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 056/396] parisc: Fix csum_ipv6_magic on 32-bit systems
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 055/396] parisc: Fix ip_fast_csum Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 057/396] parisc: Fix csum_ipv6_magic on 64-bit systems Greg Kroah-Hartman
` (351 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Palmer Dabbelt, Guenter Roeck,
Charlie Jenkins, Helge Deller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 4408ba75e4ba80c91fde7e10bccccf388f5c09be ]
Calculating the IPv6 checksum on 32-bit systems missed overflows when
adding the proto+len fields into the checksum. This results in the
following unit test failure.
# test_csum_ipv6_magic: ASSERTION FAILED at lib/checksum_kunit.c:506
Expected ( u64)csum_result == ( u64)expected, but
( u64)csum_result == 46722 (0xb682)
( u64)expected == 46721 (0xb681)
not ok 5 test_csum_ipv6_magic
This is probably rarely seen in the real world because proto+len are
usually small values which will rarely result in overflows when calculating
the checksum. However, the unit test code uses large values for the length
field, causing the test to fail.
Fix the problem by adding the missing carry into the final checksum.
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Charlie Jenkins <charlie@rivosinc.com>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/checksum.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
index f705e5dd10742..e619e67440db9 100644
--- a/arch/parisc/include/asm/checksum.h
+++ b/arch/parisc/include/asm/checksum.h
@@ -163,7 +163,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
" ldw,ma 4(%2), %7\n" /* 4th daddr */
" addc %6, %0, %0\n"
" addc %7, %0, %0\n"
-" addc %3, %0, %0\n" /* fold in proto+len, catch carry */
+" addc %3, %0, %0\n" /* fold in proto+len */
+" addc 0, %0, %0\n" /* add carry */
#endif
: "=r" (sum), "=r" (saddr), "=r" (daddr), "=r" (len),
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 057/396] parisc: Fix csum_ipv6_magic on 64-bit systems
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 056/396] parisc: Fix csum_ipv6_magic on 32-bit systems Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 058/396] parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Greg Kroah-Hartman
` (350 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Palmer Dabbelt, Guenter Roeck,
Charlie Jenkins, Helge Deller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 4b75b12d70506e31fc02356bbca60f8d5ca012d0 ]
hppa 64-bit systems calculates the IPv6 checksum using 64-bit add
operations. The last add folds protocol and length fields into the 64-bit
result. While unlikely, this operation can overflow. The overflow can be
triggered with a code sequence such as the following.
/* try to trigger massive overflows */
memset(tmp_buf, 0xff, sizeof(struct in6_addr));
csum_result = csum_ipv6_magic((struct in6_addr *)tmp_buf,
(struct in6_addr *)tmp_buf,
0xffff, 0xff, 0xffffffff);
Fix the problem by adding any overflows from the final add operation into
the calculated checksum. Fortunately, we can do this without additional
cost by replacing the add operation used to fold the checksum into 32 bit
with "add,dc" to add in the missing carry.
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/checksum.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
index e619e67440db9..c949aa20fa162 100644
--- a/arch/parisc/include/asm/checksum.h
+++ b/arch/parisc/include/asm/checksum.h
@@ -137,8 +137,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
" add,dc %3, %0, %0\n" /* fold in proto+len | carry bit */
" extrd,u %0, 31, 32, %4\n"/* copy upper half down */
" depdi 0, 31, 32, %0\n"/* clear upper half */
-" add %4, %0, %0\n" /* fold into 32-bits */
-" addc 0, %0, %0\n" /* add carry */
+" add,dc %4, %0, %0\n" /* fold into 32-bits, plus carry */
+" addc 0, %0, %0\n" /* add final carry */
#else
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 058/396] parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 057/396] parisc: Fix csum_ipv6_magic on 64-bit systems Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 059/396] md/raid5: fix atomicity violation in raid5_cache_count Greg Kroah-Hartman
` (349 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Helge Deller, Guenter Roeck,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit 0568b6f0d863643db2edcc7be31165740c89fa82 ]
IPv6 checksum tests with unaligned addresses on 64-bit builds result
in unexpected failures.
Expected expected == csum_result, but
expected == 46591 (0xb5ff)
csum_result == 46381 (0xb52d)
with alignment offset 1
Oddly enough, the problem disappeared after adding test code into
the beginning of csum_ipv6_magic().
As it turns out, the 'sum' parameter of csum_ipv6_magic() is declared as
__wsum, which is a 32-bit variable. However, it is treated as 64-bit
variable in the 64-bit assembler code. Tests showed that the upper 32 bit
of the register used to pass the variable are _not_ cleared when entering
the function. This can result in checksum calculation errors.
Clearing the upper 32 bit of 'sum' as first operation in the assembler
code fixes the problem.
Acked-by: Helge Deller <deller@gmx.de>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/parisc/include/asm/checksum.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/parisc/include/asm/checksum.h b/arch/parisc/include/asm/checksum.h
index c949aa20fa162..2aceebcd695c8 100644
--- a/arch/parisc/include/asm/checksum.h
+++ b/arch/parisc/include/asm/checksum.h
@@ -126,6 +126,7 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
** Try to keep 4 registers with "live" values ahead of the ALU.
*/
+" depdi 0, 31, 32, %0\n"/* clear upper half of incoming checksum */
" ldd,ma 8(%1), %4\n" /* get 1st saddr word */
" ldd,ma 8(%2), %5\n" /* get 1st daddr word */
" add %4, %0, %0\n"
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 059/396] md/raid5: fix atomicity violation in raid5_cache_count
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 058/396] parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 060/396] iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Greg Kroah-Hartman
` (348 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gui-Dong Han, Yu Kuai, Song Liu,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gui-Dong Han <2045gemini@gmail.com>
[ Upstream commit dfd2bf436709b2bccb78c2dda550dde93700efa7 ]
In raid5_cache_count():
if (conf->max_nr_stripes < conf->min_nr_stripes)
return 0;
return conf->max_nr_stripes - conf->min_nr_stripes;
The current check is ineffective, as the values could change immediately
after being checked.
In raid5_set_cache_size():
...
conf->min_nr_stripes = size;
...
while (size > conf->max_nr_stripes)
conf->min_nr_stripes = conf->max_nr_stripes;
...
Due to intermediate value updates in raid5_set_cache_size(), concurrent
execution of raid5_cache_count() and raid5_set_cache_size() may lead to
inconsistent reads of conf->max_nr_stripes and conf->min_nr_stripes.
The current checks are ineffective as values could change immediately
after being checked, raising the risk of conf->min_nr_stripes exceeding
conf->max_nr_stripes and potentially causing an integer overflow.
This possible bug is found by an experimental static analysis tool
developed by our team. This tool analyzes the locking APIs to extract
function pairs that can be concurrently executed, and then analyzes the
instructions in the paired functions to identify possible concurrency bugs
including data races and atomicity violations. The above possible bug is
reported when our tool analyzes the source code of Linux 6.2.
To resolve this issue, it is suggested to introduce local variables
'min_stripes' and 'max_stripes' in raid5_cache_count() to ensure the
values remain stable throughout the check. Adding locks in
raid5_cache_count() fails to resolve atomicity violations, as
raid5_set_cache_size() may hold intermediate values of
conf->min_nr_stripes while unlocked. With this patch applied, our tool no
longer reports the bug, with the kernel configuration allyesconfig for
x86_64. Due to the lack of associated hardware, we cannot test the patch
in runtime testing, and just verify it according to the code logic.
Fixes: edbe83ab4c27 ("md/raid5: allow the stripe_cache to grow and shrink.")
Cc: stable@vger.kernel.org
Signed-off-by: Gui-Dong Han <2045gemini@gmail.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20240112071017.16313-1-2045gemini@gmail.com
Signed-off-by: Song Liu <song@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/raid5.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
index 68d86dbecb4ac..212bf85edad03 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -2420,7 +2420,7 @@ static int grow_one_stripe(struct r5conf *conf, gfp_t gfp)
atomic_inc(&conf->active_stripes);
raid5_release_stripe(sh);
- conf->max_nr_stripes++;
+ WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes + 1);
return 1;
}
@@ -2717,7 +2717,7 @@ static int drop_one_stripe(struct r5conf *conf)
shrink_buffers(sh);
free_stripe(conf->slab_cache, sh);
atomic_dec(&conf->active_stripes);
- conf->max_nr_stripes--;
+ WRITE_ONCE(conf->max_nr_stripes, conf->max_nr_stripes - 1);
return 1;
}
@@ -6901,7 +6901,7 @@ raid5_set_cache_size(struct mddev *mddev, int size)
if (size <= 16 || size > 32768)
return -EINVAL;
- conf->min_nr_stripes = size;
+ WRITE_ONCE(conf->min_nr_stripes, size);
mutex_lock(&conf->cache_size_mutex);
while (size < conf->max_nr_stripes &&
drop_one_stripe(conf))
@@ -6913,7 +6913,7 @@ raid5_set_cache_size(struct mddev *mddev, int size)
mutex_lock(&conf->cache_size_mutex);
while (size > conf->max_nr_stripes)
if (!grow_one_stripe(conf, GFP_KERNEL)) {
- conf->min_nr_stripes = conf->max_nr_stripes;
+ WRITE_ONCE(conf->min_nr_stripes, conf->max_nr_stripes);
result = -ENOMEM;
break;
}
@@ -7478,11 +7478,13 @@ static unsigned long raid5_cache_count(struct shrinker *shrink,
struct shrink_control *sc)
{
struct r5conf *conf = container_of(shrink, struct r5conf, shrinker);
+ int max_stripes = READ_ONCE(conf->max_nr_stripes);
+ int min_stripes = READ_ONCE(conf->min_nr_stripes);
- if (conf->max_nr_stripes < conf->min_nr_stripes)
+ if (max_stripes < min_stripes)
/* unlikely, but not impossible */
return 0;
- return conf->max_nr_stripes - conf->min_nr_stripes;
+ return max_stripes - min_stripes;
}
static struct r5conf *setup_conf(struct mddev *mddev)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 060/396] iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 059/396] md/raid5: fix atomicity violation in raid5_cache_count Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 061/396] iio: adc: rockchip_saradc: use mask for write_enable bitfield Greg Kroah-Hartman
` (347 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Schulz, Heiko Stuebner,
Andy Shevchenko, Stable, Jonathan Cameron, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[ Upstream commit b0a4546df24a4f8c59b2d05ae141bd70ceccc386 ]
The SARADCv2 on RK3588 (the only SoC currently supported that has an
SARADCv2) selects the channel through the channel_sel bitfield which is
the 4 lowest bits, therefore the mask should be GENMASK(3, 0) and not
GENMASK(15, 0).
Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-1-84b06a0f623a@theobroma-systems.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/rockchip_saradc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c
index dd94667a623bd..2da8d6f3241a1 100644
--- a/drivers/iio/adc/rockchip_saradc.c
+++ b/drivers/iio/adc/rockchip_saradc.c
@@ -52,7 +52,7 @@
#define SARADC2_START BIT(4)
#define SARADC2_SINGLE_MODE BIT(5)
-#define SARADC2_CONV_CHANNELS GENMASK(15, 0)
+#define SARADC2_CONV_CHANNELS GENMASK(3, 0)
struct rockchip_saradc;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 061/396] iio: adc: rockchip_saradc: use mask for write_enable bitfield
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 060/396] iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 062/396] docs: Restore "smart quotes" for quotes Greg Kroah-Hartman
` (346 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quentin Schulz, Heiko Stuebner,
Stable, Jonathan Cameron, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quentin Schulz <quentin.schulz@theobroma-systems.com>
[ Upstream commit 5b4e4b72034f85f7a0cdd147d3d729c5a22c8764 ]
Some of the registers on the SARADCv2 have bits write protected except
if another bit is set. This is usually done by having the lowest 16 bits
store the data to write and the highest 16 bits specify which of the 16
lowest bits should have their value written to the hardware block.
The write_enable mask for the channel selection was incorrect because it
was just the value shifted by 16 bits, which means it would only ever
write bits and never clear them. So e.g. if someone starts a conversion
on channel 5, the lowest 4 bits would be 0x5, then starts a conversion
on channel 0, it would still be 5.
Instead of shifting the value by 16 as the mask, let's use the OR'ing of
the appropriate masks shifted by 16.
Note that this is not an issue currently because the only SARADCv2
currently supported has a reset defined in its Device Tree, that reset
resets the SARADC controller before starting a conversion on a channel.
However, this reset is handled as optional by the probe function and
thus proper masking should be used in the event an SARADCv2 without a
reset ever makes it upstream.
Fixes: 757953f8ec69 ("iio: adc: rockchip_saradc: Add support for RK3588")
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Heiko Stuebner <heiko@sntech.de>
Link: https://lore.kernel.org/r/20240223-saradcv2-chan-mask-v1-2-84b06a0f623a@theobroma-systems.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iio/adc/rockchip_saradc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/iio/adc/rockchip_saradc.c b/drivers/iio/adc/rockchip_saradc.c
index 2da8d6f3241a1..1c0042fbbb548 100644
--- a/drivers/iio/adc/rockchip_saradc.c
+++ b/drivers/iio/adc/rockchip_saradc.c
@@ -102,12 +102,12 @@ static void rockchip_saradc_start_v2(struct rockchip_saradc *info, int chn)
writel_relaxed(0xc, info->regs + SARADC_T_DAS_SOC);
writel_relaxed(0x20, info->regs + SARADC_T_PD_SOC);
val = FIELD_PREP(SARADC2_EN_END_INT, 1);
- val |= val << 16;
+ val |= SARADC2_EN_END_INT << 16;
writel_relaxed(val, info->regs + SARADC2_END_INT_EN);
val = FIELD_PREP(SARADC2_START, 1) |
FIELD_PREP(SARADC2_SINGLE_MODE, 1) |
FIELD_PREP(SARADC2_CONV_CHANNELS, chn);
- val |= val << 16;
+ val |= (SARADC2_START | SARADC2_SINGLE_MODE | SARADC2_CONV_CHANNELS) << 16;
writel(val, info->regs + SARADC2_CONV_CON);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 062/396] docs: Restore "smart quotes" for quotes
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 061/396] iio: adc: rockchip_saradc: use mask for write_enable bitfield Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 063/396] cpufreq: Limit resolving a frequency to policy min/max Greg Kroah-Hartman
` (345 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Akira Yokosawa, Jonathan Corbet,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Akira Yokosawa <akiyks@gmail.com>
[ Upstream commit fe2562582bffe675721e77e00b3bf5bfa1d7aeab ]
Commit eaae75754d81 ("docs: turn off "smart quotes" in the HTML build")
disabled conversion of quote marks along with that of dashes.
Despite the short summary, the change affects not only HTML build
but also other build targets including PDF.
However, as "smart quotes" had been enabled for more than half a
decade already, quite a few readers of HTML pages are likely expecting
conversions of "foo" -> “foo” and 'bar' -> ‘bar’.
Furthermore, in LaTeX typesetting convention, it is common to use
distinct marks for opening and closing quote marks.
To satisfy such readers' expectation, restore conversion of quotes
only by setting smartquotes_action [1].
Link: [1] https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-smartquotes_action
Cc: stable@vger.kernel.org # v6.4
Signed-off-by: Akira Yokosawa <akiyks@gmail.com>
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Link: https://lore.kernel.org/r/20240225094600.65628-1-akiyks@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
Documentation/conf.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/Documentation/conf.py b/Documentation/conf.py
index dfc19c915d5c4..e385e24fe9e72 100644
--- a/Documentation/conf.py
+++ b/Documentation/conf.py
@@ -345,9 +345,9 @@ sys.stderr.write("Using %s theme\n" % html_theme)
html_static_path = ['sphinx-static']
# If true, Docutils "smart quotes" will be used to convert quotes and dashes
-# to typographically correct entities. This will convert "--" to "—",
-# which is not always what we want, so disable it.
-smartquotes = False
+# to typographically correct entities. However, conversion of "--" to "—"
+# is not always what we want, so enable only quotes.
+smartquotes_action = 'q'
# Custom sidebar templates, maps document names to template names.
# Note that the RTD theme ignores this
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 063/396] cpufreq: Limit resolving a frequency to policy min/max
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 062/396] docs: Restore "smart quotes" for quotes Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 064/396] PM: suspend: Set mem_sleep_current during kernel command line setup Greg Kroah-Hartman
` (344 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shivnandan Kumar, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shivnandan Kumar <quic_kshivnan@quicinc.com>
[ Upstream commit d394abcb12bb1a6f309c1221fdb8e73594ecf1b4 ]
Resolving a frequency to an efficient one should not transgress
policy->max (which can be set for thermal reason) and policy->min.
Currently, there is possibility where scaling_cur_freq can exceed
scaling_max_freq when scaling_max_freq is an inefficient frequency.
Add a check to ensure that resolving a frequency will respect
policy->min/max.
Cc: All applicable <stable@vger.kernel.org>
Fixes: 1f39fa0dccff ("cpufreq: Introducing CPUFREQ_RELATION_E")
Signed-off-by: Shivnandan Kumar <quic_kshivnan@quicinc.com>
[ rjw: Whitespace adjustment, changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/cpufreq.h | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
index 71d186d6933a5..3a4cefb25ba61 100644
--- a/include/linux/cpufreq.h
+++ b/include/linux/cpufreq.h
@@ -1021,6 +1021,18 @@ static inline int cpufreq_table_find_index_c(struct cpufreq_policy *policy,
efficiencies);
}
+static inline bool cpufreq_is_in_limits(struct cpufreq_policy *policy, int idx)
+{
+ unsigned int freq;
+
+ if (idx < 0)
+ return false;
+
+ freq = policy->freq_table[idx].frequency;
+
+ return freq == clamp_val(freq, policy->min, policy->max);
+}
+
static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy,
unsigned int target_freq,
unsigned int relation)
@@ -1054,7 +1066,8 @@ static inline int cpufreq_frequency_table_target(struct cpufreq_policy *policy,
return 0;
}
- if (idx < 0 && efficiencies) {
+ /* Limit frequency index to honor policy->min/max */
+ if (!cpufreq_is_in_limits(policy, idx) && efficiencies) {
efficiencies = false;
goto retry;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 064/396] PM: suspend: Set mem_sleep_current during kernel command line setup
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 063/396] cpufreq: Limit resolving a frequency to policy min/max Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 065/396] vfio/pds: Always clear the save/restore FDs on reset Greg Kroah-Hartman
` (343 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Maulik Shah, Rafael J. Wysocki,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maulik Shah <quic_mkshah@quicinc.com>
[ Upstream commit 9bc4ffd32ef8943f5c5a42c9637cfd04771d021b ]
psci_init_system_suspend() invokes suspend_set_ops() very early during
bootup even before kernel command line for mem_sleep_default is setup.
This leads to kernel command line mem_sleep_default=s2idle not working
as mem_sleep_current gets changed to deep via suspend_set_ops() and never
changes back to s2idle.
Set mem_sleep_current along with mem_sleep_default during kernel command
line setup as default suspend mode.
Fixes: faf7ec4a92c0 ("drivers: firmware: psci: add system suspend support")
CC: stable@vger.kernel.org # 5.4+
Signed-off-by: Maulik Shah <quic_mkshah@quicinc.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/power/suspend.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/power/suspend.c b/kernel/power/suspend.c
index fa3bf161d13f7..a718067deecee 100644
--- a/kernel/power/suspend.c
+++ b/kernel/power/suspend.c
@@ -192,6 +192,7 @@ static int __init mem_sleep_default_setup(char *str)
if (mem_sleep_labels[state] &&
!strcmp(str, mem_sleep_labels[state])) {
mem_sleep_default = state;
+ mem_sleep_current = state;
break;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 065/396] vfio/pds: Always clear the save/restore FDs on reset
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 064/396] PM: suspend: Set mem_sleep_current during kernel command line setup Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 066/396] clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Greg Kroah-Hartman
` (342 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Brett Creeley, Shannon Nelson,
Kevin Tian, Alex Williamson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brett Creeley <brett.creeley@amd.com>
[ Upstream commit 8512ed256334f6637fc0699ce794792c357544ec ]
After reset the VFIO device state will always be put in
VFIO_DEVICE_STATE_RUNNING, but the save/restore files will only be
cleared if the previous state was VFIO_DEVICE_STATE_ERROR. This
can/will cause the restore/save files to be leaked if/when the
migration state machine transitions through the states that
re-allocates these files. Fix this by always clearing the
restore/save files for resets.
Fixes: 7dabb1bcd177 ("vfio/pds: Add support for firmware recovery")
Cc: stable@vger.kernel.org
Signed-off-by: Brett Creeley <brett.creeley@amd.com>
Reviewed-by: Shannon Nelson <shannon.nelson@amd.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Link: https://lore.kernel.org/r/20240228003205.47311-2-brett.creeley@amd.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/pds/vfio_dev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/vfio/pci/pds/vfio_dev.c b/drivers/vfio/pci/pds/vfio_dev.c
index 4c351c59d05a9..a286ebcc71126 100644
--- a/drivers/vfio/pci/pds/vfio_dev.c
+++ b/drivers/vfio/pci/pds/vfio_dev.c
@@ -32,9 +32,9 @@ void pds_vfio_state_mutex_unlock(struct pds_vfio_pci_device *pds_vfio)
mutex_lock(&pds_vfio->reset_mutex);
if (pds_vfio->deferred_reset) {
pds_vfio->deferred_reset = false;
+ pds_vfio_put_restore_file(pds_vfio);
+ pds_vfio_put_save_file(pds_vfio);
if (pds_vfio->state == VFIO_DEVICE_STATE_ERROR) {
- pds_vfio_put_restore_file(pds_vfio);
- pds_vfio_put_save_file(pds_vfio);
pds_vfio_dirty_disable(pds_vfio, false);
}
pds_vfio->state = pds_vfio->deferred_reset_state;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 066/396] clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 065/396] vfio/pds: Always clear the save/restore FDs on reset Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 067/396] clk: qcom: gcc-ipq6018: " Greg Kroah-Hartman
` (341 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit 90ad946fff70f312b8d23226afc38c13ddd88c4b ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Fixes: e3fdbef1bab8 ("clk: qcom: Add Global Clock controller (GCC) driver for IPQ5018")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-1-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq5018.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/clk/qcom/gcc-ipq5018.c b/drivers/clk/qcom/gcc-ipq5018.c
index cc2331d729fb6..3136ba1c2a59c 100644
--- a/drivers/clk/qcom/gcc-ipq5018.c
+++ b/drivers/clk/qcom/gcc-ipq5018.c
@@ -856,6 +856,7 @@ static struct clk_rcg2 lpass_sway_clk_src = {
static const struct freq_tbl ftbl_pcie0_aux_clk_src[] = {
F(2000000, P_XO, 12, 0, 0),
+ { }
};
static struct clk_rcg2 pcie0_aux_clk_src = {
@@ -1098,6 +1099,7 @@ static const struct freq_tbl ftbl_qpic_io_macro_clk_src[] = {
F(100000000, P_GPLL0, 8, 0, 0),
F(200000000, P_GPLL0, 4, 0, 0),
F(320000000, P_GPLL0, 2.5, 0, 0),
+ { }
};
static struct clk_rcg2 qpic_io_macro_clk_src = {
@@ -1193,6 +1195,7 @@ static struct clk_rcg2 ubi0_axi_clk_src = {
static const struct freq_tbl ftbl_ubi0_core_clk_src[] = {
F(850000000, P_UBI32_PLL, 1, 0, 0),
F(1000000000, P_UBI32_PLL, 1, 0, 0),
+ { }
};
static struct clk_rcg2 ubi0_core_clk_src = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 067/396] clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 066/396] clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 068/396] clk: qcom: gcc-ipq8074: " Greg Kroah-Hartman
` (340 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit cdbc6e2d8108bc47895e5a901cfcaf799b00ca8d ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
Fixes: d9db07f088af ("clk: qcom: Add ipq6018 Global Clock Controller support")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-2-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq6018.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/qcom/gcc-ipq6018.c b/drivers/clk/qcom/gcc-ipq6018.c
index f9494fa1b8716..2e4189e770d3f 100644
--- a/drivers/clk/qcom/gcc-ipq6018.c
+++ b/drivers/clk/qcom/gcc-ipq6018.c
@@ -1554,6 +1554,7 @@ static struct clk_regmap_div nss_ubi0_div_clk_src = {
static const struct freq_tbl ftbl_pcie_aux_clk_src[] = {
F(24000000, P_XO, 1, 0, 0),
+ { }
};
static const struct clk_parent_data gcc_xo_gpll0_core_pi_sleep_clk[] = {
@@ -1734,6 +1735,7 @@ static const struct freq_tbl ftbl_sdcc_ice_core_clk_src[] = {
F(160000000, P_GPLL0, 5, 0, 0),
F(216000000, P_GPLL6, 5, 0, 0),
F(308570000, P_GPLL6, 3.5, 0, 0),
+ { }
};
static const struct clk_parent_data gcc_xo_gpll0_gpll6_gpll0_div2[] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 068/396] clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 067/396] clk: qcom: gcc-ipq6018: " Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 069/396] clk: qcom: gcc-ipq9574: " Greg Kroah-Hartman
` (339 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit 1040ef5ed95d6fd2628bad387d78a61633e09429 ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
Fixes: 9607f6224b39 ("clk: qcom: ipq8074: add PCIE, USB and SDCC clocks")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-3-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq8074.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c
index b7faf12a511a1..7bc679871f324 100644
--- a/drivers/clk/qcom/gcc-ipq8074.c
+++ b/drivers/clk/qcom/gcc-ipq8074.c
@@ -644,6 +644,7 @@ static struct clk_rcg2 pcie0_axi_clk_src = {
static const struct freq_tbl ftbl_pcie_aux_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
+ { }
};
static const struct clk_parent_data gcc_xo_gpll0_sleep_clk[] = {
@@ -795,6 +796,7 @@ static const struct freq_tbl ftbl_sdcc_ice_core_clk_src[] = {
F(19200000, P_XO, 1, 0, 0),
F(160000000, P_GPLL0, 5, 0, 0),
F(308570000, P_GPLL6, 3.5, 0, 0),
+ { }
};
static const struct clk_parent_data gcc_xo_gpll0_gpll6_gpll0_div2[] = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 069/396] clk: qcom: gcc-ipq9574: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 068/396] clk: qcom: gcc-ipq8074: " Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 070/396] clk: qcom: mmcc-apq8084: " Greg Kroah-Hartman
` (338 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit bd2b6395671d823caa38d8e4d752de2448ae61e1 ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
Fixes: d75b82cff488 ("clk: qcom: Add Global Clock Controller driver for IPQ9574")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-4-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/gcc-ipq9574.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/clk/qcom/gcc-ipq9574.c b/drivers/clk/qcom/gcc-ipq9574.c
index e8190108e1aef..0a3f846695b80 100644
--- a/drivers/clk/qcom/gcc-ipq9574.c
+++ b/drivers/clk/qcom/gcc-ipq9574.c
@@ -2082,6 +2082,7 @@ static struct clk_branch gcc_sdcc1_apps_clk = {
static const struct freq_tbl ftbl_sdcc_ice_core_clk_src[] = {
F(150000000, P_GPLL4, 8, 0, 0),
F(300000000, P_GPLL4, 4, 0, 0),
+ { }
};
static struct clk_rcg2 sdcc1_ice_core_clk_src = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 070/396] clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 069/396] clk: qcom: gcc-ipq9574: " Greg Kroah-Hartman
@ 2024-04-01 15:41 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 071/396] clk: qcom: mmcc-msm8974: " Greg Kroah-Hartman
` (337 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:41 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit a903cfd38d8dee7e754fb89fd1bebed99e28003d ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
Fixes: 2b46cd23a5a2 ("clk: qcom: Add APQ8084 Multimedia Clock Controller (MMCC) support")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-6-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/mmcc-apq8084.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/qcom/mmcc-apq8084.c b/drivers/clk/qcom/mmcc-apq8084.c
index 02fc21208dd14..c89700ab93f9c 100644
--- a/drivers/clk/qcom/mmcc-apq8084.c
+++ b/drivers/clk/qcom/mmcc-apq8084.c
@@ -348,6 +348,7 @@ static struct freq_tbl ftbl_mmss_axi_clk[] = {
F(333430000, P_MMPLL1, 3.5, 0, 0),
F(400000000, P_MMPLL0, 2, 0, 0),
F(466800000, P_MMPLL1, 2.5, 0, 0),
+ { }
};
static struct clk_rcg2 mmss_axi_clk_src = {
@@ -372,6 +373,7 @@ static struct freq_tbl ftbl_ocmemnoc_clk[] = {
F(150000000, P_GPLL0, 4, 0, 0),
F(228570000, P_MMPLL0, 3.5, 0, 0),
F(320000000, P_MMPLL0, 2.5, 0, 0),
+ { }
};
static struct clk_rcg2 ocmemnoc_clk_src = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 071/396] clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2024-04-01 15:41 ` [PATCH 6.6 070/396] clk: qcom: mmcc-apq8084: " Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 072/396] usb: xhci: Add error handling in xhci_map_urb_for_dma Greg Kroah-Hartman
` (336 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabor Juhos, Stephen Boyd,
Bjorn Andersson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gabor Juhos <j4g8y7@gmail.com>
[ Upstream commit e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96 ]
The frequency table arrays are supposed to be terminated with an
empty element. Add such entry to the end of the arrays where it
is missing in order to avoid possible out-of-bound access when
the table is traversed by functions like qcom_find_freq() or
qcom_find_freq_floor().
Only compile tested.
Fixes: d8b212014e69 ("clk: qcom: Add support for MSM8974's multimedia clock controller (MMCC)")
Signed-off-by: Gabor Juhos <j4g8y7@gmail.com>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240229-freq-table-terminator-v1-7-074334f0905c@gmail.com
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clk/qcom/mmcc-msm8974.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/clk/qcom/mmcc-msm8974.c b/drivers/clk/qcom/mmcc-msm8974.c
index 1f3bd302fe6ed..6df22a67f02d3 100644
--- a/drivers/clk/qcom/mmcc-msm8974.c
+++ b/drivers/clk/qcom/mmcc-msm8974.c
@@ -290,6 +290,7 @@ static struct freq_tbl ftbl_mmss_axi_clk[] = {
F(291750000, P_MMPLL1, 4, 0, 0),
F(400000000, P_MMPLL0, 2, 0, 0),
F(466800000, P_MMPLL1, 2.5, 0, 0),
+ { }
};
static struct clk_rcg2 mmss_axi_clk_src = {
@@ -314,6 +315,7 @@ static struct freq_tbl ftbl_ocmemnoc_clk[] = {
F(150000000, P_GPLL0, 4, 0, 0),
F(291750000, P_MMPLL1, 4, 0, 0),
F(400000000, P_MMPLL0, 2, 0, 0),
+ { }
};
static struct clk_rcg2 ocmemnoc_clk_src = {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 072/396] usb: xhci: Add error handling in xhci_map_urb_for_dma
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 071/396] clk: qcom: mmcc-msm8974: " Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 073/396] powerpc/fsl: Fix mfpmr build errors with newer binutils Greg Kroah-Hartman
` (335 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Prashanth K, Mathias Nyman,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prashanth K <quic_prashk@quicinc.com>
[ Upstream commit be95cc6d71dfd0cba66e3621c65413321b398052 ]
Currently xhci_map_urb_for_dma() creates a temporary buffer and copies
the SG list to the new linear buffer. But if the kzalloc_node() fails,
then the following sg_pcopy_to_buffer() can lead to crash since it
tries to memcpy to NULL pointer.
So return -ENOMEM if kzalloc returns null pointer.
Cc: stable@vger.kernel.org # 5.11
Fixes: 2017a1e58472 ("usb: xhci: Use temporary buffer to consolidate SG")
Signed-off-by: Prashanth K <quic_prashk@quicinc.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20240229141438.619372-10-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/host/xhci.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 132b76fa7ca60..c4c733d724bd8 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -1178,6 +1178,8 @@ static int xhci_map_temp_buffer(struct usb_hcd *hcd, struct urb *urb)
temp = kzalloc_node(buf_len, GFP_ATOMIC,
dev_to_node(hcd->self.sysdev));
+ if (!temp)
+ return -ENOMEM;
if (usb_urb_dir_out(urb))
sg_pcopy_to_buffer(urb->sg, urb->num_sgs,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 073/396] powerpc/fsl: Fix mfpmr build errors with newer binutils
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 072/396] usb: xhci: Add error handling in xhci_map_urb_for_dma Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 074/396] USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Greg Kroah-Hartman
` (334 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jan-Benedict Glaw, Michael Ellerman,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit 5f491356b7149564ab22323ccce79c8d595bfd0c ]
Binutils 2.38 complains about the use of mfpmr when building
ppc6xx_defconfig:
CC arch/powerpc/kernel/pmc.o
{standard input}: Assembler messages:
{standard input}:45: Error: unrecognized opcode: `mfpmr'
{standard input}:56: Error: unrecognized opcode: `mtpmr'
This is because by default the kernel is built with -mcpu=powerpc, and
the mt/mfpmr instructions are not defined.
It can be avoided by enabling CONFIG_E300C3_CPU, but just adding that to
the defconfig will leave open the possibility of randconfig failures.
So add machine directives around the mt/mfpmr instructions to tell
binutils how to assemble them.
Cc: stable@vger.kernel.org
Reported-by: Jan-Benedict Glaw <jbglaw@lug-owl.de>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240229122521.762431-3-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/reg_fsl_emb.h | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/include/asm/reg_fsl_emb.h b/arch/powerpc/include/asm/reg_fsl_emb.h
index a21f529c43d96..8359c06d92d9f 100644
--- a/arch/powerpc/include/asm/reg_fsl_emb.h
+++ b/arch/powerpc/include/asm/reg_fsl_emb.h
@@ -12,9 +12,16 @@
#ifndef __ASSEMBLY__
/* Performance Monitor Registers */
#define mfpmr(rn) ({unsigned int rval; \
- asm volatile("mfpmr %0," __stringify(rn) \
+ asm volatile(".machine push; " \
+ ".machine e300; " \
+ "mfpmr %0," __stringify(rn) ";" \
+ ".machine pop; " \
: "=r" (rval)); rval;})
-#define mtpmr(rn, v) asm volatile("mtpmr " __stringify(rn) ",%0" : : "r" (v))
+#define mtpmr(rn, v) asm volatile(".machine push; " \
+ ".machine e300; " \
+ "mtpmr " __stringify(rn) ",%0; " \
+ ".machine pop; " \
+ : : "r" (v))
#endif /* __ASSEMBLY__ */
/* Freescale Book E Performance Monitor APU Registers */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 074/396] USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 073/396] powerpc/fsl: Fix mfpmr build errors with newer binutils Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 075/396] USB: serial: add device ID for VeriFone adapter Greg Kroah-Hartman
` (333 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Vogelbacher, Johan Hovold,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Vogelbacher <daniel@chaospixel.com>
[ Upstream commit 3fb7bc4f3a98c48981318b87cf553c5f115fd5ca ]
The GMC IR-USB adapter cable utilizes a FTDI FT232R chip.
Add VID/PID for this adapter so it can be used as serial device via
ftdi_sio.
Signed-off-by: Daniel Vogelbacher <daniel@chaospixel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/ftdi_sio.c | 2 ++
drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++
2 files changed, 8 insertions(+)
diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c
index 13a56783830df..22d01a0f10fbc 100644
--- a/drivers/usb/serial/ftdi_sio.c
+++ b/drivers/usb/serial/ftdi_sio.c
@@ -1077,6 +1077,8 @@ static const struct usb_device_id id_table_combined[] = {
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
{ USB_DEVICE(FTDI_VID, FTDI_FALCONIA_JTAG_UNBUF_PID),
.driver_info = (kernel_ulong_t)&ftdi_jtag_quirk },
+ /* GMC devices */
+ { USB_DEVICE(GMC_VID, GMC_Z216C_PID) },
{ } /* Terminating entry */
};
diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h
index 21a2b5a25fc09..5ee60ba2a73cd 100644
--- a/drivers/usb/serial/ftdi_sio_ids.h
+++ b/drivers/usb/serial/ftdi_sio_ids.h
@@ -1606,3 +1606,9 @@
#define UBLOX_VID 0x1546
#define UBLOX_C099F9P_ZED_PID 0x0502
#define UBLOX_C099F9P_ODIN_PID 0x0503
+
+/*
+ * GMC devices
+ */
+#define GMC_VID 0x1cd7
+#define GMC_Z216C_PID 0x0217 /* GMC Z216C Adapter IR-USB */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 075/396] USB: serial: add device ID for VeriFone adapter
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 074/396] USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 076/396] USB: serial: cp210x: add ID for MGP Instruments PDS100 Greg Kroah-Hartman
` (332 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Cameron Williams, Johan Hovold,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cameron Williams <cang1@live.co.uk>
[ Upstream commit cda704809797a8a86284f9df3eef5e62ec8a3175 ]
Add device ID for a (probably fake) CP2102 UART device.
lsusb -v output:
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 1.10
bDeviceClass 0 [unknown]
bDeviceSubClass 0 [unknown]
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x11ca VeriFone Inc
idProduct 0x0212 Verifone USB to Printer
bcdDevice 1.00
iManufacturer 1 Silicon Labs
iProduct 2 Verifone USB to Printer
iSerial 3 0001
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 0x0020
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 0
bmAttributes 0x80
(Bus Powered)
MaxPower 100mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0 [unknown]
bInterfaceProtocol 0
iInterface 2 Verifone USB to Printer
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 0
Device Status: 0x0000
(Bus Powered)
Signed-off-by: Cameron Williams <cang1@live.co.uk>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/cp210x.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
index 923e0ed85444b..d339d81f6e8cf 100644
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -177,6 +177,7 @@ static const struct usb_device_id id_table[] = {
{ USB_DEVICE(0x10C4, 0xF004) }, /* Elan Digital Systems USBcount50 */
{ USB_DEVICE(0x10C5, 0xEA61) }, /* Silicon Labs MobiData GPRS USB Modem */
{ USB_DEVICE(0x10CE, 0xEA6A) }, /* Silicon Labs MobiData GPRS USB Modem 100EU */
+ { USB_DEVICE(0x11CA, 0x0212) }, /* Verifone USB to Printer (UART, CP2102) */
{ USB_DEVICE(0x12B8, 0xEC60) }, /* Link G4 ECU */
{ USB_DEVICE(0x12B8, 0xEC62) }, /* Link G4+ ECU */
{ USB_DEVICE(0x13AD, 0x9999) }, /* Baltech card reader */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 076/396] USB: serial: cp210x: add ID for MGP Instruments PDS100
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 075/396] USB: serial: add device ID for VeriFone adapter Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 077/396] USB: serial: option: add MeiG Smart SLM320 product Greg Kroah-Hartman
` (331 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Häggström,
Johan Hovold, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Häggström <christian.haggstrom@orexplore.com>
[ Upstream commit a0d9d868491a362d421521499d98308c8e3a0398 ]
The radiation meter has the text MGP Instruments PDS-100G or PDS-100GN
produced by Mirion Technologies. Tested by forcing the driver
association with
echo 10c4 863c > /sys/bus/usb-serial/drivers/cp210x/new_id
and then setting the serial port in 115200 8N1 mode. The device
announces ID_USB_VENDOR_ENC=Silicon\x20Labs and ID_USB_MODEL_ENC=PDS100
Signed-off-by: Christian Häggström <christian.haggstrom@orexplore.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/cp210x.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
index d339d81f6e8cf..2169b6549a260 100644
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -144,6 +144,7 @@ static const struct usb_device_id id_table[] = {
{ USB_DEVICE(0x10C4, 0x85EA) }, /* AC-Services IBUS-IF */
{ USB_DEVICE(0x10C4, 0x85EB) }, /* AC-Services CIS-IBUS */
{ USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */
+ { USB_DEVICE(0x10C4, 0x863C) }, /* MGP Instruments PDS100 */
{ USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */
{ USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */
{ USB_DEVICE(0x10C4, 0x87ED) }, /* IMST USB-Stick for Smart Meter */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 077/396] USB: serial: option: add MeiG Smart SLM320 product
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 076/396] USB: serial: cp210x: add ID for MGP Instruments PDS100 Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 078/396] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Greg Kroah-Hartman
` (330 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Aurélien Jacobs, Johan Hovold,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aurélien Jacobs <aurel@gnuage.org>
[ Upstream commit 46809c51565b83881aede6cdf3b0d25254966a41 ]
Update the USB serial option driver to support MeiG Smart SLM320.
ID 2dee:4d41 UNISOC UNISOC-8910
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 9 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2dee ProdID=4d41 Rev=00.00
S: Manufacturer=UNISOC
S: Product=UNISOC-8910
C: #Ifs= 8 Cfg#= 1 Atr=e0 MxPwr=400mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 4 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 6 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 7 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=00 Prot=00 Driver=option
E: Ad=08(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Tested successfully a PPP LTE connection using If#= 0.
Not sure of the purpose of every other serial interfaces.
Signed-off-by: Aurélien Jacobs <aurel@gnuage.org>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/option.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
index 2ae124c49d448..55a65d941ccbf 100644
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -613,6 +613,11 @@ static void option_instat_callback(struct urb *urb);
/* Luat Air72*U series based on UNISOC UIS8910 uses UNISOC's vendor ID */
#define LUAT_PRODUCT_AIR720U 0x4e00
+/* MeiG Smart Technology products */
+#define MEIGSMART_VENDOR_ID 0x2dee
+/* MeiG Smart SLM320 based on UNISOC UIS8910 */
+#define MEIGSMART_PRODUCT_SLM320 0x4d41
+
/* Device flags */
/* Highest interface number which can be used with NCTRL() and RSVD() */
@@ -2282,6 +2287,7 @@ static const struct usb_device_id option_ids[] = {
{ USB_DEVICE_AND_INTERFACE_INFO(SIERRA_VENDOR_ID, SIERRA_PRODUCT_EM9191, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, TOZED_PRODUCT_LT70C, 0xff, 0, 0) },
{ USB_DEVICE_AND_INTERFACE_INFO(UNISOC_VENDOR_ID, LUAT_PRODUCT_AIR720U, 0xff, 0, 0) },
+ { USB_DEVICE_AND_INTERFACE_INFO(MEIGSMART_VENDOR_ID, MEIGSMART_PRODUCT_SLM320, 0xff, 0, 0) },
{ } /* Terminating entry */
};
MODULE_DEVICE_TABLE(usb, option_ids);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 078/396] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 077/396] USB: serial: option: add MeiG Smart SLM320 product Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 079/396] USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Greg Kroah-Hartman
` (329 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, David Woodhouse, Paul Durrant,
Sean Christopherson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Woodhouse <dwmw@amazon.co.uk>
[ Upstream commit 8e62bf2bfa46367e14d0ffdcde5aada08759497c ]
Linux guests since commit b1c3497e604d ("x86/xen: Add support for
HVMOP_set_evtchn_upcall_vector") in v6.0 onwards will use the per-vCPU
upcall vector when it's advertised in the Xen CPUID leaves.
This upcall is injected through the guest's local APIC as an MSI, unlike
the older system vector which was merely injected by the hypervisor any
time the CPU was able to receive an interrupt and the upcall_pending
flags is set in its vcpu_info.
Effectively, that makes the per-CPU upcall edge triggered instead of
level triggered, which results in the upcall being lost if the MSI is
delivered when the local APIC is *disabled*.
Xen checks the vcpu_info->evtchn_upcall_pending flag when the local APIC
for a vCPU is software enabled (in fact, on any write to the SPIV
register which doesn't disable the APIC). Do the same in KVM since KVM
doesn't provide a way for userspace to intervene and trap accesses to
the SPIV register of a local APIC emulated by KVM.
Fixes: fde0451be8fb3 ("KVM: x86/xen: Support per-vCPU event channel upcall via local APIC")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240227115648.3104-3-dwmw2@infradead.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kvm/lapic.c | 5 ++++-
arch/x86/kvm/xen.c | 2 +-
arch/x86/kvm/xen.h | 18 ++++++++++++++++++
3 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
index 245b20973caee..23fab75993a51 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -41,6 +41,7 @@
#include "ioapic.h"
#include "trace.h"
#include "x86.h"
+#include "xen.h"
#include "cpuid.h"
#include "hyperv.h"
#include "smm.h"
@@ -499,8 +500,10 @@ static inline void apic_set_spiv(struct kvm_lapic *apic, u32 val)
}
/* Check if there are APF page ready requests pending */
- if (enabled)
+ if (enabled) {
kvm_make_request(KVM_REQ_APF_READY, apic->vcpu);
+ kvm_xen_sw_enable_lapic(apic->vcpu);
+ }
}
static inline void kvm_apic_set_xapic_id(struct kvm_lapic *apic, u8 id)
diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
index 40edf4d1974c5..0ea6016ad132a 100644
--- a/arch/x86/kvm/xen.c
+++ b/arch/x86/kvm/xen.c
@@ -471,7 +471,7 @@ void kvm_xen_update_runstate(struct kvm_vcpu *v, int state)
kvm_xen_update_runstate_guest(v, state == RUNSTATE_runnable);
}
-static void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *v)
+void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *v)
{
struct kvm_lapic_irq irq = { };
int r;
diff --git a/arch/x86/kvm/xen.h b/arch/x86/kvm/xen.h
index f8f1fe22d0906..f5841d9000aeb 100644
--- a/arch/x86/kvm/xen.h
+++ b/arch/x86/kvm/xen.h
@@ -18,6 +18,7 @@ extern struct static_key_false_deferred kvm_xen_enabled;
int __kvm_xen_has_interrupt(struct kvm_vcpu *vcpu);
void kvm_xen_inject_pending_events(struct kvm_vcpu *vcpu);
+void kvm_xen_inject_vcpu_vector(struct kvm_vcpu *vcpu);
int kvm_xen_vcpu_set_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data);
int kvm_xen_vcpu_get_attr(struct kvm_vcpu *vcpu, struct kvm_xen_vcpu_attr *data);
int kvm_xen_hvm_set_attr(struct kvm *kvm, struct kvm_xen_hvm_attr *data);
@@ -36,6 +37,19 @@ int kvm_xen_setup_evtchn(struct kvm *kvm,
const struct kvm_irq_routing_entry *ue);
void kvm_xen_update_tsc_info(struct kvm_vcpu *vcpu);
+static inline void kvm_xen_sw_enable_lapic(struct kvm_vcpu *vcpu)
+{
+ /*
+ * The local APIC is being enabled. If the per-vCPU upcall vector is
+ * set and the vCPU's evtchn_upcall_pending flag is set, inject the
+ * interrupt.
+ */
+ if (static_branch_unlikely(&kvm_xen_enabled.key) &&
+ vcpu->arch.xen.vcpu_info_cache.active &&
+ vcpu->arch.xen.upcall_vector && __kvm_xen_has_interrupt(vcpu))
+ kvm_xen_inject_vcpu_vector(vcpu);
+}
+
static inline bool kvm_xen_msr_enabled(struct kvm *kvm)
{
return static_branch_unlikely(&kvm_xen_enabled.key) &&
@@ -101,6 +115,10 @@ static inline void kvm_xen_destroy_vcpu(struct kvm_vcpu *vcpu)
{
}
+static inline void kvm_xen_sw_enable_lapic(struct kvm_vcpu *vcpu)
+{
+}
+
static inline bool kvm_xen_msr_enabled(struct kvm *kvm)
{
return false;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 079/396] USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 078/396] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 080/396] PM: sleep: wakeirq: fix wake irq warning in system suspend Greg Kroah-Hartman
` (328 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Toru Katagiri, Johan Hovold,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Toru Katagiri <Toru.Katagiri@tdk.com>
[ Upstream commit b1a8da9ff1395c4879b4bd41e55733d944f3d613 ]
TDK NC0110013M and MM0110113M have custom USB IDs for CP210x,
so we need to add them to the driver.
Signed-off-by: Toru Katagiri <Toru.Katagiri@tdk.com>
Cc: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/serial/cp210x.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
index 2169b6549a260..21fd26609252b 100644
--- a/drivers/usb/serial/cp210x.c
+++ b/drivers/usb/serial/cp210x.c
@@ -56,6 +56,8 @@ static const struct usb_device_id id_table[] = {
{ USB_DEVICE(0x0471, 0x066A) }, /* AKTAKOM ACE-1001 cable */
{ USB_DEVICE(0x0489, 0xE000) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
{ USB_DEVICE(0x0489, 0xE003) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
+ { USB_DEVICE(0x04BF, 0x1301) }, /* TDK Corporation NC0110013M - Network Controller */
+ { USB_DEVICE(0x04BF, 0x1303) }, /* TDK Corporation MM0110113M - i3 Micro Module */
{ USB_DEVICE(0x0745, 0x1000) }, /* CipherLab USB CCD Barcode Scanner 1000 */
{ USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */
{ USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 080/396] PM: sleep: wakeirq: fix wake irq warning in system suspend
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 079/396] USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 081/396] mmc: tmio: avoid concurrent runs of mmc_request_done() Greg Kroah-Hartman
` (327 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dhruva Gole, Qingliang Li,
Johan Hovold, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qingliang Li <qingliang.li@mediatek.com>
[ Upstream commit e7a7681c859643f3f2476b2a28a494877fd89442 ]
When driver uses pm_runtime_force_suspend() as the system suspend callback
function and registers the wake irq with reverse enable ordering, the wake
irq will be re-enabled when entering system suspend, triggering an
'Unbalanced enable for IRQ xxx' warning. In this scenario, the call
sequence during system suspend is as follows:
suspend_devices_and_enter()
-> dpm_suspend_start()
-> dpm_run_callback()
-> pm_runtime_force_suspend()
-> dev_pm_enable_wake_irq_check()
-> dev_pm_enable_wake_irq_complete()
-> suspend_enter()
-> dpm_suspend_noirq()
-> device_wakeup_arm_wake_irqs()
-> dev_pm_arm_wake_irq()
To fix this issue, complete the setting of WAKE_IRQ_DEDICATED_ENABLED flag
in dev_pm_enable_wake_irq_complete() to avoid redundant irq enablement.
Fixes: 8527beb12087 ("PM: sleep: wakeirq: fix wake irq arming")
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Signed-off-by: Qingliang Li <qingliang.li@mediatek.com>
Reviewed-by: Johan Hovold <johan+linaro@kernel.org>
Cc: 5.16+ <stable@vger.kernel.org> # 5.16+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/power/wakeirq.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/base/power/wakeirq.c b/drivers/base/power/wakeirq.c
index 42171f766dcba..5a5a9e978e85f 100644
--- a/drivers/base/power/wakeirq.c
+++ b/drivers/base/power/wakeirq.c
@@ -313,8 +313,10 @@ void dev_pm_enable_wake_irq_complete(struct device *dev)
return;
if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED &&
- wirq->status & WAKE_IRQ_DEDICATED_REVERSE)
+ wirq->status & WAKE_IRQ_DEDICATED_REVERSE) {
enable_irq(wirq->irq);
+ wirq->status |= WAKE_IRQ_DEDICATED_ENABLED;
+ }
}
/**
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 081/396] mmc: tmio: avoid concurrent runs of mmc_request_done()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 080/396] PM: sleep: wakeirq: fix wake irq warning in system suspend Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 082/396] fuse: replace remaining make_bad_inode() with fuse_make_bad() Greg Kroah-Hartman
` (326 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dirk Behme, Wolfram Sang,
Ulf Hansson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wolfram Sang <wsa+renesas@sang-engineering.com>
[ Upstream commit e8d1b41e69d72c62865bebe8f441163ec00b3d44 ]
With the to-be-fixed commit, the reset_work handler cleared 'host->mrq'
outside of the spinlock protected critical section. That leaves a small
race window during execution of 'tmio_mmc_reset()' where the done_work
handler could grab a pointer to the now invalid 'host->mrq'. Both would
use it to call mmc_request_done() causing problems (see link below).
However, 'host->mrq' cannot simply be cleared earlier inside the
critical section. That would allow new mrqs to come in asynchronously
while the actual reset of the controller still needs to be done. So,
like 'tmio_mmc_set_ios()', an ERR_PTR is used to prevent new mrqs from
coming in but still avoiding concurrency between work handlers.
Reported-by: Dirk Behme <dirk.behme@de.bosch.com>
Closes: https://lore.kernel.org/all/20240220061356.3001761-1-dirk.behme@de.bosch.com/
Fixes: df3ef2d3c92c ("mmc: protect the tmio_mmc driver against a theoretical race")
Signed-off-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Tested-by: Dirk Behme <dirk.behme@de.bosch.com>
Reviewed-by: Dirk Behme <dirk.behme@de.bosch.com>
Cc: stable@vger.kernel.org # 3.0+
Link: https://lore.kernel.org/r/20240305104423.3177-2-wsa+renesas@sang-engineering.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/host/tmio_mmc_core.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/mmc/host/tmio_mmc_core.c b/drivers/mmc/host/tmio_mmc_core.c
index be7f18fd4836a..c253d176db691 100644
--- a/drivers/mmc/host/tmio_mmc_core.c
+++ b/drivers/mmc/host/tmio_mmc_core.c
@@ -259,6 +259,8 @@ static void tmio_mmc_reset_work(struct work_struct *work)
else
mrq->cmd->error = -ETIMEDOUT;
+ /* No new calls yet, but disallow concurrent tmio_mmc_done_work() */
+ host->mrq = ERR_PTR(-EBUSY);
host->cmd = NULL;
host->data = NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 082/396] fuse: replace remaining make_bad_inode() with fuse_make_bad()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 081/396] mmc: tmio: avoid concurrent runs of mmc_request_done() Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 083/396] fuse: fix root lookup with nonzero generation Greg Kroah-Hartman
` (325 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Miklos Szeredi, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@redhat.com>
[ Upstream commit 82e081aebe4d9c26e196c8260005cc4762b57a5d ]
fuse_do_statx() was added with the wrong helper.
Fixes: d3045530bdd2 ("fuse: implement statx")
Cc: <stable@vger.kernel.org> # v6.6
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/dir.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index d707e6987da91..a4ad01a78e826 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -1210,7 +1210,7 @@ static int fuse_do_statx(struct inode *inode, struct file *file,
if (((sx->mask & STATX_SIZE) && !fuse_valid_size(sx->size)) ||
((sx->mask & STATX_TYPE) && (!fuse_valid_type(sx->mode) ||
inode_wrong_type(inode, sx->mode)))) {
- make_bad_inode(inode);
+ fuse_make_bad(inode);
return -EIO;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 083/396] fuse: fix root lookup with nonzero generation
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 082/396] fuse: replace remaining make_bad_inode() with fuse_make_bad() Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 084/396] fuse: dont unhash root Greg Kroah-Hartman
` (324 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Antonio SJ Musumeci, Miklos Szeredi,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@redhat.com>
[ Upstream commit 68ca1b49e430f6534d0774a94147a823e3b8b26e ]
The root inode has a fixed nodeid and generation (1, 0).
Prior to the commit 15db16837a35 ("fuse: fix illegal access to inode with
reused nodeid") generation number on lookup was ignored. After this commit
lookup with the wrong generation number resulted in the inode being
unhashed. This is correct for non-root inodes, but replacing the root
inode is wrong and results in weird behavior.
Fix by reverting to the old behavior if ignoring the generation for the
root inode, but issuing a warning in dmesg.
Reported-by: Antonio SJ Musumeci <trapexit@spawn.link>
Closes: https://lore.kernel.org/all/CAOQ4uxhek5ytdN8Yz2tNEOg5ea4NkBb4nk0FGPjPk_9nz-VG3g@mail.gmail.com/
Fixes: 15db16837a35 ("fuse: fix illegal access to inode with reused nodeid")
Cc: <stable@vger.kernel.org> # v5.14
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/dir.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index a4ad01a78e826..a8a7fc0e17547 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -391,6 +391,10 @@ int fuse_lookup_name(struct super_block *sb, u64 nodeid, const struct qstr *name
err = -EIO;
if (fuse_invalid_attr(&outarg->attr))
goto out_put_forget;
+ if (outarg->nodeid == FUSE_ROOT_ID && outarg->generation != 0) {
+ pr_warn_once("root generation should be zero\n");
+ outarg->generation = 0;
+ }
*inode = fuse_iget(sb, outarg->nodeid, outarg->generation,
&outarg->attr, ATTR_TIMEOUT(outarg),
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 084/396] fuse: dont unhash root
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 083/396] fuse: fix root lookup with nonzero generation Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 085/396] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Greg Kroah-Hartman
` (323 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Miklos Szeredi, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@redhat.com>
[ Upstream commit b1fe686a765e6c0d71811d825b5a1585a202b777 ]
The root inode is assumed to be always hashed. Do not unhash the root
inode even if it is marked BAD.
Fixes: 5d069dbe8aaf ("fuse: fix bad inode")
Cc: <stable@vger.kernel.org> # v5.11
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/fuse/fuse_i.h | 1 -
fs/fuse/inode.c | 7 +++++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 9377c46f14c4a..3e65cdc946316 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -939,7 +939,6 @@ static inline bool fuse_stale_inode(const struct inode *inode, int generation,
static inline void fuse_make_bad(struct inode *inode)
{
- remove_inode_hash(inode);
set_bit(FUSE_I_BAD, &get_fuse_inode(inode)->state);
}
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 59743813563e5..23ab31b967a13 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -472,8 +472,11 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid,
} else if (fuse_stale_inode(inode, generation, attr)) {
/* nodeid was reused, any I/O on the old inode should fail */
fuse_make_bad(inode);
- iput(inode);
- goto retry;
+ if (inode != d_inode(sb->s_root)) {
+ remove_inode_hash(inode);
+ iput(inode);
+ goto retry;
+ }
}
fi = get_fuse_inode(inode);
spin_lock(&fi->lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 085/396] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 084/396] fuse: dont unhash root Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 086/396] usb: dwc3-am62: fix module unload/reload behavior Greg Kroah-Hartman
` (322 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Benson Leung, Prashant Malani,
Dmitry Baryshkov, Jameson Thies, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jameson Thies <jthies@google.com>
[ Upstream commit 4d0a5a9915793377c0fe1a8d78de6bcd92cea963 ]
Clean up UCSI_CABLE_PROP macros by fixing a bitmask shifting error for
plug type and updating the modal support macro for consistent naming.
Fixes: 3cf657f07918 ("usb: typec: ucsi: Remove all bit-fields")
Cc: stable@vger.kernel.org
Reviewed-by: Benson Leung <bleung@chromium.org>
Reviewed-by: Prashant Malani <pmalani@chromium.org>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Jameson Thies <jthies@google.com>
Link: https://lore.kernel.org/r/20240305025804.1290919-2-jthies@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/typec/ucsi/ucsi.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/typec/ucsi/ucsi.h b/drivers/usb/typec/ucsi/ucsi.h
index 474315a72c770..13ec976b1c747 100644
--- a/drivers/usb/typec/ucsi/ucsi.h
+++ b/drivers/usb/typec/ucsi/ucsi.h
@@ -221,12 +221,12 @@ struct ucsi_cable_property {
#define UCSI_CABLE_PROP_FLAG_VBUS_IN_CABLE BIT(0)
#define UCSI_CABLE_PROP_FLAG_ACTIVE_CABLE BIT(1)
#define UCSI_CABLE_PROP_FLAG_DIRECTIONALITY BIT(2)
-#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) ((_f_) & GENMASK(3, 0))
+#define UCSI_CABLE_PROP_FLAG_PLUG_TYPE(_f_) (((_f_) & GENMASK(4, 3)) >> 3)
#define UCSI_CABLE_PROPERTY_PLUG_TYPE_A 0
#define UCSI_CABLE_PROPERTY_PLUG_TYPE_B 1
#define UCSI_CABLE_PROPERTY_PLUG_TYPE_C 2
#define UCSI_CABLE_PROPERTY_PLUG_OTHER 3
-#define UCSI_CABLE_PROP_MODE_SUPPORT BIT(5)
+#define UCSI_CABLE_PROP_FLAG_MODE_SUPPORT BIT(5)
u8 latency;
} __packed;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 086/396] usb: dwc3-am62: fix module unload/reload behavior
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 085/396] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 087/396] usb: dwc3-am62: Disable wakeup at remove Greg Kroah-Hartman
` (321 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Roger Quadros, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@kernel.org>
[ Upstream commit 6661befe41009c210efa2c1bcd16a5cc4cff8a06 ]
As runtime PM is enabled, the module can be runtime
suspended when .remove() is called.
Do a pm_runtime_get_sync() to make sure module is active
before doing any register operations.
Doing a pm_runtime_put_sync() should disable the refclk
so no need to disable it again.
Fixes the below warning at module removel.
[ 39.705310] ------------[ cut here ]------------
[ 39.710004] clk:162:3 already disabled
[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8
We called of_platform_populate() in .probe() so call the
cleanup function of_platform_depopulate() in .remove().
Get rid of the now unnnecessary dwc3_ti_remove_core().
Without this, module re-load doesn't work properly.
Fixes: e8784c0aec03 ("drivers: usb: dwc3: Add AM62 USB wrapper driver")
Cc: stable@vger.kernel.org # v5.19+
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Link: https://lore.kernel.org/r/20240227-for-v6-9-am62-usb-errata-3-0-v4-1-0ada8ddb0767@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-am62.c | 12 ++----------
1 file changed, 2 insertions(+), 10 deletions(-)
diff --git a/drivers/usb/dwc3/dwc3-am62.c b/drivers/usb/dwc3/dwc3-am62.c
index 90a587bc29b74..f85603b7f7c5e 100644
--- a/drivers/usb/dwc3/dwc3-am62.c
+++ b/drivers/usb/dwc3/dwc3-am62.c
@@ -267,21 +267,14 @@ static int dwc3_ti_probe(struct platform_device *pdev)
return ret;
}
-static int dwc3_ti_remove_core(struct device *dev, void *c)
-{
- struct platform_device *pdev = to_platform_device(dev);
-
- platform_device_unregister(pdev);
- return 0;
-}
-
static void dwc3_ti_remove(struct platform_device *pdev)
{
struct device *dev = &pdev->dev;
struct dwc3_am62 *am62 = platform_get_drvdata(pdev);
u32 reg;
- device_for_each_child(dev, NULL, dwc3_ti_remove_core);
+ pm_runtime_get_sync(dev);
+ of_platform_depopulate(dev);
/* Clear mode valid bit */
reg = dwc3_ti_readl(am62, USBSS_MODE_CONTROL);
@@ -289,7 +282,6 @@ static void dwc3_ti_remove(struct platform_device *pdev)
dwc3_ti_writel(am62, USBSS_MODE_CONTROL, reg);
pm_runtime_put_sync(dev);
- clk_disable_unprepare(am62->usb2_refclk);
pm_runtime_disable(dev);
pm_runtime_set_suspended(dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 087/396] usb: dwc3-am62: Disable wakeup at remove
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 086/396] usb: dwc3-am62: fix module unload/reload behavior Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 088/396] serial: core: only stop transmit when HW fifo is empty Greg Kroah-Hartman
` (320 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Roger Quadros, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Roger Quadros <rogerq@kernel.org>
[ Upstream commit 4ead695e6b3cac06543d7bc7241ab75aee4ea6a6 ]
Disable wakeup at remove.
Fixes the below warnings on module unload and reload.
> dwc3-am62 f900000.dwc3-usb: couldn't enable device as a wakeup source: -17
> dwc3-am62 f910000.dwc3-usb: couldn't enable device as a wakeup source: -17
Fixes: 4e3972b589da ("usb: dwc3-am62: Enable as a wakeup source by default")
Cc: stable@vger.kernel.org # v6.4+
Signed-off-by: Roger Quadros <rogerq@kernel.org>
Link: https://lore.kernel.org/r/20240227-for-v6-9-am62-usb-errata-3-0-v4-2-0ada8ddb0767@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/dwc3/dwc3-am62.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/dwc3/dwc3-am62.c b/drivers/usb/dwc3/dwc3-am62.c
index f85603b7f7c5e..ea6e29091c0c9 100644
--- a/drivers/usb/dwc3/dwc3-am62.c
+++ b/drivers/usb/dwc3/dwc3-am62.c
@@ -274,6 +274,7 @@ static void dwc3_ti_remove(struct platform_device *pdev)
u32 reg;
pm_runtime_get_sync(dev);
+ device_init_wakeup(dev, false);
of_platform_depopulate(dev);
/* Clear mode valid bit */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 088/396] serial: core: only stop transmit when HW fifo is empty
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 087/396] usb: dwc3-am62: Disable wakeup at remove Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 089/396] serial: Lock console when calling into driver before registration Greg Kroah-Hartman
` (319 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jonas Gorski, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonas Gorski <jonas.gorski@gmail.com>
[ Upstream commit 7bfb915a597a301abb892f620fe5c283a9fdbd77 ]
If the circular buffer is empty, it just means we fit all characters to
send into the HW fifo, but not that the hardware finished transmitting
them.
So if we immediately call stop_tx() after that, this may abort any
pending characters in the HW fifo, and cause dropped characters on the
console.
Fix this by only stopping tx when the tx HW fifo is actually empty.
Fixes: 8275b48b2780 ("tty: serial: introduce transmit helpers")
Cc: stable@vger.kernel.org
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Link: https://lore.kernel.org/r/20240303150807.68117-1-jonas.gorski@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/serial_core.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/include/linux/serial_core.h b/include/linux/serial_core.h
index 27a26092493ad..a7d5fa892be26 100644
--- a/include/linux/serial_core.h
+++ b/include/linux/serial_core.h
@@ -786,7 +786,8 @@ enum UART_TX_FLAGS {
if (pending < WAKEUP_CHARS) { \
uart_write_wakeup(__port); \
\
- if (!((flags) & UART_TX_NOSTOP) && pending == 0) \
+ if (!((flags) & UART_TX_NOSTOP) && pending == 0 && \
+ __port->ops->tx_empty(__port)) \
__port->ops->stop_tx(__port); \
} \
\
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 089/396] serial: Lock console when calling into driver before registration
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 088/396] serial: core: only stop transmit when HW fifo is empty Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 090/396] btrfs: qgroup: always free reserved space for extent records Greg Kroah-Hartman
` (318 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Peter Collingbourne, John Ogness,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Collingbourne <pcc@google.com>
[ Upstream commit 801410b26a0e8b8a16f7915b2b55c9528b69ca87 ]
During the handoff from earlycon to the real console driver, we have
two separate drivers operating on the same device concurrently. In the
case of the 8250 driver these concurrent accesses cause problems due
to the driver's use of banked registers, controlled by LCR.DLAB. It is
possible for the setup(), config_port(), pm() and set_mctrl() callbacks
to set DLAB, which can cause the earlycon code that intends to access
TX to instead access DLL, leading to missed output and corruption on
the serial line due to unintended modifications to the baud rate.
In particular, for setup() we have:
univ8250_console_setup()
-> serial8250_console_setup()
-> uart_set_options()
-> serial8250_set_termios()
-> serial8250_do_set_termios()
-> serial8250_do_set_divisor()
For config_port() we have:
serial8250_config_port()
-> autoconfig()
For pm() we have:
serial8250_pm()
-> serial8250_do_pm()
-> serial8250_set_sleep()
For set_mctrl() we have (for some devices):
serial8250_set_mctrl()
-> omap8250_set_mctrl()
-> __omap8250_set_mctrl()
To avoid such problems, let's make it so that the console is locked
during pre-registration calls to these callbacks, which will prevent
the earlycon driver from running concurrently.
Remove the partial solution to this problem in the 8250 driver
that locked the console only during autoconfig_irq(), as this would
result in a deadlock with the new approach. The console continues
to be locked during autoconfig_irq() because it can only be called
through uart_configure_port().
Although this patch introduces more locking than strictly necessary
(and in particular it also locks during the call to rs485_config()
which is not affected by this issue as far as I can tell), it follows
the principle that it is the responsibility of the generic console
code to manage the earlycon handoff by ensuring that earlycon and real
console driver code cannot run concurrently, and not the individual
drivers.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Reviewed-by: John Ogness <john.ogness@linutronix.de>
Link: https://linux-review.googlesource.com/id/I7cf8124dcebf8618e6b2ee543fa5b25532de55d8
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240304214350.501253-1-pcc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/tty/serial/8250/8250_port.c | 6 ------
drivers/tty/serial/serial_core.c | 12 ++++++++++++
kernel/printk/printk.c | 21 ++++++++++++++++++---
3 files changed, 30 insertions(+), 9 deletions(-)
diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c
index 141627370aabc..a17803da83f8c 100644
--- a/drivers/tty/serial/8250/8250_port.c
+++ b/drivers/tty/serial/8250/8250_port.c
@@ -1337,9 +1337,6 @@ static void autoconfig_irq(struct uart_8250_port *up)
inb_p(ICP);
}
- if (uart_console(port))
- console_lock();
-
/* forget possible initially masked and pending IRQ */
probe_irq_off(probe_irq_on());
save_mcr = serial8250_in_MCR(up);
@@ -1379,9 +1376,6 @@ static void autoconfig_irq(struct uart_8250_port *up)
if (port->flags & UPF_FOURPORT)
outb_p(save_ICP, ICP);
- if (uart_console(port))
- console_unlock();
-
port->irq = (irq > 0) ? irq : 0;
}
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index 083ea4de48f9a..4c81210ad9b3a 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -2602,7 +2602,12 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state,
port->type = PORT_UNKNOWN;
flags |= UART_CONFIG_TYPE;
}
+ /* Synchronize with possible boot console. */
+ if (uart_console(port))
+ console_lock();
port->ops->config_port(port, flags);
+ if (uart_console(port))
+ console_unlock();
}
if (port->type != PORT_UNKNOWN) {
@@ -2610,6 +2615,10 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state,
uart_report_port(drv, port);
+ /* Synchronize with possible boot console. */
+ if (uart_console(port))
+ console_lock();
+
/* Power up port for set_mctrl() */
uart_change_pm(state, UART_PM_STATE_ON);
@@ -2626,6 +2635,9 @@ uart_configure_port(struct uart_driver *drv, struct uart_state *state,
uart_rs485_config(port);
+ if (uart_console(port))
+ console_unlock();
+
/*
* If this driver supports console, and it hasn't been
* successfully registered yet, try to re-register it.
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index b67fbae1299fa..c358c04d05162 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -3284,6 +3284,21 @@ static int __init keep_bootcon_setup(char *str)
early_param("keep_bootcon", keep_bootcon_setup);
+static int console_call_setup(struct console *newcon, char *options)
+{
+ int err;
+
+ if (!newcon->setup)
+ return 0;
+
+ /* Synchronize with possible boot console. */
+ console_lock();
+ err = newcon->setup(newcon, options);
+ console_unlock();
+
+ return err;
+}
+
/*
* This is called by register_console() to try to match
* the newly registered console with any of the ones selected
@@ -3319,8 +3334,8 @@ static int try_enable_preferred_console(struct console *newcon,
if (_braille_register_console(newcon, c))
return 0;
- if (newcon->setup &&
- (err = newcon->setup(newcon, c->options)) != 0)
+ err = console_call_setup(newcon, c->options);
+ if (err)
return err;
}
newcon->flags |= CON_ENABLED;
@@ -3346,7 +3361,7 @@ static void try_enable_default_console(struct console *newcon)
if (newcon->index < 0)
newcon->index = 0;
- if (newcon->setup && newcon->setup(newcon, NULL) != 0)
+ if (console_call_setup(newcon, NULL) != 0)
return;
newcon->flags |= CON_ENABLED;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 090/396] btrfs: qgroup: always free reserved space for extent records
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 089/396] serial: Lock console when calling into driver before registration Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 091/396] btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Greg Kroah-Hartman
` (317 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Fabian Vogt, Filipe Manana,
Qu Wenruo, David Sterba, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
[ Upstream commit d139ded8b9cdb897bb9539eb33311daf9a177fd2 ]
[BUG]
If qgroup is marked inconsistent (e.g. caused by operations needing full
subtree rescan, like creating a snapshot and assign to a higher level
qgroup), btrfs would immediately start leaking its data reserved space.
The following script can easily reproduce it:
mkfs.btrfs -O quota -f $dev
mount $dev $mnt
btrfs subvolume create $mnt/subv1
btrfs qgroup create 1/0 $mnt
# This snapshot creation would mark qgroup inconsistent,
# as the ownership involves different higher level qgroup, thus
# we have to rescan both source and snapshot, which can be very
# time consuming, thus here btrfs just choose to mark qgroup
# inconsistent, and let users to determine when to do the rescan.
btrfs subv snapshot -i 1/0 $mnt/subv1 $mnt/snap1
# Now this write would lead to qgroup rsv leak.
xfs_io -f -c "pwrite 0 64k" $mnt/file1
# And at unmount time, btrfs would report 64K DATA rsv space leaked.
umount $mnt
And we would have the following dmesg output for the unmount:
BTRFS info (device dm-1): last unmount of filesystem 14a3d84e-f47b-4f72-b053-a8a36eef74d3
BTRFS warning (device dm-1): qgroup 0/5 has unreleased space, type 0 rsv 65536
[CAUSE]
Since commit e15e9f43c7ca ("btrfs: introduce
BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting"),
we introduce a mode for btrfs qgroup to skip the timing consuming
backref walk, if the qgroup is already inconsistent.
But this skip also covered the data reserved freeing, thus the qgroup
reserved space for each newly created data extent would not be freed,
thus cause the leakage.
[FIX]
Make the data extent reserved space freeing mandatory.
The qgroup reserved space handling is way cheaper compared to the
backref walking part, and we always have the super sensitive leak
detector, thus it's definitely worth to always free the qgroup
reserved data space.
Reported-by: Fabian Vogt <fvogt@suse.com>
Fixes: e15e9f43c7ca ("btrfs: introduce BTRFS_QGROUP_RUNTIME_FLAG_NO_ACCOUNTING to skip qgroup accounting")
CC: stable@vger.kernel.org # 6.1+
Link: https://bugzilla.suse.com/show_bug.cgi?id=1216196
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/qgroup.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/btrfs/qgroup.c b/fs/btrfs/qgroup.c
index 9acdd0f91a5ae..312c7f8853866 100644
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -2833,11 +2833,6 @@ int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans)
ctx.roots = NULL;
}
- /* Free the reserved data space */
- btrfs_qgroup_free_refroot(fs_info,
- record->data_rsv_refroot,
- record->data_rsv,
- BTRFS_QGROUP_RSV_DATA);
/*
* Use BTRFS_SEQ_LAST as time_seq to do special search,
* which doesn't lock tree or delayed_refs and search
@@ -2861,6 +2856,11 @@ int btrfs_qgroup_account_extents(struct btrfs_trans_handle *trans)
record->old_roots = NULL;
new_roots = NULL;
}
+ /* Free the reserved data space */
+ btrfs_qgroup_free_refroot(fs_info,
+ record->data_rsv_refroot,
+ record->data_rsv,
+ BTRFS_QGROUP_RSV_DATA);
cleanup:
ulist_free(record->old_roots);
ulist_free(new_roots);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 091/396] btrfs: fix off-by-one chunk length calculation at contains_pending_extent()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 090/396] btrfs: qgroup: always free reserved space for extent records Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 092/396] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Greg Kroah-Hartman
` (316 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Alex Lyakas, Josef Bacik, Qu Wenruo,
Filipe Manana, David Sterba, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
[ Upstream commit ae6bd7f9b46a29af52ebfac25d395757e2031d0d ]
At contains_pending_extent() the value of the end offset of a chunk we
found in the device's allocation state io tree is inclusive, so when
we calculate the length we pass to the in_range() macro, we must sum
1 to the expression "physical_end - physical_offset".
In practice the wrong calculation should be harmless as chunks sizes
are never 1 byte and we should never have 1 byte ranges of unallocated
space. Nevertheless fix the wrong calculation.
Reported-by: Alex Lyakas <alex.lyakas@zadara.com>
Link: https://lore.kernel.org/linux-btrfs/CAOcd+r30e-f4R-5x-S7sV22RJPe7+pgwherA6xqN2_qe7o4XTg@mail.gmail.com/
Fixes: 1c11b63eff2a ("btrfs: replace pending/pinned chunks lists with io tree")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/volumes.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/btrfs/volumes.c b/fs/btrfs/volumes.c
index 722a1dde75636..36adbb3d096a9 100644
--- a/fs/btrfs/volumes.c
+++ b/fs/btrfs/volumes.c
@@ -1432,7 +1432,7 @@ static bool contains_pending_extent(struct btrfs_device *device, u64 *start,
if (in_range(physical_start, *start, len) ||
in_range(*start, physical_start,
- physical_end - physical_start)) {
+ physical_end + 1 - physical_start)) {
*start = physical_end + 1;
return true;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 092/396] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 091/396] btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 093/396] PCI/PM: Drain runtime-idle callbacks before driver removal Greg Kroah-Hartman
` (315 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nick Morrow, Larry Finger,
Ping-Ke Shih, Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nick Morrow <morrownr@gmail.com>
[ Upstream commit b8a62478f3b143592d1241de1a7f5f8629ad0f49 ]
Add VID/PIDs that are known to be missing for this driver.
Removed /* 8811CU */ and /* 8821CU */ as they are redundant
since the file is specific to those chips.
Removed /* TOTOLINK A650UA v3 */ as the manufacturer. It has a REALTEK
VID so it may not be specific to this adapter.
Verified and tested.
Cc: stable@vger.kernel.org
Signed-off-by: Nick Morrow <morrownr@gmail.com>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/4ume7mjw63u7.XlMUvUuacW2ErhOCdqlLkw2@1EHFQ.trk.elasticemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../net/wireless/realtek/rtw88/rtw8821cu.c | 40 ++++++++++++-------
1 file changed, 26 insertions(+), 14 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw88/rtw8821cu.c b/drivers/net/wireless/realtek/rtw88/rtw8821cu.c
index 7a5cbdc31ef79..e2c7d9f876836 100644
--- a/drivers/net/wireless/realtek/rtw88/rtw8821cu.c
+++ b/drivers/net/wireless/realtek/rtw88/rtw8821cu.c
@@ -9,24 +9,36 @@
#include "usb.h"
static const struct usb_device_id rtw_8821cu_id_table[] = {
- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xb82b, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0x2006, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0x8731, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0x8811, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
{ USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xb820, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc821, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xb82b, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc80c, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc811, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
{ USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc820, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc821, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
{ USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc82a, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
{ USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc82b, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8821CU */
- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc811, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8811CU */
- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0x8811, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* 8811CU */
- { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0x2006, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* TOTOLINK A650UA v3 */
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(RTW_USB_VENDOR_ID_REALTEK, 0xc82c, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) },
+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x331d, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* D-Link */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x7392, 0xc811, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* Edimax */
+ { USB_DEVICE_AND_INTERFACE_INFO(0x7392, 0xd811, 0xff, 0xff, 0xff),
+ .driver_info = (kernel_ulong_t)&(rtw8821c_hw_spec) }, /* Edimax */
{},
};
MODULE_DEVICE_TABLE(usb, rtw_8821cu_id_table);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 093/396] PCI/PM: Drain runtime-idle callbacks before driver removal
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 092/396] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 094/396] PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Greg Kroah-Hartman
` (314 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kai-Heng Feng, Rafael J. Wysocki,
Bjorn Helgaas, Ricky Wu, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
[ Upstream commit 9d5286d4e7f68beab450deddbb6a32edd5ecf4bf ]
A race condition between the .runtime_idle() callback and the .remove()
callback in the rtsx_pcr PCI driver leads to a kernel crash due to an
unhandled page fault [1].
The problem is that rtsx_pci_runtime_idle() is not expected to be running
after pm_runtime_get_sync() has been called, but the latter doesn't really
guarantee that. It only guarantees that the suspend and resume callbacks
will not be running when it returns.
However, if a .runtime_idle() callback is already running when
pm_runtime_get_sync() is called, the latter will notice that the runtime PM
status of the device is RPM_ACTIVE and it will return right away without
waiting for the former to complete. In fact, it cannot wait for
.runtime_idle() to complete because it may be called from that callback (it
arguably does not make much sense to do that, but it is not strictly
prohibited).
Thus in general, whoever is providing a .runtime_idle() callback needs
to protect it from running in parallel with whatever code runs after
pm_runtime_get_sync(). [Note that .runtime_idle() will not start after
pm_runtime_get_sync() has returned, but it may continue running then if it
has started earlier.]
One way to address that race condition is to call pm_runtime_barrier()
after pm_runtime_get_sync() (not before it, because a nonzero value of the
runtime PM usage counter is necessary to prevent runtime PM callbacks from
being invoked) to wait for the .runtime_idle() callback to complete should
it be running at that point. A suitable place for doing that is in
pci_device_remove() which calls pm_runtime_get_sync() before removing the
driver, so it may as well call pm_runtime_barrier() subsequently, which
will prevent the race in question from occurring, not just in the rtsx_pcr
driver, but in any PCI drivers providing .runtime_idle() callbacks.
Link: https://lore.kernel.org/lkml/20240229062201.49500-1-kai.heng.feng@canonical.com/ # [1]
Link: https://lore.kernel.org/r/5761426.DvuYhMxLoT@kreacher
Reported-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Tested-by: Ricky Wu <ricky_wu@realtek.com>
Acked-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pci-driver.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c
index 51ec9e7e784f0..9c59bf03d6579 100644
--- a/drivers/pci/pci-driver.c
+++ b/drivers/pci/pci-driver.c
@@ -473,6 +473,13 @@ static void pci_device_remove(struct device *dev)
if (drv->remove) {
pm_runtime_get_sync(dev);
+ /*
+ * If the driver provides a .runtime_idle() callback and it has
+ * started to run already, it may continue to run in parallel
+ * with the code below, so wait until all of the runtime PM
+ * activity has completed.
+ */
+ pm_runtime_barrier(dev);
drv->remove(pci_dev);
pm_runtime_put_noidle(dev);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 094/396] PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 093/396] PCI/PM: Drain runtime-idle callbacks before driver removal Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 095/396] ACPI: CPPC: Use access_width over bit_width for system memory accesses Greg Kroah-Hartman
` (313 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Niels van Aert, Paul Menzel,
Bjorn Helgaas, Mika Westerberg, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paul Menzel <pmenzel@molgen.mpg.de>
[ Upstream commit 627c6db20703b5d18d928464f411d0d4ec327508 ]
Commit 5459c0b70467 ("PCI/DPC: Quirk PIO log size for certain Intel Root
Ports") and commit 3b8803494a06 ("PCI/DPC: Quirk PIO log size for Intel Ice
Lake Root Ports") add quirks for Ice, Tiger and Alder Lake Root Ports.
System firmware for Raptor Lake still has the bug, so Linux logs the
warning below on several Raptor Lake systems like Dell Precision 3581 with
Intel Raptor Lake processor (0W18NX) system firmware/BIOS version 1.10.1.
pci 0000:00:07.0: [8086:a76e] type 01 class 0x060400
pci 0000:00:07.0: DPC: RP PIO log size 0 is invalid
pci 0000:00:07.1: [8086:a73f] type 01 class 0x060400
pci 0000:00:07.1: DPC: RP PIO log size 0 is invalid
Apply the quirk for Raptor Lake Root Ports as well.
This also enables the DPC driver to dump the RP PIO Log registers when DPC
is triggered.
Link: https://lore.kernel.org/r/20240305113057.56468-1-pmenzel@molgen.mpg.de
Reported-by: Niels van Aert <nvaert1986@hotmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218560
Signed-off-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Cc: <stable@vger.kernel.org>
Cc: Mika Westerberg <mika.westerberg@linux.intel.com>
Cc: Niels van Aert <nvaert1986@hotmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/quirks.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
index 1739fd54a3106..b3976dcb71f10 100644
--- a/drivers/pci/quirks.c
+++ b/drivers/pci/quirks.c
@@ -6219,6 +6219,8 @@ DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2b, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2d, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a2f, dpc_log_size);
DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x9a31, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa73f, dpc_log_size);
+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0xa76e, dpc_log_size);
#endif
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 095/396] ACPI: CPPC: Use access_width over bit_width for system memory accesses
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 094/396] PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 096/396] dm-raid: fix lockdep waring in "pers->hot_add_disk" Greg Kroah-Hartman
` (312 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jarred White, Easwar Hariharan,
Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jarred White <jarredwhite@linux.microsoft.com>
[ Upstream commit 2f4a4d63a193be6fd530d180bb13c3592052904c ]
To align with ACPI 6.3+, since bit_width can be any 8-bit value, it
cannot be depended on to be always on a clean 8b boundary. This was
uncovered on the Cobalt 100 platform.
SError Interrupt on CPU26, code 0xbe000011 -- SError
CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1
Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION
pstate: 62400009 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--)
pc : cppc_get_perf_caps+0xec/0x410
lr : cppc_get_perf_caps+0xe8/0x410
sp : ffff8000155ab730
x29: ffff8000155ab730 x28: ffff0080139d0038 x27: ffff0080139d0078
x26: 0000000000000000 x25: ffff0080139d0058 x24: 00000000ffffffff
x23: ffff0080139d0298 x22: ffff0080139d0278 x21: 0000000000000000
x20: ffff00802b251910 x19: ffff0080139d0000 x18: ffffffffffffffff
x17: 0000000000000000 x16: ffffdc7e111bad04 x15: ffff00802b251008
x14: ffffffffffffffff x13: ffff013f1fd63300 x12: 0000000000000006
x11: ffffdc7e128f4420 x10: 0000000000000000 x9 : ffffdc7e111badec
x8 : ffff00802b251980 x7 : 0000000000000000 x6 : ffff0080139d0028
x5 : 0000000000000000 x4 : ffff0080139d0018 x3 : 00000000ffffffff
x2 : 0000000000000008 x1 : ffff8000155ab7a0 x0 : 0000000000000000
Kernel panic - not syncing: Asynchronous SError Interrupt
CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted
5.15.2.1-13 #1
Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION
Call trace:
dump_backtrace+0x0/0x1e0
show_stack+0x24/0x30
dump_stack_lvl+0x8c/0xb8
dump_stack+0x18/0x34
panic+0x16c/0x384
add_taint+0x0/0xc0
arm64_serror_panic+0x7c/0x90
arm64_is_fatal_ras_serror+0x34/0xa4
do_serror+0x50/0x6c
el1h_64_error_handler+0x40/0x74
el1h_64_error+0x7c/0x80
cppc_get_perf_caps+0xec/0x410
cppc_cpufreq_cpu_init+0x74/0x400 [cppc_cpufreq]
cpufreq_online+0x2dc/0xa30
cpufreq_add_dev+0xc0/0xd4
subsys_interface_register+0x134/0x14c
cpufreq_register_driver+0x1b0/0x354
cppc_cpufreq_init+0x1a8/0x1000 [cppc_cpufreq]
do_one_initcall+0x50/0x250
do_init_module+0x60/0x27c
load_module+0x2300/0x2570
__do_sys_finit_module+0xa8/0x114
__arm64_sys_finit_module+0x2c/0x3c
invoke_syscall+0x78/0x100
el0_svc_common.constprop.0+0x180/0x1a0
do_el0_svc+0x84/0xa0
el0_svc+0x2c/0xc0
el0t_64_sync_handler+0xa4/0x12c
el0t_64_sync+0x1a4/0x1a8
Instead, use access_width to determine the size and use the offset and
width to shift and mask the bits to read/write out. Make sure to add a
check for system memory since pcc redefines the access_width to
subspace id.
If access_width is not set, then fall back to using bit_width.
Signed-off-by: Jarred White <jarredwhite@linux.microsoft.com>
Reviewed-by: Easwar Hariharan <eahariha@linux.microsoft.com>
Cc: 5.15+ <stable@vger.kernel.org> # 5.15+
[ rjw: Subject and changelog edits, comment adjustments ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/acpi/cppc_acpi.c | 31 ++++++++++++++++++++++++++-----
1 file changed, 26 insertions(+), 5 deletions(-)
diff --git a/drivers/acpi/cppc_acpi.c b/drivers/acpi/cppc_acpi.c
index 7ff269a78c208..bcc5d8f5bb5ee 100644
--- a/drivers/acpi/cppc_acpi.c
+++ b/drivers/acpi/cppc_acpi.c
@@ -163,6 +163,13 @@ show_cppc_data(cppc_get_perf_caps, cppc_perf_caps, nominal_freq);
show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, reference_perf);
show_cppc_data(cppc_get_perf_ctrs, cppc_perf_fb_ctrs, wraparound_time);
+/* Check for valid access_width, otherwise, fallback to using bit_width */
+#define GET_BIT_WIDTH(reg) ((reg)->access_width ? (8 << ((reg)->access_width - 1)) : (reg)->bit_width)
+
+/* Shift and apply the mask for CPC reads/writes */
+#define MASK_VAL(reg, val) ((val) >> ((reg)->bit_offset & \
+ GENMASK(((reg)->bit_width), 0)))
+
static ssize_t show_feedback_ctrs(struct kobject *kobj,
struct kobj_attribute *attr, char *buf)
{
@@ -777,6 +784,7 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
} else if (gas_t->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY) {
if (gas_t->address) {
void __iomem *addr;
+ size_t access_width;
if (!osc_cpc_flexible_adr_space_confirmed) {
pr_debug("Flexible address space capability not supported\n");
@@ -784,7 +792,8 @@ int acpi_cppc_processor_probe(struct acpi_processor *pr)
goto out_free;
}
- addr = ioremap(gas_t->address, gas_t->bit_width/8);
+ access_width = GET_BIT_WIDTH(gas_t) / 8;
+ addr = ioremap(gas_t->address, access_width);
if (!addr)
goto out_free;
cpc_ptr->cpc_regs[i-2].sys_mem_vaddr = addr;
@@ -980,6 +989,7 @@ int __weak cpc_write_ffh(int cpunum, struct cpc_reg *reg, u64 val)
static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
{
void __iomem *vaddr = NULL;
+ int size;
int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu);
struct cpc_reg *reg = ®_res->cpc_entry.reg;
@@ -991,7 +1001,7 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
*val = 0;
if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
- u32 width = 8 << (reg->access_width - 1);
+ u32 width = GET_BIT_WIDTH(reg);
u32 val_u32;
acpi_status status;
@@ -1015,7 +1025,9 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
return acpi_os_read_memory((acpi_physical_address)reg->address,
val, reg->bit_width);
- switch (reg->bit_width) {
+ size = GET_BIT_WIDTH(reg);
+
+ switch (size) {
case 8:
*val = readb_relaxed(vaddr);
break;
@@ -1034,18 +1046,22 @@ static int cpc_read(int cpu, struct cpc_register_resource *reg_res, u64 *val)
return -EFAULT;
}
+ if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY)
+ *val = MASK_VAL(reg, *val);
+
return 0;
}
static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
{
int ret_val = 0;
+ int size;
void __iomem *vaddr = NULL;
int pcc_ss_id = per_cpu(cpu_pcc_subspace_idx, cpu);
struct cpc_reg *reg = ®_res->cpc_entry.reg;
if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_IO) {
- u32 width = 8 << (reg->access_width - 1);
+ u32 width = GET_BIT_WIDTH(reg);
acpi_status status;
status = acpi_os_write_port((acpi_io_address)reg->address,
@@ -1067,7 +1083,12 @@ static int cpc_write(int cpu, struct cpc_register_resource *reg_res, u64 val)
return acpi_os_write_memory((acpi_physical_address)reg->address,
val, reg->bit_width);
- switch (reg->bit_width) {
+ size = GET_BIT_WIDTH(reg);
+
+ if (reg->space_id == ACPI_ADR_SPACE_SYSTEM_MEMORY)
+ val = MASK_VAL(reg, val);
+
+ switch (size) {
case 8:
writeb_relaxed(val, vaddr);
break;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 096/396] dm-raid: fix lockdep waring in "pers->hot_add_disk"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 095/396] ACPI: CPPC: Use access_width over bit_width for system memory accesses Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 097/396] powerpc: xor_vmx: Add -mhard-float to CFLAGS Greg Kroah-Hartman
` (311 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Xiao Ni, Mike Snitzer,
Song Liu, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yu Kuai <yukuai3@huawei.com>
[ Upstream commit 95009ae904b1e9dca8db6f649f2d7c18a6e42c75 ]
The lockdep assert is added by commit a448af25becf ("md/raid10: remove
rcu protection to access rdev from conf") in print_conf(). And I didn't
notice that dm-raid is calling "pers->hot_add_disk" without holding
'reconfig_mutex'.
"pers->hot_add_disk" read and write many fields that is protected by
'reconfig_mutex', and raid_resume() already grab the lock in other
contex. Hence fix this problem by protecting "pers->host_add_disk"
with the lock.
Fixes: 9092c02d9435 ("DM RAID: Add ability to restore transiently failed devices on resume")
Fixes: a448af25becf ("md/raid10: remove rcu protection to access rdev from conf")
Cc: stable@vger.kernel.org # v6.7+
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Xiao Ni <xni@redhat.com>
Acked-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20240305072306.2562024-10-yukuai1@huaweicloud.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-raid.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c
index 3d8ee9eb59ea6..385e24f55ec00 100644
--- a/drivers/md/dm-raid.c
+++ b/drivers/md/dm-raid.c
@@ -4042,7 +4042,9 @@ static void raid_resume(struct dm_target *ti)
* Take this opportunity to check whether any failed
* devices are reachable again.
*/
+ mddev_lock_nointr(mddev);
attempt_restore_of_faulty_devices(rs);
+ mddev_unlock(mddev);
}
if (test_and_clear_bit(RT_FLAG_RS_SUSPENDED, &rs->runtime_flags)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 097/396] powerpc: xor_vmx: Add -mhard-float to CFLAGS
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 096/396] dm-raid: fix lockdep waring in "pers->hot_add_disk" Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 098/396] block: Fix page refcounts for unaligned buffers in __bio_release_pages() Greg Kroah-Hartman
` (310 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Michael Ellerman,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 35f20786c481d5ced9283ff42de5c69b65e5ed13 ]
arch/powerpc/lib/xor_vmx.o is built with '-msoft-float' (from the main
powerpc Makefile) and '-maltivec' (from its CFLAGS), which causes an
error when building with clang after a recent change in main:
error: option '-msoft-float' cannot be specified with '-maltivec'
make[6]: *** [scripts/Makefile.build:243: arch/powerpc/lib/xor_vmx.o] Error 1
Explicitly add '-mhard-float' before '-maltivec' in xor_vmx.o's CFLAGS
to override the previous inclusion of '-msoft-float' (as the last option
wins), which matches how other areas of the kernel use '-maltivec', such
as AMDGPU.
Cc: stable@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issues/1986
Link: https://github.com/llvm/llvm-project/commit/4792f912b232141ecba4cbae538873be3c28556c
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240127-ppc-xor_vmx-drop-msoft-float-v1-1-f24140e81376@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/lib/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/lib/Makefile b/arch/powerpc/lib/Makefile
index 6eac63e79a899..0ab65eeb93ee3 100644
--- a/arch/powerpc/lib/Makefile
+++ b/arch/powerpc/lib/Makefile
@@ -76,7 +76,7 @@ obj-$(CONFIG_PPC_LIB_RHEAP) += rheap.o
obj-$(CONFIG_FTR_FIXUP_SELFTEST) += feature-fixups-test.o
obj-$(CONFIG_ALTIVEC) += xor_vmx.o xor_vmx_glue.o
-CFLAGS_xor_vmx.o += -maltivec $(call cc-option,-mabi=altivec)
+CFLAGS_xor_vmx.o += -mhard-float -maltivec $(call cc-option,-mabi=altivec)
# Enable <altivec.h>
CFLAGS_xor_vmx.o += -isystem $(shell $(CC) -print-file-name=include)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 098/396] block: Fix page refcounts for unaligned buffers in __bio_release_pages()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 097/396] powerpc: xor_vmx: Add -mhard-float to CFLAGS Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 099/396] mac802154: fix llsec key resources release in mac802154_llsec_key_del Greg Kroah-Hartman
` (309 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Tony Battersby, Greg Edwards,
Jens Axboe, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tony Battersby <tonyb@cybernetics.com>
[ Upstream commit 38b43539d64b2fa020b3b9a752a986769f87f7a6 ]
Fix an incorrect number of pages being released for buffers that do not
start at the beginning of a page.
Fixes: 1b151e2435fc ("block: Remove special-casing of compound pages")
Cc: stable@vger.kernel.org
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Tested-by: Greg Edwards <gedwards@ddn.com>
Link: https://lore.kernel.org/r/86e592a9-98d4-4cff-a646-0c0084328356@cybernetics.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/bio.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/block/bio.c b/block/bio.c
index 270f6b99926ea..62419aa09d731 100644
--- a/block/bio.c
+++ b/block/bio.c
@@ -1149,7 +1149,7 @@ void __bio_release_pages(struct bio *bio, bool mark_dirty)
bio_for_each_folio_all(fi, bio) {
struct page *page;
- size_t done = 0;
+ size_t nr_pages;
if (mark_dirty) {
folio_lock(fi.folio);
@@ -1157,10 +1157,11 @@ void __bio_release_pages(struct bio *bio, bool mark_dirty)
folio_unlock(fi.folio);
}
page = folio_page(fi.folio, fi.offset / PAGE_SIZE);
+ nr_pages = (fi.offset + fi.length - 1) / PAGE_SIZE -
+ fi.offset / PAGE_SIZE + 1;
do {
bio_release_page(bio, page++);
- done += PAGE_SIZE;
- } while (done < fi.length);
+ } while (--nr_pages != 0);
}
}
EXPORT_SYMBOL_GPL(__bio_release_pages);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 099/396] mac802154: fix llsec key resources release in mac802154_llsec_key_del
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 098/396] block: Fix page refcounts for unaligned buffers in __bio_release_pages() Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff() Greg Kroah-Hartman
` (308 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Alexander Aring,
Stefan Schmidt, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
[ Upstream commit e8a1e58345cf40b7b272e08ac7b32328b2543e40 ]
mac802154_llsec_key_del() can free resources of a key directly without
following the RCU rules for waiting before the end of a grace period. This
may lead to use-after-free in case llsec_lookup_key() is traversing the
list of keys in parallel with a key deletion:
refcount_t: addition on 0; use-after-free.
WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0
Modules linked in:
CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
RIP: 0010:refcount_warn_saturate+0x162/0x2a0
Call Trace:
<TASK>
llsec_lookup_key.isra.0+0x890/0x9e0
mac802154_llsec_encrypt+0x30c/0x9c0
ieee802154_subif_start_xmit+0x24/0x1e0
dev_hard_start_xmit+0x13e/0x690
sch_direct_xmit+0x2ae/0xbc0
__dev_queue_xmit+0x11dd/0x3c20
dgram_sendmsg+0x90b/0xd60
__sys_sendto+0x466/0x4c0
__x64_sys_sendto+0xe0/0x1c0
do_syscall_64+0x45/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0x76
Also, ieee802154_llsec_key_entry structures are not freed by
mac802154_llsec_key_del():
unreferenced object 0xffff8880613b6980 (size 64):
comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s)
hex dump (first 32 bytes):
78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x.......".......
00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................
backtrace:
[<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0
[<ffffffff81c43865>] kmalloc_trace+0x25/0xc0
[<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0
[<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80
[<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0
[<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0
[<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0
[<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440
[<ffffffff86ff1d88>] genl_rcv+0x28/0x40
[<ffffffff86fec15c>] netlink_unicast+0x53c/0x820
[<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60
[<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0
[<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0
[<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0
[<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0
[<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
Handle the proper resource release in the RCU callback function
mac802154_llsec_key_del_rcu().
Note that if llsec_lookup_key() finds a key, it gets a refcount via
llsec_key_get() and locally copies key id from key_entry (which is a
list element). So it's safe to call llsec_key_put() and free the list
entry after the RCU grace period elapses.
Found by Linux Verification Center (linuxtesting.org).
Fixes: 5d637d5aabd8 ("mac802154: add llsec structures and mutators")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Alexander Aring <aahringo@redhat.com>
Message-ID: <20240228163840.6667-1-pchelkin@ispras.ru>
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/cfg802154.h | 1 +
net/mac802154/llsec.c | 18 +++++++++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/include/net/cfg802154.h b/include/net/cfg802154.h
index f79ce133e51a7..519d23941b541 100644
--- a/include/net/cfg802154.h
+++ b/include/net/cfg802154.h
@@ -378,6 +378,7 @@ struct ieee802154_llsec_key {
struct ieee802154_llsec_key_entry {
struct list_head list;
+ struct rcu_head rcu;
struct ieee802154_llsec_key_id id;
struct ieee802154_llsec_key *key;
diff --git a/net/mac802154/llsec.c b/net/mac802154/llsec.c
index 8d2eabc71bbeb..f13b07ebfb98a 100644
--- a/net/mac802154/llsec.c
+++ b/net/mac802154/llsec.c
@@ -265,19 +265,27 @@ int mac802154_llsec_key_add(struct mac802154_llsec *sec,
return -ENOMEM;
}
+static void mac802154_llsec_key_del_rcu(struct rcu_head *rcu)
+{
+ struct ieee802154_llsec_key_entry *pos;
+ struct mac802154_llsec_key *mkey;
+
+ pos = container_of(rcu, struct ieee802154_llsec_key_entry, rcu);
+ mkey = container_of(pos->key, struct mac802154_llsec_key, key);
+
+ llsec_key_put(mkey);
+ kfree_sensitive(pos);
+}
+
int mac802154_llsec_key_del(struct mac802154_llsec *sec,
const struct ieee802154_llsec_key_id *key)
{
struct ieee802154_llsec_key_entry *pos;
list_for_each_entry(pos, &sec->table.keys, list) {
- struct mac802154_llsec_key *mkey;
-
- mkey = container_of(pos->key, struct mac802154_llsec_key, key);
-
if (llsec_key_id_equal(&pos->id, key)) {
list_del_rcu(&pos->list);
- llsec_key_put(mkey);
+ call_rcu(&pos->rcu, mac802154_llsec_key_del_rcu);
return 0;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 099/396] mac802154: fix llsec key resources release in mac802154_llsec_key_del Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-02 7:54 ` Ryan Roberts
2024-04-01 15:42 ` [PATCH 6.6 101/396] mmc: core: Fix switch on gp3 partition Greg Kroah-Hartman
` (307 subsequent siblings)
407 siblings, 1 reply; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ryan Roberts, David Hildenbrand,
Huang, Ying, Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryan Roberts <ryan.roberts@arm.com>
[ Upstream commit 82b1c07a0af603e3c47b906c8e991dc96f01688e ]
There was previously a theoretical window where swapoff() could run and
teardown a swap_info_struct while a call to free_swap_and_cache() was
running in another thread. This could cause, amongst other bad
possibilities, swap_page_trans_huge_swapped() (called by
free_swap_and_cache()) to access the freed memory for swap_map.
This is a theoretical problem and I haven't been able to provoke it from a
test case. But there has been agreement based on code review that this is
possible (see link below).
Fix it by using get_swap_device()/put_swap_device(), which will stall
swapoff(). There was an extra check in _swap_info_get() to confirm that
the swap entry was not free. This isn't present in get_swap_device()
because it doesn't make sense in general due to the race between getting
the reference and swapoff. So I've added an equivalent check directly in
free_swap_and_cache().
Details of how to provoke one possible issue (thanks to David Hildenbrand
for deriving this):
--8<-----
__swap_entry_free() might be the last user and result in
"count == SWAP_HAS_CACHE".
swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0.
So the question is: could someone reclaim the folio and turn
si->inuse_pages==0, before we completed swap_page_trans_huge_swapped().
Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are
still references by swap entries.
Process 1 still references subpage 0 via swap entry.
Process 2 still references subpage 1 via swap entry.
Process 1 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
[then, preempted in the hypervisor etc.]
Process 2 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls
__try_to_reclaim_swap().
__try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->
put_swap_folio()->free_swap_slot()->swapcache_free_entries()->
swap_entry_free()->swap_range_free()->
...
WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
What stops swapoff to succeed after process 2 reclaimed the swap cache
but before process1 finished its call to swap_page_trans_huge_swapped()?
--8<-----
Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com
Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch")
Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redhat.com/
Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: "Huang, Ying" <ying.huang@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/swapfile.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/mm/swapfile.c b/mm/swapfile.c
index 750314fff0c46..eada1351753e3 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -1226,6 +1226,11 @@ static unsigned char __swap_entry_free_locked(struct swap_info_struct *p,
* with get_swap_device() and put_swap_device(), unless the swap
* functions call get/put_swap_device() by themselves.
*
+ * Note that when only holding the PTL, swapoff might succeed immediately
+ * after freeing a swap entry. Therefore, immediately after
+ * __swap_entry_free(), the swap info might become stale and should not
+ * be touched without a prior get_swap_device().
+ *
* Check whether swap entry is valid in the swap device. If so,
* return pointer to swap_info_struct, and keep the swap entry valid
* via preventing the swap device from being swapoff, until
@@ -1603,13 +1608,19 @@ int free_swap_and_cache(swp_entry_t entry)
if (non_swap_entry(entry))
return 1;
- p = _swap_info_get(entry);
+ p = get_swap_device(entry);
if (p) {
+ if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) {
+ put_swap_device(p);
+ return 0;
+ }
+
count = __swap_entry_free(p, entry);
if (count == SWAP_HAS_CACHE &&
!swap_page_trans_huge_swapped(p, entry))
__try_to_reclaim_swap(p, swp_offset(entry),
TTRS_UNMAPPED | TTRS_FULL);
+ put_swap_device(p);
}
return p != NULL;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 101/396] mmc: core: Fix switch on gp3 partition
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff() Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 102/396] Bluetooth: btnxpuart: Fix btnxpuart_close Greg Kroah-Hartman
` (306 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jorge Ramirez-Ortiz,
Dominique Martinet, Linus Walleij, Ulf Hansson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dominique Martinet <dominique.martinet@atmark-techno.com>
[ Upstream commit 4af59a8df5ea930038cd3355e822f5eedf4accc1 ]
Commit e7794c14fd73 ("mmc: rpmb: fixes pause retune on all RPMB
partitions.") added a mask check for 'part_type', but the mask used was
wrong leading to the code intended for rpmb also being executed for GP3.
On some MMCs (but not all) this would make gp3 partition inaccessible:
armadillo:~# head -c 1 < /dev/mmcblk2gp3
head: standard input: I/O error
armadillo:~# dmesg -c
[ 422.976583] mmc2: running CQE recovery
[ 423.058182] mmc2: running CQE recovery
[ 423.137607] mmc2: running CQE recovery
[ 423.137802] blk_update_request: I/O error, dev mmcblk2gp3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 0
[ 423.237125] mmc2: running CQE recovery
[ 423.318206] mmc2: running CQE recovery
[ 423.397680] mmc2: running CQE recovery
[ 423.397837] blk_update_request: I/O error, dev mmcblk2gp3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[ 423.408287] Buffer I/O error on dev mmcblk2gp3, logical block 0, async page read
the part_type values of interest here are defined as follow:
main 0
boot0 1
boot1 2
rpmb 3
gp0 4
gp1 5
gp2 6
gp3 7
so mask with EXT_CSD_PART_CONFIG_ACC_MASK (7) to correctly identify rpmb
Fixes: e7794c14fd73 ("mmc: rpmb: fixes pause retune on all RPMB partitions.")
Cc: stable@vger.kernel.org
Cc: Jorge Ramirez-Ortiz <jorge@foundries.io>
Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Link: https://lore.kernel.org/r/20240306-mmc-partswitch-v1-1-bf116985d950@codewreck.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mmc/core/block.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/drivers/mmc/core/block.c b/drivers/mmc/core/block.c
index 32d49100dff51..86efa6084696e 100644
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -874,10 +874,11 @@ static const struct block_device_operations mmc_bdops = {
static int mmc_blk_part_switch_pre(struct mmc_card *card,
unsigned int part_type)
{
- const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_RPMB;
+ const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_MASK;
+ const unsigned int rpmb = EXT_CSD_PART_CONFIG_ACC_RPMB;
int ret = 0;
- if ((part_type & mask) == mask) {
+ if ((part_type & mask) == rpmb) {
if (card->ext_csd.cmdq_en) {
ret = mmc_cmdq_disable(card);
if (ret)
@@ -892,10 +893,11 @@ static int mmc_blk_part_switch_pre(struct mmc_card *card,
static int mmc_blk_part_switch_post(struct mmc_card *card,
unsigned int part_type)
{
- const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_RPMB;
+ const unsigned int mask = EXT_CSD_PART_CONFIG_ACC_MASK;
+ const unsigned int rpmb = EXT_CSD_PART_CONFIG_ACC_RPMB;
int ret = 0;
- if ((part_type & mask) == mask) {
+ if ((part_type & mask) == rpmb) {
mmc_retune_unpause(card->host);
if (card->reenable_cmdq && !card->ext_csd.cmdq_en)
ret = mmc_cmdq_enable(card);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 102/396] Bluetooth: btnxpuart: Fix btnxpuart_close
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 101/396] mmc: core: Fix switch on gp3 partition Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 103/396] leds: trigger: netdev: Fix kernel panic on interface rename trig notify Greg Kroah-Hartman
` (305 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marcel Ziswiler, Neeraj Sanjay Kale,
Francesco Dolcini, Luiz Augusto von Dentz, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marcel Ziswiler <marcel.ziswiler@toradex.com>
[ Upstream commit 664130c0b0309b360bc5bdd40a30604a9387bde8 ]
Fix scheduling while atomic BUG in btnxpuart_close(), properly
purge the transmit queue and free the receive skb.
[ 10.973809] BUG: scheduling while atomic: kworker/u9:0/80/0x00000002
...
[ 10.980740] CPU: 3 PID: 80 Comm: kworker/u9:0 Not tainted 6.8.0-rc7-0.0.0-devel-00005-g61fdfceacf09 #1
[ 10.980751] Hardware name: Toradex Verdin AM62 WB on Dahlia Board (DT)
[ 10.980760] Workqueue: hci0 hci_power_off [bluetooth]
[ 10.981169] Call trace:
...
[ 10.981363] uart_update_mctrl+0x58/0x78
[ 10.981373] uart_dtr_rts+0x104/0x114
[ 10.981381] tty_port_shutdown+0xd4/0xdc
[ 10.981396] tty_port_close+0x40/0xbc
[ 10.981407] uart_close+0x34/0x9c
[ 10.981414] ttyport_close+0x50/0x94
[ 10.981430] serdev_device_close+0x40/0x50
[ 10.981442] btnxpuart_close+0x24/0x98 [btnxpuart]
[ 10.981469] hci_dev_close_sync+0x2d8/0x718 [bluetooth]
[ 10.981728] hci_dev_do_close+0x2c/0x70 [bluetooth]
[ 10.981862] hci_power_off+0x20/0x64 [bluetooth]
Fixes: 689ca16e5232 ("Bluetooth: NXP: Add protocol support for NXP Bluetooth chipsets")
Cc: stable@vger.kernel.org
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Reviewed-by: Neeraj Sanjay Kale <neeraj.sanjaykale@nxp.com>
Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bluetooth/btnxpuart.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/bluetooth/btnxpuart.c b/drivers/bluetooth/btnxpuart.c
index 951fe3014a3f3..abccd571cf3ee 100644
--- a/drivers/bluetooth/btnxpuart.c
+++ b/drivers/bluetooth/btnxpuart.c
@@ -1234,6 +1234,9 @@ static int btnxpuart_close(struct hci_dev *hdev)
ps_wakeup(nxpdev);
serdev_device_close(nxpdev->serdev);
+ skb_queue_purge(&nxpdev->txq);
+ kfree_skb(nxpdev->rx_skb);
+ nxpdev->rx_skb = NULL;
clear_bit(BTNXPUART_SERDEV_OPEN, &nxpdev->tx_state);
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 103/396] leds: trigger: netdev: Fix kernel panic on interface rename trig notify
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 102/396] Bluetooth: btnxpuart: Fix btnxpuart_close Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 104/396] drm/etnaviv: Restore some id values Greg Kroah-Hartman
` (304 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Marangi, Andrew Lunn,
Lee Jones, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Marangi <ansuelsmth@gmail.com>
[ Upstream commit 415798bc07dd1c1ae3a656aa026580816e0b9fe8 ]
Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link
speed mode") in the various changes, reworked the way to set the LINKUP
mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck
NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function.
This changed the logic where, in the previous implementation the dev
from the trigger event was used to check if the carrier was ok, but in
the new implementation with the generic function, the dev in
trigger_data is used instead.
This is problematic and cause a possible kernel panic due to the fact
that the dev in the trigger_data still reference the old one as the
new one (passed from the trigger event) still has to be hold and saved
in the trigger_data struct (done in the NETDEV_REGISTER case).
On calling of get_device_state(), an invalid net_dev is used and this
cause a kernel panic.
To handle this correctly, move the call to get_device_state() after the
new net_dev is correctly set in trigger_data (in the NETDEV_REGISTER
case) and correctly parse the new dev.
Fixes: d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Link: https://lore.kernel.org/r/20240203235413.1146-1-ansuelsmth@gmail.com
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/leds/trigger/ledtrig-netdev.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/leds/trigger/ledtrig-netdev.c b/drivers/leds/trigger/ledtrig-netdev.c
index d76214fa9ad86..79719fc8a08fb 100644
--- a/drivers/leds/trigger/ledtrig-netdev.c
+++ b/drivers/leds/trigger/ledtrig-netdev.c
@@ -462,12 +462,12 @@ static int netdev_trig_notify(struct notifier_block *nb,
trigger_data->duplex = DUPLEX_UNKNOWN;
switch (evt) {
case NETDEV_CHANGENAME:
- get_device_state(trigger_data);
- fallthrough;
case NETDEV_REGISTER:
dev_put(trigger_data->net_dev);
dev_hold(dev);
trigger_data->net_dev = dev;
+ if (evt == NETDEV_CHANGENAME)
+ get_device_state(trigger_data);
break;
case NETDEV_UNREGISTER:
dev_put(trigger_data->net_dev);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 104/396] drm/etnaviv: Restore some id values
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 103/396] leds: trigger: netdev: Fix kernel panic on interface rename trig notify Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 105/396] landlock: Warn once if a Landlock action is requested while disabled Greg Kroah-Hartman
` (303 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian Gmeiner, Tomeu Vizoso,
Lucas Stach, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Gmeiner <cgmeiner@igalia.com>
[ Upstream commit b735ee173f84d5d0d0733c53946a83c12d770d05 ]
The hwdb selection logic as a feature that allows it to mark some fields
as 'don't care'. If we match with such a field we memcpy(..)
the current etnaviv_chip_identity into ident.
This step can overwrite some id values read from the GPU with the
'don't care' value.
Fix this issue by restoring the affected values after the memcpy(..).
As this is crucial for user space to know when this feature works as
expected increment the minor version too.
Fixes: 4078a1186dd3 ("drm/etnaviv: update hwdb selection logic")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Gmeiner <cgmeiner@igalia.com>
Reviewed-by: Tomeu Vizoso <tomeu@tomeuvizoso.net>
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/etnaviv/etnaviv_drv.c | 2 +-
drivers/gpu/drm/etnaviv/etnaviv_hwdb.c | 9 +++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_drv.c b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
index a8d3fa81e4ec5..f9bc837e22bdd 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_drv.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_drv.c
@@ -494,7 +494,7 @@ static const struct drm_driver etnaviv_drm_driver = {
.desc = "etnaviv DRM",
.date = "20151214",
.major = 1,
- .minor = 3,
+ .minor = 4,
};
/*
diff --git a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c
index 67201242438be..8665f2658d51b 100644
--- a/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c
+++ b/drivers/gpu/drm/etnaviv/etnaviv_hwdb.c
@@ -265,6 +265,9 @@ static const struct etnaviv_chip_identity etnaviv_chip_identities[] = {
bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu)
{
struct etnaviv_chip_identity *ident = &gpu->identity;
+ const u32 product_id = ident->product_id;
+ const u32 customer_id = ident->customer_id;
+ const u32 eco_id = ident->eco_id;
int i;
for (i = 0; i < ARRAY_SIZE(etnaviv_chip_identities); i++) {
@@ -278,6 +281,12 @@ bool etnaviv_fill_identity_from_hwdb(struct etnaviv_gpu *gpu)
etnaviv_chip_identities[i].eco_id == ~0U)) {
memcpy(ident, &etnaviv_chip_identities[i],
sizeof(*ident));
+
+ /* Restore some id values as ~0U aka 'don't care' might been used. */
+ ident->product_id = product_id;
+ ident->customer_id = customer_id;
+ ident->eco_id = eco_id;
+
return true;
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 105/396] landlock: Warn once if a Landlock action is requested while disabled
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 104/396] drm/etnaviv: Restore some id values Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 106/396] hwmon: (amc6821) add of_match table Greg Kroah-Hartman
` (302 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kees Cook, Günther Noack,
Mickaël Salaün, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mickaël Salaün <mic@digikod.net>
[ Upstream commit 782191c74875cc33b50263e21d76080b1411884d ]
Because sandboxing can be used as an opportunistic security measure,
user space may not log unsupported features. Let the system
administrator know if an application tries to use Landlock but failed
because it isn't enabled at boot time. This may be caused by boot
loader configurations with outdated "lsm" kernel's command-line
parameter.
Cc: stable@vger.kernel.org
Fixes: 265885daf3e5 ("landlock: Add syscall implementations")
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Günther Noack <gnoack3000@gmail.com>
Link: https://lore.kernel.org/r/20240227110550.3702236-2-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/landlock/syscalls.c | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 245cc650a4dc9..336bedaa3af68 100644
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -32,6 +32,18 @@
#include "ruleset.h"
#include "setup.h"
+static bool is_initialized(void)
+{
+ if (likely(landlock_initialized))
+ return true;
+
+ pr_warn_once(
+ "Disabled but requested by user space. "
+ "You should enable Landlock at boot time: "
+ "https://docs.kernel.org/userspace-api/landlock.html#boot-time-configuration\n");
+ return false;
+}
+
/**
* copy_min_struct_from_user - Safe future-proof argument copying
*
@@ -165,7 +177,7 @@ SYSCALL_DEFINE3(landlock_create_ruleset,
/* Build-time checks. */
build_check_abi();
- if (!landlock_initialized)
+ if (!is_initialized())
return -EOPNOTSUPP;
if (flags) {
@@ -311,7 +323,7 @@ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd,
struct landlock_ruleset *ruleset;
int res, err;
- if (!landlock_initialized)
+ if (!is_initialized())
return -EOPNOTSUPP;
/* No flag for now. */
@@ -402,7 +414,7 @@ SYSCALL_DEFINE2(landlock_restrict_self, const int, ruleset_fd, const __u32,
struct landlock_cred_security *new_llcred;
int err;
- if (!landlock_initialized)
+ if (!is_initialized())
return -EOPNOTSUPP;
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 106/396] hwmon: (amc6821) add of_match table
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 105/396] landlock: Warn once if a Landlock action is requested while disabled Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 107/396] ext4: fix corruption during on-line resize Greg Kroah-Hartman
` (301 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Josua Mayer, Guenter Roeck,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josua Mayer <josua@solid-run.com>
[ Upstream commit 3f003fda98a7a8d5f399057d92e6ed56b468657c ]
Add of_match table for "ti,amc6821" compatible string.
This fixes automatic driver loading by userspace when using device-tree,
and if built as a module like major linux distributions do.
While devices probe just fine with i2c_device_id table, userspace can't
match the "ti,amc6821" compatible string from dt with the plain
"amc6821" device id. As a result, the kernel module can not be loaded.
Cc: stable@vger.kernel.org
Signed-off-by: Josua Mayer <josua@solid-run.com>
Link: https://lore.kernel.org/r/20240307-amc6821-of-match-v1-1-5f40464a3110@solid-run.com
[groeck: Cleaned up patch description]
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/hwmon/amc6821.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/hwmon/amc6821.c b/drivers/hwmon/amc6821.c
index 2a7a4b6b00942..9b02b304c2f5d 100644
--- a/drivers/hwmon/amc6821.c
+++ b/drivers/hwmon/amc6821.c
@@ -934,10 +934,21 @@ static const struct i2c_device_id amc6821_id[] = {
MODULE_DEVICE_TABLE(i2c, amc6821_id);
+static const struct of_device_id __maybe_unused amc6821_of_match[] = {
+ {
+ .compatible = "ti,amc6821",
+ .data = (void *)amc6821,
+ },
+ { }
+};
+
+MODULE_DEVICE_TABLE(of, amc6821_of_match);
+
static struct i2c_driver amc6821_driver = {
.class = I2C_CLASS_HWMON,
.driver = {
.name = "amc6821",
+ .of_match_table = of_match_ptr(amc6821_of_match),
},
.probe = amc6821_probe,
.id_table = amc6821_id,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 107/396] ext4: fix corruption during on-line resize
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 106/396] hwmon: (amc6821) add of_match table Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 108/396] nvmem: meson-efuse: fix function pointer type mismatch Greg Kroah-Hartman
` (300 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Maximilian Heyne, Srivathsa Dara,
Theodore Tso, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maximilian Heyne <mheyne@amazon.de>
[ Upstream commit a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc ]
We observed a corruption during on-line resize of a file system that is
larger than 16 TiB with 4k block size. With having more then 2^32 blocks
resize_inode is turned off by default by mke2fs. The issue can be
reproduced on a smaller file system for convenience by explicitly
turning off resize_inode. An on-line resize across an 8 GiB boundary (the
size of a meta block group in this setup) then leads to a corruption:
dev=/dev/<some_dev> # should be >= 16 GiB
mkdir -p /corruption
/sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))
mount -t ext4 $dev /corruption
dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))
sha1sum /corruption/test
# 79d2658b39dcfd77274e435b0934028adafaab11 /corruption/test
/sbin/resize2fs $dev $((2*2**21))
# drop page cache to force reload the block from disk
echo 1 > /proc/sys/vm/drop_caches
sha1sum /corruption/test
# 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3 /corruption/test
2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per
block group and 2^6 are the number of block groups that make a meta
block group.
The last checksum might be different depending on how the file is laid
out across the physical blocks. The actual corruption occurs at physical
block 63*2^15 = 2064384 which would be the location of the backup of the
meta block group's block descriptor. During the on-line resize the file
system will be converted to meta_bg starting at s_first_meta_bg which is
2 in the example - meaning all block groups after 16 GiB. However, in
ext4_flex_group_add we might add block groups that are not part of the
first meta block group yet. In the reproducer we achieved this by
substracting the size of a whole block group from the point where the
meta block group would start. This must be considered when updating the
backup block group descriptors to follow the non-meta_bg layout. The fix
is to add a test whether the group to add is already part of the meta
block group or not.
Fixes: 01f795f9e0d67 ("ext4: add online resizing support for meta_bg and 64-bit file systems")
Cc: <stable@vger.kernel.org>
Signed-off-by: Maximilian Heyne <mheyne@amazon.de>
Tested-by: Srivathsa Dara <srivathsa.d.dara@oracle.com>
Reviewed-by: Srivathsa Dara <srivathsa.d.dara@oracle.com>
Link: https://lore.kernel.org/r/20240215155009.94493-1-mheyne@amazon.de
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/ext4/resize.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index be280268da9fe..5f105171df7b5 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1605,7 +1605,8 @@ static int ext4_flex_group_add(struct super_block *sb,
int gdb_num = group / EXT4_DESC_PER_BLOCK(sb);
int gdb_num_end = ((group + flex_gd->count - 1) /
EXT4_DESC_PER_BLOCK(sb));
- int meta_bg = ext4_has_feature_meta_bg(sb);
+ int meta_bg = ext4_has_feature_meta_bg(sb) &&
+ gdb_num >= le32_to_cpu(es->s_first_meta_bg);
sector_t padding_blocks = meta_bg ? 0 : sbi->s_sbh->b_blocknr -
ext4_group_first_block_no(sb, 0);
sector_t old_gdb = 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 108/396] nvmem: meson-efuse: fix function pointer type mismatch
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 107/396] ext4: fix corruption during on-line resize Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 109/396] slimbus: core: Remove usage of the deprecated ida_simple_xx() API Greg Kroah-Hartman
` (299 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Stable, Arnd Bergmann, Jerome Brunet,
Martin Blumenstingl, Justin Stitt, Srinivas Kandagatla,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jerome Brunet <jbrunet@baylibre.com>
[ Upstream commit cbd38332c140829ab752ba4e727f98be5c257f18 ]
clang-16 warns about casting functions to incompatible types, as is done
here to call clk_disable_unprepare:
drivers/nvmem/meson-efuse.c:78:12: error: cast from 'void (*)(struct clk *)' to 'void (*)(void *)' converts to incompatible function type [-Werror,-Wcast-function-type-strict]
78 | (void(*)(void *))clk_disable_unprepare,
The pattern of getting, enabling and setting a disable callback for a
clock can be replaced with devm_clk_get_enabled(), which also fixes
this warning.
Fixes: 611fbca1c861 ("nvmem: meson-efuse: add peripheral clock")
Cc: Stable@vger.kernel.org
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Jerome Brunet <jbrunet@baylibre.com>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Justin Stitt <justinstitt@google.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20240224114023.85535-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/nvmem/meson-efuse.c | 25 +++----------------------
1 file changed, 3 insertions(+), 22 deletions(-)
diff --git a/drivers/nvmem/meson-efuse.c b/drivers/nvmem/meson-efuse.c
index d6b533497ce1a..ba2714bef8d0e 100644
--- a/drivers/nvmem/meson-efuse.c
+++ b/drivers/nvmem/meson-efuse.c
@@ -47,7 +47,6 @@ static int meson_efuse_probe(struct platform_device *pdev)
struct nvmem_config *econfig;
struct clk *clk;
unsigned int size;
- int ret;
sm_np = of_parse_phandle(pdev->dev.of_node, "secure-monitor", 0);
if (!sm_np) {
@@ -60,27 +59,9 @@ static int meson_efuse_probe(struct platform_device *pdev)
if (!fw)
return -EPROBE_DEFER;
- clk = devm_clk_get(dev, NULL);
- if (IS_ERR(clk)) {
- ret = PTR_ERR(clk);
- if (ret != -EPROBE_DEFER)
- dev_err(dev, "failed to get efuse gate");
- return ret;
- }
-
- ret = clk_prepare_enable(clk);
- if (ret) {
- dev_err(dev, "failed to enable gate");
- return ret;
- }
-
- ret = devm_add_action_or_reset(dev,
- (void(*)(void *))clk_disable_unprepare,
- clk);
- if (ret) {
- dev_err(dev, "failed to add disable callback");
- return ret;
- }
+ clk = devm_clk_get_enabled(dev, NULL);
+ if (IS_ERR(clk))
+ return dev_err_probe(dev, PTR_ERR(clk), "failed to get efuse gate");
if (meson_sm_call(fw, SM_EFUSE_USER_MAX, &size, 0, 0, 0, 0, 0) < 0) {
dev_err(dev, "failed to get max user");
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 109/396] slimbus: core: Remove usage of the deprecated ida_simple_xx() API
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 108/396] nvmem: meson-efuse: fix function pointer type mismatch Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 110/396] phy: tegra: xusb: Add API to retrieve the port number of phy Greg Kroah-Hartman
` (298 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Stable, Christophe JAILLET,
Srinivas Kandagatla, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
[ Upstream commit 89ffa4cccec54467446f141a79b9e36893079fb8 ]
ida_alloc() and ida_free() should be preferred to the deprecated
ida_simple_get() and ida_simple_remove().
Note that the upper limit of ida_simple_get() is exclusive, but the one of
ida_alloc_range() is inclusive. So change this change allows one more
device. Previously address 0xFE was never used.
Fixes: 46a2bb5a7f7e ("slimbus: core: Add slim controllers support")
Cc: Stable@vger.kernel.org
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20240224114137.85781-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/slimbus/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/slimbus/core.c b/drivers/slimbus/core.c
index d43873bb5fe6d..01cbd46219810 100644
--- a/drivers/slimbus/core.c
+++ b/drivers/slimbus/core.c
@@ -436,8 +436,8 @@ static int slim_device_alloc_laddr(struct slim_device *sbdev,
if (ret < 0)
goto err;
} else if (report_present) {
- ret = ida_simple_get(&ctrl->laddr_ida,
- 0, SLIM_LA_MANAGER - 1, GFP_KERNEL);
+ ret = ida_alloc_max(&ctrl->laddr_ida,
+ SLIM_LA_MANAGER - 1, GFP_KERNEL);
if (ret < 0)
goto err;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 110/396] phy: tegra: xusb: Add API to retrieve the port number of phy
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 109/396] slimbus: core: Remove usage of the deprecated ida_simple_xx() API Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 111/396] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Greg Kroah-Hartman
` (297 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Wayne Chang, Jon Hunter, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wayne Chang <waynec@nvidia.com>
[ Upstream commit d843f031d9e90462253015bc0bd9e3852d206bf2 ]
This patch introduces a new API, tegra_xusb_padctl_get_port_number,
to the Tegra XUSB Pad Controller driver. This API is used to identify
the USB port that is associated with a given PHY.
The function takes a PHY pointer for either a USB2 PHY or USB3 PHY as input
and returns the corresponding port number. If the PHY pointer is invalid,
it returns -ENODEV.
Cc: stable@vger.kernel.org
Signed-off-by: Wayne Chang <waynec@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20240307030328.1487748-2-waynec@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/phy/tegra/xusb.c | 13 +++++++++++++
include/linux/phy/tegra/xusb.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/drivers/phy/tegra/xusb.c b/drivers/phy/tegra/xusb.c
index 142ebe0247cc0..983a6e6173bd2 100644
--- a/drivers/phy/tegra/xusb.c
+++ b/drivers/phy/tegra/xusb.c
@@ -1531,6 +1531,19 @@ int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl,
}
EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_usb3_companion);
+int tegra_xusb_padctl_get_port_number(struct phy *phy)
+{
+ struct tegra_xusb_lane *lane;
+
+ if (!phy)
+ return -ENODEV;
+
+ lane = phy_get_drvdata(phy);
+
+ return lane->index;
+}
+EXPORT_SYMBOL_GPL(tegra_xusb_padctl_get_port_number);
+
MODULE_AUTHOR("Thierry Reding <treding@nvidia.com>");
MODULE_DESCRIPTION("Tegra XUSB Pad Controller driver");
MODULE_LICENSE("GPL v2");
diff --git a/include/linux/phy/tegra/xusb.h b/include/linux/phy/tegra/xusb.h
index 70998e6dd6fdc..6ca51e0080ec0 100644
--- a/include/linux/phy/tegra/xusb.h
+++ b/include/linux/phy/tegra/xusb.h
@@ -26,6 +26,7 @@ void tegra_phy_xusb_utmi_pad_power_down(struct phy *phy);
int tegra_phy_xusb_utmi_port_reset(struct phy *phy);
int tegra_xusb_padctl_get_usb3_companion(struct tegra_xusb_padctl *padctl,
unsigned int port);
+int tegra_xusb_padctl_get_port_number(struct phy *phy);
int tegra_xusb_padctl_enable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy,
enum usb_device_speed speed);
int tegra_xusb_padctl_disable_phy_sleepwalk(struct tegra_xusb_padctl *padctl, struct phy *phy);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 111/396] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 110/396] phy: tegra: xusb: Add API to retrieve the port number of phy Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 112/396] speakup: Fix 8bit characters from direct synth Greg Kroah-Hartman
` (296 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Wayne Chang, Jon Hunter, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Wayne Chang <waynec@nvidia.com>
[ Upstream commit 84fa943d93c31ee978355e6c6c69592dae3c9f59 ]
This commit resolves an issue in the tegra-xudc USB gadget driver that
incorrectly fetched USB3 PHY instances. The problem stemmed from the
assumption of a one-to-one correspondence between USB2 and USB3 PHY
names and their association with physical USB ports in the device tree.
Previously, the driver associated USB3 PHY names directly with the USB3
instance number, leading to mismatches when mapping the physical USB
ports. For instance, if using USB3-1 PHY, the driver expect the
corresponding PHY name as 'usb3-1'. However, the physical USB ports in
the device tree were designated as USB2-0 and USB3-0 as we only have
one device controller, causing a misalignment.
This commit rectifies the issue by adjusting the PHY naming logic.
Now, the driver correctly correlates the USB2 and USB3 PHY instances,
allowing the USB2-0 and USB3-1 PHYs to form a physical USB port pair
while accurately reflecting their configuration in the device tree by
naming them USB2-0 and USB3-0, respectively.
The change ensures that the PHY and PHY names align appropriately,
resolving the mismatch between physical USB ports and their associated
names in the device tree.
Fixes: b4e19931c98a ("usb: gadget: tegra-xudc: Support multiple device modes")
Cc: stable@vger.kernel.org
Signed-off-by: Wayne Chang <waynec@nvidia.com>
Reviewed-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Link: https://lore.kernel.org/r/20240307030328.1487748-3-waynec@nvidia.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/usb/gadget/udc/tegra-xudc.c | 39 ++++++++++++++++++-----------
1 file changed, 25 insertions(+), 14 deletions(-)
diff --git a/drivers/usb/gadget/udc/tegra-xudc.c b/drivers/usb/gadget/udc/tegra-xudc.c
index cb85168fd00c2..7aa46d426f31b 100644
--- a/drivers/usb/gadget/udc/tegra-xudc.c
+++ b/drivers/usb/gadget/udc/tegra-xudc.c
@@ -3491,8 +3491,8 @@ static void tegra_xudc_device_params_init(struct tegra_xudc *xudc)
static int tegra_xudc_phy_get(struct tegra_xudc *xudc)
{
- int err = 0, usb3;
- unsigned int i;
+ int err = 0, usb3_companion_port;
+ unsigned int i, j;
xudc->utmi_phy = devm_kcalloc(xudc->dev, xudc->soc->num_phys,
sizeof(*xudc->utmi_phy), GFP_KERNEL);
@@ -3520,7 +3520,7 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc)
if (IS_ERR(xudc->utmi_phy[i])) {
err = PTR_ERR(xudc->utmi_phy[i]);
dev_err_probe(xudc->dev, err,
- "failed to get usb2-%d PHY\n", i);
+ "failed to get PHY for phy-name usb2-%d\n", i);
goto clean_up;
} else if (xudc->utmi_phy[i]) {
/* Get usb-phy, if utmi phy is available */
@@ -3539,19 +3539,30 @@ static int tegra_xudc_phy_get(struct tegra_xudc *xudc)
}
/* Get USB3 phy */
- usb3 = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i);
- if (usb3 < 0)
+ usb3_companion_port = tegra_xusb_padctl_get_usb3_companion(xudc->padctl, i);
+ if (usb3_companion_port < 0)
continue;
- snprintf(phy_name, sizeof(phy_name), "usb3-%d", usb3);
- xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name);
- if (IS_ERR(xudc->usb3_phy[i])) {
- err = PTR_ERR(xudc->usb3_phy[i]);
- dev_err_probe(xudc->dev, err,
- "failed to get usb3-%d PHY\n", usb3);
- goto clean_up;
- } else if (xudc->usb3_phy[i])
- dev_dbg(xudc->dev, "usb3-%d PHY registered", usb3);
+ for (j = 0; j < xudc->soc->num_phys; j++) {
+ snprintf(phy_name, sizeof(phy_name), "usb3-%d", j);
+ xudc->usb3_phy[i] = devm_phy_optional_get(xudc->dev, phy_name);
+ if (IS_ERR(xudc->usb3_phy[i])) {
+ err = PTR_ERR(xudc->usb3_phy[i]);
+ dev_err_probe(xudc->dev, err,
+ "failed to get PHY for phy-name usb3-%d\n", j);
+ goto clean_up;
+ } else if (xudc->usb3_phy[i]) {
+ int usb2_port =
+ tegra_xusb_padctl_get_port_number(xudc->utmi_phy[i]);
+ int usb3_port =
+ tegra_xusb_padctl_get_port_number(xudc->usb3_phy[i]);
+ if (usb3_port == usb3_companion_port) {
+ dev_dbg(xudc->dev, "USB2 port %d is paired with USB3 port %d for device mode port %d\n",
+ usb2_port, usb3_port, i);
+ break;
+ }
+ }
+ }
}
return err;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 112/396] speakup: Fix 8bit characters from direct synth
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 111/396] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 113/396] PCI/AER: Block runtime suspend when handling errors Greg Kroah-Hartman
` (295 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Samuel Thibault, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
[ Upstream commit b6c8dafc9d86eb77e502bb018ec4105e8d2fbf78 ]
When userland echoes 8bit characters to /dev/synth with e.g.
echo -e '\xe9' > /dev/synth
synth_write would get characters beyond 0x7f, and thus negative when
char is signed. When given to synth_buffer_add which takes a u16, this
would sign-extend and produce a U+ffxy character rather than U+xy.
Users thus get garbled text instead of accents in their output.
Let's fix this by making sure that we read unsigned characters.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Fixes: 89fc2ae80bb1 ("speakup: extend synth buffer to 16bit unicode characters")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240204155736.2oh4ot7tiaa2wpbh@begin
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/accessibility/speakup/synth.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/accessibility/speakup/synth.c b/drivers/accessibility/speakup/synth.c
index eea2a2fa4f015..45f9061031338 100644
--- a/drivers/accessibility/speakup/synth.c
+++ b/drivers/accessibility/speakup/synth.c
@@ -208,8 +208,10 @@ void spk_do_flush(void)
wake_up_process(speakup_task);
}
-void synth_write(const char *buf, size_t count)
+void synth_write(const char *_buf, size_t count)
{
+ const unsigned char *buf = (const unsigned char *) _buf;
+
while (count--)
synth_buffer_add(*buf++);
synth_start();
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 113/396] PCI/AER: Block runtime suspend when handling errors
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 112/396] speakup: Fix 8bit characters from direct synth Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 114/396] io_uring/net: correctly handle multishot recvmsg retry setup Greg Kroah-Hartman
` (294 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Stanislaw Gruszka, Bjorn Helgaas,
Kuppuswamy Sathyanarayanan, Rafael J. Wysocki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
[ Upstream commit 002bf2fbc00e5c4b95fb167287e2ae7d1973281e ]
PM runtime can be done simultaneously with AER error handling. Avoid that
by using pm_runtime_get_sync() before and pm_runtime_put() after reset in
pcie_do_recovery() for all recovering devices.
pm_runtime_get_sync() will increase dev->power.usage_count counter to
prevent any possible future request to runtime suspend a device. It will
also resume a device, if it was previously in D3hot state.
I tested with igc device by doing simultaneous aer_inject and rpm
suspend/resume via /sys/bus/pci/devices/PCI_ID/power/control and can
reproduce:
igc 0000:02:00.0: not ready 65535ms after bus reset; giving up
pcieport 0000:00:1c.2: AER: Root Port link has been reset (-25)
pcieport 0000:00:1c.2: AER: subordinate device reset failed
pcieport 0000:00:1c.2: AER: device recovery failed
igc 0000:02:00.0: Unable to change power state from D3hot to D0, device inaccessible
The problem disappears when this patch is applied.
Link: https://lore.kernel.org/r/20240212120135.146068-1-stanislaw.gruszka@linux.intel.com
Signed-off-by: Stanislaw Gruszka <stanislaw.gruszka@linux.intel.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Acked-by: Rafael J. Wysocki <rafael@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/pcie/err.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/drivers/pci/pcie/err.c b/drivers/pci/pcie/err.c
index 59c90d04a609a..705893b5f7b09 100644
--- a/drivers/pci/pcie/err.c
+++ b/drivers/pci/pcie/err.c
@@ -13,6 +13,7 @@
#define dev_fmt(fmt) "AER: " fmt
#include <linux/pci.h>
+#include <linux/pm_runtime.h>
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/errno.h>
@@ -85,6 +86,18 @@ static int report_error_detected(struct pci_dev *dev,
return 0;
}
+static int pci_pm_runtime_get_sync(struct pci_dev *pdev, void *data)
+{
+ pm_runtime_get_sync(&pdev->dev);
+ return 0;
+}
+
+static int pci_pm_runtime_put(struct pci_dev *pdev, void *data)
+{
+ pm_runtime_put(&pdev->dev);
+ return 0;
+}
+
static int report_frozen_detected(struct pci_dev *dev, void *data)
{
return report_error_detected(dev, pci_channel_io_frozen, data);
@@ -207,6 +220,8 @@ pci_ers_result_t pcie_do_recovery(struct pci_dev *dev,
else
bridge = pci_upstream_bridge(dev);
+ pci_walk_bridge(bridge, pci_pm_runtime_get_sync, NULL);
+
pci_dbg(bridge, "broadcast error_detected message\n");
if (state == pci_channel_io_frozen) {
pci_walk_bridge(bridge, report_frozen_detected, &status);
@@ -251,10 +266,15 @@ pci_ers_result_t pcie_do_recovery(struct pci_dev *dev,
pcie_clear_device_status(dev);
pci_aer_clear_nonfatal_status(dev);
}
+
+ pci_walk_bridge(bridge, pci_pm_runtime_put, NULL);
+
pci_info(bridge, "device recovery successful\n");
return status;
failed:
+ pci_walk_bridge(bridge, pci_pm_runtime_put, NULL);
+
pci_uevent_ers(bridge, PCI_ERS_RESULT_DISCONNECT);
/* TODO: Should kernel panic here? */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 114/396] io_uring/net: correctly handle multishot recvmsg retry setup
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 113/396] PCI/AER: Block runtime suspend when handling errors Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 115/396] io_uring: fix mshot io-wq checks Greg Kroah-Hartman
` (293 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jens Axboe, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
[ Upstream commit deaef31bc1ec7966698a427da8c161930830e1cf ]
If we loop for multishot receive on the initial attempt, and then abort
later on to wait for more, we miss a case where we should be copying the
io_async_msghdr from the stack to stable storage. This leads to the next
retry potentially failing, if the application had the msghdr on the
stack.
Cc: stable@vger.kernel.org
Fixes: 9bb66906f23e ("io_uring: support multishot in recvmsg")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/net.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/io_uring/net.c b/io_uring/net.c
index 4aaeada03f1e7..386a6745ae32f 100644
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -915,7 +915,8 @@ int io_recvmsg(struct io_kiocb *req, unsigned int issue_flags)
kfree(kmsg->free_iov);
io_netmsg_recycle(req, issue_flags);
req->flags &= ~REQ_F_NEED_CLEANUP;
- }
+ } else if (ret == -EAGAIN)
+ return io_setup_async_msg(req, kmsg, issue_flags);
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 115/396] io_uring: fix mshot io-wq checks
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 114/396] io_uring/net: correctly handle multishot recvmsg retry setup Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 116/396] sparc32: Fix parport build with sparc32 Greg Kroah-Hartman
` (292 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit 3a96378e22cc46c7c49b5911f6c8631527a133a9 ]
When checking for concurrent CQE posting, we're not only interested in
requests running from the poll handler but also strayed requests ended
up in normal io-wq execution. We're disallowing multishots in general
from io-wq, not only when they came in a certain way.
Cc: stable@vger.kernel.org
Fixes: 17add5cea2bba ("io_uring: force multishot CQEs into task context")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/d8c5b36a39258036f93301cd60d3cd295e40653d.1709905727.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/net.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/io_uring/net.c b/io_uring/net.c
index 386a6745ae32f..5a4001139e288 100644
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -87,7 +87,7 @@ static inline bool io_check_multishot(struct io_kiocb *req,
* generic paths but multipoll may decide to post extra cqes.
*/
return !(issue_flags & IO_URING_F_IOWQ) ||
- !(issue_flags & IO_URING_F_MULTISHOT) ||
+ !(req->flags & REQ_F_APOLL_MULTISHOT) ||
!req->ctx->task_complete;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 116/396] sparc32: Fix parport build with sparc32
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 115/396] io_uring: fix mshot io-wq checks Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 117/396] nfs: fix UAF in direct writes Greg Kroah-Hartman
` (291 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Sam Ravnborg, David S. Miller,
Andreas Larsson, Randy Dunlap, Maciej W. Rozycki, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sam Ravnborg <sam@ravnborg.org>
[ Upstream commit 91d3ff922c346d6d8cb8de5ff8d504fe0ca9e17e ]
include/asm/parport.h is sparc64 specific.
Rename it to parport_64.h and use the generic version for sparc32.
This fixed all{mod,yes}config build errors like:
parport_pc.c:(.text):undefined-reference-to-ebus_dma_enable
parport_pc.c:(.text):undefined-reference-to-ebus_dma_irq_enable
parport_pc.c:(.text):undefined-reference-to-ebus_dma_register
The errors occur as the sparc32 build references sparc64 symbols.
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Andreas Larsson <andreas@gaisler.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Maciej W. Rozycki <macro@orcam.me.uk>
Closes: https://lore.kernel.org/r/20230406160548.25721-1-rdunlap@infradead.org/
Fixes: 66bcd06099bb ("parport_pc: Also enable driver for PCI systems")
Cc: stable@vger.kernel.org # v5.18+
Tested-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Reviewed-by: Andreas Larsson <andreas@gaisler.com>
Signed-off-by: Andreas Larsson <andreas@gaisler.com>
Link: https://lore.kernel.org/r/20240224-sam-fix-sparc32-all-builds-v2-6-1f186603c5c4@ravnborg.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/sparc/include/asm/parport.h | 259 +---------------------------
arch/sparc/include/asm/parport_64.h | 256 +++++++++++++++++++++++++++
2 files changed, 263 insertions(+), 252 deletions(-)
create mode 100644 arch/sparc/include/asm/parport_64.h
diff --git a/arch/sparc/include/asm/parport.h b/arch/sparc/include/asm/parport.h
index 0a7ffcfd59cda..e2eed8f97665f 100644
--- a/arch/sparc/include/asm/parport.h
+++ b/arch/sparc/include/asm/parport.h
@@ -1,256 +1,11 @@
/* SPDX-License-Identifier: GPL-2.0 */
-/* parport.h: sparc64 specific parport initialization and dma.
- *
- * Copyright (C) 1999 Eddie C. Dost (ecd@skynet.be)
- */
+#ifndef ___ASM_SPARC_PARPORT_H
+#define ___ASM_SPARC_PARPORT_H
-#ifndef _ASM_SPARC64_PARPORT_H
-#define _ASM_SPARC64_PARPORT_H 1
-
-#include <linux/of.h>
-#include <linux/platform_device.h>
-
-#include <asm/ebus_dma.h>
-#include <asm/ns87303.h>
-#include <asm/prom.h>
-
-#define PARPORT_PC_MAX_PORTS PARPORT_MAX
-
-/*
- * While sparc64 doesn't have an ISA DMA API, we provide something that looks
- * close enough to make parport_pc happy
- */
-#define HAS_DMA
-
-#ifdef CONFIG_PARPORT_PC_FIFO
-static DEFINE_SPINLOCK(dma_spin_lock);
-
-#define claim_dma_lock() \
-({ unsigned long flags; \
- spin_lock_irqsave(&dma_spin_lock, flags); \
- flags; \
-})
-
-#define release_dma_lock(__flags) \
- spin_unlock_irqrestore(&dma_spin_lock, __flags);
+#if defined(__sparc__) && defined(__arch64__)
+#include <asm/parport_64.h>
+#else
+#include <asm-generic/parport.h>
+#endif
#endif
-static struct sparc_ebus_info {
- struct ebus_dma_info info;
- unsigned int addr;
- unsigned int count;
- int lock;
-
- struct parport *port;
-} sparc_ebus_dmas[PARPORT_PC_MAX_PORTS];
-
-static DECLARE_BITMAP(dma_slot_map, PARPORT_PC_MAX_PORTS);
-
-static inline int request_dma(unsigned int dmanr, const char *device_id)
-{
- if (dmanr >= PARPORT_PC_MAX_PORTS)
- return -EINVAL;
- if (xchg(&sparc_ebus_dmas[dmanr].lock, 1) != 0)
- return -EBUSY;
- return 0;
-}
-
-static inline void free_dma(unsigned int dmanr)
-{
- if (dmanr >= PARPORT_PC_MAX_PORTS) {
- printk(KERN_WARNING "Trying to free DMA%d\n", dmanr);
- return;
- }
- if (xchg(&sparc_ebus_dmas[dmanr].lock, 0) == 0) {
- printk(KERN_WARNING "Trying to free free DMA%d\n", dmanr);
- return;
- }
-}
-
-static inline void enable_dma(unsigned int dmanr)
-{
- ebus_dma_enable(&sparc_ebus_dmas[dmanr].info, 1);
-
- if (ebus_dma_request(&sparc_ebus_dmas[dmanr].info,
- sparc_ebus_dmas[dmanr].addr,
- sparc_ebus_dmas[dmanr].count))
- BUG();
-}
-
-static inline void disable_dma(unsigned int dmanr)
-{
- ebus_dma_enable(&sparc_ebus_dmas[dmanr].info, 0);
-}
-
-static inline void clear_dma_ff(unsigned int dmanr)
-{
- /* nothing */
-}
-
-static inline void set_dma_mode(unsigned int dmanr, char mode)
-{
- ebus_dma_prepare(&sparc_ebus_dmas[dmanr].info, (mode != DMA_MODE_WRITE));
-}
-
-static inline void set_dma_addr(unsigned int dmanr, unsigned int addr)
-{
- sparc_ebus_dmas[dmanr].addr = addr;
-}
-
-static inline void set_dma_count(unsigned int dmanr, unsigned int count)
-{
- sparc_ebus_dmas[dmanr].count = count;
-}
-
-static inline unsigned int get_dma_residue(unsigned int dmanr)
-{
- return ebus_dma_residue(&sparc_ebus_dmas[dmanr].info);
-}
-
-static int ecpp_probe(struct platform_device *op)
-{
- unsigned long base = op->resource[0].start;
- unsigned long config = op->resource[1].start;
- unsigned long d_base = op->resource[2].start;
- unsigned long d_len;
- struct device_node *parent;
- struct parport *p;
- int slot, err;
-
- parent = op->dev.of_node->parent;
- if (of_node_name_eq(parent, "dma")) {
- p = parport_pc_probe_port(base, base + 0x400,
- op->archdata.irqs[0], PARPORT_DMA_NOFIFO,
- op->dev.parent->parent, 0);
- if (!p)
- return -ENOMEM;
- dev_set_drvdata(&op->dev, p);
- return 0;
- }
-
- for (slot = 0; slot < PARPORT_PC_MAX_PORTS; slot++) {
- if (!test_and_set_bit(slot, dma_slot_map))
- break;
- }
- err = -ENODEV;
- if (slot >= PARPORT_PC_MAX_PORTS)
- goto out_err;
-
- spin_lock_init(&sparc_ebus_dmas[slot].info.lock);
-
- d_len = (op->resource[2].end - d_base) + 1UL;
- sparc_ebus_dmas[slot].info.regs =
- of_ioremap(&op->resource[2], 0, d_len, "ECPP DMA");
-
- if (!sparc_ebus_dmas[slot].info.regs)
- goto out_clear_map;
-
- sparc_ebus_dmas[slot].info.flags = 0;
- sparc_ebus_dmas[slot].info.callback = NULL;
- sparc_ebus_dmas[slot].info.client_cookie = NULL;
- sparc_ebus_dmas[slot].info.irq = 0xdeadbeef;
- strcpy(sparc_ebus_dmas[slot].info.name, "parport");
- if (ebus_dma_register(&sparc_ebus_dmas[slot].info))
- goto out_unmap_regs;
-
- ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 1);
-
- /* Configure IRQ to Push Pull, Level Low */
- /* Enable ECP, set bit 2 of the CTR first */
- outb(0x04, base + 0x02);
- ns87303_modify(config, PCR,
- PCR_EPP_ENABLE |
- PCR_IRQ_ODRAIN,
- PCR_ECP_ENABLE |
- PCR_ECP_CLK_ENA |
- PCR_IRQ_POLAR);
-
- /* CTR bit 5 controls direction of port */
- ns87303_modify(config, PTR,
- 0, PTR_LPT_REG_DIR);
-
- p = parport_pc_probe_port(base, base + 0x400,
- op->archdata.irqs[0],
- slot,
- op->dev.parent,
- 0);
- err = -ENOMEM;
- if (!p)
- goto out_disable_irq;
-
- dev_set_drvdata(&op->dev, p);
-
- return 0;
-
-out_disable_irq:
- ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 0);
- ebus_dma_unregister(&sparc_ebus_dmas[slot].info);
-
-out_unmap_regs:
- of_iounmap(&op->resource[2], sparc_ebus_dmas[slot].info.regs, d_len);
-
-out_clear_map:
- clear_bit(slot, dma_slot_map);
-
-out_err:
- return err;
-}
-
-static int ecpp_remove(struct platform_device *op)
-{
- struct parport *p = dev_get_drvdata(&op->dev);
- int slot = p->dma;
-
- parport_pc_unregister_port(p);
-
- if (slot != PARPORT_DMA_NOFIFO) {
- unsigned long d_base = op->resource[2].start;
- unsigned long d_len;
-
- d_len = (op->resource[2].end - d_base) + 1UL;
-
- ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 0);
- ebus_dma_unregister(&sparc_ebus_dmas[slot].info);
- of_iounmap(&op->resource[2],
- sparc_ebus_dmas[slot].info.regs,
- d_len);
- clear_bit(slot, dma_slot_map);
- }
-
- return 0;
-}
-
-static const struct of_device_id ecpp_match[] = {
- {
- .name = "ecpp",
- },
- {
- .name = "parallel",
- .compatible = "ecpp",
- },
- {
- .name = "parallel",
- .compatible = "ns87317-ecpp",
- },
- {
- .name = "parallel",
- .compatible = "pnpALI,1533,3",
- },
- {},
-};
-
-static struct platform_driver ecpp_driver = {
- .driver = {
- .name = "ecpp",
- .of_match_table = ecpp_match,
- },
- .probe = ecpp_probe,
- .remove = ecpp_remove,
-};
-
-static int parport_pc_find_nonpci_ports(int autoirq, int autodma)
-{
- return platform_driver_register(&ecpp_driver);
-}
-
-#endif /* !(_ASM_SPARC64_PARPORT_H */
diff --git a/arch/sparc/include/asm/parport_64.h b/arch/sparc/include/asm/parport_64.h
new file mode 100644
index 0000000000000..0a7ffcfd59cda
--- /dev/null
+++ b/arch/sparc/include/asm/parport_64.h
@@ -0,0 +1,256 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/* parport.h: sparc64 specific parport initialization and dma.
+ *
+ * Copyright (C) 1999 Eddie C. Dost (ecd@skynet.be)
+ */
+
+#ifndef _ASM_SPARC64_PARPORT_H
+#define _ASM_SPARC64_PARPORT_H 1
+
+#include <linux/of.h>
+#include <linux/platform_device.h>
+
+#include <asm/ebus_dma.h>
+#include <asm/ns87303.h>
+#include <asm/prom.h>
+
+#define PARPORT_PC_MAX_PORTS PARPORT_MAX
+
+/*
+ * While sparc64 doesn't have an ISA DMA API, we provide something that looks
+ * close enough to make parport_pc happy
+ */
+#define HAS_DMA
+
+#ifdef CONFIG_PARPORT_PC_FIFO
+static DEFINE_SPINLOCK(dma_spin_lock);
+
+#define claim_dma_lock() \
+({ unsigned long flags; \
+ spin_lock_irqsave(&dma_spin_lock, flags); \
+ flags; \
+})
+
+#define release_dma_lock(__flags) \
+ spin_unlock_irqrestore(&dma_spin_lock, __flags);
+#endif
+
+static struct sparc_ebus_info {
+ struct ebus_dma_info info;
+ unsigned int addr;
+ unsigned int count;
+ int lock;
+
+ struct parport *port;
+} sparc_ebus_dmas[PARPORT_PC_MAX_PORTS];
+
+static DECLARE_BITMAP(dma_slot_map, PARPORT_PC_MAX_PORTS);
+
+static inline int request_dma(unsigned int dmanr, const char *device_id)
+{
+ if (dmanr >= PARPORT_PC_MAX_PORTS)
+ return -EINVAL;
+ if (xchg(&sparc_ebus_dmas[dmanr].lock, 1) != 0)
+ return -EBUSY;
+ return 0;
+}
+
+static inline void free_dma(unsigned int dmanr)
+{
+ if (dmanr >= PARPORT_PC_MAX_PORTS) {
+ printk(KERN_WARNING "Trying to free DMA%d\n", dmanr);
+ return;
+ }
+ if (xchg(&sparc_ebus_dmas[dmanr].lock, 0) == 0) {
+ printk(KERN_WARNING "Trying to free free DMA%d\n", dmanr);
+ return;
+ }
+}
+
+static inline void enable_dma(unsigned int dmanr)
+{
+ ebus_dma_enable(&sparc_ebus_dmas[dmanr].info, 1);
+
+ if (ebus_dma_request(&sparc_ebus_dmas[dmanr].info,
+ sparc_ebus_dmas[dmanr].addr,
+ sparc_ebus_dmas[dmanr].count))
+ BUG();
+}
+
+static inline void disable_dma(unsigned int dmanr)
+{
+ ebus_dma_enable(&sparc_ebus_dmas[dmanr].info, 0);
+}
+
+static inline void clear_dma_ff(unsigned int dmanr)
+{
+ /* nothing */
+}
+
+static inline void set_dma_mode(unsigned int dmanr, char mode)
+{
+ ebus_dma_prepare(&sparc_ebus_dmas[dmanr].info, (mode != DMA_MODE_WRITE));
+}
+
+static inline void set_dma_addr(unsigned int dmanr, unsigned int addr)
+{
+ sparc_ebus_dmas[dmanr].addr = addr;
+}
+
+static inline void set_dma_count(unsigned int dmanr, unsigned int count)
+{
+ sparc_ebus_dmas[dmanr].count = count;
+}
+
+static inline unsigned int get_dma_residue(unsigned int dmanr)
+{
+ return ebus_dma_residue(&sparc_ebus_dmas[dmanr].info);
+}
+
+static int ecpp_probe(struct platform_device *op)
+{
+ unsigned long base = op->resource[0].start;
+ unsigned long config = op->resource[1].start;
+ unsigned long d_base = op->resource[2].start;
+ unsigned long d_len;
+ struct device_node *parent;
+ struct parport *p;
+ int slot, err;
+
+ parent = op->dev.of_node->parent;
+ if (of_node_name_eq(parent, "dma")) {
+ p = parport_pc_probe_port(base, base + 0x400,
+ op->archdata.irqs[0], PARPORT_DMA_NOFIFO,
+ op->dev.parent->parent, 0);
+ if (!p)
+ return -ENOMEM;
+ dev_set_drvdata(&op->dev, p);
+ return 0;
+ }
+
+ for (slot = 0; slot < PARPORT_PC_MAX_PORTS; slot++) {
+ if (!test_and_set_bit(slot, dma_slot_map))
+ break;
+ }
+ err = -ENODEV;
+ if (slot >= PARPORT_PC_MAX_PORTS)
+ goto out_err;
+
+ spin_lock_init(&sparc_ebus_dmas[slot].info.lock);
+
+ d_len = (op->resource[2].end - d_base) + 1UL;
+ sparc_ebus_dmas[slot].info.regs =
+ of_ioremap(&op->resource[2], 0, d_len, "ECPP DMA");
+
+ if (!sparc_ebus_dmas[slot].info.regs)
+ goto out_clear_map;
+
+ sparc_ebus_dmas[slot].info.flags = 0;
+ sparc_ebus_dmas[slot].info.callback = NULL;
+ sparc_ebus_dmas[slot].info.client_cookie = NULL;
+ sparc_ebus_dmas[slot].info.irq = 0xdeadbeef;
+ strcpy(sparc_ebus_dmas[slot].info.name, "parport");
+ if (ebus_dma_register(&sparc_ebus_dmas[slot].info))
+ goto out_unmap_regs;
+
+ ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 1);
+
+ /* Configure IRQ to Push Pull, Level Low */
+ /* Enable ECP, set bit 2 of the CTR first */
+ outb(0x04, base + 0x02);
+ ns87303_modify(config, PCR,
+ PCR_EPP_ENABLE |
+ PCR_IRQ_ODRAIN,
+ PCR_ECP_ENABLE |
+ PCR_ECP_CLK_ENA |
+ PCR_IRQ_POLAR);
+
+ /* CTR bit 5 controls direction of port */
+ ns87303_modify(config, PTR,
+ 0, PTR_LPT_REG_DIR);
+
+ p = parport_pc_probe_port(base, base + 0x400,
+ op->archdata.irqs[0],
+ slot,
+ op->dev.parent,
+ 0);
+ err = -ENOMEM;
+ if (!p)
+ goto out_disable_irq;
+
+ dev_set_drvdata(&op->dev, p);
+
+ return 0;
+
+out_disable_irq:
+ ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 0);
+ ebus_dma_unregister(&sparc_ebus_dmas[slot].info);
+
+out_unmap_regs:
+ of_iounmap(&op->resource[2], sparc_ebus_dmas[slot].info.regs, d_len);
+
+out_clear_map:
+ clear_bit(slot, dma_slot_map);
+
+out_err:
+ return err;
+}
+
+static int ecpp_remove(struct platform_device *op)
+{
+ struct parport *p = dev_get_drvdata(&op->dev);
+ int slot = p->dma;
+
+ parport_pc_unregister_port(p);
+
+ if (slot != PARPORT_DMA_NOFIFO) {
+ unsigned long d_base = op->resource[2].start;
+ unsigned long d_len;
+
+ d_len = (op->resource[2].end - d_base) + 1UL;
+
+ ebus_dma_irq_enable(&sparc_ebus_dmas[slot].info, 0);
+ ebus_dma_unregister(&sparc_ebus_dmas[slot].info);
+ of_iounmap(&op->resource[2],
+ sparc_ebus_dmas[slot].info.regs,
+ d_len);
+ clear_bit(slot, dma_slot_map);
+ }
+
+ return 0;
+}
+
+static const struct of_device_id ecpp_match[] = {
+ {
+ .name = "ecpp",
+ },
+ {
+ .name = "parallel",
+ .compatible = "ecpp",
+ },
+ {
+ .name = "parallel",
+ .compatible = "ns87317-ecpp",
+ },
+ {
+ .name = "parallel",
+ .compatible = "pnpALI,1533,3",
+ },
+ {},
+};
+
+static struct platform_driver ecpp_driver = {
+ .driver = {
+ .name = "ecpp",
+ .of_match_table = ecpp_match,
+ },
+ .probe = ecpp_probe,
+ .remove = ecpp_remove,
+};
+
+static int parport_pc_find_nonpci_ports(int autoirq, int autodma)
+{
+ return platform_driver_register(&ecpp_driver);
+}
+
+#endif /* !(_ASM_SPARC64_PARPORT_H */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 117/396] nfs: fix UAF in direct writes
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 116/396] sparc32: Fix parport build with sparc32 Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 118/396] NFS: Read unlock folio on nfs_page_create_from_folio() error Greg Kroah-Hartman
` (290 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Josef Bacik, Trond Myklebust,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit 17f46b803d4f23c66cacce81db35fef3adb8f2af ]
In production we have been hitting the following warning consistently
------------[ cut here ]------------
refcount_t: underflow; use-after-free.
WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0
Workqueue: nfsiod nfs_direct_write_schedule_work [nfs]
RIP: 0010:refcount_warn_saturate+0x9c/0xe0
PKRU: 55555554
Call Trace:
<TASK>
? __warn+0x9f/0x130
? refcount_warn_saturate+0x9c/0xe0
? report_bug+0xcc/0x150
? handle_bug+0x3d/0x70
? exc_invalid_op+0x16/0x40
? asm_exc_invalid_op+0x16/0x20
? refcount_warn_saturate+0x9c/0xe0
nfs_direct_write_schedule_work+0x237/0x250 [nfs]
process_one_work+0x12f/0x4a0
worker_thread+0x14e/0x3b0
? ZSTD_getCParams_internal+0x220/0x220
kthread+0xdc/0x120
? __btf_name_valid+0xa0/0xa0
ret_from_fork+0x1f/0x30
This is because we're completing the nfs_direct_request twice in a row.
The source of this is when we have our commit requests to submit, we
process them and send them off, and then in the completion path for the
commit requests we have
if (nfs_commit_end(cinfo.mds))
nfs_direct_write_complete(dreq);
However since we're submitting asynchronous requests we sometimes have
one that completes before we submit the next one, so we end up calling
complete on the nfs_direct_request twice.
The only other place we use nfs_generic_commit_list() is in
__nfs_commit_inode, which wraps this call in a
nfs_commit_begin();
nfs_commit_end();
Which is a common pattern for this style of completion handling, one
that is also repeated in the direct code with get_dreq()/put_dreq()
calls around where we process events as well as in the completion paths.
Fix this by using the same pattern for the commit requests.
Before with my 200 node rocksdb stress running this warning would pop
every 10ish minutes. With my patch the stress test has been running for
several hours without popping.
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Cc: stable@vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/direct.c | 11 +++++++++--
fs/nfs/write.c | 2 +-
include/linux/nfs_fs.h | 1 +
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
index 5918c67dae0da..b6f801e73bfdc 100644
--- a/fs/nfs/direct.c
+++ b/fs/nfs/direct.c
@@ -668,10 +668,17 @@ static void nfs_direct_commit_schedule(struct nfs_direct_req *dreq)
LIST_HEAD(mds_list);
nfs_init_cinfo_from_dreq(&cinfo, dreq);
+ nfs_commit_begin(cinfo.mds);
nfs_scan_commit(dreq->inode, &mds_list, &cinfo);
res = nfs_generic_commit_list(dreq->inode, &mds_list, 0, &cinfo);
- if (res < 0) /* res == -ENOMEM */
- nfs_direct_write_reschedule(dreq);
+ if (res < 0) { /* res == -ENOMEM */
+ spin_lock(&dreq->lock);
+ if (dreq->flags == 0)
+ dreq->flags = NFS_ODIRECT_RESCHED_WRITES;
+ spin_unlock(&dreq->lock);
+ }
+ if (nfs_commit_end(cinfo.mds))
+ nfs_direct_write_complete(dreq);
}
static void nfs_direct_write_clear_reqs(struct nfs_direct_req *dreq)
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index 4a250f65fa759..7d03811f44a4b 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -1661,7 +1661,7 @@ static int wait_on_commit(struct nfs_mds_commit_info *cinfo)
!atomic_read(&cinfo->rpcs_out));
}
-static void nfs_commit_begin(struct nfs_mds_commit_info *cinfo)
+void nfs_commit_begin(struct nfs_mds_commit_info *cinfo)
{
atomic_inc(&cinfo->rpcs_out);
}
diff --git a/include/linux/nfs_fs.h b/include/linux/nfs_fs.h
index 279262057a925..832b7e354b4e3 100644
--- a/include/linux/nfs_fs.h
+++ b/include/linux/nfs_fs.h
@@ -612,6 +612,7 @@ int nfs_wb_folio_cancel(struct inode *inode, struct folio *folio);
extern int nfs_commit_inode(struct inode *, int);
extern struct nfs_commit_data *nfs_commitdata_alloc(void);
extern void nfs_commit_free(struct nfs_commit_data *data);
+void nfs_commit_begin(struct nfs_mds_commit_info *cinfo);
bool nfs_commit_end(struct nfs_mds_commit_info *cinfo);
static inline bool nfs_have_writebacks(const struct inode *inode)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 118/396] NFS: Read unlock folio on nfs_page_create_from_folio() error
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 117/396] nfs: fix UAF in direct writes Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 119/396] kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Greg Kroah-Hartman
` (289 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, David Jeffery, Benjamin Coddington,
Dave Wysochanski, Trond Myklebust, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Benjamin Coddington <bcodding@redhat.com>
[ Upstream commit 11974eec839c167362af685aae5f5e1baaf979eb ]
The netfs conversion lost a folio_unlock() for the case where
nfs_page_create_from_folio() returns an error (usually -ENOMEM). Restore
it.
Reported-by: David Jeffery <djeffery@redhat.com>
Cc: <stable@vger.kernel.org> # 6.4+
Fixes: 000dbe0bec05 ("NFS: Convert buffered read paths to use netfs when fscache is enabled")
Signed-off-by: Benjamin Coddington <bcodding@redhat.com>
Acked-by: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfs/read.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/nfs/read.c b/fs/nfs/read.c
index 7dc21a48e3e7b..a142287d86f68 100644
--- a/fs/nfs/read.c
+++ b/fs/nfs/read.c
@@ -305,6 +305,8 @@ int nfs_read_add_folio(struct nfs_pageio_descriptor *pgio,
new = nfs_page_create_from_folio(ctx, folio, 0, aligned_len);
if (IS_ERR(new)) {
error = PTR_ERR(new);
+ if (nfs_netfs_folio_unlock(folio))
+ folio_unlock(folio);
goto out;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 119/396] kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 118/396] NFS: Read unlock folio on nfs_page_create_from_folio() error Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 120/396] PCI: qcom: Enable BDF to SID translation properly Greg Kroah-Hartman
` (288 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Yonghong Song, Nathan Chancellor,
Arnd Bergmann, Masahiro Yamada, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
[ Upstream commit 75b5ab134bb5f657ef7979a59106dce0657e8d87 ]
Clang enables -Wenum-enum-conversion and -Wenum-compare-conditional
under -Wenum-conversion. A recent change in Clang strengthened these
warnings and they appear frequently in common builds, primarily due to
several instances in common headers but there are quite a few drivers
that have individual instances as well.
include/linux/vmstat.h:508:43: warning: arithmetic between different enumeration types ('enum zone_stat_item' and 'enum numa_stat_item') [-Wenum-enum-conversion]
508 | return vmstat_text[NR_VM_ZONE_STAT_ITEMS +
| ~~~~~~~~~~~~~~~~~~~~~ ^
509 | item];
| ~~~~
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:955:24: warning: conditional expression between different enumeration types ('enum iwl_mac_beacon_flags' and 'enum iwl_mac_beacon_flags_v1') [-Wenum-compare-conditional]
955 | flags |= is_new_rate ? IWL_MAC_BEACON_CCK
| ^ ~~~~~~~~~~~~~~~~~~
956 | : IWL_MAC_BEACON_CCK_V1;
| ~~~~~~~~~~~~~~~~~~~~~
drivers/net/wireless/intel/iwlwifi/mvm/mac-ctxt.c:1120:21: warning: conditional expression between different enumeration types ('enum iwl_mac_beacon_flags' and 'enum iwl_mac_beacon_flags_v1') [-Wenum-compare-conditional]
1120 | 0) > 10 ?
| ^
1121 | IWL_MAC_BEACON_FILS :
| ~~~~~~~~~~~~~~~~~~~
1122 | IWL_MAC_BEACON_FILS_V1;
| ~~~~~~~~~~~~~~~~~~~~~~
Doing arithmetic between or returning two different types of enums could
be a bug, so each of the instance of the warning needs to be evaluated.
Unfortunately, as mentioned above, there are many instances of this
warning in many different configurations, which can break the build when
CONFIG_WERROR is enabled.
To avoid introducing new instances of the warnings while cleaning up the
disruption for the majority of users, disable these warnings for the
default build while leaving them on for W=1 builds.
Cc: stable@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issues/2002
Link: https://github.com/llvm/llvm-project/commit/8c2ae42b3e1c6aa7c18f873edcebff7c0b45a37e
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
| 2 ++
1 file changed, 2 insertions(+)
--git a/scripts/Makefile.extrawarn b/scripts/Makefile.extrawarn
index 2fe6f2828d376..16c750bb95faf 100644
--- a/scripts/Makefile.extrawarn
+++ b/scripts/Makefile.extrawarn
@@ -143,6 +143,8 @@ KBUILD_CFLAGS += $(call cc-disable-warning, pointer-to-enum-cast)
KBUILD_CFLAGS += -Wno-tautological-constant-out-of-range-compare
KBUILD_CFLAGS += $(call cc-disable-warning, unaligned-access)
KBUILD_CFLAGS += $(call cc-disable-warning, cast-function-type-strict)
+KBUILD_CFLAGS += -Wno-enum-compare-conditional
+KBUILD_CFLAGS += -Wno-enum-enum-conversion
endif
endif
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 120/396] PCI: qcom: Enable BDF to SID translation properly
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 119/396] kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 121/396] PCI: dwc: endpoint: Fix advertised resizable BAR size Greg Kroah-Hartman
` (287 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Manivannan Sadhasivam,
Krzysztof Wilczyński, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
[ Upstream commit bf79e33cdd89db498e00a6131e937259de5f2705 ]
Qcom SoCs making use of ARM SMMU require BDF to SID translation table in
the driver to properly map the SID for the PCIe devices based on their BDF
identifier. This is currently achieved with the help of
qcom_pcie_config_sid_1_9_0() function for SoCs supporting the 1_9_0 config.
But With newer Qcom SoCs starting from SM8450, BDF to SID translation is
set to bypass mode by default in hardware. Due to this, the translation
table that is set in the qcom_pcie_config_sid_1_9_0() is essentially
unused and the default SID is used for all endpoints in SoCs starting from
SM8450.
This is a security concern and also warrants swapping the DeviceID in DT
while using the GIC ITS to handle MSIs from endpoints. The swapping is
currently done like below in DT when using GIC ITS:
/*
* MSIs for BDF (1:0.0) only works with Device ID 0x5980.
* Hence, the IDs are swapped.
*/
msi-map = <0x0 &gic_its 0x5981 0x1>,
<0x100 &gic_its 0x5980 0x1>;
Here, swapping of the DeviceIDs ensure that the endpoint with BDF (1:0.0)
gets the DeviceID 0x5980 which is associated with the default SID as per
the iommu mapping in DT. So MSIs were delivered with IDs swapped so far.
But this also means the Root Port (0:0.0) won't receive any MSIs (for PME,
AER etc...)
So let's fix these issues by clearing the BDF to SID bypass mode for all
SoCs making use of the 1_9_0 config. This allows the PCIe devices to use
the correct SID, thus avoiding the DeviceID swapping hack in DT and also
achieving the isolation between devices.
Fixes: 4c9398822106 ("PCI: qcom: Add support for configuring BDF to SID mapping for SM8250")
Link: https://lore.kernel.org/linux-pci/20240307-pci-bdf-sid-fix-v1-1-9423a7e2d63c@linaro.org
Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Cc: stable@vger.kernel.org # 5.11
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-qcom.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c
index 64420ecc24d1c..d3ca6d3493130 100644
--- a/drivers/pci/controller/dwc/pcie-qcom.c
+++ b/drivers/pci/controller/dwc/pcie-qcom.c
@@ -53,6 +53,7 @@
#define PARF_SLV_ADDR_SPACE_SIZE 0x358
#define PARF_DEVICE_TYPE 0x1000
#define PARF_BDF_TO_SID_TABLE_N 0x2000
+#define PARF_BDF_TO_SID_CFG 0x2c00
/* ELBI registers */
#define ELBI_SYS_CTRL 0x04
@@ -120,6 +121,9 @@
/* PARF_DEVICE_TYPE register fields */
#define DEVICE_TYPE_RC 0x4
+/* PARF_BDF_TO_SID_CFG fields */
+#define BDF_TO_SID_BYPASS BIT(0)
+
/* ELBI_SYS_CTRL register fields */
#define ELBI_SYS_CTRL_LT_ENABLE BIT(0)
@@ -985,11 +989,17 @@ static int qcom_pcie_config_sid_1_9_0(struct qcom_pcie *pcie)
u8 qcom_pcie_crc8_table[CRC8_TABLE_SIZE];
int i, nr_map, size = 0;
u32 smmu_sid_base;
+ u32 val;
of_get_property(dev->of_node, "iommu-map", &size);
if (!size)
return 0;
+ /* Enable BDF to SID translation by disabling bypass mode (default) */
+ val = readl(pcie->parf + PARF_BDF_TO_SID_CFG);
+ val &= ~BDF_TO_SID_BYPASS;
+ writel(val, pcie->parf + PARF_BDF_TO_SID_CFG);
+
map = kzalloc(size, GFP_KERNEL);
if (!map)
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 121/396] PCI: dwc: endpoint: Fix advertised resizable BAR size
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 120/396] PCI: qcom: Enable BDF to SID translation properly Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 122/396] PCI: hv: Fix ring buffer size calculation Greg Kroah-Hartman
` (286 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Niklas Cassel,
Krzysztof Wilczyński, Manivannan Sadhasivam, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Niklas Cassel <cassel@kernel.org>
[ Upstream commit 72e34b8593e08a0ee759b7a038e0b178418ea6f8 ]
The commit message in commit fc9a77040b04 ("PCI: designware-ep: Configure
Resizable BAR cap to advertise the smallest size") claims that it modifies
the Resizable BAR capability to only advertise support for 1 MB size BARs.
However, the commit writes all zeroes to PCI_REBAR_CAP (the register which
contains the possible BAR sizes that a BAR be resized to).
According to the spec, it is illegal to not have a bit set in
PCI_REBAR_CAP, and 1 MB is the smallest size allowed.
Set bit 4 in PCI_REBAR_CAP, so that we actually advertise support for a
1 MB BAR size.
Before:
Capabilities: [2e8 v1] Physical Resizable BAR
BAR 0: current size: 1MB
BAR 1: current size: 1MB
BAR 2: current size: 1MB
BAR 3: current size: 1MB
BAR 4: current size: 1MB
BAR 5: current size: 1MB
After:
Capabilities: [2e8 v1] Physical Resizable BAR
BAR 0: current size: 1MB, supported: 1MB
BAR 1: current size: 1MB, supported: 1MB
BAR 2: current size: 1MB, supported: 1MB
BAR 3: current size: 1MB, supported: 1MB
BAR 4: current size: 1MB, supported: 1MB
BAR 5: current size: 1MB, supported: 1MB
Fixes: fc9a77040b04 ("PCI: designware-ep: Configure Resizable BAR cap to advertise the smallest size")
Link: https://lore.kernel.org/linux-pci/20240307111520.3303774-1-cassel@kernel.org
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Cc: <stable@vger.kernel.org> # 5.2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/dwc/pcie-designware-ep.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c
index 9d1f259fe3573..ad6516a3ae6ea 100644
--- a/drivers/pci/controller/dwc/pcie-designware-ep.c
+++ b/drivers/pci/controller/dwc/pcie-designware-ep.c
@@ -671,8 +671,13 @@ int dw_pcie_ep_init_complete(struct dw_pcie_ep *ep)
nbars = (reg & PCI_REBAR_CTRL_NBAR_MASK) >>
PCI_REBAR_CTRL_NBAR_SHIFT;
+ /*
+ * PCIe r6.0, sec 7.8.6.2 require us to support at least one
+ * size in the range from 1 MB to 512 GB. Advertise support
+ * for 1 MB BAR size only.
+ */
for (i = 0; i < nbars; i++, offset += PCI_REBAR_CTRL)
- dw_pcie_writel_dbi(pci, offset + PCI_REBAR_CAP, 0x0);
+ dw_pcie_writel_dbi(pci, offset + PCI_REBAR_CAP, BIT(4));
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 122/396] PCI: hv: Fix ring buffer size calculation
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 121/396] PCI: dwc: endpoint: Fix advertised resizable BAR size Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 123/396] smb: client: stop revalidating reparse points unnecessarily Greg Kroah-Hartman
` (285 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley,
Krzysztof Wilczyński, Kuppuswamy Sathyanarayanan,
Ilpo Jarvinen, Long Li, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Kelley <mhklinux@outlook.com>
[ Upstream commit b5ff74c1ef50fe08e384026875fec660fadfaedd ]
For a physical PCI device that is passed through to a Hyper-V guest VM,
current code specifies the VMBus ring buffer size as 4 pages. But this
is an inappropriate dependency, since the amount of ring buffer space
needed is unrelated to PAGE_SIZE. For example, on x86 the ring buffer
size ends up as 16 Kbytes, while on ARM64 with 64 Kbyte pages, the ring
size bloats to 256 Kbytes. The ring buffer for PCI pass-thru devices
is used for only a few messages during device setup and removal, so any
space above a few Kbytes is wasted.
Fix this by declaring the ring buffer size to be a fixed 16 Kbytes.
Furthermore, use the VMBUS_RING_SIZE() macro so that the ring buffer
header is properly accounted for, and so the size is rounded up to a
page boundary, using the page size for which the kernel is built. While
w/64 Kbyte pages this results in a 64 Kbyte ring buffer header plus a
64 Kbyte ring buffer, that's the smallest possible with that page size.
It's still 128 Kbytes better than the current code.
Link: https://lore.kernel.org/linux-pci/20240216202240.251818-1-mhklinux@outlook.com
Signed-off-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Krzysztof Wilczyński <kwilczynski@kernel.org>
Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
Reviewed-by: Ilpo Jarvinen <ilpo.jarvinen@linux.intel.com>
Reviewed-by: Long Li <longli@microsoft.com>
Cc: <stable@vger.kernel.org> # 5.15.x
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pci/controller/pci-hyperv.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/pci/controller/pci-hyperv.c b/drivers/pci/controller/pci-hyperv.c
index bed3cefdaf198..5ab1a035c4969 100644
--- a/drivers/pci/controller/pci-hyperv.c
+++ b/drivers/pci/controller/pci-hyperv.c
@@ -49,6 +49,7 @@
#include <linux/refcount.h>
#include <linux/irqdomain.h>
#include <linux/acpi.h>
+#include <linux/sizes.h>
#include <asm/mshyperv.h>
/*
@@ -465,7 +466,7 @@ struct pci_eject_response {
u32 status;
} __packed;
-static int pci_ring_size = (4 * PAGE_SIZE);
+static int pci_ring_size = VMBUS_RING_SIZE(SZ_16K);
/*
* Driver specific state.
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 123/396] smb: client: stop revalidating reparse points unnecessarily
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 122/396] PCI: hv: Fix ring buffer size calculation Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 124/396] cifs: prevent updating file size from server if we have a read/write lease Greg Kroah-Hartman
` (284 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara (SUSE), Steve French,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
[ Upstream commit 6d039984c15d1ea1ca080176df6dfab443e44585 ]
Query dir responses don't provide enough information on reparse points
such as major/minor numbers and symlink targets other than reparse
tags, however we don't need to unconditionally revalidate them only
because they are reparse points. Instead, revalidate them only when
their ctime or reparse tag has changed.
For instance, Windows Server updates ctime of reparse points when
their data have changed.
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: e4b61f3b1c67 ("cifs: prevent updating file size from server if we have a read/write lease")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifsglob.h | 1 +
fs/smb/client/inode.c | 4 +-
fs/smb/client/readdir.c | 133 ++++++++++++++++-----------------------
3 files changed, 57 insertions(+), 81 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index 462554917e5a1..57bf6b406c590 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -1562,6 +1562,7 @@ struct cifsInodeInfo {
spinlock_t deferred_lock; /* protection on deferred list */
bool lease_granted; /* Flag to indicate whether lease or oplock is granted. */
char *symlink_target;
+ __u32 reparse_tag;
};
static inline struct cifsInodeInfo *
diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c
index eb54e48937771..471abc99bbf02 100644
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -182,6 +182,7 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
inode->i_mode = fattr->cf_mode;
cifs_i->cifsAttrs = fattr->cf_cifsattrs;
+ cifs_i->reparse_tag = fattr->cf_cifstag;
if (fattr->cf_flags & CIFS_FATTR_NEED_REVAL)
cifs_i->time = 0;
@@ -209,7 +210,7 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
inode->i_blocks = (512 - 1 + fattr->cf_bytes) >> 9;
}
- if (S_ISLNK(fattr->cf_mode)) {
+ if (S_ISLNK(fattr->cf_mode) && fattr->cf_symlink_target) {
kfree(cifs_i->symlink_target);
cifs_i->symlink_target = fattr->cf_symlink_target;
fattr->cf_symlink_target = NULL;
@@ -1103,6 +1104,7 @@ static int reparse_info_to_fattr(struct cifs_open_info_data *data,
cifs_open_info_to_fattr(fattr, data, sb);
out:
+ fattr->cf_cifstag = data->reparse.tag;
free_rsp_buf(rsp_buftype, rsp_iov.iov_base);
return rc;
}
diff --git a/fs/smb/client/readdir.c b/fs/smb/client/readdir.c
index e23cd216bffbe..520c490e844b5 100644
--- a/fs/smb/client/readdir.c
+++ b/fs/smb/client/readdir.c
@@ -55,6 +55,23 @@ static inline void dump_cifs_file_struct(struct file *file, char *label)
}
#endif /* DEBUG2 */
+/*
+ * Match a reparse point inode if reparse tag and ctime haven't changed.
+ *
+ * Windows Server updates ctime of reparse points when their data have changed.
+ * The server doesn't allow changing reparse tags from existing reparse points,
+ * though it's worth checking.
+ */
+static inline bool reparse_inode_match(struct inode *inode,
+ struct cifs_fattr *fattr)
+{
+ struct timespec64 ctime = inode_get_ctime(inode);
+
+ return (CIFS_I(inode)->cifsAttrs & ATTR_REPARSE) &&
+ CIFS_I(inode)->reparse_tag == fattr->cf_cifstag &&
+ timespec64_equal(&ctime, &fattr->cf_ctime);
+}
+
/*
* Attempt to preload the dcache with the results from the FIND_FIRST/NEXT
*
@@ -71,6 +88,7 @@ cifs_prime_dcache(struct dentry *parent, struct qstr *name,
struct super_block *sb = parent->d_sb;
struct cifs_sb_info *cifs_sb = CIFS_SB(sb);
DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
+ int rc;
cifs_dbg(FYI, "%s: for %s\n", __func__, name->name);
@@ -82,9 +100,11 @@ cifs_prime_dcache(struct dentry *parent, struct qstr *name,
* We'll end up doing an on the wire call either way and
* this spares us an invalidation.
*/
- if (fattr->cf_flags & CIFS_FATTR_NEED_REVAL)
- return;
retry:
+ if ((fattr->cf_cifsattrs & ATTR_REPARSE) ||
+ (fattr->cf_flags & CIFS_FATTR_NEED_REVAL))
+ return;
+
dentry = d_alloc_parallel(parent, name, &wq);
}
if (IS_ERR(dentry))
@@ -104,12 +124,34 @@ cifs_prime_dcache(struct dentry *parent, struct qstr *name,
if (!(cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM))
fattr->cf_uniqueid = CIFS_I(inode)->uniqueid;
- /* update inode in place
- * if both i_ino and i_mode didn't change */
- if (CIFS_I(inode)->uniqueid == fattr->cf_uniqueid &&
- cifs_fattr_to_inode(inode, fattr) == 0) {
- dput(dentry);
- return;
+ /*
+ * Update inode in place if both i_ino and i_mode didn't
+ * change.
+ */
+ if (CIFS_I(inode)->uniqueid == fattr->cf_uniqueid) {
+ /*
+ * Query dir responses don't provide enough
+ * information about reparse points other than
+ * their reparse tags. Save an invalidation by
+ * not clobbering the existing mode, size and
+ * symlink target (if any) when reparse tag and
+ * ctime haven't changed.
+ */
+ rc = 0;
+ if (fattr->cf_cifsattrs & ATTR_REPARSE) {
+ if (likely(reparse_inode_match(inode, fattr))) {
+ fattr->cf_mode = inode->i_mode;
+ fattr->cf_eof = CIFS_I(inode)->server_eof;
+ fattr->cf_symlink_target = NULL;
+ } else {
+ CIFS_I(inode)->time = 0;
+ rc = -ESTALE;
+ }
+ }
+ if (!rc && !cifs_fattr_to_inode(inode, fattr)) {
+ dput(dentry);
+ return;
+ }
}
}
d_invalidate(dentry);
@@ -127,29 +169,6 @@ cifs_prime_dcache(struct dentry *parent, struct qstr *name,
dput(dentry);
}
-static bool reparse_file_needs_reval(const struct cifs_fattr *fattr)
-{
- if (!(fattr->cf_cifsattrs & ATTR_REPARSE))
- return false;
- /*
- * The DFS tags should be only intepreted by server side as per
- * MS-FSCC 2.1.2.1, but let's include them anyway.
- *
- * Besides, if cf_cifstag is unset (0), then we still need it to be
- * revalidated to know exactly what reparse point it is.
- */
- switch (fattr->cf_cifstag) {
- case IO_REPARSE_TAG_DFS:
- case IO_REPARSE_TAG_DFSR:
- case IO_REPARSE_TAG_SYMLINK:
- case IO_REPARSE_TAG_NFS:
- case IO_REPARSE_TAG_MOUNT_POINT:
- case 0:
- return true;
- }
- return false;
-}
-
static void
cifs_fill_common_info(struct cifs_fattr *fattr, struct cifs_sb_info *cifs_sb)
{
@@ -181,14 +200,6 @@ cifs_fill_common_info(struct cifs_fattr *fattr, struct cifs_sb_info *cifs_sb)
}
out_reparse:
- /*
- * We need to revalidate it further to make a decision about whether it
- * is a symbolic link, DFS referral or a reparse point with a direct
- * access like junctions, deduplicated files, NFS symlinks.
- */
- if (reparse_file_needs_reval(fattr))
- fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
-
/* non-unix readdir doesn't provide nlink */
fattr->cf_flags |= CIFS_FATTR_UNKNOWN_NLINK;
@@ -269,9 +280,6 @@ cifs_posix_to_fattr(struct cifs_fattr *fattr, struct smb2_posix_info *info,
fattr->cf_dtype = DT_REG;
}
- if (reparse_file_needs_reval(fattr))
- fattr->cf_flags |= CIFS_FATTR_NEED_REVAL;
-
sid_to_id(cifs_sb, &parsed.owner, fattr, SIDOWNER);
sid_to_id(cifs_sb, &parsed.group, fattr, SIDGROUP);
}
@@ -333,38 +341,6 @@ cifs_std_info_to_fattr(struct cifs_fattr *fattr, FIND_FILE_STANDARD_INFO *info,
cifs_fill_common_info(fattr, cifs_sb);
}
-/* BB eventually need to add the following helper function to
- resolve NT_STATUS_STOPPED_ON_SYMLINK return code when
- we try to do FindFirst on (NTFS) directory symlinks */
-/*
-int get_symlink_reparse_path(char *full_path, struct cifs_sb_info *cifs_sb,
- unsigned int xid)
-{
- __u16 fid;
- int len;
- int oplock = 0;
- int rc;
- struct cifs_tcon *ptcon = cifs_sb_tcon(cifs_sb);
- char *tmpbuffer;
-
- rc = CIFSSMBOpen(xid, ptcon, full_path, FILE_OPEN, GENERIC_READ,
- OPEN_REPARSE_POINT, &fid, &oplock, NULL,
- cifs_sb->local_nls,
- cifs_remap(cifs_sb);
- if (!rc) {
- tmpbuffer = kmalloc(maxpath);
- rc = CIFSSMBQueryReparseLinkInfo(xid, ptcon, full_path,
- tmpbuffer,
- maxpath -1,
- fid,
- cifs_sb->local_nls);
- if (CIFSSMBClose(xid, ptcon, fid)) {
- cifs_dbg(FYI, "Error closing temporary reparsepoint open\n");
- }
- }
-}
- */
-
static int
_initiate_cifs_search(const unsigned int xid, struct file *file,
const char *full_path)
@@ -433,13 +409,10 @@ _initiate_cifs_search(const unsigned int xid, struct file *file,
&cifsFile->fid, search_flags,
&cifsFile->srch_inf);
- if (rc == 0)
+ if (rc == 0) {
cifsFile->invalidHandle = false;
- /* BB add following call to handle readdir on new NTFS symlink errors
- else if STATUS_STOPPED_ON_SYMLINK
- call get_symlink_reparse_path and retry with new path */
- else if ((rc == -EOPNOTSUPP) &&
- (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)) {
+ } else if ((rc == -EOPNOTSUPP) &&
+ (cifs_sb->mnt_cifs_flags & CIFS_MOUNT_SERVER_INUM)) {
cifs_sb->mnt_cifs_flags &= ~CIFS_MOUNT_SERVER_INUM;
goto ffirst_retry;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 124/396] cifs: prevent updating file size from server if we have a read/write lease
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 123/396] smb: client: stop revalidating reparse points unnecessarily Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 125/396] cifs: allow changing password during remount Greg Kroah-Hartman
` (283 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Bharath SM,
Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bharath SM <bharathsm@microsoft.com>
[ Upstream commit e4b61f3b1c67f5068590965f64ea6e8d5d5bd961 ]
In cases of large directories, the readdir operation may span multiple
round trips to retrieve contents. This introduces a potential race
condition in case of concurrent write and readdir operations. If the
readdir operation initiates before a write has been processed by the
server, it may update the file size attribute to an older value.
Address this issue by avoiding file size updates from readdir when we
have read/write lease.
Scenario:
1) process1: open dir xyz
2) process1: readdir instance 1 on xyz
3) process2: create file.txt for write
4) process2: write x bytes to file.txt
5) process2: close file.txt
6) process2: open file.txt for read
7) process1: readdir 2 - overwrites file.txt inode size to 0
8) process2: read contents of file.txt - bug, short read with 0 bytes
Cc: stable@vger.kernel.org
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifsproto.h | 6 ++++--
fs/smb/client/file.c | 8 +++++---
fs/smb/client/inode.c | 13 +++++++------
fs/smb/client/readdir.c | 2 +-
4 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h
index 260a6299bddb8..0cff4f5af1793 100644
--- a/fs/smb/client/cifsproto.h
+++ b/fs/smb/client/cifsproto.h
@@ -144,7 +144,8 @@ extern int cifs_reconnect(struct TCP_Server_Info *server,
extern int checkSMB(char *buf, unsigned int len, struct TCP_Server_Info *srvr);
extern bool is_valid_oplock_break(char *, struct TCP_Server_Info *);
extern bool backup_cred(struct cifs_sb_info *);
-extern bool is_size_safe_to_change(struct cifsInodeInfo *, __u64 eof);
+extern bool is_size_safe_to_change(struct cifsInodeInfo *cifsInode, __u64 eof,
+ bool from_readdir);
extern void cifs_update_eof(struct cifsInodeInfo *cifsi, loff_t offset,
unsigned int bytes_written);
extern struct cifsFileInfo *find_writable_file(struct cifsInodeInfo *, int);
@@ -201,7 +202,8 @@ extern void cifs_unix_basic_to_fattr(struct cifs_fattr *fattr,
struct cifs_sb_info *cifs_sb);
extern void cifs_dir_info_to_fattr(struct cifs_fattr *, FILE_DIRECTORY_INFO *,
struct cifs_sb_info *);
-extern int cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr);
+extern int cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr,
+ bool from_readdir);
extern struct inode *cifs_iget(struct super_block *sb,
struct cifs_fattr *fattr);
diff --git a/fs/smb/client/file.c b/fs/smb/client/file.c
index c156460eb5587..c711d5eb2987e 100644
--- a/fs/smb/client/file.c
+++ b/fs/smb/client/file.c
@@ -329,7 +329,7 @@ int cifs_posix_open(const char *full_path, struct inode **pinode,
}
} else {
cifs_revalidate_mapping(*pinode);
- rc = cifs_fattr_to_inode(*pinode, &fattr);
+ rc = cifs_fattr_to_inode(*pinode, &fattr, false);
}
posix_open_ret:
@@ -4766,12 +4766,14 @@ static int is_inode_writable(struct cifsInodeInfo *cifs_inode)
refreshing the inode only on increases in the file size
but this is tricky to do without racing with writebehind
page caching in the current Linux kernel design */
-bool is_size_safe_to_change(struct cifsInodeInfo *cifsInode, __u64 end_of_file)
+bool is_size_safe_to_change(struct cifsInodeInfo *cifsInode, __u64 end_of_file,
+ bool from_readdir)
{
if (!cifsInode)
return true;
- if (is_inode_writable(cifsInode)) {
+ if (is_inode_writable(cifsInode) ||
+ ((cifsInode->oplock & CIFS_CACHE_RW_FLG) != 0 && from_readdir)) {
/* This inode is open for write at least once */
struct cifs_sb_info *cifs_sb;
diff --git a/fs/smb/client/inode.c b/fs/smb/client/inode.c
index 471abc99bbf02..cb9e719e67ae2 100644
--- a/fs/smb/client/inode.c
+++ b/fs/smb/client/inode.c
@@ -147,7 +147,8 @@ cifs_nlink_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
/* populate an inode with info from a cifs_fattr struct */
int
-cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
+cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr,
+ bool from_readdir)
{
struct cifsInodeInfo *cifs_i = CIFS_I(inode);
struct cifs_sb_info *cifs_sb = CIFS_SB(inode->i_sb);
@@ -199,7 +200,7 @@ cifs_fattr_to_inode(struct inode *inode, struct cifs_fattr *fattr)
* Can't safely change the file size here if the client is writing to
* it due to potential races.
*/
- if (is_size_safe_to_change(cifs_i, fattr->cf_eof)) {
+ if (is_size_safe_to_change(cifs_i, fattr->cf_eof, from_readdir)) {
i_size_write(inode, fattr->cf_eof);
/*
@@ -368,7 +369,7 @@ static int update_inode_info(struct super_block *sb,
CIFS_I(*inode)->time = 0; /* force reval */
return -ESTALE;
}
- return cifs_fattr_to_inode(*inode, fattr);
+ return cifs_fattr_to_inode(*inode, fattr, false);
}
#ifdef CONFIG_CIFS_ALLOW_INSECURE_LEGACY
@@ -403,7 +404,7 @@ cifs_get_file_info_unix(struct file *filp)
} else
goto cifs_gfiunix_out;
- rc = cifs_fattr_to_inode(inode, &fattr);
+ rc = cifs_fattr_to_inode(inode, &fattr, false);
cifs_gfiunix_out:
free_xid(xid);
@@ -928,7 +929,7 @@ cifs_get_file_info(struct file *filp)
fattr.cf_uniqueid = CIFS_I(inode)->uniqueid;
fattr.cf_flags |= CIFS_FATTR_NEED_REVAL;
/* if filetype is different, return error */
- rc = cifs_fattr_to_inode(inode, &fattr);
+ rc = cifs_fattr_to_inode(inode, &fattr, false);
cgfi_exit:
cifs_free_open_info(&data);
free_xid(xid);
@@ -1467,7 +1468,7 @@ cifs_iget(struct super_block *sb, struct cifs_fattr *fattr)
}
/* can't fail - see cifs_find_inode() */
- cifs_fattr_to_inode(inode, fattr);
+ cifs_fattr_to_inode(inode, fattr, false);
if (sb->s_flags & SB_NOATIME)
inode->i_flags |= S_NOATIME | S_NOCMTIME;
if (inode->i_state & I_NEW) {
diff --git a/fs/smb/client/readdir.c b/fs/smb/client/readdir.c
index 520c490e844b5..56033e4e4bae9 100644
--- a/fs/smb/client/readdir.c
+++ b/fs/smb/client/readdir.c
@@ -148,7 +148,7 @@ cifs_prime_dcache(struct dentry *parent, struct qstr *name,
rc = -ESTALE;
}
}
- if (!rc && !cifs_fattr_to_inode(inode, fattr)) {
+ if (!rc && !cifs_fattr_to_inode(inode, fattr, true)) {
dput(dentry);
return;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 125/396] cifs: allow changing password during remount
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 124/396] cifs: prevent updating file size from server if we have a read/write lease Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 126/396] thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Greg Kroah-Hartman
` (282 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve French <stfrench@microsoft.com>
[ Upstream commit c1eb537bf4560b3ad4df606c266c665624f3b502 ]
There are cases where a session is disconnected and password has changed
on the server (or expired) for this user and this currently can not
be fixed without unmount and mounting again. This patch allows
remount to change the password (for the non Kerberos case, Kerberos
ticket refresh is handled differently) when the session is disconnected
and the user can not reconnect due to still using old password.
Future patches should also allow us to setup the keyring (cifscreds)
to have an "alternate password" so we would be able to change
the password before the session drops (without the risk of races
between when the password changes and the disconnect occurs -
ie cases where the old password is still needed because the new
password has not fully rolled out to all servers yet).
Cc: stable@vger.kernel.org
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifs_debug.c | 2 ++
fs/smb/client/cifsglob.h | 1 +
fs/smb/client/fs_context.c | 27 ++++++++++++++++++++++-----
fs/smb/client/smb2pdu.c | 5 +++++
4 files changed, 30 insertions(+), 5 deletions(-)
diff --git a/fs/smb/client/cifs_debug.c b/fs/smb/client/cifs_debug.c
index 3230ed7eaddec..7206167f4184a 100644
--- a/fs/smb/client/cifs_debug.c
+++ b/fs/smb/client/cifs_debug.c
@@ -486,6 +486,8 @@ static int cifs_debug_data_proc_show(struct seq_file *m, void *v)
ses->ses_count, ses->serverOS, ses->serverNOS,
ses->capabilities, ses->ses_status);
}
+ if (ses->expired_pwd)
+ seq_puts(m, "password no longer valid ");
spin_unlock(&ses->ses_lock);
seq_printf(m, "\n\tSecurity type: %s ",
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index 57bf6b406c590..91a4061233f1a 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -1052,6 +1052,7 @@ struct cifs_ses {
enum securityEnum sectype; /* what security flavor was specified? */
bool sign; /* is signing required? */
bool domainAuto:1;
+ bool expired_pwd; /* track if access denied or expired pwd so can know if need to update */
unsigned int flags;
__u16 session_flags;
__u8 smb3signingkey[SMB3_SIGN_KEY_SIZE];
diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c
index 6ecbf48d0f0c6..e4a6b240d2263 100644
--- a/fs/smb/client/fs_context.c
+++ b/fs/smb/client/fs_context.c
@@ -771,7 +771,7 @@ static void smb3_fs_context_free(struct fs_context *fc)
*/
static int smb3_verify_reconfigure_ctx(struct fs_context *fc,
struct smb3_fs_context *new_ctx,
- struct smb3_fs_context *old_ctx)
+ struct smb3_fs_context *old_ctx, bool need_recon)
{
if (new_ctx->posix_paths != old_ctx->posix_paths) {
cifs_errorf(fc, "can not change posixpaths during remount\n");
@@ -797,8 +797,15 @@ static int smb3_verify_reconfigure_ctx(struct fs_context *fc,
}
if (new_ctx->password &&
(!old_ctx->password || strcmp(new_ctx->password, old_ctx->password))) {
- cifs_errorf(fc, "can not change password during remount\n");
- return -EINVAL;
+ if (need_recon == false) {
+ cifs_errorf(fc,
+ "can not change password of active session during remount\n");
+ return -EINVAL;
+ } else if (old_ctx->sectype == Kerberos) {
+ cifs_errorf(fc,
+ "can not change password for Kerberos via remount\n");
+ return -EINVAL;
+ }
}
if (new_ctx->domainname &&
(!old_ctx->domainname || strcmp(new_ctx->domainname, old_ctx->domainname))) {
@@ -842,9 +849,14 @@ static int smb3_reconfigure(struct fs_context *fc)
struct smb3_fs_context *ctx = smb3_fc2context(fc);
struct dentry *root = fc->root;
struct cifs_sb_info *cifs_sb = CIFS_SB(root->d_sb);
+ struct cifs_ses *ses = cifs_sb_master_tcon(cifs_sb)->ses;
+ bool need_recon = false;
int rc;
- rc = smb3_verify_reconfigure_ctx(fc, ctx, cifs_sb->ctx);
+ if (ses->expired_pwd)
+ need_recon = true;
+
+ rc = smb3_verify_reconfigure_ctx(fc, ctx, cifs_sb->ctx, need_recon);
if (rc)
return rc;
@@ -857,7 +869,12 @@ static int smb3_reconfigure(struct fs_context *fc)
STEAL_STRING(cifs_sb, ctx, UNC);
STEAL_STRING(cifs_sb, ctx, source);
STEAL_STRING(cifs_sb, ctx, username);
- STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
+ if (need_recon == false)
+ STEAL_STRING_SENSITIVE(cifs_sb, ctx, password);
+ else {
+ kfree_sensitive(ses->password);
+ ses->password = kstrdup(ctx->password, GFP_KERNEL);
+ }
STEAL_STRING(cifs_sb, ctx, domainname);
STEAL_STRING(cifs_sb, ctx, nodename);
STEAL_STRING(cifs_sb, ctx, iocharset);
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index 9d34a55fdb5e4..fca55702b51ad 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -1536,6 +1536,11 @@ SMB2_sess_sendreceive(struct SMB2_sess_data *sess_data)
&sess_data->buf0_type,
CIFS_LOG_ERROR | CIFS_SESS_OP, &rsp_iov);
cifs_small_buf_release(sess_data->iov[0].iov_base);
+ if (rc == 0)
+ sess_data->ses->expired_pwd = false;
+ else if ((rc == -EACCES) || (rc == -EKEYEXPIRED) || (rc == -EKEYREVOKED))
+ sess_data->ses->expired_pwd = true;
+
memcpy(&sess_data->iov[0], &rsp_iov, sizeof(struct kvec));
return rc;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 126/396] thermal/drivers/mediatek: Fix control buffer enablement on MT7896
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 125/396] cifs: allow changing password during remount Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 127/396] vfio/pci: Disable auto-enable of exclusive INTx IRQ Greg Kroah-Hartman
` (281 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Frank Wunderlich,
Markus Schneider-Pargmann, Daniel Golle,
AngeloGioacchino Del Regno, Daniel Lezcano, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Frank Wunderlich <frank-w@public-files.de>
[ Upstream commit 371ed6263e2403068b359f0c07188548c2d70827 ]
Reading thermal sensor on mt7986 devices returns invalid temperature:
bpi-r3 ~ # cat /sys/class/thermal/thermal_zone0/temp
-274000
Fix this by adding missing members in mtk_thermal_data struct which were
used in mtk_thermal_turn_on_buffer after commit 33140e668b10.
Cc: stable@vger.kernel.org
Fixes: 33140e668b10 ("thermal/drivers/mediatek: Control buffer enablement tweaks")
Signed-off-by: Frank Wunderlich <frank-w@public-files.de>
Reviewed-by: Markus Schneider-Pargmann <msp@baylibre.com>
Reviewed-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Daniel Golle <daniel@makrotopia.org>
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20230907112018.52811-1-linux@fw-web.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/thermal/mediatek/auxadc_thermal.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/thermal/mediatek/auxadc_thermal.c b/drivers/thermal/mediatek/auxadc_thermal.c
index 8b0edb2048443..9ee2e7283435a 100644
--- a/drivers/thermal/mediatek/auxadc_thermal.c
+++ b/drivers/thermal/mediatek/auxadc_thermal.c
@@ -690,6 +690,9 @@ static const struct mtk_thermal_data mt7986_thermal_data = {
.adcpnp = mt7986_adcpnp,
.sensor_mux_values = mt7986_mux_values,
.version = MTK_THERMAL_V3,
+ .apmixed_buffer_ctl_reg = APMIXED_SYS_TS_CON1,
+ .apmixed_buffer_ctl_mask = GENMASK(31, 6) | BIT(3),
+ .apmixed_buffer_ctl_set = BIT(0),
};
static bool mtk_thermal_temp_is_valid(int temp)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 127/396] vfio/pci: Disable auto-enable of exclusive INTx IRQ
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 126/396] thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 128/396] vfio/pci: Lock external INTx masking ops Greg Kroah-Hartman
` (280 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Tian, Eric Auger,
Alex Williamson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
[ Upstream commit fe9a7082684eb059b925c535682e68c34d487d43 ]
Currently for devices requiring masking at the irqchip for INTx, ie.
devices without DisINTx support, the IRQ is enabled in request_irq()
and subsequently disabled as necessary to align with the masked status
flag. This presents a window where the interrupt could fire between
these events, resulting in the IRQ incrementing the disable depth twice.
This would be unrecoverable for a user since the masked flag prevents
nested enables through vfio.
Instead, invert the logic using IRQF_NO_AUTOEN such that exclusive INTx
is never auto-enabled, then unmask as required.
Cc: <stable@vger.kernel.org>
Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-2-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/vfio_pci_intrs.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
index cbb4bcbfbf83d..3dbeeb5bfadce 100644
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -296,8 +296,15 @@ static int vfio_intx_set_signal(struct vfio_pci_core_device *vdev, int fd)
ctx->trigger = trigger;
+ /*
+ * Devices without DisINTx support require an exclusive interrupt,
+ * IRQ masking is performed at the IRQ chip. The masked status is
+ * protected by vdev->irqlock. Setup the IRQ without auto-enable and
+ * unmask as necessary below under lock. DisINTx is unmodified by
+ * the IRQ configuration and may therefore use auto-enable.
+ */
if (!vdev->pci_2_3)
- irqflags = 0;
+ irqflags = IRQF_NO_AUTOEN;
ret = request_irq(pdev->irq, vfio_intx_handler,
irqflags, ctx->name, vdev);
@@ -308,13 +315,9 @@ static int vfio_intx_set_signal(struct vfio_pci_core_device *vdev, int fd)
return ret;
}
- /*
- * INTx disable will stick across the new irq setup,
- * disable_irq won't.
- */
spin_lock_irqsave(&vdev->irqlock, flags);
- if (!vdev->pci_2_3 && ctx->masked)
- disable_irq_nosync(pdev->irq);
+ if (!vdev->pci_2_3 && !ctx->masked)
+ enable_irq(pdev->irq);
spin_unlock_irqrestore(&vdev->irqlock, flags);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 128/396] vfio/pci: Lock external INTx masking ops
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 127/396] vfio/pci: Disable auto-enable of exclusive INTx IRQ Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 129/396] vfio/platform: Disable virqfds on cleanup Greg Kroah-Hartman
` (279 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Kevin Tian,
Eric Auger, Alex Williamson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
[ Upstream commit 810cd4bb53456d0503cc4e7934e063835152c1b7 ]
Mask operations through config space changes to DisINTx may race INTx
configuration changes via ioctl. Create wrappers that add locking for
paths outside of the core interrupt code.
In particular, irq_type is updated holding igate, therefore testing
is_intx() requires holding igate. For example clearing DisINTx from
config space can otherwise race changes of the interrupt configuration.
This aligns interfaces which may trigger the INTx eventfd into two
camps, one side serialized by igate and the other only enabled while
INTx is configured. A subsequent patch introduces synchronization for
the latter flows.
Cc: <stable@vger.kernel.org>
Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-3-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/vfio_pci_intrs.c | 34 +++++++++++++++++++++++++------
1 file changed, 28 insertions(+), 6 deletions(-)
diff --git a/drivers/vfio/pci/vfio_pci_intrs.c b/drivers/vfio/pci/vfio_pci_intrs.c
index 3dbeeb5bfadce..6fccbeb4b94f5 100644
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -99,13 +99,15 @@ static void vfio_send_intx_eventfd(void *opaque, void *unused)
}
/* Returns true if the INTx vfio_pci_irq_ctx.masked value is changed. */
-bool vfio_pci_intx_mask(struct vfio_pci_core_device *vdev)
+static bool __vfio_pci_intx_mask(struct vfio_pci_core_device *vdev)
{
struct pci_dev *pdev = vdev->pdev;
struct vfio_pci_irq_ctx *ctx;
unsigned long flags;
bool masked_changed = false;
+ lockdep_assert_held(&vdev->igate);
+
spin_lock_irqsave(&vdev->irqlock, flags);
/*
@@ -143,6 +145,17 @@ bool vfio_pci_intx_mask(struct vfio_pci_core_device *vdev)
return masked_changed;
}
+bool vfio_pci_intx_mask(struct vfio_pci_core_device *vdev)
+{
+ bool mask_changed;
+
+ mutex_lock(&vdev->igate);
+ mask_changed = __vfio_pci_intx_mask(vdev);
+ mutex_unlock(&vdev->igate);
+
+ return mask_changed;
+}
+
/*
* If this is triggered by an eventfd, we can't call eventfd_signal
* or else we'll deadlock on the eventfd wait queue. Return >0 when
@@ -194,12 +207,21 @@ static int vfio_pci_intx_unmask_handler(void *opaque, void *unused)
return ret;
}
-void vfio_pci_intx_unmask(struct vfio_pci_core_device *vdev)
+static void __vfio_pci_intx_unmask(struct vfio_pci_core_device *vdev)
{
+ lockdep_assert_held(&vdev->igate);
+
if (vfio_pci_intx_unmask_handler(vdev, NULL) > 0)
vfio_send_intx_eventfd(vdev, NULL);
}
+void vfio_pci_intx_unmask(struct vfio_pci_core_device *vdev)
+{
+ mutex_lock(&vdev->igate);
+ __vfio_pci_intx_unmask(vdev);
+ mutex_unlock(&vdev->igate);
+}
+
static irqreturn_t vfio_intx_handler(int irq, void *dev_id)
{
struct vfio_pci_core_device *vdev = dev_id;
@@ -563,11 +585,11 @@ static int vfio_pci_set_intx_unmask(struct vfio_pci_core_device *vdev,
return -EINVAL;
if (flags & VFIO_IRQ_SET_DATA_NONE) {
- vfio_pci_intx_unmask(vdev);
+ __vfio_pci_intx_unmask(vdev);
} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
uint8_t unmask = *(uint8_t *)data;
if (unmask)
- vfio_pci_intx_unmask(vdev);
+ __vfio_pci_intx_unmask(vdev);
} else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
struct vfio_pci_irq_ctx *ctx = vfio_irq_ctx_get(vdev, 0);
int32_t fd = *(int32_t *)data;
@@ -594,11 +616,11 @@ static int vfio_pci_set_intx_mask(struct vfio_pci_core_device *vdev,
return -EINVAL;
if (flags & VFIO_IRQ_SET_DATA_NONE) {
- vfio_pci_intx_mask(vdev);
+ __vfio_pci_intx_mask(vdev);
} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
uint8_t mask = *(uint8_t *)data;
if (mask)
- vfio_pci_intx_mask(vdev);
+ __vfio_pci_intx_mask(vdev);
} else if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
return -ENOTTY; /* XXX implement me */
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 129/396] vfio/platform: Disable virqfds on cleanup
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 128/396] vfio/pci: Lock external INTx masking ops Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 130/396] tpm,tpm_tis: Avoid warning splat at shutdown Greg Kroah-Hartman
` (278 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Auger, Kevin Tian,
Alex Williamson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
[ Upstream commit fcdc0d3d40bc26c105acf8467f7d9018970944ae ]
irqfds for mask and unmask that are not specifically disabled by the
user are leaked. Remove any irqfds during cleanup
Cc: Eric Auger <eric.auger@redhat.com>
Cc: <stable@vger.kernel.org>
Fixes: a7fa7c77cf15 ("vfio/platform: implement IRQ masking/unmasking via an eventfd")
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-6-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/platform/vfio_platform_irq.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/vfio/platform/vfio_platform_irq.c b/drivers/vfio/platform/vfio_platform_irq.c
index 665197caed89e..d36c4cd0fbda3 100644
--- a/drivers/vfio/platform/vfio_platform_irq.c
+++ b/drivers/vfio/platform/vfio_platform_irq.c
@@ -321,8 +321,11 @@ void vfio_platform_irq_cleanup(struct vfio_platform_device *vdev)
{
int i;
- for (i = 0; i < vdev->num_irqs; i++)
+ for (i = 0; i < vdev->num_irqs; i++) {
+ vfio_virqfd_disable(&vdev->irqs[i].mask);
+ vfio_virqfd_disable(&vdev->irqs[i].unmask);
vfio_set_trigger(vdev, i, -1, NULL);
+ }
vdev->num_irqs = 0;
kfree(vdev->irqs);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 130/396] tpm,tpm_tis: Avoid warning splat at shutdown
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 129/396] vfio/platform: Disable virqfds on cleanup Greg Kroah-Hartman
@ 2024-04-01 15:42 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 131/396] server: convert to new timestamp accessors Greg Kroah-Hartman
` (277 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:42 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jarkko Sakkinen, Lino Sanfilippo,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lino Sanfilippo <l.sanfilippo@kunbus.com>
[ Upstream commit b7ab4bbd0188f3985b821fa09456b11105a8dedf ]
If interrupts are not activated the work struct 'free_irq_work' is not
initialized. This results in a warning splat at module shutdown.
Fix this by always initializing the work regardless of whether interrupts
are activated or not.
cc: stable@vger.kernel.org
Fixes: 481c2d14627d ("tpm,tpm_tis: Disable interrupts after 1000 unhandled IRQs")
Reported-by: Jarkko Sakkinen <jarkko@kernel.org>
Closes: https://lore.kernel.org/all/CX32RFOMJUQ0.3R4YCL9MDCB96@kernel.org/
Signed-off-by: Lino Sanfilippo <l.sanfilippo@kunbus.com>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/char/tpm/tpm_tis_core.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 1b350412d8a6b..64c875657687d 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -919,8 +919,6 @@ static int tpm_tis_probe_irq_single(struct tpm_chip *chip, u32 intmask,
int rc;
u32 int_status;
- INIT_WORK(&priv->free_irq_work, tpm_tis_free_irq_func);
-
rc = devm_request_threaded_irq(chip->dev.parent, irq, NULL,
tis_int_handler, IRQF_ONESHOT | flags,
dev_name(&chip->dev), chip);
@@ -1132,6 +1130,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
priv->phy_ops = phy_ops;
priv->locality_count = 0;
mutex_init(&priv->locality_count_mutex);
+ INIT_WORK(&priv->free_irq_work, tpm_tis_free_irq_func);
dev_set_drvdata(&chip->dev, priv);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 131/396] server: convert to new timestamp accessors
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2024-04-01 15:42 ` [PATCH 6.6 130/396] tpm,tpm_tis: Avoid warning splat at shutdown Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 132/396] ksmbd: replace generic_fillattr with vfs_getattr Greg Kroah-Hartman
` (276 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jeff Layton, Christian Brauner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@kernel.org>
[ Upstream commit 769cfc919e35c70a5110b0843fb330746363acb8 ]
Convert to using the new inode timestamp accessor functions.
Signed-off-by: Jeff Layton <jlayton@kernel.org>
Link: https://lore.kernel.org/r/20231004185347.80880-67-jlayton@kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Stable-dep-of: 5614c8c487f6 ("ksmbd: replace generic_fillattr with vfs_getattr")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/server/smb2pdu.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index e8c03445271d0..0c97d3c860726 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -4857,9 +4857,9 @@ static void find_file_posix_info(struct smb2_query_info_rsp *rsp,
file_info = (struct smb311_posix_qinfo *)rsp->Buffer;
file_info->CreationTime = cpu_to_le64(fp->create_time);
- time = ksmbd_UnixTimeToNT(inode->i_atime);
+ time = ksmbd_UnixTimeToNT(inode_get_atime(inode));
file_info->LastAccessTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode->i_mtime);
+ time = ksmbd_UnixTimeToNT(inode_get_mtime(inode));
file_info->LastWriteTime = cpu_to_le64(time);
time = ksmbd_UnixTimeToNT(inode_get_ctime(inode));
file_info->ChangeTime = cpu_to_le64(time);
@@ -5466,9 +5466,9 @@ int smb2_close(struct ksmbd_work *work)
rsp->EndOfFile = cpu_to_le64(inode->i_size);
rsp->Attributes = fp->f_ci->m_fattr;
rsp->CreationTime = cpu_to_le64(fp->create_time);
- time = ksmbd_UnixTimeToNT(inode->i_atime);
+ time = ksmbd_UnixTimeToNT(inode_get_atime(inode));
rsp->LastAccessTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode->i_mtime);
+ time = ksmbd_UnixTimeToNT(inode_get_mtime(inode));
rsp->LastWriteTime = cpu_to_le64(time);
time = ksmbd_UnixTimeToNT(inode_get_ctime(inode));
rsp->ChangeTime = cpu_to_le64(time);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 132/396] ksmbd: replace generic_fillattr with vfs_getattr
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 131/396] server: convert to new timestamp accessors Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 133/396] ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Greg Kroah-Hartman
` (275 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marios Makassikis, Namjae Jeon,
Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marios Makassikis <mmakassikis@freebox.fr>
[ Upstream commit 5614c8c487f6af627614dd2efca038e4afe0c6d7 ]
generic_fillattr should not be used outside of ->getattr
implementations.
Use vfs_getattr instead, and adapt functions to return an
error code to the caller.
Cc: stable@vger.kernel.org
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/server/smb2pdu.c | 170 ++++++++++++++++++++++++-------------
fs/smb/server/smb_common.c | 11 ++-
fs/smb/server/vfs.c | 12 ++-
3 files changed, 127 insertions(+), 66 deletions(-)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index 0c97d3c860726..f6cc5d2730ffb 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -3828,11 +3828,16 @@ static int process_query_dir_entries(struct smb2_query_dir_private *priv)
}
ksmbd_kstat.kstat = &kstat;
- if (priv->info_level != FILE_NAMES_INFORMATION)
- ksmbd_vfs_fill_dentry_attrs(priv->work,
- idmap,
- dent,
- &ksmbd_kstat);
+ if (priv->info_level != FILE_NAMES_INFORMATION) {
+ rc = ksmbd_vfs_fill_dentry_attrs(priv->work,
+ idmap,
+ dent,
+ &ksmbd_kstat);
+ if (rc) {
+ dput(dent);
+ continue;
+ }
+ }
rc = smb2_populate_readdir_entry(priv->work->conn,
priv->info_level,
@@ -4480,6 +4485,7 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
struct smb2_file_basic_info *basic_info;
struct kstat stat;
u64 time;
+ int ret;
if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
pr_err("no right to read the attributes : 0x%x\n",
@@ -4487,9 +4493,12 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
return -EACCES;
}
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
+
basic_info = (struct smb2_file_basic_info *)rsp->Buffer;
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS,
- file_inode(fp->filp), &stat);
basic_info->CreationTime = cpu_to_le64(fp->create_time);
time = ksmbd_UnixTimeToNT(stat.atime);
basic_info->LastAccessTime = cpu_to_le64(time);
@@ -4504,27 +4513,31 @@ static int get_file_basic_info(struct smb2_query_info_rsp *rsp,
return 0;
}
-static void get_file_standard_info(struct smb2_query_info_rsp *rsp,
- struct ksmbd_file *fp, void *rsp_org)
+static int get_file_standard_info(struct smb2_query_info_rsp *rsp,
+ struct ksmbd_file *fp, void *rsp_org)
{
struct smb2_file_standard_info *sinfo;
unsigned int delete_pending;
- struct inode *inode;
struct kstat stat;
+ int ret;
- inode = file_inode(fp->filp);
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS, inode, &stat);
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
sinfo = (struct smb2_file_standard_info *)rsp->Buffer;
delete_pending = ksmbd_inode_pending_delete(fp);
- sinfo->AllocationSize = cpu_to_le64(inode->i_blocks << 9);
+ sinfo->AllocationSize = cpu_to_le64(stat.blocks << 9);
sinfo->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
sinfo->NumberOfLinks = cpu_to_le32(get_nlink(&stat) - delete_pending);
sinfo->DeletePending = delete_pending;
sinfo->Directory = S_ISDIR(stat.mode) ? 1 : 0;
rsp->OutputBufferLength =
cpu_to_le32(sizeof(struct smb2_file_standard_info));
+
+ return 0;
}
static void get_file_alignment_info(struct smb2_query_info_rsp *rsp,
@@ -4546,11 +4559,11 @@ static int get_file_all_info(struct ksmbd_work *work,
struct ksmbd_conn *conn = work->conn;
struct smb2_file_all_info *file_info;
unsigned int delete_pending;
- struct inode *inode;
struct kstat stat;
int conv_len;
char *filename;
u64 time;
+ int ret;
if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
ksmbd_debug(SMB, "no right to read the attributes : 0x%x\n",
@@ -4562,8 +4575,10 @@ static int get_file_all_info(struct ksmbd_work *work,
if (IS_ERR(filename))
return PTR_ERR(filename);
- inode = file_inode(fp->filp);
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS, inode, &stat);
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
ksmbd_debug(SMB, "filename = %s\n", filename);
delete_pending = ksmbd_inode_pending_delete(fp);
@@ -4579,7 +4594,7 @@ static int get_file_all_info(struct ksmbd_work *work,
file_info->Attributes = fp->f_ci->m_fattr;
file_info->Pad1 = 0;
file_info->AllocationSize =
- cpu_to_le64(inode->i_blocks << 9);
+ cpu_to_le64(stat.blocks << 9);
file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
file_info->NumberOfLinks =
cpu_to_le32(get_nlink(&stat) - delete_pending);
@@ -4623,10 +4638,10 @@ static void get_file_alternate_info(struct ksmbd_work *work,
cpu_to_le32(sizeof(struct smb2_file_alt_name_info) + conv_len);
}
-static void get_file_stream_info(struct ksmbd_work *work,
- struct smb2_query_info_rsp *rsp,
- struct ksmbd_file *fp,
- void *rsp_org)
+static int get_file_stream_info(struct ksmbd_work *work,
+ struct smb2_query_info_rsp *rsp,
+ struct ksmbd_file *fp,
+ void *rsp_org)
{
struct ksmbd_conn *conn = work->conn;
struct smb2_file_stream_info *file_info;
@@ -4637,9 +4652,13 @@ static void get_file_stream_info(struct ksmbd_work *work,
int nbytes = 0, streamlen, stream_name_len, next, idx = 0;
int buf_free_len;
struct smb2_query_info_req *req = ksmbd_req_buf_next(work);
+ int ret;
+
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS,
- file_inode(fp->filp), &stat);
file_info = (struct smb2_file_stream_info *)rsp->Buffer;
buf_free_len =
@@ -4720,29 +4739,37 @@ static void get_file_stream_info(struct ksmbd_work *work,
kvfree(xattr_list);
rsp->OutputBufferLength = cpu_to_le32(nbytes);
+
+ return 0;
}
-static void get_file_internal_info(struct smb2_query_info_rsp *rsp,
- struct ksmbd_file *fp, void *rsp_org)
+static int get_file_internal_info(struct smb2_query_info_rsp *rsp,
+ struct ksmbd_file *fp, void *rsp_org)
{
struct smb2_file_internal_info *file_info;
struct kstat stat;
+ int ret;
+
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS,
- file_inode(fp->filp), &stat);
file_info = (struct smb2_file_internal_info *)rsp->Buffer;
file_info->IndexNumber = cpu_to_le64(stat.ino);
rsp->OutputBufferLength =
cpu_to_le32(sizeof(struct smb2_file_internal_info));
+
+ return 0;
}
static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,
struct ksmbd_file *fp, void *rsp_org)
{
struct smb2_file_ntwrk_info *file_info;
- struct inode *inode;
struct kstat stat;
u64 time;
+ int ret;
if (!(fp->daccess & FILE_READ_ATTRIBUTES_LE)) {
pr_err("no right to read the attributes : 0x%x\n",
@@ -4750,10 +4777,12 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,
return -EACCES;
}
- file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
- inode = file_inode(fp->filp);
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS, inode, &stat);
+ file_info = (struct smb2_file_ntwrk_info *)rsp->Buffer;
file_info->CreationTime = cpu_to_le64(fp->create_time);
time = ksmbd_UnixTimeToNT(stat.atime);
@@ -4763,8 +4792,7 @@ static int get_file_network_open_info(struct smb2_query_info_rsp *rsp,
time = ksmbd_UnixTimeToNT(stat.ctime);
file_info->ChangeTime = cpu_to_le64(time);
file_info->Attributes = fp->f_ci->m_fattr;
- file_info->AllocationSize =
- cpu_to_le64(inode->i_blocks << 9);
+ file_info->AllocationSize = cpu_to_le64(stat.blocks << 9);
file_info->EndOfFile = S_ISDIR(stat.mode) ? 0 : cpu_to_le64(stat.size);
file_info->Reserved = cpu_to_le32(0);
rsp->OutputBufferLength =
@@ -4804,14 +4832,17 @@ static void get_file_mode_info(struct smb2_query_info_rsp *rsp,
cpu_to_le32(sizeof(struct smb2_file_mode_info));
}
-static void get_file_compression_info(struct smb2_query_info_rsp *rsp,
- struct ksmbd_file *fp, void *rsp_org)
+static int get_file_compression_info(struct smb2_query_info_rsp *rsp,
+ struct ksmbd_file *fp, void *rsp_org)
{
struct smb2_file_comp_info *file_info;
struct kstat stat;
+ int ret;
- generic_fillattr(file_mnt_idmap(fp->filp), STATX_BASIC_STATS,
- file_inode(fp->filp), &stat);
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
file_info = (struct smb2_file_comp_info *)rsp->Buffer;
file_info->CompressedFileSize = cpu_to_le64(stat.blocks << 9);
@@ -4823,6 +4854,8 @@ static void get_file_compression_info(struct smb2_query_info_rsp *rsp,
rsp->OutputBufferLength =
cpu_to_le32(sizeof(struct smb2_file_comp_info));
+
+ return 0;
}
static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp,
@@ -4844,7 +4877,7 @@ static int get_file_attribute_tag_info(struct smb2_query_info_rsp *rsp,
return 0;
}
-static void find_file_posix_info(struct smb2_query_info_rsp *rsp,
+static int find_file_posix_info(struct smb2_query_info_rsp *rsp,
struct ksmbd_file *fp, void *rsp_org)
{
struct smb311_posix_qinfo *file_info;
@@ -4852,24 +4885,31 @@ static void find_file_posix_info(struct smb2_query_info_rsp *rsp,
struct mnt_idmap *idmap = file_mnt_idmap(fp->filp);
vfsuid_t vfsuid = i_uid_into_vfsuid(idmap, inode);
vfsgid_t vfsgid = i_gid_into_vfsgid(idmap, inode);
+ struct kstat stat;
u64 time;
int out_buf_len = sizeof(struct smb311_posix_qinfo) + 32;
+ int ret;
+
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret)
+ return ret;
file_info = (struct smb311_posix_qinfo *)rsp->Buffer;
file_info->CreationTime = cpu_to_le64(fp->create_time);
- time = ksmbd_UnixTimeToNT(inode_get_atime(inode));
+ time = ksmbd_UnixTimeToNT(stat.atime);
file_info->LastAccessTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode_get_mtime(inode));
+ time = ksmbd_UnixTimeToNT(stat.mtime);
file_info->LastWriteTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode_get_ctime(inode));
+ time = ksmbd_UnixTimeToNT(stat.ctime);
file_info->ChangeTime = cpu_to_le64(time);
file_info->DosAttributes = fp->f_ci->m_fattr;
- file_info->Inode = cpu_to_le64(inode->i_ino);
- file_info->EndOfFile = cpu_to_le64(inode->i_size);
- file_info->AllocationSize = cpu_to_le64(inode->i_blocks << 9);
- file_info->HardLinks = cpu_to_le32(inode->i_nlink);
- file_info->Mode = cpu_to_le32(inode->i_mode & 0777);
- file_info->DeviceId = cpu_to_le32(inode->i_rdev);
+ file_info->Inode = cpu_to_le64(stat.ino);
+ file_info->EndOfFile = cpu_to_le64(stat.size);
+ file_info->AllocationSize = cpu_to_le64(stat.blocks << 9);
+ file_info->HardLinks = cpu_to_le32(stat.nlink);
+ file_info->Mode = cpu_to_le32(stat.mode & 0777);
+ file_info->DeviceId = cpu_to_le32(stat.rdev);
/*
* Sids(32) contain two sids(Domain sid(16), UNIX group sid(16)).
@@ -4882,6 +4922,8 @@ static void find_file_posix_info(struct smb2_query_info_rsp *rsp,
SIDUNIX_GROUP, (struct smb_sid *)&file_info->Sids[16]);
rsp->OutputBufferLength = cpu_to_le32(out_buf_len);
+
+ return 0;
}
static int smb2_get_info_file(struct ksmbd_work *work,
@@ -4930,7 +4972,7 @@ static int smb2_get_info_file(struct ksmbd_work *work,
break;
case FILE_STANDARD_INFORMATION:
- get_file_standard_info(rsp, fp, work->response_buf);
+ rc = get_file_standard_info(rsp, fp, work->response_buf);
break;
case FILE_ALIGNMENT_INFORMATION:
@@ -4946,11 +4988,11 @@ static int smb2_get_info_file(struct ksmbd_work *work,
break;
case FILE_STREAM_INFORMATION:
- get_file_stream_info(work, rsp, fp, work->response_buf);
+ rc = get_file_stream_info(work, rsp, fp, work->response_buf);
break;
case FILE_INTERNAL_INFORMATION:
- get_file_internal_info(rsp, fp, work->response_buf);
+ rc = get_file_internal_info(rsp, fp, work->response_buf);
break;
case FILE_NETWORK_OPEN_INFORMATION:
@@ -4974,7 +5016,7 @@ static int smb2_get_info_file(struct ksmbd_work *work,
break;
case FILE_COMPRESSION_INFORMATION:
- get_file_compression_info(rsp, fp, work->response_buf);
+ rc = get_file_compression_info(rsp, fp, work->response_buf);
break;
case FILE_ATTRIBUTE_TAG_INFORMATION:
@@ -4985,7 +5027,7 @@ static int smb2_get_info_file(struct ksmbd_work *work,
pr_err("client doesn't negotiate with SMB3.1.1 POSIX Extensions\n");
rc = -EOPNOTSUPP;
} else {
- find_file_posix_info(rsp, fp, work->response_buf);
+ rc = find_file_posix_info(rsp, fp, work->response_buf);
}
break;
default:
@@ -5398,7 +5440,6 @@ int smb2_close(struct ksmbd_work *work)
struct smb2_close_rsp *rsp;
struct ksmbd_conn *conn = work->conn;
struct ksmbd_file *fp;
- struct inode *inode;
u64 time;
int err = 0;
@@ -5453,24 +5494,33 @@ int smb2_close(struct ksmbd_work *work)
rsp->Reserved = 0;
if (req->Flags == SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB) {
+ struct kstat stat;
+ int ret;
+
fp = ksmbd_lookup_fd_fast(work, volatile_id);
if (!fp) {
err = -ENOENT;
goto out;
}
- inode = file_inode(fp->filp);
+ ret = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (ret) {
+ ksmbd_fd_put(work, fp);
+ goto out;
+ }
+
rsp->Flags = SMB2_CLOSE_FLAG_POSTQUERY_ATTRIB;
- rsp->AllocationSize = S_ISDIR(inode->i_mode) ? 0 :
- cpu_to_le64(inode->i_blocks << 9);
- rsp->EndOfFile = cpu_to_le64(inode->i_size);
+ rsp->AllocationSize = S_ISDIR(stat.mode) ? 0 :
+ cpu_to_le64(stat.blocks << 9);
+ rsp->EndOfFile = cpu_to_le64(stat.size);
rsp->Attributes = fp->f_ci->m_fattr;
rsp->CreationTime = cpu_to_le64(fp->create_time);
- time = ksmbd_UnixTimeToNT(inode_get_atime(inode));
+ time = ksmbd_UnixTimeToNT(stat.atime);
rsp->LastAccessTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode_get_mtime(inode));
+ time = ksmbd_UnixTimeToNT(stat.mtime);
rsp->LastWriteTime = cpu_to_le64(time);
- time = ksmbd_UnixTimeToNT(inode_get_ctime(inode));
+ time = ksmbd_UnixTimeToNT(stat.ctime);
rsp->ChangeTime = cpu_to_le64(time);
ksmbd_fd_put(work, fp);
} else {
diff --git a/fs/smb/server/smb_common.c b/fs/smb/server/smb_common.c
index 7c98bf699772f..fcaf373cc0080 100644
--- a/fs/smb/server/smb_common.c
+++ b/fs/smb/server/smb_common.c
@@ -457,10 +457,13 @@ int ksmbd_populate_dot_dotdot_entries(struct ksmbd_work *work, int info_level,
}
ksmbd_kstat.kstat = &kstat;
- ksmbd_vfs_fill_dentry_attrs(work,
- idmap,
- dentry,
- &ksmbd_kstat);
+ rc = ksmbd_vfs_fill_dentry_attrs(work,
+ idmap,
+ dentry,
+ &ksmbd_kstat);
+ if (rc)
+ break;
+
rc = fn(conn, info_level, d_info, &ksmbd_kstat);
if (rc)
break;
diff --git a/fs/smb/server/vfs.c b/fs/smb/server/vfs.c
index 4277750a6da1b..a8936aba7710e 100644
--- a/fs/smb/server/vfs.c
+++ b/fs/smb/server/vfs.c
@@ -1669,11 +1669,19 @@ int ksmbd_vfs_fill_dentry_attrs(struct ksmbd_work *work,
struct dentry *dentry,
struct ksmbd_kstat *ksmbd_kstat)
{
+ struct ksmbd_share_config *share_conf = work->tcon->share_conf;
u64 time;
int rc;
+ struct path path = {
+ .mnt = share_conf->vfs_path.mnt,
+ .dentry = dentry,
+ };
- generic_fillattr(idmap, STATX_BASIC_STATS, d_inode(dentry),
- ksmbd_kstat->kstat);
+ rc = vfs_getattr(&path, ksmbd_kstat->kstat,
+ STATX_BASIC_STATS | STATX_BTIME,
+ AT_STATX_SYNC_AS_STAT);
+ if (rc)
+ return rc;
time = ksmbd_UnixTimeToNT(ksmbd_kstat->kstat->ctime);
ksmbd_kstat->create_time = time;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 133/396] ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 132/396] ksmbd: replace generic_fillattr with vfs_getattr Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 134/396] platform/x86/intel/tpmi: Change vsec offset to u64 Greg Kroah-Hartman
` (274 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marios Makassikis, Namjae Jeon,
Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marios Makassikis <mmakassikis@freebox.fr>
[ Upstream commit 34cd86b6632718b7df3999d96f51e63de41c5e4f ]
Use vfs_getattr() to retrieve stat information, rather than make
assumptions about how a filesystem fills inode structs.
Cc: stable@vger.kernel.org
Signed-off-by: Marios Makassikis <mmakassikis@freebox.fr>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/server/smb2pdu.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/smb/server/smb2pdu.c b/fs/smb/server/smb2pdu.c
index f6cc5d2730ffb..199c31c275e5b 100644
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -5809,15 +5809,21 @@ static int set_file_allocation_info(struct ksmbd_work *work,
loff_t alloc_blks;
struct inode *inode;
+ struct kstat stat;
int rc;
if (!(fp->daccess & FILE_WRITE_DATA_LE))
return -EACCES;
+ rc = vfs_getattr(&fp->filp->f_path, &stat, STATX_BASIC_STATS,
+ AT_STATX_SYNC_AS_STAT);
+ if (rc)
+ return rc;
+
alloc_blks = (le64_to_cpu(file_alloc_info->AllocationSize) + 511) >> 9;
inode = file_inode(fp->filp);
- if (alloc_blks > inode->i_blocks) {
+ if (alloc_blks > stat.blocks) {
smb_break_all_levII_oplock(work, fp, 1);
rc = vfs_fallocate(fp->filp, FALLOC_FL_KEEP_SIZE, 0,
alloc_blks * 512);
@@ -5825,7 +5831,7 @@ static int set_file_allocation_info(struct ksmbd_work *work,
pr_err("vfs_fallocate is failed : %d\n", rc);
return rc;
}
- } else if (alloc_blks < inode->i_blocks) {
+ } else if (alloc_blks < stat.blocks) {
loff_t size;
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 134/396] platform/x86/intel/tpmi: Change vsec offset to u64
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 133/396] ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 135/396] io_uring: clean rings on NO_MMAP alloc fail Greg Kroah-Hartman
` (273 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Srinivas Pandruvada,
Ilpo Järvinen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
[ Upstream commit 57221a07ff37ff356f9265acd228bc3c8744c8fc ]
The vsec offset can be 64 bit long depending on the PFS start. So change
type to u64. Also use 64 bit formatting for seq_printf.
Fixes: 47731fd2865f ("platform/x86/intel: Intel TPMI enumeration driver")
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Cc: stable@vger.kernel.org # v6.3+
Link: https://lore.kernel.org/r/20240305194644.2077867-1-srinivas.pandruvada@linux.intel.com
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/platform/x86/intel/tpmi.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/intel/tpmi.c b/drivers/platform/x86/intel/tpmi.c
index 0a95736d97e4d..6676eae144f31 100644
--- a/drivers/platform/x86/intel/tpmi.c
+++ b/drivers/platform/x86/intel/tpmi.c
@@ -96,7 +96,7 @@ struct intel_tpmi_pfs_entry {
*/
struct intel_tpmi_pm_feature {
struct intel_tpmi_pfs_entry pfs_header;
- unsigned int vsec_offset;
+ u64 vsec_offset;
struct intel_vsec_device *vsec_dev;
};
@@ -359,7 +359,7 @@ static int tpmi_pfs_dbg_show(struct seq_file *s, void *unused)
disabled = disabled ? 'Y' : 'N';
locked = locked ? 'Y' : 'N';
}
- seq_printf(s, "0x%02x\t\t0x%02x\t\t0x%04x\t\t0x%04x\t\t0x%02x\t\t0x%08x\t%c\t%c\n",
+ seq_printf(s, "0x%02x\t\t0x%02x\t\t0x%04x\t\t0x%04x\t\t0x%02x\t\t0x%016llx\t%c\t%c\n",
pfs->pfs_header.tpmi_id, pfs->pfs_header.num_entries,
pfs->pfs_header.entry_size, pfs->pfs_header.cap_offset,
pfs->pfs_header.attribute, pfs->vsec_offset, locked, disabled);
@@ -377,7 +377,8 @@ static int tpmi_mem_dump_show(struct seq_file *s, void *unused)
struct intel_tpmi_pm_feature *pfs = s->private;
int count, ret = 0;
void __iomem *mem;
- u32 off, size;
+ u32 size;
+ u64 off;
u8 *buffer;
size = TPMI_GET_SINGLE_ENTRY_SIZE(pfs);
@@ -393,7 +394,7 @@ static int tpmi_mem_dump_show(struct seq_file *s, void *unused)
mutex_lock(&tpmi_dev_lock);
for (count = 0; count < pfs->pfs_header.num_entries; ++count) {
- seq_printf(s, "TPMI Instance:%d offset:0x%x\n", count, off);
+ seq_printf(s, "TPMI Instance:%d offset:0x%llx\n", count, off);
mem = ioremap(off, size);
if (!mem) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 135/396] io_uring: clean rings on NO_MMAP alloc fail
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 134/396] platform/x86/intel/tpmi: Change vsec offset to u64 Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 136/396] ring-buffer: Fix waking up ring buffer readers Greg Kroah-Hartman
` (272 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Pavel Begunkov, Jens Axboe,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pavel Begunkov <asml.silence@gmail.com>
[ Upstream commit cef59d1ea7170ec753182302645a0191c8aa3382 ]
We make a few cancellation judgements based on ctx->rings, so let's
zero it afer deallocation for IORING_SETUP_NO_MMAP just like it's
done with the mmap case. Likely, it's not a real problem, but zeroing
is safer and better tested.
Cc: stable@vger.kernel.org
Fixes: 03d89a2de25bbc ("io_uring: support for user allocated memory for rings/sqes")
Signed-off-by: Pavel Begunkov <asml.silence@gmail.com>
Link: https://lore.kernel.org/r/9ff6cdf91429b8a51699c210e1f6af6ea3f8bdcf.1710255382.git.asml.silence@gmail.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
io_uring/io_uring.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index aabb367b24bc0..aed10bae50acb 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -2750,14 +2750,15 @@ static void io_rings_free(struct io_ring_ctx *ctx)
if (!(ctx->flags & IORING_SETUP_NO_MMAP)) {
io_mem_free(ctx->rings);
io_mem_free(ctx->sq_sqes);
- ctx->rings = NULL;
- ctx->sq_sqes = NULL;
} else {
io_pages_free(&ctx->ring_pages, ctx->n_ring_pages);
ctx->n_ring_pages = 0;
io_pages_free(&ctx->sqe_pages, ctx->n_sqe_pages);
ctx->n_sqe_pages = 0;
}
+
+ ctx->rings = NULL;
+ ctx->sq_sqes = NULL;
}
void *io_mem_alloc(size_t size)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 136/396] ring-buffer: Fix waking up ring buffer readers
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 135/396] io_uring: clean rings on NO_MMAP alloc fail Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 137/396] ring-buffer: Do not set shortest_full when full target is hit Greg Kroah-Hartman
` (271 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Mathieu Desnoyers, Andrew Morton, Linus Torvalds, linke li,
Rabin Vincent, Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit b3594573681b53316ec0365332681a30463edfd6 ]
A task can wait on a ring buffer for when it fills up to a specific
watermark. The writer will check the minimum watermark that waiters are
waiting for and if the ring buffer is past that, it will wake up all the
waiters.
The waiters are in a wait loop, and will first check if a signal is
pending and then check if the ring buffer is at the desired level where it
should break out of the loop.
If a file that uses a ring buffer closes, and there's threads waiting on
the ring buffer, it needs to wake up those threads. To do this, a
"wait_index" was used.
Before entering the wait loop, the waiter will read the wait_index. On
wakeup, it will check if the wait_index is different than when it entered
the loop, and will exit the loop if it is. The waker will only need to
update the wait_index before waking up the waiters.
This had a couple of bugs. One trivial one and one broken by design.
The trivial bug was that the waiter checked the wait_index after the
schedule() call. It had to be checked between the prepare_to_wait() and
the schedule() which it was not.
The main bug is that the first check to set the default wait_index will
always be outside the prepare_to_wait() and the schedule(). That's because
the ring_buffer_wait() doesn't have enough context to know if it should
break out of the loop.
The loop itself is not needed, because all the callers to the
ring_buffer_wait() also has their own loop, as the callers have a better
sense of what the context is to decide whether to break out of the loop
or not.
Just have the ring_buffer_wait() block once, and if it gets woken up, exit
the function and let the callers decide what to do next.
Link: https://lore.kernel.org/all/CAHk-=whs5MdtNjzFkTyaUy=vHi=qwWgPi0JgTe6OYUYMNSRZfg@mail.gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.792933613@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes: e30f53aad2202 ("tracing: Do not busy wait in buffer splice")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Stable-dep-of: 761d9473e27f ("ring-buffer: Do not set shortest_full when full target is hit")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 139 ++++++++++++++++++-------------------
1 file changed, 68 insertions(+), 71 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index 1ac6637895a44..ed3577d269efe 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -412,7 +412,6 @@ struct rb_irq_work {
struct irq_work work;
wait_queue_head_t waiters;
wait_queue_head_t full_waiters;
- long wait_index;
bool waiters_pending;
bool full_waiters_pending;
bool wakeup_full;
@@ -945,14 +944,40 @@ void ring_buffer_wake_waiters(struct trace_buffer *buffer, int cpu)
rbwork = &cpu_buffer->irq_work;
}
- rbwork->wait_index++;
- /* make sure the waiters see the new index */
- smp_wmb();
-
/* This can be called in any context */
irq_work_queue(&rbwork->work);
}
+static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full)
+{
+ struct ring_buffer_per_cpu *cpu_buffer;
+ bool ret = false;
+
+ /* Reads of all CPUs always waits for any data */
+ if (cpu == RING_BUFFER_ALL_CPUS)
+ return !ring_buffer_empty(buffer);
+
+ cpu_buffer = buffer->buffers[cpu];
+
+ if (!ring_buffer_empty_cpu(buffer, cpu)) {
+ unsigned long flags;
+ bool pagebusy;
+
+ if (!full)
+ return true;
+
+ raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
+ pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page;
+ ret = !pagebusy && full_hit(buffer, cpu, full);
+
+ if (!cpu_buffer->shortest_full ||
+ cpu_buffer->shortest_full > full)
+ cpu_buffer->shortest_full = full;
+ raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
+ }
+ return ret;
+}
+
/**
* ring_buffer_wait - wait for input to the ring buffer
* @buffer: buffer to wait on
@@ -968,7 +993,6 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full)
struct ring_buffer_per_cpu *cpu_buffer;
DEFINE_WAIT(wait);
struct rb_irq_work *work;
- long wait_index;
int ret = 0;
/*
@@ -987,81 +1011,54 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full)
work = &cpu_buffer->irq_work;
}
- wait_index = READ_ONCE(work->wait_index);
-
- while (true) {
- if (full)
- prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE);
- else
- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE);
-
- /*
- * The events can happen in critical sections where
- * checking a work queue can cause deadlocks.
- * After adding a task to the queue, this flag is set
- * only to notify events to try to wake up the queue
- * using irq_work.
- *
- * We don't clear it even if the buffer is no longer
- * empty. The flag only causes the next event to run
- * irq_work to do the work queue wake up. The worse
- * that can happen if we race with !trace_empty() is that
- * an event will cause an irq_work to try to wake up
- * an empty queue.
- *
- * There's no reason to protect this flag either, as
- * the work queue and irq_work logic will do the necessary
- * synchronization for the wake ups. The only thing
- * that is necessary is that the wake up happens after
- * a task has been queued. It's OK for spurious wake ups.
- */
- if (full)
- work->full_waiters_pending = true;
- else
- work->waiters_pending = true;
-
- if (signal_pending(current)) {
- ret = -EINTR;
- break;
- }
-
- if (cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer))
- break;
-
- if (cpu != RING_BUFFER_ALL_CPUS &&
- !ring_buffer_empty_cpu(buffer, cpu)) {
- unsigned long flags;
- bool pagebusy;
- bool done;
-
- if (!full)
- break;
-
- raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
- pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page;
- done = !pagebusy && full_hit(buffer, cpu, full);
+ if (full)
+ prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE);
+ else
+ prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE);
- if (!cpu_buffer->shortest_full ||
- cpu_buffer->shortest_full > full)
- cpu_buffer->shortest_full = full;
- raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
- if (done)
- break;
- }
+ /*
+ * The events can happen in critical sections where
+ * checking a work queue can cause deadlocks.
+ * After adding a task to the queue, this flag is set
+ * only to notify events to try to wake up the queue
+ * using irq_work.
+ *
+ * We don't clear it even if the buffer is no longer
+ * empty. The flag only causes the next event to run
+ * irq_work to do the work queue wake up. The worse
+ * that can happen if we race with !trace_empty() is that
+ * an event will cause an irq_work to try to wake up
+ * an empty queue.
+ *
+ * There's no reason to protect this flag either, as
+ * the work queue and irq_work logic will do the necessary
+ * synchronization for the wake ups. The only thing
+ * that is necessary is that the wake up happens after
+ * a task has been queued. It's OK for spurious wake ups.
+ */
+ if (full)
+ work->full_waiters_pending = true;
+ else
+ work->waiters_pending = true;
- schedule();
+ if (rb_watermark_hit(buffer, cpu, full))
+ goto out;
- /* Make sure to see the new wait index */
- smp_rmb();
- if (wait_index != work->wait_index)
- break;
+ if (signal_pending(current)) {
+ ret = -EINTR;
+ goto out;
}
+ schedule();
+ out:
if (full)
finish_wait(&work->full_waiters, &wait);
else
finish_wait(&work->waiters, &wait);
+ if (!ret && !rb_watermark_hit(buffer, cpu, full) && signal_pending(current))
+ ret = -EINTR;
+
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 137/396] ring-buffer: Do not set shortest_full when full target is hit
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 136/396] ring-buffer: Fix waking up ring buffer readers Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 138/396] ring-buffer: Fix resetting of shortest_full Greg Kroah-Hartman
` (270 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mathieu Desnoyers,
Masami Hiramatsu (Google), Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 761d9473e27f0c8782895013a3e7b52a37c8bcfc ]
The rb_watermark_hit() checks if the amount of data in the ring buffer is
above the percentage level passed in by the "full" variable. If it is, it
returns true.
But it also sets the "shortest_full" field of the cpu_buffer that informs
writers that it needs to call the irq_work if the amount of data on the
ring buffer is above the requested amount.
The rb_watermark_hit() always sets the shortest_full even if the amount in
the ring buffer is what it wants. As it is not going to wait, because it
has what it wants, there's no reason to set shortest_full.
Link: https://lore.kernel.org/linux-trace-kernel/20240312115641.6aa8ba08@gandalf.local.home
Cc: stable@vger.kernel.org
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Fixes: 42fb0a1e84ff5 ("tracing/ring-buffer: Have polling block on watermark")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index ed3577d269efe..a3315d569e2bf 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -970,9 +970,10 @@ static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full)
pagebusy = cpu_buffer->reader_page == cpu_buffer->commit_page;
ret = !pagebusy && full_hit(buffer, cpu, full);
- if (!cpu_buffer->shortest_full ||
- cpu_buffer->shortest_full > full)
- cpu_buffer->shortest_full = full;
+ if (!ret && (!cpu_buffer->shortest_full ||
+ cpu_buffer->shortest_full > full)) {
+ cpu_buffer->shortest_full = full;
+ }
raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
}
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 138/396] ring-buffer: Fix resetting of shortest_full
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 137/396] ring-buffer: Do not set shortest_full when full target is hit Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 139/396] ring-buffer: Fix full_waiters_pending in poll Greg Kroah-Hartman
` (269 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Mathieu Desnoyers, Andrew Morton, Linus Torvalds, linke li,
Rabin Vincent, Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 68282dd930ea38b068ce2c109d12405f40df3f93 ]
The "shortest_full" variable is used to keep track of the waiter that is
waiting for the smallest amount on the ring buffer before being woken up.
When a tasks waits on the ring buffer, it passes in a "full" value that is
a percentage. 0 means wake up on any data. 1-100 means wake up from 1% to
100% full buffer.
As all waiters are on the same wait queue, the wake up happens for the
waiter with the smallest percentage.
The problem is that the smallest_full on the cpu_buffer that stores the
smallest amount doesn't get reset when all the waiters are woken up. It
does get reset when the ring buffer is reset (echo > /sys/kernel/tracing/trace).
This means that tasks may be woken up more often then when they want to
be. Instead, have the shortest_full field get reset just before waking up
all the tasks. If the tasks wait again, they will update the shortest_full
before sleeping.
Also add locking around setting of shortest_full in the poll logic, and
change "work" to "rbwork" to match the variable name for rb_irq_work
structures that are used in other places.
Link: https://lore.kernel.org/linux-trace-kernel/20240308202431.948914369@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes: 2c2b0a78b3739 ("ring-buffer: Add percentage of ring buffer full to wake up reader")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Stable-dep-of: 8145f1c35fa6 ("ring-buffer: Fix full_waiters_pending in poll")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 30 +++++++++++++++++++++++-------
1 file changed, 23 insertions(+), 7 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index a3315d569e2bf..a8ad5141d7ba3 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -902,8 +902,19 @@ static void rb_wake_up_waiters(struct irq_work *work)
wake_up_all(&rbwork->waiters);
if (rbwork->full_waiters_pending || rbwork->wakeup_full) {
+ /* Only cpu_buffer sets the above flags */
+ struct ring_buffer_per_cpu *cpu_buffer =
+ container_of(rbwork, struct ring_buffer_per_cpu, irq_work);
+
+ /* Called from interrupt context */
+ raw_spin_lock(&cpu_buffer->reader_lock);
rbwork->wakeup_full = false;
rbwork->full_waiters_pending = false;
+
+ /* Waking up all waiters, they will reset the shortest full */
+ cpu_buffer->shortest_full = 0;
+ raw_spin_unlock(&cpu_buffer->reader_lock);
+
wake_up_all(&rbwork->full_waiters);
}
}
@@ -1082,28 +1093,33 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
struct file *filp, poll_table *poll_table, int full)
{
struct ring_buffer_per_cpu *cpu_buffer;
- struct rb_irq_work *work;
+ struct rb_irq_work *rbwork;
if (cpu == RING_BUFFER_ALL_CPUS) {
- work = &buffer->irq_work;
+ rbwork = &buffer->irq_work;
full = 0;
} else {
if (!cpumask_test_cpu(cpu, buffer->cpumask))
return EPOLLERR;
cpu_buffer = buffer->buffers[cpu];
- work = &cpu_buffer->irq_work;
+ rbwork = &cpu_buffer->irq_work;
}
if (full) {
- poll_wait(filp, &work->full_waiters, poll_table);
- work->full_waiters_pending = true;
+ unsigned long flags;
+
+ poll_wait(filp, &rbwork->full_waiters, poll_table);
+
+ raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
+ rbwork->full_waiters_pending = true;
if (!cpu_buffer->shortest_full ||
cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
+ raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
} else {
- poll_wait(filp, &work->waiters, poll_table);
- work->waiters_pending = true;
+ poll_wait(filp, &rbwork->waiters, poll_table);
+ rbwork->waiters_pending = true;
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 139/396] ring-buffer: Fix full_waiters_pending in poll
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 138/396] ring-buffer: Fix resetting of shortest_full Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 140/396] ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Greg Kroah-Hartman
` (268 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mark Rutland, Mathieu Desnoyers,
Andrew Morton, Masami Hiramatsu (Google), Steven Rostedt (Google),
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 8145f1c35fa648da662078efab299c4467b85ad5 ]
If a reader of the ring buffer is doing a poll, and waiting for the ring
buffer to hit a specific watermark, there could be a case where it gets
into an infinite ping-pong loop.
The poll code has:
rbwork->full_waiters_pending = true;
if (!cpu_buffer->shortest_full ||
cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
The writer will see full_waiters_pending and check if the ring buffer is
filled over the percentage of the shortest_full value. If it is, it calls
an irq_work to wake up all the waiters.
But the code could get into a circular loop:
CPU 0 CPU 1
----- -----
[ Poll ]
[ shortest_full = 0 ]
rbwork->full_waiters_pending = true;
if (rbwork->full_waiters_pending &&
[ buffer percent ] > shortest_full) {
rbwork->wakeup_full = true;
[ queue_irqwork ]
cpu_buffer->shortest_full = full;
[ IRQ work ]
if (rbwork->wakeup_full) {
cpu_buffer->shortest_full = 0;
wakeup poll waiters;
[woken]
if ([ buffer percent ] > full)
break;
rbwork->full_waiters_pending = true;
if (rbwork->full_waiters_pending &&
[ buffer percent ] > shortest_full) {
rbwork->wakeup_full = true;
[ queue_irqwork ]
cpu_buffer->shortest_full = full;
[ IRQ work ]
if (rbwork->wakeup_full) {
cpu_buffer->shortest_full = 0;
wakeup poll waiters;
[woken]
[ Wash, rinse, repeat! ]
In the poll, the shortest_full needs to be set before the
full_pending_waiters, as once that is set, the writer will compare the
current shortest_full (which is incorrect) to decide to call the irq_work,
which will reset the shortest_full (expecting the readers to update it).
Also move the setting of full_waiters_pending after the check if the ring
buffer has the required percentage filled. There's no reason to tell the
writer to wake up waiters if there are no waiters.
Link: https://lore.kernel.org/linux-trace-kernel/20240312131952.630922155@goodmis.org
Cc: stable@vger.kernel.org
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: 42fb0a1e84ff5 ("tracing/ring-buffer: Have polling block on watermark")
Reviewed-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/trace/ring_buffer.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index a8ad5141d7ba3..b4979f6a449d7 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1112,16 +1112,32 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
poll_wait(filp, &rbwork->full_waiters, poll_table);
raw_spin_lock_irqsave(&cpu_buffer->reader_lock, flags);
- rbwork->full_waiters_pending = true;
if (!cpu_buffer->shortest_full ||
cpu_buffer->shortest_full > full)
cpu_buffer->shortest_full = full;
raw_spin_unlock_irqrestore(&cpu_buffer->reader_lock, flags);
- } else {
- poll_wait(filp, &rbwork->waiters, poll_table);
- rbwork->waiters_pending = true;
+ if (full_hit(buffer, cpu, full))
+ return EPOLLIN | EPOLLRDNORM;
+ /*
+ * Only allow full_waiters_pending update to be seen after
+ * the shortest_full is set. If the writer sees the
+ * full_waiters_pending flag set, it will compare the
+ * amount in the ring buffer to shortest_full. If the amount
+ * in the ring buffer is greater than the shortest_full
+ * percent, it will call the irq_work handler to wake up
+ * this list. The irq_handler will reset shortest_full
+ * back to zero. That's done under the reader_lock, but
+ * the below smp_mb() makes sure that the update to
+ * full_waiters_pending doesn't leak up into the above.
+ */
+ smp_mb();
+ rbwork->full_waiters_pending = true;
+ return 0;
}
+ poll_wait(filp, &rbwork->waiters, poll_table);
+ rbwork->waiters_pending = true;
+
/*
* There's a tight race between setting the waiters_pending and
* checking if the ring buffer is empty. Once the waiters_pending bit
@@ -1137,9 +1153,6 @@ __poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
*/
smp_mb();
- if (full)
- return full_hit(buffer, cpu, full) ? EPOLLIN | EPOLLRDNORM : 0;
-
if ((cpu == RING_BUFFER_ALL_CPUS && !ring_buffer_empty(buffer)) ||
(cpu != RING_BUFFER_ALL_CPUS && !ring_buffer_empty_cpu(buffer, cpu)))
return EPOLLIN | EPOLLRDNORM;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 140/396] ring-buffer: Use wait_event_interruptible() in ring_buffer_wait()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 139/396] ring-buffer: Fix full_waiters_pending in poll Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 141/396] dlm: fix user space lkb refcounting Greg Kroah-Hartman
` (267 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Mathieu Desnoyers, Andrew Morton, Linus Torvalds, linke li,
Rabin Vincent, Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 7af9ded0c2caac0a95f33df5cb04706b0f502588 ]
Convert ring_buffer_wait() over to wait_event_interruptible(). The default
condition is to execute the wait loop inside __wait_event() just once.
This does not change the ring_buffer_wait() prototype yet, but
restructures the code so that it can take a "cond" and "data" parameter
and will call wait_event_interruptible() with a helper function as the
condition.
The helper function (rb_wait_cond) takes the cond function and data
parameters. It will first check if the buffer hit the watermark defined by
the "full" parameter and then call the passed in condition parameter. If
either are true, it returns true.
If rb_wait_cond() does not return true, it will set the appropriate
"waiters_pending" flag and returns false.
Link: https://lore.kernel.org/linux-trace-kernel/CAHk-=wgsNgewHFxZAJiAQznwPMqEtQmi1waeS2O1v6L4c_Um5A@mail.gmail.com/
Link: https://lore.kernel.org/linux-trace-kernel/20240312121703.399598519@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/ring_buffer.h | 1 +
kernel/trace/ring_buffer.c | 116 +++++++++++++++++++++---------------
2 files changed, 69 insertions(+), 48 deletions(-)
diff --git a/include/linux/ring_buffer.h b/include/linux/ring_buffer.h
index 782e14f62201f..ded528d23f855 100644
--- a/include/linux/ring_buffer.h
+++ b/include/linux/ring_buffer.h
@@ -98,6 +98,7 @@ __ring_buffer_alloc(unsigned long size, unsigned flags, struct lock_class_key *k
__ring_buffer_alloc((size), (flags), &__key); \
})
+typedef bool (*ring_buffer_cond_fn)(void *data);
int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full);
__poll_t ring_buffer_poll_wait(struct trace_buffer *buffer, int cpu,
struct file *filp, poll_table *poll_table, int full);
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
index b4979f6a449d7..3fedd051f12c0 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -990,43 +990,15 @@ static bool rb_watermark_hit(struct trace_buffer *buffer, int cpu, int full)
return ret;
}
-/**
- * ring_buffer_wait - wait for input to the ring buffer
- * @buffer: buffer to wait on
- * @cpu: the cpu buffer to wait on
- * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS
- *
- * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon
- * as data is added to any of the @buffer's cpu buffers. Otherwise
- * it will wait for data to be added to a specific cpu buffer.
- */
-int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full)
+static inline bool
+rb_wait_cond(struct rb_irq_work *rbwork, struct trace_buffer *buffer,
+ int cpu, int full, ring_buffer_cond_fn cond, void *data)
{
- struct ring_buffer_per_cpu *cpu_buffer;
- DEFINE_WAIT(wait);
- struct rb_irq_work *work;
- int ret = 0;
-
- /*
- * Depending on what the caller is waiting for, either any
- * data in any cpu buffer, or a specific buffer, put the
- * caller on the appropriate wait queue.
- */
- if (cpu == RING_BUFFER_ALL_CPUS) {
- work = &buffer->irq_work;
- /* Full only makes sense on per cpu reads */
- full = 0;
- } else {
- if (!cpumask_test_cpu(cpu, buffer->cpumask))
- return -ENODEV;
- cpu_buffer = buffer->buffers[cpu];
- work = &cpu_buffer->irq_work;
- }
+ if (rb_watermark_hit(buffer, cpu, full))
+ return true;
- if (full)
- prepare_to_wait(&work->full_waiters, &wait, TASK_INTERRUPTIBLE);
- else
- prepare_to_wait(&work->waiters, &wait, TASK_INTERRUPTIBLE);
+ if (cond(data))
+ return true;
/*
* The events can happen in critical sections where
@@ -1049,27 +1021,75 @@ int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full)
* a task has been queued. It's OK for spurious wake ups.
*/
if (full)
- work->full_waiters_pending = true;
+ rbwork->full_waiters_pending = true;
else
- work->waiters_pending = true;
+ rbwork->waiters_pending = true;
- if (rb_watermark_hit(buffer, cpu, full))
- goto out;
+ return false;
+}
- if (signal_pending(current)) {
- ret = -EINTR;
- goto out;
+/*
+ * The default wait condition for ring_buffer_wait() is to just to exit the
+ * wait loop the first time it is woken up.
+ */
+static bool rb_wait_once(void *data)
+{
+ long *once = data;
+
+ /* wait_event() actually calls this twice before scheduling*/
+ if (*once > 1)
+ return true;
+
+ (*once)++;
+ return false;
+}
+
+/**
+ * ring_buffer_wait - wait for input to the ring buffer
+ * @buffer: buffer to wait on
+ * @cpu: the cpu buffer to wait on
+ * @full: wait until the percentage of pages are available, if @cpu != RING_BUFFER_ALL_CPUS
+ *
+ * If @cpu == RING_BUFFER_ALL_CPUS then the task will wake up as soon
+ * as data is added to any of the @buffer's cpu buffers. Otherwise
+ * it will wait for data to be added to a specific cpu buffer.
+ */
+int ring_buffer_wait(struct trace_buffer *buffer, int cpu, int full)
+{
+ struct ring_buffer_per_cpu *cpu_buffer;
+ struct wait_queue_head *waitq;
+ ring_buffer_cond_fn cond;
+ struct rb_irq_work *rbwork;
+ void *data;
+ long once = 0;
+ int ret = 0;
+
+ cond = rb_wait_once;
+ data = &once;
+
+ /*
+ * Depending on what the caller is waiting for, either any
+ * data in any cpu buffer, or a specific buffer, put the
+ * caller on the appropriate wait queue.
+ */
+ if (cpu == RING_BUFFER_ALL_CPUS) {
+ rbwork = &buffer->irq_work;
+ /* Full only makes sense on per cpu reads */
+ full = 0;
+ } else {
+ if (!cpumask_test_cpu(cpu, buffer->cpumask))
+ return -ENODEV;
+ cpu_buffer = buffer->buffers[cpu];
+ rbwork = &cpu_buffer->irq_work;
}
- schedule();
- out:
if (full)
- finish_wait(&work->full_waiters, &wait);
+ waitq = &rbwork->full_waiters;
else
- finish_wait(&work->waiters, &wait);
+ waitq = &rbwork->waiters;
- if (!ret && !rb_watermark_hit(buffer, cpu, full) && signal_pending(current))
- ret = -EINTR;
+ ret = wait_event_interruptible((*waitq),
+ rb_wait_cond(rbwork, buffer, cpu, full, cond, data));
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 141/396] dlm: fix user space lkb refcounting
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 140/396] ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 142/396] soc: fsl: qbman: Always disable interrupts when taking cgr_lock Greg Kroah-Hartman
` (266 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Valentin Vidić, Alexander Aring,
David Teigland, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Aring <aahringo@redhat.com>
[ Upstream commit 2ab3d705ca5d4f7ea345a21c3da41a447a549649 ]
This patch fixes to check on the right return value if it was the last
callback. The rv variable got overwritten by the return of
copy_result_to_user(). Fixing it by introducing a second variable for
the return value and don't let rv being overwritten.
Cc: stable@vger.kernel.org
Fixes: 61bed0baa4db ("fs: dlm: use a non-static queue for callbacks")
Reported-by: Valentin Vidić <vvidic@valentin-vidic.from.hr>
Closes: https://lore.kernel.org/gfs2/Ze4qSvzGJDt5yxC3@valentin-vidic.from.hr
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: David Teigland <teigland@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/dlm/user.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/dlm/user.c b/fs/dlm/user.c
index 695e691b38b31..9f9b68448830e 100644
--- a/fs/dlm/user.c
+++ b/fs/dlm/user.c
@@ -806,7 +806,7 @@ static ssize_t device_read(struct file *file, char __user *buf, size_t count,
struct dlm_lkb *lkb;
DECLARE_WAITQUEUE(wait, current);
struct dlm_callback *cb;
- int rv, copy_lvb = 0;
+ int rv, ret, copy_lvb = 0;
int old_mode, new_mode;
if (count == sizeof(struct dlm_device_version)) {
@@ -906,9 +906,9 @@ static ssize_t device_read(struct file *file, char __user *buf, size_t count,
trace_dlm_ast(lkb->lkb_resource->res_ls, lkb);
}
- rv = copy_result_to_user(lkb->lkb_ua,
- test_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags),
- cb->flags, cb->mode, copy_lvb, buf, count);
+ ret = copy_result_to_user(lkb->lkb_ua,
+ test_bit(DLM_PROC_FLAGS_COMPAT, &proc->flags),
+ cb->flags, cb->mode, copy_lvb, buf, count);
kref_put(&cb->ref, dlm_release_callback);
@@ -916,7 +916,7 @@ static ssize_t device_read(struct file *file, char __user *buf, size_t count,
if (rv == DLM_DEQUEUE_CALLBACK_LAST)
dlm_put_lkb(lkb);
- return rv;
+ return ret;
}
static __poll_t device_poll(struct file *file, poll_table *wait)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 142/396] soc: fsl: qbman: Always disable interrupts when taking cgr_lock
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 141/396] dlm: fix user space lkb refcounting Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 143/396] soc: fsl: qbman: Use raw spinlock for cgr_lock Greg Kroah-Hartman
` (265 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Sean Anderson, Camelia Groza,
Vladimir Oltean, David S. Miller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@linux.dev>
[ Upstream commit 584c2a9184a33a40fceee838f856de3cffa19be3 ]
smp_call_function_single disables IRQs when executing the callback. To
prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.
This is already done by qman_update_cgr and qman_delete_cgr; fix the
other lockers.
Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
CC: stable@vger.kernel.org
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Reviewed-by: Camelia Groza <camelia.groza@nxp.com>
Tested-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/fsl/qbman/qman.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
index 739e4eee6b75c..1bf1f1ea67f00 100644
--- a/drivers/soc/fsl/qbman/qman.c
+++ b/drivers/soc/fsl/qbman/qman.c
@@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work)
union qm_mc_result *mcr;
struct qman_cgr *cgr;
- spin_lock(&p->cgr_lock);
+ spin_lock_irq(&p->cgr_lock);
qm_mc_start(&p->p);
qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
if (!qm_mc_result_timeout(&p->p, &mcr)) {
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
return;
@@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work)
list_for_each_entry(cgr, &p->cgr_cbs, node)
if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
}
@@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
preempt_enable();
cgr->chan = p->config->channel;
- spin_lock(&p->cgr_lock);
+ spin_lock_irq(&p->cgr_lock);
if (opts) {
struct qm_mcc_initcgr local_opts = *opts;
@@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
cgr->cb(p, cgr, 1);
out:
- spin_unlock(&p->cgr_lock);
+ spin_unlock_irq(&p->cgr_lock);
put_affine_portal();
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 143/396] soc: fsl: qbman: Use raw spinlock for cgr_lock
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 142/396] soc: fsl: qbman: Always disable interrupts when taking cgr_lock Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 144/396] s390/zcrypt: fix reference counting on zcrypt card objects Greg Kroah-Hartman
` (264 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vladimir Oltean, Steffen Trumtrar,
Sean Anderson, Camelia Groza, David S. Miller, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@linux.dev>
[ Upstream commit fbec4e7fed89b579f2483041fabf9650fb0dd6bc ]
smp_call_function always runs its callback in hard IRQ context, even on
PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock
for cgr_lock to ensure we aren't waiting on a sleeping task.
Although this bug has existed for a while, it was not apparent until
commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change")
which invokes smp_call_function_single via qman_update_cgr_safe every
time a link goes up or down.
Fixes: 96f413f47677 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
CC: stable@vger.kernel.org
Reported-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Closes: https://lore.kernel.org/all/20230323153935.nofnjucqjqnz34ej@skbuf/
Reported-by: Steffen Trumtrar <s.trumtrar@pengutronix.de>
Closes: https://lore.kernel.org/linux-arm-kernel/87wmsyvclu.fsf@pengutronix.de/
Signed-off-by: Sean Anderson <sean.anderson@linux.dev>
Reviewed-by: Camelia Groza <camelia.groza@nxp.com>
Tested-by: Vladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/soc/fsl/qbman/qman.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c
index 1bf1f1ea67f00..7e9074519ad22 100644
--- a/drivers/soc/fsl/qbman/qman.c
+++ b/drivers/soc/fsl/qbman/qman.c
@@ -991,7 +991,7 @@ struct qman_portal {
/* linked-list of CSCN handlers. */
struct list_head cgr_cbs;
/* list lock */
- spinlock_t cgr_lock;
+ raw_spinlock_t cgr_lock;
struct work_struct congestion_work;
struct work_struct mr_work;
char irqname[MAX_IRQNAME];
@@ -1281,7 +1281,7 @@ static int qman_create_portal(struct qman_portal *portal,
/* if the given mask is NULL, assume all CGRs can be seen */
qman_cgrs_fill(&portal->cgrs[0]);
INIT_LIST_HEAD(&portal->cgr_cbs);
- spin_lock_init(&portal->cgr_lock);
+ raw_spin_lock_init(&portal->cgr_lock);
INIT_WORK(&portal->congestion_work, qm_congestion_task);
INIT_WORK(&portal->mr_work, qm_mr_process_task);
portal->bits = 0;
@@ -1456,11 +1456,14 @@ static void qm_congestion_task(struct work_struct *work)
union qm_mc_result *mcr;
struct qman_cgr *cgr;
- spin_lock_irq(&p->cgr_lock);
+ /*
+ * FIXME: QM_MCR_TIMEOUT is 10ms, which is too long for a raw spinlock!
+ */
+ raw_spin_lock_irq(&p->cgr_lock);
qm_mc_start(&p->p);
qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);
if (!qm_mc_result_timeout(&p->p, &mcr)) {
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
return;
@@ -1476,7 +1479,7 @@ static void qm_congestion_task(struct work_struct *work)
list_for_each_entry(cgr, &p->cgr_cbs, node)
if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))
cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
qman_p_irqsource_add(p, QM_PIRQ_CSCI);
}
@@ -2440,7 +2443,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
preempt_enable();
cgr->chan = p->config->channel;
- spin_lock_irq(&p->cgr_lock);
+ raw_spin_lock_irq(&p->cgr_lock);
if (opts) {
struct qm_mcc_initcgr local_opts = *opts;
@@ -2477,7 +2480,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags,
qman_cgrs_get(&p->cgrs[1], cgr->cgrid))
cgr->cb(p, cgr, 1);
out:
- spin_unlock_irq(&p->cgr_lock);
+ raw_spin_unlock_irq(&p->cgr_lock);
put_affine_portal();
return ret;
}
@@ -2512,7 +2515,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
return -EINVAL;
memset(&local_opts, 0, sizeof(struct qm_mcc_initcgr));
- spin_lock_irqsave(&p->cgr_lock, irqflags);
+ raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
list_del(&cgr->node);
/*
* If there are no other CGR objects for this CGRID in the list,
@@ -2537,7 +2540,7 @@ int qman_delete_cgr(struct qman_cgr *cgr)
/* add back to the list */
list_add(&cgr->node, &p->cgr_cbs);
release_lock:
- spin_unlock_irqrestore(&p->cgr_lock, irqflags);
+ raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
put_affine_portal();
return ret;
}
@@ -2577,9 +2580,9 @@ static int qman_update_cgr(struct qman_cgr *cgr, struct qm_mcc_initcgr *opts)
if (!p)
return -EINVAL;
- spin_lock_irqsave(&p->cgr_lock, irqflags);
+ raw_spin_lock_irqsave(&p->cgr_lock, irqflags);
ret = qm_modify_cgr(cgr, 0, opts);
- spin_unlock_irqrestore(&p->cgr_lock, irqflags);
+ raw_spin_unlock_irqrestore(&p->cgr_lock, irqflags);
put_affine_portal();
return ret;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 144/396] s390/zcrypt: fix reference counting on zcrypt card objects
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 143/396] soc: fsl: qbman: Use raw spinlock for cgr_lock Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 145/396] drm/probe-helper: warn about negative .get_modes() Greg Kroah-Hartman
` (263 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Harald Freudenberger, Holger Dengler,
Heiko Carstens, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Harald Freudenberger <freude@linux.ibm.com>
[ Upstream commit 50ed48c80fecbe17218afed4f8bed005c802976c ]
Tests with hot-plugging crytpo cards on KVM guests with debug
kernel build revealed an use after free for the load field of
the struct zcrypt_card. The reason was an incorrect reference
handling of the zcrypt card object which could lead to a free
of the zcrypt card object while it was still in use.
This is an example of the slab message:
kernel: 0x00000000885a7512-0x00000000885a7513 @offset=1298. First byte 0x68 instead of 0x6b
kernel: Allocated in zcrypt_card_alloc+0x36/0x70 [zcrypt] age=18046 cpu=3 pid=43
kernel: kmalloc_trace+0x3f2/0x470
kernel: zcrypt_card_alloc+0x36/0x70 [zcrypt]
kernel: zcrypt_cex4_card_probe+0x26/0x380 [zcrypt_cex4]
kernel: ap_device_probe+0x15c/0x290
kernel: really_probe+0xd2/0x468
kernel: driver_probe_device+0x40/0xf0
kernel: __device_attach_driver+0xc0/0x140
kernel: bus_for_each_drv+0x8c/0xd0
kernel: __device_attach+0x114/0x198
kernel: bus_probe_device+0xb4/0xc8
kernel: device_add+0x4d2/0x6e0
kernel: ap_scan_adapter+0x3d0/0x7c0
kernel: ap_scan_bus+0x5a/0x3b0
kernel: ap_scan_bus_wq_callback+0x40/0x60
kernel: process_one_work+0x26e/0x620
kernel: worker_thread+0x21c/0x440
kernel: Freed in zcrypt_card_put+0x54/0x80 [zcrypt] age=9024 cpu=3 pid=43
kernel: kfree+0x37e/0x418
kernel: zcrypt_card_put+0x54/0x80 [zcrypt]
kernel: ap_device_remove+0x4c/0xe0
kernel: device_release_driver_internal+0x1c4/0x270
kernel: bus_remove_device+0x100/0x188
kernel: device_del+0x164/0x3c0
kernel: device_unregister+0x30/0x90
kernel: ap_scan_adapter+0xc8/0x7c0
kernel: ap_scan_bus+0x5a/0x3b0
kernel: ap_scan_bus_wq_callback+0x40/0x60
kernel: process_one_work+0x26e/0x620
kernel: worker_thread+0x21c/0x440
kernel: kthread+0x150/0x168
kernel: __ret_from_fork+0x3c/0x58
kernel: ret_from_fork+0xa/0x30
kernel: Slab 0x00000372022169c0 objects=20 used=18 fp=0x00000000885a7c88 flags=0x3ffff00000000a00(workingset|slab|node=0|zone=1|lastcpupid=0x1ffff)
kernel: Object 0x00000000885a74b8 @offset=1208 fp=0x00000000885a7c88
kernel: Redzone 00000000885a74b0: bb bb bb bb bb bb bb bb ........
kernel: Object 00000000885a74b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a74f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
kernel: Object 00000000885a7508: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 68 4b 6b 6b 6b a5 kkkkkkkkkkhKkkk.
kernel: Redzone 00000000885a7518: bb bb bb bb bb bb bb bb ........
kernel: Padding 00000000885a756c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ
kernel: CPU: 0 PID: 387 Comm: systemd-udevd Not tainted 6.8.0-HF #2
kernel: Hardware name: IBM 3931 A01 704 (KVM/Linux)
kernel: Call Trace:
kernel: [<00000000ca5ab5b8>] dump_stack_lvl+0x90/0x120
kernel: [<00000000c99d78bc>] check_bytes_and_report+0x114/0x140
kernel: [<00000000c99d53cc>] check_object+0x334/0x3f8
kernel: [<00000000c99d820c>] alloc_debug_processing+0xc4/0x1f8
kernel: [<00000000c99d852e>] get_partial_node.part.0+0x1ee/0x3e0
kernel: [<00000000c99d94ec>] ___slab_alloc+0xaf4/0x13c8
kernel: [<00000000c99d9e38>] __slab_alloc.constprop.0+0x78/0xb8
kernel: [<00000000c99dc8dc>] __kmalloc+0x434/0x590
kernel: [<00000000c9b4c0ce>] ext4_htree_store_dirent+0x4e/0x1c0
kernel: [<00000000c9b908a2>] htree_dirblock_to_tree+0x17a/0x3f0
kernel: [<00000000c9b919dc>] ext4_htree_fill_tree+0x134/0x400
kernel: [<00000000c9b4b3d0>] ext4_dx_readdir+0x160/0x2f0
kernel: [<00000000c9b4bedc>] ext4_readdir+0x5f4/0x760
kernel: [<00000000c9a7efc4>] iterate_dir+0xb4/0x280
kernel: [<00000000c9a7f1ea>] __do_sys_getdents64+0x5a/0x120
kernel: [<00000000ca5d6946>] __do_syscall+0x256/0x310
kernel: [<00000000ca5eea10>] system_call+0x70/0x98
kernel: INFO: lockdep is turned off.
kernel: FIX kmalloc-96: Restoring Poison 0x00000000885a7512-0x00000000885a7513=0x6b
kernel: FIX kmalloc-96: Marking all objects used
The fix is simple: Before use of the queue not only the queue object
but also the card object needs to increase it's reference count
with a call to zcrypt_card_get(). Similar after use of the queue
not only the queue but also the card object's reference count is
decreased with zcrypt_card_put().
Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Reviewed-by: Holger Dengler <dengler@linux.ibm.com>
Cc: stable@vger.kernel.org
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/s390/crypto/zcrypt_api.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/s390/crypto/zcrypt_api.c b/drivers/s390/crypto/zcrypt_api.c
index ce04caa7913fb..357889cc03f0a 100644
--- a/drivers/s390/crypto/zcrypt_api.c
+++ b/drivers/s390/crypto/zcrypt_api.c
@@ -579,6 +579,7 @@ static inline struct zcrypt_queue *zcrypt_pick_queue(struct zcrypt_card *zc,
{
if (!zq || !try_module_get(zq->queue->ap_dev.device.driver->owner))
return NULL;
+ zcrypt_card_get(zc);
zcrypt_queue_get(zq);
get_device(&zq->queue->ap_dev.device);
atomic_add(weight, &zc->load);
@@ -598,6 +599,7 @@ static inline void zcrypt_drop_queue(struct zcrypt_card *zc,
atomic_sub(weight, &zq->load);
put_device(&zq->queue->ap_dev.device);
zcrypt_queue_put(zq);
+ zcrypt_card_put(zc);
module_put(mod);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 145/396] drm/probe-helper: warn about negative .get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 144/396] s390/zcrypt: fix reference counting on zcrypt card objects Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 146/396] drm/panel: do not return negative error codes from drm_panel_get_modes() Greg Kroah-Hartman
` (262 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Zimmermann, Jani Nikula,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 7af03e688792293ba33149fb8df619a8dff90e80 ]
The .get_modes() callback is supposed to return the number of modes,
never a negative error code. If a negative value is returned, it'll just
be interpreted as a negative count, and added to previous calculations.
Document the rules, but handle the negative values gracefully with an
error message.
Cc: stable@vger.kernel.org
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/50208c866facc33226a3c77b82bb96aeef8ef310.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_probe_helper.c | 7 +++++++
include/drm/drm_modeset_helper_vtables.h | 3 ++-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_probe_helper.c b/drivers/gpu/drm/drm_probe_helper.c
index 3f479483d7d80..15ed974bcb988 100644
--- a/drivers/gpu/drm/drm_probe_helper.c
+++ b/drivers/gpu/drm/drm_probe_helper.c
@@ -419,6 +419,13 @@ static int drm_helper_probe_get_modes(struct drm_connector *connector)
count = connector_funcs->get_modes(connector);
+ /* The .get_modes() callback should not return negative values. */
+ if (count < 0) {
+ drm_err(connector->dev, ".get_modes() returned %pe\n",
+ ERR_PTR(count));
+ count = 0;
+ }
+
/*
* Fallback for when DDC probe failed in drm_get_edid() and thus skipped
* override/firmware EDID.
diff --git a/include/drm/drm_modeset_helper_vtables.h b/include/drm/drm_modeset_helper_vtables.h
index e3c3ac6159094..159213786e6e1 100644
--- a/include/drm/drm_modeset_helper_vtables.h
+++ b/include/drm/drm_modeset_helper_vtables.h
@@ -898,7 +898,8 @@ struct drm_connector_helper_funcs {
*
* RETURNS:
*
- * The number of modes added by calling drm_mode_probed_add().
+ * The number of modes added by calling drm_mode_probed_add(). Return 0
+ * on failures (no modes) instead of negative error codes.
*/
int (*get_modes)(struct drm_connector *connector);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 146/396] drm/panel: do not return negative error codes from drm_panel_get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 145/396] drm/probe-helper: warn about negative .get_modes() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 147/396] drm/exynos: do not return negative values from .get_modes() Greg Kroah-Hartman
` (261 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Armstrong, Jessica Zhang,
Sam Ravnborg, Thomas Zimmermann, Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit fc4e97726530241d96dd7db72eb65979217422c9 ]
None of the callers of drm_panel_get_modes() expect it to return
negative error codes. Either they propagate the return value in their
struct drm_connector_helper_funcs .get_modes() hook (which is also not
supposed to return negative codes), or add it to other counts leading to
bogus values.
On the other hand, many of the struct drm_panel_funcs .get_modes() hooks
do return negative error codes, so handle them gracefully instead of
propagating further.
Return 0 for no modes, whatever the reason.
Cc: Neil Armstrong <neil.armstrong@linaro.org>
Cc: Jessica Zhang <quic_jesszhan@quicinc.com>
Cc: Sam Ravnborg <sam@ravnborg.org>
Cc: stable@vger.kernel.org
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Reviewed-by: Jessica Zhang <quic_jesszhan@quicinc.com>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/79f559b72d8c493940417304e222a4b04dfa19c4.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_panel.c | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/drm_panel.c b/drivers/gpu/drm/drm_panel.c
index e814020bbcd3b..cfbe020de54e0 100644
--- a/drivers/gpu/drm/drm_panel.c
+++ b/drivers/gpu/drm/drm_panel.c
@@ -274,19 +274,24 @@ EXPORT_SYMBOL(drm_panel_disable);
* The modes probed from the panel are automatically added to the connector
* that the panel is attached to.
*
- * Return: The number of modes available from the panel on success or a
- * negative error code on failure.
+ * Return: The number of modes available from the panel on success, or 0 on
+ * failure (no modes).
*/
int drm_panel_get_modes(struct drm_panel *panel,
struct drm_connector *connector)
{
if (!panel)
- return -EINVAL;
+ return 0;
- if (panel->funcs && panel->funcs->get_modes)
- return panel->funcs->get_modes(panel, connector);
+ if (panel->funcs && panel->funcs->get_modes) {
+ int num;
- return -EOPNOTSUPP;
+ num = panel->funcs->get_modes(panel, connector);
+ if (num > 0)
+ return num;
+ }
+
+ return 0;
}
EXPORT_SYMBOL(drm_panel_get_modes);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 147/396] drm/exynos: do not return negative values from .get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 146/396] drm/panel: do not return negative error codes from drm_panel_get_modes() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 148/396] drm/imx/ipuv3: " Greg Kroah-Hartman
` (260 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Inki Dae, Seung-Woo Kim,
Kyungmin Park, Thomas Zimmermann, Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 13d5b040363c7ec0ac29c2de9cf661a24a8aa531 ]
The .get_modes() hooks aren't supposed to return negative error
codes. Return 0 for no modes, whatever the reason.
Cc: Inki Dae <inki.dae@samsung.com>
Cc: Seung-Woo Kim <sw0312.kim@samsung.com>
Cc: Kyungmin Park <kyungmin.park@samsung.com>
Cc: stable@vger.kernel.org
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/d8665f620d9c252aa7d5a4811ff6b16e773903a2.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/exynos/exynos_drm_vidi.c | 4 ++--
drivers/gpu/drm/exynos/exynos_hdmi.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/gpu/drm/exynos/exynos_drm_vidi.c b/drivers/gpu/drm/exynos/exynos_drm_vidi.c
index f5e1adfcaa514..fb941a8c99f0f 100644
--- a/drivers/gpu/drm/exynos/exynos_drm_vidi.c
+++ b/drivers/gpu/drm/exynos/exynos_drm_vidi.c
@@ -316,14 +316,14 @@ static int vidi_get_modes(struct drm_connector *connector)
*/
if (!ctx->raw_edid) {
DRM_DEV_DEBUG_KMS(ctx->dev, "raw_edid is null.\n");
- return -EFAULT;
+ return 0;
}
edid_len = (1 + ctx->raw_edid->extensions) * EDID_LENGTH;
edid = kmemdup(ctx->raw_edid, edid_len, GFP_KERNEL);
if (!edid) {
DRM_DEV_DEBUG_KMS(ctx->dev, "failed to allocate edid\n");
- return -ENOMEM;
+ return 0;
}
drm_connector_update_edid_property(connector, edid);
diff --git a/drivers/gpu/drm/exynos/exynos_hdmi.c b/drivers/gpu/drm/exynos/exynos_hdmi.c
index dd9903eab563e..eff51bfc46440 100644
--- a/drivers/gpu/drm/exynos/exynos_hdmi.c
+++ b/drivers/gpu/drm/exynos/exynos_hdmi.c
@@ -887,11 +887,11 @@ static int hdmi_get_modes(struct drm_connector *connector)
int ret;
if (!hdata->ddc_adpt)
- return -ENODEV;
+ return 0;
edid = drm_get_edid(connector, hdata->ddc_adpt);
if (!edid)
- return -ENODEV;
+ return 0;
hdata->dvi_mode = !connector->display_info.is_hdmi;
DRM_DEV_DEBUG_KMS(hdata->dev, "%s : width[%d] x height[%d]\n",
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 148/396] drm/imx/ipuv3: do not return negative values from .get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 147/396] drm/exynos: do not return negative values from .get_modes() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 149/396] drm/vc4: hdmi: " Greg Kroah-Hartman
` (259 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Philipp Zabel, Thomas Zimmermann,
Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit c2da9ada64962fcd2e6395ed9987b9874ea032d3 ]
The .get_modes() hooks aren't supposed to return negative error
codes. Return 0 for no modes, whatever the reason.
Cc: Philipp Zabel <p.zabel@pengutronix.de>
Cc: stable@vger.kernel.org
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/311f6eec96d47949b16a670529f4d89fcd97aefa.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/imx/ipuv3/parallel-display.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/imx/ipuv3/parallel-display.c b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
index 0fa0b590830b6..c62df2557dc65 100644
--- a/drivers/gpu/drm/imx/ipuv3/parallel-display.c
+++ b/drivers/gpu/drm/imx/ipuv3/parallel-display.c
@@ -72,14 +72,14 @@ static int imx_pd_connector_get_modes(struct drm_connector *connector)
int ret;
if (!mode)
- return -EINVAL;
+ return 0;
ret = of_get_drm_display_mode(np, &imxpd->mode,
&imxpd->bus_flags,
OF_USE_NATIVE_MODE);
if (ret) {
drm_mode_destroy(connector->dev, mode);
- return ret;
+ return 0;
}
drm_mode_copy(mode, &imxpd->mode);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 149/396] drm/vc4: hdmi: do not return negative values from .get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 148/396] drm/imx/ipuv3: " Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 150/396] memtest: use {READ,WRITE}_ONCE in memory scanning Greg Kroah-Hartman
` (258 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Ripard, Thomas Zimmermann,
Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit abf493988e380f25242c1023275c68bd3579c9ce ]
The .get_modes() hooks aren't supposed to return negative error
codes. Return 0 for no modes, whatever the reason.
Cc: Maxime Ripard <mripard@kernel.org>
Cc: stable@vger.kernel.org
Acked-by: Maxime Ripard <mripard@kernel.org>
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/dcda6d4003e2c6192987916b35c7304732800e08.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/vc4/vc4_hdmi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vc4/vc4_hdmi.c b/drivers/gpu/drm/vc4/vc4_hdmi.c
index 25c9c71256d35..4626fe9aac563 100644
--- a/drivers/gpu/drm/vc4/vc4_hdmi.c
+++ b/drivers/gpu/drm/vc4/vc4_hdmi.c
@@ -508,7 +508,7 @@ static int vc4_hdmi_connector_get_modes(struct drm_connector *connector)
edid = drm_get_edid(connector, vc4_hdmi->ddc);
cec_s_phys_addr_from_edid(vc4_hdmi->cec_adap, edid);
if (!edid)
- return -ENODEV;
+ return 0;
drm_connector_update_edid_property(connector, edid);
ret = drm_add_edid_modes(connector, edid);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 150/396] memtest: use {READ,WRITE}_ONCE in memory scanning
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 149/396] drm/vc4: hdmi: " Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 151/396] Revert "block/mq-deadline: use correct way to throttling write requests" Greg Kroah-Hartman
` (257 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Qiang Zhang, Bill Wendling,
Justin Stitt, Nathan Chancellor, Nick Desaulniers, Andrew Morton,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qiang Zhang <qiang4.zhang@intel.com>
[ Upstream commit 82634d7e24271698e50a3ec811e5f50de790a65f ]
memtest failed to find bad memory when compiled with clang. So use
{WRITE,READ}_ONCE to access memory to avoid compiler over optimization.
Link: https://lkml.kernel.org/r/20240312080422.691222-1-qiang4.zhang@intel.com
Signed-off-by: Qiang Zhang <qiang4.zhang@intel.com>
Cc: Bill Wendling <morbo@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
mm/memtest.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/mm/memtest.c b/mm/memtest.c
index 32f3e9dda8370..c2c609c391199 100644
--- a/mm/memtest.c
+++ b/mm/memtest.c
@@ -51,10 +51,10 @@ static void __init memtest(u64 pattern, phys_addr_t start_phys, phys_addr_t size
last_bad = 0;
for (p = start; p < end; p++)
- *p = pattern;
+ WRITE_ONCE(*p, pattern);
for (p = start; p < end; p++, start_phys_aligned += incr) {
- if (*p == pattern)
+ if (READ_ONCE(*p) == pattern)
continue;
if (start_phys_aligned == last_bad + incr) {
last_bad += incr;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 151/396] Revert "block/mq-deadline: use correct way to throttling write requests"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 150/396] memtest: use {READ,WRITE}_ONCE in memory scanning Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 152/396] f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Greg Kroah-Hartman
` (256 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Harshit Mogalapalli,
Zhiguo Niu, Bart Van Assche, Jens Axboe, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
[ Upstream commit 256aab46e31683d76d45ccbedc287b4d3f3e322b ]
The code "max(1U, 3 * (1U << shift) / 4)" comes from the Kyber I/O
scheduler. The Kyber I/O scheduler maintains one internal queue per hwq
and hence derives its async_depth from the number of hwq tags. Using
this approach for the mq-deadline scheduler is wrong since the
mq-deadline scheduler maintains one internal queue for all hwqs
combined. Hence this revert.
Cc: stable@vger.kernel.org
Cc: Damien Le Moal <dlemoal@kernel.org>
Cc: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Cc: Zhiguo Niu <Zhiguo.Niu@unisoc.com>
Fixes: d47f9717e5cf ("block/mq-deadline: use correct way to throttling write requests")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240313214218.1736147-1-bvanassche@acm.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/mq-deadline.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/block/mq-deadline.c b/block/mq-deadline.c
index f958e79277b8b..02a916ba62ee7 100644
--- a/block/mq-deadline.c
+++ b/block/mq-deadline.c
@@ -646,9 +646,8 @@ static void dd_depth_updated(struct blk_mq_hw_ctx *hctx)
struct request_queue *q = hctx->queue;
struct deadline_data *dd = q->elevator->elevator_data;
struct blk_mq_tags *tags = hctx->sched_tags;
- unsigned int shift = tags->bitmap_tags.sb.shift;
- dd->async_depth = max(1U, 3 * (1U << shift) / 4);
+ dd->async_depth = max(1UL, 3 * q->nr_requests / 4);
sbitmap_queue_min_shallow_depth(&tags->bitmap_tags, dd->async_depth);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 152/396] f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 151/396] Revert "block/mq-deadline: use correct way to throttling write requests" Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 153/396] f2fs: truncate page cache before clearing flags when aborting atomic write Greg Kroah-Hartman
` (255 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Sungjong Seo, Yeongjin Gil,
Sunmin Jeong, Daeho Jeong, Chao Yu, Jaegeuk Kim, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sunmin Jeong <s_min.jeong@samsung.com>
[ Upstream commit 4bf78322346f6320313683dc9464e5423423ad5c ]
In f2fs_update_inode, i_size of the atomic file isn't updated until
FI_ATOMIC_COMMITTED flag is set. When committing atomic write right
after the writeback of the inode, i_size of the raw inode will not be
updated. It can cause the atomicity corruption due to a mismatch between
old file size and new data.
To prevent the problem, let's mark inode dirty for FI_ATOMIC_COMMITTED
Atomic write thread Writeback thread
__writeback_single_inode
write_inode
f2fs_update_inode
- skip i_size update
f2fs_ioc_commit_atomic_write
f2fs_commit_atomic_write
set_inode_flag(inode, FI_ATOMIC_COMMITTED)
f2fs_do_sync_file
f2fs_fsync_node_pages
- skip f2fs_update_inode since the inode is clean
Fixes: 3db1de0e582c ("f2fs: change the current atomic write way")
Cc: stable@vger.kernel.org #v5.19+
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Reviewed-by: Yeongjin Gil <youngjin.gil@samsung.com>
Signed-off-by: Sunmin Jeong <s_min.jeong@samsung.com>
Reviewed-by: Daeho Jeong <daehojeong@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/f2fs.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index 5c87f472da3d3..f37907f015873 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -3024,6 +3024,7 @@ static inline void __mark_inode_dirty_flag(struct inode *inode,
case FI_INLINE_DOTS:
case FI_PIN_FILE:
case FI_COMPRESS_RELEASED:
+ case FI_ATOMIC_COMMITTED:
f2fs_mark_inode_dirty_sync(inode, true);
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 153/396] f2fs: truncate page cache before clearing flags when aborting atomic write
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 152/396] f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 154/396] nilfs2: fix failure to detect DAT corruption in btree and direct mappings Greg Kroah-Hartman
` (254 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Sungjong Seo, Yeongjin Gil,
Sunmin Jeong, Daeho Jeong, Chao Yu, Jaegeuk Kim, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sunmin Jeong <s_min.jeong@samsung.com>
[ Upstream commit 74b0ebcbdde4c7fe23c979e4cfc2fdbf349c39a3 ]
In f2fs_do_write_data_page, FI_ATOMIC_FILE flag selects the target inode
between the original inode and COW inode. When aborting atomic write and
writeback occur simultaneously, invalid data can be written to original
inode if the FI_ATOMIC_FILE flag is cleared meanwhile.
To prevent the problem, let's truncate all pages before clearing the flag
Atomic write thread Writeback thread
f2fs_abort_atomic_write
clear_inode_flag(inode, FI_ATOMIC_FILE)
__writeback_single_inode
do_writepages
f2fs_do_write_data_page
- use dn of original inode
truncate_inode_pages_final
Fixes: 3db1de0e582c ("f2fs: change the current atomic write way")
Cc: stable@vger.kernel.org #v5.19+
Reviewed-by: Sungjong Seo <sj1557.seo@samsung.com>
Reviewed-by: Yeongjin Gil <youngjin.gil@samsung.com>
Signed-off-by: Sunmin Jeong <s_min.jeong@samsung.com>
Reviewed-by: Daeho Jeong <daehojeong@google.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/f2fs/segment.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c
index 0edd9feff6185..4549964819731 100644
--- a/fs/f2fs/segment.c
+++ b/fs/f2fs/segment.c
@@ -192,6 +192,9 @@ void f2fs_abort_atomic_write(struct inode *inode, bool clean)
if (!f2fs_is_atomic_file(inode))
return;
+ if (clean)
+ truncate_inode_pages_final(inode->i_mapping);
+
release_atomic_write_cnt(inode);
clear_inode_flag(inode, FI_ATOMIC_COMMITTED);
clear_inode_flag(inode, FI_ATOMIC_REPLACE);
@@ -201,7 +204,6 @@ void f2fs_abort_atomic_write(struct inode *inode, bool clean)
F2FS_I(inode)->atomic_write_task = NULL;
if (clean) {
- truncate_inode_pages_final(inode->i_mapping);
f2fs_i_size_write(inode, fi->original_i_size);
fi->original_i_size = 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 154/396] nilfs2: fix failure to detect DAT corruption in btree and direct mappings
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 153/396] f2fs: truncate page cache before clearing flags when aborting atomic write Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 155/396] nilfs2: prevent kernel bug at submit_bh_wbc() Greg Kroah-Hartman
` (253 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+cfed5b56649bddf80d6e, Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
[ Upstream commit f2f26b4a84a0ef41791bd2d70861c8eac748f4ba ]
Patch series "nilfs2: fix kernel bug at submit_bh_wbc()".
This resolves a kernel BUG reported by syzbot. Since there are two
flaws involved, I've made each one a separate patch.
The first patch alone resolves the syzbot-reported bug, but I think
both fixes should be sent to stable, so I've tagged them as such.
This patch (of 2):
Syzbot has reported a kernel bug in submit_bh_wbc() when writing file data
to a nilfs2 file system whose metadata is corrupted.
There are two flaws involved in this issue.
The first flaw is that when nilfs_get_block() locates a data block using
btree or direct mapping, if the disk address translation routine
nilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata
corruption, it can be passed back to nilfs_get_block(). This causes
nilfs_get_block() to misidentify an existing block as non-existent,
causing both data block lookup and insertion to fail inconsistently.
The second flaw is that nilfs_get_block() returns a successful status in
this inconsistent state. This causes the caller __block_write_begin_int()
or others to request a read even though the buffer is not mapped,
resulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc()
failing.
This fixes the first issue by changing the return value to code -EINVAL
when a conversion using DAT fails with code -ENOENT, avoiding the
conflicting condition that leads to the kernel bug described above. Here,
code -EINVAL indicates that metadata corruption was detected during the
block lookup, which will be properly handled as a file system error and
converted to -EIO when passing through the nilfs2 bmap layer.
Link: https://lkml.kernel.org/r/20240313105827.5296-1-konishi.ryusuke@gmail.com
Link: https://lkml.kernel.org/r/20240313105827.5296-2-konishi.ryusuke@gmail.com
Fixes: c3a7abf06ce7 ("nilfs2: support contiguous lookup of blocks")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+cfed5b56649bddf80d6e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=cfed5b56649bddf80d6e
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nilfs2/btree.c | 9 +++++++--
fs/nilfs2/direct.c | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/fs/nilfs2/btree.c b/fs/nilfs2/btree.c
index 13592e82eaf68..65659fa0372e6 100644
--- a/fs/nilfs2/btree.c
+++ b/fs/nilfs2/btree.c
@@ -724,7 +724,7 @@ static int nilfs_btree_lookup_contig(const struct nilfs_bmap *btree,
dat = nilfs_bmap_get_dat(btree);
ret = nilfs_dat_translate(dat, ptr, &blocknr);
if (ret < 0)
- goto out;
+ goto dat_error;
ptr = blocknr;
}
cnt = 1;
@@ -743,7 +743,7 @@ static int nilfs_btree_lookup_contig(const struct nilfs_bmap *btree,
if (dat) {
ret = nilfs_dat_translate(dat, ptr2, &blocknr);
if (ret < 0)
- goto out;
+ goto dat_error;
ptr2 = blocknr;
}
if (ptr2 != ptr + cnt || ++cnt == maxblocks)
@@ -781,6 +781,11 @@ static int nilfs_btree_lookup_contig(const struct nilfs_bmap *btree,
out:
nilfs_btree_free_path(path);
return ret;
+
+ dat_error:
+ if (ret == -ENOENT)
+ ret = -EINVAL; /* Notify bmap layer of metadata corruption */
+ goto out;
}
static void nilfs_btree_promote_key(struct nilfs_bmap *btree,
diff --git a/fs/nilfs2/direct.c b/fs/nilfs2/direct.c
index 4c85914f2abc3..893ab36824cc2 100644
--- a/fs/nilfs2/direct.c
+++ b/fs/nilfs2/direct.c
@@ -66,7 +66,7 @@ static int nilfs_direct_lookup_contig(const struct nilfs_bmap *direct,
dat = nilfs_bmap_get_dat(direct);
ret = nilfs_dat_translate(dat, ptr, &blocknr);
if (ret < 0)
- return ret;
+ goto dat_error;
ptr = blocknr;
}
@@ -79,7 +79,7 @@ static int nilfs_direct_lookup_contig(const struct nilfs_bmap *direct,
if (dat) {
ret = nilfs_dat_translate(dat, ptr2, &blocknr);
if (ret < 0)
- return ret;
+ goto dat_error;
ptr2 = blocknr;
}
if (ptr2 != ptr + cnt)
@@ -87,6 +87,11 @@ static int nilfs_direct_lookup_contig(const struct nilfs_bmap *direct,
}
*ptrp = ptr;
return cnt;
+
+ dat_error:
+ if (ret == -ENOENT)
+ ret = -EINVAL; /* Notify bmap layer of metadata corruption */
+ return ret;
}
static __u64
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 155/396] nilfs2: prevent kernel bug at submit_bh_wbc()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 154/396] nilfs2: fix failure to detect DAT corruption in btree and direct mappings Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 156/396] cifs: add xid to query server interface call Greg Kroah-Hartman
` (252 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi, Andrew Morton,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
[ Upstream commit 269cdf353b5bdd15f1a079671b0f889113865f20 ]
Fix a bug where nilfs_get_block() returns a successful status when
searching and inserting the specified block both fail inconsistently. If
this inconsistent behavior is not due to a previously fixed bug, then an
unexpected race is occurring, so return a temporary error -EAGAIN instead.
This prevents callers such as __block_write_begin_int() from requesting a
read into a buffer that is not mapped, which would cause the BUG_ON check
for the BH_Mapped flag in submit_bh_wbc() to fail.
Link: https://lkml.kernel.org/r/20240313105827.5296-3-konishi.ryusuke@gmail.com
Fixes: 1f5abe7e7dbc ("nilfs2: replace BUG_ON and BUG calls triggerable from ioctl")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nilfs2/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nilfs2/inode.c b/fs/nilfs2/inode.c
index 1a8bd59934761..8e1afa39a62e1 100644
--- a/fs/nilfs2/inode.c
+++ b/fs/nilfs2/inode.c
@@ -112,7 +112,7 @@ int nilfs_get_block(struct inode *inode, sector_t blkoff,
"%s (ino=%lu): a race condition while inserting a data block at offset=%llu",
__func__, inode->i_ino,
(unsigned long long)blkoff);
- err = 0;
+ err = -EAGAIN;
}
nilfs_transaction_abort(inode->i_sb);
goto out;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 156/396] cifs: add xid to query server interface call
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 155/396] nilfs2: prevent kernel bug at submit_bh_wbc() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 157/396] cifs: make sure server interfaces are requested only for SMB3+ Greg Kroah-Hartman
` (251 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Bharath SM,
Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 4cf6e1101a25ca5e63d48adf49b0a8a64bae790f ]
We were passing 0 as the xid for the call to query
server interfaces. This is not great for debugging.
This change adds a real xid.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Reviewed-by: Bharath SM <bharathsm@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 13c0a74747cb ("cifs: make sure server interfaces are requested only for SMB3+")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/connect.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index a4147e999736a..2a564f19dbb39 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -119,6 +119,7 @@ static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server)
static void smb2_query_server_interfaces(struct work_struct *work)
{
int rc;
+ int xid;
struct cifs_tcon *tcon = container_of(work,
struct cifs_tcon,
query_interfaces.work);
@@ -126,7 +127,10 @@ static void smb2_query_server_interfaces(struct work_struct *work)
/*
* query server network interfaces, in case they change
*/
- rc = SMB3_request_interfaces(0, tcon, false);
+ xid = get_xid();
+ rc = SMB3_request_interfaces(xid, tcon, false);
+ free_xid(xid);
+
if (rc) {
if (rc == -EOPNOTSUPP)
return;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 157/396] cifs: make sure server interfaces are requested only for SMB3+
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 156/396] cifs: add xid to query server interface call Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 158/396] cifs: do not let cifs_chan_update_iface deallocate channels Greg Kroah-Hartman
` (250 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Čermák,
Paulo Alcantara, Shyam Prasad N, Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 13c0a74747cb7fdadf58c5d3a7d52cfca2d51736 ]
Some code paths for querying server interfaces make a false
assumption that it will only get called for SMB3+. Since this
function now can get called from a generic code paths, the correct
thing to do is to have specific handler for this functionality
per SMB dialect, and call this handler.
This change adds such a handler and implements this handler only
for SMB 3.0 and 3.1.1.
Cc: stable@vger.kernel.org
Cc: Jan Čermák <sairon@sairon.cz>
Reported-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifsglob.h | 3 +++
fs/smb/client/connect.c | 6 +++++-
fs/smb/client/smb2ops.c | 2 ++
fs/smb/client/smb2pdu.c | 5 +++--
4 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/fs/smb/client/cifsglob.h b/fs/smb/client/cifsglob.h
index 91a4061233f1a..35a12413bbee6 100644
--- a/fs/smb/client/cifsglob.h
+++ b/fs/smb/client/cifsglob.h
@@ -339,6 +339,9 @@ struct smb_version_operations {
/* informational QFS call */
void (*qfs_tcon)(const unsigned int, struct cifs_tcon *,
struct cifs_sb_info *);
+ /* query for server interfaces */
+ int (*query_server_interfaces)(const unsigned int, struct cifs_tcon *,
+ bool);
/* check if a path is accessible or not */
int (*is_path_accessible)(const unsigned int, struct cifs_tcon *,
struct cifs_sb_info *, const char *);
diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 2a564f19dbb39..4c958129181d3 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -123,12 +123,16 @@ static void smb2_query_server_interfaces(struct work_struct *work)
struct cifs_tcon *tcon = container_of(work,
struct cifs_tcon,
query_interfaces.work);
+ struct TCP_Server_Info *server = tcon->ses->server;
/*
* query server network interfaces, in case they change
*/
+ if (!server->ops->query_server_interfaces)
+ return;
+
xid = get_xid();
- rc = SMB3_request_interfaces(xid, tcon, false);
+ rc = server->ops->query_server_interfaces(xid, tcon, false);
free_xid(xid);
if (rc) {
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 5850f861e7e13..978a9f409857a 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -5436,6 +5436,7 @@ struct smb_version_operations smb30_operations = {
.tree_connect = SMB2_tcon,
.tree_disconnect = SMB2_tdis,
.qfs_tcon = smb3_qfs_tcon,
+ .query_server_interfaces = SMB3_request_interfaces,
.is_path_accessible = smb2_is_path_accessible,
.can_echo = smb2_can_echo,
.echo = SMB2_echo,
@@ -5550,6 +5551,7 @@ struct smb_version_operations smb311_operations = {
.tree_connect = SMB2_tcon,
.tree_disconnect = SMB2_tdis,
.qfs_tcon = smb3_qfs_tcon,
+ .query_server_interfaces = SMB3_request_interfaces,
.is_path_accessible = smb2_is_path_accessible,
.can_echo = smb2_can_echo,
.echo = SMB2_echo,
diff --git a/fs/smb/client/smb2pdu.c b/fs/smb/client/smb2pdu.c
index fca55702b51ad..4d7d0bdf7a472 100644
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -409,14 +409,15 @@ smb2_reconnect(__le16 smb2_command, struct cifs_tcon *tcon,
spin_unlock(&ses->ses_lock);
if (!rc &&
- (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL)) {
+ (server->capabilities & SMB2_GLOBAL_CAP_MULTI_CHANNEL) &&
+ server->ops->query_server_interfaces) {
mutex_unlock(&ses->session_mutex);
/*
* query server network interfaces, in case they change
*/
xid = get_xid();
- rc = SMB3_request_interfaces(xid, tcon, false);
+ rc = server->ops->query_server_interfaces(xid, tcon, false);
free_xid(xid);
if (rc == -EOPNOTSUPP && ses->chan_count > 1) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 158/396] cifs: do not let cifs_chan_update_iface deallocate channels
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 157/396] cifs: make sure server interfaces are requested only for SMB3+ Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 159/396] cifs: delete unnecessary NULL checks in cifs_chan_update_iface() Greg Kroah-Hartman
` (249 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shyam Prasad N, Steve French,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 12d1e301bdfd1f2e2f371432dedef7cce8f01c4a ]
cifs_chan_update_iface is meant to check and update the server
interface used for a channel when the existing server interface
is no longer available.
So far, this handler had the code to remove an interface entry
even if a new candidate interface is not available. Allowing
this leads to several corner cases to handle.
This change makes the logic much simpler by not deallocating
the current channel interface entry if a new interface is not
found to replace it with.
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 16a57d768111 ("cifs: reduce warning log level for server not advertising interfaces")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/sess.c | 50 +++++++++++++++++---------------------------
1 file changed, 19 insertions(+), 31 deletions(-)
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 2fc2fbb260bf0..0d76757528e49 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -438,7 +438,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
cifs_dbg(FYI, "unable to find a suitable iface\n");
}
- if (!chan_index && !iface) {
+ if (!iface) {
cifs_dbg(FYI, "unable to get the interface matching: %pIS\n",
&ss);
spin_unlock(&ses->iface_lock);
@@ -446,7 +446,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
}
/* now drop the ref to the current iface */
- if (old_iface && iface) {
+ if (old_iface) {
cifs_dbg(FYI, "replacing iface: %pIS with %pIS\n",
&old_iface->sockaddr,
&iface->sockaddr);
@@ -459,44 +459,32 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
kref_put(&old_iface->refcount, release_iface);
} else if (old_iface) {
- cifs_dbg(FYI, "releasing ref to iface: %pIS\n",
+ /* if a new candidate is not found, keep things as is */
+ cifs_dbg(FYI, "could not replace iface: %pIS\n",
&old_iface->sockaddr);
-
- old_iface->num_channels--;
- if (old_iface->weight_fulfilled)
- old_iface->weight_fulfilled--;
-
- kref_put(&old_iface->refcount, release_iface);
} else if (!chan_index) {
/* special case: update interface for primary channel */
- cifs_dbg(FYI, "referencing primary channel iface: %pIS\n",
- &iface->sockaddr);
- iface->num_channels++;
- iface->weight_fulfilled++;
- } else {
- WARN_ON(!iface);
- cifs_dbg(FYI, "adding new iface: %pIS\n", &iface->sockaddr);
+ if (iface) {
+ cifs_dbg(FYI, "referencing primary channel iface: %pIS\n",
+ &iface->sockaddr);
+ iface->num_channels++;
+ iface->weight_fulfilled++;
+ }
}
spin_unlock(&ses->iface_lock);
- spin_lock(&ses->chan_lock);
- chan_index = cifs_ses_get_chan_index(ses, server);
- if (chan_index == CIFS_INVAL_CHAN_INDEX) {
+ if (iface) {
+ spin_lock(&ses->chan_lock);
+ chan_index = cifs_ses_get_chan_index(ses, server);
+ if (chan_index == CIFS_INVAL_CHAN_INDEX) {
+ spin_unlock(&ses->chan_lock);
+ return 0;
+ }
+
+ ses->chans[chan_index].iface = iface;
spin_unlock(&ses->chan_lock);
- return 0;
}
- ses->chans[chan_index].iface = iface;
-
- /* No iface is found. if secondary chan, drop connection */
- if (!iface && SERVER_IS_CHAN(server))
- ses->chans[chan_index].server = NULL;
-
- spin_unlock(&ses->chan_lock);
-
- if (!iface && SERVER_IS_CHAN(server))
- cifs_put_tcp_session(server, false);
-
return rc;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 159/396] cifs: delete unnecessary NULL checks in cifs_chan_update_iface()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 158/396] cifs: do not let cifs_chan_update_iface deallocate channels Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 160/396] cifs: make cifs_chan_update_iface() a void function Greg Kroah-Hartman
` (248 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Steve French,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit c3a11c0ec66c1e0652e3a2bb4f5cc74eea0ba486 ]
We return early if "iface" is NULL so there is no need to check here.
Delete those checks.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 16a57d768111 ("cifs: reduce warning log level for server not advertising interfaces")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/sess.c | 26 +++++++++++---------------
1 file changed, 11 insertions(+), 15 deletions(-)
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 0d76757528e49..8dadb21292d16 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -464,27 +464,23 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
&old_iface->sockaddr);
} else if (!chan_index) {
/* special case: update interface for primary channel */
- if (iface) {
- cifs_dbg(FYI, "referencing primary channel iface: %pIS\n",
- &iface->sockaddr);
- iface->num_channels++;
- iface->weight_fulfilled++;
- }
+ cifs_dbg(FYI, "referencing primary channel iface: %pIS\n",
+ &iface->sockaddr);
+ iface->num_channels++;
+ iface->weight_fulfilled++;
}
spin_unlock(&ses->iface_lock);
- if (iface) {
- spin_lock(&ses->chan_lock);
- chan_index = cifs_ses_get_chan_index(ses, server);
- if (chan_index == CIFS_INVAL_CHAN_INDEX) {
- spin_unlock(&ses->chan_lock);
- return 0;
- }
-
- ses->chans[chan_index].iface = iface;
+ spin_lock(&ses->chan_lock);
+ chan_index = cifs_ses_get_chan_index(ses, server);
+ if (chan_index == CIFS_INVAL_CHAN_INDEX) {
spin_unlock(&ses->chan_lock);
+ return 0;
}
+ ses->chans[chan_index].iface = iface;
+ spin_unlock(&ses->chan_lock);
+
return rc;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 160/396] cifs: make cifs_chan_update_iface() a void function
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 159/396] cifs: delete unnecessary NULL checks in cifs_chan_update_iface() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 161/396] cifs: reduce warning log level for server not advertising interfaces Greg Kroah-Hartman
` (247 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Steve French,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 8d606c311b75e81063b4ea650b301cbe0c4ed5e1 ]
The return values for cifs_chan_update_iface() didn't match what the
documentation said and nothing was checking them anyway. Just make it
a void function.
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Stable-dep-of: 16a57d768111 ("cifs: reduce warning log level for server not advertising interfaces")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cifsproto.h | 2 +-
fs/smb/client/sess.c | 17 +++++++----------
2 files changed, 8 insertions(+), 11 deletions(-)
diff --git a/fs/smb/client/cifsproto.h b/fs/smb/client/cifsproto.h
index 0cff4f5af1793..ed257612bf0bc 100644
--- a/fs/smb/client/cifsproto.h
+++ b/fs/smb/client/cifsproto.h
@@ -654,7 +654,7 @@ cifs_chan_is_iface_active(struct cifs_ses *ses,
struct TCP_Server_Info *server);
void
cifs_disable_secondary_channels(struct cifs_ses *ses);
-int
+void
cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server);
int
SMB3_request_interfaces(const unsigned int xid, struct cifs_tcon *tcon, bool in_mount);
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 8dadb21292d16..16554216f2f95 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -355,10 +355,9 @@ cifs_disable_secondary_channels(struct cifs_ses *ses)
/*
* update the iface for the channel if necessary.
- * will return 0 when iface is updated, 1 if removed, 2 otherwise
* Must be called with chan_lock held.
*/
-int
+void
cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
{
unsigned int chan_index;
@@ -367,20 +366,19 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
struct cifs_server_iface *old_iface = NULL;
struct cifs_server_iface *last_iface = NULL;
struct sockaddr_storage ss;
- int rc = 0;
spin_lock(&ses->chan_lock);
chan_index = cifs_ses_get_chan_index(ses, server);
if (chan_index == CIFS_INVAL_CHAN_INDEX) {
spin_unlock(&ses->chan_lock);
- return 0;
+ return;
}
if (ses->chans[chan_index].iface) {
old_iface = ses->chans[chan_index].iface;
if (old_iface->is_active) {
spin_unlock(&ses->chan_lock);
- return 1;
+ return;
}
}
spin_unlock(&ses->chan_lock);
@@ -393,7 +391,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
if (!ses->iface_count) {
spin_unlock(&ses->iface_lock);
cifs_dbg(VFS, "server %s does not advertise interfaces\n", ses->server->hostname);
- return 0;
+ return;
}
last_iface = list_last_entry(&ses->iface_list, struct cifs_server_iface,
@@ -433,7 +431,6 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
}
if (list_entry_is_head(iface, &ses->iface_list, iface_head)) {
- rc = 1;
iface = NULL;
cifs_dbg(FYI, "unable to find a suitable iface\n");
}
@@ -442,7 +439,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
cifs_dbg(FYI, "unable to get the interface matching: %pIS\n",
&ss);
spin_unlock(&ses->iface_lock);
- return 0;
+ return;
}
/* now drop the ref to the current iface */
@@ -475,13 +472,13 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
chan_index = cifs_ses_get_chan_index(ses, server);
if (chan_index == CIFS_INVAL_CHAN_INDEX) {
spin_unlock(&ses->chan_lock);
- return 0;
+ return;
}
ses->chans[chan_index].iface = iface;
spin_unlock(&ses->chan_lock);
- return rc;
+ return;
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 161/396] cifs: reduce warning log level for server not advertising interfaces
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 160/396] cifs: make cifs_chan_update_iface() a void function Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 162/396] cifs: open_cached_dir(): add FILE_READ_EA to desired access Greg Kroah-Hartman
` (246 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Čermák, Shyam Prasad N,
Steve French, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shyam Prasad N <sprasad@microsoft.com>
[ Upstream commit 16a57d7681110b25708c7042688412238e6f73a9 ]
Several users have reported this log getting dumped too regularly to
kernel log. The likely root cause has been identified, and it suggests
that this situation is expected for some configurations
(for example SMB2.1).
Since the function returns appropriately even for such cases, it is
fairly harmless to make this a debug log. When needed, the verbosity
can be increased to capture this log.
Cc: stable@vger.kernel.org
Reported-by: Jan Čermák <sairon@sairon.cz>
Signed-off-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/sess.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/smb/client/sess.c b/fs/smb/client/sess.c
index 16554216f2f95..e4168cd8b6c28 100644
--- a/fs/smb/client/sess.c
+++ b/fs/smb/client/sess.c
@@ -224,7 +224,7 @@ int cifs_try_adding_channels(struct cifs_ses *ses)
spin_lock(&ses->iface_lock);
if (!ses->iface_count) {
spin_unlock(&ses->iface_lock);
- cifs_dbg(VFS, "server %s does not advertise interfaces\n",
+ cifs_dbg(ONCE, "server %s does not advertise interfaces\n",
ses->server->hostname);
break;
}
@@ -390,7 +390,7 @@ cifs_chan_update_iface(struct cifs_ses *ses, struct TCP_Server_Info *server)
spin_lock(&ses->iface_lock);
if (!ses->iface_count) {
spin_unlock(&ses->iface_lock);
- cifs_dbg(VFS, "server %s does not advertise interfaces\n", ses->server->hostname);
+ cifs_dbg(ONCE, "server %s does not advertise interfaces\n", ses->server->hostname);
return;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 162/396] cifs: open_cached_dir(): add FILE_READ_EA to desired access
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 161/396] cifs: reduce warning log level for server not advertising interfaces Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 163/396] mtd: rawnand: Fix and simplify again the continuous read derivations Greg Kroah-Hartman
` (245 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Eugene Korenevsky, Steve French,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eugene Korenevsky <ekorenevsky@astralinux.ru>
[ Upstream commit f1b8224b4e6ed59e7e6f5c548673c67410098d8d ]
Since smb2_query_eas() reads EA and uses cached directory,
open_cached_dir() should request FILE_READ_EA access.
Otherwise listxattr() and getxattr() will fail with EACCES
(0xc0000022 STATUS_ACCESS_DENIED SMB status).
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218543
Cc: stable@vger.kernel.org
Signed-off-by: Eugene Korenevsky <ekorenevsky@astralinux.ru>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/cached_dir.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/smb/client/cached_dir.c b/fs/smb/client/cached_dir.c
index 5730c65ffb40d..15e1215bc4e5a 100644
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -233,7 +233,8 @@ int open_cached_dir(unsigned int xid, struct cifs_tcon *tcon,
.tcon = tcon,
.path = path,
.create_options = cifs_create_options(cifs_sb, CREATE_NOT_FILE),
- .desired_access = FILE_READ_DATA | FILE_READ_ATTRIBUTES,
+ .desired_access = FILE_READ_DATA | FILE_READ_ATTRIBUTES |
+ FILE_READ_EA,
.disposition = FILE_OPEN,
.fid = pfid,
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 163/396] mtd: rawnand: Fix and simplify again the continuous read derivations
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 162/396] cifs: open_cached_dir(): add FILE_READ_EA to desired access Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 164/396] mtd: rawnand: Constrain even more when continuous reads are enabled Greg Kroah-Hartman
` (244 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Kerello, Miquel Raynal,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit c7ee7c8d4b60fe46d4861b1200bc1c7ab657960a ]
We need to avoid the first page if we don't read it entirely.
We need to avoid the last page if we don't read it entirely.
While rather simple, this logic has been failed in the previous
fix. This time I wrote about 30 unit tests locally to check each
possible condition, hopefully I covered them all.
Reported-by: Christophe Kerello <christophe.kerello@foss.st.com>
Closes: https://lore.kernel.org/linux-mtd/20240221175327.42f7076d@xps-13/T/#m399bacb10db8f58f6b1f0149a1df867ec086bb0a
Suggested-by: Christophe Kerello <christophe.kerello@foss.st.com>
Fixes: 828f6df1bcba ("mtd: rawnand: Clarify conditions to enable continuous reads")
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Christophe Kerello <christophe.kerello@foss.st.com>
Link: https://lore.kernel.org/linux-mtd/20240223115545.354541-2-miquel.raynal@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/nand_base.c | 34 +++++++++++++++++++-------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c
index 76167b8ca9dda..9118b5753c553 100644
--- a/drivers/mtd/nand/raw/nand_base.c
+++ b/drivers/mtd/nand/raw/nand_base.c
@@ -3461,30 +3461,36 @@ static void rawnand_enable_cont_reads(struct nand_chip *chip, unsigned int page,
u32 readlen, int col)
{
struct mtd_info *mtd = nand_to_mtd(chip);
- unsigned int end_page, end_col;
+ unsigned int first_page, last_page;
chip->cont_read.ongoing = false;
if (!chip->controller->supported_op.cont_read)
return;
- end_page = DIV_ROUND_UP(col + readlen, mtd->writesize);
- end_col = (col + readlen) % mtd->writesize;
+ /*
+ * Don't bother making any calculations if the length is too small.
+ * Side effect: avoids possible integer underflows below.
+ */
+ if (readlen < (2 * mtd->writesize))
+ return;
+ /* Derive the page where continuous read should start (the first full page read) */
+ first_page = page;
if (col)
- page++;
-
- if (end_col && end_page)
- end_page--;
+ first_page++;
- if (page + 1 > end_page)
- return;
-
- chip->cont_read.first_page = page;
- chip->cont_read.last_page = end_page;
- chip->cont_read.ongoing = true;
+ /* Derive the page where continuous read should stop (the last full page read) */
+ last_page = page + ((col + readlen) / mtd->writesize) - 1;
- rawnand_cap_cont_reads(chip);
+ /* Configure and enable continuous read when suitable */
+ if (first_page < last_page) {
+ chip->cont_read.first_page = first_page;
+ chip->cont_read.last_page = last_page;
+ chip->cont_read.ongoing = true;
+ /* May reset the ongoing flag */
+ rawnand_cap_cont_reads(chip);
+ }
}
static void rawnand_cont_read_skip_first_page(struct nand_chip *chip, unsigned int page)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 164/396] mtd: rawnand: Constrain even more when continuous reads are enabled
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 163/396] mtd: rawnand: Fix and simplify again the continuous read derivations Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 165/396] cpufreq: dt: always allocate zeroed cpumask Greg Kroah-Hartman
` (243 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christophe Kerello, Miquel Raynal,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miquel Raynal <miquel.raynal@bootlin.com>
[ Upstream commit 78ffbefba8d7822b232585570b293de5bc397da6 ]
As a matter of fact, continuous reads require additional handling at the
operation level in order for them to work properly. The core helpers do
have this additional logic now, but any time a controller implements its
own page helper, this extra logic is "lost". This means we need another
level of per-controller driver checks to ensure they can leverage
continuous reads. This is for now unsupported, so in order to ensure
continuous reads are enabled only when fully using the core page
helpers, we need to add more initial checks.
Also, as performance is not relevant during raw accesses, we also
prevent these from enabling the feature.
This should solve the issue seen with controllers such as the STM32 FMC2
when in sequencer mode. In this case, the continuous read feature would
be enabled but not leveraged, and most importantly not disabled, leading
to further operations to fail.
Reported-by: Christophe Kerello <christophe.kerello@foss.st.com>
Fixes: 003fe4b9545b ("mtd: rawnand: Support for sequential cache reads")
Cc: stable@vger.kernel.org
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Tested-by: Christophe Kerello <christophe.kerello@foss.st.com>
Link: https://lore.kernel.org/linux-mtd/20240307115315.1942678-1-miquel.raynal@bootlin.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/mtd/nand/raw/nand_base.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/mtd/nand/raw/nand_base.c b/drivers/mtd/nand/raw/nand_base.c
index 9118b5753c553..c059ac4c19f11 100644
--- a/drivers/mtd/nand/raw/nand_base.c
+++ b/drivers/mtd/nand/raw/nand_base.c
@@ -3578,7 +3578,8 @@ static int nand_do_read_ops(struct nand_chip *chip, loff_t from,
oob = ops->oobbuf;
oob_required = oob ? 1 : 0;
- rawnand_enable_cont_reads(chip, page, readlen, col);
+ if (likely(ops->mode != MTD_OPS_RAW))
+ rawnand_enable_cont_reads(chip, page, readlen, col);
while (1) {
struct mtd_ecc_stats ecc_stats = mtd->ecc_stats;
@@ -5196,6 +5197,15 @@ static void rawnand_late_check_supported_ops(struct nand_chip *chip)
if (!nand_has_exec_op(chip))
return;
+ /*
+ * For now, continuous reads can only be used with the core page helpers.
+ * This can be extended later.
+ */
+ if (!(chip->ecc.read_page == nand_read_page_hwecc ||
+ chip->ecc.read_page == nand_read_page_syndrome ||
+ chip->ecc.read_page == nand_read_page_swecc))
+ return;
+
rawnand_check_cont_read_support(chip);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 165/396] cpufreq: dt: always allocate zeroed cpumask
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 164/396] mtd: rawnand: Constrain even more when continuous reads are enabled Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 166/396] x86/CPU/AMD: Update the Zenbleed microcode revisions Greg Kroah-Hartman
` (242 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Marek Szyprowski,
Christoph Lameter (Ampere), Dhruva Gole, Viresh Kumar,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marek Szyprowski <m.szyprowski@samsung.com>
[ Upstream commit d2399501c2c081eac703ca9597ceb83c7875a537 ]
Commit 0499a78369ad ("ARM64: Dynamically allocate cpumasks and increase
supported CPUs to 512") changed the handling of cpumasks on ARM 64bit,
what resulted in the strange issues and warnings during cpufreq-dt
initialization on some big.LITTLE platforms.
This was caused by mixing OPPs between big and LITTLE cores, because
OPP-sharing information between big and LITTLE cores is computed on
cpumask, which in turn was not zeroed on allocation. Fix this by
switching to zalloc_cpumask_var() call.
Fixes: dc279ac6e5b4 ("cpufreq: dt: Refactor initialization to handle probe deferral properly")
CC: stable@vger.kernel.org # v5.10+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Christoph Lameter (Ampere) <cl@linux.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cpufreq/cpufreq-dt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/cpufreq/cpufreq-dt.c b/drivers/cpufreq/cpufreq-dt.c
index 8bd6e5e8f121c..2d83bbc65dd0b 100644
--- a/drivers/cpufreq/cpufreq-dt.c
+++ b/drivers/cpufreq/cpufreq-dt.c
@@ -208,7 +208,7 @@ static int dt_cpufreq_early_init(struct device *dev, int cpu)
if (!priv)
return -ENOMEM;
- if (!alloc_cpumask_var(&priv->cpus, GFP_KERNEL))
+ if (!zalloc_cpumask_var(&priv->cpus, GFP_KERNEL))
return -ENOMEM;
cpumask_set_cpu(cpu, priv->cpus);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 166/396] x86/CPU/AMD: Update the Zenbleed microcode revisions
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 165/396] cpufreq: dt: always allocate zeroed cpumask Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 167/396] net: esp: fix bad handling of pages from page_pool Greg Kroah-Hartman
` (241 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Borislav Petkov (AMD), stable,
Linus Torvalds, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov (AMD) <bp@alien8.de>
[ Upstream commit 5c84b051bd4e777cf37aaff983277e58c99618d5 ]
Update them to the correct revision numbers.
Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix")
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/cpu/amd.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
index bb3efc825bf4f..031bca974fbf3 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
@@ -1006,11 +1006,11 @@ static bool cpu_has_zenbleed_microcode(void)
u32 good_rev = 0;
switch (boot_cpu_data.x86_model) {
- case 0x30 ... 0x3f: good_rev = 0x0830107a; break;
- case 0x60 ... 0x67: good_rev = 0x0860010b; break;
- case 0x68 ... 0x6f: good_rev = 0x08608105; break;
- case 0x70 ... 0x7f: good_rev = 0x08701032; break;
- case 0xa0 ... 0xaf: good_rev = 0x08a00008; break;
+ case 0x30 ... 0x3f: good_rev = 0x0830107b; break;
+ case 0x60 ... 0x67: good_rev = 0x0860010c; break;
+ case 0x68 ... 0x6f: good_rev = 0x08608107; break;
+ case 0x70 ... 0x7f: good_rev = 0x08701033; break;
+ case 0xa0 ... 0xaf: good_rev = 0x08a00009; break;
default:
return false;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 167/396] net: esp: fix bad handling of pages from page_pool
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 166/396] x86/CPU/AMD: Update the Zenbleed microcode revisions Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 168/396] NFSD: Fix nfsd_clid_class use of __string_len() macro Greg Kroah-Hartman
` (240 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ian Kumlien, Dragos Tatulea,
Mina Almasry, Jakub Kicinski, Ilias Apalodimas, Steffen Klassert,
Sasha Levin, Anatoli N . Chechelnickiy
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dragos Tatulea <dtatulea@nvidia.com>
[ Upstream commit c3198822c6cb9fb588e446540485669cc81c5d34 ]
When the skb is reorganized during esp_output (!esp->inline), the pages
coming from the original skb fragments are supposed to be released back
to the system through put_page. But if the skb fragment pages are
originating from a page_pool, calling put_page on them will trigger a
page_pool leak which will eventually result in a crash.
This leak can be easily observed when using CONFIG_DEBUG_VM and doing
ipsec + gre (non offloaded) forwarding:
BUG: Bad page state in process ksoftirqd/16 pfn:1451b6
page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6
flags: 0x200000000000000(node=0|zone=2)
page_type: 0xffffffff()
raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000
raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]
CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x36/0x50
bad_page+0x70/0xf0
free_unref_page_prepare+0x27a/0x460
free_unref_page+0x38/0x120
esp_ssg_unref.isra.0+0x15f/0x200
esp_output_tail+0x66d/0x780
esp_xmit+0x2c5/0x360
validate_xmit_xfrm+0x313/0x370
? validate_xmit_skb+0x1d/0x330
validate_xmit_skb_list+0x4c/0x70
sch_direct_xmit+0x23e/0x350
__dev_queue_xmit+0x337/0xba0
? nf_hook_slow+0x3f/0xd0
ip_finish_output2+0x25e/0x580
iptunnel_xmit+0x19b/0x240
ip_tunnel_xmit+0x5fb/0xb60
ipgre_xmit+0x14d/0x280 [ip_gre]
dev_hard_start_xmit+0xc3/0x1c0
__dev_queue_xmit+0x208/0xba0
? nf_hook_slow+0x3f/0xd0
ip_finish_output2+0x1ca/0x580
ip_sublist_rcv_finish+0x32/0x40
ip_sublist_rcv+0x1b2/0x1f0
? ip_rcv_finish_core.constprop.0+0x460/0x460
ip_list_rcv+0x103/0x130
__netif_receive_skb_list_core+0x181/0x1e0
netif_receive_skb_list_internal+0x1b3/0x2c0
napi_gro_receive+0xc8/0x200
gro_cell_poll+0x52/0x90
__napi_poll+0x25/0x1a0
net_rx_action+0x28e/0x300
__do_softirq+0xc3/0x276
? sort_range+0x20/0x20
run_ksoftirqd+0x1e/0x30
smpboot_thread_fn+0xa6/0x130
kthread+0xcd/0x100
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x31/0x50
? kthread_complete_and_exit+0x20/0x20
ret_from_fork_asm+0x11/0x20
</TASK>
The suggested fix is to introduce a new wrapper (skb_page_unref) that
covers page refcounting for page_pool pages as well.
Cc: stable@vger.kernel.org
Fixes: 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling")
Reported-and-tested-by: Anatoli N.Chechelnickiy <Anatoli.Chechelnickiy@m.interpipe.biz>
Reported-by: Ian Kumlien <ian.kumlien@gmail.com>
Link: https://lore.kernel.org/netdev/CAA85sZvvHtrpTQRqdaOx6gd55zPAVsqMYk_Lwh4Md5knTq7AyA@mail.gmail.com
Signed-off-by: Dragos Tatulea <dtatulea@nvidia.com>
Reviewed-by: Mina Almasry <almasrymina@google.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/linux/skbuff.h | 10 ++++++++++
net/ipv4/esp4.c | 8 ++++----
net/ipv6/esp6.c | 8 ++++----
3 files changed, 18 insertions(+), 8 deletions(-)
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ddfe86deb4e7f..2922059908cc5 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -3438,6 +3438,16 @@ static inline void skb_frag_ref(struct sk_buff *skb, int f)
bool napi_pp_put_page(struct page *page, bool napi_safe);
+static inline void
+skb_page_unref(const struct sk_buff *skb, struct page *page, bool napi_safe)
+{
+#ifdef CONFIG_PAGE_POOL
+ if (skb->pp_recycle && napi_pp_put_page(page, napi_safe))
+ return;
+#endif
+ put_page(page);
+}
+
static inline void
napi_frag_unref(skb_frag_t *frag, bool recycle, bool napi_safe)
{
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index 4ccfc104f13a5..fe501d2186bcf 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -95,7 +95,7 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
__alignof__(struct scatterlist));
}
-static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
+static void esp_ssg_unref(struct xfrm_state *x, void *tmp, struct sk_buff *skb)
{
struct crypto_aead *aead = x->data;
int extralen = 0;
@@ -114,7 +114,7 @@ static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
*/
if (req->src != req->dst)
for (sg = sg_next(req->src); sg; sg = sg_next(sg))
- put_page(sg_page(sg));
+ skb_page_unref(skb, sg_page(sg), false);
}
#ifdef CONFIG_INET_ESPINTCP
@@ -260,7 +260,7 @@ static void esp_output_done(void *data, int err)
}
tmp = ESP_SKB_CB(skb)->tmp;
- esp_ssg_unref(x, tmp);
+ esp_ssg_unref(x, tmp, skb);
kfree(tmp);
if (xo && (xo->flags & XFRM_DEV_RESUME)) {
@@ -639,7 +639,7 @@ int esp_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info *
}
if (sg != dsg)
- esp_ssg_unref(x, tmp);
+ esp_ssg_unref(x, tmp, skb);
if (!err && x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP)
err = esp_output_tail_tcp(x, skb);
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 2cc1a45742d82..a3fa3eda388a4 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -112,7 +112,7 @@ static inline struct scatterlist *esp_req_sg(struct crypto_aead *aead,
__alignof__(struct scatterlist));
}
-static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
+static void esp_ssg_unref(struct xfrm_state *x, void *tmp, struct sk_buff *skb)
{
struct crypto_aead *aead = x->data;
int extralen = 0;
@@ -131,7 +131,7 @@ static void esp_ssg_unref(struct xfrm_state *x, void *tmp)
*/
if (req->src != req->dst)
for (sg = sg_next(req->src); sg; sg = sg_next(sg))
- put_page(sg_page(sg));
+ skb_page_unref(skb, sg_page(sg), false);
}
#ifdef CONFIG_INET6_ESPINTCP
@@ -294,7 +294,7 @@ static void esp_output_done(void *data, int err)
}
tmp = ESP_SKB_CB(skb)->tmp;
- esp_ssg_unref(x, tmp);
+ esp_ssg_unref(x, tmp, skb);
kfree(tmp);
esp_output_encap_csum(skb);
@@ -677,7 +677,7 @@ int esp6_output_tail(struct xfrm_state *x, struct sk_buff *skb, struct esp_info
}
if (sg != dsg)
- esp_ssg_unref(x, tmp);
+ esp_ssg_unref(x, tmp, skb);
if (!err && x->encap && x->encap->encap_type == TCP_ENCAP_ESPINTCP)
err = esp_output_tail_tcp(x, skb);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 168/396] NFSD: Fix nfsd_clid_class use of __string_len() macro
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 167/396] net: esp: fix bad handling of pages from page_pool Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 169/396] drm/i915: Add missing ; to __assign_str() macros in tracepoint code Greg Kroah-Hartman
` (239 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Neil Brown, Olga Kornievskaia,
Dai Ngo, Tom Talpey, Chuck Lever, Jeff Layton,
Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 9388a2aa453321bcf1ad2603959debea9e6ab6d4 ]
I'm working on restructuring the __string* macros so that it doesn't need
to recalculate the string twice. That is, it will save it off when
processing __string() and the __assign_str() will not need to do the work
again as it currently does.
Currently __string_len(item, src, len) doesn't actually use "src", but my
changes will require src to be correct as that is where the __assign_str()
will get its value from.
The event class nfsd_clid_class has:
__string_len(name, name, clp->cl_name.len)
But the second "name" does not exist and causes my changes to fail to
build. That second parameter should be: clp->cl_name.data.
Link: https://lore.kernel.org/linux-trace-kernel/20240222122828.3d8d213c@gandalf.local.home
Cc: Neil Brown <neilb@suse.de>
Cc: Olga Kornievskaia <kolga@netapp.com>
Cc: Dai Ngo <Dai.Ngo@oracle.com>
Cc: Tom Talpey <tom@talpey.com>
Cc: stable@vger.kernel.org
Fixes: d27b74a8675ca ("NFSD: Use new __string_len C macros for nfsd_clid_class")
Acked-by: Chuck Lever <chuck.lever@oracle.com>
Acked-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/nfsd/trace.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/nfsd/trace.h b/fs/nfsd/trace.h
index 8039043488718..d7ed49eef5911 100644
--- a/fs/nfsd/trace.h
+++ b/fs/nfsd/trace.h
@@ -843,7 +843,7 @@ DECLARE_EVENT_CLASS(nfsd_clid_class,
__array(unsigned char, addr, sizeof(struct sockaddr_in6))
__field(unsigned long, flavor)
__array(unsigned char, verifier, NFS4_VERIFIER_SIZE)
- __string_len(name, name, clp->cl_name.len)
+ __string_len(name, clp->cl_name.data, clp->cl_name.len)
),
TP_fast_assign(
__entry->cl_boot = clp->cl_clientid.cl_boot;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 169/396] drm/i915: Add missing ; to __assign_str() macros in tracepoint code
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 168/396] NFSD: Fix nfsd_clid_class use of __string_len() macro Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 170/396] net: hns3: tracing: fix hclgevf trace event strings Greg Kroah-Hartman
` (238 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Vetter, David Airlie,
Ville Syrjälä, Rodrigo Vivi, Steven Rostedt (Google),
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 0df4c388a1e310400a6e90fb10b286e2673756f0 ]
I'm working on improving the __assign_str() and __string() macros to be
more efficient, and removed some unneeded semicolons. This triggered a bug
in the build as some of the __assign_str() macros in intel_display_trace
was missing a terminating semicolon.
Link: https://lore.kernel.org/linux-trace-kernel/20240222133057.2af72a19@gandalf.local.home
Cc: Daniel Vetter <daniel@ffwll.ch>
Cc: David Airlie <airlied@gmail.com>
Cc: stable@vger.kernel.org
Fixes: 2ceea5d88048b ("drm/i915: Print plane name in fbc tracepoints")
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Acked-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/i915/display/intel_display_trace.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_display_trace.h b/drivers/gpu/drm/i915/display/intel_display_trace.h
index 99bdb833591ce..7862e7cefe027 100644
--- a/drivers/gpu/drm/i915/display/intel_display_trace.h
+++ b/drivers/gpu/drm/i915/display/intel_display_trace.h
@@ -411,7 +411,7 @@ TRACE_EVENT(intel_fbc_activate,
struct intel_crtc *crtc = intel_crtc_for_pipe(to_i915(plane->base.dev),
plane->pipe);
__assign_str(dev, __dev_name_kms(plane));
- __assign_str(name, plane->base.name)
+ __assign_str(name, plane->base.name);
__entry->pipe = crtc->pipe;
__entry->frame = intel_crtc_get_vblank_counter(crtc);
__entry->scanline = intel_get_crtc_scanline(crtc);
@@ -438,7 +438,7 @@ TRACE_EVENT(intel_fbc_deactivate,
struct intel_crtc *crtc = intel_crtc_for_pipe(to_i915(plane->base.dev),
plane->pipe);
__assign_str(dev, __dev_name_kms(plane));
- __assign_str(name, plane->base.name)
+ __assign_str(name, plane->base.name);
__entry->pipe = crtc->pipe;
__entry->frame = intel_crtc_get_vblank_counter(crtc);
__entry->scanline = intel_get_crtc_scanline(crtc);
@@ -465,7 +465,7 @@ TRACE_EVENT(intel_fbc_nuke,
struct intel_crtc *crtc = intel_crtc_for_pipe(to_i915(plane->base.dev),
plane->pipe);
__assign_str(dev, __dev_name_kms(plane));
- __assign_str(name, plane->base.name)
+ __assign_str(name, plane->base.name);
__entry->pipe = crtc->pipe;
__entry->frame = intel_crtc_get_vblank_counter(crtc);
__entry->scanline = intel_get_crtc_scanline(crtc);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 170/396] net: hns3: tracing: fix hclgevf trace event strings
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 169/396] drm/i915: Add missing ; to __assign_str() macros in tracepoint code Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 171/396] cxl/trace: Properly initialize cxl_poison region name Greg Kroah-Hartman
` (237 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, netdev, Yisen Zhuang, Salil Mehta,
David S. Miller, Eric Dumazet, Jakub Kicinski, Yufeng Mo,
Huazhong Tan, Paolo Abeni, Jijie Shao, Steven Rostedt (Google),
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
[ Upstream commit 3f9952e8d80cca2da3b47ecd5ad9ec16cfd1a649 ]
The __string() and __assign_str() helper macros of the TRACE_EVENT() macro
are going through some optimizations where only the source string of
__string() will be used and the __assign_str() source will be ignored and
later removed.
To make sure that there's no issues, a new check is added between the
__string() src argument and the __assign_str() src argument that does a
strcmp() to make sure they are the same string.
The hclgevf trace events have:
__assign_str(devname, &hdev->nic.kinfo.netdev->name);
Which triggers the warning:
hclgevf_trace.h:34:39: error: passing argument 1 of ‘strcmp’ from incompatible pointer type [-Werror=incompatible-pointer-types]
34 | __assign_str(devname, &hdev->nic.kinfo.netdev->name);
[..]
arch/x86/include/asm/string_64.h:75:24: note: expected ‘const char *’ but argument is of type ‘char (*)[16]’
75 | int strcmp(const char *cs, const char *ct);
| ~~~~~~~~~~~~^~
Because __assign_str() now has:
WARN_ON_ONCE(__builtin_constant_p(src) ? \
strcmp((src), __data_offsets.dst##_ptr_) : \
(src) != __data_offsets.dst##_ptr_); \
The problem is the '&' on hdev->nic.kinfo.netdev->name. That's because
that name is:
char name[IFNAMSIZ]
Where passing an address '&' of a char array is not compatible with strcmp().
The '&' is not necessary, remove it.
Link: https://lore.kernel.org/linux-trace-kernel/20240313093454.3909afe7@gandalf.local.home
Cc: netdev <netdev@vger.kernel.org>
Cc: Yisen Zhuang <yisen.zhuang@huawei.com>
Cc: Salil Mehta <salil.mehta@huawei.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Yufeng Mo <moyufeng@huawei.com>
Cc: Huazhong Tan <tanhuazhong@huawei.com>
Cc: stable@vger.kernel.org
Acked-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Jijie Shao <shaojijie@huawei.com>
Fixes: d8355240cf8fb ("net: hns3: add trace event support for PF/VF mailbox")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h | 8 ++++----
.../net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h
index 8510b88d49820..f3cd5a376eca9 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_trace.h
@@ -24,7 +24,7 @@ TRACE_EVENT(hclge_pf_mbx_get,
__field(u8, code)
__field(u8, subcode)
__string(pciname, pci_name(hdev->pdev))
- __string(devname, &hdev->vport[0].nic.kinfo.netdev->name)
+ __string(devname, hdev->vport[0].nic.kinfo.netdev->name)
__array(u32, mbx_data, PF_GET_MBX_LEN)
),
@@ -33,7 +33,7 @@ TRACE_EVENT(hclge_pf_mbx_get,
__entry->code = req->msg.code;
__entry->subcode = req->msg.subcode;
__assign_str(pciname, pci_name(hdev->pdev));
- __assign_str(devname, &hdev->vport[0].nic.kinfo.netdev->name);
+ __assign_str(devname, hdev->vport[0].nic.kinfo.netdev->name);
memcpy(__entry->mbx_data, req,
sizeof(struct hclge_mbx_vf_to_pf_cmd));
),
@@ -56,7 +56,7 @@ TRACE_EVENT(hclge_pf_mbx_send,
__field(u8, vfid)
__field(u16, code)
__string(pciname, pci_name(hdev->pdev))
- __string(devname, &hdev->vport[0].nic.kinfo.netdev->name)
+ __string(devname, hdev->vport[0].nic.kinfo.netdev->name)
__array(u32, mbx_data, PF_SEND_MBX_LEN)
),
@@ -64,7 +64,7 @@ TRACE_EVENT(hclge_pf_mbx_send,
__entry->vfid = req->dest_vfid;
__entry->code = le16_to_cpu(req->msg.code);
__assign_str(pciname, pci_name(hdev->pdev));
- __assign_str(devname, &hdev->vport[0].nic.kinfo.netdev->name);
+ __assign_str(devname, hdev->vport[0].nic.kinfo.netdev->name);
memcpy(__entry->mbx_data, req,
sizeof(struct hclge_mbx_pf_to_vf_cmd));
),
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h
index 5d4895bb57a17..b259e95dd53c2 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_trace.h
@@ -23,7 +23,7 @@ TRACE_EVENT(hclge_vf_mbx_get,
__field(u8, vfid)
__field(u16, code)
__string(pciname, pci_name(hdev->pdev))
- __string(devname, &hdev->nic.kinfo.netdev->name)
+ __string(devname, hdev->nic.kinfo.netdev->name)
__array(u32, mbx_data, VF_GET_MBX_LEN)
),
@@ -31,7 +31,7 @@ TRACE_EVENT(hclge_vf_mbx_get,
__entry->vfid = req->dest_vfid;
__entry->code = le16_to_cpu(req->msg.code);
__assign_str(pciname, pci_name(hdev->pdev));
- __assign_str(devname, &hdev->nic.kinfo.netdev->name);
+ __assign_str(devname, hdev->nic.kinfo.netdev->name);
memcpy(__entry->mbx_data, req,
sizeof(struct hclge_mbx_pf_to_vf_cmd));
),
@@ -55,7 +55,7 @@ TRACE_EVENT(hclge_vf_mbx_send,
__field(u8, code)
__field(u8, subcode)
__string(pciname, pci_name(hdev->pdev))
- __string(devname, &hdev->nic.kinfo.netdev->name)
+ __string(devname, hdev->nic.kinfo.netdev->name)
__array(u32, mbx_data, VF_SEND_MBX_LEN)
),
@@ -64,7 +64,7 @@ TRACE_EVENT(hclge_vf_mbx_send,
__entry->code = req->msg.code;
__entry->subcode = req->msg.subcode;
__assign_str(pciname, pci_name(hdev->pdev));
- __assign_str(devname, &hdev->nic.kinfo.netdev->name);
+ __assign_str(devname, hdev->nic.kinfo.netdev->name);
memcpy(__entry->mbx_data, req,
sizeof(struct hclge_mbx_vf_to_pf_cmd));
),
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 171/396] cxl/trace: Properly initialize cxl_poison region name
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 170/396] net: hns3: tracing: fix hclgevf trace event strings Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 172/396] virtio: reenable config if freezing device failed Greg Kroah-Hartman
` (236 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Davidlohr Bueso, Jonathan Cameron,
Dave Jiang, Vishal Verma, Alison Schofield, Ira Weiny,
Dan Williams, Steven Rostedt (Google), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alison Schofield <alison.schofield@intel.com>
[ Upstream commit 6c871260965255a1c142fb77ccee58b172d1690b ]
The TP_STRUCT__entry that gets assigned the region name, or an
empty string if no region is present, is erroneously initialized
to the cxl_region pointer. It needs to be properly initialized
otherwise it's length is wrong and garbage chars can appear in
the kernel trace output: /sys/kernel/tracing/trace
The bad initialization was due in part to a naming conflict with
the parameter: struct cxl_region *region. The field 'region' is
already exposed externally as the region name, so changing that
to something logical, like 'region_name' is not an option. Instead
rename the internal only struct cxl_region to the commonly used
'cxlr'.
Impact is that tooling depending on that trace data can miss
picking up a valid event when searching by region name. The
TP_printk() output, if enabled, does emit the correct region
names in the dmesg log.
This was found during testing of the cxl-list option to report
media-errors for a region.
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Jonathan Cameron <jonathan.cameron@huawei.com>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: stable@vger.kernel.org
Fixes: ddf49d57b841 ("cxl/trace: Add TRACE support for CXL media-error records")
Signed-off-by: Alison Schofield <alison.schofield@intel.com>
Reviewed-by: Ira Weiny <ira.weiny@intel.com>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/cxl/core/trace.h | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/cxl/core/trace.h b/drivers/cxl/core/trace.h
index a0b5819bc70b3..f01d0709c9c32 100644
--- a/drivers/cxl/core/trace.h
+++ b/drivers/cxl/core/trace.h
@@ -642,18 +642,18 @@ u64 cxl_trace_hpa(struct cxl_region *cxlr, struct cxl_memdev *memdev, u64 dpa);
TRACE_EVENT(cxl_poison,
- TP_PROTO(struct cxl_memdev *cxlmd, struct cxl_region *region,
+ TP_PROTO(struct cxl_memdev *cxlmd, struct cxl_region *cxlr,
const struct cxl_poison_record *record, u8 flags,
__le64 overflow_ts, enum cxl_poison_trace_type trace_type),
- TP_ARGS(cxlmd, region, record, flags, overflow_ts, trace_type),
+ TP_ARGS(cxlmd, cxlr, record, flags, overflow_ts, trace_type),
TP_STRUCT__entry(
__string(memdev, dev_name(&cxlmd->dev))
__string(host, dev_name(cxlmd->dev.parent))
__field(u64, serial)
__field(u8, trace_type)
- __string(region, region)
+ __string(region, cxlr ? dev_name(&cxlr->dev) : "")
__field(u64, overflow_ts)
__field(u64, hpa)
__field(u64, dpa)
@@ -673,10 +673,10 @@ TRACE_EVENT(cxl_poison,
__entry->source = cxl_poison_record_source(record);
__entry->trace_type = trace_type;
__entry->flags = flags;
- if (region) {
- __assign_str(region, dev_name(®ion->dev));
- memcpy(__entry->uuid, ®ion->params.uuid, 16);
- __entry->hpa = cxl_trace_hpa(region, cxlmd,
+ if (cxlr) {
+ __assign_str(region, dev_name(&cxlr->dev));
+ memcpy(__entry->uuid, &cxlr->params.uuid, 16);
+ __entry->hpa = cxl_trace_hpa(cxlr, cxlmd,
__entry->dpa);
} else {
__assign_str(region, "");
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 172/396] virtio: reenable config if freezing device failed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 171/396] cxl/trace: Properly initialize cxl_poison region name Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 173/396] LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Greg Kroah-Hartman
` (235 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Michael S. Tsirkin,
Jason Wang, Xuan Zhuo, David Hildenbrand, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Hildenbrand <david@redhat.com>
[ Upstream commit 310227f42882c52356b523e2f4e11690eebcd2ab ]
Currently, we don't reenable the config if freezing the device failed.
For example, virtio-mem currently doesn't support suspend+resume, and
trying to freeze the device will always fail. Afterwards, the device
will no longer respond to resize requests, because it won't get notified
about config changes.
Let's fix this by re-enabling the config if freezing fails.
Fixes: 22b7050a024d ("virtio: defer config changed notifications")
Cc: <stable@kernel.org>
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Xuan Zhuo <xuanzhuo@linux.alibaba.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20240213135425.795001-1-david@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/virtio/virtio.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/drivers/virtio/virtio.c b/drivers/virtio/virtio.c
index 3893dc29eb263..71dee622b771b 100644
--- a/drivers/virtio/virtio.c
+++ b/drivers/virtio/virtio.c
@@ -489,13 +489,19 @@ EXPORT_SYMBOL_GPL(unregister_virtio_device);
int virtio_device_freeze(struct virtio_device *dev)
{
struct virtio_driver *drv = drv_to_virtio(dev->dev.driver);
+ int ret;
virtio_config_disable(dev);
dev->failed = dev->config->get_status(dev) & VIRTIO_CONFIG_S_FAILED;
- if (drv && drv->freeze)
- return drv->freeze(dev);
+ if (drv && drv->freeze) {
+ ret = drv->freeze(dev);
+ if (ret) {
+ virtio_config_enable(dev);
+ return ret;
+ }
+ }
return 0;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 173/396] LoongArch: Change __my_cpu_offset definition to avoid mis-optimization
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 172/396] virtio: reenable config if freezing device failed Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 174/396] LoongArch: Define the __io_aw() hook as mmiowb() Greg Kroah-Hartman
` (234 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Xiaotian Wu, Miao Wang, Xing Li,
Hongchen Zhang, Rui Wang, Huacai Chen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
[ Upstream commit c87e12e0e8c1241410e758e181ca6bf23efa5b5b ]
>From GCC commit 3f13154553f8546a ("df-scan: remove ad-hoc handling of
global regs in asms"), global registers will no longer be forced to add
to the def-use chain. Then current_thread_info(), current_stack_pointer
and __my_cpu_offset may be lifted out of the loop because they are no
longer treated as "volatile variables".
This optimization is still correct for the current_thread_info() and
current_stack_pointer usages because they are associated to a thread.
However it is wrong for __my_cpu_offset because it is associated to a
CPU rather than a thread: if the thread migrates to a different CPU in
the loop, __my_cpu_offset should be changed.
Change __my_cpu_offset definition to treat it as a "volatile variable",
in order to avoid such a mis-optimization.
Cc: stable@vger.kernel.org
Reported-by: Xiaotian Wu <wuxiaotian@loongson.cn>
Reported-by: Miao Wang <shankerwangmiao@gmail.com>
Signed-off-by: Xing Li <lixing@loongson.cn>
Signed-off-by: Hongchen Zhang <zhanghongchen@loongson.cn>
Signed-off-by: Rui Wang <wangrui@loongson.cn>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/include/asm/percpu.h | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/loongarch/include/asm/percpu.h b/arch/loongarch/include/asm/percpu.h
index ed5da02b1cf6f..7e804140500f1 100644
--- a/arch/loongarch/include/asm/percpu.h
+++ b/arch/loongarch/include/asm/percpu.h
@@ -29,7 +29,12 @@ static inline void set_my_cpu_offset(unsigned long off)
__my_cpu_offset = off;
csr_write64(off, PERCPU_BASE_KS);
}
-#define __my_cpu_offset __my_cpu_offset
+
+#define __my_cpu_offset \
+({ \
+ __asm__ __volatile__("":"+r"(__my_cpu_offset)); \
+ __my_cpu_offset; \
+})
#define PERCPU_OP(op, asm_op, c_op) \
static __always_inline unsigned long __percpu_##op(void *ptr, \
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 174/396] LoongArch: Define the __io_aw() hook as mmiowb()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 173/396] LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 175/396] LoongArch/crypto: Clean up useless assignment operations Greg Kroah-Hartman
` (233 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Huacai Chen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Huacai Chen <chenhuacai@loongson.cn>
[ Upstream commit 9c68ece8b2a5c5ff9b2fcaea923dd73efeb174cd ]
Commit fb24ea52f78e0d595852e ("drivers: Remove explicit invocations of
mmiowb()") remove all mmiowb() in drivers, but it says:
"NOTE: mmiowb() has only ever guaranteed ordering in conjunction with
spin_unlock(). However, pairing each mmiowb() removal in this patch with
the corresponding call to spin_unlock() is not at all trivial, so there
is a small chance that this change may regress any drivers incorrectly
relying on mmiowb() to order MMIO writes between CPUs using lock-free
synchronisation."
The mmio in radeon_ring_commit() is protected by a mutex rather than a
spinlock, but in the mutex fastpath it behaves similar to spinlock. We
can add mmiowb() calls in the radeon driver but the maintainer says he
doesn't like such a workaround, and radeon is not the only example of
mutex protected mmio.
So we should extend the mmiowb tracking system from spinlock to mutex,
and maybe other locking primitives. This is not easy and error prone, so
we solve it in the architectural code, by simply defining the __io_aw()
hook as mmiowb(). And we no longer need to override queued_spin_unlock()
so use the generic definition.
Without this, we get such an error when run 'glxgears' on weak ordering
architectures such as LoongArch:
radeon 0000:04:00.0: ring 0 stalled for more than 10324msec
radeon 0000:04:00.0: ring 3 stalled for more than 10240msec
radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000001f412 last fence id 0x000000000001f414 on ring 3)
radeon 0000:04:00.0: GPU lockup (current fence id 0x000000000000f940 last fence id 0x000000000000f941 on ring 0)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
radeon 0000:04:00.0: scheduling IB failed (-35).
[drm:radeon_gem_va_ioctl [radeon]] *ERROR* Couldn't update BO_VA (-35)
Link: https://lore.kernel.org/dri-devel/29df7e26-d7a8-4f67-b988-44353c4270ac@amd.com/T/#t
Link: https://lore.kernel.org/linux-arch/20240301130532.3953167-1-chenhuacai@loongson.cn/T/#t
Cc: stable@vger.kernel.org
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/include/asm/Kbuild | 1 +
arch/loongarch/include/asm/io.h | 2 ++
arch/loongarch/include/asm/qspinlock.h | 18 ------------------
3 files changed, 3 insertions(+), 18 deletions(-)
delete mode 100644 arch/loongarch/include/asm/qspinlock.h
diff --git a/arch/loongarch/include/asm/Kbuild b/arch/loongarch/include/asm/Kbuild
index 93783fa24f6e9..dede0b422cfb9 100644
--- a/arch/loongarch/include/asm/Kbuild
+++ b/arch/loongarch/include/asm/Kbuild
@@ -4,6 +4,7 @@ generic-y += mcs_spinlock.h
generic-y += parport.h
generic-y += early_ioremap.h
generic-y += qrwlock.h
+generic-y += qspinlock.h
generic-y += rwsem.h
generic-y += segment.h
generic-y += user.h
diff --git a/arch/loongarch/include/asm/io.h b/arch/loongarch/include/asm/io.h
index c486c2341b662..4a8adcca329b8 100644
--- a/arch/loongarch/include/asm/io.h
+++ b/arch/loongarch/include/asm/io.h
@@ -71,6 +71,8 @@ extern void __memcpy_fromio(void *to, const volatile void __iomem *from, size_t
#define memcpy_fromio(a, c, l) __memcpy_fromio((a), (c), (l))
#define memcpy_toio(c, a, l) __memcpy_toio((c), (a), (l))
+#define __io_aw() mmiowb()
+
#include <asm-generic/io.h>
#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
diff --git a/arch/loongarch/include/asm/qspinlock.h b/arch/loongarch/include/asm/qspinlock.h
deleted file mode 100644
index 34f43f8ad5912..0000000000000
--- a/arch/loongarch/include/asm/qspinlock.h
+++ /dev/null
@@ -1,18 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0 */
-#ifndef _ASM_QSPINLOCK_H
-#define _ASM_QSPINLOCK_H
-
-#include <asm-generic/qspinlock_types.h>
-
-#define queued_spin_unlock queued_spin_unlock
-
-static inline void queued_spin_unlock(struct qspinlock *lock)
-{
- compiletime_assert_atomic_type(lock->locked);
- c_sync();
- WRITE_ONCE(lock->locked, 0);
-}
-
-#include <asm-generic/qspinlock.h>
-
-#endif /* _ASM_QSPINLOCK_H */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 175/396] LoongArch/crypto: Clean up useless assignment operations
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 174/396] LoongArch: Define the __io_aw() hook as mmiowb() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 176/396] wireguard: netlink: check for dangling peer via is_dead instead of empty list Greg Kroah-Hartman
` (232 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, WANG Xuerui, Wentao Guan, Yuli Wang,
Huacai Chen, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yuli Wang <wangyuli@uniontech.com>
[ Upstream commit fea1c949f6ca5059e12de00d0483645debc5b206 ]
The LoongArch CRC32 hw acceleration is based on arch/mips/crypto/
crc32-mips.c. While the MIPS code supports both MIPS32 and MIPS64,
but LoongArch32 lacks the CRC instruction. As a result, the line
"len -= sizeof(u32)" is unnecessary.
Removing it can make context code style more unified and improve
code readability.
Cc: stable@vger.kernel.org
Reviewed-by: WANG Xuerui <git@xen0n.name>
Suggested-by: Wentao Guan <guanwentao@uniontech.com>
Signed-off-by: Yuli Wang <wangyuli@uniontech.com>
Signed-off-by: Huacai Chen <chenhuacai@loongson.cn>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/loongarch/crypto/crc32-loongarch.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/arch/loongarch/crypto/crc32-loongarch.c b/arch/loongarch/crypto/crc32-loongarch.c
index 1f2a2c3839bcb..1e8ff57a46ca6 100644
--- a/arch/loongarch/crypto/crc32-loongarch.c
+++ b/arch/loongarch/crypto/crc32-loongarch.c
@@ -44,7 +44,6 @@ static u32 crc32_loongarch_hw(u32 crc_, const u8 *p, unsigned int len)
CRC32(crc, value, w);
p += sizeof(u32);
- len -= sizeof(u32);
}
if (len & sizeof(u16)) {
@@ -80,7 +79,6 @@ static u32 crc32c_loongarch_hw(u32 crc_, const u8 *p, unsigned int len)
CRC32C(crc, value, w);
p += sizeof(u32);
- len -= sizeof(u32);
}
if (len & sizeof(u16)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 176/396] wireguard: netlink: check for dangling peer via is_dead instead of empty list
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 175/396] LoongArch/crypto: Clean up useless assignment operations Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 177/396] wireguard: netlink: access device through ctx instead of peer Greg Kroah-Hartman
` (231 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Lillian Berry, Jason A. Donenfeld,
Jiri Pirko, Paolo Abeni, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 55b6c738673871c9b0edae05d0c97995c1ff08c4 ]
If all peers are removed via wg_peer_remove_all(), rather than setting
peer_list to empty, the peer is added to a temporary list with a head on
the stack of wg_peer_remove_all(). If a netlink dump is resumed and the
cursored peer is one that has been removed via wg_peer_remove_all(), it
will iterate from that peer and then attempt to dump freed peers.
Fix this by instead checking peer->is_dead, which was explictly created
for this purpose. Also move up the device_update_lock lockdep assertion,
since reading is_dead relies on that.
It can be reproduced by a small script like:
echo "Setting config..."
ip link add dev wg0 type wireguard
wg setconf wg0 /big-config
(
while true; do
echo "Showing config..."
wg showconf wg0 > /dev/null
done
) &
sleep 4
wg setconf wg0 <(printf "[Peer]\nPublicKey=$(wg genkey)\n")
Resulting in:
BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20
Read of size 8 at addr ffff88811956ec70 by task wg/59
CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5
Call Trace:
<TASK>
dump_stack_lvl+0x47/0x70
print_address_description.constprop.0+0x2c/0x380
print_report+0xab/0x250
kasan_report+0xba/0xf0
__lock_acquire+0x182a/0x1b20
lock_acquire+0x191/0x4b0
down_read+0x80/0x440
get_peer+0x140/0xcb0
wg_get_device_dump+0x471/0x1130
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Reported-by: Lillian Berry <lillian@star-ark.net>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireguard/netlink.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
index dc09b75a32485..12d80306ff3bc 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -255,17 +255,17 @@ static int wg_get_device_dump(struct sk_buff *skb, struct netlink_callback *cb)
if (!peers_nest)
goto out;
ret = 0;
- /* If the last cursor was removed via list_del_init in peer_remove, then
+ lockdep_assert_held(&wg->device_update_lock);
+ /* If the last cursor was removed in peer_remove or peer_remove_all, then
* we just treat this the same as there being no more peers left. The
* reason is that seq_nr should indicate to userspace that this isn't a
* coherent dump anyway, so they'll try again.
*/
if (list_empty(&wg->peer_list) ||
- (ctx->next_peer && list_empty(&ctx->next_peer->peer_list))) {
+ (ctx->next_peer && ctx->next_peer->is_dead)) {
nla_nest_cancel(skb, peers_nest);
goto out;
}
- lockdep_assert_held(&wg->device_update_lock);
peer = list_prepare_entry(ctx->next_peer, &wg->peer_list, peer_list);
list_for_each_entry_continue(peer, &wg->peer_list, peer_list) {
if (get_peer(peer, skb, ctx)) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 177/396] wireguard: netlink: access device through ctx instead of peer
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 176/396] wireguard: netlink: check for dangling peer via is_dead instead of empty list Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 178/396] wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Greg Kroah-Hartman
` (230 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jason A. Donenfeld, Jiri Pirko,
Paolo Abeni, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit 71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f ]
The previous commit fixed a bug that led to a NULL peer->device being
dereferenced. It's actually easier and faster performance-wise to
instead get the device from ctx->wg. This semantically makes more sense
too, since ctx->wg->peer_allowedips.seq is compared with
ctx->allowedips_seq, basing them both in ctx. This also acts as a
defence in depth provision against freed peers.
Cc: stable@vger.kernel.org
Fixes: e7096c131e51 ("net: WireGuard secure network tunnel")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireguard/netlink.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireguard/netlink.c b/drivers/net/wireguard/netlink.c
index 12d80306ff3bc..a6661c9500d40 100644
--- a/drivers/net/wireguard/netlink.c
+++ b/drivers/net/wireguard/netlink.c
@@ -164,8 +164,8 @@ get_peer(struct wg_peer *peer, struct sk_buff *skb, struct dump_ctx *ctx)
if (!allowedips_node)
goto no_allowedips;
if (!ctx->allowedips_seq)
- ctx->allowedips_seq = peer->device->peer_allowedips.seq;
- else if (ctx->allowedips_seq != peer->device->peer_allowedips.seq)
+ ctx->allowedips_seq = ctx->wg->peer_allowedips.seq;
+ else if (ctx->allowedips_seq != ctx->wg->peer_allowedips.seq)
goto no_allowedips;
allowedips_nest = nla_nest_start(skb, WGPEER_A_ALLOWEDIPS);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 178/396] wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64}
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 177/396] wireguard: netlink: access device through ctx instead of peer Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 179/396] ahci: asm1064: correct count of reported ports Greg Kroah-Hartman
` (229 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jason A. Donenfeld, Jiri Pirko,
Paolo Abeni, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason A. Donenfeld <Jason@zx2c4.com>
[ Upstream commit e995f5dd9a9cef818af32ec60fc38d68614afd12 ]
This option is needed to continue booting with QEMU. Recent changes that
made this optional meant that it gets unset in the test harness, and so
WireGuard CI has been broken. Fix this by simply setting this option.
Cc: stable@vger.kernel.org
Fixes: 496ea826d1e1 ("RISC-V: provide Kconfig & commandline options to control parsing "riscv,isa"")
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/wireguard/qemu/arch/riscv32.config | 1 +
tools/testing/selftests/wireguard/qemu/arch/riscv64.config | 1 +
2 files changed, 2 insertions(+)
diff --git a/tools/testing/selftests/wireguard/qemu/arch/riscv32.config b/tools/testing/selftests/wireguard/qemu/arch/riscv32.config
index 2fc36efb166dc..a7f8e8a956259 100644
--- a/tools/testing/selftests/wireguard/qemu/arch/riscv32.config
+++ b/tools/testing/selftests/wireguard/qemu/arch/riscv32.config
@@ -3,6 +3,7 @@ CONFIG_ARCH_RV32I=y
CONFIG_MMU=y
CONFIG_FPU=y
CONFIG_SOC_VIRT=y
+CONFIG_RISCV_ISA_FALLBACK=y
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_OF_PLATFORM=y
diff --git a/tools/testing/selftests/wireguard/qemu/arch/riscv64.config b/tools/testing/selftests/wireguard/qemu/arch/riscv64.config
index dc266f3b19155..daeb3e5e09658 100644
--- a/tools/testing/selftests/wireguard/qemu/arch/riscv64.config
+++ b/tools/testing/selftests/wireguard/qemu/arch/riscv64.config
@@ -2,6 +2,7 @@ CONFIG_ARCH_RV64I=y
CONFIG_MMU=y
CONFIG_FPU=y
CONFIG_SOC_VIRT=y
+CONFIG_RISCV_ISA_FALLBACK=y
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_SERIAL_OF_PLATFORM=y
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 179/396] ahci: asm1064: correct count of reported ports
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 178/396] wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 180/396] ahci: asm1064: asm1166: dont limit " Greg Kroah-Hartman
` (228 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Andrey Jr. Melnikov, Niklas Cassel,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Jr. Melnikov <temnota.am@gmail.com>
[ Upstream commit 9815e39617541ef52d0dfac4be274ad378c6dc09 ]
The ASM1064 SATA host controller always reports wrongly,
that it has 24 ports. But in reality, it only has four ports.
before:
ahci 0000:04:00.0: SSS flag set, parallel bus scan disabled
ahci 0000:04:00.0: AHCI 0001.0301 32 slots 24 ports 6 Gbps 0xffff0f impl SATA mode
ahci 0000:04:00.0: flags: 64bit ncq sntf stag pm led only pio sxs deso sadm sds apst
after:
ahci 0000:04:00.0: ASM1064 has only four ports
ahci 0000:04:00.0: forcing port_map 0xffff0f -> 0xf
ahci 0000:04:00.0: SSS flag set, parallel bus scan disabled
ahci 0000:04:00.0: AHCI 0001.0301 32 slots 24 ports 6 Gbps 0xf impl SATA mode
ahci 0000:04:00.0: flags: 64bit ncq sntf stag pm led only pio sxs deso sadm sds apst
Signed-off-by: "Andrey Jr. Melnikov" <temnota.am@gmail.com>
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Stable-dep-of: 6cd8adc3e189 ("ahci: asm1064: asm1166: don't limit reported ports")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/ahci.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 90d33c519f4c6..9933ad9737bb2 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -670,9 +670,17 @@ MODULE_PARM_DESC(mobile_lpm_policy, "Default LPM policy for mobile chipsets");
static void ahci_pci_save_initial_config(struct pci_dev *pdev,
struct ahci_host_priv *hpriv)
{
- if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA && pdev->device == 0x1166) {
- dev_info(&pdev->dev, "ASM1166 has only six ports\n");
- hpriv->saved_port_map = 0x3f;
+ if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA) {
+ switch (pdev->device) {
+ case 0x1166:
+ dev_info(&pdev->dev, "ASM1166 has only six ports\n");
+ hpriv->saved_port_map = 0x3f;
+ break;
+ case 0x1064:
+ dev_info(&pdev->dev, "ASM1064 has only four ports\n");
+ hpriv->saved_port_map = 0xf;
+ break;
+ }
}
if (pdev->vendor == PCI_VENDOR_ID_JMICRON && pdev->device == 0x2361) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 180/396] ahci: asm1064: asm1166: dont limit reported ports
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 179/396] ahci: asm1064: correct count of reported ports Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 181/396] drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Greg Kroah-Hartman
` (227 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Matt, Conrad Kostecki, Hans de Goede,
Niklas Cassel, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Conrad Kostecki <conikost@gentoo.org>
[ Upstream commit 6cd8adc3e18960f6e59d797285ed34ef473cc896 ]
Previously, patches have been added to limit the reported count of SATA
ports for asm1064 and asm1166 SATA controllers, as those controllers do
report more ports than physically having.
While it is allowed to report more ports than physically having in CAP.NP,
it is not allowed to report more ports than physically having in the PI
(Ports Implemented) register, which is what these HBAs do.
(This is a AHCI spec violation.)
Unfortunately, it seems that the PMP implementation in these ASMedia HBAs
is also violating the AHCI and SATA-IO PMP specification.
What these HBAs do is that they do not report that they support PMP
(CAP.SPM (Supports Port Multiplier) is not set).
Instead, they have decided to add extra "virtual" ports in the PI register
that is used if a port multiplier is connected to any of the physical
ports of the HBA.
Enumerating the devices behind the PMP as specified in the AHCI and
SATA-IO specifications, by using PMP READ and PMP WRITE commands to the
physical ports of the HBA is not possible, you have to use the "virtual"
ports.
This is of course bad, because this gives us no way to detect the device
and vendor ID of the PMP actually connected to the HBA, which means that
we can not apply the proper PMP quirks for the PMP that is connected to
the HBA.
Limiting the port map will thus stop these controllers from working with
SATA Port Multipliers.
This patch reverts both patches for asm1064 and asm1166, so old behavior
is restored and SATA PMP will work again, but it will also reintroduce the
(minutes long) extra boot time for the ASMedia controllers that do not
have a PMP connected (either on the PCIe card itself, or an external PMP).
However, a longer boot time for some, is the lesser evil compared to some
other users not being able to detect their drives at all.
Fixes: 0077a504e1a4 ("ahci: asm1166: correct count of reported ports")
Fixes: 9815e3961754 ("ahci: asm1064: correct count of reported ports")
Cc: stable@vger.kernel.org
Reported-by: Matt <cryptearth@googlemail.com>
Signed-off-by: Conrad Kostecki <conikost@gentoo.org>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
[cassel: rewrote commit message]
Signed-off-by: Niklas Cassel <cassel@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/ata/ahci.c | 13 -------------
1 file changed, 13 deletions(-)
diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c
index 9933ad9737bb2..535de3ed60f23 100644
--- a/drivers/ata/ahci.c
+++ b/drivers/ata/ahci.c
@@ -670,19 +670,6 @@ MODULE_PARM_DESC(mobile_lpm_policy, "Default LPM policy for mobile chipsets");
static void ahci_pci_save_initial_config(struct pci_dev *pdev,
struct ahci_host_priv *hpriv)
{
- if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA) {
- switch (pdev->device) {
- case 0x1166:
- dev_info(&pdev->dev, "ASM1166 has only six ports\n");
- hpriv->saved_port_map = 0x3f;
- break;
- case 0x1064:
- dev_info(&pdev->dev, "ASM1064 has only four ports\n");
- hpriv->saved_port_map = 0xf;
- break;
- }
- }
-
if (pdev->vendor == PCI_VENDOR_ID_JMICRON && pdev->device == 0x2361) {
dev_info(&pdev->dev, "JMB361 has only one port\n");
hpriv->saved_port_map = 1;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 181/396] drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 180/396] ahci: asm1064: asm1166: dont limit " Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 182/396] drm/amd/display: Return the correct HDCP error code Greg Kroah-Hartman
` (226 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Philip Yang, Christian König,
Alex Deucher, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philip Yang <Philip.Yang@amd.com>
[ Upstream commit 6c6064cbe58b43533e3451ad6a8ba9736c109ac3 ]
Otherwise after the GTT bo is released, the GTT and gart space is freed
but amdgpu_ttm_backend_unbind will not clear the gart page table entry
and leave valid mapping entry pointing to the stale system page. Then
if GPU access the gart address mistakely, it will read undefined value
instead page fault, harder to debug and reproduce the real issue.
Cc: stable@vger.kernel.org
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
index f573909332c01..928107d0bfea4 100644
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c
@@ -869,6 +869,7 @@ static void amdgpu_ttm_gart_bind(struct amdgpu_device *adev,
amdgpu_gart_bind(adev, gtt->offset, ttm->num_pages,
gtt->ttm.dma_address, flags);
}
+ gtt->bound = true;
}
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 182/396] drm/amd/display: Return the correct HDCP error code
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 181/396] drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 183/396] drm/amd/display: Fix noise issue on HDMI AV mute Greg Kroah-Hartman
` (225 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Alex Hung, Rodrigo Siqueira, Daniel Wheeler, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
[ Upstream commit e64b3f55e458ce7e2087a0051f47edabf74545e7 ]
[WHY & HOW]
If the display is null when creating an HDCP session, return a proper
error code.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c
index ee67a35c2a8ed..ff930a71e496a 100644
--- a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c
+++ b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c
@@ -513,6 +513,9 @@ enum mod_hdcp_status mod_hdcp_hdcp2_create_session(struct mod_hdcp *hdcp)
hdcp_cmd = (struct ta_hdcp_shared_memory *)psp->hdcp_context.context.mem_context.shared_buf;
memset(hdcp_cmd, 0, sizeof(struct ta_hdcp_shared_memory));
+ if (!display)
+ return MOD_HDCP_STATUS_DISPLAY_NOT_FOUND;
+
hdcp_cmd->in_msg.hdcp2_create_session_v2.display_handle = display->index;
if (hdcp->connection.link.adjust.hdcp2.force_type == MOD_HDCP_FORCE_TYPE_0)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 183/396] drm/amd/display: Fix noise issue on HDMI AV mute
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 182/396] drm/amd/display: Return the correct HDCP error code Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 184/396] dm snapshot: fix lockup in dm_exception_table_exit Greg Kroah-Hartman
` (224 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Wenjing Liu, Wayne Lin, Leo Ma, Daniel Wheeler, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Leo Ma <hanghong.ma@amd.com>
[ Upstream commit 69e3be6893a7e668660b05a966bead82bbddb01d ]
[Why]
When mode switching is triggered there is momentary noise visible on
some HDMI TV or displays.
[How]
Wait for 2 frames to make sure we have enough time to send out AV mute
and sink receives a full frame.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Wenjing Liu <wenjing.liu@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Leo Ma <hanghong.ma@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
index 255713ec29bb0..ba47a1c8eec10 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
@@ -619,10 +619,20 @@ void dcn30_set_avmute(struct pipe_ctx *pipe_ctx, bool enable)
if (pipe_ctx == NULL)
return;
- if (dc_is_hdmi_signal(pipe_ctx->stream->signal) && pipe_ctx->stream_res.stream_enc != NULL)
+ if (dc_is_hdmi_signal(pipe_ctx->stream->signal) && pipe_ctx->stream_res.stream_enc != NULL) {
pipe_ctx->stream_res.stream_enc->funcs->set_avmute(
pipe_ctx->stream_res.stream_enc,
enable);
+
+ /* Wait for two frame to make sure AV mute is sent out */
+ if (enable) {
+ pipe_ctx->stream_res.tg->funcs->wait_for_state(pipe_ctx->stream_res.tg, CRTC_STATE_VACTIVE);
+ pipe_ctx->stream_res.tg->funcs->wait_for_state(pipe_ctx->stream_res.tg, CRTC_STATE_VBLANK);
+ pipe_ctx->stream_res.tg->funcs->wait_for_state(pipe_ctx->stream_res.tg, CRTC_STATE_VACTIVE);
+ pipe_ctx->stream_res.tg->funcs->wait_for_state(pipe_ctx->stream_res.tg, CRTC_STATE_VBLANK);
+ pipe_ctx->stream_res.tg->funcs->wait_for_state(pipe_ctx->stream_res.tg, CRTC_STATE_VACTIVE);
+ }
+ }
}
void dcn30_update_info_frame(struct pipe_ctx *pipe_ctx)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 184/396] dm snapshot: fix lockup in dm_exception_table_exit
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 183/396] drm/amd/display: Fix noise issue on HDMI AV mute Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 185/396] x86/pm: Work around false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
` (223 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, John Pittman, Mikulas Patocka,
Mike Snitzer, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
[ Upstream commit 6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc ]
There was reported lockup when we exit a snapshot with many exceptions.
Fix this by adding "cond_resched" to the loop that frees the exceptions.
Reported-by: John Pittman <jpittman@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/dm-snap.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c
index bf7a574499a34..0ace06d1bee38 100644
--- a/drivers/md/dm-snap.c
+++ b/drivers/md/dm-snap.c
@@ -684,8 +684,10 @@ static void dm_exception_table_exit(struct dm_exception_table *et,
for (i = 0; i < size; i++) {
slot = et->table + i;
- hlist_bl_for_each_entry_safe(ex, pos, n, slot, hash_list)
+ hlist_bl_for_each_entry_safe(ex, pos, n, slot, hash_list) {
kmem_cache_free(mem, ex);
+ cond_resched();
+ }
}
kvfree(et->table);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 185/396] x86/pm: Work around false positive kmemleak report in msr_build_context()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 184/396] dm snapshot: fix lockup in dm_exception_table_exit Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 186/396] wifi: brcmfmac: add per-vendor feature detection callback Greg Kroah-Hartman
` (222 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Anton Altaparmakov, Ingo Molnar,
Rafael J. Wysocki, Linus Torvalds, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anton Altaparmakov <anton@tuxera.com>
[ Upstream commit e3f269ed0accbb22aa8f25d2daffa23c3fccd407 ]
Since:
7ee18d677989 ("x86/power: Make restore_processor_context() sane")
kmemleak reports this issue:
unreferenced object 0xf68241e0 (size 32):
comm "swapper/0", pid 1, jiffies 4294668610 (age 68.432s)
hex dump (first 32 bytes):
00 cc cc cc 29 10 01 c0 00 00 00 00 00 00 00 00 ....)...........
00 42 82 f6 cc cc cc cc cc cc cc cc cc cc cc cc .B..............
backtrace:
[<461c1d50>] __kmem_cache_alloc_node+0x106/0x260
[<ea65e13b>] __kmalloc+0x54/0x160
[<c3858cd2>] msr_build_context.constprop.0+0x35/0x100
[<46635aff>] pm_check_save_msr+0x63/0x80
[<6b6bb938>] do_one_initcall+0x41/0x1f0
[<3f3add60>] kernel_init_freeable+0x199/0x1e8
[<3b538fde>] kernel_init+0x1a/0x110
[<938ae2b2>] ret_from_fork+0x1c/0x28
Which is a false positive.
Reproducer:
- Run rsync of whole kernel tree (multiple times if needed).
- start a kmemleak scan
- Note this is just an example: a lot of our internal tests hit these.
The root cause is similar to the fix in:
b0b592cf0836 x86/pm: Fix false positive kmemleak report in msr_build_context()
ie. the alignment within the packed struct saved_context
which has everything unaligned as there is only "u16 gs;" at start of
struct where in the past there were four u16 there thus aligning
everything afterwards. The issue is with the fact that Kmemleak only
searches for pointers that are aligned (see how pointers are scanned in
kmemleak.c) so when the struct members are not aligned it doesn't see
them.
Testing:
We run a lot of tests with our CI, and after applying this fix we do not
see any kmemleak issues any more whilst without it we see hundreds of
the above report. From a single, simple test run consisting of 416 individual test
cases on kernel 5.10 x86 with kmemleak enabled we got 20 failures due to this,
which is quite a lot. With this fix applied we get zero kmemleak related failures.
Fixes: 7ee18d677989 ("x86/power: Make restore_processor_context() sane")
Signed-off-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Acked-by: "Rafael J. Wysocki" <rafael@kernel.org>
Cc: stable@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/20240314142656.17699-1-anton@tuxera.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/include/asm/suspend_32.h | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/x86/include/asm/suspend_32.h b/arch/x86/include/asm/suspend_32.h
index a800abb1a9925..d8416b3bf832e 100644
--- a/arch/x86/include/asm/suspend_32.h
+++ b/arch/x86/include/asm/suspend_32.h
@@ -12,11 +12,6 @@
/* image of the saved processor state */
struct saved_context {
- /*
- * On x86_32, all segment registers except gs are saved at kernel
- * entry in pt_regs.
- */
- u16 gs;
unsigned long cr0, cr2, cr3, cr4;
u64 misc_enable;
struct saved_msrs saved_msrs;
@@ -27,6 +22,11 @@ struct saved_context {
unsigned long tr;
unsigned long safety;
unsigned long return_address;
+ /*
+ * On x86_32, all segment registers except gs are saved at kernel
+ * entry in pt_regs.
+ */
+ u16 gs;
bool misc_enable_saved;
} __attribute__((packed));
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 186/396] wifi: brcmfmac: add per-vendor feature detection callback
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 185/396] x86/pm: Work around false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 187/396] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Greg Kroah-Hartman
` (221 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arend van Spriel, Kalle Valo,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arend van Spriel <arend.vanspriel@broadcom.com>
[ Upstream commit 14e1391b71027948cdbacdbea4bf8858c2068eb7 ]
Adding a .feat_attach() callback allowing per-vendor overrides
of the driver feature flags. In this patch the callback is only
provided by BCA vendor to disable SAE feature as it has not been
confirmed yet. BCA chips generally do not have the in-driver
supplicant (idsup) feature so they rely on NL80211_CMD_EXTERNAL_AUTH
to trigger user-space authentication.
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240103095704.135651-3-arend.vanspriel@broadcom.com
Stable-dep-of: 85da8f71aaa7 ("wifi: brcmfmac: Demote vendor-specific attach/detach messages to info")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../wireless/broadcom/brcm80211/brcmfmac/bca/core.c | 8 ++++++++
.../wireless/broadcom/brcm80211/brcmfmac/feature.c | 3 +++
.../net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h | 12 ++++++++++++
3 files changed, 23 insertions(+)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
index ac3a36fa3640c..a5d9ac5e67638 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
@@ -7,6 +7,7 @@
#include <core.h>
#include <bus.h>
#include <fwvid.h>
+#include <feature.h>
#include "vops.h"
@@ -21,7 +22,14 @@ static void brcmf_bca_detach(struct brcmf_pub *drvr)
pr_err("%s: executing\n", __func__);
}
+static void brcmf_bca_feat_attach(struct brcmf_if *ifp)
+{
+ /* SAE support not confirmed so disabling for now */
+ ifp->drvr->feat_flags &= ~BIT(BRCMF_FEAT_SAE);
+}
+
const struct brcmf_fwvid_ops brcmf_bca_ops = {
.attach = brcmf_bca_attach,
.detach = brcmf_bca_detach,
+ .feat_attach = brcmf_bca_feat_attach,
};
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
index 6d10c9efbe93d..909a34a1ab503 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c
@@ -13,6 +13,7 @@
#include "debug.h"
#include "fwil.h"
#include "fwil_types.h"
+#include "fwvid.h"
#include "feature.h"
#include "common.h"
@@ -339,6 +340,8 @@ void brcmf_feat_attach(struct brcmf_pub *drvr)
brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_FWSUP, "sup_wpa");
brcmf_feat_iovar_int_get(ifp, BRCMF_FEAT_SCAN_V2, "scan_ver");
+ brcmf_fwvid_feat_attach(ifp);
+
if (drvr->settings->feature_disable) {
brcmf_dbg(INFO, "Features: 0x%02x, disable: 0x%02x\n",
ifp->drvr->feat_flags,
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
index 43df58bb70ad3..17fbdbb76f51b 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
@@ -8,10 +8,12 @@
#include "firmware.h"
struct brcmf_pub;
+struct brcmf_if;
struct brcmf_fwvid_ops {
int (*attach)(struct brcmf_pub *drvr);
void (*detach)(struct brcmf_pub *drvr);
+ void (*feat_attach)(struct brcmf_if *ifp);
};
/* exported functions */
@@ -44,4 +46,14 @@ static inline void brcmf_fwvid_detach(struct brcmf_pub *drvr)
brcmf_fwvid_detach_ops(drvr);
}
+static inline void brcmf_fwvid_feat_attach(struct brcmf_if *ifp)
+{
+ const struct brcmf_fwvid_ops *vops = ifp->drvr->vops;
+
+ if (!vops->feat_attach)
+ return;
+
+ vops->feat_attach(ifp);
+}
+
#endif /* FWVID_H_ */
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 187/396] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 186/396] wifi: brcmfmac: add per-vendor feature detection callback Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 188/396] wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Greg Kroah-Hartman
` (220 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Hector Martin, Neal Gompa,
Arend van Spriel, Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hector Martin <marcan@marcan.st>
[ Upstream commit 9f7861c56b51b84d30114e7fea9d744a9d5ba9b7 ]
Using the WSEC command instead of sae_password seems to be the supported
mechanism on newer firmware, and also how the brcmdhd driver does it.
The existing firmware mechanism intended for (some) Cypress chips has
been separated from the new firmware mechanism using the multi-vendor
framework. Depending on the device it will select the appropriate
firmware mechanism.
This makes WPA3 work with iwd, or with wpa_supplicant pending a support
patchset [2].
[1] https://rachelbythebay.com/w/2023/11/06/wpa3/
[2] http://lists.infradead.org/pipermail/hostap/2023-July/041653.html
Signed-off-by: Hector Martin <marcan@marcan.st>
Reviewed-by: Neal Gompa <neal@gompa.dev>
[arend.vanspriel@broadcom.com: use multi-vendor framework]
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240103095704.135651-5-arend.vanspriel@broadcom.com
Stable-dep-of: 85da8f71aaa7 ("wifi: brcmfmac: Demote vendor-specific attach/detach messages to info")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 56 ++++++++-----------
.../broadcom/brcm80211/brcmfmac/cfg80211.h | 2 +
.../broadcom/brcm80211/brcmfmac/cyw/core.c | 28 ++++++++++
.../broadcom/brcm80211/brcmfmac/fwil.c | 1 +
.../broadcom/brcm80211/brcmfmac/fwil_types.h | 2 +-
.../broadcom/brcm80211/brcmfmac/fwvid.h | 13 +++++
.../broadcom/brcm80211/brcmfmac/wcc/core.c | 9 +++
7 files changed, 76 insertions(+), 35 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 567e3a0675d88..c230bc8900a5c 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -32,6 +32,7 @@
#include "vendor.h"
#include "bus.h"
#include "common.h"
+#include "fwvid.h"
#define BRCMF_SCAN_IE_LEN_MAX 2048
@@ -1686,52 +1687,39 @@ static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
return reason;
}
-static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
+int brcmf_set_wsec(struct brcmf_if *ifp, const u8 *key, u16 key_len, u16 flags)
{
struct brcmf_pub *drvr = ifp->drvr;
struct brcmf_wsec_pmk_le pmk;
int err;
+ if (key_len > sizeof(pmk.key)) {
+ bphy_err(drvr, "key must be less than %zu bytes\n",
+ sizeof(pmk.key));
+ return -EINVAL;
+ }
+
memset(&pmk, 0, sizeof(pmk));
- /* pass pmk directly */
- pmk.key_len = cpu_to_le16(pmk_len);
- pmk.flags = cpu_to_le16(0);
- memcpy(pmk.key, pmk_data, pmk_len);
+ /* pass key material directly */
+ pmk.key_len = cpu_to_le16(key_len);
+ pmk.flags = cpu_to_le16(flags);
+ memcpy(pmk.key, key, key_len);
- /* store psk in firmware */
+ /* store key material in firmware */
err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
&pmk, sizeof(pmk));
if (err < 0)
bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
- pmk_len);
+ key_len);
return err;
}
+BRCMF_EXPORT_SYMBOL_GPL(brcmf_set_wsec);
-static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
- u16 pwd_len)
+static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
{
- struct brcmf_pub *drvr = ifp->drvr;
- struct brcmf_wsec_sae_pwd_le sae_pwd;
- int err;
-
- if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
- bphy_err(drvr, "sae_password must be less than %d\n",
- BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
- return -EINVAL;
- }
-
- sae_pwd.key_len = cpu_to_le16(pwd_len);
- memcpy(sae_pwd.key, pwd_data, pwd_len);
-
- err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
- sizeof(sae_pwd));
- if (err < 0)
- bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
- pwd_len);
-
- return err;
+ return brcmf_set_wsec(ifp, pmk_data, pmk_len, 0);
}
static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
@@ -2502,8 +2490,7 @@ brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
bphy_err(drvr, "failed to clean up user-space RSNE\n");
goto done;
}
- err = brcmf_set_sae_password(ifp, sme->crypto.sae_pwd,
- sme->crypto.sae_pwd_len);
+ err = brcmf_fwvid_set_sae_password(ifp, &sme->crypto);
if (!err && sme->crypto.psk)
err = brcmf_set_pmk(ifp, sme->crypto.psk,
BRCMF_WSEC_MAX_PSK_LEN);
@@ -5257,8 +5244,7 @@ brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
if (crypto->sae_pwd) {
brcmf_dbg(INFO, "using SAE offload\n");
profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE);
- err = brcmf_set_sae_password(ifp, crypto->sae_pwd,
- crypto->sae_pwd_len);
+ err = brcmf_fwvid_set_sae_password(ifp, crypto);
if (err < 0)
goto exit;
}
@@ -5365,10 +5351,12 @@ static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev,
msleep(400);
if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) {
+ struct cfg80211_crypto_settings crypto = {};
+
if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK))
brcmf_set_pmk(ifp, NULL, 0);
if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE))
- brcmf_set_sae_password(ifp, NULL, 0);
+ brcmf_fwvid_set_sae_password(ifp, &crypto);
profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
}
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
index 0e1fa3f0dea2c..dc3a6a537507d 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.h
@@ -468,4 +468,6 @@ void brcmf_set_mpc(struct brcmf_if *ndev, int mpc);
void brcmf_abort_scanning(struct brcmf_cfg80211_info *cfg);
void brcmf_cfg80211_free_netdev(struct net_device *ndev);
+int brcmf_set_wsec(struct brcmf_if *ifp, const u8 *key, u16 key_len, u16 flags);
+
#endif /* BRCMFMAC_CFG80211_H */
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
index b75652ba9359f..24670497f1a40 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
@@ -7,6 +7,7 @@
#include <core.h>
#include <bus.h>
#include <fwvid.h>
+#include <fwil.h>
#include "vops.h"
@@ -21,7 +22,34 @@ static void brcmf_cyw_detach(struct brcmf_pub *drvr)
pr_err("%s: executing\n", __func__);
}
+static int brcmf_cyw_set_sae_pwd(struct brcmf_if *ifp,
+ struct cfg80211_crypto_settings *crypto)
+{
+ struct brcmf_pub *drvr = ifp->drvr;
+ struct brcmf_wsec_sae_pwd_le sae_pwd;
+ u16 pwd_len = crypto->sae_pwd_len;
+ int err;
+
+ if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
+ bphy_err(drvr, "sae_password must be less than %d\n",
+ BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
+ return -EINVAL;
+ }
+
+ sae_pwd.key_len = cpu_to_le16(pwd_len);
+ memcpy(sae_pwd.key, crypto->sae_pwd, pwd_len);
+
+ err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
+ sizeof(sae_pwd));
+ if (err < 0)
+ bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
+ pwd_len);
+
+ return err;
+}
+
const struct brcmf_fwvid_ops brcmf_cyw_ops = {
.attach = brcmf_cyw_attach,
.detach = brcmf_cyw_detach,
+ .set_sae_password = brcmf_cyw_set_sae_pwd,
};
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c
index 72fe8bce6eaf5..a9514d72f770b 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c
@@ -239,6 +239,7 @@ brcmf_fil_iovar_data_set(struct brcmf_if *ifp, const char *name, const void *dat
mutex_unlock(&drvr->proto_block);
return err;
}
+BRCMF_EXPORT_SYMBOL_GPL(brcmf_fil_iovar_data_set);
s32
brcmf_fil_iovar_data_get(struct brcmf_if *ifp, const char *name, void *data,
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
index 611d1a6aabb9e..b68c46caabe86 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil_types.h
@@ -584,7 +584,7 @@ struct brcmf_wsec_key_le {
struct brcmf_wsec_pmk_le {
__le16 key_len;
__le16 flags;
- u8 key[2 * BRCMF_WSEC_MAX_PSK_LEN + 1];
+ u8 key[BRCMF_WSEC_MAX_SAE_PASSWORD_LEN];
};
/**
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
index 17fbdbb76f51b..d9fc76b46db96 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
@@ -6,6 +6,7 @@
#define FWVID_H_
#include "firmware.h"
+#include "cfg80211.h"
struct brcmf_pub;
struct brcmf_if;
@@ -14,6 +15,7 @@ struct brcmf_fwvid_ops {
int (*attach)(struct brcmf_pub *drvr);
void (*detach)(struct brcmf_pub *drvr);
void (*feat_attach)(struct brcmf_if *ifp);
+ int (*set_sae_password)(struct brcmf_if *ifp, struct cfg80211_crypto_settings *crypto);
};
/* exported functions */
@@ -56,4 +58,15 @@ static inline void brcmf_fwvid_feat_attach(struct brcmf_if *ifp)
vops->feat_attach(ifp);
}
+static inline int brcmf_fwvid_set_sae_password(struct brcmf_if *ifp,
+ struct cfg80211_crypto_settings *crypto)
+{
+ const struct brcmf_fwvid_ops *vops = ifp->drvr->vops;
+
+ if (!vops || !vops->set_sae_password)
+ return -EOPNOTSUPP;
+
+ return vops->set_sae_password(ifp, crypto);
+}
+
#endif /* FWVID_H_ */
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
index 5573a47766ad5..2d8f80bd73829 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
@@ -7,6 +7,7 @@
#include <core.h>
#include <bus.h>
#include <fwvid.h>
+#include <fwil.h>
#include "vops.h"
@@ -21,7 +22,15 @@ static void brcmf_wcc_detach(struct brcmf_pub *drvr)
pr_debug("%s: executing\n", __func__);
}
+static int brcmf_wcc_set_sae_pwd(struct brcmf_if *ifp,
+ struct cfg80211_crypto_settings *crypto)
+{
+ return brcmf_set_wsec(ifp, crypto->sae_pwd, crypto->sae_pwd_len,
+ BRCMF_WSEC_PASSPHRASE);
+}
+
const struct brcmf_fwvid_ops brcmf_wcc_ops = {
.attach = brcmf_wcc_attach,
.detach = brcmf_wcc_detach,
+ .set_sae_password = brcmf_wcc_set_sae_pwd,
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 188/396] wifi: brcmfmac: Demote vendor-specific attach/detach messages to info
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 187/396] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 189/396] drm/ttm: Make sure the mapped tt pages are decrypted when needed Greg Kroah-Hartman
` (219 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Hector Martin, Arend van Spriel,
Kalle Valo, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hector Martin <marcan@marcan.st>
[ Upstream commit 85da8f71aaa7b83ea7ef0e89182e0cd47e16d465 ]
People are getting spooked by brcmfmac errors on their boot console.
There's no reason for these messages to be errors.
Cc: stable@vger.kernel.org # 6.2.x
Fixes: d6a5c562214f ("wifi: brcmfmac: add support for vendor-specific firmware api")
Signed-off-by: Hector Martin <marcan@marcan.st>
[arend.vanspriel@broadcom.com: remove attach/detach vendor callbacks]
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20240106103835.269149-2-arend.vanspriel@broadcom.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../broadcom/brcm80211/brcmfmac/bca/core.c | 13 ----------
.../broadcom/brcm80211/brcmfmac/cyw/core.c | 13 ----------
.../broadcom/brcm80211/brcmfmac/fwvid.c | 7 +++--
.../broadcom/brcm80211/brcmfmac/fwvid.h | 26 ++-----------------
.../broadcom/brcm80211/brcmfmac/wcc/core.c | 15 +----------
5 files changed, 6 insertions(+), 68 deletions(-)
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
index a5d9ac5e67638..a963c242975ac 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bca/core.c
@@ -11,17 +11,6 @@
#include "vops.h"
-static int brcmf_bca_attach(struct brcmf_pub *drvr)
-{
- pr_err("%s: executing\n", __func__);
- return 0;
-}
-
-static void brcmf_bca_detach(struct brcmf_pub *drvr)
-{
- pr_err("%s: executing\n", __func__);
-}
-
static void brcmf_bca_feat_attach(struct brcmf_if *ifp)
{
/* SAE support not confirmed so disabling for now */
@@ -29,7 +18,5 @@ static void brcmf_bca_feat_attach(struct brcmf_if *ifp)
}
const struct brcmf_fwvid_ops brcmf_bca_ops = {
- .attach = brcmf_bca_attach,
- .detach = brcmf_bca_detach,
.feat_attach = brcmf_bca_feat_attach,
};
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
index 24670497f1a40..bec5748310b9c 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cyw/core.c
@@ -11,17 +11,6 @@
#include "vops.h"
-static int brcmf_cyw_attach(struct brcmf_pub *drvr)
-{
- pr_err("%s: executing\n", __func__);
- return 0;
-}
-
-static void brcmf_cyw_detach(struct brcmf_pub *drvr)
-{
- pr_err("%s: executing\n", __func__);
-}
-
static int brcmf_cyw_set_sae_pwd(struct brcmf_if *ifp,
struct cfg80211_crypto_settings *crypto)
{
@@ -49,7 +38,5 @@ static int brcmf_cyw_set_sae_pwd(struct brcmf_if *ifp,
}
const struct brcmf_fwvid_ops brcmf_cyw_ops = {
- .attach = brcmf_cyw_attach,
- .detach = brcmf_cyw_detach,
.set_sae_password = brcmf_cyw_set_sae_pwd,
};
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
index f610818c2b059..b427782554b59 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.c
@@ -89,8 +89,7 @@ int brcmf_fwvid_register_vendor(enum brcmf_fwvendor fwvid, struct module *vmod,
if (fwvid >= BRCMF_FWVENDOR_NUM)
return -ERANGE;
- if (WARN_ON(!vmod) || WARN_ON(!vops) ||
- WARN_ON(!vops->attach) || WARN_ON(!vops->detach))
+ if (WARN_ON(!vmod) || WARN_ON(!vops))
return -EINVAL;
if (WARN_ON(fwvid_list[fwvid].vmod))
@@ -150,7 +149,7 @@ static inline int brcmf_fwvid_request_module(enum brcmf_fwvendor fwvid)
}
#endif
-int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr)
+int brcmf_fwvid_attach(struct brcmf_pub *drvr)
{
enum brcmf_fwvendor fwvid = drvr->bus_if->fwvid;
int ret;
@@ -175,7 +174,7 @@ int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr)
return ret;
}
-void brcmf_fwvid_detach_ops(struct brcmf_pub *drvr)
+void brcmf_fwvid_detach(struct brcmf_pub *drvr)
{
enum brcmf_fwvendor fwvid = drvr->bus_if->fwvid;
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
index d9fc76b46db96..dac22534d0334 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwvid.h
@@ -12,8 +12,6 @@ struct brcmf_pub;
struct brcmf_if;
struct brcmf_fwvid_ops {
- int (*attach)(struct brcmf_pub *drvr);
- void (*detach)(struct brcmf_pub *drvr);
void (*feat_attach)(struct brcmf_if *ifp);
int (*set_sae_password)(struct brcmf_if *ifp, struct cfg80211_crypto_settings *crypto);
};
@@ -24,30 +22,10 @@ int brcmf_fwvid_register_vendor(enum brcmf_fwvendor fwvid, struct module *mod,
int brcmf_fwvid_unregister_vendor(enum brcmf_fwvendor fwvid, struct module *mod);
/* core driver functions */
-int brcmf_fwvid_attach_ops(struct brcmf_pub *drvr);
-void brcmf_fwvid_detach_ops(struct brcmf_pub *drvr);
+int brcmf_fwvid_attach(struct brcmf_pub *drvr);
+void brcmf_fwvid_detach(struct brcmf_pub *drvr);
const char *brcmf_fwvid_vendor_name(struct brcmf_pub *drvr);
-static inline int brcmf_fwvid_attach(struct brcmf_pub *drvr)
-{
- int ret;
-
- ret = brcmf_fwvid_attach_ops(drvr);
- if (ret)
- return ret;
-
- return drvr->vops->attach(drvr);
-}
-
-static inline void brcmf_fwvid_detach(struct brcmf_pub *drvr)
-{
- if (!drvr->vops)
- return;
-
- drvr->vops->detach(drvr);
- brcmf_fwvid_detach_ops(drvr);
-}
-
static inline void brcmf_fwvid_feat_attach(struct brcmf_if *ifp)
{
const struct brcmf_fwvid_ops *vops = ifp->drvr->vops;
diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
index 2d8f80bd73829..fd593b93ad404 100644
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/wcc/core.c
@@ -7,21 +7,10 @@
#include <core.h>
#include <bus.h>
#include <fwvid.h>
-#include <fwil.h>
+#include <cfg80211.h>
#include "vops.h"
-static int brcmf_wcc_attach(struct brcmf_pub *drvr)
-{
- pr_debug("%s: executing\n", __func__);
- return 0;
-}
-
-static void brcmf_wcc_detach(struct brcmf_pub *drvr)
-{
- pr_debug("%s: executing\n", __func__);
-}
-
static int brcmf_wcc_set_sae_pwd(struct brcmf_if *ifp,
struct cfg80211_crypto_settings *crypto)
{
@@ -30,7 +19,5 @@ static int brcmf_wcc_set_sae_pwd(struct brcmf_if *ifp,
}
const struct brcmf_fwvid_ops brcmf_wcc_ops = {
- .attach = brcmf_wcc_attach,
- .detach = brcmf_wcc_detach,
.set_sae_password = brcmf_wcc_set_sae_pwd,
};
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 189/396] drm/ttm: Make sure the mapped tt pages are decrypted when needed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 188/396] wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 190/396] drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Greg Kroah-Hartman
` (218 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zack Rusin, Thomas Hellström,
Christian König, Huang Rui, dri-devel, linux-kernel,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zack Rusin <zack.rusin@broadcom.com>
[ Upstream commit 71ce046327cfd3aef3f93d1c44e091395eb03f8f ]
Some drivers require the mapped tt pages to be decrypted. In an ideal
world this would have been handled by the dma layer, but the TTM page
fault handling would have to be rewritten to able to do that.
A side-effect of the TTM page fault handling is using a dma allocation
per order (via ttm_pool_alloc_page) which makes it impossible to just
trivially use dma_mmap_attrs. As a result ttm has to be very careful
about trying to make its pgprot for the mapped tt pages match what
the dma layer thinks it is. At the ttm layer it's possible to
deduce the requirement to have tt pages decrypted by checking
whether coherent dma allocations have been requested and the system
is running with confidential computing technologies.
This approach isn't ideal but keeping TTM matching DMAs expectations
for the page properties is in general fragile, unfortunately proper
fix would require a rewrite of TTM's page fault handling.
Fixes vmwgfx with SEV enabled.
v2: Explicitly include cc_platform.h
v3: Use CC_ATTR_GUEST_MEM_ENCRYPT instead of CC_ATTR_MEM_ENCRYPT to
limit the scope to guests and log when memory decryption is enabled.
Signed-off-by: Zack Rusin <zack.rusin@broadcom.com>
Fixes: 3bf3710e3718 ("drm/ttm: Add a generic TTM memcpy move for page-based iomem")
Reviewed-by: Thomas Hellström <thomas.hellstrom@linux.intel.com>
Acked-by: Christian König <christian.koenig@amd.com>
Cc: Huang Rui <ray.huang@amd.com>
Cc: dri-devel@lists.freedesktop.org
Cc: linux-kernel@vger.kernel.org
Cc: <stable@vger.kernel.org> # v5.14+
Link: https://patchwork.freedesktop.org/patch/msgid/20230926040359.3040017-1-zack@kde.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/ttm/ttm_bo_util.c | 13 +++++++++++--
drivers/gpu/drm/ttm/ttm_tt.c | 13 +++++++++++++
include/drm/ttm/ttm_tt.h | 9 ++++++++-
3 files changed, 32 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/ttm/ttm_bo_util.c b/drivers/gpu/drm/ttm/ttm_bo_util.c
index fd9fd3d15101c..0b3f4267130c4 100644
--- a/drivers/gpu/drm/ttm/ttm_bo_util.c
+++ b/drivers/gpu/drm/ttm/ttm_bo_util.c
@@ -294,7 +294,13 @@ pgprot_t ttm_io_prot(struct ttm_buffer_object *bo, struct ttm_resource *res,
enum ttm_caching caching;
man = ttm_manager_type(bo->bdev, res->mem_type);
- caching = man->use_tt ? bo->ttm->caching : res->bus.caching;
+ if (man->use_tt) {
+ caching = bo->ttm->caching;
+ if (bo->ttm->page_flags & TTM_TT_FLAG_DECRYPTED)
+ tmp = pgprot_decrypted(tmp);
+ } else {
+ caching = res->bus.caching;
+ }
return ttm_prot_from_caching(caching, tmp);
}
@@ -337,6 +343,8 @@ static int ttm_bo_kmap_ttm(struct ttm_buffer_object *bo,
.no_wait_gpu = false
};
struct ttm_tt *ttm = bo->ttm;
+ struct ttm_resource_manager *man =
+ ttm_manager_type(bo->bdev, bo->resource->mem_type);
pgprot_t prot;
int ret;
@@ -346,7 +354,8 @@ static int ttm_bo_kmap_ttm(struct ttm_buffer_object *bo,
if (ret)
return ret;
- if (num_pages == 1 && ttm->caching == ttm_cached) {
+ if (num_pages == 1 && ttm->caching == ttm_cached &&
+ !(man->use_tt && (ttm->page_flags & TTM_TT_FLAG_DECRYPTED))) {
/*
* We're mapping a single page, and the desired
* page protection is consistent with the bo.
diff --git a/drivers/gpu/drm/ttm/ttm_tt.c b/drivers/gpu/drm/ttm/ttm_tt.c
index e0a77671edd6c..43eaffa7faae3 100644
--- a/drivers/gpu/drm/ttm/ttm_tt.c
+++ b/drivers/gpu/drm/ttm/ttm_tt.c
@@ -31,11 +31,14 @@
#define pr_fmt(fmt) "[TTM] " fmt
+#include <linux/cc_platform.h>
#include <linux/sched.h>
#include <linux/shmem_fs.h>
#include <linux/file.h>
#include <linux/module.h>
#include <drm/drm_cache.h>
+#include <drm/drm_device.h>
+#include <drm/drm_util.h>
#include <drm/ttm/ttm_bo.h>
#include <drm/ttm/ttm_tt.h>
@@ -60,6 +63,7 @@ static atomic_long_t ttm_dma32_pages_allocated;
int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc)
{
struct ttm_device *bdev = bo->bdev;
+ struct drm_device *ddev = bo->base.dev;
uint32_t page_flags = 0;
dma_resv_assert_held(bo->base.resv);
@@ -81,6 +85,15 @@ int ttm_tt_create(struct ttm_buffer_object *bo, bool zero_alloc)
pr_err("Illegal buffer object type\n");
return -EINVAL;
}
+ /*
+ * When using dma_alloc_coherent with memory encryption the
+ * mapped TT pages need to be decrypted or otherwise the drivers
+ * will end up sending encrypted mem to the gpu.
+ */
+ if (bdev->pool.use_dma_alloc && cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT)) {
+ page_flags |= TTM_TT_FLAG_DECRYPTED;
+ drm_info(ddev, "TT memory decryption enabled.");
+ }
bo->ttm = bdev->funcs->ttm_tt_create(bo, page_flags);
if (unlikely(bo->ttm == NULL))
diff --git a/include/drm/ttm/ttm_tt.h b/include/drm/ttm/ttm_tt.h
index a4eff85b1f449..2b9d856ff388d 100644
--- a/include/drm/ttm/ttm_tt.h
+++ b/include/drm/ttm/ttm_tt.h
@@ -79,6 +79,12 @@ struct ttm_tt {
* page_flags = TTM_TT_FLAG_EXTERNAL |
* TTM_TT_FLAG_EXTERNAL_MAPPABLE;
*
+ * TTM_TT_FLAG_DECRYPTED: The mapped ttm pages should be marked as
+ * not encrypted. The framework will try to match what the dma layer
+ * is doing, but note that it is a little fragile because ttm page
+ * fault handling abuses the DMA api a bit and dma_map_attrs can't be
+ * used to assure pgprot always matches.
+ *
* TTM_TT_FLAG_PRIV_POPULATED: TTM internal only. DO NOT USE. This is
* set by TTM after ttm_tt_populate() has successfully returned, and is
* then unset when TTM calls ttm_tt_unpopulate().
@@ -87,8 +93,9 @@ struct ttm_tt {
#define TTM_TT_FLAG_ZERO_ALLOC BIT(1)
#define TTM_TT_FLAG_EXTERNAL BIT(2)
#define TTM_TT_FLAG_EXTERNAL_MAPPABLE BIT(3)
+#define TTM_TT_FLAG_DECRYPTED BIT(4)
-#define TTM_TT_FLAG_PRIV_POPULATED BIT(4)
+#define TTM_TT_FLAG_PRIV_POPULATED BIT(5)
uint32_t page_flags;
/** @num_pages: Number of pages in the page array. */
uint32_t num_pages;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 190/396] drm/bridge: add ->edid_read hook and drm_bridge_edid_read()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 189/396] drm/ttm: Make sure the mapped tt pages are decrypted when needed Greg Kroah-Hartman
@ 2024-04-01 15:43 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 191/396] drm/bridge: lt8912b: use drm_bridge_edid_read() Greg Kroah-Hartman
` (217 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:43 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jani Nikula, Neil Armstrong,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit d807ad80d811ba0c22adfd871e2a46491f80d6e2 ]
Add new struct drm_edid based ->edid_read hook and
drm_bridge_edid_read() function to call the hook.
v2: Include drm/drm_edid.h
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/9d08d22eaffcb9c59a2b677e45d7e61fc689bc2f.1706038510.git.jani.nikula@intel.com
Stable-dep-of: 171b711b26cc ("drm/bridge: lt8912b: do not return negative values from .get_modes()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/drm_bridge.c | 46 +++++++++++++++++++++++++++++++++++-
include/drm/drm_bridge.h | 33 ++++++++++++++++++++++++++
2 files changed, 78 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/drm_bridge.c b/drivers/gpu/drm/drm_bridge.c
index 39e68e45bb124..67354afbd7168 100644
--- a/drivers/gpu/drm/drm_bridge.c
+++ b/drivers/gpu/drm/drm_bridge.c
@@ -27,8 +27,9 @@
#include <linux/mutex.h>
#include <drm/drm_atomic_state_helper.h>
-#include <drm/drm_debugfs.h>
#include <drm/drm_bridge.h>
+#include <drm/drm_debugfs.h>
+#include <drm/drm_edid.h>
#include <drm/drm_encoder.h>
#include <drm/drm_file.h>
#include <drm/drm_of.h>
@@ -1206,6 +1207,47 @@ int drm_bridge_get_modes(struct drm_bridge *bridge,
}
EXPORT_SYMBOL_GPL(drm_bridge_get_modes);
+/**
+ * drm_bridge_edid_read - read the EDID data of the connected display
+ * @bridge: bridge control structure
+ * @connector: the connector to read EDID for
+ *
+ * If the bridge supports output EDID retrieval, as reported by the
+ * DRM_BRIDGE_OP_EDID bridge ops flag, call &drm_bridge_funcs.edid_read to get
+ * the EDID and return it. Otherwise return NULL.
+ *
+ * If &drm_bridge_funcs.edid_read is not set, fall back to using
+ * drm_bridge_get_edid() and wrapping it in struct drm_edid.
+ *
+ * RETURNS:
+ * The retrieved EDID on success, or NULL otherwise.
+ */
+const struct drm_edid *drm_bridge_edid_read(struct drm_bridge *bridge,
+ struct drm_connector *connector)
+{
+ if (!(bridge->ops & DRM_BRIDGE_OP_EDID))
+ return NULL;
+
+ /* Transitional: Fall back to ->get_edid. */
+ if (!bridge->funcs->edid_read) {
+ const struct drm_edid *drm_edid;
+ struct edid *edid;
+
+ edid = drm_bridge_get_edid(bridge, connector);
+ if (!edid)
+ return NULL;
+
+ drm_edid = drm_edid_alloc(edid, (edid->extensions + 1) * EDID_LENGTH);
+
+ kfree(edid);
+
+ return drm_edid;
+ }
+
+ return bridge->funcs->edid_read(bridge, connector);
+}
+EXPORT_SYMBOL_GPL(drm_bridge_edid_read);
+
/**
* drm_bridge_get_edid - get the EDID data of the connected display
* @bridge: bridge control structure
@@ -1215,6 +1257,8 @@ EXPORT_SYMBOL_GPL(drm_bridge_get_modes);
* DRM_BRIDGE_OP_EDID bridge ops flag, call &drm_bridge_funcs.get_edid to
* get the EDID and return it. Otherwise return NULL.
*
+ * Deprecated. Prefer using drm_bridge_edid_read().
+ *
* RETURNS:
* The retrieved EDID on success, or NULL otherwise.
*/
diff --git a/include/drm/drm_bridge.h b/include/drm/drm_bridge.h
index 103ff57fc83cf..b20cfe5bf30b3 100644
--- a/include/drm/drm_bridge.h
+++ b/include/drm/drm_bridge.h
@@ -555,6 +555,37 @@ struct drm_bridge_funcs {
int (*get_modes)(struct drm_bridge *bridge,
struct drm_connector *connector);
+ /**
+ * @edid_read:
+ *
+ * Read the EDID data of the connected display.
+ *
+ * The @edid_read callback is the preferred way of reporting mode
+ * information for a display connected to the bridge output. Bridges
+ * that support reading EDID shall implement this callback and leave
+ * the @get_modes callback unimplemented.
+ *
+ * The caller of this operation shall first verify the output
+ * connection status and refrain from reading EDID from a disconnected
+ * output.
+ *
+ * This callback is optional. Bridges that implement it shall set the
+ * DRM_BRIDGE_OP_EDID flag in their &drm_bridge->ops.
+ *
+ * The connector parameter shall be used for the sole purpose of EDID
+ * retrieval, and shall not be stored internally by bridge drivers for
+ * future usage.
+ *
+ * RETURNS:
+ *
+ * An edid structure newly allocated with drm_edid_alloc() or returned
+ * from drm_edid_read() family of functions on success, or NULL
+ * otherwise. The caller is responsible for freeing the returned edid
+ * structure with drm_edid_free().
+ */
+ const struct drm_edid *(*edid_read)(struct drm_bridge *bridge,
+ struct drm_connector *connector);
+
/**
* @get_edid:
*
@@ -888,6 +919,8 @@ drm_atomic_helper_bridge_propagate_bus_fmt(struct drm_bridge *bridge,
enum drm_connector_status drm_bridge_detect(struct drm_bridge *bridge);
int drm_bridge_get_modes(struct drm_bridge *bridge,
struct drm_connector *connector);
+const struct drm_edid *drm_bridge_edid_read(struct drm_bridge *bridge,
+ struct drm_connector *connector);
struct edid *drm_bridge_get_edid(struct drm_bridge *bridge,
struct drm_connector *connector);
void drm_bridge_hpd_enable(struct drm_bridge *bridge,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 191/396] drm/bridge: lt8912b: use drm_bridge_edid_read()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2024-04-01 15:43 ` [PATCH 6.6 190/396] drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 192/396] drm/bridge: lt8912b: clear the EDID property on failures Greg Kroah-Hartman
` (216 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Adrien Grassein, Andrzej Hajda,
Neil Armstrong, Robert Foss, Laurent Pinchart, Jonas Karlman,
Jernej Skrabec, Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 60d1fe1a7f302cc1151b155ac2d134db59bb1420 ]
Prefer using the struct drm_edid based functions.
cc: Adrien Grassein <adrien.grassein@gmail.com>
Cc: Andrzej Hajda <andrzej.hajda@intel.com>
Cc: Neil Armstrong <neil.armstrong@linaro.org>
Cc: Robert Foss <rfoss@kernel.org>
Cc: Laurent Pinchart <Laurent.pinchart@ideasonboard.com>
Cc: Jonas Karlman <jonas@kwiboo.se>
Cc: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/32c9b52fe6fa7cbad6bfd0ff00041876977e02ea.1706038510.git.jani.nikula@intel.com
Stable-dep-of: 171b711b26cc ("drm/bridge: lt8912b: do not return negative values from .get_modes()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/lontium-lt8912b.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/bridge/lontium-lt8912b.c b/drivers/gpu/drm/bridge/lontium-lt8912b.c
index 03532efb893bb..491c08306f81a 100644
--- a/drivers/gpu/drm/bridge/lontium-lt8912b.c
+++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c
@@ -429,16 +429,16 @@ lt8912_connector_mode_valid(struct drm_connector *connector,
static int lt8912_connector_get_modes(struct drm_connector *connector)
{
- struct edid *edid;
+ const struct drm_edid *drm_edid;
int ret = -1;
int num = 0;
struct lt8912 *lt = connector_to_lt8912(connector);
u32 bus_format = MEDIA_BUS_FMT_RGB888_1X24;
- edid = drm_bridge_get_edid(lt->hdmi_port, connector);
- if (edid) {
- drm_connector_update_edid_property(connector, edid);
- num = drm_add_edid_modes(connector, edid);
+ drm_edid = drm_bridge_edid_read(lt->hdmi_port, connector);
+ if (drm_edid) {
+ drm_edid_connector_update(connector, drm_edid);
+ num = drm_edid_connector_add_modes(connector);
} else {
return ret;
}
@@ -448,7 +448,7 @@ static int lt8912_connector_get_modes(struct drm_connector *connector)
if (ret)
num = ret;
- kfree(edid);
+ drm_edid_free(drm_edid);
return num;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 192/396] drm/bridge: lt8912b: clear the EDID property on failures
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 191/396] drm/bridge: lt8912b: use drm_bridge_edid_read() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 193/396] drm/bridge: lt8912b: do not return negative values from .get_modes() Greg Kroah-Hartman
` (215 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Adrien Grassein, Andrzej Hajda,
Neil Armstrong, Robert Foss, Laurent Pinchart, Jonas Karlman,
Jernej Skrabec, Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 29e032296da5d6294378ffa8bad8e976c5aadbf5 ]
If EDID read fails, clear the EDID property.
Cc: Adrien Grassein <adrien.grassein@gmail.com>
Cc: Andrzej Hajda <andrzej.hajda@intel.com>
Cc: Neil Armstrong <neil.armstrong@linaro.org>
Cc: Robert Foss <rfoss@kernel.org>
Cc: Laurent Pinchart <Laurent.pinchart@ideasonboard.com>
Cc: Jonas Karlman <jonas@kwiboo.se>
Cc: Jernej Skrabec <jernej.skrabec@gmail.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Reviewed-by: Neil Armstrong <neil.armstrong@linaro.org>
Link: https://patchwork.freedesktop.org/patch/msgid/2080adaadf4bba3d85f58c42c065caf9aad9a4ef.1706038510.git.jani.nikula@intel.com
Stable-dep-of: 171b711b26cc ("drm/bridge: lt8912b: do not return negative values from .get_modes()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/lontium-lt8912b.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/bridge/lontium-lt8912b.c b/drivers/gpu/drm/bridge/lontium-lt8912b.c
index 491c08306f81a..f0ebd56b4736a 100644
--- a/drivers/gpu/drm/bridge/lontium-lt8912b.c
+++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c
@@ -436,8 +436,8 @@ static int lt8912_connector_get_modes(struct drm_connector *connector)
u32 bus_format = MEDIA_BUS_FMT_RGB888_1X24;
drm_edid = drm_bridge_edid_read(lt->hdmi_port, connector);
+ drm_edid_connector_update(connector, drm_edid);
if (drm_edid) {
- drm_edid_connector_update(connector, drm_edid);
num = drm_edid_connector_add_modes(connector);
} else {
return ret;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 193/396] drm/bridge: lt8912b: do not return negative values from .get_modes()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 192/396] drm/bridge: lt8912b: clear the EDID property on failures Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 194/396] workqueue: Shorten events_freezable_power_efficient name Greg Kroah-Hartman
` (214 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Adrien Grassein, Thomas Zimmermann,
Jani Nikula, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jani Nikula <jani.nikula@intel.com>
[ Upstream commit 171b711b26cce208bb628526b1b368aeec7b6fa4 ]
The .get_modes() hooks aren't supposed to return negative error
codes. Return 0 for no modes, whatever the reason.
Cc: Adrien Grassein <adrien.grassein@gmail.com>
Cc: stable@vger.kernel.org
Acked-by: Thomas Zimmermann <tzimmermann@suse.de>
Link: https://patchwork.freedesktop.org/patch/msgid/dcdddcbcb64b6f6cdc55022ee50c10dee8ddbc3d.1709913674.git.jani.nikula@intel.com
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/bridge/lontium-lt8912b.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/drivers/gpu/drm/bridge/lontium-lt8912b.c b/drivers/gpu/drm/bridge/lontium-lt8912b.c
index f0ebd56b4736a..e5839c89a355a 100644
--- a/drivers/gpu/drm/bridge/lontium-lt8912b.c
+++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c
@@ -430,23 +430,21 @@ lt8912_connector_mode_valid(struct drm_connector *connector,
static int lt8912_connector_get_modes(struct drm_connector *connector)
{
const struct drm_edid *drm_edid;
- int ret = -1;
- int num = 0;
struct lt8912 *lt = connector_to_lt8912(connector);
u32 bus_format = MEDIA_BUS_FMT_RGB888_1X24;
+ int ret, num;
drm_edid = drm_bridge_edid_read(lt->hdmi_port, connector);
drm_edid_connector_update(connector, drm_edid);
- if (drm_edid) {
- num = drm_edid_connector_add_modes(connector);
- } else {
- return ret;
- }
+ if (!drm_edid)
+ return 0;
+
+ num = drm_edid_connector_add_modes(connector);
ret = drm_display_info_set_bus_formats(&connector->display_info,
&bus_format, 1);
- if (ret)
- num = ret;
+ if (ret < 0)
+ num = 0;
drm_edid_free(drm_edid);
return num;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 194/396] workqueue: Shorten events_freezable_power_efficient name
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 193/396] drm/bridge: lt8912b: do not return negative values from .get_modes() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 195/396] drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Greg Kroah-Hartman
` (213 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Audra Mitchell, Tejun Heo
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Audra Mitchell <audra@redhat.com>
commit 8318d6a6362f5903edb4c904a8dd447e59be4ad1 upstream.
Since we have set the WQ_NAME_LEN to 32, decrease the name of
events_freezable_power_efficient so that it does not trip the name length
warning when the workqueue is created.
Signed-off-by: Audra Mitchell <audra@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/workqueue.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/workqueue.c
+++ b/kernel/workqueue.c
@@ -7109,7 +7109,7 @@ void __init workqueue_init_early(void)
WQ_FREEZABLE, 0);
system_power_efficient_wq = alloc_workqueue("events_power_efficient",
WQ_POWER_EFFICIENT, 0);
- system_freezable_power_efficient_wq = alloc_workqueue("events_freezable_power_efficient",
+ system_freezable_power_efficient_wq = alloc_workqueue("events_freezable_pwr_efficient",
WQ_FREEZABLE | WQ_POWER_EFFICIENT,
0);
BUG_ON(!system_wq || !system_highpri_wq || !system_long_wq ||
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 195/396] drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 194/396] workqueue: Shorten events_freezable_power_efficient name Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 196/396] net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams Greg Kroah-Hartman
` (212 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Harry Wentland,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 2f14c0c8cae8e9e3b603a3f91909baba66540027 upstream.
The monitor shipped with the Framework 16 supports VRR [1], but it's not
being advertised.
This is because the detailed timing block doesn't contain
`EDID_DETAIL_MONITOR_RANGE` which amdgpu looks for to find min and max
frequencies. This check however is superfluous for this case because
update_display_info() calls drm_get_monitor_range() to get these ranges
already.
So if the `DRM_EDID_FEATURE_CONTINUOUS_FREQ` EDID feature is found then
turn on freesync without extra checks.
v2: squash in fix from Harry
Closes: https://www.reddit.com/r/framework/comments/1b4y2i5/no_variable_refresh_rate_on_the_framework_16_on/
Closes: https://www.reddit.com/r/framework/comments/1b6vzcy/framework_16_variable_refresh_rate/
Closes: https://community.frame.work/t/resolved-no-vrr-freesync-with-amd-version/42338
Link: https://gist.github.com/superm1/e8fbacfa4d0f53150231d3a3e0a13faf
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -10746,18 +10746,24 @@ void amdgpu_dm_update_freesync_caps(stru
if (!adev->dm.freesync_module)
goto update;
- if (sink->sink_signal == SIGNAL_TYPE_DISPLAY_PORT
- || sink->sink_signal == SIGNAL_TYPE_EDP) {
+ if (edid && (sink->sink_signal == SIGNAL_TYPE_DISPLAY_PORT ||
+ sink->sink_signal == SIGNAL_TYPE_EDP)) {
bool edid_check_required = false;
- if (edid) {
- edid_check_required = is_dp_capable_without_timing_msa(
- adev->dm.dc,
- amdgpu_dm_connector);
+ if (is_dp_capable_without_timing_msa(adev->dm.dc,
+ amdgpu_dm_connector)) {
+ if (edid->features & DRM_EDID_FEATURE_CONTINUOUS_FREQ) {
+ freesync_capable = true;
+ amdgpu_dm_connector->min_vfreq = connector->display_info.monitor_range.min_vfreq;
+ amdgpu_dm_connector->max_vfreq = connector->display_info.monitor_range.max_vfreq;
+ } else {
+ edid_check_required = edid->version > 1 ||
+ (edid->version == 1 &&
+ edid->revision > 1);
+ }
}
- if (edid_check_required == true && (edid->version > 1 ||
- (edid->version == 1 && edid->revision > 1))) {
+ if (edid_check_required) {
for (i = 0; i < 4; i++) {
timing = &edid->detailed_timings[i];
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 196/396] net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams.
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 195/396] drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 197/396] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman
` (211 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Heng Guo, Kun Song, Filip Pudak,
David Ahern, David S. Miller, Vitezslav Samel
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heng Guo <heng.guo@windriver.com>
commit b4a11b2033b7d3dfdd46592f7036a775b18cecd1 upstream.
Reproduce environment:
network with 3 VM linuxs is connected as below:
VM1<---->VM2(latest kernel 6.5.0-rc7)<---->VM3
VM1: eth0 ip: 192.168.122.207 MTU 1500
VM2: eth0 ip: 192.168.122.208, eth1 ip: 192.168.123.224 MTU 1500
VM3: eth0 ip: 192.168.123.240 MTU 1500
Reproduce:
VM1 send 1400 bytes UDP data to VM3 using tools scapy with flags=0.
scapy command:
send(IP(dst="192.168.123.240",flags=0)/UDP()/str('0'*1400),count=1,
inter=1.000000)
Result:
Before IP data is sent.
----------------------------------------------------------------------
root@qemux86-64:~# cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
FragOKs FragFails FragCreates
Ip: 1 64 11 0 3 4 0 0 4 7 0 0 0 0 0 0 0 0 0
......
----------------------------------------------------------------------
After IP data is sent.
----------------------------------------------------------------------
root@qemux86-64:~# cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
FragOKs FragFails FragCreates
Ip: 1 64 12 0 3 5 0 0 4 8 0 0 0 0 0 0 0 0 0
......
----------------------------------------------------------------------
"ForwDatagrams" increase from 4 to 5 and "OutRequests" also increase
from 7 to 8.
Issue description and patch:
IPSTATS_MIB_OUTPKTS("OutRequests") is counted with IPSTATS_MIB_OUTOCTETS
("OutOctets") in ip_finish_output2().
According to RFC 4293, it is "OutOctets" counted with "OutTransmits" but
not "OutRequests". "OutRequests" does not include any datagrams counted
in "ForwDatagrams".
ipSystemStatsOutOctets OBJECT-TYPE
DESCRIPTION
"The total number of octets in IP datagrams delivered to the
lower layers for transmission. Octets from datagrams
counted in ipIfStatsOutTransmits MUST be counted here.
ipSystemStatsOutRequests OBJECT-TYPE
DESCRIPTION
"The total number of IP datagrams that local IP user-
protocols (including ICMP) supplied to IP in requests for
transmission. Note that this counter does not include any
datagrams counted in ipSystemStatsOutForwDatagrams.
So do patch to define IPSTATS_MIB_OUTPKTS to "OutTransmits" and add
IPSTATS_MIB_OUTREQUESTS for "OutRequests".
Add IPSTATS_MIB_OUTREQUESTS counter in __ip_local_out() for ipv4 and add
IPSTATS_MIB_OUT counter in ip6_finish_output2() for ipv6.
Test result with patch:
Before IP data is sent.
----------------------------------------------------------------------
root@qemux86-64:~# cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
FragOKs FragFails FragCreates OutTransmits
Ip: 1 64 9 0 5 1 0 0 3 3 0 0 0 0 0 0 0 0 0 4
......
root@qemux86-64:~# cat /proc/net/netstat
......
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts
OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets
InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT1Pkts
InECT0Pkts InCEPkts ReasmOverlaps
IpExt: 0 0 0 0 0 0 2976 1896 0 0 0 0 0 9 0 0 0 0
----------------------------------------------------------------------
After IP data is sent.
----------------------------------------------------------------------
root@qemux86-64:~# cat /proc/net/snmp
Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors
ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests
OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails
FragOKs FragFails FragCreates OutTransmits
Ip: 1 64 10 0 5 2 0 0 3 3 0 0 0 0 0 0 0 0 0 5
......
root@qemux86-64:~# cat /proc/net/netstat
......
IpExt: InNoRoutes InTruncatedPkts InMcastPkts OutMcastPkts InBcastPkts
OutBcastPkts InOctets OutOctets InMcastOctets OutMcastOctets
InBcastOctets OutBcastOctets InCsumErrors InNoECTPkts InECT1Pkts
InECT0Pkts InCEPkts ReasmOverlaps
IpExt: 0 0 0 0 0 0 4404 3324 0 0 0 0 0 10 0 0 0 0
----------------------------------------------------------------------
"ForwDatagrams" increase from 1 to 2 and "OutRequests" is keeping 3.
"OutTransmits" increase from 4 to 5 and "OutOctets" increase 1428.
Signed-off-by: Heng Guo <heng.guo@windriver.com>
Reviewed-by: Kun Song <Kun.Song@windriver.com>
Reviewed-by: Filip Pudak <filip.pudak@windriver.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Reported-by: Vitezslav Samel <vitezslav@samel.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/uapi/linux/snmp.h | 3 ++-
net/ipv4/ip_output.c | 2 ++
net/ipv4/proc.c | 3 ++-
net/ipv6/ip6_output.c | 6 ++++--
net/ipv6/mcast.c | 5 ++---
net/ipv6/ndisc.c | 2 +-
net/ipv6/proc.c | 3 ++-
net/ipv6/raw.c | 2 +-
8 files changed, 16 insertions(+), 10 deletions(-)
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -24,7 +24,7 @@ enum
IPSTATS_MIB_INOCTETS, /* InOctets */
IPSTATS_MIB_INDELIVERS, /* InDelivers */
IPSTATS_MIB_OUTFORWDATAGRAMS, /* OutForwDatagrams */
- IPSTATS_MIB_OUTPKTS, /* OutRequests */
+ IPSTATS_MIB_OUTREQUESTS, /* OutRequests */
IPSTATS_MIB_OUTOCTETS, /* OutOctets */
/* other fields */
IPSTATS_MIB_INHDRERRORS, /* InHdrErrors */
@@ -57,6 +57,7 @@ enum
IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */
IPSTATS_MIB_CEPKTS, /* InCEPkts */
IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */
+ IPSTATS_MIB_OUTPKTS, /* OutTransmits */
__IPSTATS_MIB_MAX
};
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -101,6 +101,8 @@ int __ip_local_out(struct net *net, stru
{
struct iphdr *iph = ip_hdr(skb);
+ IP_INC_STATS(net, IPSTATS_MIB_OUTREQUESTS);
+
iph_set_totlen(iph, skb->len);
ip_send_check(iph);
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -83,7 +83,7 @@ static const struct snmp_mib snmp4_ipsta
SNMP_MIB_ITEM("InUnknownProtos", IPSTATS_MIB_INUNKNOWNPROTOS),
SNMP_MIB_ITEM("InDiscards", IPSTATS_MIB_INDISCARDS),
SNMP_MIB_ITEM("InDelivers", IPSTATS_MIB_INDELIVERS),
- SNMP_MIB_ITEM("OutRequests", IPSTATS_MIB_OUTPKTS),
+ SNMP_MIB_ITEM("OutRequests", IPSTATS_MIB_OUTREQUESTS),
SNMP_MIB_ITEM("OutDiscards", IPSTATS_MIB_OUTDISCARDS),
SNMP_MIB_ITEM("OutNoRoutes", IPSTATS_MIB_OUTNOROUTES),
SNMP_MIB_ITEM("ReasmTimeout", IPSTATS_MIB_REASMTIMEOUT),
@@ -93,6 +93,7 @@ static const struct snmp_mib snmp4_ipsta
SNMP_MIB_ITEM("FragOKs", IPSTATS_MIB_FRAGOKS),
SNMP_MIB_ITEM("FragFails", IPSTATS_MIB_FRAGFAILS),
SNMP_MIB_ITEM("FragCreates", IPSTATS_MIB_FRAGCREATES),
+ SNMP_MIB_ITEM("OutTransmits", IPSTATS_MIB_OUTPKTS),
SNMP_MIB_SENTINEL
};
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -117,6 +117,8 @@ static int ip6_finish_output2(struct net
return res;
}
+ IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
+
rcu_read_lock();
nexthop = rt6_nexthop((struct rt6_info *)dst, daddr);
neigh = __ipv6_neigh_lookup_noref(dev, nexthop);
@@ -335,7 +337,7 @@ int ip6_xmit(const struct sock *sk, stru
mtu = dst_mtu(dst);
if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) {
- IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
+ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
/* if egress device is enslaved to an L3 master device pass the
* skb to its handler for processing
@@ -1995,7 +1997,7 @@ struct sk_buff *__ip6_make_skb(struct so
skb->tstamp = cork->base.transmit_time;
ip6_cork_steal_dst(skb, cork);
- IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
+ IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
if (proto == IPPROTO_ICMPV6) {
struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
u8 icmp6_type;
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1789,7 +1789,7 @@ static void mld_sendpack(struct sk_buff
rcu_read_lock();
idev = __in6_dev_get(skb->dev);
- IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
+ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
payload_len = (skb_tail_pointer(skb) - skb_network_header(skb)) -
sizeof(*pip6);
@@ -2147,8 +2147,7 @@ static void igmp6_send(struct in6_addr *
full_len = sizeof(struct ipv6hdr) + payload_len;
rcu_read_lock();
- IP6_UPD_PO_STATS(net, __in6_dev_get(dev),
- IPSTATS_MIB_OUT, full_len);
+ IP6_INC_STATS(net, __in6_dev_get(dev), IPSTATS_MIB_OUTREQUESTS);
rcu_read_unlock();
skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err);
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -504,7 +504,7 @@ void ndisc_send_skb(struct sk_buff *skb,
rcu_read_lock();
idev = __in6_dev_get(dst->dev);
- IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len);
+ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTREQUESTS);
err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT,
net, sk, skb, NULL, dst->dev,
--- a/net/ipv6/proc.c
+++ b/net/ipv6/proc.c
@@ -61,7 +61,7 @@ static const struct snmp_mib snmp6_ipsta
SNMP_MIB_ITEM("Ip6InDiscards", IPSTATS_MIB_INDISCARDS),
SNMP_MIB_ITEM("Ip6InDelivers", IPSTATS_MIB_INDELIVERS),
SNMP_MIB_ITEM("Ip6OutForwDatagrams", IPSTATS_MIB_OUTFORWDATAGRAMS),
- SNMP_MIB_ITEM("Ip6OutRequests", IPSTATS_MIB_OUTPKTS),
+ SNMP_MIB_ITEM("Ip6OutRequests", IPSTATS_MIB_OUTREQUESTS),
SNMP_MIB_ITEM("Ip6OutDiscards", IPSTATS_MIB_OUTDISCARDS),
SNMP_MIB_ITEM("Ip6OutNoRoutes", IPSTATS_MIB_OUTNOROUTES),
SNMP_MIB_ITEM("Ip6ReasmTimeout", IPSTATS_MIB_REASMTIMEOUT),
@@ -84,6 +84,7 @@ static const struct snmp_mib snmp6_ipsta
SNMP_MIB_ITEM("Ip6InECT1Pkts", IPSTATS_MIB_ECT1PKTS),
SNMP_MIB_ITEM("Ip6InECT0Pkts", IPSTATS_MIB_ECT0PKTS),
SNMP_MIB_ITEM("Ip6InCEPkts", IPSTATS_MIB_CEPKTS),
+ SNMP_MIB_ITEM("Ip6OutTransmits", IPSTATS_MIB_OUTPKTS),
SNMP_MIB_SENTINEL
};
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -651,7 +651,7 @@ static int rawv6_send_hdrinc(struct sock
* have been queued for deletion.
*/
rcu_read_lock();
- IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len);
+ IP6_INC_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUTREQUESTS);
err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb,
NULL, rt->dst.dev, dst_output);
if (err > 0)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 197/396] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 196/396] net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 198/396] netfilter: nf_tables: disallow anonymous set with timeout flag Greg Kroah-Hartman
` (210 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Mingi Cho, Pablo Neira Ayuso
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 552705a3650bbf46a22b1adedc1b04181490fc36 upstream.
While the rhashtable set gc runs asynchronously, a race allows it to
collect elements from anonymous sets with timeouts while it is being
released from the commit path.
Mingi Cho originally reported this issue in a different path in 6.1.x
with a pipapo set with low timeouts which is not possible upstream since
7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set
element timeout").
Fix this by setting on the dead flag for anonymous sets to skip async gc
in this case.
According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on
transaction abort"), Florian plans to accelerate abort path by releasing
objects via workqueue, therefore, this sets on the dead flag for abort
path too.
Cc: stable@vger.kernel.org
Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Reported-by: Mingi Cho <mgcho.minic@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5367,6 +5367,7 @@ static void nf_tables_unbind_set(const s
if (list_empty(&set->bindings) && nft_set_is_anonymous(set)) {
list_del_rcu(&set->list);
+ set->dead = 1;
if (event)
nf_tables_set_notify(ctx, set, NFT_MSG_DELSET,
GFP_KERNEL);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 198/396] netfilter: nf_tables: disallow anonymous set with timeout flag
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 197/396] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 199/396] netfilter: nf_tables: reject constant set with timeout Greg Kroah-Hartman
` (209 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, lonial con, Pablo Neira Ayuso
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 16603605b667b70da974bea8216c93e7db043bf1 upstream.
Anonymous sets are never used with timeout from userspace, reject this.
Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
Cc: stable@vger.kernel.org
Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support")
Reported-by: lonial con <kongln9170@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4942,6 +4942,9 @@ static int nf_tables_newset(struct sk_bu
if ((flags & (NFT_SET_EVAL | NFT_SET_OBJECT)) ==
(NFT_SET_EVAL | NFT_SET_OBJECT))
return -EOPNOTSUPP;
+ if ((flags & (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT | NFT_SET_EVAL)) ==
+ (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT))
+ return -EOPNOTSUPP;
}
desc.dtype = 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 199/396] netfilter: nf_tables: reject constant set with timeout
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 198/396] netfilter: nf_tables: disallow anonymous set with timeout flag Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 200/396] Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Greg Kroah-Hartman
` (208 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Pablo Neira Ayuso
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pablo Neira Ayuso <pablo@netfilter.org>
commit 5f4fc4bd5cddb4770ab120ce44f02695c4505562 upstream.
This set combination is weird: it allows for elements to be
added/deleted, but once bound to the rule it cannot be updated anymore.
Eventually, all elements expire, leading to an empty set which cannot
be updated anymore. Reject this flags combination.
Cc: stable@vger.kernel.org
Fixes: 761da2935d6e ("netfilter: nf_tables: add set timeout API support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_tables_api.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4945,6 +4945,9 @@ static int nf_tables_newset(struct sk_bu
if ((flags & (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT | NFT_SET_EVAL)) ==
(NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT))
return -EOPNOTSUPP;
+ if ((flags & (NFT_SET_CONSTANT | NFT_SET_TIMEOUT)) ==
+ (NFT_SET_CONSTANT | NFT_SET_TIMEOUT))
+ return -EOPNOTSUPP;
}
desc.dtype = 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 200/396] Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 199/396] netfilter: nf_tables: reject constant set with timeout Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 201/396] nouveau: lock the client object tree Greg Kroah-Hartman
` (207 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Michael Kelley, Saurabh Sengar,
Dexuan Cui, Souradeep Chakrabarti, Wei Liu
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Kelley <mhklinux@outlook.com>
commit b8209544296edbd1af186e2ea9c648642c37b18c upstream.
The VMBUS_RING_SIZE macro adds space for a ring buffer header to the
requested ring buffer size. The header size is always 1 page, and so
its size varies based on the PAGE_SIZE for which the kernel is built.
If the requested ring buffer size is a large power-of-2 size and the header
size is small, the resulting size is inefficient in its use of memory.
For example, a 512 Kbyte ring buffer with a 4 Kbyte page size results in
a 516 Kbyte allocation, which is rounded to up 1 Mbyte by the memory
allocator, and wastes 508 Kbytes of memory.
In such situations, the exact size of the ring buffer isn't that important,
and it's OK to allocate the 4 Kbyte header at the beginning of the 512
Kbytes, leaving the ring buffer itself with just 508 Kbytes. The memory
allocation can be 512 Kbytes instead of 1 Mbyte and nothing is wasted.
Update VMBUS_RING_SIZE to implement this approach for "large" ring buffer
sizes. "Large" is somewhat arbitrarily defined as 8 times the size of
the ring buffer header (which is of size PAGE_SIZE). For example, for
4 Kbyte PAGE_SIZE, ring buffers of 32 Kbytes and larger use the first
4 Kbytes as the ring buffer header. For 64 Kbyte PAGE_SIZE, ring buffers
of 512 Kbytes and larger use the first 64 Kbytes as the ring buffer
header. In both cases, smaller sizes add space for the header so
the ring size isn't reduced too much by using part of the space for
the header. For example, with a 64 Kbyte page size, we don't want
a 128 Kbyte ring buffer to be reduced to 64 Kbytes by allocating half
of the space for the header. In such a case, the memory allocation
is less efficient, but it's the best that can be done.
While the new algorithm slightly changes the amount of space allocated
for ring buffers by drivers that use VMBUS_RING_SIZE, the devices aren't
known to be sensitive to small changes in ring buffer size, so there
shouldn't be any effect.
Fixes: c1135c7fd0e9 ("Drivers: hv: vmbus: Introduce types of GPADL")
Fixes: 6941f67ad37d ("hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218502
Cc: stable@vger.kernel.org
Signed-off-by: Michael Kelley <mhklinux@outlook.com>
Reviewed-by: Saurabh Sengar <ssengar@linux.microsoft.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Tested-by: Souradeep Chakrabarti <schakrabarti@linux.microsoft.com>
Link: https://lore.kernel.org/r/20240229004533.313662-1-mhklinux@outlook.com
Signed-off-by: Wei Liu <wei.liu@kernel.org>
Message-ID: <20240229004533.313662-1-mhklinux@outlook.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/hyperv.h | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
--- a/include/linux/hyperv.h
+++ b/include/linux/hyperv.h
@@ -164,8 +164,28 @@ struct hv_ring_buffer {
u8 buffer[];
} __packed;
+
+/*
+ * If the requested ring buffer size is at least 8 times the size of the
+ * header, steal space from the ring buffer for the header. Otherwise, add
+ * space for the header so that is doesn't take too much of the ring buffer
+ * space.
+ *
+ * The factor of 8 is somewhat arbitrary. The goal is to prevent adding a
+ * relatively small header (4 Kbytes on x86) to a large-ish power-of-2 ring
+ * buffer size (such as 128 Kbytes) and so end up making a nearly twice as
+ * large allocation that will be almost half wasted. As a contrasting example,
+ * on ARM64 with 64 Kbyte page size, we don't want to take 64 Kbytes for the
+ * header from a 128 Kbyte allocation, leaving only 64 Kbytes for the ring.
+ * In this latter case, we must add 64 Kbytes for the header and not worry
+ * about what's wasted.
+ */
+#define VMBUS_HEADER_ADJ(payload_sz) \
+ ((payload_sz) >= 8 * sizeof(struct hv_ring_buffer) ? \
+ 0 : sizeof(struct hv_ring_buffer))
+
/* Calculate the proper size of a ringbuffer, it must be page-aligned */
-#define VMBUS_RING_SIZE(payload_sz) PAGE_ALIGN(sizeof(struct hv_ring_buffer) + \
+#define VMBUS_RING_SIZE(payload_sz) PAGE_ALIGN(VMBUS_HEADER_ADJ(payload_sz) + \
(payload_sz))
struct hv_ring_buffer_info {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 201/396] nouveau: lock the client object tree.
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 200/396] Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 202/396] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Greg Kroah-Hartman
` (206 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Dave Airlie
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Airlie <airlied@redhat.com>
commit b7cc4ff787a572edf2c55caeffaa88cd801eb135 upstream.
It appears the client object tree has no locking unless I've missed
something else. Fix races around adding/removing client objects,
mostly vram bar mappings.
4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI
[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27
[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021
[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe
[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206
[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58
[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400
[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000
[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0
[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007
[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000
[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0
[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4562.099544] Call Trace:
[ 4562.099555] <TASK>
[ 4562.099573] ? die_addr+0x36/0x90
[ 4562.099583] ? exc_general_protection+0x246/0x4a0
[ 4562.099593] ? asm_exc_general_protection+0x26/0x30
[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]
[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]
[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]
[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0
[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]
[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270
[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]
[ 4562.100356] __do_fault+0x32/0x150
[ 4562.100362] do_fault+0x7c/0x560
[ 4562.100369] __handle_mm_fault+0x800/0xc10
[ 4562.100382] handle_mm_fault+0x17c/0x3e0
[ 4562.100388] do_user_addr_fault+0x208/0x860
[ 4562.100395] exc_page_fault+0x7f/0x200
[ 4562.100402] asm_exc_page_fault+0x26/0x30
[ 4562.100412] RIP: 0033:0x9b9870
[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7
[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246
[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000
[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066
[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000
[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff
[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 4562.100446] </TASK>
[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink snd_sof_intel_hda snd_sof kvm snd_sof_utils snd_soc_core snd_hda_codec_realtek libarc4 snd_hda_codec_generic snd_compress snd_hda_ext_core vfat fat snd_hda_intel snd_intel_dspcfg irqbypass iwlwifi snd_hda_codec snd_hwdep snd_hda_core btusb btrtl mei_hdcp iTCO_wdt rapl mei_pxp btintel snd_seq iTCO_vendor_support btbcm snd_seq_device intel_cstate bluetooth snd_pcm cfg80211 intel_wmi_thunderbolt wmi_bmof intel_uncore snd_timer mei_me snd ecdh_generic i2c_i801
[ 4562.100541] ecc mei i2c_smbus soundcore rfkill intel_pch_thermal acpi_pad zram nouveau drm_ttm_helper ttm gpu_sched i2c_algo_bit drm_gpuvm drm_exec mxm_wmi drm_display_helper drm_kms_helper drm crct10dif_pclmul crc32_pclmul nvme e1000e crc32c_intel nvme_core ghash_clmulni_intel video wmi pinctrl_cannonlake ip6_tables ip_tables fuse
[ 4562.100616] ---[ end trace 0000000000000000 ]---
Signed-off-by: Dave Airlie <airlied@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/include/nvkm/core/client.h | 1
drivers/gpu/drm/nouveau/nvkm/core/client.c | 1
drivers/gpu/drm/nouveau/nvkm/core/object.c | 26 ++++++++++++++++-----
3 files changed, 22 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/nouveau/include/nvkm/core/client.h
+++ b/drivers/gpu/drm/nouveau/include/nvkm/core/client.h
@@ -11,6 +11,7 @@ struct nvkm_client {
u32 debug;
struct rb_root objroot;
+ spinlock_t obj_lock;
void *data;
int (*event)(u64 token, void *argv, u32 argc);
--- a/drivers/gpu/drm/nouveau/nvkm/core/client.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/client.c
@@ -180,6 +180,7 @@ nvkm_client_new(const char *name, u64 de
client->device = device;
client->debug = nvkm_dbgopt(dbg, "CLIENT");
client->objroot = RB_ROOT;
+ spin_lock_init(&client->obj_lock);
client->event = event;
INIT_LIST_HEAD(&client->umem);
spin_lock_init(&client->lock);
--- a/drivers/gpu/drm/nouveau/nvkm/core/object.c
+++ b/drivers/gpu/drm/nouveau/nvkm/core/object.c
@@ -30,8 +30,10 @@ nvkm_object_search(struct nvkm_client *c
const struct nvkm_object_func *func)
{
struct nvkm_object *object;
+ unsigned long flags;
if (handle) {
+ spin_lock_irqsave(&client->obj_lock, flags);
struct rb_node *node = client->objroot.rb_node;
while (node) {
object = rb_entry(node, typeof(*object), node);
@@ -40,9 +42,12 @@ nvkm_object_search(struct nvkm_client *c
else
if (handle > object->object)
node = node->rb_right;
- else
+ else {
+ spin_unlock_irqrestore(&client->obj_lock, flags);
goto done;
+ }
}
+ spin_unlock_irqrestore(&client->obj_lock, flags);
return ERR_PTR(-ENOENT);
} else {
object = &client->object;
@@ -57,30 +62,39 @@ done:
void
nvkm_object_remove(struct nvkm_object *object)
{
+ unsigned long flags;
+
+ spin_lock_irqsave(&object->client->obj_lock, flags);
if (!RB_EMPTY_NODE(&object->node))
rb_erase(&object->node, &object->client->objroot);
+ spin_unlock_irqrestore(&object->client->obj_lock, flags);
}
bool
nvkm_object_insert(struct nvkm_object *object)
{
- struct rb_node **ptr = &object->client->objroot.rb_node;
+ struct rb_node **ptr;
struct rb_node *parent = NULL;
+ unsigned long flags;
+ spin_lock_irqsave(&object->client->obj_lock, flags);
+ ptr = &object->client->objroot.rb_node;
while (*ptr) {
struct nvkm_object *this = rb_entry(*ptr, typeof(*this), node);
parent = *ptr;
- if (object->object < this->object)
+ if (object->object < this->object) {
ptr = &parent->rb_left;
- else
- if (object->object > this->object)
+ } else if (object->object > this->object) {
ptr = &parent->rb_right;
- else
+ } else {
+ spin_unlock_irqrestore(&object->client->obj_lock, flags);
return false;
+ }
}
rb_link_node(&object->node, parent, ptr);
rb_insert_color(&object->node, &object->client->objroot);
+ spin_unlock_irqrestore(&object->client->obj_lock, flags);
return true;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 202/396] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (200 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 201/396] nouveau: lock the client object tree Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 203/396] crypto: rk3288 - Fix use after free in unprepare Greg Kroah-Hartman
` (205 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Danilo Krummrich, Karol Herbst,
Lyude Paul
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Karol Herbst <kherbst@redhat.com>
commit daf8739c3322a762ce84f240f50e0c39181a41ab upstream.
If VM_BIND is enabled on the client the legacy submission ioctl can't be
used, however if a client tries to do so regardless it will return an
error. In this case the clients mutex remained unlocked leading to a
deadlock inside nouveau_drm_postclose or any other nouveau ioctl call.
Fixes: b88baab82871 ("drm/nouveau: implement new VM_BIND uAPI")
Cc: Danilo Krummrich <dakr@redhat.com>
Cc: <stable@vger.kernel.org> # v6.6+
Signed-off-by: Karol Herbst <kherbst@redhat.com>
Reviewed-by: Lyude Paul <lyude@redhat.com>
Reviewed-by: Danilo Krummrich <dakr@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240305133853.2214268-1-kherbst@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_gem.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/nouveau/nouveau_gem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_gem.c
@@ -758,7 +758,7 @@ nouveau_gem_ioctl_pushbuf(struct drm_dev
return -ENOMEM;
if (unlikely(nouveau_cli_uvmm(cli)))
- return -ENOSYS;
+ return nouveau_abi16_put(abi16, -ENOSYS);
list_for_each_entry(temp, &abi16->channels, head) {
if (temp->chan->chid == req->channel) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 203/396] crypto: rk3288 - Fix use after free in unprepare
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (201 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 202/396] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 204/396] crypto: sun8i-ce " Greg Kroah-Hartman
` (204 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrey Skvortsov, Herbert Xu
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit c0afb6b88fbbc177fa322a835f874be217bffe45 upstream.
The unprepare call must be carried out before the finalize call
as the latter can free the request.
Fixes: c66c17a0f69b ("crypto: rk3288 - Remove prepare/unprepare request")
Reported-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/rockchip/rk3288_crypto_ahash.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c
index 1b13b4aa16ec..a235e6c300f1 100644
--- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c
+++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c
@@ -332,12 +332,12 @@ static int rk_hash_run(struct crypto_engine *engine, void *breq)
theend:
pm_runtime_put_autosuspend(rkc->dev);
+ rk_hash_unprepare(engine, breq);
+
local_bh_disable();
crypto_finalize_hash_request(engine, breq, err);
local_bh_enable();
- rk_hash_unprepare(engine, breq);
-
return 0;
}
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 204/396] crypto: sun8i-ce - Fix use after free in unprepare
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (202 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 203/396] crypto: rk3288 - Fix use after free in unprepare Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 205/396] xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Greg Kroah-Hartman
` (203 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Andrey Skvortsov, Herbert Xu
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Skvortsov <andrej.skvortzov@gmail.com>
commit 183420038444547c149a0fc5f58e792c2752860c upstream.
sun8i_ce_cipher_unprepare should be called before
crypto_finalize_skcipher_request, because client callbacks may
immediately free memory, that isn't needed anymore. But it will be
used by unprepare after free. Before removing prepare/unprepare
callbacks it was handled by crypto engine in crypto_finalize_request.
Usually that results in a pointer dereference problem during a in
crypto selftest.
Unable to handle kernel NULL pointer dereference at
virtual address 0000000000000030
Mem abort info:
ESR = 0x0000000096000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
CM = 0, WnR = 0, TnD = 0, TagAccess = 0
GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
user pgtable: 4k pages, 48-bit VAs, pgdp=000000004716d000
[0000000000000030] pgd=0000000000000000, p4d=0000000000000000
Internal error: Oops: 0000000096000004 [#1] SMP
This problem is detected by KASAN as well.
==================================================================
BUG: KASAN: slab-use-after-free in sun8i_ce_cipher_do_one+0x6e8/0xf80 [sun8i_ce]
Read of size 8 at addr ffff00000dcdc040 by task 1c15000.crypto-/373
Hardware name: Pine64 PinePhone (1.2) (DT)
Call trace:
dump_backtrace+0x9c/0x128
show_stack+0x20/0x38
dump_stack_lvl+0x48/0x60
print_report+0xf8/0x5d8
kasan_report+0x90/0xd0
__asan_load8+0x9c/0xc0
sun8i_ce_cipher_do_one+0x6e8/0xf80 [sun8i_ce]
crypto_pump_work+0x354/0x620 [crypto_engine]
kthread_worker_fn+0x244/0x498
kthread+0x168/0x178
ret_from_fork+0x10/0x20
Allocated by task 379:
kasan_save_stack+0x3c/0x68
kasan_set_track+0x2c/0x40
kasan_save_alloc_info+0x24/0x38
__kasan_kmalloc+0xd4/0xd8
__kmalloc+0x74/0x1d0
alg_test_skcipher+0x90/0x1f0
alg_test+0x24c/0x830
cryptomgr_test+0x38/0x60
kthread+0x168/0x178
ret_from_fork+0x10/0x20
Freed by task 379:
kasan_save_stack+0x3c/0x68
kasan_set_track+0x2c/0x40
kasan_save_free_info+0x38/0x60
__kasan_slab_free+0x100/0x170
slab_free_freelist_hook+0xd4/0x1e8
__kmem_cache_free+0x15c/0x290
kfree+0x74/0x100
kfree_sensitive+0x80/0xb0
alg_test_skcipher+0x12c/0x1f0
alg_test+0x24c/0x830
cryptomgr_test+0x38/0x60
kthread+0x168/0x178
ret_from_fork+0x10/0x20
The buggy address belongs to the object at ffff00000dcdc000
which belongs to the cache kmalloc-256 of size 256
The buggy address is located 64 bytes inside of
freed 256-byte region [ffff00000dcdc000, ffff00000dcdc100)
Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Fixes: 4136212ab18e ("crypto: sun8i-ce - Remove prepare/unprepare request")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../allwinner/sun8i-ce/sun8i-ce-cipher.c | 34 +++++++++----------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
index 1262a7773ef3..de50c00ba218 100644
--- a/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
+++ b/drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c
@@ -299,22 +299,6 @@ static int sun8i_ce_cipher_prepare(struct crypto_engine *engine, void *async_req
return err;
}
-static void sun8i_ce_cipher_run(struct crypto_engine *engine, void *areq)
-{
- struct skcipher_request *breq = container_of(areq, struct skcipher_request, base);
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(breq);
- struct sun8i_cipher_tfm_ctx *op = crypto_skcipher_ctx(tfm);
- struct sun8i_ce_dev *ce = op->ce;
- struct sun8i_cipher_req_ctx *rctx = skcipher_request_ctx(breq);
- int flow, err;
-
- flow = rctx->flow;
- err = sun8i_ce_run_task(ce, flow, crypto_tfm_alg_name(breq->base.tfm));
- local_bh_disable();
- crypto_finalize_skcipher_request(engine, breq, err);
- local_bh_enable();
-}
-
static void sun8i_ce_cipher_unprepare(struct crypto_engine *engine,
void *async_req)
{
@@ -360,6 +344,23 @@ static void sun8i_ce_cipher_unprepare(struct crypto_engine *engine,
dma_unmap_single(ce->dev, rctx->addr_key, op->keylen, DMA_TO_DEVICE);
}
+static void sun8i_ce_cipher_run(struct crypto_engine *engine, void *areq)
+{
+ struct skcipher_request *breq = container_of(areq, struct skcipher_request, base);
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(breq);
+ struct sun8i_cipher_tfm_ctx *op = crypto_skcipher_ctx(tfm);
+ struct sun8i_ce_dev *ce = op->ce;
+ struct sun8i_cipher_req_ctx *rctx = skcipher_request_ctx(breq);
+ int flow, err;
+
+ flow = rctx->flow;
+ err = sun8i_ce_run_task(ce, flow, crypto_tfm_alg_name(breq->base.tfm));
+ sun8i_ce_cipher_unprepare(engine, areq);
+ local_bh_disable();
+ crypto_finalize_skcipher_request(engine, breq, err);
+ local_bh_enable();
+}
+
int sun8i_ce_cipher_do_one(struct crypto_engine *engine, void *areq)
{
int err = sun8i_ce_cipher_prepare(engine, areq);
@@ -368,7 +369,6 @@ int sun8i_ce_cipher_do_one(struct crypto_engine *engine, void *areq)
return err;
sun8i_ce_cipher_run(engine, areq);
- sun8i_ce_cipher_unprepare(engine, areq);
return 0;
}
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 205/396] xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (203 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 204/396] crypto: sun8i-ce " Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 206/396] mm, mmap: fix vma_merge() case 7 with vma_ops->close Greg Kroah-Hartman
` (202 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Kees Cook,
Steffen Klassert
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 1a807e46aa93ebad1dfbed4f82dc3bf779423a6e upstream.
After a couple recent changes in LLVM, there is a warning (or error with
CONFIG_WERROR=y or W=e) from the compile time fortify source routines,
specifically the memset() in copy_to_user_tmpl().
In file included from net/xfrm/xfrm_user.c:14:
...
include/linux/fortify-string.h:438:4: error: call to '__write_overflow_field' declared with 'warning' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Werror,-Wattribute-warning]
438 | __write_overflow_field(p_size_field, size);
| ^
1 error generated.
While ->xfrm_nr has been validated against XFRM_MAX_DEPTH when its value
is first assigned in copy_templates() by calling validate_tmpl() first
(so there should not be any issue in practice), LLVM/clang cannot really
deduce that across the boundaries of these functions. Without that
knowledge, it cannot assume that the loop stops before i is greater than
XFRM_MAX_DEPTH, which would indeed result a stack buffer overflow in the
memset().
To make the bounds of ->xfrm_nr clear to the compiler and add additional
defense in case copy_to_user_tmpl() is ever used in a path where
->xfrm_nr has not been properly validated against XFRM_MAX_DEPTH first,
add an explicit bound check and early return, which clears up the
warning.
Cc: stable@vger.kernel.org
Link: https://github.com/ClangBuiltLinux/linux/issues/1985
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_user.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2017,6 +2017,9 @@ static int copy_to_user_tmpl(struct xfrm
if (xp->xfrm_nr == 0)
return 0;
+ if (xp->xfrm_nr > XFRM_MAX_DEPTH)
+ return -ENOBUFS;
+
for (i = 0; i < xp->xfrm_nr; i++) {
struct xfrm_user_tmpl *up = &vec[i];
struct xfrm_tmpl *kp = &xp->xfrm_vec[i];
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 206/396] mm, mmap: fix vma_merge() case 7 with vma_ops->close
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (204 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 205/396] xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 207/396] selftests: mptcp: diag: return KSFT_FAIL not test_cnt Greg Kroah-Hartman
` (201 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vlastimil Babka, Michal Hocko,
Lorenzo Stoakes, Liam R. Howlett, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlastimil Babka <vbabka@suse.cz>
commit fc0c8f9089c20d198d8fe51ddc28bfa1af588dce upstream.
When debugging issues with a workload using SysV shmem, Michal Hocko has
come up with a reproducer that shows how a series of mprotect() operations
can result in an elevated shm_nattch and thus leak of the resource.
The problem is caused by wrong assumptions in vma_merge() commit
714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in
mergeability test"). The shmem vmas have a vma_ops->close callback that
decrements shm_nattch, and we remove the vma without calling it.
vma_merge() has thus historically avoided merging vma's with
vma_ops->close and commit 714965ca8252 was supposed to keep it that way.
It relaxed the checks for vma_ops->close in can_vma_merge_after() assuming
that it is never called on a vma that would be a candidate for removal.
However, the vma_merge() code does also use the result of this check in
the decision to remove a different vma in the merge case 7.
A robust solution would be to refactor vma_merge() code in a way that the
vma_ops->close check is only done for vma's that are actually going to be
removed, and not as part of the preliminary checks. That would both solve
the existing bug, and also allow additional merges that the checks
currently prevent unnecessarily in some cases.
However to fix the existing bug first with a minimized risk, and for
easier stable backports, this patch only adds a vma_ops->close check to
the buggy case 7 specifically. All other cases of vma removal are covered
by the can_vma_merge_before() check that includes the test for
vma_ops->close.
The reproducer code, adapted from Michal Hocko's code:
int main(int argc, char *argv[]) {
int segment_id;
size_t segment_size = 20 * PAGE_SIZE;
char * sh_mem;
struct shmid_ds shmid_ds;
key_t key = 0x1234;
segment_id = shmget(key, segment_size,
IPC_CREAT | IPC_EXCL | S_IRUSR | S_IWUSR);
sh_mem = (char *)shmat(segment_id, NULL, 0);
mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_NONE);
mprotect(sh_mem + PAGE_SIZE, PAGE_SIZE, PROT_WRITE);
mprotect(sh_mem + 2*PAGE_SIZE, PAGE_SIZE, PROT_WRITE);
shmdt(sh_mem);
shmctl(segment_id, IPC_STAT, &shmid_ds);
printf("nattch after shmdt(): %lu (expected: 0)\n", shmid_ds.shm_nattch);
if (shmctl(segment_id, IPC_RMID, 0))
printf("IPCRM failed %d\n", errno);
return (shmid_ds.shm_nattch) ? 1 : 0;
}
Link: https://lkml.kernel.org/r/20240222215930.14637-2-vbabka@suse.cz
Fixes: 714965ca8252 ("mm/mmap: start distinguishing if vma can be removed in mergeability test")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Michal Hocko <mhocko@suse.com>
Reviewed-by: Lorenzo Stoakes <lstoakes@gmail.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/mmap.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -949,13 +949,21 @@ struct vm_area_struct *vma_merge(struct
} else if (merge_prev) { /* case 2 */
if (curr) {
vma_start_write(curr);
- err = dup_anon_vma(prev, curr, &anon_dup);
if (end == curr->vm_end) { /* case 7 */
+ /*
+ * can_vma_merge_after() assumed we would not be
+ * removing prev vma, so it skipped the check
+ * for vm_ops->close, but we are removing curr
+ */
+ if (curr->vm_ops && curr->vm_ops->close)
+ err = -EINVAL;
remove = curr;
} else { /* case 5 */
adjust = curr;
adj_start = (end - curr->vm_start);
}
+ if (!err)
+ err = dup_anon_vma(prev, curr, &anon_dup);
}
} else { /* merge_next */
vma_start_write(next);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 207/396] selftests: mptcp: diag: return KSFT_FAIL not test_cnt
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (205 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 206/396] mm, mmap: fix vma_merge() case 7 with vma_ops->close Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 208/396] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Greg Kroah-Hartman
` (200 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Geliang Tang, Matthieu Baerts (NGI0),
David S. Miller
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geliang Tang <tanggeliang@kylinos.cn>
commit 45bcc0346561daa3f59e19a753cc7f3e08e8dff1 upstream.
The test counter 'test_cnt' should not be returned in diag.sh, e.g. what
if only the 4th test fail? Will do 'exit 4' which is 'exit ${KSFT_SKIP}',
the whole test will be marked as skipped instead of 'failed'!
So we should do ret=${KSFT_FAIL} instead.
Fixes: df62f2ec3df6 ("selftests/mptcp: add diag interface tests")
Cc: stable@vger.kernel.org
Fixes: 42fb6cddec3b ("selftests: mptcp: more stable diag tests")
Signed-off-by: Geliang Tang <tanggeliang@kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/diag.sh | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/tools/testing/selftests/net/mptcp/diag.sh
+++ b/tools/testing/selftests/net/mptcp/diag.sh
@@ -69,7 +69,7 @@ __chk_nr()
else
echo "[ fail ] expected $expected found $nr"
mptcp_lib_result_fail "${msg}"
- ret=$test_cnt
+ ret=${KSFT_FAIL}
fi
else
echo "[ ok ]"
@@ -115,11 +115,11 @@ wait_msk_nr()
if [ $i -ge $timeout ]; then
echo "[ fail ] timeout while expecting $expected max $max last $nr"
mptcp_lib_result_fail "${msg} # timeout"
- ret=$test_cnt
+ ret=${KSFT_FAIL}
elif [ $nr != $expected ]; then
echo "[ fail ] expected $expected found $nr"
mptcp_lib_result_fail "${msg} # unexpected result"
- ret=$test_cnt
+ ret=${KSFT_FAIL}
else
echo "[ ok ]"
mptcp_lib_result_pass "${msg}"
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 208/396] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (206 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 207/396] selftests: mptcp: diag: return KSFT_FAIL not test_cnt Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 209/396] cgroup/cpuset: Fix retval in update_cpumask() Greg Kroah-Hartman
` (199 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Mark Brown, Badhri Jagan Sridharan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Badhri Jagan Sridharan <badhri@google.com>
commit 197331b27ac890d0209232d5f669830cd00e8918 upstream.
While commit 69f89168b310 ("usb: typec: tpcm: Fix issues with power being
removed during reset") fixes the boot issues for bus powered devices such
as LibreTech Renegade Elite/Firefly, it trades off the CC pins NOT being
Hi-Zed during errory recovery (i.e PORT_RESET) for devices which are NOT
bus powered(a.k.a self powered). This change Hi-Zs the CC pins only for
self powered devices, thus preventing brown out for bus powered devices
Adhering to spec is gaining more importance due to the Common charger
initiative enforced by the European Union.
Quoting from the spec:
4.5.2.2.2.1 ErrorRecovery State Requirements
The port shall not drive VBUS or VCONN, and shall present a
high-impedance to ground (above zOPEN) on its CC1 and CC2 pins.
Hi-Zing the CC pins is the inteded behavior for PORT_RESET.
CC pins are set to default state after tErrorRecovery in
PORT_RESET_WAIT_OFF.
4.5.2.2.2.2 Exiting From ErrorRecovery State
A Sink shall transition to Unattached.SNK after tErrorRecovery.
A Source shall transition to Unattached.SRC after tErrorRecovery.
Fixes: 69f89168b310 ("usb: typec: tpcm: Fix issues with power being removed during reset")
Cc: stable@vger.kernel.org
Cc: Mark Brown <broonie@kernel.org>
Signed-off-by: Badhri Jagan Sridharan <badhri@google.com>
Tested-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20240228000512.746252-1-badhri@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/tcpm/tcpm.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -4859,8 +4859,11 @@ static void run_state_machine(struct tcp
break;
case PORT_RESET:
tcpm_reset_port(port);
- tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ?
- TYPEC_CC_RD : tcpm_rp_cc(port));
+ if (port->self_powered)
+ tcpm_set_cc(port, TYPEC_CC_OPEN);
+ else
+ tcpm_set_cc(port, tcpm_default_state(port) == SNK_UNATTACHED ?
+ TYPEC_CC_RD : tcpm_rp_cc(port));
tcpm_set_state(port, PORT_RESET_WAIT_OFF,
PD_T_ERROR_RECOVERY);
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 209/396] cgroup/cpuset: Fix retval in update_cpumask()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (207 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 208/396] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 210/396] Input: xpad - add additional HyperX Controller Identifiers Greg Kroah-Hartman
` (198 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kamalesh Babulal, Waiman Long,
Tejun Heo
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kamalesh Babulal <kamalesh.babulal@oracle.com>
commit 25125a4762835d62ba1e540c1351d447fc1f6c7c upstream.
The update_cpumask(), checks for newly requested cpumask by calling
validate_change(), which returns an error on passing an invalid set
of cpu(s). Independent of the error returned, update_cpumask() always
returns zero, suppressing the error and returning success to the user
on writing an invalid cpu range for a cpuset. Fix it by returning
retval instead, which is returned by validate_change().
Fixes: 99fe36ba6fc1 ("cgroup/cpuset: Improve temporary cpumasks handling")
Signed-off-by: Kamalesh Babulal <kamalesh.babulal@oracle.com>
Reviewed-by: Waiman Long <longman@redhat.com>
Cc: stable@vger.kernel.org # v6.6+
Signed-off-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/cgroup/cpuset.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/cgroup/cpuset.c
+++ b/kernel/cgroup/cpuset.c
@@ -1948,7 +1948,7 @@ static int update_cpumask(struct cpuset
}
out_free:
free_cpumasks(NULL, &tmp);
- return 0;
+ return retval;
}
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 210/396] Input: xpad - add additional HyperX Controller Identifiers
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (208 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 209/396] cgroup/cpuset: Fix retval in update_cpumask() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 211/396] init/Kconfig: lower GCC version check for -Warray-bounds Greg Kroah-Hartman
` (197 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Toledanes, Carl Ng, Max Nguyen,
Dmitry Torokhov
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Nguyen <maxwell.nguyen@hp.com>
commit dd50f771af20fb02b1aecde04fbd085c872a9139 upstream.
Add additional HyperX device identifiers to xpad_device and xpad_table.
Suggested-by: Chris Toledanes<chris.toledanes@hp.com>
Reviewed-by: Carl Ng <carl.ng@hp.com>
Signed-off-by: Max Nguyen <maxwell.nguyen@hp.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/44ad5ffa-76d8-4046-94ee-2ef171930ed2@gmail.com
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/input/joystick/xpad.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/input/joystick/xpad.c
+++ b/drivers/input/joystick/xpad.c
@@ -130,7 +130,12 @@ static const struct xpad_device {
{ 0x0079, 0x18d4, "GPD Win 2 X-Box Controller", 0, XTYPE_XBOX360 },
{ 0x03eb, 0xff01, "Wooting One (Legacy)", 0, XTYPE_XBOX360 },
{ 0x03eb, 0xff02, "Wooting Two (Legacy)", 0, XTYPE_XBOX360 },
+ { 0x03f0, 0x038D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wired */
+ { 0x03f0, 0x048D, "HyperX Clutch", 0, XTYPE_XBOX360 }, /* wireless */
{ 0x03f0, 0x0495, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE },
+ { 0x03f0, 0x07A0, "HyperX Clutch Gladiate RGB", 0, XTYPE_XBOXONE },
+ { 0x03f0, 0x08B6, "HyperX Clutch Gladiate", 0, XTYPE_XBOXONE }, /* v2 */
+ { 0x03f0, 0x09B4, "HyperX Clutch Tanto", 0, XTYPE_XBOXONE },
{ 0x044f, 0x0f00, "Thrustmaster Wheel", 0, XTYPE_XBOX },
{ 0x044f, 0x0f03, "Thrustmaster Wheel", 0, XTYPE_XBOX },
{ 0x044f, 0x0f07, "Thrustmaster, Inc. Controller", 0, XTYPE_XBOX },
@@ -463,6 +468,7 @@ static const struct usb_device_id xpad_t
{ USB_INTERFACE_INFO('X', 'B', 0) }, /* Xbox USB-IF not-approved class */
XPAD_XBOX360_VENDOR(0x0079), /* GPD Win 2 controller */
XPAD_XBOX360_VENDOR(0x03eb), /* Wooting Keyboards (Legacy) */
+ XPAD_XBOX360_VENDOR(0x03f0), /* HP HyperX Xbox 360 controllers */
XPAD_XBOXONE_VENDOR(0x03f0), /* HP HyperX Xbox One controllers */
XPAD_XBOX360_VENDOR(0x044f), /* Thrustmaster Xbox 360 controllers */
XPAD_XBOX360_VENDOR(0x045e), /* Microsoft Xbox 360 controllers */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 211/396] init/Kconfig: lower GCC version check for -Warray-bounds
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (209 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 210/396] Input: xpad - add additional HyperX Controller Identifiers Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 212/396] firewire: ohci: prevent leak of left-over IRQ on unbind Greg Kroah-Hartman
` (196 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Lu Yao, Kees Cook, Paul Moore,
Ard Biesheuvel, Christophe Leroy, Gustavo A. R. Silva,
Johannes Weiner, Marc Aurèle La France, Masahiro Yamada,
Nathan Chancellor, Nhat Pham, Petr Mladek, Randy Dunlap,
Suren Baghdasaryan, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kees Cook <keescook@chromium.org>
commit 3e00f5802fabf2f504070a591b14b648523ede13 upstream.
We continue to see false positives from -Warray-bounds even in GCC 10,
which is getting reported in a few places[1] still:
security/security.c:811:2: warning: `memcpy' offset 32 is out of the bounds [0, 0] [-Warray-bounds]
Lower the GCC version check from 11 to 10.
Link: https://lkml.kernel.org/r/20240223170824.work.768-kees@kernel.org
Reported-by: Lu Yao <yaolu@kylinos.cn>
Closes: https://lore.kernel.org/lkml/20240117014541.8887-1-yaolu@kylinos.cn/
Link: https://lore.kernel.org/linux-next/65d84438.620a0220.7d171.81a7@mx.google.com [1]
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Christophe Leroy <christophe.leroy@csgroup.eu>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "Gustavo A. R. Silva" <gustavoars@kernel.org>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Marc Aurèle La France <tsi@tuyoix.net>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nhat Pham <nphamcs@gmail.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
init/Kconfig | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -876,14 +876,14 @@ config CC_IMPLICIT_FALLTHROUGH
default "-Wimplicit-fallthrough=5" if CC_IS_GCC && $(cc-option,-Wimplicit-fallthrough=5)
default "-Wimplicit-fallthrough" if CC_IS_CLANG && $(cc-option,-Wunreachable-code-fallthrough)
-# Currently, disable gcc-11+ array-bounds globally.
+# Currently, disable gcc-10+ array-bounds globally.
# It's still broken in gcc-13, so no upper bound yet.
-config GCC11_NO_ARRAY_BOUNDS
+config GCC10_NO_ARRAY_BOUNDS
def_bool y
config CC_NO_ARRAY_BOUNDS
bool
- default y if CC_IS_GCC && GCC_VERSION >= 110000 && GCC11_NO_ARRAY_BOUNDS
+ default y if CC_IS_GCC && GCC_VERSION >= 100000 && GCC10_NO_ARRAY_BOUNDS
#
# For architectures that know their GCC __int128 support is sound
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 212/396] firewire: ohci: prevent leak of left-over IRQ on unbind
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (210 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 211/396] init/Kconfig: lower GCC version check for -Warray-bounds Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 213/396] KVM: x86: Mark target gfn of emulated atomic instruction as dirty Greg Kroah-Hartman
` (195 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Edmund Raile, Takashi Sakamoto
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edmund Raile <edmund.raile@proton.me>
commit 575801663c7dc38f826212b39e3b91a4a8661c33 upstream.
Commit 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ")
also removed the call to free_irq() in pci_remove(), leading to a
leftover irq of devm_request_irq() at pci_disable_msi() in pci_remove()
when unbinding the driver from the device
remove_proc_entry: removing non-empty directory 'irq/136', leaking at
least 'firewire_ohci'
Call Trace:
? remove_proc_entry+0x19c/0x1c0
? __warn+0x81/0x130
? remove_proc_entry+0x19c/0x1c0
? report_bug+0x171/0x1a0
? console_unlock+0x78/0x120
? handle_bug+0x3c/0x80
? exc_invalid_op+0x17/0x70
? asm_exc_invalid_op+0x1a/0x20
? remove_proc_entry+0x19c/0x1c0
unregister_irq_proc+0xf4/0x120
free_desc+0x3d/0xe0
? kfree+0x29f/0x2f0
irq_free_descs+0x47/0x70
msi_domain_free_locked.part.0+0x19d/0x1d0
msi_domain_free_irqs_all_locked+0x81/0xc0
pci_free_msi_irqs+0x12/0x40
pci_disable_msi+0x4c/0x60
pci_remove+0x9d/0xc0 [firewire_ohci
01b483699bebf9cb07a3d69df0aa2bee71db1b26]
pci_device_remove+0x37/0xa0
device_release_driver_internal+0x19f/0x200
unbind_store+0xa1/0xb0
remove irq with devm_free_irq() before pci_disable_msi()
also remove it in fail_msi: of pci_probe() as this would lead to
an identical leak
Cc: stable@vger.kernel.org
Fixes: 5a95f1ded28691e6 ("firewire: ohci: use devres for requested IRQ")
Signed-off-by: Edmund Raile <edmund.raile@proton.me>
Link: https://lore.kernel.org/r/20240229144723.13047-2-edmund.raile@proton.me
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firewire/ohci.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -3773,6 +3773,7 @@ static int pci_probe(struct pci_dev *dev
return 0;
fail_msi:
+ devm_free_irq(&dev->dev, dev->irq, ohci);
pci_disable_msi(dev);
return err;
@@ -3800,6 +3801,7 @@ static void pci_remove(struct pci_dev *d
software_reset(ohci);
+ devm_free_irq(&dev->dev, dev->irq, ohci);
pci_disable_msi(dev);
dev_notice(&dev->dev, "removing fw-ohci device\n");
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 213/396] KVM: x86: Mark target gfn of emulated atomic instruction as dirty
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (211 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 212/396] firewire: ohci: prevent leak of left-over IRQ on unbind Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 214/396] KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Greg Kroah-Hartman
` (194 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, David Matlack, Pasha Tatashin,
Michael Krebs, Jim Mattson, Sean Christopherson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit 910c57dfa4d113aae6571c2a8b9ae8c430975902 upstream.
When emulating an atomic access on behalf of the guest, mark the target
gfn dirty if the CMPXCHG by KVM is attempted and doesn't fault. This
fixes a bug where KVM effectively corrupts guest memory during live
migration by writing to guest memory without informing userspace that the
page is dirty.
Marking the page dirty got unintentionally dropped when KVM's emulated
CMPXCHG was converted to do a user access. Before that, KVM explicitly
mapped the guest page into kernel memory, and marked the page dirty during
the unmap phase.
Mark the page dirty even if the CMPXCHG fails, as the old data is written
back on failure, i.e. the page is still written. The value written is
guaranteed to be the same because the operation is atomic, but KVM's ABI
is that all writes are dirty logged regardless of the value written. And
more importantly, that's what KVM did before the buggy commit.
Huge kudos to the folks on the Cc list (and many others), who did all the
actual work of triaging and debugging.
Fixes: 1c2361f667f3 ("KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses")
Cc: stable@vger.kernel.org
Cc: David Matlack <dmatlack@google.com>
Cc: Pasha Tatashin <tatashin@google.com>
Cc: Michael Krebs <mkrebs@google.com>
base-commit: 6769ea8da8a93ed4630f1ce64df6aafcaabfce64
Reviewed-by: Jim Mattson <jmattson@google.com>
Link: https://lore.kernel.org/r/20240215010004.1456078-2-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/x86.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -7840,6 +7840,16 @@ static int emulator_cmpxchg_emulated(str
if (r < 0)
return X86EMUL_UNHANDLEABLE;
+
+ /*
+ * Mark the page dirty _before_ checking whether or not the CMPXCHG was
+ * successful, as the old value is written back on failure. Note, for
+ * live migration, this is unnecessarily conservative as CMPXCHG writes
+ * back the original value and the access is atomic, but KVM's ABI is
+ * that all writes are dirty logged, regardless of the value written.
+ */
+ kvm_vcpu_mark_page_dirty(vcpu, gpa_to_gfn(gpa));
+
if (r)
return X86EMUL_CMPXCHG_FAILED;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 214/396] KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (212 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 213/396] KVM: x86: Mark target gfn of emulated atomic instruction as dirty Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 215/396] SEV: disable SEV-ES DebugSwap by default Greg Kroah-Hartman
` (193 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Gabe Kirkpatrick, Josh Eads,
Peter Gonda, Sean Christopherson, Paolo Bonzini
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
commit 5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 upstream.
Do the cache flush of converted pages in svm_register_enc_region() before
dropping kvm->lock to fix use-after-free issues where region and/or its
array of pages could be freed by a different task, e.g. if userspace has
__unregister_enc_region_locked() already queued up for the region.
Note, the "obvious" alternative of using local variables doesn't fully
resolve the bug, as region->pages is also dynamically allocated. I.e. the
region structure itself would be fine, but region->pages could be freed.
Flushing multiple pages under kvm->lock is unfortunate, but the entire
flow is a rare slow path, and the manual flush is only needed on CPUs that
lack coherency for encrypted memory.
Fixes: 19a23da53932 ("Fix unsynchronized access to sev members through svm_register_enc_region")
Reported-by: Gabe Kirkpatrick <gkirkpatrick@google.com>
Cc: Josh Eads <josheads@google.com>
Cc: Peter Gonda <pgonda@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20240217013430.2079561-1-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/sev.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1975,20 +1975,22 @@ int sev_mem_enc_register_region(struct k
goto e_free;
}
- region->uaddr = range->addr;
- region->size = range->size;
-
- list_add_tail(®ion->list, &sev->regions_list);
- mutex_unlock(&kvm->lock);
-
/*
* The guest may change the memory encryption attribute from C=0 -> C=1
* or vice versa for this memory range. Lets make sure caches are
* flushed to ensure that guest data gets written into memory with
- * correct C-bit.
+ * correct C-bit. Note, this must be done before dropping kvm->lock,
+ * as region and its array of pages can be freed by a different task
+ * once kvm->lock is released.
*/
sev_clflush_pages(region->pages, region->npages);
+ region->uaddr = range->addr;
+ region->size = range->size;
+
+ list_add_tail(®ion->list, &sev->regions_list);
+ mutex_unlock(&kvm->lock);
+
return ret;
e_free:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 215/396] SEV: disable SEV-ES DebugSwap by default
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (213 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 214/396] KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 216/396] tracing: Use .flush() call to wake up readers Greg Kroah-Hartman
` (192 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Paolo Bonzini
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Bonzini <pbonzini@redhat.com>
commit 5abf6dceb066f2b02b225fd561440c98a8062681 upstream.
The DebugSwap feature of SEV-ES provides a way for confidential guests to use
data breakpoints. However, because the status of the DebugSwap feature is
recorded in the VMSA, enabling it by default invalidates the attestation
signatures. In 6.10 we will introduce a new API to create SEV VMs that
will allow enabling DebugSwap based on what the user tells KVM to do.
Contextually, we will change the legacy KVM_SEV_ES_INIT API to never
enable DebugSwap.
For compatibility with kernels that pre-date the introduction of DebugSwap,
as well as with those where KVM_SEV_ES_INIT will never enable it, do not enable
the feature by default. If anybody wants to use it, for now they can enable
the sev_es_debug_swap_enabled module parameter, but this will result in a
warning.
Fixes: d1f85fbe836e ("KVM: SEV: Enable data breakpoints in SEV-ES")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/svm/sev.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index a132547fcfb5..a8ce5226b3b5 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -57,7 +57,7 @@ static bool sev_es_enabled = true;
module_param_named(sev_es, sev_es_enabled, bool, 0444);
/* enable/disable SEV-ES DebugSwap support */
-static bool sev_es_debug_swap_enabled = true;
+static bool sev_es_debug_swap_enabled = false;
module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);
#else
#define sev_enabled false
@@ -612,8 +612,11 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
save->xss = svm->vcpu.arch.ia32_xss;
save->dr6 = svm->vcpu.arch.dr6;
- if (sev_es_debug_swap_enabled)
+ if (sev_es_debug_swap_enabled) {
save->sev_features |= SVM_SEV_FEAT_DEBUG_SWAP;
+ pr_warn_once("Enabling DebugSwap with KVM_SEV_ES_INIT. "
+ "This will not work starting with Linux 6.10\n");
+ }
pr_debug("Virtual Machine Save Area (VMSA):\n");
print_hex_dump_debug("", DUMP_PREFIX_NONE, 16, 1, save, sizeof(*save), false);
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 216/396] tracing: Use .flush() call to wake up readers
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (214 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 215/396] SEV: disable SEV-ES DebugSwap by default Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 217/396] drm/amdgpu/pm: Fix the error of pwm1_enable setting Greg Kroah-Hartman
` (191 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mark Rutland,
Mathieu Desnoyers, Andrew Morton, Linus Torvalds, linke li,
Rabin Vincent, Steven Rostedt (Google)
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit e5d7c1916562f0e856eb3d6f569629fcd535fed2 upstream.
The .release() function does not get called until all readers of a file
descriptor are finished.
If a thread is blocked on reading a file descriptor in ring_buffer_wait(),
and another thread closes the file descriptor, it will not wake up the
other thread as ring_buffer_wake_waiters() is called by .release(), and
that will not get called until the .read() is finished.
The issue originally showed up in trace-cmd, but the readers are actually
other processes with their own file descriptors. So calling close() would wake
up the other tasks because they are blocked on another descriptor then the
one that was closed(). But there's other wake ups that solve that issue.
When a thread is blocked on a read, it can still hang even when another
thread closed its descriptor.
This is what the .flush() callback is for. Have the .flush() wake up the
readers.
Link: https://lore.kernel.org/linux-trace-kernel/20240308202432.107909457@goodmis.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linke li <lilinke99@qq.com>
Cc: Rabin Vincent <rabin@rab.in>
Fixes: f3ddb74ad0790 ("tracing: Wake up ring buffer waiters on closing of the file")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -8359,6 +8359,20 @@ tracing_buffers_read(struct file *filp,
return size;
}
+static int tracing_buffers_flush(struct file *file, fl_owner_t id)
+{
+ struct ftrace_buffer_info *info = file->private_data;
+ struct trace_iterator *iter = &info->iter;
+
+ iter->wait_index++;
+ /* Make sure the waiters see the new wait_index */
+ smp_wmb();
+
+ ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
+
+ return 0;
+}
+
static int tracing_buffers_release(struct inode *inode, struct file *file)
{
struct ftrace_buffer_info *info = file->private_data;
@@ -8370,12 +8384,6 @@ static int tracing_buffers_release(struc
__trace_array_put(iter->tr);
- iter->wait_index++;
- /* Make sure the waiters see the new wait_index */
- smp_wmb();
-
- ring_buffer_wake_waiters(iter->array_buffer->buffer, iter->cpu_file);
-
if (info->spare)
ring_buffer_free_read_page(iter->array_buffer->buffer,
info->spare_cpu, info->spare);
@@ -8589,6 +8597,7 @@ static const struct file_operations trac
.read = tracing_buffers_read,
.poll = tracing_buffers_poll,
.release = tracing_buffers_release,
+ .flush = tracing_buffers_flush,
.splice_read = tracing_buffers_splice_read,
.unlocked_ioctl = tracing_buffers_ioctl,
.llseek = no_llseek,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 217/396] drm/amdgpu/pm: Fix the error of pwm1_enable setting
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (215 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 216/396] tracing: Use .flush() call to wake up readers Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 218/396] tty: serial: imx: Fix broken RS485 Greg Kroah-Hartman
` (190 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Ma Jun, Lijo Lazar, Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ma Jun <Jun.Ma2@amd.com>
commit 0dafaf659cc463f2db0af92003313a8bc46781cd upstream.
Fix the pwm_mode value error which used for
pwm1_enable setting
Signed-off-by: Ma Jun <Jun.Ma2@amd.com>
Reviewed-by: Lijo Lazar <lijo.lazar@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/pm/amdgpu_pm.c
+++ b/drivers/gpu/drm/amd/pm/amdgpu_pm.c
@@ -2395,6 +2395,7 @@ static ssize_t amdgpu_hwmon_set_pwm1_ena
{
struct amdgpu_device *adev = dev_get_drvdata(dev);
int err, ret;
+ u32 pwm_mode;
int value;
if (amdgpu_in_reset(adev))
@@ -2406,13 +2407,22 @@ static ssize_t amdgpu_hwmon_set_pwm1_ena
if (err)
return err;
+ if (value == 0)
+ pwm_mode = AMD_FAN_CTRL_NONE;
+ else if (value == 1)
+ pwm_mode = AMD_FAN_CTRL_MANUAL;
+ else if (value == 2)
+ pwm_mode = AMD_FAN_CTRL_AUTO;
+ else
+ return -EINVAL;
+
ret = pm_runtime_get_sync(adev_to_drm(adev)->dev);
if (ret < 0) {
pm_runtime_put_autosuspend(adev_to_drm(adev)->dev);
return ret;
}
- ret = amdgpu_dpm_set_fan_control_mode(adev, value);
+ ret = amdgpu_dpm_set_fan_control_mode(adev, pwm_mode);
pm_runtime_mark_last_busy(adev_to_drm(adev)->dev);
pm_runtime_put_autosuspend(adev_to_drm(adev)->dev);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 218/396] tty: serial: imx: Fix broken RS485
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (216 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 217/396] drm/amdgpu/pm: Fix the error of pwm1_enable setting Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 219/396] drm/i915: Check before removing mm notifier Greg Kroah-Hartman
` (189 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Rickard x Andersson,
Christoph Niedermaier
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rickard x Andersson <rickaran@axis.com>
commit 672448ccf9b6a676f96f9352cbf91f4d35f4084a upstream.
When about to transmit the function imx_uart_start_tx is called and in
some RS485 configurations this function will call imx_uart_stop_rx. The
problem is that imx_uart_stop_rx will enable loopback in order to
release the RS485 bus, but when loopback is enabled transmitted data
will just be looped to RX.
This patch fixes the above problem by not enabling loopback when about
to transmit.
This driver now works well when used for RS485 half duplex master
configurations.
Fixes: 79d0224f6bf2 ("tty: serial: imx: Handle RS485 DE signal active high")
Cc: stable <stable@kernel.org>
Signed-off-by: Rickard x Andersson <rickaran@axis.com>
Tested-by: Christoph Niedermaier <cniedermaier@dh-electronics.com>
Link: https://lore.kernel.org/r/20240221115304.509811-1-rickaran@axis.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/imx.c | 22 ++++++++++++++++++----
1 file changed, 18 insertions(+), 4 deletions(-)
--- a/drivers/tty/serial/imx.c
+++ b/drivers/tty/serial/imx.c
@@ -468,8 +468,7 @@ static void imx_uart_stop_tx(struct uart
}
}
-/* called with port.lock taken and irqs off */
-static void imx_uart_stop_rx(struct uart_port *port)
+static void imx_uart_stop_rx_with_loopback_ctrl(struct uart_port *port, bool loopback)
{
struct imx_port *sport = (struct imx_port *)port;
u32 ucr1, ucr2, ucr4, uts;
@@ -491,7 +490,7 @@ static void imx_uart_stop_rx(struct uart
/* See SER_RS485_ENABLED/UTS_LOOP comment in imx_uart_probe() */
if (port->rs485.flags & SER_RS485_ENABLED &&
port->rs485.flags & SER_RS485_RTS_ON_SEND &&
- sport->have_rtscts && !sport->have_rtsgpio) {
+ sport->have_rtscts && !sport->have_rtsgpio && loopback) {
uts = imx_uart_readl(sport, imx_uart_uts_reg(sport));
uts |= UTS_LOOP;
imx_uart_writel(sport, uts, imx_uart_uts_reg(sport));
@@ -504,6 +503,16 @@ static void imx_uart_stop_rx(struct uart
}
/* called with port.lock taken and irqs off */
+static void imx_uart_stop_rx(struct uart_port *port)
+{
+ /*
+ * Stop RX and enable loopback in order to make sure RS485 bus
+ * is not blocked. Se comment in imx_uart_probe().
+ */
+ imx_uart_stop_rx_with_loopback_ctrl(port, true);
+}
+
+/* called with port.lock taken and irqs off */
static void imx_uart_enable_ms(struct uart_port *port)
{
struct imx_port *sport = (struct imx_port *)port;
@@ -688,9 +697,14 @@ static void imx_uart_start_tx(struct uar
imx_uart_rts_inactive(sport, &ucr2);
imx_uart_writel(sport, ucr2, UCR2);
+ /*
+ * Since we are about to transmit we can not stop RX
+ * with loopback enabled because that will make our
+ * transmitted data being just looped to RX.
+ */
if (!(port->rs485.flags & SER_RS485_RX_DURING_TX) &&
!port->rs485_rx_during_tx_gpio)
- imx_uart_stop_rx(port);
+ imx_uart_stop_rx_with_loopback_ctrl(port, false);
sport->tx_state = WAIT_AFTER_RTS;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 219/396] drm/i915: Check before removing mm notifier
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (217 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 218/396] tty: serial: imx: Fix broken RS485 Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 220/396] ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Greg Kroah-Hartman
` (188 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Andi Shyti, Shawn Lee, Nirmoy Das,
Rodrigo Vivi, Tvrtko Ursulin, Joonas Lahtinen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nirmoy Das <nirmoy.das@intel.com>
commit 01bb1ae35006e473138c90711bad1a6b614a1823 upstream.
Error in mmu_interval_notifier_insert() can leave a NULL
notifier.mm pointer. Catch that and return early.
Fixes: ed29c2691188 ("drm/i915: Fix userptr so we do not have to worry about obj->mm.lock, v7.")
Cc: <stable@vger.kernel.org> # v5.13+
[tursulin: Added Fixes and cc stable.]
Cc: Andi Shyti <andi.shyti@linux.intel.com>
Cc: Shawn Lee <shawn.c.lee@intel.com>
Signed-off-by: Nirmoy Das <nirmoy.das@intel.com>
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240219125047.28906-1-nirmoy.das@intel.com
Signed-off-by: Tvrtko Ursulin <tvrtko.ursulin@intel.com>
(cherry picked from commit db7bbd13f08774cde0332c705f042e327fe21e73)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gem/i915_gem_userptr.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
+++ b/drivers/gpu/drm/i915/gem/i915_gem_userptr.c
@@ -379,6 +379,9 @@ i915_gem_userptr_release(struct drm_i915
{
GEM_WARN_ON(obj->userptr.page_ref);
+ if (!obj->userptr.notifier.mm)
+ return;
+
mmu_interval_notifier_remove(&obj->userptr.notifier);
obj->userptr.notifier.mm = NULL;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 220/396] ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (218 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 219/396] drm/i915: Check before removing mm notifier Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 221/396] USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Greg Kroah-Hartman
` (187 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit d397b6e56151099cf3b1f7bfccb204a6a8591720 upstream.
Headset Mic will no show at resume back.
This patch will fix this issue.
Fixes: d7f32791a9fc ("ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform")
Cc: <stable@vger.kernel.org>
Signed-off-by: Kailang Yang <kailang@realtek.com>
Link: https://lore.kernel.org/r/4713d48a372e47f98bba0c6120fd8254@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -11624,8 +11624,7 @@ static void alc897_hp_automute_hook(stru
snd_hda_gen_hp_automute(codec, jack);
vref = spec->gen.hp_jack_present ? (PIN_HP | AC_PINCTL_VREF_100) : PIN_HP;
- snd_hda_codec_write(codec, 0x1b, 0, AC_VERB_SET_PIN_WIDGET_CONTROL,
- vref);
+ snd_hda_set_pin_ctl(codec, 0x1b, vref);
}
static void alc897_fixup_lenovo_headset_mic(struct hda_codec *codec,
@@ -11634,6 +11633,10 @@ static void alc897_fixup_lenovo_headset_
struct alc_spec *spec = codec->spec;
if (action == HDA_FIXUP_ACT_PRE_PROBE) {
spec->gen.hp_automute_hook = alc897_hp_automute_hook;
+ spec->no_shutup_pins = 1;
+ }
+ if (action == HDA_FIXUP_ACT_PROBE) {
+ snd_hda_set_pin_ctl_cache(codec, 0x1a, PIN_IN | AC_PINCTL_VREF_100);
}
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 221/396] USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (219 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 220/396] ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 222/396] usb: typec: altmodes/displayport: create sysfs nodes as drivers default device attribute group Greg Kroah-Hartman
` (186 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Alan Stern,
PrasannaKumar Muralidharan, Martin K. Petersen,
syzbot+28748250ab47a8f04100
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 014bcf41d946b36a8f0b8e9b5d9529efbb822f49 upstream.
The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values
in the ATA ID information to calculate cylinder and head values when
creating a CDB for READ or WRITE commands. The calculation involves
division and modulus operations, which will cause a crash if either of
these values is 0. While this never happens with a genuine device, it
could happen with a flawed or subversive emulation, as reported by the
syzbot fuzzer.
Protect against this possibility by refusing to bind to the device if
either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID
information is 0. This requires isd200_Initialization() to return a
negative error code when initialization fails; currently it always
returns 0 (even when there is an error).
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+28748250ab47a8f04100@syzkaller.appspotmail.com
Link: https://lore.kernel.org/linux-usb/0000000000003eb868061245ba7f@google.com/
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com>
Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com>
Link: https://lore.kernel.org/r/b1e605ea-333f-4ac0-9511-da04f411763e@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/isd200.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
--- a/drivers/usb/storage/isd200.c
+++ b/drivers/usb/storage/isd200.c
@@ -1105,7 +1105,7 @@ static void isd200_dump_driveid(struct u
static int isd200_get_inquiry_data( struct us_data *us )
{
struct isd200_info *info = (struct isd200_info *)us->extra;
- int retStatus = ISD200_GOOD;
+ int retStatus;
u16 *id = info->id;
usb_stor_dbg(us, "Entering isd200_get_inquiry_data\n");
@@ -1137,6 +1137,13 @@ static int isd200_get_inquiry_data( stru
isd200_fix_driveid(id);
isd200_dump_driveid(us, id);
+ /* Prevent division by 0 in isd200_scsi_to_ata() */
+ if (id[ATA_ID_HEADS] == 0 || id[ATA_ID_SECTORS] == 0) {
+ usb_stor_dbg(us, " Invalid ATA Identify data\n");
+ retStatus = ISD200_ERROR;
+ goto Done;
+ }
+
memset(&info->InquiryData, 0, sizeof(info->InquiryData));
/* Standard IDE interface only supports disks */
@@ -1202,6 +1209,7 @@ static int isd200_get_inquiry_data( stru
}
}
+ Done:
usb_stor_dbg(us, "Leaving isd200_get_inquiry_data %08X\n", retStatus);
return(retStatus);
@@ -1481,22 +1489,27 @@ static int isd200_init_info(struct us_da
static int isd200_Initialization(struct us_data *us)
{
+ int rc = 0;
+
usb_stor_dbg(us, "ISD200 Initialization...\n");
/* Initialize ISD200 info struct */
- if (isd200_init_info(us) == ISD200_ERROR) {
+ if (isd200_init_info(us) < 0) {
usb_stor_dbg(us, "ERROR Initializing ISD200 Info struct\n");
+ rc = -ENOMEM;
} else {
/* Get device specific data */
- if (isd200_get_inquiry_data(us) != ISD200_GOOD)
+ if (isd200_get_inquiry_data(us) != ISD200_GOOD) {
usb_stor_dbg(us, "ISD200 Initialization Failure\n");
- else
+ rc = -EINVAL;
+ } else {
usb_stor_dbg(us, "ISD200 Initialization complete\n");
+ }
}
- return 0;
+ return rc;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 222/396] usb: typec: altmodes/displayport: create sysfs nodes as drivers default device attribute group
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (220 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 221/396] USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 223/396] usb: gadget: ncm: Fix handling of zero block length packets Greg Kroah-Hartman
` (185 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, RD Babiera
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: RD Babiera <rdbabiera@google.com>
commit 165376f6b23e9a779850e750fb2eb06622e5a531 upstream.
The DisplayPort driver's sysfs nodes may be present to the userspace before
typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that
a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in
hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns
NULL in those cases.
Remove manual sysfs node creation in favor of adding attribute group as
default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is
not used here otherwise the path to the sysfs nodes is no longer compliant
with the ABI.
Fixes: 0e3bb7d6894d ("usb: typec: Add driver for DisplayPort alternate mode")
Cc: stable@vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera@google.com>
Link: https://lore.kernel.org/r/20240229001101.3889432-2-rdbabiera@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/altmodes/displayport.c | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
--- a/drivers/usb/typec/altmodes/displayport.c
+++ b/drivers/usb/typec/altmodes/displayport.c
@@ -554,16 +554,21 @@ static ssize_t hpd_show(struct device *d
}
static DEVICE_ATTR_RO(hpd);
-static struct attribute *dp_altmode_attrs[] = {
+static struct attribute *displayport_attrs[] = {
&dev_attr_configuration.attr,
&dev_attr_pin_assignment.attr,
&dev_attr_hpd.attr,
NULL
};
-static const struct attribute_group dp_altmode_group = {
+static const struct attribute_group displayport_group = {
.name = "displayport",
- .attrs = dp_altmode_attrs,
+ .attrs = displayport_attrs,
+};
+
+static const struct attribute_group *displayport_groups[] = {
+ &displayport_group,
+ NULL,
};
int dp_altmode_probe(struct typec_altmode *alt)
@@ -571,7 +576,6 @@ int dp_altmode_probe(struct typec_altmod
const struct typec_altmode *port = typec_altmode_get_partner(alt);
struct fwnode_handle *fwnode;
struct dp_altmode *dp;
- int ret;
/* FIXME: Port can only be DFP_U. */
@@ -582,10 +586,6 @@ int dp_altmode_probe(struct typec_altmod
DP_CAP_PIN_ASSIGN_DFP_D(alt->vdo)))
return -ENODEV;
- ret = sysfs_create_group(&alt->dev.kobj, &dp_altmode_group);
- if (ret)
- return ret;
-
dp = devm_kzalloc(&alt->dev, sizeof(*dp), GFP_KERNEL);
if (!dp)
return -ENOMEM;
@@ -619,7 +619,6 @@ void dp_altmode_remove(struct typec_altm
{
struct dp_altmode *dp = typec_altmode_get_drvdata(alt);
- sysfs_remove_group(&alt->dev.kobj, &dp_altmode_group);
cancel_work_sync(&dp->work);
if (dp->connector_fwnode) {
@@ -644,6 +643,7 @@ static struct typec_altmode_driver dp_al
.driver = {
.name = "typec_displayport",
.owner = THIS_MODULE,
+ .dev_groups = displayport_groups,
},
};
module_typec_altmode_driver(dp_altmode_driver);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 223/396] usb: gadget: ncm: Fix handling of zero block length packets
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (221 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 222/396] usb: typec: altmodes/displayport: create sysfs nodes as drivers default device attribute group Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 224/396] usb: port: Dont try to peer unused USB ports based on location Greg Kroah-Hartman
` (184 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Krishna Kurapati,
Maciej Żenczykowski
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krishna Kurapati <quic_kriskura@quicinc.com>
commit f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70 upstream.
While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX
set to 65536, it has been observed that we receive short packets,
which come at interval of 5-10 seconds sometimes and have block
length zero but still contain 1-2 valid datagrams present.
According to the NCM spec:
"If wBlockLength = 0x0000, the block is terminated by a
short packet. In this case, the USB transfer must still
be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If
exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,
and the size is a multiple of wMaxPacketSize for the
given pipe, then no ZLP shall be sent.
wBlockLength= 0x0000 must be used with extreme care, because
of the possibility that the host and device may get out of
sync, and because of test issues.
wBlockLength = 0x0000 allows the sender to reduce latency by
starting to send a very large NTB, and then shortening it when
the sender discovers that there’s not sufficient data to justify
sending a large NTB"
However, there is a potential issue with the current implementation,
as it checks for the occurrence of multiple NTBs in a single
giveback by verifying if the leftover bytes to be processed is zero
or not. If the block length reads zero, we would process the same
NTB infintely because the leftover bytes is never zero and it leads
to a crash. Fix this by bailing out if block length reads zero.
Cc: stable@vger.kernel.org
Fixes: 427694cfaafa ("usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call")
Signed-off-by: Krishna Kurapati <quic_kriskura@quicinc.com>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Link: https://lore.kernel.org/r/20240228115441.2105585-1-quic_kriskura@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_ncm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/gadget/function/f_ncm.c
+++ b/drivers/usb/gadget/function/f_ncm.c
@@ -1333,7 +1333,7 @@ parse_ntb:
if (to_process == 1 &&
(*(unsigned char *)(ntb_ptr + block_len) == 0x00)) {
to_process--;
- } else if (to_process > 0) {
+ } else if ((to_process > 0) && (block_len != 0)) {
ntb_ptr = (unsigned char *)(ntb_ptr + block_len);
goto parse_ntb;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 224/396] usb: port: Dont try to peer unused USB ports based on location
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (222 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 223/396] usb: gadget: ncm: Fix handling of zero block length packets Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 225/396] xhci: Fix failure to detect ring expansion need Greg Kroah-Hartman
` (183 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Menzel, Mathias Nyman
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit 69c63350e573367f9c8594162288cffa8a26d0d1 upstream.
Unused USB ports may have bogus location data in ACPI PLD tables.
This causes port peering failures as these unused USB2 and USB3 ports
location may match.
Due to these failures the driver prints a
"usb: port power management may be unreliable" warning, and
unnecessarily blocks port power off during runtime suspend.
This was debugged on a couple DELL systems where the unused ports
all returned zeroes in their location data.
Similar bugreports exist for other systems.
Don't try to peer or match ports that have connect type set to
USB_PORT_NOT_USED.
Fixes: 3bfd659baec8 ("usb: find internal hub tier mismatch via acpi")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218465
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218486
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Link: https://lore.kernel.org/linux-usb/5406d361-f5b7-4309-b0e6-8c94408f7d75@molgen.mpg.de
Cc: stable@vger.kernel.org # v3.16+
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218490
Link: https://lore.kernel.org/r/20240222233343.71856-1-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/port.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/usb/core/port.c
+++ b/drivers/usb/core/port.c
@@ -573,7 +573,7 @@ static int match_location(struct usb_dev
struct usb_hub *peer_hub = usb_hub_to_struct_hub(peer_hdev);
struct usb_device *hdev = to_usb_device(port_dev->dev.parent->parent);
- if (!peer_hub)
+ if (!peer_hub || port_dev->connect_type == USB_PORT_NOT_USED)
return 0;
hcd = bus_to_hcd(hdev->bus);
@@ -584,7 +584,8 @@ static int match_location(struct usb_dev
for (port1 = 1; port1 <= peer_hdev->maxchild; port1++) {
peer = peer_hub->ports[port1 - 1];
- if (peer && peer->location == port_dev->location) {
+ if (peer && peer->connect_type != USB_PORT_NOT_USED &&
+ peer->location == port_dev->location) {
link_peers_report(port_dev, peer);
return 1; /* done */
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 225/396] xhci: Fix failure to detect ring expansion need.
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (223 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 224/396] usb: port: Dont try to peer unused USB ports based on location Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 226/396] tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Greg Kroah-Hartman
` (182 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Chris Yokum, Mathias Nyman
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mathias Nyman <mathias.nyman@linux.intel.com>
commit b234c70fefa7532d34ebee104de64cc16f1b21e4 upstream.
Ring expansion checker may incorrectly assume a completely full ring
is empty, missing the need for expansion.
This is due to a special empty ring case where the dequeue ends up
ahead of the enqueue pointer. This is seen when enqueued TRBs fill up
exactly a segment, with enqueue then pointing to the end link TRB.
Once those TRBs are handled the dequeue pointer will follow the link
TRB and end up pointing to the first entry on the next segment, past
the enqueue.
This same enqueue - dequeue condition can be true if a ring is full,
with enqueue ending on that last link TRB before the dequeue pointer
on the next segment.
This can be seen when queuing several ~510 small URBs via usbfs in
one go before a single one is handled (i.e. dequeue not moved from first
entry in segment).
Expand the ring already when enqueue reaches the link TRB before the
dequeue segment, instead of expanding it when enqueue moves into the
dequeue segment.
Reported-by: Chris Yokum <linux-usb@mail.totalphase.com>
Closes: https://lore.kernel.org/all/949223224.833962.1709339266739.JavaMail.zimbra@totalphase.com
Tested-by: Chris Yokum <linux-usb@mail.totalphase.com>
Fixes: f5af638f0609 ("xhci: Fix transfer ring expansion size calculation")
Cc: stable@vger.kernel.org # v6.5+
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Link: https://lore.kernel.org/r/20240305132312.955171-2-mathias.nyman@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/host/xhci-ring.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -326,7 +326,13 @@ static unsigned int xhci_ring_expansion_
/* how many trbs will be queued past the enqueue segment? */
trbs_past_seg = enq_used + num_trbs - (TRBS_PER_SEGMENT - 1);
- if (trbs_past_seg <= 0)
+ /*
+ * Consider expanding the ring already if num_trbs fills the current
+ * segment (i.e. trbs_past_seg == 0), not only when num_trbs goes into
+ * the next segment. Avoids confusing full ring with special empty ring
+ * case below
+ */
+ if (trbs_past_seg < 0)
return 0;
/* Empty ring special case, enqueue stuck on link trb while dequeue advanced */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 226/396] tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (224 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 225/396] xhci: Fix failure to detect ring expansion need Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 227/396] serial: 8250_dw: Do not reclock if already at correct rate Greg Kroah-Hartman
` (181 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Sherry Sun,
Alexander Sverdlin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sherry Sun <sherry.sun@nxp.com>
commit 74cb7e0355fae9641f825afa389d3fba3b617714 upstream.
If the remote uart device is not connected or not enabled after booting
up, the CTS line is high by default. At this time, if we enable the flow
control when opening the device(for example, using “stty -F /dev/ttyLP4
crtscts” command), there will be a pending idle preamble(first writing 0
and then writing 1 to UARTCTRL_TE will queue an idle preamble) that
cannot be sent out, resulting in the uart port fail to close(waiting for
TX empty), so the user space stty will have to wait for a long time or
forever.
This is an LPUART IP bug(idle preamble has higher priority than CTS),
here add a workaround patch to enable TX CTS after enabling UARTCTRL_TE,
so that the idle preamble does not get stuck due to CTS is deasserted.
Fixes: 380c966c093e ("tty: serial: fsl_lpuart: add 32-bit register interface support")
Cc: stable <stable@kernel.org>
Signed-off-by: Sherry Sun <sherry.sun@nxp.com>
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Link: https://lore.kernel.org/r/20240305015706.1050769-1-sherry.sun@nxp.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/fsl_lpuart.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/fsl_lpuart.c
+++ b/drivers/tty/serial/fsl_lpuart.c
@@ -2345,9 +2345,12 @@ lpuart32_set_termios(struct uart_port *p
lpuart32_write(&sport->port, bd, UARTBAUD);
lpuart32_serial_setbrg(sport, baud);
- lpuart32_write(&sport->port, modem, UARTMODIR);
- lpuart32_write(&sport->port, ctrl, UARTCTRL);
+ /* disable CTS before enabling UARTCTRL_TE to avoid pending idle preamble */
+ lpuart32_write(&sport->port, modem & ~UARTMODIR_TXCTSE, UARTMODIR);
/* restore control register */
+ lpuart32_write(&sport->port, ctrl, UARTCTRL);
+ /* re-enable the CTS if needed */
+ lpuart32_write(&sport->port, modem, UARTMODIR);
if ((ctrl & (UARTCTRL_PE | UARTCTRL_M)) == UARTCTRL_PE)
sport->is_cs7 = true;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 227/396] serial: 8250_dw: Do not reclock if already at correct rate
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (225 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 226/396] tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 228/396] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Greg Kroah-Hartman
` (180 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Peter Collingbourne, Andy Shevchenko
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Peter Collingbourne <pcc@google.com>
commit e5d6bd25f93d6ae158bb4cd04956cb497a85b8ef upstream.
When userspace opens the console, we call set_termios() passing a
termios with the console's configured baud rate. Currently this causes
dw8250_set_termios() to disable and then re-enable the UART clock at
the same frequency as it was originally. This can cause corruption
of any concurrent console output. Fix it by skipping the reclocking
if we are already at the correct rate.
Signed-off-by: Peter Collingbourne <pcc@google.com>
Fixes: 4e26b134bd17 ("serial: 8250_dw: clock rate handling for all ACPI platforms")
Cc: stable@vger.kernel.org
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Link: https://lore.kernel.org/r/20240222192635.1050502-1-pcc@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/8250/8250_dw.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/tty/serial/8250/8250_dw.c
+++ b/drivers/tty/serial/8250/8250_dw.c
@@ -357,9 +357,9 @@ static void dw8250_set_termios(struct ua
long rate;
int ret;
- clk_disable_unprepare(d->clk);
rate = clk_round_rate(d->clk, newrate);
- if (rate > 0) {
+ if (rate > 0 && p->uartclk != rate) {
+ clk_disable_unprepare(d->clk);
/*
* Note that any clock-notifer worker will block in
* serial8250_update_uartclk() until we are done.
@@ -367,8 +367,8 @@ static void dw8250_set_termios(struct ua
ret = clk_set_rate(d->clk, newrate);
if (!ret)
p->uartclk = rate;
+ clk_prepare_enable(d->clk);
}
- clk_prepare_enable(d->clk);
dw8250_do_set_termios(p, termios, old);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 228/396] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (226 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 227/396] serial: 8250_dw: Do not reclock if already at correct rate Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 229/396] misc: fastrpc: Pass proper arguments to scm call Greg Kroah-Hartman
` (179 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Paul Menzel, regressions,
Hans de Goede
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans de Goede <hdegoede@redhat.com>
commit ac3e0384073b2408d6cb0d972fee9fcc3776053d upstream.
When not configured for wakeup lis3lv02d_i2c_suspend() will call
lis3lv02d_poweroff() even if the device has already been turned off
by the runtime-suspend handler and if configured for wakeup and
the device is runtime-suspended at this point then it is not turned
back on to serve as a wakeup source.
Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting
of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable
the regulators which as a side effect made calling poweroff() twice ok.
Now that poweroff() correctly disables the regulators, doing this twice
triggers a WARN() in the regulator core:
unbalanced disables for regulator-dummy
WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable
...
Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if
already runtime-suspended and add a poweron() call when necessary to
make wakeup work.
lis3lv02d_i2c_resume() has similar issues, with an added weirness that
it always powers on the device if it is runtime suspended, after which
the first runtime-resume will call poweron() again, causing the enabled
count for the regulator to increase by 1 every suspend/resume. These
unbalanced regulator_enable() calls cause the regulator to never
be turned off and trigger the following WARN() on driver unbind:
WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put
Fix this by making lis3lv02d_i2c_resume() mirror the new suspend().
Fixes: b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback")
Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Closes: https://lore.kernel.org/regressions/5fc6da74-af0a-4aac-b4d5-a000b39a63a5@molgen.mpg.de/
Cc: stable@vger.kernel.org
Cc: regressions@lists.linux.dev
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de> # Dell XPS 15 7590
Reviewed-by: Paul Menzel <pmenzel@molgen.mpg.de>
Link: https://lore.kernel.org/r/20240220190035.53402-1-hdegoede@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/lis3lv02d/lis3lv02d_i2c.c | 21 +++++++++++++--------
1 file changed, 13 insertions(+), 8 deletions(-)
--- a/drivers/misc/lis3lv02d/lis3lv02d_i2c.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d_i2c.c
@@ -198,8 +198,14 @@ static int lis3lv02d_i2c_suspend(struct
struct i2c_client *client = to_i2c_client(dev);
struct lis3lv02d *lis3 = i2c_get_clientdata(client);
- if (!lis3->pdata || !lis3->pdata->wakeup_flags)
+ /* Turn on for wakeup if turned off by runtime suspend */
+ if (lis3->pdata && lis3->pdata->wakeup_flags) {
+ if (pm_runtime_suspended(dev))
+ lis3lv02d_poweron(lis3);
+ /* For non wakeup turn off if not already turned off by runtime suspend */
+ } else if (!pm_runtime_suspended(dev))
lis3lv02d_poweroff(lis3);
+
return 0;
}
@@ -208,13 +214,12 @@ static int lis3lv02d_i2c_resume(struct d
struct i2c_client *client = to_i2c_client(dev);
struct lis3lv02d *lis3 = i2c_get_clientdata(client);
- /*
- * pm_runtime documentation says that devices should always
- * be powered on at resume. Pm_runtime turns them off after system
- * wide resume is complete.
- */
- if (!lis3->pdata || !lis3->pdata->wakeup_flags ||
- pm_runtime_suspended(dev))
+ /* Turn back off if turned on for wakeup and runtime suspended*/
+ if (lis3->pdata && lis3->pdata->wakeup_flags) {
+ if (pm_runtime_suspended(dev))
+ lis3lv02d_poweroff(lis3);
+ /* For non wakeup turn back on if not runtime suspended */
+ } else if (!pm_runtime_suspended(dev))
lis3lv02d_poweron(lis3);
return 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 229/396] misc: fastrpc: Pass proper arguments to scm call
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (227 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 228/396] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 230/396] serial: port: Dont suspend if the port is still busy Greg Kroah-Hartman
` (178 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Ekansh Gupta, Elliot Berman,
Srinivas Kandagatla
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ekansh Gupta <quic_ekangupt@quicinc.com>
commit a283d7f179ff83976af27bcc71f7474cb4d7c348 upstream.
For CMA memory allocation, ownership is assigned to DSP to make it
accessible by the PD running on the DSP. With current implementation
HLOS VM is stored in the channel structure during rpmsg_probe and
this VM is passed to qcom_scm call as the source VM.
The qcom_scm call will overwrite the passed source VM with the next
VM which would cause a problem in case the scm call is again needed.
Adding a local copy of source VM whereever scm call is made to avoid
this problem.
Fixes: 0871561055e6 ("misc: fastrpc: Add support for audiopd")
Cc: stable <stable@kernel.org>
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
Reviewed-by: Elliot Berman <quic_eberman@quicinc.com>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Link: https://lore.kernel.org/r/20240224114247.85953-2-srinivas.kandagatla@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/fastrpc.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -263,7 +263,6 @@ struct fastrpc_channel_ctx {
int domain_id;
int sesscount;
int vmcount;
- u64 perms;
struct qcom_scm_vmperm vmperms[FASTRPC_MAX_VMIDS];
struct rpmsg_device *rpdev;
struct fastrpc_session_ctx session[FASTRPC_MAX_SESSIONS];
@@ -1279,9 +1278,11 @@ static int fastrpc_init_create_static_pr
/* Map if we have any heap VMIDs associated with this ADSP Static Process. */
if (fl->cctx->vmcount) {
+ u64 src_perms = BIT(QCOM_SCM_VMID_HLOS);
+
err = qcom_scm_assign_mem(fl->cctx->remote_heap->phys,
(u64)fl->cctx->remote_heap->size,
- &fl->cctx->perms,
+ &src_perms,
fl->cctx->vmperms, fl->cctx->vmcount);
if (err) {
dev_err(fl->sctx->dev, "Failed to assign memory with phys 0x%llx size 0x%llx err %d",
@@ -1915,8 +1916,10 @@ static int fastrpc_req_mmap(struct fastr
/* Add memory to static PD pool, protection thru hypervisor */
if (req.flags == ADSP_MMAP_REMOTE_HEAP_ADDR && fl->cctx->vmcount) {
+ u64 src_perms = BIT(QCOM_SCM_VMID_HLOS);
+
err = qcom_scm_assign_mem(buf->phys, (u64)buf->size,
- &fl->cctx->perms, fl->cctx->vmperms, fl->cctx->vmcount);
+ &src_perms, fl->cctx->vmperms, fl->cctx->vmcount);
if (err) {
dev_err(fl->sctx->dev, "Failed to assign memory phys 0x%llx size 0x%llx err %d",
buf->phys, buf->size, err);
@@ -2290,7 +2293,6 @@ static int fastrpc_rpmsg_probe(struct rp
if (vmcount) {
data->vmcount = vmcount;
- data->perms = BIT(QCOM_SCM_VMID_HLOS);
for (i = 0; i < data->vmcount; i++) {
data->vmperms[i].vmid = vmids[i];
data->vmperms[i].perm = QCOM_SCM_PERM_RWX;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 230/396] serial: port: Dont suspend if the port is still busy
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (228 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 229/396] misc: fastrpc: Pass proper arguments to scm call Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 231/396] mei: me: add arrow lake point S DID Greg Kroah-Hartman
` (177 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Tony Lindgren,
Andy Shevchenko, Yicong Yang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yicong Yang <yangyicong@hisilicon.com>
commit 43066e32227ecde674e8ae1fcdd4a1ede67680c2 upstream.
We accidently met the issue that the bash prompt is not shown after the
previous command done and until the next input if there's only one CPU
(In our issue other CPUs are isolated by isolcpus=). Further analysis
shows it's because the port entering runtime suspend even if there's
still pending chars in the buffer and the pending chars will only be
processed in next device resuming. We are using amba-pl011 and the
problematic flow is like below:
Bash kworker
tty_write()
file_tty_write()
n_tty_write()
uart_write()
__uart_start()
pm_runtime_get() // wakeup waker
queue_work()
pm_runtime_work()
rpm_resume()
status = RPM_RESUMING
serial_port_runtime_resume()
port->ops->start_tx()
pl011_tx_chars()
uart_write_wakeup()
[…]
__uart_start()
pm_runtime_get() < 0 // because runtime status = RPM_RESUMING
// later data are not commit to the port driver
status = RPM_ACTIVE
rpm_idle() -> rpm_suspend()
This patch tries to fix this by checking the port busy before entering
runtime suspending. A runtime_suspend callback is added for the port
driver. When entering runtime suspend the callback is invoked, if there's
still pending chars in the buffer then flush the buffer.
Fixes: 84a9582fd203 ("serial: core: Start managing serial controllers to enable runtime PM")
Cc: stable <stable@kernel.org>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Yicong Yang <yangyicong@hisilicon.com>
Link: https://lore.kernel.org/r/20240226152351.40924-1-yangyicong@huawei.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/serial_port.c | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
--- a/drivers/tty/serial/serial_port.c
+++ b/drivers/tty/serial/serial_port.c
@@ -46,8 +46,31 @@ out:
return 0;
}
+static int serial_port_runtime_suspend(struct device *dev)
+{
+ struct serial_port_device *port_dev = to_serial_base_port_device(dev);
+ struct uart_port *port = port_dev->port;
+ unsigned long flags;
+ bool busy;
+
+ if (port->flags & UPF_DEAD)
+ return 0;
+
+ uart_port_lock_irqsave(port, &flags);
+ busy = __serial_port_busy(port);
+ if (busy)
+ port->ops->start_tx(port);
+ uart_port_unlock_irqrestore(port, flags);
+
+ if (busy)
+ pm_runtime_mark_last_busy(dev);
+
+ return busy ? -EBUSY : 0;
+}
+
static DEFINE_RUNTIME_DEV_PM_OPS(serial_port_pm,
- NULL, serial_port_runtime_resume, NULL);
+ serial_port_runtime_suspend,
+ serial_port_runtime_resume, NULL);
static int serial_port_probe(struct device *dev)
{
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 231/396] mei: me: add arrow lake point S DID
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (229 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 230/396] serial: port: Dont suspend if the port is still busy Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 232/396] mei: me: add arrow lake point H DID Greg Kroah-Hartman
` (176 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Usyskin, Tomas Winkler
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usyskin@intel.com>
commit 7a9b9012043e126f6d6f4683e67409312d1b707b upstream.
Add Arrow Lake S device id.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Link: https://lore.kernel.org/r/20240211103912.117105-1-tomas.winkler@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/mei/hw-me-regs.h | 1 +
drivers/misc/mei/pci-me.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/misc/mei/hw-me-regs.h
+++ b/drivers/misc/mei/hw-me-regs.h
@@ -112,6 +112,7 @@
#define MEI_DEV_ID_RPL_S 0x7A68 /* Raptor Lake Point S */
#define MEI_DEV_ID_MTL_M 0x7E70 /* Meteor Lake Point M */
+#define MEI_DEV_ID_ARL_S 0x7F68 /* Arrow Lake Point S */
/*
* MEI HW Section
--- a/drivers/misc/mei/pci-me.c
+++ b/drivers/misc/mei/pci-me.c
@@ -119,6 +119,7 @@ static const struct pci_device_id mei_me
{MEI_PCI_DEVICE(MEI_DEV_ID_RPL_S, MEI_ME_PCH15_CFG)},
{MEI_PCI_DEVICE(MEI_DEV_ID_MTL_M, MEI_ME_PCH15_CFG)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)},
/* required last entry */
{0, }
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 232/396] mei: me: add arrow lake point H DID
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (230 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 231/396] mei: me: add arrow lake point S DID Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 233/396] vt: fix unicode buffer corruption when deleting characters Greg Kroah-Hartman
` (175 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Usyskin, Tomas Winkler
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Usyskin <alexander.usyskin@intel.com>
commit 8436f25802ec028ac7254990893f3e01926d9b79 upstream.
Add Arrow Lake H device id.
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Link: https://lore.kernel.org/r/20240211103912.117105-2-tomas.winkler@intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/mei/hw-me-regs.h | 1 +
drivers/misc/mei/pci-me.c | 1 +
2 files changed, 2 insertions(+)
--- a/drivers/misc/mei/hw-me-regs.h
+++ b/drivers/misc/mei/hw-me-regs.h
@@ -113,6 +113,7 @@
#define MEI_DEV_ID_MTL_M 0x7E70 /* Meteor Lake Point M */
#define MEI_DEV_ID_ARL_S 0x7F68 /* Arrow Lake Point S */
+#define MEI_DEV_ID_ARL_H 0x7770 /* Arrow Lake Point H */
/*
* MEI HW Section
--- a/drivers/misc/mei/pci-me.c
+++ b/drivers/misc/mei/pci-me.c
@@ -120,6 +120,7 @@ static const struct pci_device_id mei_me
{MEI_PCI_DEVICE(MEI_DEV_ID_MTL_M, MEI_ME_PCH15_CFG)},
{MEI_PCI_DEVICE(MEI_DEV_ID_ARL_S, MEI_ME_PCH15_CFG)},
+ {MEI_PCI_DEVICE(MEI_DEV_ID_ARL_H, MEI_ME_PCH15_CFG)},
/* required last entry */
{0, }
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 233/396] vt: fix unicode buffer corruption when deleting characters
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (231 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 232/396] mei: me: add arrow lake point H DID Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 234/396] Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Greg Kroah-Hartman
` (174 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Nicolas Pitre, stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolas Pitre <nico@fluxnic.net>
commit 1581dafaf0d34bc9c428a794a22110d7046d186d upstream.
This is the same issue that was fixed for the VGA text buffer in commit
39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the
buffer"). The cure is also the same i.e. replace memcpy() with memmove()
due to the overlaping buffers.
Signed-off-by: Nicolas Pitre <nico@fluxnic.net>
Fixes: 81732c3b2fed ("tty vt: Fix line garbage in virtual console on command line edition")
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/sn184on2-3p0q-0qrq-0218-895349s4753o@syhkavp.arg
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/vt/vt.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/vt/vt.c
+++ b/drivers/tty/vt/vt.c
@@ -381,7 +381,7 @@ static void vc_uniscr_delete(struct vc_d
u32 *ln = vc->vc_uni_lines[vc->state.y];
unsigned int x = vc->state.x, cols = vc->vc_cols;
- memcpy(&ln[x], &ln[x + nr], (cols - x - nr) * sizeof(*ln));
+ memmove(&ln[x], &ln[x + nr], (cols - x - nr) * sizeof(*ln));
memset32(&ln[cols - nr], ' ', nr);
}
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 234/396] Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (232 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 233/396] vt: fix unicode buffer corruption when deleting characters Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 235/396] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Greg Kroah-Hartman
` (173 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Douglas Anderson, Jiri Slaby,
Johan Hovold
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Douglas Anderson <dianders@chromium.org>
commit 3d9319c27ceb35fa3d2c8b15508967f3fc7e5b78 upstream.
This reverts commit 5c7e105cd156fc9adf5294a83623d7a40c15f9b9.
As identified by KASAN, the simplification done by the cleanup patch
was not legal.
>From tracing through the code, it can be seen that we're transmitting
from a 4096-byte circular buffer. We copy anywhere from 1-4 bytes from
it each time. The simplification runs into trouble when we get near
the end of the circular buffer. For instance, we might start out with
xmit->tail = 4094 and we want to transfer 4 bytes. With the code
before simplification this was no problem. We'd read buf[4094],
buf[4095], buf[0], and buf[1]. With the new code we'll do a
memcpy(&buf[4094], 4) which reads 2 bytes past the end of the buffer
and then skips transmitting what's at buf[0] and buf[1].
KASAN isn't 100% consistent at reporting this for me, but to be extra
confident in the analysis, I added traces of the tail and tx_bytes and
then wrote a test program:
while true; do
echo -n "abcdefghijklmnopqrstuvwxyz0" > /dev/ttyMSM0
sleep .1
done
I watched the traces over SSH and saw:
qcom_geni_serial_send_chunk_fifo: 4093 4
qcom_geni_serial_send_chunk_fifo: 1 3
Which indicated that one byte should be missing. Sure enough the
output that should have been:
abcdefghijklmnopqrstuvwxyz0
In one case was actually missing a byte:
abcdefghijklmnopqrstuvwyz0
Running "ls -al" on large directories also made the missing bytes
obvious since columns didn't line up.
While the original code may not be the most elegant, we only talking
about copying up to 4 bytes here. Let's just go back to the code that
worked.
Fixes: 5c7e105cd156 ("tty: serial: simplify qcom_geni_serial_send_chunk_fifo()")
Cc: stable <stable@kernel.org>
Signed-off-by: Douglas Anderson <dianders@chromium.org>
Acked-by: Jiri Slaby <jirislaby@kernel.org>
Tested-by: Johan Hovold <johan+linaro@kernel.org>
Link: https://lore.kernel.org/r/20240304174952.1.I920a314049b345efd1f69d708e7f74d2213d0b49@changeid
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/qcom_geni_serial.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/drivers/tty/serial/qcom_geni_serial.c
+++ b/drivers/tty/serial/qcom_geni_serial.c
@@ -851,19 +851,21 @@ static void qcom_geni_serial_stop_tx(str
}
static void qcom_geni_serial_send_chunk_fifo(struct uart_port *uport,
- unsigned int remaining)
+ unsigned int chunk)
{
struct qcom_geni_serial_port *port = to_dev_port(uport);
struct circ_buf *xmit = &uport->state->xmit;
- unsigned int tx_bytes;
+ unsigned int tx_bytes, c, remaining = chunk;
u8 buf[BYTES_PER_FIFO_WORD];
while (remaining) {
memset(buf, 0, sizeof(buf));
tx_bytes = min(remaining, BYTES_PER_FIFO_WORD);
- memcpy(buf, &xmit->buf[xmit->tail], tx_bytes);
- uart_xmit_advance(uport, tx_bytes);
+ for (c = 0; c < tx_bytes ; c++) {
+ buf[c] = xmit->buf[xmit->tail];
+ uart_xmit_advance(uport, 1);
+ }
iowrite32_rep(uport->membase + SE_GENI_TX_FIFOn, buf, 1);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 235/396] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (233 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 234/396] Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 236/396] ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Greg Kroah-Hartman
` (172 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Biggers, Benjamin LaHaise,
Eric Biggers, Christoph Hellwig, Avi Kivity, Sandeep Dhavale,
Jens Axboe, Kent Overstreet, Bart Van Assche, Christian Brauner
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bart Van Assche <bvanassche@acm.org>
commit 961ebd120565cb60cebe21cb634fbc456022db4a upstream.
The first kiocb_set_cancel_fn() argument may point at a struct kiocb
that is not embedded inside struct aio_kiocb. With the current code,
depending on the compiler, the req->ki_ctx read happens either before
the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such
that it is guaranteed that the IOCB_AIO_RW test happens first.
Reported-by: Eric Biggers <ebiggers@kernel.org>
Cc: Benjamin LaHaise <ben@communityfibre.ca>
Cc: Eric Biggers <ebiggers@google.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Avi Kivity <avi@scylladb.com>
Cc: Sandeep Dhavale <dhavale@google.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Kent Overstreet <kent.overstreet@linux.dev>
Cc: stable@vger.kernel.org
Fixes: b820de741ae4 ("fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20240304235715.3790858-1-bvanassche@acm.org
Reviewed-by: Jens Axboe <axboe@kernel.dk>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/aio.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -590,8 +590,8 @@ static int aio_setup_ring(struct kioctx
void kiocb_set_cancel_fn(struct kiocb *iocb, kiocb_cancel_fn *cancel)
{
- struct aio_kiocb *req = container_of(iocb, struct aio_kiocb, rw);
- struct kioctx *ctx = req->ki_ctx;
+ struct aio_kiocb *req;
+ struct kioctx *ctx;
unsigned long flags;
/*
@@ -601,9 +601,13 @@ void kiocb_set_cancel_fn(struct kiocb *i
if (!(iocb->ki_flags & IOCB_AIO_RW))
return;
+ req = container_of(iocb, struct aio_kiocb, rw);
+
if (WARN_ON_ONCE(!list_empty(&req->ki_list)))
return;
+ ctx = req->ki_ctx;
+
spin_lock_irqsave(&ctx->ctx_lock, flags);
list_add_tail(&req->ki_list, &ctx->active_reqs);
req->ki_cancel = cancel;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 236/396] ALSA: hda/realtek - Add Headset Mic supported Acer NB platform
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (234 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 235/396] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 237/396] ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Greg Kroah-Hartman
` (171 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Kailang Yang, Takashi Iwai
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kailang Yang <kailang@realtek.com>
commit 34ab5bbc6e82214d7f7393eba26d164b303ebb4e upstream.
It will be enable headset Mic for Acer NB platform.
Signed-off-by: Kailang Yang <kailang@realtek.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/fe0eb6661ca240f3b7762b5b3257710d@realtek.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -10935,6 +10935,8 @@ static const struct snd_hda_pin_quirk al
* at most one tbl is allowed to define for the same vendor and same codec
*/
static const struct snd_hda_pin_quirk alc269_fallback_pin_fixup_tbl[] = {
+ SND_HDA_PIN_QUIRK(0x10ec0256, 0x1025, "Acer", ALC2XX_FIXUP_HEADSET_MIC,
+ {0x19, 0x40000000}),
SND_HDA_PIN_QUIRK(0x10ec0289, 0x1028, "Dell", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE,
{0x19, 0x40000000},
{0x1b, 0x40000000}),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 237/396] ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (235 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 236/396] ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 238/396] tee: optee: Fix kernel panic caused by incorrect error handling Greg Kroah-Hartman
` (170 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Chi, Takashi Iwai
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Chi <andy.chi@canonical.com>
commit a17bd44c0146b00fcaa692915789c16bd1fb2a81 upstream.
The HP EliteBook using ALC236 codec which using 0x02 to
control mute LED and 0x01 to control micmute LED.
Therefore, add a quirk to make it works.
Signed-off-by: Andy Chi <andy.chi@canonical.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240304134033.773348-1-andy.chi@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9950,6 +9950,10 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8c70, "HP EliteBook 835 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8c71, "HP EliteBook 845 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8c8a, "HP EliteBook 630", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8c8c, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8c90, "HP EliteBook 640", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8c91, "HP EliteBook 660", ALC236_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8c97, "HP ZBook", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8ca1, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 238/396] tee: optee: Fix kernel panic caused by incorrect error handling
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (236 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 237/396] ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 239/396] ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Greg Kroah-Hartman
` (169 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mikko Rapeli, Sumit Garg,
Jens Wiklander
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sumit Garg <sumit.garg@linaro.org>
commit 95915ba4b987cf2b222b0f251280228a1ff977ac upstream.
The error path while failing to register devices on the TEE bus has a
bug leading to kernel panic as follows:
[ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c
[ 15.406913] Mem abort info:
[ 15.409722] ESR = 0x0000000096000005
[ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits
[ 15.418814] SET = 0, FnV = 0
[ 15.421878] EA = 0, S1PTW = 0
[ 15.425031] FSC = 0x05: level 1 translation fault
[ 15.429922] Data abort info:
[ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
[ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000
[ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000
[ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
lead to the introduction of this bug. So fix it appropriately.
Reported-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218542
Fixes: 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration")
Cc: stable@vger.kernel.org
Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tee/optee/device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/drivers/tee/optee/device.c
+++ b/drivers/tee/optee/device.c
@@ -90,13 +90,14 @@ static int optee_register_device(const u
if (rc) {
pr_err("device registration failed, err: %d\n", rc);
put_device(&optee_device->dev);
+ return rc;
}
if (func == PTA_CMD_GET_DEVICES_SUPP)
device_create_file(&optee_device->dev,
&dev_attr_need_supplicant);
- return rc;
+ return 0;
}
static int __optee_enumerate_devices(u32 func)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 239/396] ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (237 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 238/396] tee: optee: Fix kernel panic caused by incorrect error handling Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 240/396] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Greg Kroah-Hartman
` (168 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Fabio Estevam, Francesco Dolcini,
Shawn Guo
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fabio Estevam <festevam@denx.de>
commit 2b0a5a8a397c0ae8f8cd25e7d3857c749239ceb8 upstream.
Since commit bfac19e239a7 ("fbdev: mx3fb: Remove the driver") backlight
is no longer functional.
The fbdev mx3fb driver used to automatically select
CONFIG_BACKLIGHT_CLASS_DEVICE.
Now that the mx3fb driver has been removed, enable the
CONFIG_BACKLIGHT_CLASS_DEVICE option so that backlight can still work
by default.
Tested on a imx6dl-sabresd board.
Cc: stable@vger.kernel.org
Fixes: bfac19e239a7 ("fbdev: mx3fb: Remove the driver")
Signed-off-by: Fabio Estevam <festevam@denx.de>
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Tested-by: Francesco Dolcini <francesco.dolcini@toradex.com> # Toradex Colibri iMX7
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/configs/imx_v6_v7_defconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm/configs/imx_v6_v7_defconfig b/arch/arm/configs/imx_v6_v7_defconfig
index 0a90583f9f01..8f9dbe8d9029 100644
--- a/arch/arm/configs/imx_v6_v7_defconfig
+++ b/arch/arm/configs/imx_v6_v7_defconfig
@@ -297,6 +297,7 @@ CONFIG_FB_MODE_HELPERS=y
CONFIG_LCD_CLASS_DEVICE=y
CONFIG_LCD_L4F00242T03=y
CONFIG_LCD_PLATFORM=y
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
CONFIG_BACKLIGHT_PWM=y
CONFIG_BACKLIGHT_GPIO=y
CONFIG_FRAMEBUFFER_CONSOLE=y
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 240/396] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (238 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 239/396] ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 241/396] arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Greg Kroah-Hartman
` (167 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vlastimil Babka, Sven van Ashbrook,
Karthikeyan Ramasubramanian, Brian Geffon, Curtis Malainey,
Jaroslav Kysela, Mel Gorman, Michal Hocko, Takashi Iwai,
Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vlastimil Babka <vbabka@suse.cz>
commit 803de9000f334b771afacb6ff3e78622916668b0 upstream.
Sven reports an infinite loop in __alloc_pages_slowpath() for costly order
__GFP_RETRY_MAYFAIL allocations that are also GFP_NOIO. Such combination
can happen in a suspend/resume context where a GFP_KERNEL allocation can
have __GFP_IO masked out via gfp_allowed_mask.
Quoting Sven:
1. try to do a "costly" allocation (order > PAGE_ALLOC_COSTLY_ORDER)
with __GFP_RETRY_MAYFAIL set.
2. page alloc's __alloc_pages_slowpath tries to get a page from the
freelist. This fails because there is nothing free of that costly
order.
3. page alloc tries to reclaim by calling __alloc_pages_direct_reclaim,
which bails out because a zone is ready to be compacted; it pretends
to have made a single page of progress.
4. page alloc tries to compact, but this always bails out early because
__GFP_IO is not set (it's not passed by the snd allocator, and even
if it were, we are suspending so the __GFP_IO flag would be cleared
anyway).
5. page alloc believes reclaim progress was made (because of the
pretense in item 3) and so it checks whether it should retry
compaction. The compaction retry logic thinks it should try again,
because:
a) reclaim is needed because of the early bail-out in item 4
b) a zonelist is suitable for compaction
6. goto 2. indefinite stall.
(end quote)
The immediate root cause is confusing the COMPACT_SKIPPED returned from
__alloc_pages_direct_compact() (step 4) due to lack of __GFP_IO to be
indicating a lack of order-0 pages, and in step 5 evaluating that in
should_compact_retry() as a reason to retry, before incrementing and
limiting the number of retries. There are however other places that
wrongly assume that compaction can happen while we lack __GFP_IO.
To fix this, introduce gfp_compaction_allowed() to abstract the __GFP_IO
evaluation and switch the open-coded test in try_to_compact_pages() to use
it.
Also use the new helper in:
- compaction_ready(), which will make reclaim not bail out in step 3, so
there's at least one attempt to actually reclaim, even if chances are
small for a costly order
- in_reclaim_compaction() which will make should_continue_reclaim()
return false and we don't over-reclaim unnecessarily
- in __alloc_pages_slowpath() to set a local variable can_compact,
which is then used to avoid retrying reclaim/compaction for costly
allocations (step 5) if we can't compact and also to skip the early
compaction attempt that we do in some cases
Link: https://lkml.kernel.org/r/20240221114357.13655-2-vbabka@suse.cz
Fixes: 3250845d0526 ("Revert "mm, oom: prevent premature OOM killer invocation for high order request"")
Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Sven van Ashbrook <svenva@chromium.org>
Closes: https://lore.kernel.org/all/CAG-rBihs_xMKb3wrMO1%2B-%2Bp4fowP9oy1pa_OTkfxBzPUVOZF%2Bg@mail.gmail.com/
Tested-by: Karthikeyan Ramasubramanian <kramasub@chromium.org>
Cc: Brian Geffon <bgeffon@google.com>
Cc: Curtis Malainey <cujomalainey@chromium.org>
Cc: Jaroslav Kysela <perex@perex.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Michal Hocko <mhocko@kernel.org>
Cc: Takashi Iwai <tiwai@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/gfp.h | 9 +++++++++
mm/compaction.c | 7 +------
mm/page_alloc.c | 10 ++++++----
mm/vmscan.c | 5 ++++-
4 files changed, 20 insertions(+), 11 deletions(-)
--- a/include/linux/gfp.h
+++ b/include/linux/gfp.h
@@ -343,6 +343,15 @@ static inline bool gfp_has_io_fs(gfp_t g
return (gfp & (__GFP_IO | __GFP_FS)) == (__GFP_IO | __GFP_FS);
}
+/*
+ * Check if the gfp flags allow compaction - GFP_NOIO is a really
+ * tricky context because the migration might require IO.
+ */
+static inline bool gfp_compaction_allowed(gfp_t gfp_mask)
+{
+ return IS_ENABLED(CONFIG_COMPACTION) && (gfp_mask & __GFP_IO);
+}
+
extern gfp_t vma_thp_gfp_mask(struct vm_area_struct *vma);
#ifdef CONFIG_CONTIG_ALLOC
--- a/mm/compaction.c
+++ b/mm/compaction.c
@@ -2684,16 +2684,11 @@ enum compact_result try_to_compact_pages
unsigned int alloc_flags, const struct alloc_context *ac,
enum compact_priority prio, struct page **capture)
{
- int may_perform_io = (__force int)(gfp_mask & __GFP_IO);
struct zoneref *z;
struct zone *zone;
enum compact_result rc = COMPACT_SKIPPED;
- /*
- * Check if the GFP flags allow compaction - GFP_NOIO is really
- * tricky context because the migration might require IO
- */
- if (!may_perform_io)
+ if (!gfp_compaction_allowed(gfp_mask))
return COMPACT_SKIPPED;
trace_mm_compaction_try_to_compact_pages(order, gfp_mask, prio);
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -3900,6 +3900,7 @@ __alloc_pages_slowpath(gfp_t gfp_mask, u
struct alloc_context *ac)
{
bool can_direct_reclaim = gfp_mask & __GFP_DIRECT_RECLAIM;
+ bool can_compact = gfp_compaction_allowed(gfp_mask);
const bool costly_order = order > PAGE_ALLOC_COSTLY_ORDER;
struct page *page = NULL;
unsigned int alloc_flags;
@@ -3970,7 +3971,7 @@ restart:
* Don't try this for allocations that are allowed to ignore
* watermarks, as the ALLOC_NO_WATERMARKS attempt didn't yet happen.
*/
- if (can_direct_reclaim &&
+ if (can_direct_reclaim && can_compact &&
(costly_order ||
(order > 0 && ac->migratetype != MIGRATE_MOVABLE))
&& !gfp_pfmemalloc_allowed(gfp_mask)) {
@@ -4068,9 +4069,10 @@ retry:
/*
* Do not retry costly high order allocations unless they are
- * __GFP_RETRY_MAYFAIL
+ * __GFP_RETRY_MAYFAIL and we can compact
*/
- if (costly_order && !(gfp_mask & __GFP_RETRY_MAYFAIL))
+ if (costly_order && (!can_compact ||
+ !(gfp_mask & __GFP_RETRY_MAYFAIL)))
goto nopage;
if (should_reclaim_retry(gfp_mask, order, ac, alloc_flags,
@@ -4083,7 +4085,7 @@ retry:
* implementation of the compaction depends on the sufficient amount
* of free memory (see __compaction_suitable)
*/
- if (did_some_progress > 0 &&
+ if (did_some_progress > 0 && can_compact &&
should_compact_retry(ac, order, alloc_flags,
compact_result, &compact_priority,
&compaction_retries))
--- a/mm/vmscan.c
+++ b/mm/vmscan.c
@@ -6426,7 +6426,7 @@ static void shrink_lruvec(struct lruvec
/* Use reclaim/compaction for costly allocs or under memory pressure */
static bool in_reclaim_compaction(struct scan_control *sc)
{
- if (IS_ENABLED(CONFIG_COMPACTION) && sc->order &&
+ if (gfp_compaction_allowed(sc->gfp_mask) && sc->order &&
(sc->order > PAGE_ALLOC_COSTLY_ORDER ||
sc->priority < DEF_PRIORITY - 2))
return true;
@@ -6671,6 +6671,9 @@ static inline bool compaction_ready(stru
{
unsigned long watermark;
+ if (!gfp_compaction_allowed(sc->gfp_mask))
+ return false;
+
/* Allocation can already succeed, nothing to do */
if (zone_watermark_ok(zone, sc->order, min_wmark_pages(zone),
sc->reclaim_idx, 0))
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 241/396] arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (239 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 240/396] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 242/396] iio: accel: adxl367: fix DEVID read after reset Greg Kroah-Hartman
` (166 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Konrad Dybcio,
Manivannan Sadhasivam, Bjorn Andersson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan+linaro@kernel.org>
commit 7a1c6a8bf47b0b290c79b9cc3ba6ee68be5522e8 upstream.
Limit the WiFi PCIe link speed to Gen2 speed (500 MB/s), which is the
speed that the boot firmware has brought up the link at (and that
Windows uses).
This is specifically needed to avoid a large amount of link errors when
restarting the link during boot (but which are currently not reported).
This also appears to fix intermittent failures to download the ath11k
firmware during boot which can be seen when there is a longer delay
between restarting the link and loading the WiFi driver (e.g. when using
full disk encryption).
Fixes: 123b30a75623 ("arm64: dts: qcom: sc8280xp-x13s: enable WiFi controller")
Cc: stable@vger.kernel.org # 6.2
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Reviewed-by: Manivannan Sadhasivam <manivannan.sadhasivam@linaro.org>
Link: https://lore.kernel.org/r/20240223152124.20042-8-johan+linaro@kernel.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 2 ++
1 file changed, 2 insertions(+)
--- a/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts
+++ b/arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts
@@ -721,6 +721,8 @@
};
&pcie4 {
+ max-link-speed = <2>;
+
perst-gpios = <&tlmm 141 GPIO_ACTIVE_LOW>;
wake-gpios = <&tlmm 139 GPIO_ACTIVE_LOW>;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 242/396] iio: accel: adxl367: fix DEVID read after reset
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (240 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 241/396] arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 243/396] iio: accel: adxl367: fix I2C FIFO data register Greg Kroah-Hartman
` (165 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Cosmin Tanislav, Nuno Sa, Stable,
Jonathan Cameron
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cosmin Tanislav <demonsingur@gmail.com>
commit 1b926914bbe4e30cb32f268893ef7d82a85275b8 upstream.
regmap_read_poll_timeout() will not sleep before reading,
causing the first read to return -ENXIO on I2C, since the
chip does not respond to it while it is being reset.
The datasheet specifies that a soft reset operation has a
latency of 7.5ms.
Add a 15ms sleep between reset and reading the DEVID register,
and switch to a simple regmap_read() call.
Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver")
Signed-off-by: Cosmin Tanislav <demonsingur@gmail.com>
Reviewed-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20240207033657.206171-1-demonsingur@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/adxl367.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/drivers/iio/accel/adxl367.c
+++ b/drivers/iio/accel/adxl367.c
@@ -1429,9 +1429,11 @@ static int adxl367_verify_devid(struct a
unsigned int val;
int ret;
- ret = regmap_read_poll_timeout(st->regmap, ADXL367_REG_DEVID, val,
- val == ADXL367_DEVID_AD, 1000, 10000);
+ ret = regmap_read(st->regmap, ADXL367_REG_DEVID, &val);
if (ret)
+ return dev_err_probe(st->dev, ret, "Failed to read dev id\n");
+
+ if (val != ADXL367_DEVID_AD)
return dev_err_probe(st->dev, -ENODEV,
"Invalid dev id 0x%02X, expected 0x%02X\n",
val, ADXL367_DEVID_AD);
@@ -1510,6 +1512,8 @@ int adxl367_probe(struct device *dev, co
if (ret)
return ret;
+ fsleep(15000);
+
ret = adxl367_verify_devid(st);
if (ret)
return ret;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 243/396] iio: accel: adxl367: fix I2C FIFO data register
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (241 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 242/396] iio: accel: adxl367: fix DEVID read after reset Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 244/396] i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Greg Kroah-Hartman
` (164 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Cosmin Tanislav, Nuno Sa, Stable,
Jonathan Cameron
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Cosmin Tanislav <demonsingur@gmail.com>
commit 11dadb631007324c7a8bcb2650eda88ed2b9eed0 upstream.
As specified in the datasheet, the I2C FIFO data register is
0x18, not 0x42. 0x42 was used by mistake when adapting the
ADXL372 driver.
Fix this mistake.
Fixes: cbab791c5e2a ("iio: accel: add ADXL367 driver")
Signed-off-by: Cosmin Tanislav <demonsingur@gmail.com>
Reviewed-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20240207033657.206171-2-demonsingur@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/adxl367_i2c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/iio/accel/adxl367_i2c.c
+++ b/drivers/iio/accel/adxl367_i2c.c
@@ -11,7 +11,7 @@
#include "adxl367.h"
-#define ADXL367_I2C_FIFO_DATA 0x42
+#define ADXL367_I2C_FIFO_DATA 0x18
struct adxl367_i2c_state {
struct regmap *regmap;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 244/396] i2c: i801: Avoid potential double call to gpiod_remove_lookup_table
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (242 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 243/396] iio: accel: adxl367: fix I2C FIFO data register Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 245/396] iio: imu: inv_mpu6050: fix frequency setting when chip is off Greg Kroah-Hartman
` (163 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Andi Shyti, Linus Walleij,
Heiner Kallweit
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heiner Kallweit <hkallweit1@gmail.com>
commit ceb013b2d9a2946035de5e1827624edc85ae9484 upstream.
If registering the platform device fails, the lookup table is
removed in the error path. On module removal we would try to
remove the lookup table again. Fix this by setting priv->lookup
only if registering the platform device was successful.
In addition free the memory allocated for the lookup table in
the error path.
Fixes: d308dfbf62ef ("i2c: mux/i801: Switch to use descriptor passing")
Cc: stable@vger.kernel.org
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/i2c/busses/i2c-i801.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -1417,7 +1417,6 @@ static void i801_add_mux(struct i801_pri
lookup->table[i] = GPIO_LOOKUP(mux_config->gpio_chip,
mux_config->gpios[i], "mux", 0);
gpiod_add_lookup_table(lookup);
- priv->lookup = lookup;
/*
* Register the mux device, we use PLATFORM_DEVID_NONE here
@@ -1431,7 +1430,10 @@ static void i801_add_mux(struct i801_pri
sizeof(struct i2c_mux_gpio_platform_data));
if (IS_ERR(priv->mux_pdev)) {
gpiod_remove_lookup_table(lookup);
+ devm_kfree(dev, lookup);
dev_err(dev, "Failed to register i2c-mux-gpio device\n");
+ } else {
+ priv->lookup = lookup;
}
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 245/396] iio: imu: inv_mpu6050: fix frequency setting when chip is off
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (243 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 244/396] i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 246/396] iio: imu: inv_mpu6050: fix FIFO parsing when empty Greg Kroah-Hartman
` (162 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jean-Baptiste Maneyrol,
Jonathan Cameron
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
commit daec424cc57b33a28f8621eb7ac85f8bd327bd6b upstream.
Track correctly FIFO state and apply ODR change before starting
the chip. Without the fix, you cannot change ODR more than 1 time
when data buffering is off. This restriction on a single pending ODR
change should only apply when the FIFO is on.
Fixes: 111e1abd0045 ("iio: imu: inv_mpu6050: use the common inv_sensors timestamp module")
Cc: stable@vger.kernel.org
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
Link: https://lore.kernel.org/r/20240219154741.90601-1-inv.git-commit@tdk.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c
index 676704f9151f..e6e6e94452a3 100644
--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c
+++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_trigger.c
@@ -111,6 +111,7 @@ int inv_mpu6050_prepare_fifo(struct inv_mpu6050_state *st, bool enable)
if (enable) {
/* reset timestamping */
inv_sensors_timestamp_reset(&st->timestamp);
+ inv_sensors_timestamp_apply_odr(&st->timestamp, 0, 0, 0);
/* reset FIFO */
d = st->chip_config.user_ctrl | INV_MPU6050_BIT_FIFO_RST;
ret = regmap_write(st->map, st->reg->user_ctrl, d);
@@ -184,6 +185,10 @@ static int inv_mpu6050_set_enable(struct iio_dev *indio_dev, bool enable)
if (result)
goto error_power_off;
} else {
+ st->chip_config.gyro_fifo_enable = 0;
+ st->chip_config.accl_fifo_enable = 0;
+ st->chip_config.temp_fifo_enable = 0;
+ st->chip_config.magn_fifo_enable = 0;
result = inv_mpu6050_prepare_fifo(st, false);
if (result)
goto error_power_off;
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 246/396] iio: imu: inv_mpu6050: fix FIFO parsing when empty
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (244 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 245/396] iio: imu: inv_mpu6050: fix frequency setting when chip is off Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 247/396] drm/i915: Dont explode when the dig port we dont have an AUX CH Greg Kroah-Hartman
` (161 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jean-Baptiste Maneyrol,
Jonathan Cameron
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
commit 60caa8b33bd682a9ed99d1fc3f91d74e1acc9922 upstream.
Now that we are reading the full FIFO in the interrupt handler,
it is possible to have an emply FIFO since we are still receiving
1 interrupt per data. Handle correctly this case instead of having
an error causing a reset of the FIFO.
Fixes: 0829edc43e0a ("iio: imu: inv_mpu6050: read the full fifo when processing data")
Cc: stable@vger.kernel.org
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol@tdk.com>
Link: https://lore.kernel.org/r/20240219154825.90656-1-inv.git-commit@tdk.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
index 66d4ba088e70..d4f9b5d8d28d 100644
--- a/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
+++ b/drivers/iio/imu/inv_mpu6050/inv_mpu_ring.c
@@ -109,6 +109,8 @@ irqreturn_t inv_mpu6050_read_fifo(int irq, void *p)
/* compute and process only all complete datum */
nb = fifo_count / bytes_per_datum;
fifo_count = nb * bytes_per_datum;
+ if (nb == 0)
+ goto end_session;
/* Each FIFO data contains all sensors, so same number for FIFO and sensor data */
fifo_period = NSEC_PER_SEC / INV_MPU6050_DIVIDER_TO_FIFO_RATE(st->chip_config.divider);
inv_sensors_timestamp_interrupt(&st->timestamp, fifo_period, nb, nb, pf->timestamp);
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 247/396] drm/i915: Dont explode when the dig port we dont have an AUX CH
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (245 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 246/396] iio: imu: inv_mpu6050: fix FIFO parsing when empty Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 248/396] drm/amd/display: handle range offsets in VRR ranges Greg Kroah-Hartman
` (160 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä, Imre Deak,
Joonas Lahtinen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 0b385be4c3ccd5636441923d7cad5eda6b4651cb upstream.
The icl+ power well code currently assumes that every AUX power
well maps to an encoder which is using said power well. That is
by no menas guaranteed as we:
- only register encoders for ports declared in the VBT
- combo PHY HDMI-only encoder no longer get an AUX CH since
commit 9856308c94ca ("drm/i915: Only populate aux_ch if really needed")
However we have places such as intel_power_domains_sanitize_state()
that blindly traverse all the possible power wells. So these bits
of code may very well encounbter an aux power well with no associated
encoder.
In this particular case the BIOS seems to have left one AUX power
well enabled even though we're dealing with a HDMI only encoder
on a combo PHY. We then proceed to turn off said power well and
explode when we can't find a matching encoder. As a short term fix
we should be able to just skip the PHY related parts of the power
well programming since we know this situation can only happen with
combo PHYs.
Another option might be to go back to always picking an AUX CH for
all encoders. However I'm a bit wary about that since we might in
theory end up conflicting with the VBT AUX CH assignment. Also
that wouldn't help with encoders not declared in the VBT, should
we ever need to poke the corresponding power wells.
Longer term we need to figure out what the actual relationship
is between the PHY vs. AUX CH vs. AUX power well. Currently this
is entirely unclear.
Cc: stable@vger.kernel.org
Fixes: 9856308c94ca ("drm/i915: Only populate aux_ch if really needed")
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10184
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240223203216.15210-1-ville.syrjala@linux.intel.com
Reviewed-by: Imre Deak <imre.deak@intel.com>
(cherry picked from commit 6a8c66bf0e565c34ad0a18f820e0bb17951f7f91)
Signed-off-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
.../drm/i915/display/intel_display_power_well.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/i915/display/intel_display_power_well.c b/drivers/gpu/drm/i915/display/intel_display_power_well.c
index 47cd6bb04366..06900ff307b2 100644
--- a/drivers/gpu/drm/i915/display/intel_display_power_well.c
+++ b/drivers/gpu/drm/i915/display/intel_display_power_well.c
@@ -246,7 +246,14 @@ static enum phy icl_aux_pw_to_phy(struct drm_i915_private *i915,
enum aux_ch aux_ch = icl_aux_pw_to_ch(power_well);
struct intel_digital_port *dig_port = aux_ch_to_digital_port(i915, aux_ch);
- return intel_port_to_phy(i915, dig_port->base.port);
+ /*
+ * FIXME should we care about the (VBT defined) dig_port->aux_ch
+ * relationship or should this be purely defined by the hardware layout?
+ * Currently if the port doesn't appear in the VBT, or if it's declared
+ * as HDMI-only and routed to a combo PHY, the encoder either won't be
+ * present at all or it will not have an aux_ch assigned.
+ */
+ return dig_port ? intel_port_to_phy(i915, dig_port->base.port) : PHY_NONE;
}
static void hsw_wait_for_power_well_enable(struct drm_i915_private *dev_priv,
@@ -414,7 +421,8 @@ icl_combo_phy_aux_power_well_enable(struct drm_i915_private *dev_priv,
intel_de_rmw(dev_priv, regs->driver, 0, HSW_PWR_WELL_CTL_REQ(pw_idx));
- if (DISPLAY_VER(dev_priv) < 12)
+ /* FIXME this is a mess */
+ if (phy != PHY_NONE)
intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy),
0, ICL_LANE_ENABLE_AUX);
@@ -437,7 +445,10 @@ icl_combo_phy_aux_power_well_disable(struct drm_i915_private *dev_priv,
drm_WARN_ON(&dev_priv->drm, !IS_ICELAKE(dev_priv));
- intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy), ICL_LANE_ENABLE_AUX, 0);
+ /* FIXME this is a mess */
+ if (phy != PHY_NONE)
+ intel_de_rmw(dev_priv, ICL_PORT_CL_DW12(phy),
+ ICL_LANE_ENABLE_AUX, 0);
intel_de_rmw(dev_priv, regs->driver, HSW_PWR_WELL_CTL_REQ(pw_idx), 0);
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 248/396] drm/amd/display: handle range offsets in VRR ranges
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (246 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 247/396] drm/i915: Dont explode when the dig port we dont have an AUX CH Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 249/396] x86/efistub: Call mixed mode boot services on the firmwares stack Greg Kroah-Hartman
` (159 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mano Ségransan, Harry Wentland,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Deucher <alexander.deucher@amd.com>
commit 937844d661354bf142dc1c621396fdab10ecbacc upstream.
Need to check the offset bits for values greater than 255.
v2: also update amdgpu_dm_connector values.
Suggested-by: Mano Ségransan <mano.segransan@protonmail.com>
Tested-by: Mano Ségransan <mano.segransan@protonmail.com>
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3203
Reviewed-by: Harry Wentland <harry.wentland@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -10783,14 +10783,23 @@ void amdgpu_dm_update_freesync_caps(stru
if (range->flags != 1)
continue;
- amdgpu_dm_connector->min_vfreq = range->min_vfreq;
- amdgpu_dm_connector->max_vfreq = range->max_vfreq;
- amdgpu_dm_connector->pixel_clock_mhz =
- range->pixel_clock_mhz * 10;
-
connector->display_info.monitor_range.min_vfreq = range->min_vfreq;
connector->display_info.monitor_range.max_vfreq = range->max_vfreq;
+ if (edid->revision >= 4) {
+ if (data->pad2 & DRM_EDID_RANGE_OFFSET_MIN_VFREQ)
+ connector->display_info.monitor_range.min_vfreq += 255;
+ if (data->pad2 & DRM_EDID_RANGE_OFFSET_MAX_VFREQ)
+ connector->display_info.monitor_range.max_vfreq += 255;
+ }
+
+ amdgpu_dm_connector->min_vfreq =
+ connector->display_info.monitor_range.min_vfreq;
+ amdgpu_dm_connector->max_vfreq =
+ connector->display_info.monitor_range.max_vfreq;
+ amdgpu_dm_connector->pixel_clock_mhz =
+ range->pixel_clock_mhz * 10;
+
break;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 249/396] x86/efistub: Call mixed mode boot services on the firmwares stack
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (247 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 248/396] drm/amd/display: handle range offsets in VRR ranges Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 250/396] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Greg Kroah-Hartman
` (158 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel, stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit cefcd4fe2e3aaf792c14c9e56dab89e3d7a65d02 upstream.
Normally, the EFI stub calls into the EFI boot services using the stack
that was live when the stub was entered. According to the UEFI spec,
this stack needs to be at least 128k in size - this might seem large but
all asynchronous processing and event handling in EFI runs from the same
stack and so quite a lot of space may be used in practice.
In mixed mode, the situation is a bit different: the bootloader calls
the 32-bit EFI stub entry point, which calls the decompressor's 32-bit
entry point, where the boot stack is set up, using a fixed allocation
of 16k. This stack is still in use when the EFI stub is started in
64-bit mode, and so all calls back into the EFI firmware will be using
the decompressor's limited boot stack.
Due to the placement of the boot stack right after the boot heap, any
stack overruns have gone unnoticed. However, commit
5c4feadb0011983b ("x86/decompressor: Move global symbol references to C code")
moved the definition of the boot heap into C code, and now the boot
stack is placed right at the base of BSS, where any overruns will
corrupt the end of the .data section.
While it would be possible to work around this by increasing the size of
the boot stack, doing so would affect all x86 systems, and mixed mode
systems are a tiny (and shrinking) fraction of the x86 installed base.
So instead, record the firmware stack pointer value when entering from
the 32-bit firmware, and switch to this stack every time a EFI boot
service call is made.
Cc: <stable@kernel.org> # v6.1+
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/compressed/efi_mixed.S | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/arch/x86/boot/compressed/efi_mixed.S
+++ b/arch/x86/boot/compressed/efi_mixed.S
@@ -49,6 +49,11 @@ SYM_FUNC_START(startup_64_mixed_mode)
lea efi32_boot_args(%rip), %rdx
mov 0(%rdx), %edi
mov 4(%rdx), %esi
+
+ /* Switch to the firmware's stack */
+ movl efi32_boot_sp(%rip), %esp
+ andl $~7, %esp
+
#ifdef CONFIG_EFI_HANDOVER_PROTOCOL
mov 8(%rdx), %edx // saved bootparams pointer
test %edx, %edx
@@ -254,6 +259,9 @@ SYM_FUNC_START_LOCAL(efi32_entry)
/* Store firmware IDT descriptor */
sidtl (efi32_boot_idt - 1b)(%ebx)
+ /* Store firmware stack pointer */
+ movl %esp, (efi32_boot_sp - 1b)(%ebx)
+
/* Store boot arguments */
leal (efi32_boot_args - 1b)(%ebx), %ebx
movl %ecx, 0(%ebx)
@@ -318,5 +326,6 @@ SYM_DATA_END(efi32_boot_idt)
SYM_DATA_LOCAL(efi32_boot_cs, .word 0)
SYM_DATA_LOCAL(efi32_boot_ds, .word 0)
+SYM_DATA_LOCAL(efi32_boot_sp, .long 0)
SYM_DATA_LOCAL(efi32_boot_args, .long 0, 0, 0)
SYM_DATA(efi_is64, .byte 1)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 250/396] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (248 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 249/396] x86/efistub: Call mixed mode boot services on the firmwares stack Greg Kroah-Hartman
@ 2024-04-01 15:44 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 251/396] wifi: iwlwifi: pcie: fix RB status reading Greg Kroah-Hartman
` (157 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:44 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jiawei Wang, Mark Brown,
Luca Stefani
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiawei Wang <me@jwang.link>
commit 861b3415e4dee06cc00cd1754808a7827b9105bf upstream.
This reverts commit ed00a6945dc32462c2d3744a3518d2316da66fcc,
which added a quirk entry to enable the Yellow Carp (YC)
driver for the Lenovo 21J2 laptop.
Although the microphone functioned with the YC driver, it
resulted in incorrect driver usage. The Lenovo 21J2 is not a
Yellow Carp platform, but a Pink Sardine platform, which
already has an upstreamed driver.
The microphone on the Lenovo 21J2 operates correctly with the
CONFIG_SND_SOC_AMD_PS flag enabled and does not require the
quirk entry. So this patch removes the quirk entry.
Thanks to Mukunda Vijendar [1] for pointing this out.
Link: https://lore.kernel.org/linux-sound/023092e1-689c-4b00-b93f-4092c3724fb6@amd.com/ [1]
Signed-off-by: Jiawei Wang <me@jwang.link>
Link: https://lore.kernel.org/linux-sound/023092e1-689c-4b00-b93f-4092c3724fb6@amd.com/ [1]
Link: https://msgid.link/r/20240313015853.3573242-2-me@jwang.link
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: Luca Stefani <luca.stefani.ge1@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 -------
1 file changed, 7 deletions(-)
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -203,13 +203,6 @@ static const struct dmi_system_id yc_acp
.driver_data = &acp6x_card,
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
- DMI_MATCH(DMI_PRODUCT_NAME, "21J2"),
- }
- },
- {
- .driver_data = &acp6x_card,
- .matches = {
- DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
DMI_MATCH(DMI_PRODUCT_NAME, "21J0"),
}
},
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 251/396] wifi: iwlwifi: pcie: fix RB status reading
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (249 preceding siblings ...)
2024-04-01 15:44 ` [PATCH 6.6 250/396] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 252/396] wifi: rtw88: 8821cu: Fix connection failure Greg Kroah-Hartman
` (156 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Berg, Gregory Greenman,
Aaron Ma
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 9f9797c7de18d2ec6be4ef6e0abbaea585040b39 upstream.
On newer hardware, a queue's RB status / write pointer
can be bigger than 4095 (0xFFF), so we cannot mask the
value by 0xFFF unconditionally. Since anyway that's
only necessary on older hardware, move the masking to
the helper function and apply it only for older HW.
This also moves the endian conversion in to handle it
more easily.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
Link: https://lore.kernel.org/r/20230830112059.7be2a3fff6f4.I94f11dee314a4f7c1941d2d223936b1fa8aa9ee4@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Aaron Ma <aaron.ma@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 8 ++++----
drivers/net/wireless/intel/iwlwifi/pcie/rx.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 12 ++++--------
3 files changed, 9 insertions(+), 13 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/internal.h
@@ -190,17 +190,17 @@ struct iwl_rb_allocator {
* iwl_get_closed_rb_stts - get closed rb stts from different structs
* @rxq - the rxq to get the rb stts from
*/
-static inline __le16 iwl_get_closed_rb_stts(struct iwl_trans *trans,
- struct iwl_rxq *rxq)
+static inline u16 iwl_get_closed_rb_stts(struct iwl_trans *trans,
+ struct iwl_rxq *rxq)
{
if (trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210) {
__le16 *rb_stts = rxq->rb_stts;
- return READ_ONCE(*rb_stts);
+ return le16_to_cpu(READ_ONCE(*rb_stts));
} else {
struct iwl_rb_status *rb_stts = rxq->rb_stts;
- return READ_ONCE(rb_stts->closed_rb_num);
+ return le16_to_cpu(READ_ONCE(rb_stts->closed_rb_num)) & 0xFFF;
}
}
--- a/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/rx.c
@@ -1510,7 +1510,7 @@ restart:
spin_lock(&rxq->lock);
/* uCode's read index (stored in shared DRAM) indicates the last Rx
* buffer that the driver may process (last buffer filled by ucode). */
- r = le16_to_cpu(iwl_get_closed_rb_stts(trans, rxq)) & 0x0FFF;
+ r = iwl_get_closed_rb_stts(trans, rxq);
i = rxq->read;
/* W/A 9000 device step A0 wrap-around bug */
--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c
@@ -2714,11 +2714,9 @@ static ssize_t iwl_dbgfs_rx_queue_read(s
pos += scnprintf(buf + pos, bufsz - pos, "\tfree_count: %u\n",
rxq->free_count);
if (rxq->rb_stts) {
- u32 r = __le16_to_cpu(iwl_get_closed_rb_stts(trans,
- rxq));
+ u32 r = iwl_get_closed_rb_stts(trans, rxq);
pos += scnprintf(buf + pos, bufsz - pos,
- "\tclosed_rb_num: %u\n",
- r & 0x0FFF);
+ "\tclosed_rb_num: %u\n", r);
} else {
pos += scnprintf(buf + pos, bufsz - pos,
"\tclosed_rb_num: Not Allocated\n");
@@ -3091,7 +3089,7 @@ static u32 iwl_trans_pcie_dump_rbs(struc
spin_lock_bh(&rxq->lock);
- r = le16_to_cpu(iwl_get_closed_rb_stts(trans, rxq)) & 0x0FFF;
+ r = iwl_get_closed_rb_stts(trans, rxq);
for (i = rxq->read, j = 0;
i != r && j < allocated_rb_nums;
@@ -3387,9 +3385,7 @@ iwl_trans_pcie_dump_data(struct iwl_tran
/* Dump RBs is supported only for pre-9000 devices (1 queue) */
struct iwl_rxq *rxq = &trans_pcie->rxq[0];
/* RBs */
- num_rbs =
- le16_to_cpu(iwl_get_closed_rb_stts(trans, rxq))
- & 0x0FFF;
+ num_rbs = iwl_get_closed_rb_stts(trans, rxq);
num_rbs = (num_rbs - rxq->read) & RX_QUEUE_MASK;
len += num_rbs * (sizeof(*data) +
sizeof(struct iwl_fw_error_dump_rb) +
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 252/396] wifi: rtw88: 8821cu: Fix connection failure
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (250 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 251/396] wifi: iwlwifi: pcie: fix RB status reading Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 253/396] xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Greg Kroah-Hartman
` (155 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Bitterblue Smith, Ping-Ke Shih,
Kalle Valo
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bitterblue Smith <rtl8821cerfe2@gmail.com>
commit 605d7c0b05eecb985273b1647070497142c470d3 upstream.
Clear bit 8 of REG_SYS_STATUS1 after MAC power on.
Without this, some RTL8821CU and RTL8811CU cannot connect to any
network:
Feb 19 13:33:11 ideapad2 kernel: wlp3s0f3u2: send auth to
90:55:de:__:__:__ (try 1/3)
Feb 19 13:33:13 ideapad2 kernel: wlp3s0f3u2: send auth to
90:55:de:__:__:__ (try 2/3)
Feb 19 13:33:14 ideapad2 kernel: wlp3s0f3u2: send auth to
90:55:de:__:__:__ (try 3/3)
Feb 19 13:33:15 ideapad2 kernel: wlp3s0f3u2: authentication with
90:55:de:__:__:__ timed out
The RTL8822CU and RTL8822BU out-of-tree drivers do this as well, so do
it for all three types of chips.
Tested with RTL8811CU (Tenda U9 V2.0).
Signed-off-by: Bitterblue Smith <rtl8821cerfe2@gmail.com>
Acked-by: Ping-Ke Shih <pkshih@realtek.com>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/aeeefad9-27c8-4506-a510-ef9a9a8731a4@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/realtek/rtw88/mac.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/net/wireless/realtek/rtw88/mac.c
+++ b/drivers/net/wireless/realtek/rtw88/mac.c
@@ -309,6 +309,13 @@ static int rtw_mac_power_switch(struct r
pwr_seq = pwr_on ? chip->pwr_on_seq : chip->pwr_off_seq;
ret = rtw_pwr_seq_parser(rtwdev, pwr_seq);
+ if (pwr_on && rtw_hci_type(rtwdev) == RTW_HCI_TYPE_USB) {
+ if (chip->id == RTW_CHIP_TYPE_8822C ||
+ chip->id == RTW_CHIP_TYPE_8822B ||
+ chip->id == RTW_CHIP_TYPE_8821C)
+ rtw_write8_clr(rtwdev, REG_SYS_STATUS1 + 1, BIT(0));
+ }
+
if (rtw_hci_type(rtwdev) == RTW_HCI_TYPE_SDIO)
rtw_write32(rtwdev, REG_SDIO_HIMR, imr);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 253/396] xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (251 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 252/396] wifi: rtw88: 8821cu: Fix connection failure Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 254/396] xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Greg Kroah-Hartman
` (154 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 13928113fc5b5e79c91796290a99ed991ac0efe2 upstream.
Move all the declarations for functionality in xfs_rtbitmap.c into a
separate xfs_rtbitmap.h header file.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_bmap.c | 2 -
fs/xfs/libxfs/xfs_rtbitmap.c | 1
fs/xfs/libxfs/xfs_rtbitmap.h | 82 +++++++++++++++++++++++++++++++++++++++++++
fs/xfs/scrub/fscounters.c | 2 -
fs/xfs/scrub/rtbitmap.c | 2 -
fs/xfs/scrub/rtsummary.c | 2 -
fs/xfs/xfs_fsmap.c | 2 -
fs/xfs/xfs_rtalloc.c | 1
fs/xfs/xfs_rtalloc.h | 73 --------------------------------------
9 files changed, 89 insertions(+), 78 deletions(-)
create mode 100644 fs/xfs/libxfs/xfs_rtbitmap.h
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -21,7 +21,7 @@
#include "xfs_bmap.h"
#include "xfs_bmap_util.h"
#include "xfs_bmap_btree.h"
-#include "xfs_rtalloc.h"
+#include "xfs_rtbitmap.h"
#include "xfs_errortag.h"
#include "xfs_error.h"
#include "xfs_quota.h"
--- a/fs/xfs/libxfs/xfs_rtbitmap.c
+++ b/fs/xfs/libxfs/xfs_rtbitmap.c
@@ -16,6 +16,7 @@
#include "xfs_trans.h"
#include "xfs_rtalloc.h"
#include "xfs_error.h"
+#include "xfs_rtbitmap.h"
/*
* Realtime allocator bitmap functions shared with userspace.
--- /dev/null
+++ b/fs/xfs/libxfs/xfs_rtbitmap.h
@@ -0,0 +1,82 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2000-2003,2005 Silicon Graphics, Inc.
+ * All Rights Reserved.
+ */
+#ifndef __XFS_RTBITMAP_H__
+#define __XFS_RTBITMAP_H__
+
+/*
+ * XXX: Most of the realtime allocation functions deal in units of realtime
+ * extents, not realtime blocks. This looks funny when paired with the type
+ * name and screams for a larger cleanup.
+ */
+struct xfs_rtalloc_rec {
+ xfs_rtblock_t ar_startext;
+ xfs_rtblock_t ar_extcount;
+};
+
+typedef int (*xfs_rtalloc_query_range_fn)(
+ struct xfs_mount *mp,
+ struct xfs_trans *tp,
+ const struct xfs_rtalloc_rec *rec,
+ void *priv);
+
+#ifdef CONFIG_XFS_RT
+int xfs_rtbuf_get(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t block, int issum, struct xfs_buf **bpp);
+int xfs_rtcheck_range(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_extlen_t len, int val,
+ xfs_rtblock_t *new, int *stat);
+int xfs_rtfind_back(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_rtblock_t limit,
+ xfs_rtblock_t *rtblock);
+int xfs_rtfind_forw(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_rtblock_t limit,
+ xfs_rtblock_t *rtblock);
+int xfs_rtmodify_range(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_extlen_t len, int val);
+int xfs_rtmodify_summary_int(struct xfs_mount *mp, struct xfs_trans *tp,
+ int log, xfs_rtblock_t bbno, int delta,
+ struct xfs_buf **rbpp, xfs_fsblock_t *rsb,
+ xfs_suminfo_t *sum);
+int xfs_rtmodify_summary(struct xfs_mount *mp, struct xfs_trans *tp, int log,
+ xfs_rtblock_t bbno, int delta, struct xfs_buf **rbpp,
+ xfs_fsblock_t *rsb);
+int xfs_rtfree_range(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_extlen_t len,
+ struct xfs_buf **rbpp, xfs_fsblock_t *rsb);
+int xfs_rtalloc_query_range(struct xfs_mount *mp, struct xfs_trans *tp,
+ const struct xfs_rtalloc_rec *low_rec,
+ const struct xfs_rtalloc_rec *high_rec,
+ xfs_rtalloc_query_range_fn fn, void *priv);
+int xfs_rtalloc_query_all(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtalloc_query_range_fn fn,
+ void *priv);
+bool xfs_verify_rtbno(struct xfs_mount *mp, xfs_rtblock_t rtbno);
+int xfs_rtalloc_extent_is_free(struct xfs_mount *mp, struct xfs_trans *tp,
+ xfs_rtblock_t start, xfs_extlen_t len,
+ bool *is_free);
+/*
+ * Free an extent in the realtime subvolume. Length is expressed in
+ * realtime extents, as is the block number.
+ */
+int /* error */
+xfs_rtfree_extent(
+ struct xfs_trans *tp, /* transaction pointer */
+ xfs_rtblock_t bno, /* starting block number to free */
+ xfs_extlen_t len); /* length of extent freed */
+
+/* Same as above, but in units of rt blocks. */
+int xfs_rtfree_blocks(struct xfs_trans *tp, xfs_fsblock_t rtbno,
+ xfs_filblks_t rtlen);
+#else /* CONFIG_XFS_RT */
+# define xfs_rtfree_extent(t,b,l) (-ENOSYS)
+# define xfs_rtfree_blocks(t,rb,rl) (-ENOSYS)
+# define xfs_rtalloc_query_range(m,t,l,h,f,p) (-ENOSYS)
+# define xfs_rtalloc_query_all(m,t,f,p) (-ENOSYS)
+# define xfs_rtbuf_get(m,t,b,i,p) (-ENOSYS)
+# define xfs_rtalloc_extent_is_free(m,t,s,l,i) (-ENOSYS)
+#endif /* CONFIG_XFS_RT */
+
+#endif /* __XFS_RTBITMAP_H__ */
--- a/fs/xfs/scrub/fscounters.c
+++ b/fs/xfs/scrub/fscounters.c
@@ -16,7 +16,7 @@
#include "xfs_health.h"
#include "xfs_btree.h"
#include "xfs_ag.h"
-#include "xfs_rtalloc.h"
+#include "xfs_rtbitmap.h"
#include "xfs_inode.h"
#include "xfs_icache.h"
#include "scrub/scrub.h"
--- a/fs/xfs/scrub/rtbitmap.c
+++ b/fs/xfs/scrub/rtbitmap.c
@@ -11,7 +11,7 @@
#include "xfs_mount.h"
#include "xfs_log_format.h"
#include "xfs_trans.h"
-#include "xfs_rtalloc.h"
+#include "xfs_rtbitmap.h"
#include "xfs_inode.h"
#include "xfs_bmap.h"
#include "scrub/scrub.h"
--- a/fs/xfs/scrub/rtsummary.c
+++ b/fs/xfs/scrub/rtsummary.c
@@ -13,7 +13,7 @@
#include "xfs_inode.h"
#include "xfs_log_format.h"
#include "xfs_trans.h"
-#include "xfs_rtalloc.h"
+#include "xfs_rtbitmap.h"
#include "xfs_bit.h"
#include "xfs_bmap.h"
#include "scrub/scrub.h"
--- a/fs/xfs/xfs_fsmap.c
+++ b/fs/xfs/xfs_fsmap.c
@@ -23,7 +23,7 @@
#include "xfs_refcount.h"
#include "xfs_refcount_btree.h"
#include "xfs_alloc_btree.h"
-#include "xfs_rtalloc.h"
+#include "xfs_rtbitmap.h"
#include "xfs_ag.h"
/* Convert an xfs_fsmap to an fsmap. */
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -19,6 +19,7 @@
#include "xfs_icache.h"
#include "xfs_rtalloc.h"
#include "xfs_sb.h"
+#include "xfs_rtbitmap.h"
/*
* Read and return the summary information for a given extent size,
--- a/fs/xfs/xfs_rtalloc.h
+++ b/fs/xfs/xfs_rtalloc.h
@@ -11,22 +11,6 @@
struct xfs_mount;
struct xfs_trans;
-/*
- * XXX: Most of the realtime allocation functions deal in units of realtime
- * extents, not realtime blocks. This looks funny when paired with the type
- * name and screams for a larger cleanup.
- */
-struct xfs_rtalloc_rec {
- xfs_rtblock_t ar_startext;
- xfs_rtblock_t ar_extcount;
-};
-
-typedef int (*xfs_rtalloc_query_range_fn)(
- struct xfs_mount *mp,
- struct xfs_trans *tp,
- const struct xfs_rtalloc_rec *rec,
- void *priv);
-
#ifdef CONFIG_XFS_RT
/*
* Function prototypes for exported functions.
@@ -48,19 +32,6 @@ xfs_rtallocate_extent(
xfs_extlen_t prod, /* extent product factor */
xfs_rtblock_t *rtblock); /* out: start block allocated */
-/*
- * Free an extent in the realtime subvolume. Length is expressed in
- * realtime extents, as is the block number.
- */
-int /* error */
-xfs_rtfree_extent(
- struct xfs_trans *tp, /* transaction pointer */
- xfs_rtblock_t bno, /* starting block number to free */
- xfs_extlen_t len); /* length of extent freed */
-
-/* Same as above, but in units of rt blocks. */
-int xfs_rtfree_blocks(struct xfs_trans *tp, xfs_fsblock_t rtbno,
- xfs_filblks_t rtlen);
/*
* Initialize realtime fields in the mount structure.
@@ -102,55 +73,11 @@ xfs_growfs_rt(
struct xfs_mount *mp, /* file system mount structure */
xfs_growfs_rt_t *in); /* user supplied growfs struct */
-/*
- * From xfs_rtbitmap.c
- */
-int xfs_rtbuf_get(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t block, int issum, struct xfs_buf **bpp);
-int xfs_rtcheck_range(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_extlen_t len, int val,
- xfs_rtblock_t *new, int *stat);
-int xfs_rtfind_back(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_rtblock_t limit,
- xfs_rtblock_t *rtblock);
-int xfs_rtfind_forw(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_rtblock_t limit,
- xfs_rtblock_t *rtblock);
-int xfs_rtmodify_range(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_extlen_t len, int val);
-int xfs_rtmodify_summary_int(struct xfs_mount *mp, struct xfs_trans *tp,
- int log, xfs_rtblock_t bbno, int delta,
- struct xfs_buf **rbpp, xfs_fsblock_t *rsb,
- xfs_suminfo_t *sum);
-int xfs_rtmodify_summary(struct xfs_mount *mp, struct xfs_trans *tp, int log,
- xfs_rtblock_t bbno, int delta, struct xfs_buf **rbpp,
- xfs_fsblock_t *rsb);
-int xfs_rtfree_range(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_extlen_t len,
- struct xfs_buf **rbpp, xfs_fsblock_t *rsb);
-int xfs_rtalloc_query_range(struct xfs_mount *mp, struct xfs_trans *tp,
- const struct xfs_rtalloc_rec *low_rec,
- const struct xfs_rtalloc_rec *high_rec,
- xfs_rtalloc_query_range_fn fn, void *priv);
-int xfs_rtalloc_query_all(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtalloc_query_range_fn fn,
- void *priv);
-bool xfs_verify_rtbno(struct xfs_mount *mp, xfs_rtblock_t rtbno);
-int xfs_rtalloc_extent_is_free(struct xfs_mount *mp, struct xfs_trans *tp,
- xfs_rtblock_t start, xfs_extlen_t len,
- bool *is_free);
int xfs_rtalloc_reinit_frextents(struct xfs_mount *mp);
#else
# define xfs_rtallocate_extent(t,b,min,max,l,f,p,rb) (-ENOSYS)
-# define xfs_rtfree_extent(t,b,l) (-ENOSYS)
-# define xfs_rtfree_blocks(t,rb,rl) (-ENOSYS)
# define xfs_rtpick_extent(m,t,l,rb) (-ENOSYS)
# define xfs_growfs_rt(mp,in) (-ENOSYS)
-# define xfs_rtalloc_query_range(m,t,l,h,f,p) (-ENOSYS)
-# define xfs_rtalloc_query_all(m,t,f,p) (-ENOSYS)
-# define xfs_rtbuf_get(m,t,b,i,p) (-ENOSYS)
-# define xfs_verify_rtbno(m, r) (false)
-# define xfs_rtalloc_extent_is_free(m,t,s,l,i) (-ENOSYS)
# define xfs_rtalloc_reinit_frextents(m) (0)
static inline int /* error */
xfs_rtmount_init(
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 254/396] xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (252 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 253/396] xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 255/396] xfs: consider minlen sized extents in xfs_rtallocate_extent_block Greg Kroah-Hartman
` (153 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit f29c3e745dc253bf9d9d06ddc36af1a534ba1dd0 upstream.
XFS uses xfs_rtblock_t for many different uses, which makes it much more
difficult to perform a unit analysis on the codebase. One of these
(ab)uses is when we need to store the length of a free space extent as
stored in the realtime bitmap. Because there can be up to 2^64 realtime
extents in a filesystem, we need a new type that is larger than
xfs_rtxlen_t for callers that are querying the bitmap directly. This
means scrub and growfs.
Create this type as "xfs_rtbxlen_t" and use it to store 64-bit rtx
lengths. 'b' stands for 'bitmap' or 'big'; reader's choice.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_format.h | 2 +-
fs/xfs/libxfs/xfs_rtbitmap.h | 2 +-
fs/xfs/libxfs/xfs_types.h | 1 +
fs/xfs/scrub/trace.h | 3 ++-
4 files changed, 5 insertions(+), 3 deletions(-)
--- a/fs/xfs/libxfs/xfs_format.h
+++ b/fs/xfs/libxfs/xfs_format.h
@@ -98,7 +98,7 @@ typedef struct xfs_sb {
uint32_t sb_blocksize; /* logical block size, bytes */
xfs_rfsblock_t sb_dblocks; /* number of data blocks */
xfs_rfsblock_t sb_rblocks; /* number of realtime blocks */
- xfs_rtblock_t sb_rextents; /* number of realtime extents */
+ xfs_rtbxlen_t sb_rextents; /* number of realtime extents */
uuid_t sb_uuid; /* user-visible file system unique id */
xfs_fsblock_t sb_logstart; /* starting block of log if internal */
xfs_ino_t sb_rootino; /* root inode number */
--- a/fs/xfs/libxfs/xfs_rtbitmap.h
+++ b/fs/xfs/libxfs/xfs_rtbitmap.h
@@ -13,7 +13,7 @@
*/
struct xfs_rtalloc_rec {
xfs_rtblock_t ar_startext;
- xfs_rtblock_t ar_extcount;
+ xfs_rtbxlen_t ar_extcount;
};
typedef int (*xfs_rtalloc_query_range_fn)(
--- a/fs/xfs/libxfs/xfs_types.h
+++ b/fs/xfs/libxfs/xfs_types.h
@@ -31,6 +31,7 @@ typedef uint64_t xfs_rfsblock_t; /* bloc
typedef uint64_t xfs_rtblock_t; /* extent (block) in realtime area */
typedef uint64_t xfs_fileoff_t; /* block number in a file */
typedef uint64_t xfs_filblks_t; /* number of blocks in a file */
+typedef uint64_t xfs_rtbxlen_t; /* rtbitmap extent length in rtextents */
typedef int64_t xfs_srtblock_t; /* signed version of xfs_rtblock_t */
--- a/fs/xfs/scrub/trace.h
+++ b/fs/xfs/scrub/trace.h
@@ -1037,7 +1037,8 @@ TRACE_EVENT(xfarray_sort_stats,
#ifdef CONFIG_XFS_RT
TRACE_EVENT(xchk_rtsum_record_free,
TP_PROTO(struct xfs_mount *mp, xfs_rtblock_t start,
- uint64_t len, unsigned int log, loff_t pos, xfs_suminfo_t v),
+ xfs_rtbxlen_t len, unsigned int log, loff_t pos,
+ xfs_suminfo_t v),
TP_ARGS(mp, start, len, log, pos, v),
TP_STRUCT__entry(
__field(dev_t, dev)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 255/396] xfs: consider minlen sized extents in xfs_rtallocate_extent_block
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (253 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 254/396] xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 256/396] xfs: dont leak recovered attri intent items Greg Kroah-Hartman
` (152 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Christoph Hellwig,
Darrick J. Wong, Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christoph Hellwig <hch@lst.de>
commit 944df75958807d56f2db9fdc769eb15dd9f0366a upstream.
[backport: resolve merge conflict due to missing xfs_rtxlen_t type]
minlen is the lower bound on the extent length that the caller can
accept, and maxlen is at this point the maximal available length.
This means a minlen extent is perfectly fine to use, so do it. This
matches the equivalent logic in xfs_rtallocate_extent_exact that also
accepts a minlen sized extent.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_rtalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -318,7 +318,7 @@ xfs_rtallocate_extent_block(
/*
* Searched the whole thing & didn't find a maxlen free extent.
*/
- if (minlen < maxlen && besti != -1) {
+ if (minlen <= maxlen && besti != -1) {
xfs_extlen_t p; /* amount to trim length by */
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 256/396] xfs: dont leak recovered attri intent items
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (254 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 255/396] xfs: consider minlen sized extents in xfs_rtallocate_extent_block Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 257/396] xfs: use xfs_defer_pending objects to recover " Greg Kroah-Hartman
` (151 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 07bcbdf020c9fd3c14bec51c50225a2a02707b94 upstream.
If recovery finds an xattr log intent item calling for the removal of an
attribute and the file doesn't even have an attr fork, we know that the
removal is trivially complete. However, we can't just exit the recovery
function without doing something about the recovered log intent item --
it's still on the AIL, and not logging an attrd item means it stays
there forever.
This has likely not been seen in practice because few people use LARP
and the runtime code won't log the attri for a no-attrfork removexattr
operation. But let's fix this anyway.
Also we shouldn't really be testing the attr fork presence until we've
taken the ILOCK, though this doesn't matter much in recovery, which is
single threaded.
Fixes: fdaf1bb3cafc ("xfs: ATTR_REPLACE algorithm with LARP enabled needs rework")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_attr_item.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/fs/xfs/xfs_attr_item.c
+++ b/fs/xfs/xfs_attr_item.c
@@ -329,6 +329,13 @@ xfs_xattri_finish_update(
goto out;
}
+ /* If an attr removal is trivially complete, we're done. */
+ if (attr->xattri_op_flags == XFS_ATTRI_OP_FLAGS_REMOVE &&
+ !xfs_inode_hasattr(args->dp)) {
+ error = 0;
+ goto out;
+ }
+
error = xfs_attr_set_iter(attr);
if (!error && attr->xattri_dela_state != XFS_DAS_DONE)
error = -EAGAIN;
@@ -608,8 +615,6 @@ xfs_attri_item_recover(
attr->xattri_dela_state = xfs_attr_init_add_state(args);
break;
case XFS_ATTRI_OP_FLAGS_REMOVE:
- if (!xfs_inode_hasattr(args->dp))
- goto out;
attr->xattri_dela_state = xfs_attr_init_remove_state(args);
break;
default:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 257/396] xfs: use xfs_defer_pending objects to recover intent items
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (255 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 256/396] xfs: dont leak recovered attri intent items Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 258/396] xfs: pass the xfs_defer_pending object to iop_recover Greg Kroah-Hartman
` (150 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 03f7767c9f6120ac933378fdec3bfd78bf07bc11 upstream.
One thing I never quite got around to doing is porting the log intent
item recovery code to reconstruct the deferred pending work state. As a
result, each intent item open codes xfs_defer_finish_one in its recovery
method, because that's what the EFI code did before xfs_defer.c even
existed.
This is a gross thing to have left unfixed -- if an EFI cannot proceed
due to busy extents, we end up creating separate new EFIs for each
unfinished work item, which is a change in behavior from what runtime
would have done.
Worse yet, Long Li pointed out that there's a UAF in the recovery code.
The ->commit_pass2 function adds the intent item to the AIL and drops
the refcount. The one remaining refcount is now owned by the recovery
mechanism (aka the log intent items in the AIL) with the intent of
giving the refcount to the intent done item in the ->iop_recover
function.
However, if something fails later in recovery, xlog_recover_finish will
walk the recovered intent items in the AIL and release them. If the CIL
hasn't been pushed before that point (which is possible since we don't
force the log until later) then the intent done release will try to free
its associated intent, which has already been freed.
This patch starts to address this mess by having the ->commit_pass2
functions recreate the xfs_defer_pending state. The next few patches
will fix the recovery functions.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_defer.c | 105 ++++++++++++++++++++++++++----------
fs/xfs/libxfs/xfs_defer.h | 5 +
fs/xfs/libxfs/xfs_log_recover.h | 3 +
fs/xfs/xfs_attr_item.c | 10 ---
fs/xfs/xfs_bmap_item.c | 9 +--
fs/xfs/xfs_extfree_item.c | 9 +--
fs/xfs/xfs_log.c | 1
fs/xfs/xfs_log_priv.h | 1
fs/xfs/xfs_log_recover.c | 115 ++++++++++++++++++++--------------------
fs/xfs/xfs_refcount_item.c | 9 +--
fs/xfs/xfs_rmap_item.c | 9 +--
11 files changed, 159 insertions(+), 117 deletions(-)
--- a/fs/xfs/libxfs/xfs_defer.c
+++ b/fs/xfs/libxfs/xfs_defer.c
@@ -245,23 +245,53 @@ xfs_defer_create_intents(
return ret;
}
-STATIC void
+static inline void
xfs_defer_pending_abort(
struct xfs_mount *mp,
+ struct xfs_defer_pending *dfp)
+{
+ const struct xfs_defer_op_type *ops = defer_op_types[dfp->dfp_type];
+
+ trace_xfs_defer_pending_abort(mp, dfp);
+
+ if (dfp->dfp_intent && !dfp->dfp_done) {
+ ops->abort_intent(dfp->dfp_intent);
+ dfp->dfp_intent = NULL;
+ }
+}
+
+static inline void
+xfs_defer_pending_cancel_work(
+ struct xfs_mount *mp,
+ struct xfs_defer_pending *dfp)
+{
+ const struct xfs_defer_op_type *ops = defer_op_types[dfp->dfp_type];
+ struct list_head *pwi;
+ struct list_head *n;
+
+ trace_xfs_defer_cancel_list(mp, dfp);
+
+ list_del(&dfp->dfp_list);
+ list_for_each_safe(pwi, n, &dfp->dfp_work) {
+ list_del(pwi);
+ dfp->dfp_count--;
+ trace_xfs_defer_cancel_item(mp, dfp, pwi);
+ ops->cancel_item(pwi);
+ }
+ ASSERT(dfp->dfp_count == 0);
+ kmem_cache_free(xfs_defer_pending_cache, dfp);
+}
+
+STATIC void
+xfs_defer_pending_abort_list(
+ struct xfs_mount *mp,
struct list_head *dop_list)
{
struct xfs_defer_pending *dfp;
- const struct xfs_defer_op_type *ops;
/* Abort intent items that don't have a done item. */
- list_for_each_entry(dfp, dop_list, dfp_list) {
- ops = defer_op_types[dfp->dfp_type];
- trace_xfs_defer_pending_abort(mp, dfp);
- if (dfp->dfp_intent && !dfp->dfp_done) {
- ops->abort_intent(dfp->dfp_intent);
- dfp->dfp_intent = NULL;
- }
- }
+ list_for_each_entry(dfp, dop_list, dfp_list)
+ xfs_defer_pending_abort(mp, dfp);
}
/* Abort all the intents that were committed. */
@@ -271,7 +301,7 @@ xfs_defer_trans_abort(
struct list_head *dop_pending)
{
trace_xfs_defer_trans_abort(tp, _RET_IP_);
- xfs_defer_pending_abort(tp->t_mountp, dop_pending);
+ xfs_defer_pending_abort_list(tp->t_mountp, dop_pending);
}
/*
@@ -389,27 +419,13 @@ xfs_defer_cancel_list(
{
struct xfs_defer_pending *dfp;
struct xfs_defer_pending *pli;
- struct list_head *pwi;
- struct list_head *n;
- const struct xfs_defer_op_type *ops;
/*
* Free the pending items. Caller should already have arranged
* for the intent items to be released.
*/
- list_for_each_entry_safe(dfp, pli, dop_list, dfp_list) {
- ops = defer_op_types[dfp->dfp_type];
- trace_xfs_defer_cancel_list(mp, dfp);
- list_del(&dfp->dfp_list);
- list_for_each_safe(pwi, n, &dfp->dfp_work) {
- list_del(pwi);
- dfp->dfp_count--;
- trace_xfs_defer_cancel_item(mp, dfp, pwi);
- ops->cancel_item(pwi);
- }
- ASSERT(dfp->dfp_count == 0);
- kmem_cache_free(xfs_defer_pending_cache, dfp);
- }
+ list_for_each_entry_safe(dfp, pli, dop_list, dfp_list)
+ xfs_defer_pending_cancel_work(mp, dfp);
}
/*
@@ -666,6 +682,39 @@ xfs_defer_add(
}
/*
+ * Create a pending deferred work item to replay the recovered intent item
+ * and add it to the list.
+ */
+void
+xfs_defer_start_recovery(
+ struct xfs_log_item *lip,
+ enum xfs_defer_ops_type dfp_type,
+ struct list_head *r_dfops)
+{
+ struct xfs_defer_pending *dfp;
+
+ dfp = kmem_cache_zalloc(xfs_defer_pending_cache,
+ GFP_NOFS | __GFP_NOFAIL);
+ dfp->dfp_type = dfp_type;
+ dfp->dfp_intent = lip;
+ INIT_LIST_HEAD(&dfp->dfp_work);
+ list_add_tail(&dfp->dfp_list, r_dfops);
+}
+
+/*
+ * Cancel a deferred work item created to recover a log intent item. @dfp
+ * will be freed after this function returns.
+ */
+void
+xfs_defer_cancel_recovery(
+ struct xfs_mount *mp,
+ struct xfs_defer_pending *dfp)
+{
+ xfs_defer_pending_abort(mp, dfp);
+ xfs_defer_pending_cancel_work(mp, dfp);
+}
+
+/*
* Move deferred ops from one transaction to another and reset the source to
* initial state. This is primarily used to carry state forward across
* transaction rolls with pending dfops.
@@ -769,7 +818,7 @@ xfs_defer_ops_capture_abort(
{
unsigned short i;
- xfs_defer_pending_abort(mp, &dfc->dfc_dfops);
+ xfs_defer_pending_abort_list(mp, &dfc->dfc_dfops);
xfs_defer_cancel_list(mp, &dfc->dfc_dfops);
for (i = 0; i < dfc->dfc_held.dr_bufs; i++)
--- a/fs/xfs/libxfs/xfs_defer.h
+++ b/fs/xfs/libxfs/xfs_defer.h
@@ -125,6 +125,11 @@ void xfs_defer_ops_capture_abort(struct
struct xfs_defer_capture *d);
void xfs_defer_resources_rele(struct xfs_defer_resources *dres);
+void xfs_defer_start_recovery(struct xfs_log_item *lip,
+ enum xfs_defer_ops_type dfp_type, struct list_head *r_dfops);
+void xfs_defer_cancel_recovery(struct xfs_mount *mp,
+ struct xfs_defer_pending *dfp);
+
int __init xfs_defer_init_item_caches(void);
void xfs_defer_destroy_item_caches(void);
--- a/fs/xfs/libxfs/xfs_log_recover.h
+++ b/fs/xfs/libxfs/xfs_log_recover.h
@@ -153,4 +153,7 @@ xlog_recover_resv(const struct xfs_trans
return ret;
}
+void xlog_recover_intent_item(struct xlog *log, struct xfs_log_item *lip,
+ xfs_lsn_t lsn, unsigned int dfp_type);
+
#endif /* __XFS_LOG_RECOVER_H__ */
--- a/fs/xfs/xfs_attr_item.c
+++ b/fs/xfs/xfs_attr_item.c
@@ -772,14 +772,8 @@ xlog_recover_attri_commit_pass2(
attrip = xfs_attri_init(mp, nv);
memcpy(&attrip->attri_format, attri_formatp, len);
- /*
- * The ATTRI has two references. One for the ATTRD and one for ATTRI to
- * ensure it makes it into the AIL. Insert the ATTRI into the AIL
- * directly and drop the ATTRI reference. Note that
- * xfs_trans_ail_update() drops the AIL lock.
- */
- xfs_trans_ail_insert(log->l_ailp, &attrip->attri_item, lsn);
- xfs_attri_release(attrip);
+ xlog_recover_intent_item(log, &attrip->attri_item, lsn,
+ XFS_DEFER_OPS_TYPE_ATTR);
xfs_attri_log_nameval_put(nv);
return 0;
}
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -681,12 +681,9 @@ xlog_recover_bui_commit_pass2(
buip = xfs_bui_init(mp);
xfs_bui_copy_format(&buip->bui_format, bui_formatp);
atomic_set(&buip->bui_next_extent, bui_formatp->bui_nextents);
- /*
- * Insert the intent into the AIL directly and drop one reference so
- * that finishing or canceling the work will drop the other.
- */
- xfs_trans_ail_insert(log->l_ailp, &buip->bui_item, lsn);
- xfs_bui_release(buip);
+
+ xlog_recover_intent_item(log, &buip->bui_item, lsn,
+ XFS_DEFER_OPS_TYPE_BMAP);
return 0;
}
--- a/fs/xfs/xfs_extfree_item.c
+++ b/fs/xfs/xfs_extfree_item.c
@@ -820,12 +820,9 @@ xlog_recover_efi_commit_pass2(
return error;
}
atomic_set(&efip->efi_next_extent, efi_formatp->efi_nextents);
- /*
- * Insert the intent into the AIL directly and drop one reference so
- * that finishing or canceling the work will drop the other.
- */
- xfs_trans_ail_insert(log->l_ailp, &efip->efi_item, lsn);
- xfs_efi_release(efip);
+
+ xlog_recover_intent_item(log, &efip->efi_item, lsn,
+ XFS_DEFER_OPS_TYPE_FREE);
return 0;
}
--- a/fs/xfs/xfs_log.c
+++ b/fs/xfs/xfs_log.c
@@ -1542,6 +1542,7 @@ xlog_alloc_log(
log->l_covered_state = XLOG_STATE_COVER_IDLE;
set_bit(XLOG_ACTIVE_RECOVERY, &log->l_opstate);
INIT_DELAYED_WORK(&log->l_work, xfs_log_worker);
+ INIT_LIST_HEAD(&log->r_dfops);
log->l_prev_block = -1;
/* log->l_tail_lsn = 0x100000000LL; cycle = 1; current block = 0 */
--- a/fs/xfs/xfs_log_priv.h
+++ b/fs/xfs/xfs_log_priv.h
@@ -407,6 +407,7 @@ struct xlog {
long l_opstate; /* operational state */
uint l_quotaoffs_flag; /* XFS_DQ_*, for QUOTAOFFs */
struct list_head *l_buf_cancel_table;
+ struct list_head r_dfops; /* recovered log intent items */
int l_iclog_hsize; /* size of iclog header */
int l_iclog_heads; /* # of iclog header sectors */
uint l_sectBBsize; /* sector size in BBs (2^n) */
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -1723,30 +1723,24 @@ xlog_clear_stale_blocks(
*/
void
xlog_recover_release_intent(
- struct xlog *log,
- unsigned short intent_type,
- uint64_t intent_id)
+ struct xlog *log,
+ unsigned short intent_type,
+ uint64_t intent_id)
{
- struct xfs_ail_cursor cur;
- struct xfs_log_item *lip;
- struct xfs_ail *ailp = log->l_ailp;
-
- spin_lock(&ailp->ail_lock);
- for (lip = xfs_trans_ail_cursor_first(ailp, &cur, 0); lip != NULL;
- lip = xfs_trans_ail_cursor_next(ailp, &cur)) {
+ struct xfs_defer_pending *dfp, *n;
+
+ list_for_each_entry_safe(dfp, n, &log->r_dfops, dfp_list) {
+ struct xfs_log_item *lip = dfp->dfp_intent;
+
if (lip->li_type != intent_type)
continue;
if (!lip->li_ops->iop_match(lip, intent_id))
continue;
- spin_unlock(&ailp->ail_lock);
- lip->li_ops->iop_release(lip);
- spin_lock(&ailp->ail_lock);
- break;
- }
+ ASSERT(xlog_item_is_intent(lip));
- xfs_trans_ail_cursor_done(&cur);
- spin_unlock(&ailp->ail_lock);
+ xfs_defer_cancel_recovery(log->l_mp, dfp);
+ }
}
int
@@ -1939,6 +1933,29 @@ xlog_buf_readahead(
xfs_buf_readahead(log->l_mp->m_ddev_targp, blkno, len, ops);
}
+/*
+ * Create a deferred work structure for resuming and tracking the progress of a
+ * log intent item that was found during recovery.
+ */
+void
+xlog_recover_intent_item(
+ struct xlog *log,
+ struct xfs_log_item *lip,
+ xfs_lsn_t lsn,
+ unsigned int dfp_type)
+{
+ ASSERT(xlog_item_is_intent(lip));
+
+ xfs_defer_start_recovery(lip, dfp_type, &log->r_dfops);
+
+ /*
+ * Insert the intent into the AIL directly and drop one reference so
+ * that finishing or canceling the work will drop the other.
+ */
+ xfs_trans_ail_insert(log->l_ailp, lip, lsn);
+ lip->li_ops->iop_unpin(lip, 0);
+}
+
STATIC int
xlog_recover_items_pass2(
struct xlog *log,
@@ -2533,29 +2550,22 @@ xlog_abort_defer_ops(
*/
STATIC int
xlog_recover_process_intents(
- struct xlog *log)
+ struct xlog *log)
{
LIST_HEAD(capture_list);
- struct xfs_ail_cursor cur;
- struct xfs_log_item *lip;
- struct xfs_ail *ailp;
- int error = 0;
+ struct xfs_defer_pending *dfp, *n;
+ int error = 0;
#if defined(DEBUG) || defined(XFS_WARN)
- xfs_lsn_t last_lsn;
-#endif
+ xfs_lsn_t last_lsn;
- ailp = log->l_ailp;
- spin_lock(&ailp->ail_lock);
-#if defined(DEBUG) || defined(XFS_WARN)
last_lsn = xlog_assign_lsn(log->l_curr_cycle, log->l_curr_block);
#endif
- for (lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
- lip != NULL;
- lip = xfs_trans_ail_cursor_next(ailp, &cur)) {
- const struct xfs_item_ops *ops;
- if (!xlog_item_is_intent(lip))
- break;
+ list_for_each_entry_safe(dfp, n, &log->r_dfops, dfp_list) {
+ struct xfs_log_item *lip = dfp->dfp_intent;
+ const struct xfs_item_ops *ops = lip->li_ops;
+
+ ASSERT(xlog_item_is_intent(lip));
/*
* We should never see a redo item with a LSN higher than
@@ -2573,19 +2583,22 @@ xlog_recover_process_intents(
* The recovery function can free the log item, so we must not
* access lip after it returns.
*/
- spin_unlock(&ailp->ail_lock);
- ops = lip->li_ops;
error = ops->iop_recover(lip, &capture_list);
- spin_lock(&ailp->ail_lock);
if (error) {
trace_xlog_intent_recovery_failed(log->l_mp, error,
ops->iop_recover);
break;
}
- }
- xfs_trans_ail_cursor_done(&cur);
- spin_unlock(&ailp->ail_lock);
+ /*
+ * XXX: @lip could have been freed, so detach the log item from
+ * the pending item before freeing the pending item. This does
+ * not fix the existing UAF bug that occurs if ->iop_recover
+ * fails after creating the intent done item.
+ */
+ dfp->dfp_intent = NULL;
+ xfs_defer_cancel_recovery(log->l_mp, dfp);
+ }
if (error)
goto err;
@@ -2606,27 +2619,15 @@ err:
*/
STATIC void
xlog_recover_cancel_intents(
- struct xlog *log)
+ struct xlog *log)
{
- struct xfs_log_item *lip;
- struct xfs_ail_cursor cur;
- struct xfs_ail *ailp;
-
- ailp = log->l_ailp;
- spin_lock(&ailp->ail_lock);
- lip = xfs_trans_ail_cursor_first(ailp, &cur, 0);
- while (lip != NULL) {
- if (!xlog_item_is_intent(lip))
- break;
+ struct xfs_defer_pending *dfp, *n;
- spin_unlock(&ailp->ail_lock);
- lip->li_ops->iop_release(lip);
- spin_lock(&ailp->ail_lock);
- lip = xfs_trans_ail_cursor_next(ailp, &cur);
- }
+ list_for_each_entry_safe(dfp, n, &log->r_dfops, dfp_list) {
+ ASSERT(xlog_item_is_intent(dfp->dfp_intent));
- xfs_trans_ail_cursor_done(&cur);
- spin_unlock(&ailp->ail_lock);
+ xfs_defer_cancel_recovery(log->l_mp, dfp);
+ }
}
/*
--- a/fs/xfs/xfs_refcount_item.c
+++ b/fs/xfs/xfs_refcount_item.c
@@ -696,12 +696,9 @@ xlog_recover_cui_commit_pass2(
cuip = xfs_cui_init(mp, cui_formatp->cui_nextents);
xfs_cui_copy_format(&cuip->cui_format, cui_formatp);
atomic_set(&cuip->cui_next_extent, cui_formatp->cui_nextents);
- /*
- * Insert the intent into the AIL directly and drop one reference so
- * that finishing or canceling the work will drop the other.
- */
- xfs_trans_ail_insert(log->l_ailp, &cuip->cui_item, lsn);
- xfs_cui_release(cuip);
+
+ xlog_recover_intent_item(log, &cuip->cui_item, lsn,
+ XFS_DEFER_OPS_TYPE_REFCOUNT);
return 0;
}
--- a/fs/xfs/xfs_rmap_item.c
+++ b/fs/xfs/xfs_rmap_item.c
@@ -702,12 +702,9 @@ xlog_recover_rui_commit_pass2(
ruip = xfs_rui_init(mp, rui_formatp->rui_nextents);
xfs_rui_copy_format(&ruip->rui_format, rui_formatp);
atomic_set(&ruip->rui_next_extent, rui_formatp->rui_nextents);
- /*
- * Insert the intent into the AIL directly and drop one reference so
- * that finishing or canceling the work will drop the other.
- */
- xfs_trans_ail_insert(log->l_ailp, &ruip->rui_item, lsn);
- xfs_rui_release(ruip);
+
+ xlog_recover_intent_item(log, &ruip->rui_item, lsn,
+ XFS_DEFER_OPS_TYPE_RMAP);
return 0;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 258/396] xfs: pass the xfs_defer_pending object to iop_recover
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (256 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 257/396] xfs: use xfs_defer_pending objects to recover " Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 259/396] xfs: transfer recovered intent item ownership in ->iop_recover Greg Kroah-Hartman
` (149 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit a050acdfa8003a44eae4558fddafc7afb1aef458 upstream.
Now that log intent item recovery recreates the xfs_defer_pending state,
we should pass that into the ->iop_recover routines so that the intent
item can finish the recreation work.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_attr_item.c | 3 ++-
fs/xfs/xfs_bmap_item.c | 3 ++-
fs/xfs/xfs_extfree_item.c | 3 ++-
fs/xfs/xfs_log_recover.c | 2 +-
fs/xfs/xfs_refcount_item.c | 3 ++-
fs/xfs/xfs_rmap_item.c | 3 ++-
fs/xfs/xfs_trans.h | 4 +++-
7 files changed, 14 insertions(+), 7 deletions(-)
--- a/fs/xfs/xfs_attr_item.c
+++ b/fs/xfs/xfs_attr_item.c
@@ -545,9 +545,10 @@ xfs_attri_validate(
*/
STATIC int
xfs_attri_item_recover(
- struct xfs_log_item *lip,
+ struct xfs_defer_pending *dfp,
struct list_head *capture_list)
{
+ struct xfs_log_item *lip = dfp->dfp_intent;
struct xfs_attri_log_item *attrip = ATTRI_ITEM(lip);
struct xfs_attr_intent *attr;
struct xfs_mount *mp = lip->li_log->l_mp;
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -486,11 +486,12 @@ xfs_bui_validate(
*/
STATIC int
xfs_bui_item_recover(
- struct xfs_log_item *lip,
+ struct xfs_defer_pending *dfp,
struct list_head *capture_list)
{
struct xfs_bmap_intent fake = { };
struct xfs_trans_res resv;
+ struct xfs_log_item *lip = dfp->dfp_intent;
struct xfs_bui_log_item *buip = BUI_ITEM(lip);
struct xfs_trans *tp;
struct xfs_inode *ip = NULL;
--- a/fs/xfs/xfs_extfree_item.c
+++ b/fs/xfs/xfs_extfree_item.c
@@ -657,10 +657,11 @@ xfs_efi_validate_ext(
*/
STATIC int
xfs_efi_item_recover(
- struct xfs_log_item *lip,
+ struct xfs_defer_pending *dfp,
struct list_head *capture_list)
{
struct xfs_trans_res resv;
+ struct xfs_log_item *lip = dfp->dfp_intent;
struct xfs_efi_log_item *efip = EFI_ITEM(lip);
struct xfs_mount *mp = lip->li_log->l_mp;
struct xfs_efd_log_item *efdp;
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2583,7 +2583,7 @@ xlog_recover_process_intents(
* The recovery function can free the log item, so we must not
* access lip after it returns.
*/
- error = ops->iop_recover(lip, &capture_list);
+ error = ops->iop_recover(dfp, &capture_list);
if (error) {
trace_xlog_intent_recovery_failed(log->l_mp, error,
ops->iop_recover);
--- a/fs/xfs/xfs_refcount_item.c
+++ b/fs/xfs/xfs_refcount_item.c
@@ -474,10 +474,11 @@ xfs_cui_validate_phys(
*/
STATIC int
xfs_cui_item_recover(
- struct xfs_log_item *lip,
+ struct xfs_defer_pending *dfp,
struct list_head *capture_list)
{
struct xfs_trans_res resv;
+ struct xfs_log_item *lip = dfp->dfp_intent;
struct xfs_cui_log_item *cuip = CUI_ITEM(lip);
struct xfs_cud_log_item *cudp;
struct xfs_trans *tp;
--- a/fs/xfs/xfs_rmap_item.c
+++ b/fs/xfs/xfs_rmap_item.c
@@ -504,10 +504,11 @@ xfs_rui_validate_map(
*/
STATIC int
xfs_rui_item_recover(
- struct xfs_log_item *lip,
+ struct xfs_defer_pending *dfp,
struct list_head *capture_list)
{
struct xfs_trans_res resv;
+ struct xfs_log_item *lip = dfp->dfp_intent;
struct xfs_rui_log_item *ruip = RUI_ITEM(lip);
struct xfs_rud_log_item *rudp;
struct xfs_trans *tp;
--- a/fs/xfs/xfs_trans.h
+++ b/fs/xfs/xfs_trans.h
@@ -66,6 +66,8 @@ struct xfs_log_item {
{ (1u << XFS_LI_DIRTY), "DIRTY" }, \
{ (1u << XFS_LI_WHITEOUT), "WHITEOUT" }
+struct xfs_defer_pending;
+
struct xfs_item_ops {
unsigned flags;
void (*iop_size)(struct xfs_log_item *, int *, int *);
@@ -78,7 +80,7 @@ struct xfs_item_ops {
xfs_lsn_t (*iop_committed)(struct xfs_log_item *, xfs_lsn_t);
uint (*iop_push)(struct xfs_log_item *, struct list_head *);
void (*iop_release)(struct xfs_log_item *);
- int (*iop_recover)(struct xfs_log_item *lip,
+ int (*iop_recover)(struct xfs_defer_pending *dfp,
struct list_head *capture_list);
bool (*iop_match)(struct xfs_log_item *item, uint64_t id);
struct xfs_log_item *(*iop_relog)(struct xfs_log_item *intent,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 259/396] xfs: transfer recovered intent item ownership in ->iop_recover
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (257 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 258/396] xfs: pass the xfs_defer_pending object to iop_recover Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 260/396] xfs: make rextslog computation consistent with mkfs Greg Kroah-Hartman
` (148 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit deb4cd8ba87f17b12c72b3827820d9c703e9fd95 upstream.
Now that we pass the xfs_defer_pending object into the intent item
recovery functions, we know exactly when ownership of the sole refcount
passes from the recovery context to the intent done item. At that
point, we need to null out dfp_intent so that the recovery mechanism
won't release it. This should fix the UAF problem reported by Long Li.
Note that we still want to recreate the full deferred work state. That
will be addressed in the next patches.
Fixes: 2e76f188fd90 ("xfs: cancel intents immediately if process_intents fails")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_log_recover.h | 2 ++
fs/xfs/xfs_attr_item.c | 1 +
fs/xfs/xfs_bmap_item.c | 2 ++
fs/xfs/xfs_extfree_item.c | 2 ++
fs/xfs/xfs_log_recover.c | 19 ++++++++++++-------
fs/xfs/xfs_refcount_item.c | 1 +
fs/xfs/xfs_rmap_item.c | 2 ++
7 files changed, 22 insertions(+), 7 deletions(-)
--- a/fs/xfs/libxfs/xfs_log_recover.h
+++ b/fs/xfs/libxfs/xfs_log_recover.h
@@ -155,5 +155,7 @@ xlog_recover_resv(const struct xfs_trans
void xlog_recover_intent_item(struct xlog *log, struct xfs_log_item *lip,
xfs_lsn_t lsn, unsigned int dfp_type);
+void xlog_recover_transfer_intent(struct xfs_trans *tp,
+ struct xfs_defer_pending *dfp);
#endif /* __XFS_LOG_RECOVER_H__ */
--- a/fs/xfs/xfs_attr_item.c
+++ b/fs/xfs/xfs_attr_item.c
@@ -632,6 +632,7 @@ xfs_attri_item_recover(
args->trans = tp;
done_item = xfs_trans_get_attrd(tp, attrip);
+ xlog_recover_transfer_intent(tp, dfp);
xfs_ilock(ip, XFS_ILOCK_EXCL);
xfs_trans_ijoin(tp, ip, 0);
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -524,6 +524,8 @@ xfs_bui_item_recover(
goto err_rele;
budp = xfs_trans_get_bud(tp, buip);
+ xlog_recover_transfer_intent(tp, dfp);
+
xfs_ilock(ip, XFS_ILOCK_EXCL);
xfs_trans_ijoin(tp, ip, 0);
--- a/fs/xfs/xfs_extfree_item.c
+++ b/fs/xfs/xfs_extfree_item.c
@@ -689,7 +689,9 @@ xfs_efi_item_recover(
error = xfs_trans_alloc(mp, &resv, 0, 0, 0, &tp);
if (error)
return error;
+
efdp = xfs_trans_get_efd(tp, efip, efip->efi_format.efi_nextents);
+ xlog_recover_transfer_intent(tp, dfp);
for (i = 0; i < efip->efi_format.efi_nextents; i++) {
struct xfs_extent_free_item fake = {
--- a/fs/xfs/xfs_log_recover.c
+++ b/fs/xfs/xfs_log_recover.c
@@ -2590,13 +2590,6 @@ xlog_recover_process_intents(
break;
}
- /*
- * XXX: @lip could have been freed, so detach the log item from
- * the pending item before freeing the pending item. This does
- * not fix the existing UAF bug that occurs if ->iop_recover
- * fails after creating the intent done item.
- */
- dfp->dfp_intent = NULL;
xfs_defer_cancel_recovery(log->l_mp, dfp);
}
if (error)
@@ -2631,6 +2624,18 @@ xlog_recover_cancel_intents(
}
/*
+ * Transfer ownership of the recovered log intent item to the recovery
+ * transaction.
+ */
+void
+xlog_recover_transfer_intent(
+ struct xfs_trans *tp,
+ struct xfs_defer_pending *dfp)
+{
+ dfp->dfp_intent = NULL;
+}
+
+/*
* This routine performs a transaction to null out a bad inode pointer
* in an agi unlinked inode hash bucket.
*/
--- a/fs/xfs/xfs_refcount_item.c
+++ b/fs/xfs/xfs_refcount_item.c
@@ -523,6 +523,7 @@ xfs_cui_item_recover(
return error;
cudp = xfs_trans_get_cud(tp, cuip);
+ xlog_recover_transfer_intent(tp, dfp);
for (i = 0; i < cuip->cui_format.cui_nextents; i++) {
struct xfs_refcount_intent fake = { };
--- a/fs/xfs/xfs_rmap_item.c
+++ b/fs/xfs/xfs_rmap_item.c
@@ -537,7 +537,9 @@ xfs_rui_item_recover(
XFS_TRANS_RESERVE, &tp);
if (error)
return error;
+
rudp = xfs_trans_get_rud(tp, ruip);
+ xlog_recover_transfer_intent(tp, dfp);
for (i = 0; i < ruip->rui_format.rui_nextents; i++) {
struct xfs_rmap_intent fake = { };
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 260/396] xfs: make rextslog computation consistent with mkfs
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (258 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 259/396] xfs: transfer recovered intent item ownership in ->iop_recover Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 261/396] xfs: fix 32-bit truncation in xfs_compute_rextslog Greg Kroah-Hartman
` (147 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit a6a38f309afc4a7ede01242b603f36c433997780 upstream.
[backport: resolve merge conflicts due to refactoring rtbitmap/summary
macros and accessors]
There's a weird discrepancy in xfsprogs dating back to the creation of
the Linux port -- if there are zero rt extents, mkfs will set
sb_rextents and sb_rextslog both to zero:
sbp->sb_rextslog =
(uint8_t)(rtextents ?
libxfs_highbit32((unsigned int)rtextents) : 0);
However, that's not the check that xfs_repair uses for nonzero rtblocks:
if (sb->sb_rextslog !=
libxfs_highbit32((unsigned int)sb->sb_rextents))
The difference here is that xfs_highbit32 returns -1 if its argument is
zero. Unfortunately, this means that in the weird corner case of a
realtime volume shorter than 1 rt extent, xfs_repair will immediately
flag a freshly formatted filesystem as corrupt. Because mkfs has been
writing ondisk artifacts like this for decades, we have to accept that
as "correct". TBH, zero rextslog for zero rtextents makes more sense to
me anyway.
Regrettably, the superblock verifier checks created in commit copied
xfs_repair even though mkfs has been writing out such filesystems for
ages. Fix the superblock verifier to accept what mkfs spits out; the
userspace version of this patch will have to fix xfs_repair as well.
Note that the new helper leaves the zeroday bug where the upper 32 bits
of sb_rextents is ripped off and fed to highbit32. This leads to a
seriously undersized rt summary file, which immediately breaks mkfs:
$ hugedisk.sh foo /dev/sdc $(( 0x100000080 * 4096))B
$ /sbin/mkfs.xfs -f /dev/sda -m rmapbt=0,reflink=0 -r rtdev=/dev/mapper/foo
meta-data=/dev/sda isize=512 agcount=4, agsize=1298176 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=0 bigtime=1 inobtcount=1 nrext64=1
data = bsize=4096 blocks=5192704, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=16384, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =/dev/mapper/foo extsz=4096 blocks=4294967424, rtextents=4294967424
Discarding blocks...Done.
mkfs.xfs: Error initializing the realtime space [117 - Structure needs cleaning]
The next patch will drop support for rt volumes with fewer than 1 or
more than 2^32-1 rt extents, since they've clearly been broken forever.
Fixes: f8e566c0f5e1f ("xfs: validate the realtime geometry in xfs_validate_sb_common")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_rtbitmap.c | 13 +++++++++++++
fs/xfs/libxfs/xfs_rtbitmap.h | 4 ++++
fs/xfs/libxfs/xfs_sb.c | 3 ++-
fs/xfs/xfs_rtalloc.c | 4 ++--
4 files changed, 21 insertions(+), 3 deletions(-)
--- a/fs/xfs/libxfs/xfs_rtbitmap.c
+++ b/fs/xfs/libxfs/xfs_rtbitmap.c
@@ -1130,3 +1130,16 @@ xfs_rtalloc_extent_is_free(
*is_free = matches;
return 0;
}
+
+/*
+ * Compute the maximum level number of the realtime summary file, as defined by
+ * mkfs. The use of highbit32 on a 64-bit quantity is a historic artifact that
+ * prohibits correct use of rt volumes with more than 2^32 extents.
+ */
+uint8_t
+xfs_compute_rextslog(
+ xfs_rtbxlen_t rtextents)
+{
+ return rtextents ? xfs_highbit32(rtextents) : 0;
+}
+
--- a/fs/xfs/libxfs/xfs_rtbitmap.h
+++ b/fs/xfs/libxfs/xfs_rtbitmap.h
@@ -70,6 +70,9 @@ xfs_rtfree_extent(
/* Same as above, but in units of rt blocks. */
int xfs_rtfree_blocks(struct xfs_trans *tp, xfs_fsblock_t rtbno,
xfs_filblks_t rtlen);
+
+uint8_t xfs_compute_rextslog(xfs_rtbxlen_t rtextents);
+
#else /* CONFIG_XFS_RT */
# define xfs_rtfree_extent(t,b,l) (-ENOSYS)
# define xfs_rtfree_blocks(t,rb,rl) (-ENOSYS)
@@ -77,6 +80,7 @@ int xfs_rtfree_blocks(struct xfs_trans *
# define xfs_rtalloc_query_all(m,t,f,p) (-ENOSYS)
# define xfs_rtbuf_get(m,t,b,i,p) (-ENOSYS)
# define xfs_rtalloc_extent_is_free(m,t,s,l,i) (-ENOSYS)
+# define xfs_compute_rextslog(rtx) (0)
#endif /* CONFIG_XFS_RT */
#endif /* __XFS_RTBITMAP_H__ */
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -25,6 +25,7 @@
#include "xfs_da_format.h"
#include "xfs_health.h"
#include "xfs_ag.h"
+#include "xfs_rtbitmap.h"
/*
* Physical superblock buffer manipulations. Shared with libxfs in userspace.
@@ -509,7 +510,7 @@ xfs_validate_sb_common(
NBBY * sbp->sb_blocksize);
if (sbp->sb_rextents != rexts ||
- sbp->sb_rextslog != xfs_highbit32(sbp->sb_rextents) ||
+ sbp->sb_rextslog != xfs_compute_rextslog(rexts) ||
sbp->sb_rbmblocks != rbmblocks) {
xfs_notice(mp,
"realtime geometry sanity check failed");
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -999,7 +999,7 @@ xfs_growfs_rt(
nrextents = nrblocks;
do_div(nrextents, in->extsize);
nrbmblocks = howmany_64(nrextents, NBBY * sbp->sb_blocksize);
- nrextslog = xfs_highbit32(nrextents);
+ nrextslog = xfs_compute_rextslog(nrextents);
nrsumlevels = nrextslog + 1;
nrsumsize = (uint)sizeof(xfs_suminfo_t) * nrsumlevels * nrbmblocks;
nrsumblocks = XFS_B_TO_FSB(mp, nrsumsize);
@@ -1061,7 +1061,7 @@ xfs_growfs_rt(
nsbp->sb_rextents = nsbp->sb_rblocks;
do_div(nsbp->sb_rextents, nsbp->sb_rextsize);
ASSERT(nsbp->sb_rextents != 0);
- nsbp->sb_rextslog = xfs_highbit32(nsbp->sb_rextents);
+ nsbp->sb_rextslog = xfs_compute_rextslog(nsbp->sb_rextents);
nrsumlevels = nmp->m_rsumlevels = nsbp->sb_rextslog + 1;
nrsumsize =
(uint)sizeof(xfs_suminfo_t) * nrsumlevels *
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 261/396] xfs: fix 32-bit truncation in xfs_compute_rextslog
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (259 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 260/396] xfs: make rextslog computation consistent with mkfs Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 262/396] xfs: dont allow overly small or large realtime volumes Greg Kroah-Hartman
` (146 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit cf8f0e6c1429be7652869059ea44696b72d5b726 upstream.
It's quite reasonable that some customer somewhere will want to
configure a realtime volume with more than 2^32 extents. If they try to
do this, the highbit32() call will truncate the upper bits of the
xfs_rtbxlen_t and produce the wrong value for rextslog. This in turn
causes the rsumlevels to be wrong, which results in a realtime summary
file that is the wrong length. Fix that.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_rtbitmap.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/fs/xfs/libxfs/xfs_rtbitmap.c
+++ b/fs/xfs/libxfs/xfs_rtbitmap.c
@@ -1133,13 +1133,15 @@ xfs_rtalloc_extent_is_free(
/*
* Compute the maximum level number of the realtime summary file, as defined by
- * mkfs. The use of highbit32 on a 64-bit quantity is a historic artifact that
- * prohibits correct use of rt volumes with more than 2^32 extents.
+ * mkfs. The historic use of highbit32 on a 64-bit quantity prohibited correct
+ * use of rt volumes with more than 2^32 extents.
*/
uint8_t
xfs_compute_rextslog(
xfs_rtbxlen_t rtextents)
{
- return rtextents ? xfs_highbit32(rtextents) : 0;
+ if (!rtextents)
+ return 0;
+ return xfs_highbit64(rtextents);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 262/396] xfs: dont allow overly small or large realtime volumes
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (260 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 261/396] xfs: fix 32-bit truncation in xfs_compute_rextslog Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 263/396] xfs: make xchk_iget safer in the presence of corrupt inode btrees Greg Kroah-Hartman
` (145 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit e14293803f4e84eb23a417b462b56251033b5a66 upstream.
[backport: resolve merge conflicts due to refactoring rtbitmap/summary
macros and accessors]
Don't allow realtime volumes that are less than one rt extent long.
This has been broken across 4 LTS kernels with nobody noticing, so let's
just disable it.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_rtbitmap.h | 13 +++++++++++++
fs/xfs/libxfs/xfs_sb.c | 3 ++-
fs/xfs/xfs_rtalloc.c | 2 ++
3 files changed, 17 insertions(+), 1 deletion(-)
--- a/fs/xfs/libxfs/xfs_rtbitmap.h
+++ b/fs/xfs/libxfs/xfs_rtbitmap.h
@@ -73,6 +73,18 @@ int xfs_rtfree_blocks(struct xfs_trans *
uint8_t xfs_compute_rextslog(xfs_rtbxlen_t rtextents);
+/* Do we support an rt volume having this number of rtextents? */
+static inline bool
+xfs_validate_rtextents(
+ xfs_rtbxlen_t rtextents)
+{
+ /* No runt rt volumes */
+ if (rtextents == 0)
+ return false;
+
+ return true;
+}
+
#else /* CONFIG_XFS_RT */
# define xfs_rtfree_extent(t,b,l) (-ENOSYS)
# define xfs_rtfree_blocks(t,rb,rl) (-ENOSYS)
@@ -81,6 +93,7 @@ uint8_t xfs_compute_rextslog(xfs_rtbxlen
# define xfs_rtbuf_get(m,t,b,i,p) (-ENOSYS)
# define xfs_rtalloc_extent_is_free(m,t,s,l,i) (-ENOSYS)
# define xfs_compute_rextslog(rtx) (0)
+# define xfs_validate_rtextents(rtx) (false)
#endif /* CONFIG_XFS_RT */
#endif /* __XFS_RTBITMAP_H__ */
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -509,7 +509,8 @@ xfs_validate_sb_common(
rbmblocks = howmany_64(sbp->sb_rextents,
NBBY * sbp->sb_blocksize);
- if (sbp->sb_rextents != rexts ||
+ if (!xfs_validate_rtextents(rexts) ||
+ sbp->sb_rextents != rexts ||
sbp->sb_rextslog != xfs_compute_rextslog(rexts) ||
sbp->sb_rbmblocks != rbmblocks) {
xfs_notice(mp,
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -998,6 +998,8 @@ xfs_growfs_rt(
*/
nrextents = nrblocks;
do_div(nrextents, in->extsize);
+ if (!xfs_validate_rtextents(nrextents))
+ return -EINVAL;
nrbmblocks = howmany_64(nrextents, NBBY * sbp->sb_blocksize);
nrextslog = xfs_compute_rextslog(nrextents);
nrsumlevels = nrextslog + 1;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 263/396] xfs: make xchk_iget safer in the presence of corrupt inode btrees
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (261 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 262/396] xfs: dont allow overly small or large realtime volumes Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 264/396] xfs: remove unused fields from struct xbtree_ifakeroot Greg Kroah-Hartman
` (144 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Dave Chinner, Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 3f113c2739b1b068854c7ffed635c2bd790d1492 upstream.
When scrub is trying to iget an inode, ensure that it won't end up
deadlocked on a cycle in the inode btree by using an empty transaction
to store all the buffers.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/scrub/common.c | 6 ++++--
fs/xfs/scrub/common.h | 25 +++++++++++++++++++++++++
fs/xfs/scrub/inode.c | 4 ++--
3 files changed, 31 insertions(+), 4 deletions(-)
--- a/fs/xfs/scrub/common.c
+++ b/fs/xfs/scrub/common.c
@@ -733,6 +733,8 @@ xchk_iget(
xfs_ino_t inum,
struct xfs_inode **ipp)
{
+ ASSERT(sc->tp != NULL);
+
return xfs_iget(sc->mp, sc->tp, inum, XFS_IGET_UNTRUSTED, 0, ipp);
}
@@ -882,8 +884,8 @@ xchk_iget_for_scrubbing(
if (!xfs_verify_ino(sc->mp, sc->sm->sm_ino))
return -ENOENT;
- /* Try a regular untrusted iget. */
- error = xchk_iget(sc, sc->sm->sm_ino, &ip);
+ /* Try a safe untrusted iget. */
+ error = xchk_iget_safe(sc, sc->sm->sm_ino, &ip);
if (!error)
return xchk_install_handle_inode(sc, ip);
if (error == -ENOENT)
--- a/fs/xfs/scrub/common.h
+++ b/fs/xfs/scrub/common.h
@@ -151,6 +151,11 @@ void xchk_iunlock(struct xfs_scrub *sc,
void xchk_buffer_recheck(struct xfs_scrub *sc, struct xfs_buf *bp);
+/*
+ * Grab the inode at @inum. The caller must have created a scrub transaction
+ * so that we can confirm the inumber by walking the inobt and not deadlock on
+ * a loop in the inobt.
+ */
int xchk_iget(struct xfs_scrub *sc, xfs_ino_t inum, struct xfs_inode **ipp);
int xchk_iget_agi(struct xfs_scrub *sc, xfs_ino_t inum,
struct xfs_buf **agi_bpp, struct xfs_inode **ipp);
@@ -158,6 +163,26 @@ void xchk_irele(struct xfs_scrub *sc, st
int xchk_install_handle_inode(struct xfs_scrub *sc, struct xfs_inode *ip);
/*
+ * Safe version of (untrusted) xchk_iget that uses an empty transaction to
+ * avoid deadlocking on loops in the inobt. This should only be used in a
+ * scrub or repair setup routine, and only prior to grabbing a transaction.
+ */
+static inline int
+xchk_iget_safe(struct xfs_scrub *sc, xfs_ino_t inum, struct xfs_inode **ipp)
+{
+ int error;
+
+ ASSERT(sc->tp == NULL);
+
+ error = xchk_trans_alloc(sc, 0);
+ if (error)
+ return error;
+ error = xchk_iget(sc, inum, ipp);
+ xchk_trans_cancel(sc);
+ return error;
+}
+
+/*
* Don't bother cross-referencing if we already found corruption or cross
* referencing discrepancies.
*/
--- a/fs/xfs/scrub/inode.c
+++ b/fs/xfs/scrub/inode.c
@@ -94,8 +94,8 @@ xchk_setup_inode(
if (!xfs_verify_ino(sc->mp, sc->sm->sm_ino))
return -ENOENT;
- /* Try a regular untrusted iget. */
- error = xchk_iget(sc, sc->sm->sm_ino, &ip);
+ /* Try a safe untrusted iget. */
+ error = xchk_iget_safe(sc, sc->sm->sm_ino, &ip);
if (!error)
return xchk_install_handle_iscrub(sc, ip);
if (error == -ENOENT)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 264/396] xfs: remove unused fields from struct xbtree_ifakeroot
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (262 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 263/396] xfs: make xchk_iget safer in the presence of corrupt inode btrees Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 265/396] xfs: recompute growfsrtfree transaction reservation while growing rt volume Greg Kroah-Hartman
` (143 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Dave Chinner, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 4c8ecd1cfdd01fb727121035014d9f654a30bdf2 upstream.
Remove these unused fields since nobody uses them. They should have
been removed years ago in a different cleanup series from Christoph
Hellwig.
Fixes: daf83964a3681 ("xfs: move the per-fork nextents fields into struct xfs_ifork")
Fixes: f7e67b20ecbbc ("xfs: move the fork format fields into struct xfs_ifork")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_btree_staging.h | 6 ------
1 file changed, 6 deletions(-)
--- a/fs/xfs/libxfs/xfs_btree_staging.h
+++ b/fs/xfs/libxfs/xfs_btree_staging.h
@@ -37,12 +37,6 @@ struct xbtree_ifakeroot {
/* Number of bytes available for this fork in the inode. */
unsigned int if_fork_size;
-
- /* Fork format. */
- unsigned int if_format;
-
- /* Number of records. */
- unsigned int if_extents;
};
/* Cursor interactions with fake roots for inode-rooted btrees. */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 265/396] xfs: recompute growfsrtfree transaction reservation while growing rt volume
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (263 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 264/396] xfs: remove unused fields from struct xbtree_ifakeroot Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 266/396] xfs: fix an off-by-one error in xreap_agextent_binval Greg Kroah-Hartman
` (142 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 578bd4ce7100ae34f98c6b0147fe75cfa0dadbac upstream.
While playing with growfs to create a 20TB realtime section on a
filesystem that didn't previously have an rt section, I noticed that
growfs would occasionally shut down the log due to a transaction
reservation overflow.
xfs_calc_growrtfree_reservation uses the current size of the realtime
summary file (m_rsumsize) to compute the transaction reservation for a
growrtfree transaction. The reservations are computed at mount time,
which means that m_rsumsize is zero when growfs starts "freeing" the new
realtime extents into the rt volume. As a result, the transaction is
undersized and fails.
Fix this by recomputing the transaction reservations every time we
change m_rsumsize.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_rtalloc.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/xfs/xfs_rtalloc.c
+++ b/fs/xfs/xfs_rtalloc.c
@@ -1070,6 +1070,9 @@ xfs_growfs_rt(
nsbp->sb_rbmblocks;
nrsumblocks = XFS_B_TO_FSB(mp, nrsumsize);
nmp->m_rsumsize = nrsumsize = XFS_FSB_TO_B(mp, nrsumblocks);
+ /* recompute growfsrt reservation from new rsumsize */
+ xfs_trans_resv_calc(nmp, &nmp->m_resv);
+
/*
* Start a transaction, get the log reservation.
*/
@@ -1153,6 +1156,8 @@ error_cancel:
*/
mp->m_rsumlevels = nrsumlevels;
mp->m_rsumsize = nrsumsize;
+ /* recompute growfsrt reservation from new rsumsize */
+ xfs_trans_resv_calc(mp, &mp->m_resv);
error = xfs_trans_commit(tp);
if (error)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 266/396] xfs: fix an off-by-one error in xreap_agextent_binval
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (264 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 265/396] xfs: recompute growfsrtfree transaction reservation while growing rt volume Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 267/396] xfs: force all buffers to be written during btree bulk load Greg Kroah-Hartman
` (141 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Dave Chinner, Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit c0e37f07d2bd3c1ee3fb5a650da7d8673557ed16 upstream.
Overall, this function tries to find and invalidate all buffers for a
given extent of space on the data device. The inner for loop in this
function tries to find all xfs_bufs for a given daddr. The lengths of
all possible cached buffers range from 1 fsblock to the largest needed
to contain a 64k xattr value (~17fsb). The scan is capped to avoid
looking at anything buffer going past the given extent.
Unfortunately, the loop continuation test is wrong -- max_fsbs is the
largest size we want to scan, not one past that. Put another way, this
loop is actually 1-indexed, not 0-indexed. Therefore, the continuation
test should use <=, not <.
As a result, online repairs of btree blocks fails to stale any buffers
for btrees that are being torn down, which causes later assertions in
the buffer cache when another thread creates a different-sized buffer.
This happens in xfs/709 when allocating an inode cluster buffer:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 3346128 at fs/xfs/xfs_message.c:104 assfail+0x3a/0x40 [xfs]
CPU: 0 PID: 3346128 Comm: fsstress Not tainted 6.7.0-rc4-djwx #rc4
RIP: 0010:assfail+0x3a/0x40 [xfs]
Call Trace:
<TASK>
_xfs_buf_obj_cmp+0x4a/0x50
xfs_buf_get_map+0x191/0xba0
xfs_trans_get_buf_map+0x136/0x280
xfs_ialloc_inode_init+0x186/0x340
xfs_ialloc_ag_alloc+0x254/0x720
xfs_dialloc+0x21f/0x870
xfs_create_tmpfile+0x1a9/0x2f0
xfs_rename+0x369/0xfd0
xfs_vn_rename+0xfa/0x170
vfs_rename+0x5fb/0xc30
do_renameat2+0x52d/0x6e0
__x64_sys_renameat2+0x4b/0x60
do_syscall_64+0x3b/0xe0
entry_SYSCALL_64_after_hwframe+0x46/0x4e
A later refactoring patch in the online repair series fixed this by
accident, which is why I didn't notice this until I started testing only
the patches that are likely to end up in 6.8.
Fixes: 1c7ce115e521 ("xfs: reap large AG metadata extents when possible")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/scrub/reap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/xfs/scrub/reap.c
+++ b/fs/xfs/scrub/reap.c
@@ -247,7 +247,7 @@ xreap_agextent_binval(
max_fsbs = min_t(xfs_agblock_t, agbno_next - bno,
xfs_attr3_rmt_blocks(mp, XFS_XATTR_SIZE_MAX));
- for (fsbcount = 1; fsbcount < max_fsbs; fsbcount++) {
+ for (fsbcount = 1; fsbcount <= max_fsbs; fsbcount++) {
struct xfs_buf *bp = NULL;
xfs_daddr_t daddr;
int error;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 267/396] xfs: force all buffers to be written during btree bulk load
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (265 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 266/396] xfs: fix an off-by-one error in xreap_agextent_binval Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 268/396] xfs: add missing nrext64 inode flag check to scrub Greg Kroah-Hartman
` (140 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 13ae04d8d45227c2ba51e188daf9fc13d08a1b12 upstream.
While stress-testing online repair of btrees, I noticed periodic
assertion failures from the buffer cache about buffers with incorrect
DELWRI_Q state. Looking further, I observed this race between the AIL
trying to write out a btree block and repair zapping a btree block after
the fact:
AIL: Repair0:
pin buffer X
delwri_queue:
set DELWRI_Q
add to delwri list
stale buf X:
clear DELWRI_Q
does not clear b_list
free space X
commit
delwri_submit # oops
Worse yet, I discovered that running the same repair over and over in a
tight loop can result in a second race that cause data integrity
problems with the repair:
AIL: Repair0: Repair1:
pin buffer X
delwri_queue:
set DELWRI_Q
add to delwri list
stale buf X:
clear DELWRI_Q
does not clear b_list
free space X
commit
find free space X
get buffer
rewrite buffer
delwri_queue:
set DELWRI_Q
already on a list, do not add
commit
BAD: committed tree root before all blocks written
delwri_submit # too late now
I traced this to my own misunderstanding of how the delwri lists work,
particularly with regards to the AIL's buffer list. If a buffer is
logged and committed, the buffer can end up on that AIL buffer list. If
btree repairs are run twice in rapid succession, it's possible that the
first repair will invalidate the buffer and free it before the next time
the AIL wakes up. Marking the buffer stale clears DELWRI_Q from the
buffer state without removing the buffer from its delwri list. The
buffer doesn't know which list it's on, so it cannot know which lock to
take to protect the list for a removal.
If the second repair allocates the same block, it will then recycle the
buffer to start writing the new btree block. Meanwhile, if the AIL
wakes up and walks the buffer list, it will ignore the buffer because it
can't lock it, and go back to sleep.
When the second repair calls delwri_queue to put the buffer on the
list of buffers to write before committing the new btree, it will set
DELWRI_Q again, but since the buffer hasn't been removed from the AIL's
buffer list, it won't add it to the bulkload buffer's list.
This is incorrect, because the bulkload caller relies on delwri_submit
to ensure that all the buffers have been sent to disk /before/
committing the new btree root pointer. This ordering requirement is
required for data consistency.
Worse, the AIL won't clear DELWRI_Q from the buffer when it does finally
drop it, so the next thread to walk through the btree will trip over a
debug assertion on that flag.
To fix this, create a new function that waits for the buffer to be
removed from any other delwri lists before adding the buffer to the
caller's delwri list. By waiting for the buffer to clear both the
delwri list and any potential delwri wait list, we can be sure that
repair will initiate writes of all buffers and report all write errors
back to userspace instead of committing the new structure.
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_btree_staging.c | 4 ---
fs/xfs/xfs_buf.c | 44 ++++++++++++++++++++++++++++++++++----
fs/xfs/xfs_buf.h | 1
3 files changed, 42 insertions(+), 7 deletions(-)
--- a/fs/xfs/libxfs/xfs_btree_staging.c
+++ b/fs/xfs/libxfs/xfs_btree_staging.c
@@ -342,9 +342,7 @@ xfs_btree_bload_drop_buf(
if (*bpp == NULL)
return;
- if (!xfs_buf_delwri_queue(*bpp, buffers_list))
- ASSERT(0);
-
+ xfs_buf_delwri_queue_here(*bpp, buffers_list);
xfs_buf_relse(*bpp);
*bpp = NULL;
}
--- a/fs/xfs/xfs_buf.c
+++ b/fs/xfs/xfs_buf.c
@@ -2049,6 +2049,14 @@ error_free:
return NULL;
}
+static inline void
+xfs_buf_list_del(
+ struct xfs_buf *bp)
+{
+ list_del_init(&bp->b_list);
+ wake_up_var(&bp->b_list);
+}
+
/*
* Cancel a delayed write list.
*
@@ -2066,7 +2074,7 @@ xfs_buf_delwri_cancel(
xfs_buf_lock(bp);
bp->b_flags &= ~_XBF_DELWRI_Q;
- list_del_init(&bp->b_list);
+ xfs_buf_list_del(bp);
xfs_buf_relse(bp);
}
}
@@ -2120,6 +2128,34 @@ xfs_buf_delwri_queue(
}
/*
+ * Queue a buffer to this delwri list as part of a data integrity operation.
+ * If the buffer is on any other delwri list, we'll wait for that to clear
+ * so that the caller can submit the buffer for IO and wait for the result.
+ * Callers must ensure the buffer is not already on the list.
+ */
+void
+xfs_buf_delwri_queue_here(
+ struct xfs_buf *bp,
+ struct list_head *buffer_list)
+{
+ /*
+ * We need this buffer to end up on the /caller's/ delwri list, not any
+ * old list. This can happen if the buffer is marked stale (which
+ * clears DELWRI_Q) after the AIL queues the buffer to its list but
+ * before the AIL has a chance to submit the list.
+ */
+ while (!list_empty(&bp->b_list)) {
+ xfs_buf_unlock(bp);
+ wait_var_event(&bp->b_list, list_empty(&bp->b_list));
+ xfs_buf_lock(bp);
+ }
+
+ ASSERT(!(bp->b_flags & _XBF_DELWRI_Q));
+
+ xfs_buf_delwri_queue(bp, buffer_list);
+}
+
+/*
* Compare function is more complex than it needs to be because
* the return value is only 32 bits and we are doing comparisons
* on 64 bit values
@@ -2181,7 +2217,7 @@ xfs_buf_delwri_submit_buffers(
* reference and remove it from the list here.
*/
if (!(bp->b_flags & _XBF_DELWRI_Q)) {
- list_del_init(&bp->b_list);
+ xfs_buf_list_del(bp);
xfs_buf_relse(bp);
continue;
}
@@ -2201,7 +2237,7 @@ xfs_buf_delwri_submit_buffers(
list_move_tail(&bp->b_list, wait_list);
} else {
bp->b_flags |= XBF_ASYNC;
- list_del_init(&bp->b_list);
+ xfs_buf_list_del(bp);
}
__xfs_buf_submit(bp, false);
}
@@ -2255,7 +2291,7 @@ xfs_buf_delwri_submit(
while (!list_empty(&wait_list)) {
bp = list_first_entry(&wait_list, struct xfs_buf, b_list);
- list_del_init(&bp->b_list);
+ xfs_buf_list_del(bp);
/*
* Wait on the locked buffer, check for errors and unlock and
--- a/fs/xfs/xfs_buf.h
+++ b/fs/xfs/xfs_buf.h
@@ -318,6 +318,7 @@ extern void xfs_buf_stale(struct xfs_buf
/* Delayed Write Buffer Routines */
extern void xfs_buf_delwri_cancel(struct list_head *);
extern bool xfs_buf_delwri_queue(struct xfs_buf *, struct list_head *);
+void xfs_buf_delwri_queue_here(struct xfs_buf *bp, struct list_head *bl);
extern int xfs_buf_delwri_submit(struct list_head *);
extern int xfs_buf_delwri_submit_nowait(struct list_head *);
extern int xfs_buf_delwri_pushbuf(struct xfs_buf *, struct list_head *);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 268/396] xfs: add missing nrext64 inode flag check to scrub
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (266 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 267/396] xfs: force all buffers to be written during btree bulk load Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 269/396] xfs: initialise di_crc in xfs_log_dinode Greg Kroah-Hartman
` (139 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 576d30ecb620ae3bc156dfb2a4e91143e7f3256d upstream.
Add this missing check that the superblock nrext64 flag is set if the
inode flag is set.
Fixes: 9b7d16e34bbeb ("xfs: Introduce XFS_DIFLAG2_NREXT64 and associated helpers")
Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/scrub/inode.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/xfs/scrub/inode.c
+++ b/fs/xfs/scrub/inode.c
@@ -337,6 +337,10 @@ xchk_inode_flags2(
if (xfs_dinode_has_bigtime(dip) && !xfs_has_bigtime(mp))
goto bad;
+ /* no large extent counts without the filesystem feature */
+ if ((flags2 & XFS_DIFLAG2_NREXT64) && !xfs_has_large_extent_counts(mp))
+ goto bad;
+
return;
bad:
xchk_ino_set_corrupt(sc, ino);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 269/396] xfs: initialise di_crc in xfs_log_dinode
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (267 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 268/396] xfs: add missing nrext64 inode flag check to scrub Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 270/396] xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman
` (138 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Dave Chinner,
Darrick J. Wong, Chandan Babu R, Catherine Hoang,
Alexander Potapenko
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Chinner <dchinner@redhat.com>
commit 0573676fdde7ce3829ee6a42a8e5a56355234712 upstream.
Alexander Potapenko report that KMSAN was issuing these warnings:
kmalloc-ed xlog buffer of size 512 : ffff88802fc26200
kmalloc-ed xlog buffer of size 368 : ffff88802fc24a00
kmalloc-ed xlog buffer of size 648 : ffff88802b631000
kmalloc-ed xlog buffer of size 648 : ffff88802b632800
kmalloc-ed xlog buffer of size 648 : ffff88802b631c00
xlog_write_iovec: copying 12 bytes from ffff888017ddbbd8 to ffff88802c300400
xlog_write_iovec: copying 28 bytes from ffff888017ddbbe4 to ffff88802c30040c
xlog_write_iovec: copying 68 bytes from ffff88802fc26274 to ffff88802c300428
xlog_write_iovec: copying 188 bytes from ffff88802fc262bc to ffff88802c30046c
=====================================================
BUG: KMSAN: uninit-value in xlog_write_iovec fs/xfs/xfs_log.c:2227
BUG: KMSAN: uninit-value in xlog_write_full fs/xfs/xfs_log.c:2263
BUG: KMSAN: uninit-value in xlog_write+0x1fac/0x2600 fs/xfs/xfs_log.c:2532
xlog_write_iovec fs/xfs/xfs_log.c:2227
xlog_write_full fs/xfs/xfs_log.c:2263
xlog_write+0x1fac/0x2600 fs/xfs/xfs_log.c:2532
xlog_cil_write_chain fs/xfs/xfs_log_cil.c:918
xlog_cil_push_work+0x30f2/0x44e0 fs/xfs/xfs_log_cil.c:1263
process_one_work kernel/workqueue.c:2630
process_scheduled_works+0x1188/0x1e30 kernel/workqueue.c:2703
worker_thread+0xee5/0x14f0 kernel/workqueue.c:2784
kthread+0x391/0x500 kernel/kthread.c:388
ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
Uninit was created at:
slab_post_alloc_hook+0x101/0xac0 mm/slab.h:768
slab_alloc_node mm/slub.c:3482
__kmem_cache_alloc_node+0x612/0xae0 mm/slub.c:3521
__do_kmalloc_node mm/slab_common.c:1006
__kmalloc+0x11a/0x410 mm/slab_common.c:1020
kmalloc ./include/linux/slab.h:604
xlog_kvmalloc fs/xfs/xfs_log_priv.h:704
xlog_cil_alloc_shadow_bufs fs/xfs/xfs_log_cil.c:343
xlog_cil_commit+0x487/0x4dc0 fs/xfs/xfs_log_cil.c:1574
__xfs_trans_commit+0x8df/0x1930 fs/xfs/xfs_trans.c:1017
xfs_trans_commit+0x30/0x40 fs/xfs/xfs_trans.c:1061
xfs_create+0x15af/0x2150 fs/xfs/xfs_inode.c:1076
xfs_generic_create+0x4cd/0x1550 fs/xfs/xfs_iops.c:199
xfs_vn_create+0x4a/0x60 fs/xfs/xfs_iops.c:275
lookup_open fs/namei.c:3477
open_last_lookups fs/namei.c:3546
path_openat+0x29ac/0x6180 fs/namei.c:3776
do_filp_open+0x24d/0x680 fs/namei.c:3809
do_sys_openat2+0x1bc/0x330 fs/open.c:1440
do_sys_open fs/open.c:1455
__do_sys_openat fs/open.c:1471
__se_sys_openat fs/open.c:1466
__x64_sys_openat+0x253/0x330 fs/open.c:1466
do_syscall_x64 arch/x86/entry/common.c:51
do_syscall_64+0x4f/0x140 arch/x86/entry/common.c:82
entry_SYSCALL_64_after_hwframe+0x63/0x6b arch/x86/entry/entry_64.S:120
Bytes 112-115 of 188 are uninitialized
Memory access of size 188 starts at ffff88802fc262bc
This is caused by the struct xfs_log_dinode not having the di_crc
field initialised. Log recovery never uses this field (it is only
present these days for on-disk format compatibility reasons) and so
it's value is never checked so nothing in XFS has caught this.
Further, none of the uninitialised memory access warning tools have
caught this (despite catching other uninit memory accesses in the
struct xfs_log_dinode back in 2017!) until recently. Alexander
annotated the XFS code to get the dump of the actual bytes that were
detected as uninitialised, and from that report it took me about 30s
to realise what the issue was.
The issue was introduced back in 2016 and every inode that is logged
fails to initialise this field. This is no actual bad behaviour
caused by this issue - I find it hard to even classify it as a
bug...
Reported-and-tested-by: Alexander Potapenko <glider@google.com>
Fixes: f8d55aa0523a ("xfs: introduce inode log format object")
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_inode_item.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/xfs/xfs_inode_item.c
+++ b/fs/xfs/xfs_inode_item.c
@@ -556,6 +556,9 @@ xfs_inode_to_log_dinode(
memset(to->di_pad2, 0, sizeof(to->di_pad2));
uuid_copy(&to->di_uuid, &ip->i_mount->m_sb.sb_meta_uuid);
to->di_v3_pad = 0;
+
+ /* dummy value for initialisation */
+ to->di_crc = 0;
} else {
to->di_version = 2;
to->di_flushiter = ip->i_flushiter;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 270/396] xfs: short circuit xfs_growfs_data_private() if delta is zero
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (268 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 269/396] xfs: initialise di_crc in xfs_log_dinode Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 271/396] xfs: add lock protection when remove perag from radix tree Greg Kroah-Hartman
` (137 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Eric Sandeen,
Darrick J. Wong, Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Sandeen <sandeen@redhat.com>
commit 84712492e6dab803bf595fb8494d11098b74a652 upstream.
Although xfs_growfs_data() doesn't call xfs_growfs_data_private()
if in->newblocks == mp->m_sb.sb_dblocks, xfs_growfs_data_private()
further massages the new block count so that we don't i.e. try
to create a too-small new AG.
This may lead to a delta of "0" in xfs_growfs_data_private(), so
we end up in the shrink case and emit the EXPERIMENTAL warning
even if we're not changing anything at all.
Fix this by returning straightaway if the block delta is zero.
(nb: in older kernels, the result of entering the shrink case
with delta == 0 may actually let an -ENOSPC escape to userspace,
which is confusing for users.)
Fixes: fb2fc1720185 ("xfs: support shrinking unused space in the last AG")
Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/xfs_fsops.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -134,6 +134,10 @@ xfs_growfs_data_private(
if (delta < 0 && nagcount < 2)
return -EINVAL;
+ /* No work to do */
+ if (delta == 0)
+ return 0;
+
oagcount = mp->m_sb.sb_agcount;
/* allocate the new per-ag structures */
if (nagcount > oagcount) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 271/396] xfs: add lock protection when remove perag from radix tree
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (269 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 270/396] xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 272/396] xfs: fix perag leak when growfs fails Greg Kroah-Hartman
` (136 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Long Li,
Christoph Hellwig, Darrick J. Wong, Chandan Babu R,
Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <leo.lilong@huawei.com>
commit 07afd3173d0c6d24a47441839a835955ec6cf0d4 upstream.
Take mp->m_perag_lock for deletions from the perag radix tree in
xfs_initialize_perag to prevent racing with tagging operations.
Lookups are fine - they are RCU protected so already deal with the
tree changing shape underneath the lookup - but tagging operations
require the tree to be stable while the tags are propagated back up
to the root.
Right now there's nothing stopping radix tree tagging from operating
while a growfs operation is progress and adding/removing new entries
into the radix tree.
Hence we can have traversals that require a stable tree occurring at
the same time we are removing unused entries from the radix tree which
causes the shape of the tree to change.
Likely this hasn't caused a problem in the past because we are only
doing append addition and removal so the active AG part of the tree
is not changing shape, but that doesn't mean it is safe. Just making
the radix tree modifications serialise against each other is obviously
correct.
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_ag.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/fs/xfs/libxfs/xfs_ag.c
+++ b/fs/xfs/libxfs/xfs_ag.c
@@ -424,13 +424,17 @@ xfs_initialize_perag(
out_remove_pag:
xfs_defer_drain_free(&pag->pag_intents_drain);
+ spin_lock(&mp->m_perag_lock);
radix_tree_delete(&mp->m_perag_tree, index);
+ spin_unlock(&mp->m_perag_lock);
out_free_pag:
kmem_free(pag);
out_unwind_new_pags:
/* unwind any prior newly initialized pags */
for (index = first_initialised; index < agcount; index++) {
+ spin_lock(&mp->m_perag_lock);
pag = radix_tree_delete(&mp->m_perag_tree, index);
+ spin_unlock(&mp->m_perag_lock);
if (!pag)
break;
xfs_buf_hash_destroy(pag);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 272/396] xfs: fix perag leak when growfs fails
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (270 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 271/396] xfs: add lock protection when remove perag from radix tree Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 273/396] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Greg Kroah-Hartman
` (135 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Long Li, Darrick J. Wong,
Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Long Li <leo.lilong@huawei.com>
commit 7823921887750b39d02e6b44faafdd1cc617c651 upstream.
During growfs, if new ag in memory has been initialized, however
sb_agcount has not been updated, if an error occurs at this time it
will cause perag leaks as follows, these new AGs will not been freed
during umount , because of these new AGs are not visible(that is
included in mp->m_sb.sb_agcount).
unreferenced object 0xffff88810be40200 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
00 c0 c1 05 81 88 ff ff 04 00 00 00 00 00 00 00 ................
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace (crc 381741e2):
[<ffffffff8191aef6>] __kmalloc+0x386/0x4f0
[<ffffffff82553e65>] kmem_alloc+0xb5/0x2f0
[<ffffffff8238dac5>] xfs_initialize_perag+0xc5/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
unreferenced object 0xffff88810be40800 (size 512):
comm "xfs_growfs", pid 857, jiffies 4294909093
hex dump (first 32 bytes):
20 00 00 00 00 00 00 00 57 ef be dc 00 00 00 00 .......W.......
10 08 e4 0b 81 88 ff ff 10 08 e4 0b 81 88 ff ff ................
backtrace (crc bde50e2d):
[<ffffffff8191b43a>] __kmalloc_node+0x3da/0x540
[<ffffffff81814489>] kvmalloc_node+0x99/0x160
[<ffffffff8286acff>] bucket_table_alloc.isra.0+0x5f/0x400
[<ffffffff8286bdc5>] rhashtable_init+0x405/0x760
[<ffffffff8238dda3>] xfs_initialize_perag+0x3a3/0x810
[<ffffffff824f679c>] xfs_growfs_data+0x9bc/0xbc0
[<ffffffff8250b90e>] xfs_file_ioctl+0x5fe/0x14d0
[<ffffffff81aa5194>] __x64_sys_ioctl+0x144/0x1c0
[<ffffffff83c3d81f>] do_syscall_64+0x3f/0xe0
[<ffffffff83e00087>] entry_SYSCALL_64_after_hwframe+0x62/0x6a
Factor out xfs_free_unused_perag_range() from xfs_initialize_perag(),
used for freeing unused perag within a specified range in error handling,
included in the error path of the growfs failure.
Fixes: 1c1c6ebcf528 ("xfs: Replace per-ag array with a radix tree")
Signed-off-by: Long Li <leo.lilong@huawei.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_ag.c | 36 ++++++++++++++++++++++++++----------
fs/xfs/libxfs/xfs_ag.h | 2 ++
fs/xfs/xfs_fsops.c | 5 ++++-
3 files changed, 32 insertions(+), 11 deletions(-)
--- a/fs/xfs/libxfs/xfs_ag.c
+++ b/fs/xfs/libxfs/xfs_ag.c
@@ -332,6 +332,31 @@ xfs_agino_range(
return __xfs_agino_range(mp, xfs_ag_block_count(mp, agno), first, last);
}
+/*
+ * Free perag within the specified AG range, it is only used to free unused
+ * perags under the error handling path.
+ */
+void
+xfs_free_unused_perag_range(
+ struct xfs_mount *mp,
+ xfs_agnumber_t agstart,
+ xfs_agnumber_t agend)
+{
+ struct xfs_perag *pag;
+ xfs_agnumber_t index;
+
+ for (index = agstart; index < agend; index++) {
+ spin_lock(&mp->m_perag_lock);
+ pag = radix_tree_delete(&mp->m_perag_tree, index);
+ spin_unlock(&mp->m_perag_lock);
+ if (!pag)
+ break;
+ xfs_buf_hash_destroy(pag);
+ xfs_defer_drain_free(&pag->pag_intents_drain);
+ kmem_free(pag);
+ }
+}
+
int
xfs_initialize_perag(
struct xfs_mount *mp,
@@ -431,16 +456,7 @@ out_free_pag:
kmem_free(pag);
out_unwind_new_pags:
/* unwind any prior newly initialized pags */
- for (index = first_initialised; index < agcount; index++) {
- spin_lock(&mp->m_perag_lock);
- pag = radix_tree_delete(&mp->m_perag_tree, index);
- spin_unlock(&mp->m_perag_lock);
- if (!pag)
- break;
- xfs_buf_hash_destroy(pag);
- xfs_defer_drain_free(&pag->pag_intents_drain);
- kmem_free(pag);
- }
+ xfs_free_unused_perag_range(mp, first_initialised, agcount);
return error;
}
--- a/fs/xfs/libxfs/xfs_ag.h
+++ b/fs/xfs/libxfs/xfs_ag.h
@@ -133,6 +133,8 @@ __XFS_AG_OPSTATE(prefers_metadata, PREFE
__XFS_AG_OPSTATE(allows_inodes, ALLOWS_INODES)
__XFS_AG_OPSTATE(agfl_needs_reset, AGFL_NEEDS_RESET)
+void xfs_free_unused_perag_range(struct xfs_mount *mp, xfs_agnumber_t agstart,
+ xfs_agnumber_t agend);
int xfs_initialize_perag(struct xfs_mount *mp, xfs_agnumber_t agcount,
xfs_rfsblock_t dcount, xfs_agnumber_t *maxagi);
int xfs_initialize_perag_data(struct xfs_mount *mp, xfs_agnumber_t agno);
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -157,7 +157,7 @@ xfs_growfs_data_private(
error = xfs_trans_alloc(mp, &M_RES(mp)->tr_growdata, -delta, 0,
0, &tp);
if (error)
- return error;
+ goto out_free_unused_perag;
last_pag = xfs_perag_get(mp, oagcount - 1);
if (delta > 0) {
@@ -231,6 +231,9 @@ xfs_growfs_data_private(
out_trans_cancel:
xfs_trans_cancel(tp);
+out_free_unused_perag:
+ if (nagcount > oagcount)
+ xfs_free_unused_perag_range(mp, oagcount, nagcount);
return error;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 273/396] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (271 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 272/396] xfs: fix perag leak when growfs fails Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 274/396] xfs: update dir3 leaf block metadata after swap Greg Kroah-Hartman
` (134 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Jiachen Zhang,
Christoph Hellwig, Darrick J. Wong, Chandan Babu R,
Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
commit e6af9c98cbf0164a619d95572136bfb54d482dd6 upstream.
In the case of returning -ENOSPC, ensure logflagsp is initialized by 0.
Otherwise the caller __xfs_bunmapi will set uninitialized illegal
tmp_logflags value into xfs log, which might cause unpredictable error
in the log recovery procedure.
Also, remove the flags variable and set the *logflagsp directly, so that
the code should be more robust in the long run.
Fixes: 1b24b633aafe ("xfs: move some more code into xfs_bmap_del_extent_real")
Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_bmap.c | 73 +++++++++++++++++++----------------------------
1 file changed, 31 insertions(+), 42 deletions(-)
--- a/fs/xfs/libxfs/xfs_bmap.c
+++ b/fs/xfs/libxfs/xfs_bmap.c
@@ -5014,7 +5014,6 @@ xfs_bmap_del_extent_real(
xfs_fileoff_t del_endoff; /* first offset past del */
int do_fx; /* free extent at end of routine */
int error; /* error return value */
- int flags = 0;/* inode logging flags */
struct xfs_bmbt_irec got; /* current extent entry */
xfs_fileoff_t got_endoff; /* first offset past got */
int i; /* temp state */
@@ -5027,6 +5026,8 @@ xfs_bmap_del_extent_real(
uint32_t state = xfs_bmap_fork_to_state(whichfork);
struct xfs_bmbt_irec old;
+ *logflagsp = 0;
+
mp = ip->i_mount;
XFS_STATS_INC(mp, xs_del_exlist);
@@ -5039,7 +5040,6 @@ xfs_bmap_del_extent_real(
ASSERT(got_endoff >= del_endoff);
ASSERT(!isnullstartblock(got.br_startblock));
qfield = 0;
- error = 0;
/*
* If it's the case where the directory code is running with no block
@@ -5055,13 +5055,13 @@ xfs_bmap_del_extent_real(
del->br_startoff > got.br_startoff && del_endoff < got_endoff)
return -ENOSPC;
- flags = XFS_ILOG_CORE;
+ *logflagsp = XFS_ILOG_CORE;
if (whichfork == XFS_DATA_FORK && XFS_IS_REALTIME_INODE(ip)) {
if (!(bflags & XFS_BMAPI_REMAP)) {
error = xfs_rtfree_blocks(tp, del->br_startblock,
del->br_blockcount);
if (error)
- goto done;
+ return error;
}
do_fx = 0;
@@ -5076,11 +5076,9 @@ xfs_bmap_del_extent_real(
if (cur) {
error = xfs_bmbt_lookup_eq(cur, &got, &i);
if (error)
- goto done;
- if (XFS_IS_CORRUPT(mp, i != 1)) {
- error = -EFSCORRUPTED;
- goto done;
- }
+ return error;
+ if (XFS_IS_CORRUPT(mp, i != 1))
+ return -EFSCORRUPTED;
}
if (got.br_startoff == del->br_startoff)
@@ -5097,17 +5095,15 @@ xfs_bmap_del_extent_real(
xfs_iext_prev(ifp, icur);
ifp->if_nextents--;
- flags |= XFS_ILOG_CORE;
+ *logflagsp |= XFS_ILOG_CORE;
if (!cur) {
- flags |= xfs_ilog_fext(whichfork);
+ *logflagsp |= xfs_ilog_fext(whichfork);
break;
}
if ((error = xfs_btree_delete(cur, &i)))
- goto done;
- if (XFS_IS_CORRUPT(mp, i != 1)) {
- error = -EFSCORRUPTED;
- goto done;
- }
+ return error;
+ if (XFS_IS_CORRUPT(mp, i != 1))
+ return -EFSCORRUPTED;
break;
case BMAP_LEFT_FILLING:
/*
@@ -5118,12 +5114,12 @@ xfs_bmap_del_extent_real(
got.br_blockcount -= del->br_blockcount;
xfs_iext_update_extent(ip, state, icur, &got);
if (!cur) {
- flags |= xfs_ilog_fext(whichfork);
+ *logflagsp |= xfs_ilog_fext(whichfork);
break;
}
error = xfs_bmbt_update(cur, &got);
if (error)
- goto done;
+ return error;
break;
case BMAP_RIGHT_FILLING:
/*
@@ -5132,12 +5128,12 @@ xfs_bmap_del_extent_real(
got.br_blockcount -= del->br_blockcount;
xfs_iext_update_extent(ip, state, icur, &got);
if (!cur) {
- flags |= xfs_ilog_fext(whichfork);
+ *logflagsp |= xfs_ilog_fext(whichfork);
break;
}
error = xfs_bmbt_update(cur, &got);
if (error)
- goto done;
+ return error;
break;
case 0:
/*
@@ -5154,18 +5150,18 @@ xfs_bmap_del_extent_real(
new.br_state = got.br_state;
new.br_startblock = del_endblock;
- flags |= XFS_ILOG_CORE;
+ *logflagsp |= XFS_ILOG_CORE;
if (cur) {
error = xfs_bmbt_update(cur, &got);
if (error)
- goto done;
+ return error;
error = xfs_btree_increment(cur, 0, &i);
if (error)
- goto done;
+ return error;
cur->bc_rec.b = new;
error = xfs_btree_insert(cur, &i);
if (error && error != -ENOSPC)
- goto done;
+ return error;
/*
* If get no-space back from btree insert, it tried a
* split, and we have a zero block reservation. Fix up
@@ -5178,33 +5174,28 @@ xfs_bmap_del_extent_real(
*/
error = xfs_bmbt_lookup_eq(cur, &got, &i);
if (error)
- goto done;
- if (XFS_IS_CORRUPT(mp, i != 1)) {
- error = -EFSCORRUPTED;
- goto done;
- }
+ return error;
+ if (XFS_IS_CORRUPT(mp, i != 1))
+ return -EFSCORRUPTED;
/*
* Update the btree record back
* to the original value.
*/
error = xfs_bmbt_update(cur, &old);
if (error)
- goto done;
+ return error;
/*
* Reset the extent record back
* to the original value.
*/
xfs_iext_update_extent(ip, state, icur, &old);
- flags = 0;
- error = -ENOSPC;
- goto done;
- }
- if (XFS_IS_CORRUPT(mp, i != 1)) {
- error = -EFSCORRUPTED;
- goto done;
+ *logflagsp = 0;
+ return -ENOSPC;
}
+ if (XFS_IS_CORRUPT(mp, i != 1))
+ return -EFSCORRUPTED;
} else
- flags |= xfs_ilog_fext(whichfork);
+ *logflagsp |= xfs_ilog_fext(whichfork);
ifp->if_nextents++;
xfs_iext_next(ifp, icur);
@@ -5228,7 +5219,7 @@ xfs_bmap_del_extent_real(
((bflags & XFS_BMAPI_NODISCARD) ||
del->br_state == XFS_EXT_UNWRITTEN));
if (error)
- goto done;
+ return error;
}
}
@@ -5243,9 +5234,7 @@ xfs_bmap_del_extent_real(
if (qfield && !(bflags & XFS_BMAPI_REMAP))
xfs_trans_mod_dquot_byino(tp, ip, qfield, (long)-nblks);
-done:
- *logflagsp = flags;
- return error;
+ return 0;
}
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 274/396] xfs: update dir3 leaf block metadata after swap
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (272 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 273/396] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 275/396] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Greg Kroah-Hartman
` (133 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Zhang Tianci,
Dave Chinner, Darrick J. Wong, Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhang Tianci <zhangtianci.1997@bytedance.com>
commit 5759aa4f956034b289b0ae2c99daddfc775442e1 upstream.
xfs_da3_swap_lastblock() copy the last block content to the dead block,
but do not update the metadata in it. We need update some metadata
for some kinds of type block, such as dir3 leafn block records its
blkno, we shall update it to the dead block blkno. Otherwise,
before write the xfs_buf to disk, the verify_write() will fail in
blk_hdr->blkno != xfs_buf->b_bn, then xfs will be shutdown.
We will get this warning:
XFS (dm-0): Metadata corruption detected at xfs_dir3_leaf_verify+0xa8/0xe0 [xfs], xfs_dir3_leafn block 0x178
XFS (dm-0): Unmount and run xfs_repair
XFS (dm-0): First 128 bytes of corrupted metadata buffer:
00000000e80f1917: 00 80 00 0b 00 80 00 07 3d ff 00 00 00 00 00 00 ........=.......
000000009604c005: 00 00 00 00 00 00 01 a0 00 00 00 00 00 00 00 00 ................
000000006b6fb2bf: e4 44 e3 97 b5 64 44 41 8b 84 60 0e 50 43 d9 bf .D...dDA..`.PC..
00000000678978a2: 00 00 00 00 00 00 00 83 01 73 00 93 00 00 00 00 .........s......
00000000b28b247c: 99 29 1d 38 00 00 00 00 99 29 1d 40 00 00 00 00 .).8.....).@....
000000002b2a662c: 99 29 1d 48 00 00 00 00 99 49 11 00 00 00 00 00 .).H.....I......
00000000ea2ffbb8: 99 49 11 08 00 00 45 25 99 49 11 10 00 00 48 fe .I....E%.I....H.
0000000069e86440: 99 49 11 18 00 00 4c 6b 99 49 11 20 00 00 4d 97 .I....Lk.I. ..M.
XFS (dm-0): xfs_do_force_shutdown(0x8) called from line 1423 of file fs/xfs/xfs_buf.c. Return address = 00000000c0ff63c1
XFS (dm-0): Corruption of in-memory data detected. Shutting down filesystem
XFS (dm-0): Please umount the filesystem and rectify the problem(s)
>>From the log above, we know xfs_buf->b_no is 0x178, but the block's hdr record
its blkno is 0x1a0.
Fixes: 24df33b45ecf ("xfs: add CRC checking to dir2 leaf blocks")
Signed-off-by: Zhang Tianci <zhangtianci.1997@bytedance.com>
Suggested-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: "Darrick J. Wong" <djwong@kernel.org>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_da_btree.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -2316,10 +2316,17 @@ xfs_da3_swap_lastblock(
return error;
/*
* Copy the last block into the dead buffer and log it.
+ * On CRC-enabled file systems, also update the stamped in blkno.
*/
memcpy(dead_buf->b_addr, last_buf->b_addr, args->geo->blksize);
+ if (xfs_has_crc(mp)) {
+ struct xfs_da3_blkinfo *da3 = dead_buf->b_addr;
+
+ da3->blkno = cpu_to_be64(xfs_buf_daddr(dead_buf));
+ }
xfs_trans_log_buf(tp, dead_buf, 0, args->geo->blksize - 1);
dead_info = dead_buf->b_addr;
+
/*
* Get values from the moved block.
*/
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 275/396] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (273 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 274/396] xfs: update dir3 leaf block metadata after swap Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 276/396] xfs: remove conditional building of rt geometry validator functions Greg Kroah-Hartman
` (132 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Andrey Albershteyn,
Christoph Hellwig, Chandan Babu R, Catherine Hoang,
Darrick J. Wong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrey Albershteyn <aalbersh@redhat.com>
commit 82ef1a5356572219f41f9123ca047259a77bd67b upstream.
In XFS_DAS_NODE_REMOVE_ATTR case, xfs_attr_mode_remove_attr() sets
filter to XFS_ATTR_INCOMPLETE. The filter is then reset in
xfs_attr_complete_op() if XFS_DA_OP_REPLACE operation is performed.
The filter is not reset though if XFS just removes the attribute
(args->value == NULL) with xfs_attr_defer_remove(). attr code goes
to XFS_DAS_DONE state.
Fix this by always resetting XFS_ATTR_INCOMPLETE filter. The replace
operation already resets this filter in anyway and others are
completed at this step hence don't need it.
Fixes: fdaf1bb3cafc ("xfs: ATTR_REPLACE algorithm with LARP enabled needs rework")
Signed-off-by: Andrey Albershteyn <aalbersh@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_attr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/fs/xfs/libxfs/xfs_attr.c
+++ b/fs/xfs/libxfs/xfs_attr.c
@@ -421,10 +421,10 @@ xfs_attr_complete_op(
bool do_replace = args->op_flags & XFS_DA_OP_REPLACE;
args->op_flags &= ~XFS_DA_OP_REPLACE;
- if (do_replace) {
- args->attr_filter &= ~XFS_ATTR_INCOMPLETE;
+ args->attr_filter &= ~XFS_ATTR_INCOMPLETE;
+ if (do_replace)
return replace_state;
- }
+
return XFS_DAS_DONE;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 276/396] xfs: remove conditional building of rt geometry validator functions
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (274 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 275/396] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 277/396] btrfs: fix deadlock with fiemap and extent locking Greg Kroah-Hartman
` (131 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-xfs, Darrick J. Wong,
Christoph Hellwig, Chandan Babu R, Catherine Hoang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Darrick J. Wong" <djwong@kernel.org>
commit 881f78f472556ed05588172d5b5676b48dc48240 upstream.
[backport: resolve merge conflicts due to refactoring rtbitmap/summary
macros and accessors]
I mistakenly turned off CONFIG_XFS_RT in the Kconfig file for arm64
variant of the djwong-wtf git branch. Unfortunately, it took me a good
hour to figure out that RT wasn't built because this is what got printed
to dmesg:
XFS (sda2): realtime geometry sanity check failed
XFS (sda2): Metadata corruption detected at xfs_sb_read_verify+0x170/0x190 [xfs], xfs_sb block 0x0
Whereas I would have expected:
XFS (sda2): Not built with CONFIG_XFS_RT
XFS (sda2): RT mount failed
The root cause of these problems is the conditional compilation of the
new functions xfs_validate_rtextents and xfs_compute_rextslog that I
introduced in the two commits listed below. The !RT versions of these
functions return false and 0, respectively, which causes primary
superblock validation to fail, which explains the first message.
Move the two functions to other parts of libxfs that are not
conditionally defined by CONFIG_XFS_RT and remove the broken stubs so
that validation works again.
Fixes: e14293803f4e ("xfs: don't allow overly small or large realtime volumes")
Fixes: a6a38f309afc ("xfs: make rextslog computation consistent with mkfs")
Signed-off-by: "Darrick J. Wong" <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Chandan Babu R <chandanbabu@kernel.org>
Signed-off-by: Catherine Hoang <catherine.hoang@oracle.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/xfs/libxfs/xfs_rtbitmap.c | 14 --------------
fs/xfs/libxfs/xfs_rtbitmap.h | 16 ----------------
fs/xfs/libxfs/xfs_sb.c | 14 ++++++++++++++
fs/xfs/libxfs/xfs_sb.h | 2 ++
fs/xfs/libxfs/xfs_types.h | 12 ++++++++++++
fs/xfs/scrub/rtbitmap.c | 1 +
fs/xfs/scrub/rtsummary.c | 1 +
7 files changed, 30 insertions(+), 30 deletions(-)
--- a/fs/xfs/libxfs/xfs_rtbitmap.c
+++ b/fs/xfs/libxfs/xfs_rtbitmap.c
@@ -1131,17 +1131,3 @@ xfs_rtalloc_extent_is_free(
return 0;
}
-/*
- * Compute the maximum level number of the realtime summary file, as defined by
- * mkfs. The historic use of highbit32 on a 64-bit quantity prohibited correct
- * use of rt volumes with more than 2^32 extents.
- */
-uint8_t
-xfs_compute_rextslog(
- xfs_rtbxlen_t rtextents)
-{
- if (!rtextents)
- return 0;
- return xfs_highbit64(rtextents);
-}
-
--- a/fs/xfs/libxfs/xfs_rtbitmap.h
+++ b/fs/xfs/libxfs/xfs_rtbitmap.h
@@ -71,20 +71,6 @@ xfs_rtfree_extent(
int xfs_rtfree_blocks(struct xfs_trans *tp, xfs_fsblock_t rtbno,
xfs_filblks_t rtlen);
-uint8_t xfs_compute_rextslog(xfs_rtbxlen_t rtextents);
-
-/* Do we support an rt volume having this number of rtextents? */
-static inline bool
-xfs_validate_rtextents(
- xfs_rtbxlen_t rtextents)
-{
- /* No runt rt volumes */
- if (rtextents == 0)
- return false;
-
- return true;
-}
-
#else /* CONFIG_XFS_RT */
# define xfs_rtfree_extent(t,b,l) (-ENOSYS)
# define xfs_rtfree_blocks(t,rb,rl) (-ENOSYS)
@@ -92,8 +78,6 @@ xfs_validate_rtextents(
# define xfs_rtalloc_query_all(m,t,f,p) (-ENOSYS)
# define xfs_rtbuf_get(m,t,b,i,p) (-ENOSYS)
# define xfs_rtalloc_extent_is_free(m,t,s,l,i) (-ENOSYS)
-# define xfs_compute_rextslog(rtx) (0)
-# define xfs_validate_rtextents(rtx) (false)
#endif /* CONFIG_XFS_RT */
#endif /* __XFS_RTBITMAP_H__ */
--- a/fs/xfs/libxfs/xfs_sb.c
+++ b/fs/xfs/libxfs/xfs_sb.c
@@ -1375,3 +1375,17 @@ xfs_validate_stripe_geometry(
}
return true;
}
+
+/*
+ * Compute the maximum level number of the realtime summary file, as defined by
+ * mkfs. The historic use of highbit32 on a 64-bit quantity prohibited correct
+ * use of rt volumes with more than 2^32 extents.
+ */
+uint8_t
+xfs_compute_rextslog(
+ xfs_rtbxlen_t rtextents)
+{
+ if (!rtextents)
+ return 0;
+ return xfs_highbit64(rtextents);
+}
--- a/fs/xfs/libxfs/xfs_sb.h
+++ b/fs/xfs/libxfs/xfs_sb.h
@@ -38,4 +38,6 @@ extern int xfs_sb_get_secondary(struct x
extern bool xfs_validate_stripe_geometry(struct xfs_mount *mp,
__s64 sunit, __s64 swidth, int sectorsize, bool silent);
+uint8_t xfs_compute_rextslog(xfs_rtbxlen_t rtextents);
+
#endif /* __XFS_SB_H__ */
--- a/fs/xfs/libxfs/xfs_types.h
+++ b/fs/xfs/libxfs/xfs_types.h
@@ -240,4 +240,16 @@ bool xfs_verify_fileoff(struct xfs_mount
bool xfs_verify_fileext(struct xfs_mount *mp, xfs_fileoff_t off,
xfs_fileoff_t len);
+/* Do we support an rt volume having this number of rtextents? */
+static inline bool
+xfs_validate_rtextents(
+ xfs_rtbxlen_t rtextents)
+{
+ /* No runt rt volumes */
+ if (rtextents == 0)
+ return false;
+
+ return true;
+}
+
#endif /* __XFS_TYPES_H__ */
--- a/fs/xfs/scrub/rtbitmap.c
+++ b/fs/xfs/scrub/rtbitmap.c
@@ -14,6 +14,7 @@
#include "xfs_rtbitmap.h"
#include "xfs_inode.h"
#include "xfs_bmap.h"
+#include "xfs_sb.h"
#include "scrub/scrub.h"
#include "scrub/common.h"
--- a/fs/xfs/scrub/rtsummary.c
+++ b/fs/xfs/scrub/rtsummary.c
@@ -16,6 +16,7 @@
#include "xfs_rtbitmap.h"
#include "xfs_bit.h"
#include "xfs_bmap.h"
+#include "xfs_sb.h"
#include "scrub/scrub.h"
#include "scrub/common.h"
#include "scrub/trace.h"
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 277/396] btrfs: fix deadlock with fiemap and extent locking
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (275 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 276/396] xfs: remove conditional building of rt geometry validator functions Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 278/396] vfio: Introduce interface to flush virqfd inject workqueue Greg Kroah-Hartman
` (130 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, Josef Bacik,
David Sterba
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit b0ad381fa7690244802aed119b478b4bdafc31dd upstream.
While working on the patchset to remove extent locking I got a lockdep
splat with fiemap and pagefaulting with my new extent lock replacement
lock.
This deadlock exists with our normal code, we just don't have lockdep
annotations with the extent locking so we've never noticed it.
Since we're copying the fiemap extent to user space on every iteration
we have the chance of pagefaulting. Because we hold the extent lock for
the entire range we could mkwrite into a range in the file that we have
mmap'ed. This would deadlock with the following stack trace
[<0>] lock_extent+0x28d/0x2f0
[<0>] btrfs_page_mkwrite+0x273/0x8a0
[<0>] do_page_mkwrite+0x50/0xb0
[<0>] do_fault+0xc1/0x7b0
[<0>] __handle_mm_fault+0x2fa/0x460
[<0>] handle_mm_fault+0xa4/0x330
[<0>] do_user_addr_fault+0x1f4/0x800
[<0>] exc_page_fault+0x7c/0x1e0
[<0>] asm_exc_page_fault+0x26/0x30
[<0>] rep_movs_alternative+0x33/0x70
[<0>] _copy_to_user+0x49/0x70
[<0>] fiemap_fill_next_extent+0xc8/0x120
[<0>] emit_fiemap_extent+0x4d/0xa0
[<0>] extent_fiemap+0x7f8/0xad0
[<0>] btrfs_fiemap+0x49/0x80
[<0>] __x64_sys_ioctl+0x3e1/0xb50
[<0>] do_syscall_64+0x94/0x1a0
[<0>] entry_SYSCALL_64_after_hwframe+0x6e/0x76
I wrote an fstest to reproduce this deadlock without my replacement lock
and verified that the deadlock exists with our existing locking.
To fix this simply don't take the extent lock for the entire duration of
the fiemap. This is safe in general because we keep track of where we
are when we're searching the tree, so if an ordered extent updates in
the middle of our fiemap call we'll still emit the correct extents
because we know what offset we were on before.
The only place we maintain the lock is searching delalloc. Since the
delalloc stuff can change during writeback we want to lock the extent
range so we have a consistent view of delalloc at the time we're
checking to see if we need to set the delalloc flag.
With this patch applied we no longer deadlock with my testcase.
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 62 +++++++++++++++++++++++++++++++++++++--------------
1 file changed, 45 insertions(+), 17 deletions(-)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -2735,16 +2735,34 @@ static int fiemap_process_hole(struct bt
* it beyond i_size.
*/
while (cur_offset < end && cur_offset < i_size) {
+ struct extent_state *cached_state = NULL;
u64 delalloc_start;
u64 delalloc_end;
u64 prealloc_start;
+ u64 lockstart;
+ u64 lockend;
u64 prealloc_len = 0;
bool delalloc;
+ lockstart = round_down(cur_offset, inode->root->fs_info->sectorsize);
+ lockend = round_up(end, inode->root->fs_info->sectorsize);
+
+ /*
+ * We are only locking for the delalloc range because that's the
+ * only thing that can change here. With fiemap we have a lock
+ * on the inode, so no buffered or direct writes can happen.
+ *
+ * However mmaps and normal page writeback will cause this to
+ * change arbitrarily. We have to lock the extent lock here to
+ * make sure that nobody messes with the tree while we're doing
+ * btrfs_find_delalloc_in_range.
+ */
+ lock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
delalloc = btrfs_find_delalloc_in_range(inode, cur_offset, end,
delalloc_cached_state,
&delalloc_start,
&delalloc_end);
+ unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
if (!delalloc)
break;
@@ -2912,15 +2930,15 @@ int extent_fiemap(struct btrfs_inode *in
u64 start, u64 len)
{
const u64 ino = btrfs_ino(inode);
- struct extent_state *cached_state = NULL;
struct extent_state *delalloc_cached_state = NULL;
struct btrfs_path *path;
struct fiemap_cache cache = { 0 };
struct btrfs_backref_share_check_ctx *backref_ctx;
u64 last_extent_end;
u64 prev_extent_end;
- u64 lockstart;
- u64 lockend;
+ u64 range_start;
+ u64 range_end;
+ const u64 sectorsize = inode->root->fs_info->sectorsize;
bool stopped = false;
int ret;
@@ -2931,12 +2949,11 @@ int extent_fiemap(struct btrfs_inode *in
goto out;
}
- lockstart = round_down(start, inode->root->fs_info->sectorsize);
- lockend = round_up(start + len, inode->root->fs_info->sectorsize);
- prev_extent_end = lockstart;
+ range_start = round_down(start, sectorsize);
+ range_end = round_up(start + len, sectorsize);
+ prev_extent_end = range_start;
btrfs_inode_lock(inode, BTRFS_ILOCK_SHARED);
- lock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
ret = fiemap_find_last_extent_offset(inode, path, &last_extent_end);
if (ret < 0)
@@ -2944,7 +2961,7 @@ int extent_fiemap(struct btrfs_inode *in
btrfs_release_path(path);
path->reada = READA_FORWARD;
- ret = fiemap_search_slot(inode, path, lockstart);
+ ret = fiemap_search_slot(inode, path, range_start);
if (ret < 0) {
goto out_unlock;
} else if (ret > 0) {
@@ -2956,7 +2973,7 @@ int extent_fiemap(struct btrfs_inode *in
goto check_eof_delalloc;
}
- while (prev_extent_end < lockend) {
+ while (prev_extent_end < range_end) {
struct extent_buffer *leaf = path->nodes[0];
struct btrfs_file_extent_item *ei;
struct btrfs_key key;
@@ -2979,19 +2996,19 @@ int extent_fiemap(struct btrfs_inode *in
* The first iteration can leave us at an extent item that ends
* before our range's start. Move to the next item.
*/
- if (extent_end <= lockstart)
+ if (extent_end <= range_start)
goto next_item;
backref_ctx->curr_leaf_bytenr = leaf->start;
/* We have in implicit hole (NO_HOLES feature enabled). */
if (prev_extent_end < key.offset) {
- const u64 range_end = min(key.offset, lockend) - 1;
+ const u64 hole_end = min(key.offset, range_end) - 1;
ret = fiemap_process_hole(inode, fieinfo, &cache,
&delalloc_cached_state,
backref_ctx, 0, 0, 0,
- prev_extent_end, range_end);
+ prev_extent_end, hole_end);
if (ret < 0) {
goto out_unlock;
} else if (ret > 0) {
@@ -3001,7 +3018,7 @@ int extent_fiemap(struct btrfs_inode *in
}
/* We've reached the end of the fiemap range, stop. */
- if (key.offset >= lockend) {
+ if (key.offset >= range_end) {
stopped = true;
break;
}
@@ -3095,29 +3112,41 @@ check_eof_delalloc:
btrfs_free_path(path);
path = NULL;
- if (!stopped && prev_extent_end < lockend) {
+ if (!stopped && prev_extent_end < range_end) {
ret = fiemap_process_hole(inode, fieinfo, &cache,
&delalloc_cached_state, backref_ctx,
- 0, 0, 0, prev_extent_end, lockend - 1);
+ 0, 0, 0, prev_extent_end, range_end - 1);
if (ret < 0)
goto out_unlock;
- prev_extent_end = lockend;
+ prev_extent_end = range_end;
}
if (cache.cached && cache.offset + cache.len >= last_extent_end) {
const u64 i_size = i_size_read(&inode->vfs_inode);
if (prev_extent_end < i_size) {
+ struct extent_state *cached_state = NULL;
u64 delalloc_start;
u64 delalloc_end;
+ u64 lockstart;
+ u64 lockend;
bool delalloc;
+ lockstart = round_down(prev_extent_end, sectorsize);
+ lockend = round_up(i_size, sectorsize);
+
+ /*
+ * See the comment in fiemap_process_hole as to why
+ * we're doing the locking here.
+ */
+ lock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
delalloc = btrfs_find_delalloc_in_range(inode,
prev_extent_end,
i_size - 1,
&delalloc_cached_state,
&delalloc_start,
&delalloc_end);
+ unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
if (!delalloc)
cache.flags |= FIEMAP_EXTENT_LAST;
} else {
@@ -3128,7 +3157,6 @@ check_eof_delalloc:
ret = emit_last_fiemap_cache(fieinfo, &cache);
out_unlock:
- unlock_extent(&inode->io_tree, lockstart, lockend, &cached_state);
btrfs_inode_unlock(inode, BTRFS_ILOCK_SHARED);
out:
free_extent_state(delalloc_cached_state);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 278/396] vfio: Introduce interface to flush virqfd inject workqueue
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (276 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 277/396] btrfs: fix deadlock with fiemap and extent locking Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 279/396] vfio/pci: Create persistent INTx handler Greg Kroah-Hartman
` (129 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Tian, Reinette Chatre,
Eric Auger, Alex Williamson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit b620ecbd17a03cacd06f014a5d3f3a11285ce053 upstream.
In order to synchronize changes that can affect the thread callback,
introduce an interface to force a flush of the inject workqueue. The
irqfd pointer is only valid under spinlock, but the workqueue cannot
be flushed under spinlock. Therefore the flush work for the irqfd is
queued under spinlock. The vfio_irqfd_cleanup_wq workqueue is re-used
for queuing this work such that flushing the workqueue is also ordered
relative to shutdown.
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-4-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Stable-dep-of: 18c198c96a81 ("vfio/pci: Create persistent INTx handler")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vfio/virqfd.c | 21 +++++++++++++++++++++
include/linux/vfio.h | 2 ++
2 files changed, 23 insertions(+)
--- a/drivers/vfio/virqfd.c
+++ b/drivers/vfio/virqfd.c
@@ -101,6 +101,13 @@ static void virqfd_inject(struct work_st
virqfd->thread(virqfd->opaque, virqfd->data);
}
+static void virqfd_flush_inject(struct work_struct *work)
+{
+ struct virqfd *virqfd = container_of(work, struct virqfd, flush_inject);
+
+ flush_work(&virqfd->inject);
+}
+
int vfio_virqfd_enable(void *opaque,
int (*handler)(void *, void *),
void (*thread)(void *, void *),
@@ -124,6 +131,7 @@ int vfio_virqfd_enable(void *opaque,
INIT_WORK(&virqfd->shutdown, virqfd_shutdown);
INIT_WORK(&virqfd->inject, virqfd_inject);
+ INIT_WORK(&virqfd->flush_inject, virqfd_flush_inject);
irqfd = fdget(fd);
if (!irqfd.file) {
@@ -213,3 +221,16 @@ void vfio_virqfd_disable(struct virqfd *
flush_workqueue(vfio_irqfd_cleanup_wq);
}
EXPORT_SYMBOL_GPL(vfio_virqfd_disable);
+
+void vfio_virqfd_flush_thread(struct virqfd **pvirqfd)
+{
+ unsigned long flags;
+
+ spin_lock_irqsave(&virqfd_lock, flags);
+ if (*pvirqfd && (*pvirqfd)->thread)
+ queue_work(vfio_irqfd_cleanup_wq, &(*pvirqfd)->flush_inject);
+ spin_unlock_irqrestore(&virqfd_lock, flags);
+
+ flush_workqueue(vfio_irqfd_cleanup_wq);
+}
+EXPORT_SYMBOL_GPL(vfio_virqfd_flush_thread);
--- a/include/linux/vfio.h
+++ b/include/linux/vfio.h
@@ -349,6 +349,7 @@ struct virqfd {
wait_queue_entry_t wait;
poll_table pt;
struct work_struct shutdown;
+ struct work_struct flush_inject;
struct virqfd **pvirqfd;
};
@@ -356,5 +357,6 @@ int vfio_virqfd_enable(void *opaque, int
void (*thread)(void *, void *), void *data,
struct virqfd **pvirqfd, int fd);
void vfio_virqfd_disable(struct virqfd **pvirqfd);
+void vfio_virqfd_flush_thread(struct virqfd **pvirqfd);
#endif /* VFIO_H */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 279/396] vfio/pci: Create persistent INTx handler
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (277 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 278/396] vfio: Introduce interface to flush virqfd inject workqueue Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 280/396] vfio/platform: Create persistent IRQ handlers Greg Kroah-Hartman
` (128 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Reinette Chatre, Kevin Tian,
Eric Auger, Alex Williamson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 18c198c96a815c962adc2b9b77909eec0be7df4d upstream.
A vulnerability exists where the eventfd for INTx signaling can be
deconfigured, which unregisters the IRQ handler but still allows
eventfds to be signaled with a NULL context through the SET_IRQS ioctl
or through unmask irqfd if the device interrupt is pending.
Ideally this could be solved with some additional locking; the igate
mutex serializes the ioctl and config space accesses, and the interrupt
handler is unregistered relative to the trigger, but the irqfd path
runs asynchronous to those. The igate mutex cannot be acquired from the
atomic context of the eventfd wake function. Disabling the irqfd
relative to the eventfd registration is potentially incompatible with
existing userspace.
As a result, the solution implemented here moves configuration of the
INTx interrupt handler to track the lifetime of the INTx context object
and irq_type configuration, rather than registration of a particular
trigger eventfd. Synchronization is added between the ioctl path and
eventfd_signal() wrapper such that the eventfd trigger can be
dynamically updated relative to in-flight interrupts or irqfd callbacks.
Cc: <stable@vger.kernel.org>
Fixes: 89e1f7d4c66d ("vfio: Add PCI device driver")
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Reinette Chatre <reinette.chatre@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-5-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vfio/pci/vfio_pci_intrs.c | 145 ++++++++++++++++++++------------------
1 file changed, 78 insertions(+), 67 deletions(-)
--- a/drivers/vfio/pci/vfio_pci_intrs.c
+++ b/drivers/vfio/pci/vfio_pci_intrs.c
@@ -90,11 +90,15 @@ static void vfio_send_intx_eventfd(void
if (likely(is_intx(vdev) && !vdev->virq_disabled)) {
struct vfio_pci_irq_ctx *ctx;
+ struct eventfd_ctx *trigger;
ctx = vfio_irq_ctx_get(vdev, 0);
if (WARN_ON_ONCE(!ctx))
return;
- eventfd_signal(ctx->trigger, 1);
+
+ trigger = READ_ONCE(ctx->trigger);
+ if (likely(trigger))
+ eventfd_signal(trigger, 1);
}
}
@@ -253,100 +257,100 @@ static irqreturn_t vfio_intx_handler(int
return ret;
}
-static int vfio_intx_enable(struct vfio_pci_core_device *vdev)
+static int vfio_intx_enable(struct vfio_pci_core_device *vdev,
+ struct eventfd_ctx *trigger)
{
+ struct pci_dev *pdev = vdev->pdev;
struct vfio_pci_irq_ctx *ctx;
+ unsigned long irqflags;
+ char *name;
+ int ret;
if (!is_irq_none(vdev))
return -EINVAL;
- if (!vdev->pdev->irq)
+ if (!pdev->irq)
return -ENODEV;
+ name = kasprintf(GFP_KERNEL_ACCOUNT, "vfio-intx(%s)", pci_name(pdev));
+ if (!name)
+ return -ENOMEM;
+
ctx = vfio_irq_ctx_alloc(vdev, 0);
if (!ctx)
return -ENOMEM;
+ ctx->name = name;
+ ctx->trigger = trigger;
+
/*
- * If the virtual interrupt is masked, restore it. Devices
- * supporting DisINTx can be masked at the hardware level
- * here, non-PCI-2.3 devices will have to wait until the
- * interrupt is enabled.
+ * Fill the initial masked state based on virq_disabled. After
+ * enable, changing the DisINTx bit in vconfig directly changes INTx
+ * masking. igate prevents races during setup, once running masked
+ * is protected via irqlock.
+ *
+ * Devices supporting DisINTx also reflect the current mask state in
+ * the physical DisINTx bit, which is not affected during IRQ setup.
+ *
+ * Devices without DisINTx support require an exclusive interrupt.
+ * IRQ masking is performed at the IRQ chip. Again, igate protects
+ * against races during setup and IRQ handlers and irqfds are not
+ * yet active, therefore masked is stable and can be used to
+ * conditionally auto-enable the IRQ.
+ *
+ * irq_type must be stable while the IRQ handler is registered,
+ * therefore it must be set before request_irq().
*/
ctx->masked = vdev->virq_disabled;
- if (vdev->pci_2_3)
- pci_intx(vdev->pdev, !ctx->masked);
+ if (vdev->pci_2_3) {
+ pci_intx(pdev, !ctx->masked);
+ irqflags = IRQF_SHARED;
+ } else {
+ irqflags = ctx->masked ? IRQF_NO_AUTOEN : 0;
+ }
vdev->irq_type = VFIO_PCI_INTX_IRQ_INDEX;
+ ret = request_irq(pdev->irq, vfio_intx_handler,
+ irqflags, ctx->name, vdev);
+ if (ret) {
+ vdev->irq_type = VFIO_PCI_NUM_IRQS;
+ kfree(name);
+ vfio_irq_ctx_free(vdev, ctx, 0);
+ return ret;
+ }
+
return 0;
}
-static int vfio_intx_set_signal(struct vfio_pci_core_device *vdev, int fd)
+static int vfio_intx_set_signal(struct vfio_pci_core_device *vdev,
+ struct eventfd_ctx *trigger)
{
struct pci_dev *pdev = vdev->pdev;
- unsigned long irqflags = IRQF_SHARED;
struct vfio_pci_irq_ctx *ctx;
- struct eventfd_ctx *trigger;
- unsigned long flags;
- int ret;
+ struct eventfd_ctx *old;
ctx = vfio_irq_ctx_get(vdev, 0);
if (WARN_ON_ONCE(!ctx))
return -EINVAL;
- if (ctx->trigger) {
- free_irq(pdev->irq, vdev);
- kfree(ctx->name);
- eventfd_ctx_put(ctx->trigger);
- ctx->trigger = NULL;
- }
-
- if (fd < 0) /* Disable only */
- return 0;
+ old = ctx->trigger;
- ctx->name = kasprintf(GFP_KERNEL_ACCOUNT, "vfio-intx(%s)",
- pci_name(pdev));
- if (!ctx->name)
- return -ENOMEM;
+ WRITE_ONCE(ctx->trigger, trigger);
- trigger = eventfd_ctx_fdget(fd);
- if (IS_ERR(trigger)) {
- kfree(ctx->name);
- return PTR_ERR(trigger);
+ /* Releasing an old ctx requires synchronizing in-flight users */
+ if (old) {
+ synchronize_irq(pdev->irq);
+ vfio_virqfd_flush_thread(&ctx->unmask);
+ eventfd_ctx_put(old);
}
- ctx->trigger = trigger;
-
- /*
- * Devices without DisINTx support require an exclusive interrupt,
- * IRQ masking is performed at the IRQ chip. The masked status is
- * protected by vdev->irqlock. Setup the IRQ without auto-enable and
- * unmask as necessary below under lock. DisINTx is unmodified by
- * the IRQ configuration and may therefore use auto-enable.
- */
- if (!vdev->pci_2_3)
- irqflags = IRQF_NO_AUTOEN;
-
- ret = request_irq(pdev->irq, vfio_intx_handler,
- irqflags, ctx->name, vdev);
- if (ret) {
- ctx->trigger = NULL;
- kfree(ctx->name);
- eventfd_ctx_put(trigger);
- return ret;
- }
-
- spin_lock_irqsave(&vdev->irqlock, flags);
- if (!vdev->pci_2_3 && !ctx->masked)
- enable_irq(pdev->irq);
- spin_unlock_irqrestore(&vdev->irqlock, flags);
-
return 0;
}
static void vfio_intx_disable(struct vfio_pci_core_device *vdev)
{
+ struct pci_dev *pdev = vdev->pdev;
struct vfio_pci_irq_ctx *ctx;
ctx = vfio_irq_ctx_get(vdev, 0);
@@ -354,10 +358,13 @@ static void vfio_intx_disable(struct vfi
if (ctx) {
vfio_virqfd_disable(&ctx->unmask);
vfio_virqfd_disable(&ctx->mask);
+ free_irq(pdev->irq, vdev);
+ if (ctx->trigger)
+ eventfd_ctx_put(ctx->trigger);
+ kfree(ctx->name);
+ vfio_irq_ctx_free(vdev, ctx, 0);
}
- vfio_intx_set_signal(vdev, -1);
vdev->irq_type = VFIO_PCI_NUM_IRQS;
- vfio_irq_ctx_free(vdev, ctx, 0);
}
/*
@@ -641,19 +648,23 @@ static int vfio_pci_set_intx_trigger(str
return -EINVAL;
if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
+ struct eventfd_ctx *trigger = NULL;
int32_t fd = *(int32_t *)data;
int ret;
+ if (fd >= 0) {
+ trigger = eventfd_ctx_fdget(fd);
+ if (IS_ERR(trigger))
+ return PTR_ERR(trigger);
+ }
+
if (is_intx(vdev))
- return vfio_intx_set_signal(vdev, fd);
+ ret = vfio_intx_set_signal(vdev, trigger);
+ else
+ ret = vfio_intx_enable(vdev, trigger);
- ret = vfio_intx_enable(vdev);
- if (ret)
- return ret;
-
- ret = vfio_intx_set_signal(vdev, fd);
- if (ret)
- vfio_intx_disable(vdev);
+ if (ret && trigger)
+ eventfd_ctx_put(trigger);
return ret;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 280/396] vfio/platform: Create persistent IRQ handlers
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (278 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 279/396] vfio/pci: Create persistent INTx handler Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 281/396] vfio/fsl-mc: Block calling interrupt handler without trigger Greg Kroah-Hartman
` (127 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Eric Auger, Kevin Tian,
Alex Williamson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 675daf435e9f8e5a5eab140a9864dfad6668b375 upstream.
The vfio-platform SET_IRQS ioctl currently allows loopback triggering of
an interrupt before a signaling eventfd has been configured by the user,
which thereby allows a NULL pointer dereference.
Rather than register the IRQ relative to a valid trigger, register all
IRQs in a disabled state in the device open path. This allows mask
operations on the IRQ to nest within the overall enable state governed
by a valid eventfd signal. This decouples @masked, protected by the
@locked spinlock from @trigger, protected via the @igate mutex.
In doing so, it's guaranteed that changes to @trigger cannot race the
IRQ handlers because the IRQ handler is synchronously disabled before
modifying the trigger, and loopback triggering of the IRQ via ioctl is
safe due to serialization with trigger changes via igate.
For compatibility, request_irq() failures are maintained to be local to
the SET_IRQS ioctl rather than a fatal error in the open device path.
This allows, for example, a userspace driver with polling mode support
to continue to work regardless of moving the request_irq() call site.
This necessarily blocks all SET_IRQS access to the failed index.
Cc: Eric Auger <eric.auger@redhat.com>
Cc: <stable@vger.kernel.org>
Fixes: 57f972e2b341 ("vfio/platform: trigger an interrupt via eventfd")
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-7-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vfio/platform/vfio_platform_irq.c | 100 ++++++++++++++++++++----------
1 file changed, 68 insertions(+), 32 deletions(-)
--- a/drivers/vfio/platform/vfio_platform_irq.c
+++ b/drivers/vfio/platform/vfio_platform_irq.c
@@ -136,6 +136,16 @@ static int vfio_platform_set_irq_unmask(
return 0;
}
+/*
+ * The trigger eventfd is guaranteed valid in the interrupt path
+ * and protected by the igate mutex when triggered via ioctl.
+ */
+static void vfio_send_eventfd(struct vfio_platform_irq *irq_ctx)
+{
+ if (likely(irq_ctx->trigger))
+ eventfd_signal(irq_ctx->trigger, 1);
+}
+
static irqreturn_t vfio_automasked_irq_handler(int irq, void *dev_id)
{
struct vfio_platform_irq *irq_ctx = dev_id;
@@ -155,7 +165,7 @@ static irqreturn_t vfio_automasked_irq_h
spin_unlock_irqrestore(&irq_ctx->lock, flags);
if (ret == IRQ_HANDLED)
- eventfd_signal(irq_ctx->trigger, 1);
+ vfio_send_eventfd(irq_ctx);
return ret;
}
@@ -164,52 +174,40 @@ static irqreturn_t vfio_irq_handler(int
{
struct vfio_platform_irq *irq_ctx = dev_id;
- eventfd_signal(irq_ctx->trigger, 1);
+ vfio_send_eventfd(irq_ctx);
return IRQ_HANDLED;
}
static int vfio_set_trigger(struct vfio_platform_device *vdev, int index,
- int fd, irq_handler_t handler)
+ int fd)
{
struct vfio_platform_irq *irq = &vdev->irqs[index];
struct eventfd_ctx *trigger;
- int ret;
if (irq->trigger) {
- irq_clear_status_flags(irq->hwirq, IRQ_NOAUTOEN);
- free_irq(irq->hwirq, irq);
- kfree(irq->name);
+ disable_irq(irq->hwirq);
eventfd_ctx_put(irq->trigger);
irq->trigger = NULL;
}
if (fd < 0) /* Disable only */
return 0;
- irq->name = kasprintf(GFP_KERNEL_ACCOUNT, "vfio-irq[%d](%s)",
- irq->hwirq, vdev->name);
- if (!irq->name)
- return -ENOMEM;
trigger = eventfd_ctx_fdget(fd);
- if (IS_ERR(trigger)) {
- kfree(irq->name);
+ if (IS_ERR(trigger))
return PTR_ERR(trigger);
- }
irq->trigger = trigger;
- irq_set_status_flags(irq->hwirq, IRQ_NOAUTOEN);
- ret = request_irq(irq->hwirq, handler, 0, irq->name, irq);
- if (ret) {
- kfree(irq->name);
- eventfd_ctx_put(trigger);
- irq->trigger = NULL;
- return ret;
- }
-
- if (!irq->masked)
- enable_irq(irq->hwirq);
+ /*
+ * irq->masked effectively provides nested disables within the overall
+ * enable relative to trigger. Specifically request_irq() is called
+ * with NO_AUTOEN, therefore the IRQ is initially disabled. The user
+ * may only further disable the IRQ with a MASK operations because
+ * irq->masked is initially false.
+ */
+ enable_irq(irq->hwirq);
return 0;
}
@@ -228,7 +226,7 @@ static int vfio_platform_set_irq_trigger
handler = vfio_irq_handler;
if (!count && (flags & VFIO_IRQ_SET_DATA_NONE))
- return vfio_set_trigger(vdev, index, -1, handler);
+ return vfio_set_trigger(vdev, index, -1);
if (start != 0 || count != 1)
return -EINVAL;
@@ -236,7 +234,7 @@ static int vfio_platform_set_irq_trigger
if (flags & VFIO_IRQ_SET_DATA_EVENTFD) {
int32_t fd = *(int32_t *)data;
- return vfio_set_trigger(vdev, index, fd, handler);
+ return vfio_set_trigger(vdev, index, fd);
}
if (flags & VFIO_IRQ_SET_DATA_NONE) {
@@ -260,6 +258,14 @@ int vfio_platform_set_irqs_ioctl(struct
unsigned start, unsigned count, uint32_t flags,
void *data) = NULL;
+ /*
+ * For compatibility, errors from request_irq() are local to the
+ * SET_IRQS path and reflected in the name pointer. This allows,
+ * for example, polling mode fallback for an exclusive IRQ failure.
+ */
+ if (IS_ERR(vdev->irqs[index].name))
+ return PTR_ERR(vdev->irqs[index].name);
+
switch (flags & VFIO_IRQ_SET_ACTION_TYPE_MASK) {
case VFIO_IRQ_SET_ACTION_MASK:
func = vfio_platform_set_irq_mask;
@@ -280,7 +286,7 @@ int vfio_platform_set_irqs_ioctl(struct
int vfio_platform_irq_init(struct vfio_platform_device *vdev)
{
- int cnt = 0, i;
+ int cnt = 0, i, ret = 0;
while (vdev->get_irq(vdev, cnt) >= 0)
cnt++;
@@ -292,29 +298,54 @@ int vfio_platform_irq_init(struct vfio_p
for (i = 0; i < cnt; i++) {
int hwirq = vdev->get_irq(vdev, i);
+ irq_handler_t handler = vfio_irq_handler;
- if (hwirq < 0)
+ if (hwirq < 0) {
+ ret = -EINVAL;
goto err;
+ }
spin_lock_init(&vdev->irqs[i].lock);
vdev->irqs[i].flags = VFIO_IRQ_INFO_EVENTFD;
- if (irq_get_trigger_type(hwirq) & IRQ_TYPE_LEVEL_MASK)
+ if (irq_get_trigger_type(hwirq) & IRQ_TYPE_LEVEL_MASK) {
vdev->irqs[i].flags |= VFIO_IRQ_INFO_MASKABLE
| VFIO_IRQ_INFO_AUTOMASKED;
+ handler = vfio_automasked_irq_handler;
+ }
vdev->irqs[i].count = 1;
vdev->irqs[i].hwirq = hwirq;
vdev->irqs[i].masked = false;
+ vdev->irqs[i].name = kasprintf(GFP_KERNEL_ACCOUNT,
+ "vfio-irq[%d](%s)", hwirq,
+ vdev->name);
+ if (!vdev->irqs[i].name) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ ret = request_irq(hwirq, handler, IRQF_NO_AUTOEN,
+ vdev->irqs[i].name, &vdev->irqs[i]);
+ if (ret) {
+ kfree(vdev->irqs[i].name);
+ vdev->irqs[i].name = ERR_PTR(ret);
+ }
}
vdev->num_irqs = cnt;
return 0;
err:
+ for (--i; i >= 0; i--) {
+ if (!IS_ERR(vdev->irqs[i].name)) {
+ free_irq(vdev->irqs[i].hwirq, &vdev->irqs[i]);
+ kfree(vdev->irqs[i].name);
+ }
+ }
kfree(vdev->irqs);
- return -EINVAL;
+ return ret;
}
void vfio_platform_irq_cleanup(struct vfio_platform_device *vdev)
@@ -324,7 +355,12 @@ void vfio_platform_irq_cleanup(struct vf
for (i = 0; i < vdev->num_irqs; i++) {
vfio_virqfd_disable(&vdev->irqs[i].mask);
vfio_virqfd_disable(&vdev->irqs[i].unmask);
- vfio_set_trigger(vdev, i, -1, NULL);
+ if (!IS_ERR(vdev->irqs[i].name)) {
+ free_irq(vdev->irqs[i].hwirq, &vdev->irqs[i]);
+ if (vdev->irqs[i].trigger)
+ eventfd_ctx_put(vdev->irqs[i].trigger);
+ kfree(vdev->irqs[i].name);
+ }
}
vdev->num_irqs = 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 281/396] vfio/fsl-mc: Block calling interrupt handler without trigger
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (279 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 280/396] vfio/platform: Create persistent IRQ handlers Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 282/396] x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Greg Kroah-Hartman
` (126 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Diana Craciun, Kevin Tian,
Eric Auger, Alex Williamson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alex Williamson <alex.williamson@redhat.com>
commit 7447d911af699a15f8d050dfcb7c680a86f87012 upstream.
The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is
initially NULL and may become NULL if the user sets the trigger
eventfd to -1. The interrupt handler itself is guaranteed that
trigger is always valid between request_irq() and free_irq(), but
the loopback testing mechanisms to invoke the handler function
need to test the trigger. The triggering and setting ioctl paths
both make use of igate and are therefore mutually exclusive.
The vfio-fsl-mc driver does not make use of irqfds, nor does it
support any sort of masking operations, therefore unlike vfio-pci
and vfio-platform, the flow can remain essentially unchanged.
Cc: Diana Craciun <diana.craciun@oss.nxp.com>
Cc: <stable@vger.kernel.org>
Fixes: cc0ee20bd969 ("vfio/fsl-mc: trigger an interrupt via eventfd")
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Link: https://lore.kernel.org/r/20240308230557.805580-8-alex.williamson@redhat.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c
+++ b/drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c
@@ -141,13 +141,14 @@ static int vfio_fsl_mc_set_irq_trigger(s
irq = &vdev->mc_irqs[index];
if (flags & VFIO_IRQ_SET_DATA_NONE) {
- vfio_fsl_mc_irq_handler(hwirq, irq);
+ if (irq->trigger)
+ eventfd_signal(irq->trigger, 1);
} else if (flags & VFIO_IRQ_SET_DATA_BOOL) {
u8 trigger = *(u8 *)data;
- if (trigger)
- vfio_fsl_mc_irq_handler(hwirq, irq);
+ if (trigger && irq->trigger)
+ eventfd_signal(irq->trigger, 1);
}
return 0;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 282/396] x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (280 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 281/396] vfio/fsl-mc: Block calling interrupt handler without trigger Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 283/396] x86/sev: Fix position dependent variable references in startup code Greg Kroah-Hartman
` (125 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Borislav Petkov (AMD),
Ard Biesheuvel
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Borislav Petkov (AMD) <bp@alien8.de>
commit 29956748339aa8757a7e2f927a8679dd08f24bb6 upstream.
It was meant well at the time but nothing's using it so get rid of it.
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20240202163510.GDZb0Zvj8qOndvFOiZ@fat_crate.local
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
Documentation/admin-guide/kernel-parameters.txt | 4 +---
Documentation/arch/x86/amd-memory-encryption.rst | 16 ++++++++--------
arch/x86/Kconfig | 13 -------------
arch/x86/mm/mem_encrypt_identity.c | 11 +----------
4 files changed, 10 insertions(+), 34 deletions(-)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -3269,9 +3269,7 @@
mem_encrypt= [X86-64] AMD Secure Memory Encryption (SME) control
Valid arguments: on, off
- Default (depends on kernel configuration option):
- on (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y)
- off (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=n)
+ Default: off
mem_encrypt=on: Activate SME
mem_encrypt=off: Do not activate SME
--- a/Documentation/arch/x86/amd-memory-encryption.rst
+++ b/Documentation/arch/x86/amd-memory-encryption.rst
@@ -87,14 +87,14 @@ The state of SME in the Linux kernel can
kernel is non-zero).
SME can also be enabled and activated in the BIOS. If SME is enabled and
-activated in the BIOS, then all memory accesses will be encrypted and it will
-not be necessary to activate the Linux memory encryption support. If the BIOS
-merely enables SME (sets bit 23 of the MSR_AMD64_SYSCFG), then Linux can activate
-memory encryption by default (CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y) or
-by supplying mem_encrypt=on on the kernel command line. However, if BIOS does
-not enable SME, then Linux will not be able to activate memory encryption, even
-if configured to do so by default or the mem_encrypt=on command line parameter
-is specified.
+activated in the BIOS, then all memory accesses will be encrypted and it
+will not be necessary to activate the Linux memory encryption support.
+
+If the BIOS merely enables SME (sets bit 23 of the MSR_AMD64_SYSCFG),
+then memory encryption can be enabled by supplying mem_encrypt=on on the
+kernel command line. However, if BIOS does not enable SME, then Linux
+will not be able to activate memory encryption, even if configured to do
+so by default or the mem_encrypt=on command line parameter is specified.
Secure Nested Paging (SNP)
==========================
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1514,19 +1514,6 @@ config AMD_MEM_ENCRYPT
This requires an AMD processor that supports Secure Memory
Encryption (SME).
-config AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT
- bool "Activate AMD Secure Memory Encryption (SME) by default"
- depends on AMD_MEM_ENCRYPT
- help
- Say yes to have system memory encrypted by default if running on
- an AMD processor that supports Secure Memory Encryption (SME).
-
- If set to Y, then the encryption of system memory can be
- deactivated with the mem_encrypt=off command line option.
-
- If set to N, then the encryption of system memory can be
- activated with the mem_encrypt=on command line option.
-
# Common NUMA Features
config NUMA
bool "NUMA Memory Allocation and Scheduler Support"
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -97,7 +97,6 @@ static char sme_workarea[2 * PMD_SIZE] _
static char sme_cmdline_arg[] __initdata = "mem_encrypt";
static char sme_cmdline_on[] __initdata = "on";
-static char sme_cmdline_off[] __initdata = "off";
static void __init sme_clear_pgd(struct sme_populate_pgd_data *ppd)
{
@@ -504,7 +503,7 @@ void __init sme_encrypt_kernel(struct bo
void __init sme_enable(struct boot_params *bp)
{
- const char *cmdline_ptr, *cmdline_arg, *cmdline_on, *cmdline_off;
+ const char *cmdline_ptr, *cmdline_arg, *cmdline_on;
unsigned int eax, ebx, ecx, edx;
unsigned long feature_mask;
unsigned long me_mask;
@@ -587,12 +586,6 @@ void __init sme_enable(struct boot_param
asm ("lea sme_cmdline_on(%%rip), %0"
: "=r" (cmdline_on)
: "p" (sme_cmdline_on));
- asm ("lea sme_cmdline_off(%%rip), %0"
- : "=r" (cmdline_off)
- : "p" (sme_cmdline_off));
-
- if (IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT))
- sme_me_mask = me_mask;
cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
((u64)bp->ext_cmd_line_ptr << 32));
@@ -602,8 +595,6 @@ void __init sme_enable(struct boot_param
if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
sme_me_mask = me_mask;
- else if (!strncmp(buffer, cmdline_off, sizeof(buffer)))
- sme_me_mask = 0;
out:
if (sme_me_mask) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 283/396] x86/sev: Fix position dependent variable references in startup code
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (281 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 282/396] x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 284/396] clocksource/drivers/arm_global_timer: Fix maximum prescaler value Greg Kroah-Hartman
` (124 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Loughlin, Ard Biesheuvel,
Borislav Petkov (AMD), stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit 1c811d403afd73f04bde82b83b24c754011bd0e8 upstream.
The early startup code executes from a 1:1 mapping of memory, which
differs from the mapping that the code was linked and/or relocated to
run at. The latter mapping is not active yet at this point, and so
symbol references that rely on it will fault.
Given that the core kernel is built without -fPIC, symbol references are
typically emitted as absolute, and so any such references occuring in
the early startup code will therefore crash the kernel.
While an attempt was made to work around this for the early SEV/SME
startup code, by forcing RIP-relative addressing for certain global
SEV/SME variables via inline assembly (see snp_cpuid_get_table() for
example), RIP-relative addressing must be pervasively enforced for
SEV/SME global variables when accessed prior to page table fixups.
__startup_64() already handles this issue for select non-SEV/SME global
variables using fixup_pointer(), which adjusts the pointer relative to a
`physaddr` argument. To avoid having to pass around this `physaddr`
argument across all functions needing to apply pointer fixups, introduce
a macro RIP_RELATIVE_REF() which generates a RIP-relative reference to
a given global variable. It is used where necessary to force
RIP-relative accesses to global variables.
For backporting purposes, this patch makes no attempt at cleaning up
other occurrences of this pattern, involving either inline asm or
fixup_pointer(). Those will be addressed later.
[ bp: Call it "rip_rel_ref" everywhere like other code shortens
"rIP-relative reference" and make the asm wrapper __always_inline. ]
Co-developed-by: Kevin Loughlin <kevinloughlin@google.com>
Signed-off-by: Kevin Loughlin <kevinloughlin@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/all/20240130220845.1978329-1-kevinloughlin@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/coco/core.c | 7 +------
arch/x86/include/asm/asm.h | 14 ++++++++++++++
arch/x86/include/asm/coco.h | 8 +++++++-
arch/x86/include/asm/mem_encrypt.h | 15 +++++++++------
arch/x86/kernel/sev-shared.c | 12 ++++++------
arch/x86/kernel/sev.c | 4 ++--
arch/x86/mm/mem_encrypt_identity.c | 27 ++++++++++++---------------
7 files changed, 51 insertions(+), 36 deletions(-)
--- a/arch/x86/coco/core.c
+++ b/arch/x86/coco/core.c
@@ -14,7 +14,7 @@
#include <asm/processor.h>
enum cc_vendor cc_vendor __ro_after_init = CC_VENDOR_NONE;
-static u64 cc_mask __ro_after_init;
+u64 cc_mask __ro_after_init;
static bool noinstr intel_cc_platform_has(enum cc_attr attr)
{
@@ -148,8 +148,3 @@ u64 cc_mkdec(u64 val)
}
}
EXPORT_SYMBOL_GPL(cc_mkdec);
-
-__init void cc_set_mask(u64 mask)
-{
- cc_mask = mask;
-}
--- a/arch/x86/include/asm/asm.h
+++ b/arch/x86/include/asm/asm.h
@@ -113,6 +113,20 @@
#endif
+#ifndef __ASSEMBLY__
+#ifndef __pic__
+static __always_inline __pure void *rip_rel_ptr(void *p)
+{
+ asm("leaq %c1(%%rip), %0" : "=r"(p) : "i"(p));
+
+ return p;
+}
+#define RIP_REL_REF(var) (*(typeof(&(var)))rip_rel_ptr(&(var)))
+#else
+#define RIP_REL_REF(var) (var)
+#endif
+#endif
+
/*
* Macros to generate condition code outputs from inline assembly,
* The output operand must be type "bool".
--- a/arch/x86/include/asm/coco.h
+++ b/arch/x86/include/asm/coco.h
@@ -2,6 +2,7 @@
#ifndef _ASM_X86_COCO_H
#define _ASM_X86_COCO_H
+#include <asm/asm.h>
#include <asm/types.h>
enum cc_vendor {
@@ -11,9 +12,14 @@ enum cc_vendor {
};
extern enum cc_vendor cc_vendor;
+extern u64 cc_mask;
#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
-void cc_set_mask(u64 mask);
+static inline void cc_set_mask(u64 mask)
+{
+ RIP_REL_REF(cc_mask) = mask;
+}
+
u64 cc_mkenc(u64 val);
u64 cc_mkdec(u64 val);
#else
--- a/arch/x86/include/asm/mem_encrypt.h
+++ b/arch/x86/include/asm/mem_encrypt.h
@@ -15,7 +15,8 @@
#include <linux/init.h>
#include <linux/cc_platform.h>
-#include <asm/bootparam.h>
+#include <asm/asm.h>
+struct boot_params;
#ifdef CONFIG_X86_MEM_ENCRYPT
void __init mem_encrypt_init(void);
@@ -57,6 +58,11 @@ void __init mem_encrypt_free_decrypted_m
void __init sev_es_init_vc_handling(void);
+static inline u64 sme_get_me_mask(void)
+{
+ return RIP_REL_REF(sme_me_mask);
+}
+
#define __bss_decrypted __section(".bss..decrypted")
#else /* !CONFIG_AMD_MEM_ENCRYPT */
@@ -89,6 +95,8 @@ early_set_mem_enc_dec_hypercall(unsigned
static inline void mem_encrypt_free_decrypted_mem(void) { }
+static inline u64 sme_get_me_mask(void) { return 0; }
+
#define __bss_decrypted
#endif /* CONFIG_AMD_MEM_ENCRYPT */
@@ -106,11 +114,6 @@ void add_encrypt_protection_map(void);
extern char __start_bss_decrypted[], __end_bss_decrypted[], __start_bss_decrypted_unused[];
-static inline u64 sme_get_me_mask(void)
-{
- return sme_me_mask;
-}
-
#endif /* __ASSEMBLY__ */
#endif /* __X86_MEM_ENCRYPT_H__ */
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@ -556,9 +556,9 @@ static int snp_cpuid(struct ghcb *ghcb,
leaf->eax = leaf->ebx = leaf->ecx = leaf->edx = 0;
/* Skip post-processing for out-of-range zero leafs. */
- if (!(leaf->fn <= cpuid_std_range_max ||
- (leaf->fn >= 0x40000000 && leaf->fn <= cpuid_hyp_range_max) ||
- (leaf->fn >= 0x80000000 && leaf->fn <= cpuid_ext_range_max)))
+ if (!(leaf->fn <= RIP_REL_REF(cpuid_std_range_max) ||
+ (leaf->fn >= 0x40000000 && leaf->fn <= RIP_REL_REF(cpuid_hyp_range_max)) ||
+ (leaf->fn >= 0x80000000 && leaf->fn <= RIP_REL_REF(cpuid_ext_range_max))))
return 0;
}
@@ -1063,11 +1063,11 @@ static void __init setup_cpuid_table(con
const struct snp_cpuid_fn *fn = &cpuid_table->fn[i];
if (fn->eax_in == 0x0)
- cpuid_std_range_max = fn->eax;
+ RIP_REL_REF(cpuid_std_range_max) = fn->eax;
else if (fn->eax_in == 0x40000000)
- cpuid_hyp_range_max = fn->eax;
+ RIP_REL_REF(cpuid_hyp_range_max) = fn->eax;
else if (fn->eax_in == 0x80000000)
- cpuid_ext_range_max = fn->eax;
+ RIP_REL_REF(cpuid_ext_range_max) = fn->eax;
}
}
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -748,7 +748,7 @@ void __init early_snp_set_memory_private
* This eliminates worries about jump tables or checking boot_cpu_data
* in the cc_platform_has() function.
*/
- if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED))
+ if (!(RIP_REL_REF(sev_status) & MSR_AMD64_SEV_SNP_ENABLED))
return;
/*
@@ -767,7 +767,7 @@ void __init early_snp_set_memory_shared(
* This eliminates worries about jump tables or checking boot_cpu_data
* in the cc_platform_has() function.
*/
- if (!(sev_status & MSR_AMD64_SEV_SNP_ENABLED))
+ if (!(RIP_REL_REF(sev_status) & MSR_AMD64_SEV_SNP_ENABLED))
return;
/* Ask hypervisor to mark the memory pages shared in the RMP table. */
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -304,7 +304,8 @@ void __init sme_encrypt_kernel(struct bo
* instrumentation or checking boot_cpu_data in the cc_platform_has()
* function.
*/
- if (!sme_get_me_mask() || sev_status & MSR_AMD64_SEV_ENABLED)
+ if (!sme_get_me_mask() ||
+ RIP_REL_REF(sev_status) & MSR_AMD64_SEV_ENABLED)
return;
/*
@@ -541,11 +542,11 @@ void __init sme_enable(struct boot_param
me_mask = 1UL << (ebx & 0x3f);
/* Check the SEV MSR whether SEV or SME is enabled */
- sev_status = __rdmsr(MSR_AMD64_SEV);
- feature_mask = (sev_status & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
+ RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV);
+ feature_mask = (msr & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
/* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */
- if (snp && !(sev_status & MSR_AMD64_SEV_SNP_ENABLED))
+ if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED))
snp_abort();
/* Check if memory encryption is enabled */
@@ -571,7 +572,6 @@ void __init sme_enable(struct boot_param
return;
} else {
/* SEV state cannot be controlled by a command line option */
- sme_me_mask = me_mask;
goto out;
}
@@ -590,16 +590,13 @@ void __init sme_enable(struct boot_param
cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
((u64)bp->ext_cmd_line_ptr << 32));
- if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
- goto out;
-
- if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
- sme_me_mask = me_mask;
+ if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0 ||
+ strncmp(buffer, cmdline_on, sizeof(buffer)))
+ return;
out:
- if (sme_me_mask) {
- physical_mask &= ~sme_me_mask;
- cc_vendor = CC_VENDOR_AMD;
- cc_set_mask(sme_me_mask);
- }
+ RIP_REL_REF(sme_me_mask) = me_mask;
+ physical_mask &= ~me_mask;
+ cc_vendor = CC_VENDOR_AMD;
+ cc_set_mask(me_mask);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 284/396] clocksource/drivers/arm_global_timer: Fix maximum prescaler value
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (282 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 283/396] x86/sev: Fix position dependent variable references in startup code Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 285/396] ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Greg Kroah-Hartman
` (123 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Martin Blumenstingl, Daniel Lezcano,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
[ Upstream commit b34b9547cee41575a4fddf390f615570759dc999 ]
The prescaler in the "Global Timer Control Register bit assignments" is
documented to use bits [15:8], which means that the maximum prescaler
register value is 0xff.
Fixes: 171b45a4a70e ("clocksource/drivers/arm_global_timer: Implement rate compensation whenever source clock changes")
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Link: https://lore.kernel.org/r/20240218174138.1942418-2-martin.blumenstingl@googlemail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/clocksource/arm_global_timer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/clocksource/arm_global_timer.c b/drivers/clocksource/arm_global_timer.c
index 44a61dc6f9320..e1c773bb55359 100644
--- a/drivers/clocksource/arm_global_timer.c
+++ b/drivers/clocksource/arm_global_timer.c
@@ -32,7 +32,7 @@
#define GT_CONTROL_IRQ_ENABLE BIT(2) /* banked */
#define GT_CONTROL_AUTO_INC BIT(3) /* banked */
#define GT_CONTROL_PRESCALER_SHIFT 8
-#define GT_CONTROL_PRESCALER_MAX 0xF
+#define GT_CONTROL_PRESCALER_MAX 0xFF
#define GT_CONTROL_PRESCALER_MASK (GT_CONTROL_PRESCALER_MAX << \
GT_CONTROL_PRESCALER_SHIFT)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 285/396] ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (283 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 284/396] clocksource/drivers/arm_global_timer: Fix maximum prescaler value Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 286/396] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Greg Kroah-Hartman
` (122 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Linus Walleij, Arnd Bergmann,
Nicolas Pitre, Jisheng Zhang, Ard Biesheuvel,
Russell King (Oracle), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
[ Upstream commit b9920fdd5a751df129808e7fa512e9928223ee05 ]
PJ4 is a v7 core that incorporates a iWMMXt coprocessor. However, GCC
does not support this combination (its iWMMXt configuration always
implies v5te), and so there is no v6/v7 user space that actually makes
use of this, beyond generic support for things like setjmp() that
preserve/restore the iWMMXt register file using generic LDC/STC
instructions emitted in assembler. As [0] appears to imply, this logic
is triggered for the init process at boot, and so most user threads will
have a iWMMXt register context associated with it, even though it is
never used.
At this point, it is highly unlikely that such GCC support will ever
materialize (and Clang does not implement support for iWMMXt to begin
with).
This means that advertising iWMMXt support on these cores results in
context switch overhead without any associated benefit, and so it is
better to simply ignore the iWMMXt unit on these systems. So rip out the
support. Doing so also fixes the issue reported in [0] related to UNDEF
handling of co-processor #0/#1 instructions issued from user space
running in Thumb2 mode.
The PJ4 cores are used in four platforms: Armada 370/xp, Dove (Cubox,
d2plug), MMP2 (xo-1.75) and Berlin (Google TV). Out of these, only the
first is still widely used, but that one actually doesn't have iWMMXt
but instead has only VFPV3-D16, and so it is not impacted by this
change.
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218427 [0]
Fixes: 8bcba70cb5c22 ("ARM: entry: Disregard Thumb undef exception ...")
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
Reviewed-by: Jisheng Zhang <jszhang@kernel.org>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/Kconfig | 4 +-
arch/arm/kernel/Makefile | 2 -
arch/arm/kernel/iwmmxt.S | 51 ++++----------
arch/arm/kernel/pj4-cp0.c | 135 --------------------------------------
4 files changed, 15 insertions(+), 177 deletions(-)
delete mode 100644 arch/arm/kernel/pj4-cp0.c
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
index 9557808e8937b..57c0448d017a1 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
@@ -589,8 +589,8 @@ source "arch/arm/mm/Kconfig"
config IWMMXT
bool "Enable iWMMXt support"
- depends on CPU_XSCALE || CPU_XSC3 || CPU_MOHAWK || CPU_PJ4 || CPU_PJ4B
- default y if PXA27x || PXA3xx || ARCH_MMP || CPU_PJ4 || CPU_PJ4B
+ depends on CPU_XSCALE || CPU_XSC3 || CPU_MOHAWK
+ default y if PXA27x || PXA3xx || ARCH_MMP
help
Enable support for iWMMXt context switching at run time if
running on a CPU that supports it.
diff --git a/arch/arm/kernel/Makefile b/arch/arm/kernel/Makefile
index 771264d4726a7..ae2f2b2b4e5ab 100644
--- a/arch/arm/kernel/Makefile
+++ b/arch/arm/kernel/Makefile
@@ -75,8 +75,6 @@ obj-$(CONFIG_HAVE_HW_BREAKPOINT) += hw_breakpoint.o
obj-$(CONFIG_CPU_XSCALE) += xscale-cp0.o
obj-$(CONFIG_CPU_XSC3) += xscale-cp0.o
obj-$(CONFIG_CPU_MOHAWK) += xscale-cp0.o
-obj-$(CONFIG_CPU_PJ4) += pj4-cp0.o
-obj-$(CONFIG_CPU_PJ4B) += pj4-cp0.o
obj-$(CONFIG_IWMMXT) += iwmmxt.o
obj-$(CONFIG_PERF_EVENTS) += perf_regs.o perf_callchain.o
obj-$(CONFIG_HW_PERF_EVENTS) += perf_event_xscale.o perf_event_v6.o \
diff --git a/arch/arm/kernel/iwmmxt.S b/arch/arm/kernel/iwmmxt.S
index a0218c4867b9b..4a335d3c59690 100644
--- a/arch/arm/kernel/iwmmxt.S
+++ b/arch/arm/kernel/iwmmxt.S
@@ -18,18 +18,6 @@
#include <asm/assembler.h>
#include "iwmmxt.h"
-#if defined(CONFIG_CPU_PJ4) || defined(CONFIG_CPU_PJ4B)
-#define PJ4(code...) code
-#define XSC(code...)
-#elif defined(CONFIG_CPU_MOHAWK) || \
- defined(CONFIG_CPU_XSC3) || \
- defined(CONFIG_CPU_XSCALE)
-#define PJ4(code...)
-#define XSC(code...) code
-#else
-#error "Unsupported iWMMXt architecture"
-#endif
-
#define MMX_WR0 (0x00)
#define MMX_WR1 (0x08)
#define MMX_WR2 (0x10)
@@ -81,17 +69,13 @@ ENDPROC(iwmmxt_undef_handler)
ENTRY(iwmmxt_task_enable)
inc_preempt_count r10, r3
- XSC(mrc p15, 0, r2, c15, c1, 0)
- PJ4(mrc p15, 0, r2, c1, c0, 2)
+ mrc p15, 0, r2, c15, c1, 0
@ CP0 and CP1 accessible?
- XSC(tst r2, #0x3)
- PJ4(tst r2, #0xf)
+ tst r2, #0x3
bne 4f @ if so no business here
@ enable access to CP0 and CP1
- XSC(orr r2, r2, #0x3)
- XSC(mcr p15, 0, r2, c15, c1, 0)
- PJ4(orr r2, r2, #0xf)
- PJ4(mcr p15, 0, r2, c1, c0, 2)
+ orr r2, r2, #0x3
+ mcr p15, 0, r2, c15, c1, 0
ldr r3, =concan_owner
ldr r2, [r0, #S_PC] @ current task pc value
@@ -218,12 +202,9 @@ ENTRY(iwmmxt_task_disable)
bne 1f @ no: quit
@ enable access to CP0 and CP1
- XSC(mrc p15, 0, r4, c15, c1, 0)
- XSC(orr r4, r4, #0x3)
- XSC(mcr p15, 0, r4, c15, c1, 0)
- PJ4(mrc p15, 0, r4, c1, c0, 2)
- PJ4(orr r4, r4, #0xf)
- PJ4(mcr p15, 0, r4, c1, c0, 2)
+ mrc p15, 0, r4, c15, c1, 0
+ orr r4, r4, #0x3
+ mcr p15, 0, r4, c15, c1, 0
mov r0, #0 @ nothing to load
str r0, [r3] @ no more current owner
@@ -232,10 +213,8 @@ ENTRY(iwmmxt_task_disable)
bl concan_save
@ disable access to CP0 and CP1
- XSC(bic r4, r4, #0x3)
- XSC(mcr p15, 0, r4, c15, c1, 0)
- PJ4(bic r4, r4, #0xf)
- PJ4(mcr p15, 0, r4, c1, c0, 2)
+ bic r4, r4, #0x3
+ mcr p15, 0, r4, c15, c1, 0
mrc p15, 0, r2, c2, c0, 0
mov r2, r2 @ cpwait
@@ -330,11 +309,9 @@ ENDPROC(iwmmxt_task_restore)
*/
ENTRY(iwmmxt_task_switch)
- XSC(mrc p15, 0, r1, c15, c1, 0)
- PJ4(mrc p15, 0, r1, c1, c0, 2)
+ mrc p15, 0, r1, c15, c1, 0
@ CP0 and CP1 accessible?
- XSC(tst r1, #0x3)
- PJ4(tst r1, #0xf)
+ tst r1, #0x3
bne 1f @ yes: block them for next task
ldr r2, =concan_owner
@@ -344,10 +321,8 @@ ENTRY(iwmmxt_task_switch)
retne lr @ no: leave Concan disabled
1: @ flip Concan access
- XSC(eor r1, r1, #0x3)
- XSC(mcr p15, 0, r1, c15, c1, 0)
- PJ4(eor r1, r1, #0xf)
- PJ4(mcr p15, 0, r1, c1, c0, 2)
+ eor r1, r1, #0x3
+ mcr p15, 0, r1, c15, c1, 0
mrc p15, 0, r1, c2, c0, 0
sub pc, lr, r1, lsr #32 @ cpwait and return
diff --git a/arch/arm/kernel/pj4-cp0.c b/arch/arm/kernel/pj4-cp0.c
deleted file mode 100644
index 4bca8098c4ff5..0000000000000
--- a/arch/arm/kernel/pj4-cp0.c
+++ /dev/null
@@ -1,135 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-/*
- * linux/arch/arm/kernel/pj4-cp0.c
- *
- * PJ4 iWMMXt coprocessor context switching and handling
- *
- * Copyright (c) 2010 Marvell International Inc.
- */
-
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/signal.h>
-#include <linux/sched.h>
-#include <linux/init.h>
-#include <linux/io.h>
-#include <asm/thread_notify.h>
-#include <asm/cputype.h>
-
-static int iwmmxt_do(struct notifier_block *self, unsigned long cmd, void *t)
-{
- struct thread_info *thread = t;
-
- switch (cmd) {
- case THREAD_NOTIFY_FLUSH:
- /*
- * flush_thread() zeroes thread->fpstate, so no need
- * to do anything here.
- *
- * FALLTHROUGH: Ensure we don't try to overwrite our newly
- * initialised state information on the first fault.
- */
-
- case THREAD_NOTIFY_EXIT:
- iwmmxt_task_release(thread);
- break;
-
- case THREAD_NOTIFY_SWITCH:
- iwmmxt_task_switch(thread);
- break;
- }
-
- return NOTIFY_DONE;
-}
-
-static struct notifier_block __maybe_unused iwmmxt_notifier_block = {
- .notifier_call = iwmmxt_do,
-};
-
-
-static u32 __init pj4_cp_access_read(void)
-{
- u32 value;
-
- __asm__ __volatile__ (
- "mrc p15, 0, %0, c1, c0, 2\n\t"
- : "=r" (value));
- return value;
-}
-
-static void __init pj4_cp_access_write(u32 value)
-{
- u32 temp;
-
- __asm__ __volatile__ (
- "mcr p15, 0, %1, c1, c0, 2\n\t"
-#ifdef CONFIG_THUMB2_KERNEL
- "isb\n\t"
-#else
- "mrc p15, 0, %0, c1, c0, 2\n\t"
- "mov %0, %0\n\t"
- "sub pc, pc, #4\n\t"
-#endif
- : "=r" (temp) : "r" (value));
-}
-
-static int __init pj4_get_iwmmxt_version(void)
-{
- u32 cp_access, wcid;
-
- cp_access = pj4_cp_access_read();
- pj4_cp_access_write(cp_access | 0xf);
-
- /* check if coprocessor 0 and 1 are available */
- if ((pj4_cp_access_read() & 0xf) != 0xf) {
- pj4_cp_access_write(cp_access);
- return -ENODEV;
- }
-
- /* read iWMMXt coprocessor id register p1, c0 */
- __asm__ __volatile__ ("mrc p1, 0, %0, c0, c0, 0\n" : "=r" (wcid));
-
- pj4_cp_access_write(cp_access);
-
- /* iWMMXt v1 */
- if ((wcid & 0xffffff00) == 0x56051000)
- return 1;
- /* iWMMXt v2 */
- if ((wcid & 0xffffff00) == 0x56052000)
- return 2;
-
- return -EINVAL;
-}
-
-/*
- * Disable CP0/CP1 on boot, and let call_fpe() and the iWMMXt lazy
- * switch code handle iWMMXt context switching.
- */
-static int __init pj4_cp0_init(void)
-{
- u32 __maybe_unused cp_access;
- int vers;
-
- if (!cpu_is_pj4())
- return 0;
-
- vers = pj4_get_iwmmxt_version();
- if (vers < 0)
- return 0;
-
-#ifndef CONFIG_IWMMXT
- pr_info("PJ4 iWMMXt coprocessor detected, but kernel support is missing.\n");
-#else
- cp_access = pj4_cp_access_read() & ~0xf;
- pj4_cp_access_write(cp_access);
-
- pr_info("PJ4 iWMMXt v%d coprocessor enabled.\n", vers);
- elf_hwcap |= HWCAP_IWMMXT;
- thread_register_notifier(&iwmmxt_notifier_block);
- register_iwmmxt_undef_handler();
-#endif
-
- return 0;
-}
-
-late_initcall(pj4_cp0_init);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 286/396] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (284 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 285/396] ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 287/396] entry: Respect changes to system call number by trace_sys_enter() Greg Kroah-Hartman
` (121 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Rapoport, Yongqiang Liu,
Russell King (Oracle), Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yongqiang Liu <liuyongqiang13@huawei.com>
[ Upstream commit 0c66c6f4e21cb22220cbd8821c5c73fc157d20dc ]
Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account
freed memory map alignment") changes the semantics of pfn_valid() to check
presence of the memory map for a PFN. A valid page for an address which
is reserved but not mapped by the kernel[1], the system crashed during
some uio test with the following memory layout:
node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]
node 0: [mem 0x00000000d0000000-0x00000000da1fffff]
the uio layout is:0xc0900000, 0x100000
the crash backtrace like:
Unable to handle kernel paging request at virtual address bff00000
[...]
CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1
Hardware name: Generic DT based system
PC is at b15_flush_kern_dcache_area+0x24/0x3c
LR is at __sync_icache_dcache+0x6c/0x98
[...]
(b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)
(__sync_icache_dcache) from (set_pte_at+0x28/0x54)
(set_pte_at) from (remap_pfn_range+0x1a0/0x274)
(remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])
(uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)
(__mmap_region) from (__do_mmap_mm+0x3ec/0x440)
(__do_mmap_mm) from (do_mmap+0x50/0x58)
(do_mmap) from (vm_mmap_pgoff+0xfc/0x188)
(vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)
(ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)
Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)
---[ end trace 09cf0734c3805d52 ]---
Kernel panic - not syncing: Fatal exception
So check if PG_reserved was set to solve this issue.
[1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/
Fixes: a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment")
Suggested-by: Mike Rapoport <rppt@linux.ibm.com>
Signed-off-by: Yongqiang Liu <liuyongqiang13@huawei.com>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/mm/flush.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/arm/mm/flush.c b/arch/arm/mm/flush.c
index d19d140a10c7d..0749cf8a66371 100644
--- a/arch/arm/mm/flush.c
+++ b/arch/arm/mm/flush.c
@@ -296,6 +296,9 @@ void __sync_icache_dcache(pte_t pteval)
return;
folio = page_folio(pfn_to_page(pfn));
+ if (folio_test_reserved(folio))
+ return;
+
if (cache_is_vipt_aliasing())
mapping = folio_flush_mapping(folio);
else
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 287/396] entry: Respect changes to system call number by trace_sys_enter()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (285 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 286/396] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 288/396] swiotlb: Fix double-allocation of slots due to broken alignment handling Greg Kroah-Hartman
` (120 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, André Rösti,
Thomas Gleixner, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: André Rösti <an.roesti@gmail.com>
[ Upstream commit fb13b11d53875e28e7fbf0c26b288e4ea676aa9f ]
When a probe is registered at the trace_sys_enter() tracepoint, and that
probe changes the system call number, the old system call still gets
executed. This worked correctly until commit b6ec41346103 ("core/entry:
Report syscall correctly for trace and audit"), which removed the
re-evaluation of the syscall number after the trace point.
Restore the original semantics by re-evaluating the system call number
after trace_sys_enter().
The performance impact of this re-evaluation is minimal because it only
takes place when a trace point is active, and compared to the actual trace
point overhead the read from a cache hot variable is negligible.
Fixes: b6ec41346103 ("core/entry: Report syscall correctly for trace and audit")
Signed-off-by: André Rösti <an.roesti@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20240311211704.7262-1-an.roesti@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/entry/common.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/kernel/entry/common.c b/kernel/entry/common.c
index d7ee4bc3f2ba3..5ff4f1cd36445 100644
--- a/kernel/entry/common.c
+++ b/kernel/entry/common.c
@@ -77,8 +77,14 @@ static long syscall_trace_enter(struct pt_regs *regs, long syscall,
/* Either of the above might have changed the syscall number */
syscall = syscall_get_nr(current, regs);
- if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT))
+ if (unlikely(work & SYSCALL_WORK_SYSCALL_TRACEPOINT)) {
trace_sys_enter(regs, syscall);
+ /*
+ * Probes or BPF hooks in the tracepoint may have changed the
+ * system call number as well.
+ */
+ syscall = syscall_get_nr(current, regs);
+ }
syscall_enter_audit(regs, syscall);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 288/396] swiotlb: Fix double-allocation of slots due to broken alignment handling
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (286 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 287/396] entry: Respect changes to system call number by trace_sys_enter() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 289/396] swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Greg Kroah-Hartman
` (119 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Will Deacon, Michael Kelley,
Petr Tesarik, Nicolin Chen, Christoph Hellwig, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will@kernel.org>
[ Upstream commit 04867a7a33324c9c562ee7949dbcaab7aaad1fb4 ]
Commit bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix"),
which was a fix for commit 0eee5ae10256 ("swiotlb: fix slot alignment
checks"), causes a functional regression with vsock in a virtual machine
using bouncing via a restricted DMA SWIOTLB pool.
When virtio allocates the virtqueues for the vsock device using
dma_alloc_coherent(), the SWIOTLB search can return page-unaligned
allocations if 'area->index' was left unaligned by a previous allocation
from the buffer:
# Final address in brackets is the SWIOTLB address returned to the caller
| virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1645-1649/7168 (0x98326800)
| virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1649-1653/7168 (0x98328800)
| virtio-pci 0000:00:07.0: orig_addr 0x0 alloc_size 0x2000, iotlb_align_mask 0x800 stride 0x2: got slot 1653-1657/7168 (0x9832a800)
This ends badly (typically buffer corruption and/or a hang) because
swiotlb_alloc() is expecting a page-aligned allocation and so blindly
returns a pointer to the 'struct page' corresponding to the allocation,
therefore double-allocating the first half (2KiB slot) of the 4KiB page.
Fix the problem by treating the allocation alignment separately to any
additional alignment requirements from the device, using the maximum
of the two as the stride to search the buffer slots and taking care
to ensure a minimum of page-alignment for buffers larger than a page.
This also resolves swiotlb allocation failures occuring due to the
inclusion of ~PAGE_MASK in 'iotlb_align_mask' for large allocations and
resulting in alignment requirements exceeding swiotlb_max_mapping_size().
Fixes: bbb73a103fbb ("swiotlb: fix a braino in the alignment check fix")
Fixes: 0eee5ae10256 ("swiotlb: fix slot alignment checks")
Signed-off-by: Will Deacon <will@kernel.org>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Reviewed-by: Petr Tesarik <petr.tesarik1@huawei-partners.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/swiotlb.c | 26 ++++++++++++++------------
1 file changed, 14 insertions(+), 12 deletions(-)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index 2048194a03bed..e59f510a5d8a6 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -982,7 +982,7 @@ static int swiotlb_area_find_slots(struct device *dev, struct io_tlb_pool *pool,
phys_to_dma_unencrypted(dev, pool->start) & boundary_mask;
unsigned long max_slots = get_max_slots(boundary_mask);
unsigned int iotlb_align_mask =
- dma_get_min_align_mask(dev) | alloc_align_mask;
+ dma_get_min_align_mask(dev) & ~(IO_TLB_SIZE - 1);
unsigned int nslots = nr_slots(alloc_size), stride;
unsigned int offset = swiotlb_align_offset(dev, orig_addr);
unsigned int index, slots_checked, count = 0, i;
@@ -994,18 +994,17 @@ static int swiotlb_area_find_slots(struct device *dev, struct io_tlb_pool *pool,
BUG_ON(area_index >= pool->nareas);
/*
- * For allocations of PAGE_SIZE or larger only look for page aligned
- * allocations.
+ * For mappings with an alignment requirement don't bother looping to
+ * unaligned slots once we found an aligned one.
*/
- if (alloc_size >= PAGE_SIZE)
- iotlb_align_mask |= ~PAGE_MASK;
- iotlb_align_mask &= ~(IO_TLB_SIZE - 1);
+ stride = get_max_slots(max(alloc_align_mask, iotlb_align_mask));
/*
- * For mappings with an alignment requirement don't bother looping to
- * unaligned slots once we found an aligned one.
+ * For allocations of PAGE_SIZE or larger only look for page aligned
+ * allocations.
*/
- stride = (iotlb_align_mask >> IO_TLB_SHIFT) + 1;
+ if (alloc_size >= PAGE_SIZE)
+ stride = umax(stride, PAGE_SHIFT - IO_TLB_SHIFT + 1);
spin_lock_irqsave(&area->lock, flags);
if (unlikely(nslots > pool->area_nslabs - area->used))
@@ -1015,11 +1014,14 @@ static int swiotlb_area_find_slots(struct device *dev, struct io_tlb_pool *pool,
index = area->index;
for (slots_checked = 0; slots_checked < pool->area_nslabs; ) {
+ phys_addr_t tlb_addr;
+
slot_index = slot_base + index;
+ tlb_addr = slot_addr(tbl_dma_addr, slot_index);
- if (orig_addr &&
- (slot_addr(tbl_dma_addr, slot_index) &
- iotlb_align_mask) != (orig_addr & iotlb_align_mask)) {
+ if ((tlb_addr & alloc_align_mask) ||
+ (orig_addr && (tlb_addr & iotlb_align_mask) !=
+ (orig_addr & iotlb_align_mask))) {
index = wrap_area_index(pool, index + 1);
slots_checked++;
continue;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 289/396] swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (287 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 288/396] swiotlb: Fix double-allocation of slots due to broken alignment handling Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 290/396] swiotlb: Fix alignment checks when both allocation and DMA masks are present Greg Kroah-Hartman
` (118 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Will Deacon, Michael Kelley,
Petr Tesarik, Nicolin Chen, Christoph Hellwig, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will@kernel.org>
[ Upstream commit cbf53074a528191df82b4dba1e3d21191102255e ]
core-api/dma-api-howto.rst states the following properties of
dma_alloc_coherent():
| The CPU virtual address and the DMA address are both guaranteed to
| be aligned to the smallest PAGE_SIZE order which is greater than or
| equal to the requested size.
However, swiotlb_alloc() passes zero for the 'alloc_align_mask'
parameter of swiotlb_find_slots() and so this property is not upheld.
Instead, allocations larger than a page are aligned to PAGE_SIZE,
Calculate the mask corresponding to the page order suitable for holding
the allocation and pass that to swiotlb_find_slots().
Fixes: e81e99bacc9f ("swiotlb: Support aligned swiotlb buffers")
Signed-off-by: Will Deacon <will@kernel.org>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Reviewed-by: Petr Tesarik <petr.tesarik1@huawei-partners.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/swiotlb.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index e59f510a5d8a6..ded5a1f9e8f82 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -1608,12 +1608,14 @@ struct page *swiotlb_alloc(struct device *dev, size_t size)
struct io_tlb_mem *mem = dev->dma_io_tlb_mem;
struct io_tlb_pool *pool;
phys_addr_t tlb_addr;
+ unsigned int align;
int index;
if (!mem)
return NULL;
- index = swiotlb_find_slots(dev, 0, size, 0, &pool);
+ align = (1 << (get_order(size) + PAGE_SHIFT)) - 1;
+ index = swiotlb_find_slots(dev, 0, size, align, &pool);
if (index == -1)
return NULL;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 290/396] swiotlb: Fix alignment checks when both allocation and DMA masks are present
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (288 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 289/396] swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 291/396] iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Greg Kroah-Hartman
` (117 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolin Chen, Will Deacon,
Michael Kelley, Christoph Hellwig, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Will Deacon <will@kernel.org>
[ Upstream commit 51b30ecb73b481d5fac6ccf2ecb4a309c9ee3310 ]
Nicolin reports that swiotlb buffer allocations fail for an NVME device
behind an IOMMU using 64KiB pages. This is because we end up with a
minimum allocation alignment of 64KiB (for the IOMMU to map the buffer
safely) but a minimum DMA alignment mask corresponding to a 4KiB NVME
page (i.e. preserving the 4KiB page offset from the original allocation).
If the original address is not 4KiB-aligned, the allocation will fail
because swiotlb_search_pool_area() erroneously compares these unmasked
bits with the 64KiB-aligned candidate allocation.
Tweak swiotlb_search_pool_area() so that the DMA alignment mask is
reduced based on the required alignment of the allocation.
Fixes: 82612d66d51d ("iommu: Allow the dma-iommu api to use bounce buffers")
Link: https://lore.kernel.org/r/cover.1707851466.git.nicolinc@nvidia.com
Reported-by: Nicolin Chen <nicolinc@nvidia.com>
Signed-off-by: Will Deacon <will@kernel.org>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/dma/swiotlb.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/kernel/dma/swiotlb.c b/kernel/dma/swiotlb.c
index ded5a1f9e8f82..675ae318f74f8 100644
--- a/kernel/dma/swiotlb.c
+++ b/kernel/dma/swiotlb.c
@@ -981,8 +981,7 @@ static int swiotlb_area_find_slots(struct device *dev, struct io_tlb_pool *pool,
dma_addr_t tbl_dma_addr =
phys_to_dma_unencrypted(dev, pool->start) & boundary_mask;
unsigned long max_slots = get_max_slots(boundary_mask);
- unsigned int iotlb_align_mask =
- dma_get_min_align_mask(dev) & ~(IO_TLB_SIZE - 1);
+ unsigned int iotlb_align_mask = dma_get_min_align_mask(dev);
unsigned int nslots = nr_slots(alloc_size), stride;
unsigned int offset = swiotlb_align_offset(dev, orig_addr);
unsigned int index, slots_checked, count = 0, i;
@@ -993,6 +992,14 @@ static int swiotlb_area_find_slots(struct device *dev, struct io_tlb_pool *pool,
BUG_ON(!nslots);
BUG_ON(area_index >= pool->nareas);
+ /*
+ * Ensure that the allocation is at least slot-aligned and update
+ * 'iotlb_align_mask' to ignore bits that will be preserved when
+ * offsetting into the allocation.
+ */
+ alloc_align_mask |= (IO_TLB_SIZE - 1);
+ iotlb_align_mask &= ~alloc_align_mask;
+
/*
* For mappings with an alignment requirement don't bother looping to
* unaligned slots once we found an aligned one.
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 291/396] iommu/dma: Force swiotlb_max_mapping_size on an untrusted device
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (289 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 290/396] swiotlb: Fix alignment checks when both allocation and DMA masks are present Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 292/396] printk: Update @console_may_schedule in console_trylock_spinning() Greg Kroah-Hartman
` (116 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nicolin Chen, Will Deacon,
Michael Kelley, Robin Murphy, Christoph Hellwig, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nicolin Chen <nicolinc@nvidia.com>
[ Upstream commit afc5aa46ed560f01ceda897c053c6a40c77ce5c4 ]
The swiotlb does not support a mapping size > swiotlb_max_mapping_size().
On the other hand, with a 64KB PAGE_SIZE configuration, it's observed that
an NVME device can map a size between 300KB~512KB, which certainly failed
the swiotlb mappings, though the default pool of swiotlb has many slots:
systemd[1]: Started Journal Service.
=> nvme 0000:00:01.0: swiotlb buffer is full (sz: 327680 bytes), total 32768 (slots), used 32 (slots)
note: journal-offline[392] exited with irqs disabled
note: journal-offline[392] exited with preempt_count 1
Call trace:
[ 3.099918] swiotlb_tbl_map_single+0x214/0x240
[ 3.099921] iommu_dma_map_page+0x218/0x328
[ 3.099928] dma_map_page_attrs+0x2e8/0x3a0
[ 3.101985] nvme_prep_rq.part.0+0x408/0x878 [nvme]
[ 3.102308] nvme_queue_rqs+0xc0/0x300 [nvme]
[ 3.102313] blk_mq_flush_plug_list.part.0+0x57c/0x600
[ 3.102321] blk_add_rq_to_plug+0x180/0x2a0
[ 3.102323] blk_mq_submit_bio+0x4c8/0x6b8
[ 3.103463] __submit_bio+0x44/0x220
[ 3.103468] submit_bio_noacct_nocheck+0x2b8/0x360
[ 3.103470] submit_bio_noacct+0x180/0x6c8
[ 3.103471] submit_bio+0x34/0x130
[ 3.103473] ext4_bio_write_folio+0x5a4/0x8c8
[ 3.104766] mpage_submit_folio+0xa0/0x100
[ 3.104769] mpage_map_and_submit_buffers+0x1a4/0x400
[ 3.104771] ext4_do_writepages+0x6a0/0xd78
[ 3.105615] ext4_writepages+0x80/0x118
[ 3.105616] do_writepages+0x90/0x1e8
[ 3.105619] filemap_fdatawrite_wbc+0x94/0xe0
[ 3.105622] __filemap_fdatawrite_range+0x68/0xb8
[ 3.106656] file_write_and_wait_range+0x84/0x120
[ 3.106658] ext4_sync_file+0x7c/0x4c0
[ 3.106660] vfs_fsync_range+0x3c/0xa8
[ 3.106663] do_fsync+0x44/0xc0
Since untrusted devices might go down the swiotlb pathway with dma-iommu,
these devices should not map a size larger than swiotlb_max_mapping_size.
To fix this bug, add iommu_dma_max_mapping_size() for untrusted devices to
take into account swiotlb_max_mapping_size() v.s. iova_rcache_range() from
the iommu_dma_opt_mapping_size().
Fixes: 82612d66d51d ("iommu: Allow the dma-iommu api to use bounce buffers")
Link: https://lore.kernel.org/r/ee51a3a5c32cf885b18f6416171802669f4a718a.1707851466.git.nicolinc@nvidia.com
Signed-off-by: Nicolin Chen <nicolinc@nvidia.com>
[will: Drop redundant is_swiotlb_active(dev) check]
Signed-off-by: Will Deacon <will@kernel.org>
Reviewed-by: Michael Kelley <mhklinux@outlook.com>
Acked-by: Robin Murphy <robin.murphy@arm.com>
Tested-by: Nicolin Chen <nicolinc@nvidia.com>
Tested-by: Michael Kelley <mhklinux@outlook.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/dma-iommu.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/drivers/iommu/dma-iommu.c b/drivers/iommu/dma-iommu.c
index e5d087bd6da15..2da969fc89900 100644
--- a/drivers/iommu/dma-iommu.c
+++ b/drivers/iommu/dma-iommu.c
@@ -1602,6 +1602,14 @@ static size_t iommu_dma_opt_mapping_size(void)
return iova_rcache_range();
}
+static size_t iommu_dma_max_mapping_size(struct device *dev)
+{
+ if (dev_is_untrusted(dev))
+ return swiotlb_max_mapping_size(dev);
+
+ return SIZE_MAX;
+}
+
static const struct dma_map_ops iommu_dma_ops = {
.flags = DMA_F_PCI_P2PDMA_SUPPORTED,
.alloc = iommu_dma_alloc,
@@ -1624,6 +1632,7 @@ static const struct dma_map_ops iommu_dma_ops = {
.unmap_resource = iommu_dma_unmap_resource,
.get_merge_boundary = iommu_dma_get_merge_boundary,
.opt_mapping_size = iommu_dma_opt_mapping_size,
+ .max_mapping_size = iommu_dma_max_mapping_size,
};
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 292/396] printk: Update @console_may_schedule in console_trylock_spinning()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (290 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 291/396] iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 293/396] irqchip/renesas-rzg2l: Implement restriction when writing ISCR register Greg Kroah-Hartman
` (115 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mukesh Ojha, John Ogness,
Petr Mladek, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Ogness <john.ogness@linutronix.de>
[ Upstream commit 8076972468584d4a21dab9aa50e388b3ea9ad8c7 ]
console_trylock_spinning() may takeover the console lock from a
schedulable context. Update @console_may_schedule to make sure it
reflects a trylock acquire.
Reported-by: Mukesh Ojha <quic_mojha@quicinc.com>
Closes: https://lore.kernel.org/lkml/20240222090538.23017-1-quic_mojha@quicinc.com
Fixes: dbdda842fe96 ("printk: Add console owner and waiter logic to load balance console writes")
Signed-off-by: John Ogness <john.ogness@linutronix.de>
Reviewed-by: Mukesh Ojha <quic_mojha@quicinc.com>
Reviewed-by: Petr Mladek <pmladek@suse.com>
Link: https://lore.kernel.org/r/875xybmo2z.fsf@jogness.linutronix.de
Signed-off-by: Petr Mladek <pmladek@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
kernel/printk/printk.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/kernel/printk/printk.c b/kernel/printk/printk.c
index c358c04d05162..35d32d66fb114 100644
--- a/kernel/printk/printk.c
+++ b/kernel/printk/printk.c
@@ -2007,6 +2007,12 @@ static int console_trylock_spinning(void)
*/
mutex_acquire(&console_lock_dep_map, 0, 1, _THIS_IP_);
+ /*
+ * Update @console_may_schedule for trylock because the previous
+ * owner may have been schedulable.
+ */
+ console_may_schedule = 0;
+
return 1;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 293/396] irqchip/renesas-rzg2l: Implement restriction when writing ISCR register
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (291 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 292/396] printk: Update @console_may_schedule in console_trylock_spinning() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 294/396] irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Greg Kroah-Hartman
` (114 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Thomas Gleixner,
Geert Uytterhoeven, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
[ Upstream commit ef88eefb1a81a8701eabb7d5ced761a66a465a49 ]
The RZ/G2L manual (chapter "IRQ Status Control Register (ISCR)") describes
the operation to clear interrupts through the ISCR register as follows:
[Write operation]
When "Falling-edge detection", "Rising-edge detection" or
"Falling/Rising-edge detection" is set in IITSR:
- In case ISTAT is 1
0: IRQn interrupt detection status is cleared.
1: Invalid to write.
- In case ISTAT is 0
Invalid to write.
When "Low-level detection" is set in IITSR.:
Invalid to write.
Take the interrupt type into account when clearing interrupts through the
ISCR register to avoid writing the ISCR when the interrupt type is level.
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Link: https://lore.kernel.org/r/20231120111820.87398-6-claudiu.beznea.uj@bp.renesas.com
Stable-dep-of: 9eec61df55c5 ("irqchip/renesas-rzg2l: Flush posted write in irq_eoi()")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 96f4e322ed6b7..8e0b15c7fe7f1 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -72,11 +72,17 @@ static void rzg2l_irq_eoi(struct irq_data *d)
unsigned int hw_irq = irqd_to_hwirq(d) - IRQC_IRQ_START;
struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
u32 bit = BIT(hw_irq);
- u32 reg;
+ u32 iitsr, iscr;
- reg = readl_relaxed(priv->base + ISCR);
- if (reg & bit)
- writel_relaxed(reg & ~bit, priv->base + ISCR);
+ iscr = readl_relaxed(priv->base + ISCR);
+ iitsr = readl_relaxed(priv->base + IITSR);
+
+ /*
+ * ISCR can only be cleared if the type is falling-edge, rising-edge or
+ * falling/rising-edge.
+ */
+ if ((iscr & bit) && (iitsr & IITSR_IITSEL_MASK(hw_irq)))
+ writel_relaxed(iscr & ~bit, priv->base + ISCR);
}
static void rzg2l_tint_eoi(struct irq_data *d)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 294/396] irqchip/renesas-rzg2l: Flush posted write in irq_eoi()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (292 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 293/396] irqchip/renesas-rzg2l: Implement restriction when writing ISCR register Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 295/396] irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on registers index Greg Kroah-Hartman
` (113 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Biju Das, Thomas Gleixner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 9eec61df55c51415409c7cc47e9a1c8de94a0522 ]
The irq_eoi() callback of the RZ/G2L interrupt chip clears the relevant
interrupt cause bit in the TSCR register by writing to it.
This write is not sufficient because the write is posted and therefore not
guaranteed to immediately clear the bit. Due to that delay the CPU can
raise the just handled interrupt again.
Prevent this by reading the register back which causes the posted write to
be flushed to the hardware before the read completes.
Fixes: 3fed09559cd8 ("irqchip: Add RZ/G2L IA55 Interrupt Controller driver")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 8e0b15c7fe7f1..7ea646e3e287f 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -81,8 +81,14 @@ static void rzg2l_irq_eoi(struct irq_data *d)
* ISCR can only be cleared if the type is falling-edge, rising-edge or
* falling/rising-edge.
*/
- if ((iscr & bit) && (iitsr & IITSR_IITSEL_MASK(hw_irq)))
+ if ((iscr & bit) && (iitsr & IITSR_IITSEL_MASK(hw_irq))) {
writel_relaxed(iscr & ~bit, priv->base + ISCR);
+ /*
+ * Enforce that the posted write is flushed to prevent that the
+ * just handled interrupt is raised again.
+ */
+ readl_relaxed(priv->base + ISCR);
+ }
}
static void rzg2l_tint_eoi(struct irq_data *d)
@@ -93,8 +99,14 @@ static void rzg2l_tint_eoi(struct irq_data *d)
u32 reg;
reg = readl_relaxed(priv->base + TSCR);
- if (reg & bit)
+ if (reg & bit) {
writel_relaxed(reg & ~bit, priv->base + TSCR);
+ /*
+ * Enforce that the posted write is flushed to prevent that the
+ * just handled interrupt is raised again.
+ */
+ readl_relaxed(priv->base + TSCR);
+ }
}
static void rzg2l_irqc_eoi(struct irq_data *d)
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 295/396] irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on registers index
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (293 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 294/396] irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 296/396] irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Greg Kroah-Hartman
` (112 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Claudiu Beznea, Thomas Gleixner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
[ Upstream commit 2eca4731cc66563b3919d8753dbd74d18c39f662 ]
There are 2 TITSR registers available on the IA55 interrupt controller.
Add a macro that retrieves the TITSR register offset based on it's
index. This macro is useful in when adding suspend/resume support so both
TITSR registers can be accessed in a for loop.
Signed-off-by: Claudiu Beznea <claudiu.beznea.uj@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20231120111820.87398-7-claudiu.beznea.uj@bp.renesas.com
Stable-dep-of: 853a6030303f ("irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 7ea646e3e287f..6e81b5945d21b 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -28,8 +28,7 @@
#define ISCR 0x10
#define IITSR 0x14
#define TSCR 0x20
-#define TITSR0 0x24
-#define TITSR1 0x28
+#define TITSR(n) (0x24 + (n) * 4)
#define TITSR0_MAX_INT 16
#define TITSEL_WIDTH 0x2
#define TSSR(n) (0x30 + ((n) * 4))
@@ -206,8 +205,7 @@ static int rzg2l_tint_set_edge(struct irq_data *d, unsigned int type)
struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
unsigned int hwirq = irqd_to_hwirq(d);
u32 titseln = hwirq - IRQC_TINT_START;
- u32 offset;
- u8 sense;
+ u8 index, sense;
u32 reg;
switch (type & IRQ_TYPE_SENSE_MASK) {
@@ -223,17 +221,17 @@ static int rzg2l_tint_set_edge(struct irq_data *d, unsigned int type)
return -EINVAL;
}
- offset = TITSR0;
+ index = 0;
if (titseln >= TITSR0_MAX_INT) {
titseln -= TITSR0_MAX_INT;
- offset = TITSR1;
+ index = 1;
}
raw_spin_lock(&priv->lock);
- reg = readl_relaxed(priv->base + offset);
+ reg = readl_relaxed(priv->base + TITSR(index));
reg &= ~(IRQ_MASK << (titseln * TITSEL_WIDTH));
reg |= sense << (titseln * TITSEL_WIDTH);
- writel_relaxed(reg, priv->base + offset);
+ writel_relaxed(reg, priv->base + TITSR(index));
raw_spin_unlock(&priv->lock);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 296/396] irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (294 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 295/396] irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on registers index Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 297/396] irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Greg Kroah-Hartman
` (111 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Biju Das, Thomas Gleixner,
Geert Uytterhoeven, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 7cb6362c63df233172eaecddaf9ce2ce2f769112 ]
Rename rzg2l_tint_eoi()->rzg2l_clear_tint_int() and simplify the code by
removing redundant priv and hw_irq local variables.
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Stable-dep-of: 853a6030303f ("irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 6e81b5945d21b..2fcd63bfb44d2 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -90,11 +90,9 @@ static void rzg2l_irq_eoi(struct irq_data *d)
}
}
-static void rzg2l_tint_eoi(struct irq_data *d)
+static void rzg2l_clear_tint_int(struct rzg2l_irqc_priv *priv, unsigned int hwirq)
{
- unsigned int hw_irq = irqd_to_hwirq(d) - IRQC_TINT_START;
- struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
- u32 bit = BIT(hw_irq);
+ u32 bit = BIT(hwirq - IRQC_TINT_START);
u32 reg;
reg = readl_relaxed(priv->base + TSCR);
@@ -117,7 +115,7 @@ static void rzg2l_irqc_eoi(struct irq_data *d)
if (hw_irq >= IRQC_IRQ_START && hw_irq <= IRQC_IRQ_COUNT)
rzg2l_irq_eoi(d);
else if (hw_irq >= IRQC_TINT_START && hw_irq < IRQC_NUM_IRQ)
- rzg2l_tint_eoi(d);
+ rzg2l_clear_tint_int(priv, hw_irq);
raw_spin_unlock(&priv->lock);
irq_chip_eoi_parent(d);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 297/396] irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (295 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 296/396] irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 298/396] irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Greg Kroah-Hartman
` (110 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Geert Uytterhoeven, Biju Das,
Thomas Gleixner, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit b4b5cd61a6fdd92ede0dc39f0850a182affd1323 ]
Rename rzg2l_irq_eoi()->rzg2l_clear_irq_int() and simplify the code by
removing redundant priv local variable.
Suggested-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Stable-dep-of: 853a6030303f ("irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 2fcd63bfb44d2..80cbe96505c92 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -66,10 +66,9 @@ static struct rzg2l_irqc_priv *irq_data_to_priv(struct irq_data *data)
return data->domain->host_data;
}
-static void rzg2l_irq_eoi(struct irq_data *d)
+static void rzg2l_clear_irq_int(struct rzg2l_irqc_priv *priv, unsigned int hwirq)
{
- unsigned int hw_irq = irqd_to_hwirq(d) - IRQC_IRQ_START;
- struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
+ unsigned int hw_irq = hwirq - IRQC_IRQ_START;
u32 bit = BIT(hw_irq);
u32 iitsr, iscr;
@@ -113,7 +112,7 @@ static void rzg2l_irqc_eoi(struct irq_data *d)
raw_spin_lock(&priv->lock);
if (hw_irq >= IRQC_IRQ_START && hw_irq <= IRQC_IRQ_COUNT)
- rzg2l_irq_eoi(d);
+ rzg2l_clear_irq_int(priv, hw_irq);
else if (hw_irq >= IRQC_TINT_START && hw_irq < IRQC_NUM_IRQ)
rzg2l_clear_tint_int(priv, hw_irq);
raw_spin_unlock(&priv->lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 298/396] irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (296 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 297/396] irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 299/396] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Greg Kroah-Hartman
` (109 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Biju Das, Thomas Gleixner,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Biju Das <biju.das.jz@bp.renesas.com>
[ Upstream commit 853a6030303f8a8fa54929b68e5665d9b21aa405 ]
RZ/G2L interrupt chips require that the interrupt is masked before changing
the NMI, IRQ, TINT interrupt settings. Aside of that, after setting an edge
trigger type it is required to clear the interrupt status register in order
to avoid spurious interrupts.
The current implementation fails to do either of that and therefore is
prone to generate spurious interrupts when setting the trigger type.
Address this by:
- Ensuring that the interrupt is masked at the chip level across the
update for the TINT chip
- Clearing the interrupt status register after updating the trigger mode
for edge type interrupts
[ tglx: Massaged changelog and reverted the spin_lock_irqsave() change as
the set_type() callback is always called with interrupts disabled. ]
Fixes: 3fed09559cd8 ("irqchip: Add RZ/G2L IA55 Interrupt Controller driver")
Signed-off-by: Biju Das <biju.das.jz@bp.renesas.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-renesas-rzg2l.c | 36 +++++++++++++++++++++++++----
1 file changed, 32 insertions(+), 4 deletions(-)
diff --git a/drivers/irqchip/irq-renesas-rzg2l.c b/drivers/irqchip/irq-renesas-rzg2l.c
index 80cbe96505c92..02ab6a944539f 100644
--- a/drivers/irqchip/irq-renesas-rzg2l.c
+++ b/drivers/irqchip/irq-renesas-rzg2l.c
@@ -162,8 +162,10 @@ static void rzg2l_irqc_irq_enable(struct irq_data *d)
static int rzg2l_irq_set_type(struct irq_data *d, unsigned int type)
{
- unsigned int hw_irq = irqd_to_hwirq(d) - IRQC_IRQ_START;
struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
+ unsigned int hwirq = irqd_to_hwirq(d);
+ u32 iitseln = hwirq - IRQC_IRQ_START;
+ bool clear_irq_int = false;
u16 sense, tmp;
switch (type & IRQ_TYPE_SENSE_MASK) {
@@ -173,14 +175,17 @@ static int rzg2l_irq_set_type(struct irq_data *d, unsigned int type)
case IRQ_TYPE_EDGE_FALLING:
sense = IITSR_IITSEL_EDGE_FALLING;
+ clear_irq_int = true;
break;
case IRQ_TYPE_EDGE_RISING:
sense = IITSR_IITSEL_EDGE_RISING;
+ clear_irq_int = true;
break;
case IRQ_TYPE_EDGE_BOTH:
sense = IITSR_IITSEL_EDGE_BOTH;
+ clear_irq_int = true;
break;
default:
@@ -189,21 +194,40 @@ static int rzg2l_irq_set_type(struct irq_data *d, unsigned int type)
raw_spin_lock(&priv->lock);
tmp = readl_relaxed(priv->base + IITSR);
- tmp &= ~IITSR_IITSEL_MASK(hw_irq);
- tmp |= IITSR_IITSEL(hw_irq, sense);
+ tmp &= ~IITSR_IITSEL_MASK(iitseln);
+ tmp |= IITSR_IITSEL(iitseln, sense);
+ if (clear_irq_int)
+ rzg2l_clear_irq_int(priv, hwirq);
writel_relaxed(tmp, priv->base + IITSR);
raw_spin_unlock(&priv->lock);
return 0;
}
+static u32 rzg2l_disable_tint_and_set_tint_source(struct irq_data *d, struct rzg2l_irqc_priv *priv,
+ u32 reg, u32 tssr_offset, u8 tssr_index)
+{
+ u32 tint = (u32)(uintptr_t)irq_data_get_irq_chip_data(d);
+ u32 tien = reg & (TIEN << TSSEL_SHIFT(tssr_offset));
+
+ /* Clear the relevant byte in reg */
+ reg &= ~(TSSEL_MASK << TSSEL_SHIFT(tssr_offset));
+ /* Set TINT and leave TIEN clear */
+ reg |= tint << TSSEL_SHIFT(tssr_offset);
+ writel_relaxed(reg, priv->base + TSSR(tssr_index));
+
+ return reg | tien;
+}
+
static int rzg2l_tint_set_edge(struct irq_data *d, unsigned int type)
{
struct rzg2l_irqc_priv *priv = irq_data_to_priv(d);
unsigned int hwirq = irqd_to_hwirq(d);
u32 titseln = hwirq - IRQC_TINT_START;
+ u32 tssr_offset = TSSR_OFFSET(titseln);
+ u8 tssr_index = TSSR_INDEX(titseln);
u8 index, sense;
- u32 reg;
+ u32 reg, tssr;
switch (type & IRQ_TYPE_SENSE_MASK) {
case IRQ_TYPE_EDGE_RISING:
@@ -225,10 +249,14 @@ static int rzg2l_tint_set_edge(struct irq_data *d, unsigned int type)
}
raw_spin_lock(&priv->lock);
+ tssr = readl_relaxed(priv->base + TSSR(tssr_index));
+ tssr = rzg2l_disable_tint_and_set_tint_source(d, priv, tssr, tssr_offset, tssr_index);
reg = readl_relaxed(priv->base + TITSR(index));
reg &= ~(IRQ_MASK << (titseln * TITSEL_WIDTH));
reg |= sense << (titseln * TITSEL_WIDTH);
writel_relaxed(reg, priv->base + TITSR(index));
+ rzg2l_clear_tint_int(priv, hwirq);
+ writel_relaxed(tssr, priv->base + TSSR(tssr_index));
raw_spin_unlock(&priv->lock);
return 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 299/396] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (297 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 298/396] irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 300/396] efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Greg Kroah-Hartman
` (108 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Qiang Zhang, Jinghao Jia,
Masami Hiramatsu (Google), Ingo Molnar, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
[ Upstream commit 4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b ]
Read from an unsafe address with copy_from_kernel_nofault() in
arch_adjust_kprobe_addr() because this function is used before checking
the address is in text or not. Syzcaller bot found a bug and reported
the case if user specifies inaccessible data area,
arch_adjust_kprobe_addr() will cause a kernel panic.
[ mingo: Clarified the comment. ]
Fixes: cc66bb914578 ("x86/ibt,kprobes: Cure sym+0 equals fentry woes")
Reported-by: Qiang Zhang <zzqq0103.hey@gmail.com>
Tested-by: Jinghao Jia <jinghao7@illinois.edu>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Link: https://lore.kernel.org/r/171042945004.154897.2221804961882915806.stgit@devnote2
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/kprobes/core.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
index a0ce46c0a2d88..a6a3475e1d609 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -335,7 +335,16 @@ static int can_probe(unsigned long paddr)
kprobe_opcode_t *arch_adjust_kprobe_addr(unsigned long addr, unsigned long offset,
bool *on_func_entry)
{
- if (is_endbr(*(u32 *)addr)) {
+ u32 insn;
+
+ /*
+ * Since 'addr' is not guaranteed to be safe to access, use
+ * copy_from_kernel_nofault() to read the instruction:
+ */
+ if (copy_from_kernel_nofault(&insn, (void *)addr, sizeof(u32)))
+ return NULL;
+
+ if (is_endbr(insn)) {
*on_func_entry = !offset || offset == 4;
if (*on_func_entry)
offset = 4;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 300/396] efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (298 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 299/396] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 301/396] x86/mpparse: Register APIC address only once Greg Kroah-Hartman
` (107 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, linux-efi, Tom Englund, linux-kernel,
Kazuma Kondo, Ard Biesheuvel, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: KONDO KAZUMA(近藤 和真) <kazuma-kondo@nec.com>
[ Upstream commit 3cb4a4827596abc82e55b80364f509d0fefc3051 ]
Following warning is sometimes observed while booting my servers:
[ 3.594838] DMA: preallocated 4096 KiB GFP_KERNEL pool for atomic allocations
[ 3.602918] swapper/0: page allocation failure: order:10, mode:0xcc1(GFP_KERNEL|GFP_DMA), nodemask=(null),cpuset=/,mems_allowed=0-1
...
[ 3.851862] DMA: preallocated 1024 KiB GFP_KERNEL|GFP_DMA pool for atomic allocation
If 'nokaslr' boot option is set, the warning always happens.
On x86, ZONE_DMA is small zone at the first 16MB of physical address
space. When this problem happens, most of that space seems to be used by
decompressed kernel. Thereby, there is not enough space at DMA_ZONE to
meet the request of DMA pool allocation.
The commit 2f77465b05b1 ("x86/efistub: Avoid placing the kernel below
LOAD_PHYSICAL_ADDR") tried to fix this problem by introducing lower
bound of allocation.
But the fix is not complete.
efi_random_alloc() allocates pages by following steps.
1. Count total available slots ('total_slots')
2. Select a slot ('target_slot') to allocate randomly
3. Calculate a starting address ('target') to be included target_slot
4. Allocate pages, which starting address is 'target'
In step 1, 'alloc_min' is used to offset the starting address of memory
chunk. But in step 3 'alloc_min' is not considered at all. As the
result, 'target' can be miscalculated and become lower than 'alloc_min'.
When KASLR is disabled, 'target_slot' is always 0 and the problem
happens everytime if the EFI memory map of the system meets the
condition.
Fix this problem by calculating 'target' considering 'alloc_min'.
Cc: linux-efi@vger.kernel.org
Cc: Tom Englund <tomenglund26@gmail.com>
Cc: linux-kernel@vger.kernel.org
Fixes: 2f77465b05b1 ("x86/efistub: Avoid placing the kernel below LOAD_PHYSICAL_ADDR")
Signed-off-by: Kazuma Kondo <kazuma-kondo@nec.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/libstub/randomalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/firmware/efi/libstub/randomalloc.c b/drivers/firmware/efi/libstub/randomalloc.c
index 4e96a855fdf47..7e18528595502 100644
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -120,7 +120,7 @@ efi_status_t efi_random_alloc(unsigned long size,
continue;
}
- target = round_up(md->phys_addr, align) + target_slot * align;
+ target = round_up(max(md->phys_addr, alloc_min), align) + target_slot * align;
pages = size / EFI_PAGE_SIZE;
status = efi_bs_call(allocate_pages, EFI_ALLOCATE_ADDRESS,
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 301/396] x86/mpparse: Register APIC address only once
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (299 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 300/396] efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 302/396] x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Greg Kroah-Hartman
` (106 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Thomas Gleixner,
Borislav Petkov (AMD), Guenter Roeck, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit f2208aa12c27bfada3c15c550c03ca81d42dcac2 ]
The APIC address is registered twice. First during the early detection and
afterwards when actually scanning the table for APIC IDs. The APIC and
topology core warn about the second attempt.
Restrict it to the early detection call.
Fixes: 81287ad65da5 ("x86/apic: Sanitize APIC address setup")
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/20240322185305.297774848@linutronix.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/mpparse.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/mpparse.c b/arch/x86/kernel/mpparse.c
index b223922248e9f..15c700d358700 100644
--- a/arch/x86/kernel/mpparse.c
+++ b/arch/x86/kernel/mpparse.c
@@ -196,12 +196,12 @@ static int __init smp_read_mpc(struct mpc_table *mpc, unsigned early)
if (!smp_check_mpc(mpc, oem, str))
return 0;
- /* Initialize the lapic mapping */
- if (!acpi_lapic)
- register_lapic_address(mpc->lapic);
-
- if (early)
+ if (early) {
+ /* Initialize the lapic mapping */
+ if (!acpi_lapic)
+ register_lapic_address(mpc->lapic);
return 1;
+ }
/* Now process the configuration blocks. */
while (count < mpc->length) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 302/396] x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (300 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 301/396] x86/mpparse: Register APIC address only once Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 303/396] efi: fix panic in kdump kernel Greg Kroah-Hartman
` (105 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Adamos Ttofari, Chang S. Bae,
Ingo Molnar, Thomas Gleixner, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Adamos Ttofari <attofari@amazon.de>
[ Upstream commit 10e4b5166df9ff7a2d5316138ca668b42d004422 ]
Commit 672365477ae8 ("x86/fpu: Update XFD state where required") and
commit 8bf26758ca96 ("x86/fpu: Add XFD state to fpstate") introduced a
per CPU variable xfd_state to keep the MSR_IA32_XFD value cached, in
order to avoid unnecessary writes to the MSR.
On CPU hotplug MSR_IA32_XFD is reset to the init_fpstate.xfd, which
wipes out any stale state. But the per CPU cached xfd value is not
reset, which brings them out of sync.
As a consequence a subsequent xfd_update_state() might fail to update
the MSR which in turn can result in XRSTOR raising a #NM in kernel
space, which crashes the kernel.
To fix this, introduce xfd_set_state() to write xfd_state together
with MSR_IA32_XFD, and use it in all places that set MSR_IA32_XFD.
Fixes: 672365477ae8 ("x86/fpu: Update XFD state where required")
Signed-off-by: Adamos Ttofari <attofari@amazon.de>
Signed-off-by: Chang S. Bae <chang.seok.bae@intel.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20240322230439.456571-1-chang.seok.bae@intel.com
Closes: https://lore.kernel.org/lkml/20230511152818.13839-1-attofari@amazon.de
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/x86/kernel/fpu/xstate.c | 5 +++--
arch/x86/kernel/fpu/xstate.h | 14 ++++++++++----
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/arch/x86/kernel/fpu/xstate.c b/arch/x86/kernel/fpu/xstate.c
index ef6906107c541..571a43b3105df 100644
--- a/arch/x86/kernel/fpu/xstate.c
+++ b/arch/x86/kernel/fpu/xstate.c
@@ -178,10 +178,11 @@ void fpu__init_cpu_xstate(void)
* Must happen after CR4 setup and before xsetbv() to allow KVM
* lazy passthrough. Write independent of the dynamic state static
* key as that does not work on the boot CPU. This also ensures
- * that any stale state is wiped out from XFD.
+ * that any stale state is wiped out from XFD. Reset the per CPU
+ * xfd cache too.
*/
if (cpu_feature_enabled(X86_FEATURE_XFD))
- wrmsrl(MSR_IA32_XFD, init_fpstate.xfd);
+ xfd_set_state(init_fpstate.xfd);
/*
* XCR_XFEATURE_ENABLED_MASK (aka. XCR0) sets user features
diff --git a/arch/x86/kernel/fpu/xstate.h b/arch/x86/kernel/fpu/xstate.h
index 3518fb26d06b0..19ca623ffa2ac 100644
--- a/arch/x86/kernel/fpu/xstate.h
+++ b/arch/x86/kernel/fpu/xstate.h
@@ -148,20 +148,26 @@ static inline void xfd_validate_state(struct fpstate *fpstate, u64 mask, bool rs
#endif
#ifdef CONFIG_X86_64
+static inline void xfd_set_state(u64 xfd)
+{
+ wrmsrl(MSR_IA32_XFD, xfd);
+ __this_cpu_write(xfd_state, xfd);
+}
+
static inline void xfd_update_state(struct fpstate *fpstate)
{
if (fpu_state_size_dynamic()) {
u64 xfd = fpstate->xfd;
- if (__this_cpu_read(xfd_state) != xfd) {
- wrmsrl(MSR_IA32_XFD, xfd);
- __this_cpu_write(xfd_state, xfd);
- }
+ if (__this_cpu_read(xfd_state) != xfd)
+ xfd_set_state(xfd);
}
}
extern int __xfd_enable_feature(u64 which, struct fpu_guest *guest_fpu);
#else
+static inline void xfd_set_state(u64 xfd) { }
+
static inline void xfd_update_state(struct fpstate *fpstate) { }
static inline int __xfd_enable_feature(u64 which, struct fpu_guest *guest_fpu) {
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 303/396] efi: fix panic in kdump kernel
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (301 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 302/396] x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 304/396] pwm: img: fix pwm clock lookup Greg Kroah-Hartman
` (104 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Oleksandr Tymoshenko, Ard Biesheuvel,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksandr Tymoshenko <ovt@google.com>
[ Upstream commit 62b71cd73d41ddac6b1760402bbe8c4932e23531 ]
Check if get_next_variable() is actually valid pointer before
calling it. In kdump kernel this method is set to NULL that causes
panic during the kexec-ed kernel boot.
Tested with QEMU and OVMF firmware.
Fixes: bad267f9e18f ("efi: verify that variable services are supported")
Signed-off-by: Oleksandr Tymoshenko <ovt@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/firmware/efi/efi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
index 1974f0ad32bad..2c1095dcc2f2f 100644
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -199,6 +199,8 @@ static bool generic_ops_supported(void)
name_size = sizeof(name);
+ if (!efi.get_next_variable)
+ return false;
status = efi.get_next_variable(&name_size, &name, &guid);
if (status == EFI_UNSUPPORTED)
return false;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 304/396] pwm: img: fix pwm clock lookup
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (302 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 303/396] efi: fix panic in kdump kernel Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 305/396] selftests/mm: gup_test: conform test to TAP format output Greg Kroah-Hartman
` (103 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zoltan HERPAI, Uwe Kleine-König,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zoltan HERPAI <wigyori@uid0.hu>
[ Upstream commit 9eb05877dbee03064d3d3483cd6702f610d5a358 ]
22e8e19 has introduced a regression in the imgchip->pwm_clk lookup, whereas
the clock name has also been renamed to "imgchip". This causes the driver
failing to load:
[ 0.546905] img-pwm 18101300.pwm: failed to get imgchip clock
[ 0.553418] img-pwm: probe of 18101300.pwm failed with error -2
Fix this lookup by reverting the clock name back to "pwm".
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Link: https://lore.kernel.org/r/20240320083602.81592-1-wigyori@uid0.hu
Fixes: 22e8e19a46f7 ("pwm: img: Rename variable pointing to driver private data")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/pwm/pwm-img.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/pwm/pwm-img.c b/drivers/pwm/pwm-img.c
index 326af85888e7b..fd1535c47b6db 100644
--- a/drivers/pwm/pwm-img.c
+++ b/drivers/pwm/pwm-img.c
@@ -289,9 +289,9 @@ static int img_pwm_probe(struct platform_device *pdev)
return PTR_ERR(imgchip->sys_clk);
}
- imgchip->pwm_clk = devm_clk_get(&pdev->dev, "imgchip");
+ imgchip->pwm_clk = devm_clk_get(&pdev->dev, "pwm");
if (IS_ERR(imgchip->pwm_clk)) {
- dev_err(&pdev->dev, "failed to get imgchip clock\n");
+ dev_err(&pdev->dev, "failed to get pwm clock\n");
return PTR_ERR(imgchip->pwm_clk);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 305/396] selftests/mm: gup_test: conform test to TAP format output
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (303 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 304/396] pwm: img: fix pwm clock lookup Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 306/396] selftests/mm: Fix build with _FORTIFY_SOURCE Greg Kroah-Hartman
` (102 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Usama Anjum, Shuah Khan,
Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muhammad Usama Anjum <usama.anjum@collabora.com>
[ Upstream commit cb6e7cae18868422a23d62670110c61fd1b15029 ]
Conform the layout, informational and status messages to TAP. No
functional change is intended other than the layout of output messages.
Link: https://lkml.kernel.org/r/20240102053807.2114200-1-usama.anjum@collabora.com
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Cc: Shuah Khan <shuah@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Stable-dep-of: 8b65ef5ad486 ("selftests/mm: Fix build with _FORTIFY_SOURCE")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/mm/gup_test.c | 65 ++++++++++++++-------------
1 file changed, 33 insertions(+), 32 deletions(-)
diff --git a/tools/testing/selftests/mm/gup_test.c b/tools/testing/selftests/mm/gup_test.c
index ec22291363844..cbe99594d319b 100644
--- a/tools/testing/selftests/mm/gup_test.c
+++ b/tools/testing/selftests/mm/gup_test.c
@@ -50,39 +50,41 @@ static char *cmd_to_str(unsigned long cmd)
void *gup_thread(void *data)
{
struct gup_test gup = *(struct gup_test *)data;
- int i;
+ int i, status;
/* Only report timing information on the *_BENCHMARK commands: */
if ((cmd == PIN_FAST_BENCHMARK) || (cmd == GUP_FAST_BENCHMARK) ||
(cmd == PIN_LONGTERM_BENCHMARK)) {
for (i = 0; i < repeats; i++) {
gup.size = size;
- if (ioctl(gup_fd, cmd, &gup))
- perror("ioctl"), exit(1);
+ status = ioctl(gup_fd, cmd, &gup);
+ if (status)
+ break;
pthread_mutex_lock(&print_mutex);
- printf("%s: Time: get:%lld put:%lld us",
- cmd_to_str(cmd), gup.get_delta_usec,
- gup.put_delta_usec);
+ ksft_print_msg("%s: Time: get:%lld put:%lld us",
+ cmd_to_str(cmd), gup.get_delta_usec,
+ gup.put_delta_usec);
if (gup.size != size)
- printf(", truncated (size: %lld)", gup.size);
- printf("\n");
+ ksft_print_msg(", truncated (size: %lld)", gup.size);
+ ksft_print_msg("\n");
pthread_mutex_unlock(&print_mutex);
}
} else {
gup.size = size;
- if (ioctl(gup_fd, cmd, &gup)) {
- perror("ioctl");
- exit(1);
- }
+ status = ioctl(gup_fd, cmd, &gup);
+ if (status)
+ goto return_;
pthread_mutex_lock(&print_mutex);
- printf("%s: done\n", cmd_to_str(cmd));
+ ksft_print_msg("%s: done\n", cmd_to_str(cmd));
if (gup.size != size)
- printf("Truncated (size: %lld)\n", gup.size);
+ ksft_print_msg("Truncated (size: %lld)\n", gup.size);
pthread_mutex_unlock(&print_mutex);
}
+return_:
+ ksft_test_result(!status, "ioctl status %d\n", status);
return NULL;
}
@@ -170,7 +172,7 @@ int main(int argc, char **argv)
touch = 1;
break;
default:
- return -1;
+ ksft_exit_fail_msg("Wrong argument\n");
}
}
@@ -198,11 +200,12 @@ int main(int argc, char **argv)
}
}
+ ksft_print_header();
+ ksft_set_plan(nthreads);
+
filed = open(file, O_RDWR|O_CREAT);
- if (filed < 0) {
- perror("open");
- exit(filed);
- }
+ if (filed < 0)
+ ksft_exit_fail_msg("Unable to open %s: %s\n", file, strerror(errno));
gup.nr_pages_per_call = nr_pages;
if (write)
@@ -213,27 +216,24 @@ int main(int argc, char **argv)
switch (errno) {
case EACCES:
if (getuid())
- printf("Please run this test as root\n");
+ ksft_print_msg("Please run this test as root\n");
break;
case ENOENT:
- if (opendir("/sys/kernel/debug") == NULL) {
- printf("mount debugfs at /sys/kernel/debug\n");
- break;
- }
- printf("check if CONFIG_GUP_TEST is enabled in kernel config\n");
+ if (opendir("/sys/kernel/debug") == NULL)
+ ksft_print_msg("mount debugfs at /sys/kernel/debug\n");
+ ksft_print_msg("check if CONFIG_GUP_TEST is enabled in kernel config\n");
break;
default:
- perror("failed to open " GUP_TEST_FILE);
+ ksft_print_msg("failed to open %s: %s\n", GUP_TEST_FILE, strerror(errno));
break;
}
- exit(KSFT_SKIP);
+ ksft_test_result_skip("Please run this test as root\n");
+ return ksft_exit_pass();
}
p = mmap(NULL, size, PROT_READ | PROT_WRITE, flags, filed, 0);
- if (p == MAP_FAILED) {
- perror("mmap");
- exit(1);
- }
+ if (p == MAP_FAILED)
+ ksft_exit_fail_msg("mmap: %s\n", strerror(errno));
gup.addr = (unsigned long)p;
if (thp == 1)
@@ -264,7 +264,8 @@ int main(int argc, char **argv)
ret = pthread_join(tid[i], NULL);
assert(ret == 0);
}
+
free(tid);
- return 0;
+ return ksft_exit_pass();
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 306/396] selftests/mm: Fix build with _FORTIFY_SOURCE
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (304 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 305/396] selftests/mm: gup_test: conform test to TAP format output Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 307/396] perf top: Use evsels cpus to replace user_requested_cpus Greg Kroah-Hartman
` (101 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Vitaly Chikunov, Zi Yan,
David Hildenbrand, Keith Busch, Peter Xu, Yang Shi,
Andrea Arcangeli, Nadav Amit, Andrew Morton, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Chikunov <vt@altlinux.org>
[ Upstream commit 8b65ef5ad4862904e476a8f3d4e4418c950ddb90 ]
Add missing flags argument to open(2) call with O_CREAT.
Some tests fail to compile if _FORTIFY_SOURCE is defined (to any valid
value) (together with -O), resulting in similar error messages such as:
In file included from /usr/include/fcntl.h:342,
from gup_test.c:1:
In function 'open',
inlined from 'main' at gup_test.c:206:10:
/usr/include/bits/fcntl2.h:50:11: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
50 | __open_missing_mode ();
| ^~~~~~~~~~~~~~~~~~~~~~
_FORTIFY_SOURCE is enabled by default in some distributions, so the
tests are not built by default and are skipped.
open(2) man-page warns about missing flags argument: "if it is not
supplied, some arbitrary bytes from the stack will be applied as the
file mode."
Link: https://lkml.kernel.org/r/20240318023445.3192922-1-vt@altlinux.org
Fixes: aeb85ed4f41a ("tools/testing/selftests/vm/gup_benchmark.c: allow user specified file")
Fixes: fbe37501b252 ("mm: huge_memory: debugfs for file-backed THP split")
Fixes: c942f5bd17b3 ("selftests: soft-dirty: add test for mprotect")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Reviewed-by: Zi Yan <ziy@nvidia.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Cc: Keith Busch <kbusch@kernel.org>
Cc: Peter Xu <peterx@redhat.com>
Cc: Yang Shi <shy828301@gmail.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Nadav Amit <nadav.amit@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/mm/gup_test.c | 2 +-
tools/testing/selftests/mm/soft-dirty.c | 2 +-
tools/testing/selftests/mm/split_huge_page_test.c | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/testing/selftests/mm/gup_test.c b/tools/testing/selftests/mm/gup_test.c
index cbe99594d319b..18a49c70d4c63 100644
--- a/tools/testing/selftests/mm/gup_test.c
+++ b/tools/testing/selftests/mm/gup_test.c
@@ -203,7 +203,7 @@ int main(int argc, char **argv)
ksft_print_header();
ksft_set_plan(nthreads);
- filed = open(file, O_RDWR|O_CREAT);
+ filed = open(file, O_RDWR|O_CREAT, 0664);
if (filed < 0)
ksft_exit_fail_msg("Unable to open %s: %s\n", file, strerror(errno));
diff --git a/tools/testing/selftests/mm/soft-dirty.c b/tools/testing/selftests/mm/soft-dirty.c
index cc5f144430d4d..7dbfa53d93a05 100644
--- a/tools/testing/selftests/mm/soft-dirty.c
+++ b/tools/testing/selftests/mm/soft-dirty.c
@@ -137,7 +137,7 @@ static void test_mprotect(int pagemap_fd, int pagesize, bool anon)
if (!map)
ksft_exit_fail_msg("anon mmap failed\n");
} else {
- test_fd = open(fname, O_RDWR | O_CREAT);
+ test_fd = open(fname, O_RDWR | O_CREAT, 0664);
if (test_fd < 0) {
ksft_test_result_skip("Test %s open() file failed\n", __func__);
return;
diff --git a/tools/testing/selftests/mm/split_huge_page_test.c b/tools/testing/selftests/mm/split_huge_page_test.c
index 0e74635c8c3d9..dff3be23488b4 100644
--- a/tools/testing/selftests/mm/split_huge_page_test.c
+++ b/tools/testing/selftests/mm/split_huge_page_test.c
@@ -253,7 +253,7 @@ void split_file_backed_thp(void)
goto cleanup;
}
- fd = open(testfile, O_CREAT|O_WRONLY);
+ fd = open(testfile, O_CREAT|O_WRONLY, 0664);
if (fd == -1) {
perror("Cannot open testing file\n");
goto cleanup;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 307/396] perf top: Use evsels cpus to replace user_requested_cpus
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (305 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 306/396] selftests/mm: Fix build with _FORTIFY_SOURCE Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 308/396] ALSA: hda/tas2781: remove digital gain kcontrol Greg Kroah-Hartman
` (100 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Arnaldo Carvalho de Melo, Ian Rogers,
Kan Liang, Arnaldo Carvalho de Melo, Hector Martin, Marc Zyngier,
Mark Rutland, Namhyung Kim
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kan Liang <kan.liang@linux.intel.com>
commit 5fa695e7da4975e8d21ce49f3718d6cf00ecb75e upstream.
perf top errors out on a hybrid machine
$perf top
Error:
The cycles:P event is not supported.
The perf top expects that the "cycles" is collected on all CPUs in the
system. But for hybrid there is no single "cycles" event which can cover
all CPUs. Perf has to split it into two cycles events, e.g.,
cpu_core/cycles/ and cpu_atom/cycles/. Each event has its own CPU mask.
If a event is opened on the unsupported CPU. The open fails. That's the
reason of the above error out.
Perf should only open the cycles event on the corresponding CPU. The
commit ef91871c960e ("perf evlist: Propagate user CPU maps intersecting
core PMU maps") intersect the requested CPU map with the CPU map of the
PMU. Use the evsel's cpus to replace user_requested_cpus.
The evlist's threads are also propagated to the evsel's threads in
__perf_evlist__propagate_maps(). For a system-wide event, perf appends
a dummy event and assign it to the evsel's threads. For a per-thread
event, the evlist's thread_map is assigned to the evsel's threads. The
same as the other tools, e.g., perf record, using the evsel's threads
when opening an event.
Reported-by: Arnaldo Carvalho de Melo <acme@kernel.org>
Reviewed-by: Ian Rogers <irogers@google.com>
Signed-off-by: Kan Liang <kan.liang@linux.intel.com>
Tested-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Hector Martin <marcan@marcan.st>
Cc: Marc Zyngier <maz@kernel.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Namhyung Kim <namhyung@kernel.org>
Closes: https://lore.kernel.org/linux-perf-users/ZXNnDrGKXbEELMXV@kernel.org/
Link: https://lore.kernel.org/r/20231214144612.1092028-1-kan.liang@linux.intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/perf/builtin-top.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tools/perf/builtin-top.c
+++ b/tools/perf/builtin-top.c
@@ -1027,8 +1027,8 @@ static int perf_top__start_counters(stru
evlist__for_each_entry(evlist, counter) {
try_again:
- if (evsel__open(counter, top->evlist->core.user_requested_cpus,
- top->evlist->core.threads) < 0) {
+ if (evsel__open(counter, counter->core.cpus,
+ counter->core.threads) < 0) {
/*
* Specially handle overwrite fall back.
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 308/396] ALSA: hda/tas2781: remove digital gain kcontrol
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (306 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 307/396] perf top: Use evsels cpus to replace user_requested_cpus Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 309/396] ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman
` (99 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Gergo Koteles, Takashi Iwai
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gergo Koteles <soyer@irl.hu>
commit ae065d0ce9e36ca4efdfb9b96ce3395bd1c19372 upstream.
The "Speaker Digital Gain" kcontrol controls the TAS2781_DVC_LVL (0x1A)
register. Unfortunately the tas2563 does not have DVC_LVL, but has
INT_MASK0 in 0x1A, which has been misused so far.
Since commit c1947ce61ff4 ("ALSA: hda/realtek: tas2781: enable subwoofer
volume control") the volume of the tas2781 amplifiers can be controlled
by the master volume, so this digital gain kcontrol is not needed.
Remove it.
Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: stable@vger.kernel.org
Signed-off-by: Gergo Koteles <soyer@irl.hu>
Message-ID: <741fc21db994efd58f83e7aef38931204961e5b2.1711469583.git.soyer@irl.hu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/tas2781_hda_i2c.c | 37 +------------------------------------
1 file changed, 1 insertion(+), 36 deletions(-)
--- a/sound/pci/hda/tas2781_hda_i2c.c
+++ b/sound/pci/hda/tas2781_hda_i2c.c
@@ -71,7 +71,7 @@ struct tas2781_hda {
struct snd_kcontrol *dsp_prog_ctl;
struct snd_kcontrol *dsp_conf_ctl;
struct snd_kcontrol *prof_ctl;
- struct snd_kcontrol *snd_ctls[3];
+ struct snd_kcontrol *snd_ctls[2];
};
static int tas2781_get_i2c_res(struct acpi_resource *ares, void *data)
@@ -288,27 +288,6 @@ static int tasdevice_config_put(struct s
return ret;
}
-/*
- * tas2781_digital_getvol - get the volum control
- * @kcontrol: control pointer
- * @ucontrol: User data
- * Customer Kcontrol for tas2781 is primarily for regmap booking, paging
- * depends on internal regmap mechanism.
- * tas2781 contains book and page two-level register map, especially
- * book switching will set the register BXXP00R7F, after switching to the
- * correct book, then leverage the mechanism for paging to access the
- * register.
- */
-static int tas2781_digital_getvol(struct snd_kcontrol *kcontrol,
- struct snd_ctl_elem_value *ucontrol)
-{
- struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
- struct soc_mixer_control *mc =
- (struct soc_mixer_control *)kcontrol->private_value;
-
- return tasdevice_digital_getvol(tas_priv, ucontrol, mc);
-}
-
static int tas2781_amp_getvol(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_value *ucontrol)
{
@@ -319,17 +298,6 @@ static int tas2781_amp_getvol(struct snd
return tasdevice_amp_getvol(tas_priv, ucontrol, mc);
}
-static int tas2781_digital_putvol(struct snd_kcontrol *kcontrol,
- struct snd_ctl_elem_value *ucontrol)
-{
- struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
- struct soc_mixer_control *mc =
- (struct soc_mixer_control *)kcontrol->private_value;
-
- /* The check of the given value is in tasdevice_digital_putvol. */
- return tasdevice_digital_putvol(tas_priv, ucontrol, mc);
-}
-
static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol,
struct snd_ctl_elem_value *ucontrol)
{
@@ -375,9 +343,6 @@ static const struct snd_kcontrol_new tas
ACARD_SINGLE_RANGE_EXT_TLV("Speaker Analog Gain", TAS2781_AMP_LEVEL,
1, 0, 20, 0, tas2781_amp_getvol,
tas2781_amp_putvol, amp_vol_tlv),
- ACARD_SINGLE_RANGE_EXT_TLV("Speaker Digital Gain", TAS2781_DVC_LVL,
- 0, 0, 200, 1, tas2781_digital_getvol,
- tas2781_digital_putvol, dvc_tlv),
ACARD_SINGLE_BOOL_EXT("Speaker Force Firmware Load", 0,
tas2781_force_fwload_get, tas2781_force_fwload_put),
};
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 309/396] ALSA: hda/tas2781: add locks to kcontrols
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (307 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 308/396] ALSA: hda/tas2781: remove digital gain kcontrol Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 310/396] init: open /initrd.image with O_LARGEFILE Greg Kroah-Hartman
` (98 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Gergo Koteles, Takashi Iwai
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gergo Koteles <soyer@irl.hu>
commit 15bc3066d2378eef1b45254be9df23b0dd7f1667 upstream.
The rcabin.profile_cfg_id, cur_prog, cur_conf, force_fwload_status
variables are acccessible from multiple threads and therefore require
locking.
Fixes: 5be27f1e3ec9 ("ALSA: hda/tas2781: Add tas2781 HDA driver")
CC: stable@vger.kernel.org
Signed-off-by: Gergo Koteles <soyer@irl.hu>
Message-ID: <e35b867f6fe5fa1f869dd658a0a1f2118b737f57.1711469583.git.soyer@irl.hu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/tas2781_hda_i2c.c | 50 ++++++++++++++++++++++++++++++++++++++--
1 file changed, 48 insertions(+), 2 deletions(-)
--- a/sound/pci/hda/tas2781_hda_i2c.c
+++ b/sound/pci/hda/tas2781_hda_i2c.c
@@ -179,8 +179,12 @@ static int tasdevice_get_profile_id(stru
{
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
+ mutex_lock(&tas_priv->codec_lock);
+
ucontrol->value.integer.value[0] = tas_priv->rcabin.profile_cfg_id;
+ mutex_unlock(&tas_priv->codec_lock);
+
return 0;
}
@@ -194,11 +198,15 @@ static int tasdevice_set_profile_id(stru
val = clamp(nr_profile, 0, max);
+ mutex_lock(&tas_priv->codec_lock);
+
if (tas_priv->rcabin.profile_cfg_id != val) {
tas_priv->rcabin.profile_cfg_id = val;
ret = 1;
}
+ mutex_unlock(&tas_priv->codec_lock);
+
return ret;
}
@@ -235,8 +243,12 @@ static int tasdevice_program_get(struct
{
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
+ mutex_lock(&tas_priv->codec_lock);
+
ucontrol->value.integer.value[0] = tas_priv->cur_prog;
+ mutex_unlock(&tas_priv->codec_lock);
+
return 0;
}
@@ -251,11 +263,15 @@ static int tasdevice_program_put(struct
val = clamp(nr_program, 0, max);
+ mutex_lock(&tas_priv->codec_lock);
+
if (tas_priv->cur_prog != val) {
tas_priv->cur_prog = val;
ret = 1;
}
+ mutex_unlock(&tas_priv->codec_lock);
+
return ret;
}
@@ -264,8 +280,12 @@ static int tasdevice_config_get(struct s
{
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
+ mutex_lock(&tas_priv->codec_lock);
+
ucontrol->value.integer.value[0] = tas_priv->cur_conf;
+ mutex_unlock(&tas_priv->codec_lock);
+
return 0;
}
@@ -280,11 +300,15 @@ static int tasdevice_config_put(struct s
val = clamp(nr_config, 0, max);
+ mutex_lock(&tas_priv->codec_lock);
+
if (tas_priv->cur_conf != val) {
tas_priv->cur_conf = val;
ret = 1;
}
+ mutex_unlock(&tas_priv->codec_lock);
+
return ret;
}
@@ -294,8 +318,15 @@ static int tas2781_amp_getvol(struct snd
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
struct soc_mixer_control *mc =
(struct soc_mixer_control *)kcontrol->private_value;
+ int ret;
- return tasdevice_amp_getvol(tas_priv, ucontrol, mc);
+ mutex_lock(&tas_priv->codec_lock);
+
+ ret = tasdevice_amp_getvol(tas_priv, ucontrol, mc);
+
+ mutex_unlock(&tas_priv->codec_lock);
+
+ return ret;
}
static int tas2781_amp_putvol(struct snd_kcontrol *kcontrol,
@@ -304,9 +335,16 @@ static int tas2781_amp_putvol(struct snd
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
struct soc_mixer_control *mc =
(struct soc_mixer_control *)kcontrol->private_value;
+ int ret;
+
+ mutex_lock(&tas_priv->codec_lock);
/* The check of the given value is in tasdevice_amp_putvol. */
- return tasdevice_amp_putvol(tas_priv, ucontrol, mc);
+ ret = tasdevice_amp_putvol(tas_priv, ucontrol, mc);
+
+ mutex_unlock(&tas_priv->codec_lock);
+
+ return ret;
}
static int tas2781_force_fwload_get(struct snd_kcontrol *kcontrol,
@@ -314,10 +352,14 @@ static int tas2781_force_fwload_get(stru
{
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
+ mutex_lock(&tas_priv->codec_lock);
+
ucontrol->value.integer.value[0] = (int)tas_priv->force_fwload_status;
dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__,
tas_priv->force_fwload_status ? "ON" : "OFF");
+ mutex_unlock(&tas_priv->codec_lock);
+
return 0;
}
@@ -327,6 +369,8 @@ static int tas2781_force_fwload_put(stru
struct tasdevice_priv *tas_priv = snd_kcontrol_chip(kcontrol);
bool change, val = (bool)ucontrol->value.integer.value[0];
+ mutex_lock(&tas_priv->codec_lock);
+
if (tas_priv->force_fwload_status == val)
change = false;
else {
@@ -336,6 +380,8 @@ static int tas2781_force_fwload_put(stru
dev_dbg(tas_priv->dev, "%s : Force FWload %s\n", __func__,
tas_priv->force_fwload_status ? "ON" : "OFF");
+ mutex_unlock(&tas_priv->codec_lock);
+
return change;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 310/396] init: open /initrd.image with O_LARGEFILE
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (308 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 309/396] ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman
@ 2024-04-01 15:45 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 311/396] x86/efistub: Add missing boot_params for mixed mode compat entry Greg Kroah-Hartman
` (97 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:45 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, John Sperbeck, Jens Axboe,
Nick Desaulniers, Peter Zijlstra, Thomas Gleixner, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Sperbeck <jsperbeck@google.com>
commit 4624b346cf67400ef46a31771011fb798dd2f999 upstream.
If initrd data is larger than 2Gb, we'll eventually fail to write to the
/initrd.image file when we hit that limit, unless O_LARGEFILE is set.
Link: https://lkml.kernel.org/r/20240317221522.896040-1-jsperbeck@google.com
Signed-off-by: John Sperbeck <jsperbeck@google.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
init/initramfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -673,7 +673,7 @@ static void __init populate_initrd_image
printk(KERN_INFO "rootfs image is not initramfs (%s); looks like an initrd\n",
err);
- file = filp_open("/initrd.image", O_WRONLY | O_CREAT, 0700);
+ file = filp_open("/initrd.image", O_WRONLY|O_CREAT|O_LARGEFILE, 0700);
if (IS_ERR(file))
return;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 311/396] x86/efistub: Add missing boot_params for mixed mode compat entry
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (309 preceding siblings ...)
2024-04-01 15:45 ` [PATCH 6.6 310/396] init: open /initrd.image with O_LARGEFILE Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 312/396] efi/libstub: Cast away type warning in use of max() Greg Kroah-Hartman
` (96 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Clayton Craft, Hans de Goede,
Ard Biesheuvel, stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit d21f5a59ea773826cc489acb287811d690b703cc upstream.
The pure EFI stub entry point does not take a struct boot_params from
the boot loader, but creates it from scratch, and populates only the
fields that still have meaning in this context (command line, initrd
base and size, etc)
The original mixed mode implementation used the EFI handover protocol
instead, where the boot loader (i.e., GRUB) populates a boot_params
struct and passes it to a special Linux specific EFI entry point that
takes the boot_params pointer as its third argument.
When the new mixed mode implementation was introduced, using a special
32-bit PE entrypoint in the 64-bit kernel, it adopted the pure approach,
and relied on the EFI stub to create the struct boot_params. This is
preferred because it makes the bootloader side much easier to implement,
as it does not need any x86-specific knowledge on how struct boot_params
and struct setup_header are put together. This mixed mode implementation
was adopted by systemd-boot version 252 and later.
When commit
e2ab9eab324c ("x86/boot/compressed: Move 32-bit entrypoint code into .text section")
refactored this code and moved it out of head_64.S, the fact that ESI
was populated with the address of the base of the image was overlooked,
and to simplify the code flow, ESI is now zeroed and stored to memory
unconditionally in shared code, so that the NULL-ness of that variable
can still be used later to determine which mixed mode boot protocol is
in use.
With ESI pointing to the base of the image, it can serve as a struct
boot_params pointer for startup_32(), which only accesses the init_data
and kernel_alignment fields (and the scratch field as a temporary
stack). Zeroing ESI means that those accesses produce garbage now, even
though things appear to work if the first page of memory happens to be
zeroed, and the region right before LOAD_PHYSICAL_ADDR (== 16 MiB)
happens to be free.
The solution is to pass a special, temporary struct boot_params to
startup_32() via ESI, one that is sufficient for getting it to create
the page tables correctly and is discarded right after. This involves
setting a minimal alignment of 4k, only to get the statically allocated
page tables line up correctly, and setting init_size to the executable
image size (_end - startup_32). This ensures that the page tables are
covered by the static footprint of the PE image.
Given that EFI boot no longer calls the decompressor and no longer pads
the image to permit the decompressor to execute in place, the same
temporary struct boot_params should be used in the EFI handover protocol
based mixed mode implementation as well, to prevent the page tables from
being placed outside of allocated memory.
Fixes: e2ab9eab324c ("x86/boot/compressed: Move 32-bit entrypoint code into .text section")
Cc: <stable@kernel.org> # v6.1+
Closes: https://lore.kernel.org/all/20240321150510.GI8211@craftyguy.net/
Reported-by: Clayton Craft <clayton@craftyguy.net>
Tested-by: Clayton Craft <clayton@craftyguy.net>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/boot/compressed/efi_mixed.S | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- a/arch/x86/boot/compressed/efi_mixed.S
+++ b/arch/x86/boot/compressed/efi_mixed.S
@@ -15,10 +15,12 @@
*/
#include <linux/linkage.h>
+#include <asm/asm-offsets.h>
#include <asm/msr.h>
#include <asm/page_types.h>
#include <asm/processor-flags.h>
#include <asm/segment.h>
+#include <asm/setup.h>
.code64
.text
@@ -149,6 +151,7 @@ SYM_FUNC_END(__efi64_thunk)
SYM_FUNC_START(efi32_stub_entry)
call 1f
1: popl %ecx
+ leal (efi32_boot_args - 1b)(%ecx), %ebx
/* Clear BSS */
xorl %eax, %eax
@@ -163,6 +166,7 @@ SYM_FUNC_START(efi32_stub_entry)
popl %ecx
popl %edx
popl %esi
+ movl %esi, 8(%ebx)
jmp efi32_entry
SYM_FUNC_END(efi32_stub_entry)
#endif
@@ -239,8 +243,6 @@ SYM_FUNC_END(efi_enter32)
*
* Arguments: %ecx image handle
* %edx EFI system table pointer
- * %esi struct bootparams pointer (or NULL when not using
- * the EFI handover protocol)
*
* Since this is the point of no return for ordinary execution, no registers
* are considered live except for the function parameters. [Note that the EFI
@@ -266,9 +268,18 @@ SYM_FUNC_START_LOCAL(efi32_entry)
leal (efi32_boot_args - 1b)(%ebx), %ebx
movl %ecx, 0(%ebx)
movl %edx, 4(%ebx)
- movl %esi, 8(%ebx)
movb $0x0, 12(%ebx) // efi_is64
+ /*
+ * Allocate some memory for a temporary struct boot_params, which only
+ * needs the minimal pieces that startup_32() relies on.
+ */
+ subl $PARAM_SIZE, %esp
+ movl %esp, %esi
+ movl $PAGE_SIZE, BP_kernel_alignment(%esi)
+ movl $_end - 1b, BP_init_size(%esi)
+ subl $startup_32 - 1b, BP_init_size(%esi)
+
/* Disable paging */
movl %cr0, %eax
btrl $X86_CR0_PG_BIT, %eax
@@ -294,8 +305,7 @@ SYM_FUNC_START(efi32_pe_entry)
movl 8(%ebp), %ecx // image_handle
movl 12(%ebp), %edx // sys_table
- xorl %esi, %esi
- jmp efi32_entry // pass %ecx, %edx, %esi
+ jmp efi32_entry // pass %ecx, %edx
// no other registers remain live
2: popl %edi // restore callee-save registers
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 312/396] efi/libstub: Cast away type warning in use of max()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (310 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 311/396] x86/efistub: Add missing boot_params for mixed mode compat entry Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 313/396] x86/efistub: Reinstate soft limit for initrd loading Greg Kroah-Hartman
` (95 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Ard Biesheuvel
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit 61d130f261a3c15ae2c4b6f3ac3517d5d5b78855 upstream.
Avoid a type mismatch warning in max() by switching to max_t() and
providing the type explicitly.
Fixes: 3cb4a4827596abc82e ("efi/libstub: fix efi_random_alloc() ...")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/libstub/randomalloc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/firmware/efi/libstub/randomalloc.c
+++ b/drivers/firmware/efi/libstub/randomalloc.c
@@ -120,7 +120,7 @@ efi_status_t efi_random_alloc(unsigned l
continue;
}
- target = round_up(max(md->phys_addr, alloc_min), align) + target_slot * align;
+ target = round_up(max_t(u64, md->phys_addr, alloc_min), align) + target_slot * align;
pages = size / EFI_PAGE_SIZE;
status = efi_bs_call(allocate_pages, EFI_ALLOCATE_ADDRESS,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 313/396] x86/efistub: Reinstate soft limit for initrd loading
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (311 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 312/396] efi/libstub: Cast away type warning in use of max() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 314/396] prctl: generalize PR_SET_MDWE support check to be per-arch Greg Kroah-Hartman
` (94 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Radek Podgorny, Ard Biesheuvel
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ardb@kernel.org>
commit decd347c2a75d32984beb8807d470b763a53b542 upstream.
Commit
8117961d98fb2 ("x86/efi: Disregard setup header of loaded image")
dropped the memcopy of the image's setup header into the boot_params
struct provided to the core kernel, on the basis that EFI boot does not
need it and should rely only on a single protocol to interface with the
boot chain. It is also a prerequisite for being able to increase the
section alignment to 4k, which is needed to enable memory protections
when running in the boot services.
So only the setup_header fields that matter to the core kernel are
populated explicitly, and everything else is ignored. One thing was
overlooked, though: the initrd_addr_max field in the setup_header is not
used by the core kernel, but it is used by the EFI stub itself when it
loads the initrd, where its default value of INT_MAX is used as the soft
limit for memory allocation.
This means that, in the old situation, the initrd was virtually always
loaded in the lower 2G of memory, but now, due to initrd_addr_max being
0x0, the initrd may end up anywhere in memory. This should not be an
issue principle, as most systems can deal with this fine. However, it
does appear to tickle some problems in older UEFI implementations, where
the memory ends up being corrupted, resulting in errors when unpacking
the initramfs.
So set the initrd_addr_max field to INT_MAX like it was before.
Fixes: 8117961d98fb2 ("x86/efi: Disregard setup header of loaded image")
Reported-by: Radek Podgorny <radek@podgorny.cz>
Closes: https://lore.kernel.org/all/a99a831a-8ad5-4cb0-bff9-be637311f771@podgorny.cz
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firmware/efi/libstub/x86-stub.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -487,6 +487,7 @@ efi_status_t __efiapi efi_pe_entry(efi_h
hdr->vid_mode = 0xffff;
hdr->type_of_loader = 0x21;
+ hdr->initrd_addr_max = INT_MAX;
/* Convert unicode cmdline to ascii */
cmdline_ptr = efi_convert_cmdline(image, &options_size);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 314/396] prctl: generalize PR_SET_MDWE support check to be per-arch
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (312 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 313/396] x86/efistub: Reinstate soft limit for initrd loading Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 315/396] ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Greg Kroah-Hartman
` (93 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zev Weiss, Borislav Petkov,
David Hildenbrand, Florent Revest, James E.J. Bottomley,
Josh Triplett, Kees Cook, Miguel Ojeda, Mike Rapoport (IBM),
Oleg Nesterov, Ondrej Mosnacek, Rick Edgecombe,
Russell King (Oracle), Sam James, Stefan Roesch, Yang Shi,
Yin Fengwei, Andrew Morton, Helge Deller
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zev Weiss <zev@bewilderbeest.net>
commit d5aad4c2ca057e760a92a9a7d65bd38d72963f27 upstream.
Patch series "ARM: prctl: Reject PR_SET_MDWE where not supported".
I noticed after a recent kernel update that my ARM926 system started
segfaulting on any execve() after calling prctl(PR_SET_MDWE). After some
investigation it appears that ARMv5 is incapable of providing the
appropriate protections for MDWE, since any readable memory is also
implicitly executable.
The prctl_set_mdwe() function already had some special-case logic added
disabling it on PARISC (commit 793838138c15, "prctl: Disable
prctl(PR_SET_MDWE) on parisc"); this patch series (1) generalizes that
check to use an arch_*() function, and (2) adds a corresponding override
for ARM to disable MDWE on pre-ARMv6 CPUs.
With the series applied, prctl(PR_SET_MDWE) is rejected on ARMv5 and
subsequent execve() calls (as well as mmap(PROT_READ|PROT_WRITE)) can
succeed instead of unconditionally failing; on ARMv6 the prctl works as it
did previously.
[0] https://lore.kernel.org/all/2023112456-linked-nape-bf19@gregkh/
This patch (of 2):
There exist systems other than PARISC where MDWE may not be feasible to
support; rather than cluttering up the generic code with additional
arch-specific logic let's add a generic function for checking MDWE support
and allow each arch to override it as needed.
Link: https://lkml.kernel.org/r/20240227013546.15769-4-zev@bewilderbeest.net
Link: https://lkml.kernel.org/r/20240227013546.15769-5-zev@bewilderbeest.net
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Acked-by: Helge Deller <deller@gmx.de> [parisc]
Cc: Borislav Petkov <bp@alien8.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: Florent Revest <revest@chromium.org>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: Russell King (Oracle) <linux@armlinux.org.uk>
Cc: Sam James <sam@gentoo.org>
Cc: Stefan Roesch <shr@devkernel.io>
Cc: Yang Shi <yang@os.amperecomputing.com>
Cc: Yin Fengwei <fengwei.yin@intel.com>
Cc: <stable@vger.kernel.org> [6.3+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/include/asm/mman.h | 14 ++++++++++++++
include/linux/mman.h | 8 ++++++++
kernel/sys.c | 7 +++++--
3 files changed, 27 insertions(+), 2 deletions(-)
create mode 100644 arch/parisc/include/asm/mman.h
--- /dev/null
+++ b/arch/parisc/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <uapi/asm/mman.h>
+
+/* PARISC cannot allow mdwe as it needs writable stacks */
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+ return false;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
--- a/include/linux/mman.h
+++ b/include/linux/mman.h
@@ -161,6 +161,14 @@ calc_vm_flag_bits(unsigned long flags)
unsigned long vm_commit_limit(void);
+#ifndef arch_memory_deny_write_exec_supported
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+ return true;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+#endif
+
/*
* Denies creating a writable executable mapping or gaining executable permissions.
*
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -2395,8 +2395,11 @@ static inline int prctl_set_mdwe(unsigne
if (bits & PR_MDWE_NO_INHERIT && !(bits & PR_MDWE_REFUSE_EXEC_GAIN))
return -EINVAL;
- /* PARISC cannot allow mdwe as it needs writable stacks */
- if (IS_ENABLED(CONFIG_PARISC))
+ /*
+ * EOPNOTSUPP might be more appropriate here in principle, but
+ * existing userspace depends on EINVAL specifically.
+ */
+ if (!arch_memory_deny_write_exec_supported())
return -EINVAL;
current_bits = get_current_mdwe();
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 315/396] ARM: prctl: reject PR_SET_MDWE on pre-ARMv6
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (313 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 314/396] prctl: generalize PR_SET_MDWE support check to be per-arch Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 316/396] tmpfs: fix race on handling dquot rbtree Greg Kroah-Hartman
` (92 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Zev Weiss, Borislav Petkov,
David Hildenbrand, Florent Revest, Helge Deller,
James E.J. Bottomley, Josh Triplett, Kees Cook, Miguel Ojeda,
Mike Rapoport (IBM), Oleg Nesterov, Ondrej Mosnacek,
Rick Edgecombe, Russell King (Oracle), Sam James, Stefan Roesch,
Yang Shi, Yin Fengwei, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zev Weiss <zev@bewilderbeest.net>
commit 166ce846dc5974a266f6c2a2896dbef5425a6f21 upstream.
On v5 and lower CPUs we can't provide MDWE protection, so ensure we fail
any attempt to enable it via prctl(PR_SET_MDWE).
Previously such an attempt would misleadingly succeed, leading to any
subsequent mmap(PROT_READ|PROT_WRITE) or execve() failing unconditionally
(the latter somewhat violently via force_fatal_sig(SIGSEGV) due to
READ_IMPLIES_EXEC).
Link: https://lkml.kernel.org/r/20240227013546.15769-6-zev@bewilderbeest.net
Signed-off-by: Zev Weiss <zev@bewilderbeest.net>
Cc: <stable@vger.kernel.org> [6.3+]
Cc: Borislav Petkov <bp@alien8.de>
Cc: David Hildenbrand <david@redhat.com>
Cc: Florent Revest <revest@chromium.org>
Cc: Helge Deller <deller@gmx.de>
Cc: "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Miguel Ojeda <ojeda@kernel.org>
Cc: Mike Rapoport (IBM) <rppt@kernel.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ondrej Mosnacek <omosnace@redhat.com>
Cc: Rick Edgecombe <rick.p.edgecombe@intel.com>
Cc: Russell King (Oracle) <linux@armlinux.org.uk>
Cc: Sam James <sam@gentoo.org>
Cc: Stefan Roesch <shr@devkernel.io>
Cc: Yang Shi <yang@os.amperecomputing.com>
Cc: Yin Fengwei <fengwei.yin@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm/include/asm/mman.h | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 arch/arm/include/asm/mman.h
--- /dev/null
+++ b/arch/arm/include/asm/mman.h
@@ -0,0 +1,14 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __ASM_MMAN_H__
+#define __ASM_MMAN_H__
+
+#include <asm/system_info.h>
+#include <uapi/asm/mman.h>
+
+static inline bool arch_memory_deny_write_exec_supported(void)
+{
+ return cpu_architecture() >= CPU_ARCH_ARMv6;
+}
+#define arch_memory_deny_write_exec_supported arch_memory_deny_write_exec_supported
+
+#endif /* __ASM_MMAN_H__ */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 316/396] tmpfs: fix race on handling dquot rbtree
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (314 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 315/396] ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 317/396] btrfs: fix race in read_extent_buffer_pages() Greg Kroah-Hartman
` (91 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Carlos Maiolino, Ubisectech Sirius,
Jan Kara, Hugh Dickins, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Maiolino <cem@kernel.org>
commit 0a69b6b3a026543bc215ccc866d0aea5579e6ce2 upstream.
A syzkaller reproducer found a race while attempting to remove dquot
information from the rb tree.
Fetching the rb_tree root node must also be protected by the
dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot()
will trigger a warning because it couldn't find a node in the tree, when
the real reason was the root node changing before the search starts:
Thread 1 Thread 2
- shmem_release_dquot() - shmem_{acquire,release}_dquot()
- fetch ROOT - Fetch ROOT
- acquire dqio_sem
- wait dqio_sem
- do something, triger a tree rebalance
- release dqio_sem
- acquire dqio_sem
- start searching for the node, but
from the wrong location, missing
the node, and triggering a warning.
Link: https://lkml.kernel.org/r/20240320124011.398847-1-cem@kernel.org
Fixes: eafc474e2029 ("shmem: prepare shmem quota infrastructure")
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reported-by: Ubisectech Sirius <bugreport@ubisectech.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/shmem_quota.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/mm/shmem_quota.c b/mm/shmem_quota.c
index 062d1c1097ae..ce514e700d2f 100644
--- a/mm/shmem_quota.c
+++ b/mm/shmem_quota.c
@@ -116,7 +116,7 @@ static int shmem_free_file_info(struct super_block *sb, int type)
static int shmem_get_next_id(struct super_block *sb, struct kqid *qid)
{
struct mem_dqinfo *info = sb_dqinfo(sb, qid->type);
- struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node;
+ struct rb_node *node;
qid_t id = from_kqid(&init_user_ns, *qid);
struct quota_info *dqopt = sb_dqopt(sb);
struct quota_id *entry = NULL;
@@ -126,6 +126,7 @@ static int shmem_get_next_id(struct super_block *sb, struct kqid *qid)
return -ESRCH;
down_read(&dqopt->dqio_sem);
+ node = ((struct rb_root *)info->dqi_priv)->rb_node;
while (node) {
entry = rb_entry(node, struct quota_id, node);
@@ -165,7 +166,7 @@ static int shmem_get_next_id(struct super_block *sb, struct kqid *qid)
static int shmem_acquire_dquot(struct dquot *dquot)
{
struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type);
- struct rb_node **n = &((struct rb_root *)info->dqi_priv)->rb_node;
+ struct rb_node **n;
struct shmem_sb_info *sbinfo = dquot->dq_sb->s_fs_info;
struct rb_node *parent = NULL, *new_node = NULL;
struct quota_id *new_entry, *entry;
@@ -176,6 +177,8 @@ static int shmem_acquire_dquot(struct dquot *dquot)
mutex_lock(&dquot->dq_lock);
down_write(&dqopt->dqio_sem);
+ n = &((struct rb_root *)info->dqi_priv)->rb_node;
+
while (*n) {
parent = *n;
entry = rb_entry(parent, struct quota_id, node);
@@ -264,7 +267,7 @@ static bool shmem_is_empty_dquot(struct dquot *dquot)
static int shmem_release_dquot(struct dquot *dquot)
{
struct mem_dqinfo *info = sb_dqinfo(dquot->dq_sb, dquot->dq_id.type);
- struct rb_node *node = ((struct rb_root *)info->dqi_priv)->rb_node;
+ struct rb_node *node;
qid_t id = from_kqid(&init_user_ns, dquot->dq_id);
struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
struct quota_id *entry = NULL;
@@ -275,6 +278,7 @@ static int shmem_release_dquot(struct dquot *dquot)
goto out_dqlock;
down_write(&dqopt->dqio_sem);
+ node = ((struct rb_root *)info->dqi_priv)->rb_node;
while (node) {
entry = rb_entry(node, struct quota_id, node);
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 317/396] btrfs: fix race in read_extent_buffer_pages()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (315 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 316/396] tmpfs: fix race on handling dquot rbtree Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 318/396] btrfs: zoned: dont skip block groups with 100% zone unusable Greg Kroah-Hartman
` (90 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Christoph Hellwig,
Tavian Barnes, David Sterba
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tavian Barnes <tavianator@tavianator.com>
commit ef1e68236b9153c27cb7cf29ead0c532870d4215 upstream.
There are reports from tree-checker that detects corrupted nodes,
without any obvious pattern so possibly an overwrite in memory.
After some debugging it turns out there's a race when reading an extent
buffer the uptodate status can be missed.
To prevent concurrent reads for the same extent buffer,
read_extent_buffer_pages() performs these checks:
/* (1) */
if (test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))
return 0;
/* (2) */
if (test_and_set_bit(EXTENT_BUFFER_READING, &eb->bflags))
goto done;
At this point, it seems safe to start the actual read operation. Once
that completes, end_bbio_meta_read() does
/* (3) */
set_extent_buffer_uptodate(eb);
/* (4) */
clear_bit(EXTENT_BUFFER_READING, &eb->bflags);
Normally, this is enough to ensure only one read happens, and all other
callers wait for it to finish before returning. Unfortunately, there is
a racey interleaving:
Thread A | Thread B | Thread C
---------+----------+---------
(1) | |
| (1) |
(2) | |
(3) | |
(4) | |
| (2) |
| | (1)
When this happens, thread B kicks of an unnecessary read. Worse, thread
C will see UPTODATE set and return immediately, while the read from
thread B is still in progress. This race could result in tree-checker
errors like this as the extent buffer is concurrently modified:
BTRFS critical (device dm-0): corrupted node, root=256
block=8550954455682405139 owner mismatch, have 11858205567642294356
expect [256, 18446744073709551360]
Fix it by testing UPTODATE again after setting the READING bit, and if
it's been set, skip the unnecessary read.
Fixes: d7172f52e993 ("btrfs: use per-buffer locking for extent_buffer reading")
Link: https://lore.kernel.org/linux-btrfs/CAHk-=whNdMaN9ntZ47XRKP6DBes2E5w7fi-0U3H2+PS18p+Pzw@mail.gmail.com/
Link: https://lore.kernel.org/linux-btrfs/f51a6d5d7432455a6a858d51b49ecac183e0bbc9.1706312914.git.wqu@suse.com/
Link: https://lore.kernel.org/linux-btrfs/c7241ea4-fcc6-48d2-98c8-b5ea790d6c89@gmx.com/
CC: stable@vger.kernel.org # 6.5+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Tavian Barnes <tavianator@tavianator.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ minor update of changelog ]
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/extent_io.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -4047,6 +4047,19 @@ int read_extent_buffer_pages(struct exte
if (test_and_set_bit(EXTENT_BUFFER_READING, &eb->bflags))
goto done;
+ /*
+ * Between the initial test_bit(EXTENT_BUFFER_UPTODATE) and the above
+ * test_and_set_bit(EXTENT_BUFFER_READING), someone else could have
+ * started and finished reading the same eb. In this case, UPTODATE
+ * will now be set, and we shouldn't read it in again.
+ */
+ if (unlikely(test_bit(EXTENT_BUFFER_UPTODATE, &eb->bflags))) {
+ clear_bit(EXTENT_BUFFER_READING, &eb->bflags);
+ smp_mb__after_atomic();
+ wake_up_bit(&eb->bflags, EXTENT_BUFFER_READING);
+ return 0;
+ }
+
clear_bit(EXTENT_BUFFER_READ_ERR, &eb->bflags);
eb->read_mirror = 0;
check_buffer_tree_ref(eb);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 318/396] btrfs: zoned: dont skip block groups with 100% zone unusable
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (316 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 317/396] btrfs: fix race in read_extent_buffer_pages() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 319/396] btrfs: zoned: use zone aware sb location for scrub Greg Kroah-Hartman
` (89 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, Johannes Thumshirn,
David Sterba
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
commit a8b70c7f8600bc77d03c0b032c0662259b9e615e upstream.
Commit f4a9f219411f ("btrfs: do not delete unused block group if it may be
used soon") changed the behaviour of deleting unused block-groups on zoned
filesystems. Starting with this commit, we're using
btrfs_space_info_used() to calculate the number of used bytes in a
space_info. But btrfs_space_info_used() also accounts
btrfs_space_info::bytes_zone_unusable as used bytes.
So if a block group is 100% zone_unusable it is skipped from the deletion
step.
In order not to skip fully zone_unusable block-groups, also check if the
block-group has bytes left that can be used on a zoned filesystem.
Fixes: f4a9f219411f ("btrfs: do not delete unused block group if it may be used soon")
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -1562,7 +1562,8 @@ void btrfs_delete_unused_bgs(struct btrf
* needing to allocate extents from the block group.
*/
used = btrfs_space_info_used(space_info, true);
- if (space_info->total_bytes - block_group->length < used) {
+ if (space_info->total_bytes - block_group->length < used &&
+ block_group->zone_unusable < block_group->length) {
/*
* Add a reference for the list, compensate for the ref
* drop under the "next" label for the
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 319/396] btrfs: zoned: use zone aware sb location for scrub
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (317 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 318/396] btrfs: zoned: dont skip block groups with 100% zone unusable Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 320/396] wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Greg Kroah-Hartman
` (88 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, WA AM, Qu Wenruo, Naohiro Aota,
Johannes Thumshirn, David Sterba
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Thumshirn <johannes.thumshirn@wdc.com>
commit 74098a989b9c3370f768140b7783a7aaec2759b3 upstream.
At the moment scrub_supers() doesn't grab the super block's location via
the zoned device aware btrfs_sb_log_location() but via btrfs_sb_offset().
This leads to checksum errors on 'scrub' as we're not accessing the
correct location of the super block.
So use btrfs_sb_log_location() for getting the super blocks location on
scrub.
Reported-by: WA AM <waautomata@gmail.com>
Link: http://lore.kernel.org/linux-btrfs/CANU2Z0EvUzfYxczLgGUiREoMndE9WdQnbaawV5Fv5gNXptPUKw@mail.gmail.com
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: Naohiro Aota <naohiro.aota@wdc.com>
Signed-off-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/scrub.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2739,7 +2739,17 @@ static noinline_for_stack int scrub_supe
gen = fs_info->last_trans_committed;
for (i = 0; i < BTRFS_SUPER_MIRROR_MAX; i++) {
- bytenr = btrfs_sb_offset(i);
+ ret = btrfs_sb_log_location(scrub_dev, i, 0, &bytenr);
+ if (ret == -ENOENT)
+ break;
+
+ if (ret) {
+ spin_lock(&sctx->stat_lock);
+ sctx->stat.super_errors++;
+ spin_unlock(&sctx->stat_lock);
+ continue;
+ }
+
if (bytenr + BTRFS_SUPER_INFO_SIZE >
scrub_dev->commit_total_bytes)
break;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 320/396] wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (318 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 319/396] btrfs: zoned: use zone aware sb location for scrub Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 321/396] wifi: cfg80211: add a flag to disable wireless extensions Greg Kroah-Hartman
` (87 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, ranygh, Felix Fietkau, Johannes Berg
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Felix Fietkau <nbd@nbd.name>
commit 4f2bdb3c5e3189297e156b3ff84b140423d64685 upstream.
When moving a station out of a VLAN and deleting the VLAN afterwards, the
fast_rx entry still holds a pointer to the VLAN's netdev, which can cause
use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx
after the VLAN change.
Cc: stable@vger.kernel.org
Reported-by: ranygh@riseup.net
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Link: https://msgid.link/20240316074336.40442-1-nbd@nbd.name
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/cfg.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2187,15 +2187,14 @@ static int ieee80211_change_station(stru
}
if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
- sta->sdata->u.vlan.sta) {
- ieee80211_clear_fast_rx(sta);
+ sta->sdata->u.vlan.sta)
RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
- }
if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
ieee80211_vif_dec_num_mcast(sta->sdata);
sta->sdata = vlansdata;
+ ieee80211_check_fast_rx(sta);
ieee80211_check_fast_xmit(sta);
if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 321/396] wifi: cfg80211: add a flag to disable wireless extensions
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (319 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 320/396] wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 322/396] wifi: iwlwifi: mvm: disable MLO for the time being Greg Kroah-Hartman
` (86 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Johannes Berg
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit be23b2d7c3b7c8bf57b1cf0bf890bd65df9d0186 upstream.
Wireless extensions are already disabled if MLO is enabled,
given that we cannot support MLO there with all the hard-
coded assumptions about BSSID etc.
However, the WiFi7 ecosystem is still stabilizing, and some
devices may need MLO disabled while that happens. In that
case, we might end up with a device that supports wext (but
not MLO) in one kernel, and then breaks wext in the future
(by enabling MLO), which is not desirable.
Add a flag to let such drivers/devices disable wext even if
MLO isn't yet enabled.
Cc: stable@vger.kernel.org
Link: https://msgid.link/20240314110951.b50f1dc4ec21.I656ddd8178eedb49dc5c6c0e70f8ce5807afb54f@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/cfg80211.h | 2 ++
net/wireless/wext-core.c | 7 +++++--
2 files changed, 7 insertions(+), 2 deletions(-)
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -4816,6 +4816,7 @@ struct cfg80211_ops {
* @WIPHY_FLAG_SUPPORTS_EXT_KCK_32: The device supports 32-byte KCK keys.
* @WIPHY_FLAG_NOTIFY_REGDOM_BY_DRIVER: The device could handle reg notify for
* NL80211_REGDOM_SET_BY_DRIVER.
+ * @WIPHY_FLAG_DISABLE_WEXT: disable wireless extensions for this device
*/
enum wiphy_flags {
WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK = BIT(0),
@@ -4827,6 +4828,7 @@ enum wiphy_flags {
WIPHY_FLAG_4ADDR_STATION = BIT(6),
WIPHY_FLAG_CONTROL_PORT_PROTOCOL = BIT(7),
WIPHY_FLAG_IBSS_RSN = BIT(8),
+ WIPHY_FLAG_DISABLE_WEXT = BIT(9),
WIPHY_FLAG_MESH_AUTH = BIT(10),
WIPHY_FLAG_SUPPORTS_EXT_KCK_32 = BIT(11),
/* use hole at 12 */
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -4,6 +4,7 @@
* Authors : Jean Tourrilhes - HPL - <jt@hpl.hp.com>
* Copyright (c) 1997-2007 Jean Tourrilhes, All Rights Reserved.
* Copyright 2009 Johannes Berg <johannes@sipsolutions.net>
+ * Copyright (C) 2024 Intel Corporation
*
* (As all part of the Linux kernel, this file is GPL)
*/
@@ -662,7 +663,8 @@ struct iw_statistics *get_wireless_stats
dev->ieee80211_ptr->wiphy->wext &&
dev->ieee80211_ptr->wiphy->wext->get_wireless_stats) {
wireless_warn_cfg80211_wext();
- if (dev->ieee80211_ptr->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO)
+ if (dev->ieee80211_ptr->wiphy->flags & (WIPHY_FLAG_SUPPORTS_MLO |
+ WIPHY_FLAG_DISABLE_WEXT))
return NULL;
return dev->ieee80211_ptr->wiphy->wext->get_wireless_stats(dev);
}
@@ -704,7 +706,8 @@ static iw_handler get_handler(struct net
#ifdef CONFIG_CFG80211_WEXT
if (dev->ieee80211_ptr && dev->ieee80211_ptr->wiphy) {
wireless_warn_cfg80211_wext();
- if (dev->ieee80211_ptr->wiphy->flags & WIPHY_FLAG_SUPPORTS_MLO)
+ if (dev->ieee80211_ptr->wiphy->flags & (WIPHY_FLAG_SUPPORTS_MLO |
+ WIPHY_FLAG_DISABLE_WEXT))
return NULL;
handlers = dev->ieee80211_ptr->wiphy->wext;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 322/396] wifi: iwlwifi: mvm: disable MLO for the time being
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (320 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 321/396] wifi: cfg80211: add a flag to disable wireless extensions Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 323/396] wifi: iwlwifi: fw: dont always use FW dump trig Greg Kroah-Hartman
` (85 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Miri Korenblit, Johannes Berg
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 5f404005055304830bbbee0d66af2964fc48f29e upstream.
MLO ended up not really fully stable yet, we want to make
sure it works well with the ecosystem before enabling it.
Thus, remove the flag, but set WIPHY_FLAG_DISABLE_WEXT so
we don't get wireless extensions back until we enable MLO
for this hardware.
Cc: stable@vger.kernel.org
Reviewed-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240314110951.d6ad146df98d.I47127e4fdbdef89e4ccf7483641570ee7871d4e6@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
+++ b/drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c
@@ -318,7 +318,7 @@ int iwl_mvm_mac_setup_register(struct iw
if (mvm->mld_api_is_used && mvm->nvm_data->sku_cap_11be_enable &&
!iwlwifi_mod_params.disable_11ax &&
!iwlwifi_mod_params.disable_11be)
- hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_MLO;
+ hw->wiphy->flags |= WIPHY_FLAG_DISABLE_WEXT;
/* With MLD FW API, it tracks timing by itself,
* no need for any timing from the host
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 323/396] wifi: iwlwifi: fw: dont always use FW dump trig
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (321 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 322/396] wifi: iwlwifi: mvm: disable MLO for the time being Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 324/396] Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Greg Kroah-Hartman
` (84 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Johannes Berg, Miri Korenblit
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit 045a5b645dd59929b0e05375f493cde3a0318271 upstream.
Since the dump_data (struct iwl_fwrt_dump_data) is a union,
it's not safe to unconditionally access and use the 'trig'
member, it might be 'desc' instead. Access it only if it's
known to be 'trig' rather than 'desc', i.e. if ini-debug
is present.
Cc: stable@vger.kernel.org
Fixes: 0eb50c674a1e ("iwlwifi: yoyo: send hcmd to fw after dump collection completes.")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240319100755.e2976bc58b29.I72fbd6135b3623227de53d8a2bb82776066cb72b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
--- a/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/dbg.c
@@ -2933,8 +2933,6 @@ static void iwl_fw_dbg_collect_sync(stru
struct iwl_fw_dbg_params params = {0};
struct iwl_fwrt_dump_data *dump_data =
&fwrt->dump.wks[wk_idx].dump_data;
- u32 policy;
- u32 time_point;
if (!test_bit(wk_idx, &fwrt->dump.active_wks))
return;
@@ -2965,13 +2963,16 @@ static void iwl_fw_dbg_collect_sync(stru
iwl_fw_dbg_stop_restart_recording(fwrt, ¶ms, false);
- policy = le32_to_cpu(dump_data->trig->apply_policy);
- time_point = le32_to_cpu(dump_data->trig->time_point);
-
- if (policy & IWL_FW_INI_APPLY_POLICY_DUMP_COMPLETE_CMD) {
- IWL_DEBUG_FW_INFO(fwrt, "WRT: sending dump complete\n");
- iwl_send_dbg_dump_complete_cmd(fwrt, time_point, 0);
+ if (iwl_trans_dbg_ini_valid(fwrt->trans)) {
+ u32 policy = le32_to_cpu(dump_data->trig->apply_policy);
+ u32 time_point = le32_to_cpu(dump_data->trig->time_point);
+
+ if (policy & IWL_FW_INI_APPLY_POLICY_DUMP_COMPLETE_CMD) {
+ IWL_DEBUG_FW_INFO(fwrt, "WRT: sending dump complete\n");
+ iwl_send_dbg_dump_complete_cmd(fwrt, time_point, 0);
+ }
}
+
if (fwrt->trans->dbg.last_tp_resetfw == IWL_FW_INI_RESET_FW_MODE_STOP_FW_ONLY)
iwl_force_nmi(fwrt->trans);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 324/396] Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (322 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 323/396] wifi: iwlwifi: fw: dont always use FW dump trig Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 325/396] gpio: cdev: sanitize the label before requesting the interrupt Greg Kroah-Hartman
` (83 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Harry Wentland, Rodrigo Siqueira,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Harry Wentland <harry.wentland@amd.com>
commit 78aca9ee5e012e130dbfbd7191bc2302b0cf3b37 upstream.
This causes flicker on a bunch of eDP panels. The info_packet code
also caused regressions on other OSes that we haven't' seen on Linux
yet, but that is likely due to the fact that we haven't had a chance
to test those environments on Linux.
We'll need to revisit this.
This reverts commit 202260f64519e591b5cd99626e441b6559f571a3.
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3207
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3151
Signed-off-by: Harry Wentland <harry.wentland@amd.com>
Reviewed-by: Rodrigo Siqueira <Rodrigo.Siqueira@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 8 ++----
drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c | 13 +++-------
2 files changed, 8 insertions(+), 13 deletions(-)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -6121,9 +6121,8 @@ create_stream_for_sink(struct amdgpu_dm_
if (stream->signal == SIGNAL_TYPE_HDMI_TYPE_A)
mod_build_hf_vsif_infopacket(stream, &stream->vsp_infopacket);
- else if (stream->signal == SIGNAL_TYPE_DISPLAY_PORT ||
- stream->signal == SIGNAL_TYPE_DISPLAY_PORT_MST ||
- stream->signal == SIGNAL_TYPE_EDP) {
+
+ if (stream->link->psr_settings.psr_feature_enabled || stream->link->replay_settings.replay_feature_enabled) {
//
// should decide stream support vsc sdp colorimetry capability
// before building vsc info packet
@@ -6139,9 +6138,8 @@ create_stream_for_sink(struct amdgpu_dm_
if (stream->out_transfer_func->tf == TRANSFER_FUNCTION_GAMMA22)
tf = TRANSFER_FUNC_GAMMA_22;
mod_build_vsc_infopacket(stream, &stream->vsc_infopacket, stream->output_color_space, tf);
+ aconnector->psr_skip_count = AMDGPU_DM_PSR_ENTRY_DELAY;
- if (stream->link->psr_settings.psr_feature_enabled)
- aconnector->psr_skip_count = AMDGPU_DM_PSR_ENTRY_DELAY;
}
finish:
dc_sink_release(sink);
--- a/drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c
+++ b/drivers/gpu/drm/amd/display/modules/info_packet/info_packet.c
@@ -147,15 +147,12 @@ void mod_build_vsc_infopacket(const stru
}
/* VSC packet set to 4 for PSR-SU, or 2 for PSR1 */
- if (stream->link->psr_settings.psr_feature_enabled) {
- if (stream->link->psr_settings.psr_version == DC_PSR_VERSION_SU_1)
- vsc_packet_revision = vsc_packet_rev4;
- else if (stream->link->psr_settings.psr_version == DC_PSR_VERSION_1)
- vsc_packet_revision = vsc_packet_rev2;
- }
-
- if (stream->link->replay_settings.config.replay_supported)
+ if (stream->link->psr_settings.psr_version == DC_PSR_VERSION_SU_1)
+ vsc_packet_revision = vsc_packet_rev4;
+ else if (stream->link->replay_settings.config.replay_supported)
vsc_packet_revision = vsc_packet_rev4;
+ else if (stream->link->psr_settings.psr_version == DC_PSR_VERSION_1)
+ vsc_packet_revision = vsc_packet_rev2;
/* Update to revision 5 for extended colorimetry support */
if (stream->use_vsc_sdp_for_colorimetry)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 325/396] gpio: cdev: sanitize the label before requesting the interrupt
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (323 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 324/396] Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 326/396] exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Greg Kroah-Hartman
` (82 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Stefan Wahren, Bartosz Golaszewski,
Kent Gibson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
commit b34490879baa847d16fc529c8ea6e6d34f004b38 upstream.
When an interrupt is requested, a procfs directory is created under
"/proc/irq/<irqnum>/<label>" where <label> is the string passed to one of
the request_irq() variants.
What follows is that the string must not contain the "/" character or
the procfs mkdir operation will fail. We don't have such constraints for
GPIO consumer labels which are used verbatim as interrupt labels for
GPIO irqs. We must therefore sanitize the consumer string before
requesting the interrupt.
Let's replace all "/" with ":".
Cc: stable@vger.kernel.org
Reported-by: Stefan Wahren <wahrenst@gmx.net>
Closes: https://lore.kernel.org/linux-gpio/39fe95cb-aa83-4b8b-8cab-63947a726754@gmx.net/
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Reviewed-by: Kent Gibson <warthog618@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpio/gpiolib-cdev.c | 38 ++++++++++++++++++++++++++++++++------
1 file changed, 32 insertions(+), 6 deletions(-)
--- a/drivers/gpio/gpiolib-cdev.c
+++ b/drivers/gpio/gpiolib-cdev.c
@@ -1010,10 +1010,20 @@ static u32 gpio_v2_line_config_debounce_
return 0;
}
+static inline char *make_irq_label(const char *orig)
+{
+ return kstrdup_and_replace(orig, '/', ':', GFP_KERNEL);
+}
+
+static inline void free_irq_label(const char *label)
+{
+ kfree(label);
+}
+
static void edge_detector_stop(struct line *line)
{
if (line->irq) {
- free_irq(line->irq, line);
+ free_irq_label(free_irq(line->irq, line));
line->irq = 0;
}
@@ -1038,6 +1048,7 @@ static int edge_detector_setup(struct li
unsigned long irqflags = 0;
u64 eflags;
int irq, ret;
+ char *label;
eflags = edflags & GPIO_V2_LINE_EDGE_FLAGS;
if (eflags && !kfifo_initialized(&line->req->events)) {
@@ -1074,11 +1085,17 @@ static int edge_detector_setup(struct li
IRQF_TRIGGER_RISING : IRQF_TRIGGER_FALLING;
irqflags |= IRQF_ONESHOT;
+ label = make_irq_label(line->req->label);
+ if (!label)
+ return -ENOMEM;
+
/* Request a thread to read the events */
ret = request_threaded_irq(irq, edge_irq_handler, edge_irq_thread,
- irqflags, line->req->label, line);
- if (ret)
+ irqflags, label, line);
+ if (ret) {
+ free_irq_label(label);
return ret;
+ }
line->irq = irq;
return 0;
@@ -1943,7 +1960,7 @@ static void lineevent_free(struct lineev
blocking_notifier_chain_unregister(&le->gdev->device_notifier,
&le->device_unregistered_nb);
if (le->irq)
- free_irq(le->irq, le);
+ free_irq_label(free_irq(le->irq, le));
if (le->desc)
gpiod_free(le->desc);
kfree(le->label);
@@ -2091,6 +2108,7 @@ static int lineevent_create(struct gpio_
int fd;
int ret;
int irq, irqflags = 0;
+ char *label;
if (copy_from_user(&eventreq, ip, sizeof(eventreq)))
return -EFAULT;
@@ -2175,15 +2193,23 @@ static int lineevent_create(struct gpio_
if (ret)
goto out_free_le;
+ label = make_irq_label(le->label);
+ if (!label) {
+ ret = -ENOMEM;
+ goto out_free_le;
+ }
+
/* Request a thread to read the events */
ret = request_threaded_irq(irq,
lineevent_irq_handler,
lineevent_irq_thread,
irqflags,
- le->label,
+ label,
le);
- if (ret)
+ if (ret) {
+ free_irq_label(label);
goto out_free_le;
+ }
le->irq = irq;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 326/396] exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (324 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 325/396] gpio: cdev: sanitize the label before requesting the interrupt Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 327/396] hexagon: vmlinux.lds.S: handle attributes section Greg Kroah-Hartman
` (81 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Max Filippov, Kees Cook
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Max Filippov <jcmvbkbc@gmail.com>
commit 2aea94ac14d1e0a8ae9e34febebe208213ba72f7 upstream.
In NOMMU kernel the value of linux_binprm::p is the offset inside the
temporary program arguments array maintained in separate pages in the
linux_binprm::page. linux_binprm::exec being a copy of linux_binprm::p
thus must be adjusted when that array is copied to the user stack.
Without that adjustment the value passed by the NOMMU kernel to the ELF
program in the AT_EXECFN entry of the aux array doesn't make any sense
and it may break programs that try to access memory pointed to by that
entry.
Adjust linux_binprm::exec before the successful return from the
transfer_args_to_stack().
Cc: <stable@vger.kernel.org>
Fixes: b6a2fea39318 ("mm: variable length argument support")
Fixes: 5edc2a5123a7 ("binfmt_elf_fdpic: wire up AT_EXECFD, AT_EXECFN, AT_SECURE")
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Link: https://lore.kernel.org/r/20240320182607.1472887-1-jcmvbkbc@gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/exec.c | 1 +
1 file changed, 1 insertion(+)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -894,6 +894,7 @@ int transfer_args_to_stack(struct linux_
goto out;
}
+ bprm->exec += *sp_location - MAX_ARG_PAGES * PAGE_SIZE;
*sp_location = sp;
out:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 327/396] hexagon: vmlinux.lds.S: handle attributes section
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (325 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 326/396] exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 328/396] mm: cachestat: fix two shmem bugs Greg Kroah-Hartman
` (80 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Brian Cain,
Bill Wendling, Justin Stitt, Nick Desaulniers, Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 549aa9678a0b3981d4821bf244579d9937650562 upstream.
After the linked LLVM change, the build fails with
CONFIG_LD_ORPHAN_WARN_LEVEL="error", which happens with allmodconfig:
ld.lld: error: vmlinux.a(init/main.o):(.hexagon.attributes) is being placed in '.hexagon.attributes'
Handle the attributes section in a similar manner as arm and riscv by
adding it after the primary ELF_DETAILS grouping in vmlinux.lds.S, which
fixes the error.
Link: https://lkml.kernel.org/r/20240319-hexagon-handle-attributes-section-vmlinux-lds-s-v1-1-59855dab8872@kernel.org
Fixes: 113616ec5b64 ("hexagon: select ARCH_WANT_LD_ORPHAN_WARN")
Link: https://github.com/llvm/llvm-project/commit/31f4b329c8234fab9afa59494d7f8bdaeaefeaad
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Cc: Bill Wendling <morbo@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/hexagon/kernel/vmlinux.lds.S | 1 +
1 file changed, 1 insertion(+)
--- a/arch/hexagon/kernel/vmlinux.lds.S
+++ b/arch/hexagon/kernel/vmlinux.lds.S
@@ -63,6 +63,7 @@ SECTIONS
STABS_DEBUG
DWARF_DEBUG
ELF_DETAILS
+ .hexagon.attributes 0 : { *(.hexagon.attributes) }
DISCARDS
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 328/396] mm: cachestat: fix two shmem bugs
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (326 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 327/396] hexagon: vmlinux.lds.S: handle attributes section Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 329/396] selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Greg Kroah-Hartman
` (79 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Weiner, Chengming Zhou,
Nhat Pham, Andrew Morton, Jann Horn
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Weiner <hannes@cmpxchg.org>
commit d5d39c707a4cf0bcc84680178677b97aa2cb2627 upstream.
When cachestat on shmem races with swapping and invalidation, there
are two possible bugs:
1) A swapin error can have resulted in a poisoned swap entry in the
shmem inode's xarray. Calling get_shadow_from_swap_cache() on it
will result in an out-of-bounds access to swapper_spaces[].
Validate the entry with non_swap_entry() before going further.
2) When we find a valid swap entry in the shmem's inode, the shadow
entry in the swapcache might not exist yet: swap IO is still in
progress and we're before __remove_mapping; swapin, invalidation,
or swapoff have removed the shadow from swapcache after we saw the
shmem swap entry.
This will send a NULL to workingset_test_recent(). The latter
purely operates on pointer bits, so it won't crash - node 0, memcg
ID 0, eviction timestamp 0, etc. are all valid inputs - but it's a
bogus test. In theory that could result in a false "recently
evicted" count.
Such a false positive wouldn't be the end of the world. But for
code clarity and (future) robustness, be explicit about this case.
Bail on get_shadow_from_swap_cache() returning NULL.
Link: https://lkml.kernel.org/r/20240315095556.GC581298@cmpxchg.org
Fixes: cf264e1329fb ("cachestat: implement cachestat syscall")
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reported-by: Chengming Zhou <chengming.zhou@linux.dev> [Bug #1]
Reported-by: Jann Horn <jannh@google.com> [Bug #2]
Reviewed-by: Chengming Zhou <chengming.zhou@linux.dev>
Reviewed-by: Nhat Pham <nphamcs@gmail.com>
Cc: <stable@vger.kernel.org> [v6.5+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/filemap.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -4201,7 +4201,23 @@ static void filemap_cachestat(struct add
/* shmem file - in swap cache */
swp_entry_t swp = radix_to_swp_entry(folio);
+ /* swapin error results in poisoned entry */
+ if (non_swap_entry(swp))
+ goto resched;
+
+ /*
+ * Getting a swap entry from the shmem
+ * inode means we beat
+ * shmem_unuse(). rcu_read_lock()
+ * ensures swapoff waits for us before
+ * freeing the swapper space. However,
+ * we can race with swapping and
+ * invalidation, so there might not be
+ * a shadow in the swapcache (yet).
+ */
shadow = get_shadow_from_swap_cache(swp);
+ if (!shadow)
+ goto resched;
}
#endif
if (workingset_test_recent(shadow, true, &workingset))
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 329/396] selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (327 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 328/396] mm: cachestat: fix two shmem bugs Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 330/396] selftests/mm: fix ARM related issue with fork after pthread_create Greg Kroah-Hartman
` (78 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Edward Liaw, Shuah Khan,
Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Liaw <edliaw@google.com>
commit 105840ebd76d8dbc1a7d734748ae320076f3201e upstream.
The sigbus-wp test requires the UFFD_FEATURE_WP_HUGETLBFS_SHMEM flag for
shmem and hugetlb targets. Otherwise it is not backwards compatible with
kernels <5.19 and fails with EINVAL.
Link: https://lkml.kernel.org/r/20240321232023.2064975-1-edliaw@google.com
Fixes: 73c1ea939b65 ("selftests/mm: move uffd sig/events tests into uffd unit tests")
Signed-off-by: Edward Liaw <edliaw@google.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Peter Xu <peterx@redhat.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/mm/uffd-unit-tests.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/tools/testing/selftests/mm/uffd-unit-tests.c
+++ b/tools/testing/selftests/mm/uffd-unit-tests.c
@@ -1219,7 +1219,8 @@ uffd_test_case_t uffd_tests[] = {
.uffd_fn = uffd_sigbus_wp_test,
.mem_targets = MEM_ALL,
.uffd_feature_required = UFFD_FEATURE_SIGBUS |
- UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP,
+ UFFD_FEATURE_EVENT_FORK | UFFD_FEATURE_PAGEFAULT_FLAG_WP |
+ UFFD_FEATURE_WP_HUGETLBFS_SHMEM,
},
{
.name = "events",
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 330/396] selftests/mm: fix ARM related issue with fork after pthread_create
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (328 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 329/396] selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 331/396] mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Greg Kroah-Hartman
` (77 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Lokesh Gidra, Edward Liaw, Peter Xu,
Andrew Morton
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edward Liaw <edliaw@google.com>
commit 8c864371b2a15a23ce35aa7e2bd241baaad6fbe8 upstream.
Following issue was observed while running the uffd-unit-tests selftest
on ARM devices. On x86_64 no issues were detected:
pthread_create followed by fork caused deadlock in certain cases wherein
fork required some work to be completed by the created thread. Used
synchronization to ensure that created thread's start function has started
before invoking fork.
[edliaw@google.com: refactored to use atomic_bool]
Link: https://lkml.kernel.org/r/20240325194100.775052-1-edliaw@google.com
Fixes: 760aee0b71e3 ("selftests/mm: add tests for RO pinning vs fork()")
Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
Signed-off-by: Edward Liaw <edliaw@google.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/mm/uffd-common.c | 3 +++
tools/testing/selftests/mm/uffd-common.h | 2 ++
tools/testing/selftests/mm/uffd-unit-tests.c | 10 ++++++++++
3 files changed, 15 insertions(+)
--- a/tools/testing/selftests/mm/uffd-common.c
+++ b/tools/testing/selftests/mm/uffd-common.c
@@ -17,6 +17,7 @@ bool map_shared;
bool test_uffdio_wp = true;
unsigned long long *count_verify;
uffd_test_ops_t *uffd_test_ops;
+atomic_bool ready_for_fork;
static int uffd_mem_fd_create(off_t mem_size, bool hugetlb)
{
@@ -507,6 +508,8 @@ void *uffd_poll_thread(void *arg)
pollfd[1].fd = pipefd[cpu*2];
pollfd[1].events = POLLIN;
+ ready_for_fork = true;
+
for (;;) {
ret = poll(pollfd, 2, -1);
if (ret <= 0) {
--- a/tools/testing/selftests/mm/uffd-common.h
+++ b/tools/testing/selftests/mm/uffd-common.h
@@ -32,6 +32,7 @@
#include <inttypes.h>
#include <stdint.h>
#include <sys/random.h>
+#include <stdatomic.h>
#include "../kselftest.h"
#include "vm_util.h"
@@ -97,6 +98,7 @@ extern bool map_shared;
extern bool test_uffdio_wp;
extern unsigned long long *count_verify;
extern volatile bool test_uffdio_copy_eexist;
+extern atomic_bool ready_for_fork;
extern uffd_test_ops_t anon_uffd_test_ops;
extern uffd_test_ops_t shmem_uffd_test_ops;
--- a/tools/testing/selftests/mm/uffd-unit-tests.c
+++ b/tools/testing/selftests/mm/uffd-unit-tests.c
@@ -770,6 +770,8 @@ static void uffd_sigbus_test_common(bool
char c;
struct uffd_args args = { 0 };
+ ready_for_fork = false;
+
fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK);
if (uffd_register(uffd, area_dst, nr_pages * page_size,
@@ -785,6 +787,9 @@ static void uffd_sigbus_test_common(bool
if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args))
err("uffd_poll_thread create");
+ while (!ready_for_fork)
+ ; /* Wait for the poll_thread to start executing before forking */
+
pid = fork();
if (pid < 0)
err("fork");
@@ -824,6 +829,8 @@ static void uffd_events_test_common(bool
char c;
struct uffd_args args = { 0 };
+ ready_for_fork = false;
+
fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK);
if (uffd_register(uffd, area_dst, nr_pages * page_size,
true, wp, false))
@@ -833,6 +840,9 @@ static void uffd_events_test_common(bool
if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args))
err("uffd_poll_thread create");
+ while (!ready_for_fork)
+ ; /* Wait for the poll_thread to start executing before forking */
+
pid = fork();
if (pid < 0)
err("fork");
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 331/396] mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (329 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 330/396] selftests/mm: fix ARM related issue with fork after pthread_create Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 332/396] mmc: core: Initialize mmc_blk_ioc_data Greg Kroah-Hartman
` (76 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Romain Naour, Tony Lindgren,
Adrian Hunter, Ulf Hansson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Romain Naour <romain.naour@skf.com>
commit f9e2a5b00a35f2c064dc679808bc8db5cc779ed6 upstream.
"PM runtime functions" was been added in sdhci-omap driver in commit
f433e8aac6b9 ("mmc: sdhci-omap: Implement PM runtime functions") along
with "card power off and enable aggressive PM" in commit 3edf588e7fe0
("mmc: sdhci-omap: Allow SDIO card power off and enable aggressive PM").
Since then, the sdhci-omap driver doesn't work using mmc-hs200 mode
due to the tuning values being lost during a pm transition.
As for the sdhci_am654 driver, request a new tuning sequence before
suspend (sdhci_omap_runtime_suspend()), otherwise the device will
trigger cache flush error:
mmc1: cache flush error -110 (ETIMEDOUT)
mmc1: error -110 doing aggressive suspend
followed by I/O errors produced by fdisk -l /dev/mmcblk1boot1:
I/O error, dev mmcblk1boot0, sector 64384 op 0x0:(READ) flags 0x80700 phys_seg 1
prio class 2
I/O error, dev mmcblk1boot1, sector 64384 op 0x0:(READ) flags 0x80700 phys_seg 1
prio class 2
I/O error, dev mmcblk1boot1, sector 64384 op 0x0:(READ) flags 0x0 phys_seg 1
prio class 2
Buffer I/O error on dev mmcblk1boot1, logical block 8048, async page read
I/O error, dev mmcblk1boot0, sector 64384 op 0x0:(READ) flags 0x0 phys_seg 1
prio class 2
Buffer I/O error on dev mmcblk1boot0, logical block 8048, async page read
Don't re-tune if auto retuning is supported in HW (when SDHCI_TUNING_MODE_3
is available).
Link: https://lore.kernel.org/all/2e5f1997-564c-44e4-b357-6343e0dae7ab@smile.fr
Fixes: f433e8aac6b9 ("mmc: sdhci-omap: Implement PM runtime functions")
Signed-off-by: Romain Naour <romain.naour@skf.com>
Reviewed-by: Tony Lindgren <tony@atomide.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240315234444.816978-1-romain.naour@smile.fr
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-omap.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/mmc/host/sdhci-omap.c
+++ b/drivers/mmc/host/sdhci-omap.c
@@ -1439,6 +1439,9 @@ static int __maybe_unused sdhci_omap_run
struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
struct sdhci_omap_host *omap_host = sdhci_pltfm_priv(pltfm_host);
+ if (host->tuning_mode != SDHCI_TUNING_MODE_3)
+ mmc_retune_needed(host->mmc);
+
if (omap_host->con != -EINVAL)
sdhci_runtime_suspend_host(host);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 332/396] mmc: core: Initialize mmc_blk_ioc_data
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (330 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 331/396] mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 333/396] mmc: core: Avoid negative index with array access Greg Kroah-Hartman
` (75 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mikko Rapeli, Avri Altman,
Adrian Hunter, Francesco Dolcini, Ulf Hansson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikko Rapeli <mikko.rapeli@linaro.org>
commit 0cdfe5b0bf295c0dee97436a8ed13336933a0211 upstream.
Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") adds
flags uint to struct mmc_blk_ioc_data, but it does not get initialized for
RPMB ioctls which now fails.
Let's fix this by always initializing the struct and flags to zero.
Fixes: 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218587
Link: https://lore.kernel.org/all/20231129092535.3278-1-avri.altman@wdc.com/
Cc: stable@vger.kernel.org
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Tested-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Link: https://lore.kernel.org/r/20240313133744.2405325-1-mikko.rapeli@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -413,7 +413,7 @@ static struct mmc_blk_ioc_data *mmc_blk_
struct mmc_blk_ioc_data *idata;
int err;
- idata = kmalloc(sizeof(*idata), GFP_KERNEL);
+ idata = kzalloc(sizeof(*idata), GFP_KERNEL);
if (!idata) {
err = -ENOMEM;
goto out;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 333/396] mmc: core: Avoid negative index with array access
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (331 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 332/396] mmc: core: Initialize mmc_blk_ioc_data Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 334/396] sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Greg Kroah-Hartman
` (74 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mikko Rapeli, Avri Altman,
Francesco Dolcini, Ulf Hansson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikko Rapeli <mikko.rapeli@linaro.org>
commit cf55a7acd1ed38afe43bba1c8a0935b51d1dc014 upstream.
Commit 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu") assigns
prev_idata = idatas[i - 1], but doesn't check that the iterator i is
greater than zero. Let's fix this by adding a check.
Fixes: 4d0c8d0aef63 ("mmc: core: Use mrq.sbc in close-ended ffu")
Link: https://lore.kernel.org/all/20231129092535.3278-1-avri.altman@wdc.com/
Cc: stable@vger.kernel.org
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Reviewed-by: Avri Altman <avri.altman@wdc.com>
Tested-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Link: https://lore.kernel.org/r/20240313133744.2405325-2-mikko.rapeli@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/block.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/mmc/core/block.c
+++ b/drivers/mmc/core/block.c
@@ -488,7 +488,7 @@ static int __mmc_blk_ioctl_cmd(struct mm
if (idata->flags & MMC_BLK_IOC_DROP)
return 0;
- if (idata->flags & MMC_BLK_IOC_SBC)
+ if (idata->flags & MMC_BLK_IOC_SBC && i > 0)
prev_idata = idatas[i - 1];
/*
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 334/396] sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (332 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 333/396] mmc: core: Avoid negative index with array access Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 335/396] block: Do not force full zone append completion in req_bio_endio() Greg Kroah-Hartman
` (73 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, David Thompson, Liming Sun,
Adrian Hunter, Ulf Hansson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Liming Sun <limings@nvidia.com>
commit 03749309909935070253accab314288d332a204d upstream.
This commit disables PM runtime in dwcmshc_remove() to avoid the
error message below when reloading the sdhci-of-dwcmshc.ko
sdhci-dwcmshc MLNXBF30:00: Unbalanced pm_runtime_enable!
Fixes: 48fe8fadbe5e ("mmc: sdhci-of-dwcmshc: Add runtime PM operations")
Reviewed-by: David Thompson <davthompson@nvidia.com>
Signed-off-by: Liming Sun <limings@nvidia.com>
Acked-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/b9155963ffb12d18375002bf9ac9a3f98b727fc8.1710854108.git.limings@nvidia.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-of-dwcmshc.c | 28 +++++++++++++++++-----------
1 file changed, 17 insertions(+), 11 deletions(-)
--- a/drivers/mmc/host/sdhci-of-dwcmshc.c
+++ b/drivers/mmc/host/sdhci-of-dwcmshc.c
@@ -584,6 +584,17 @@ free_pltfm:
return err;
}
+static void dwcmshc_disable_card_clk(struct sdhci_host *host)
+{
+ u16 ctrl;
+
+ ctrl = sdhci_readw(host, SDHCI_CLOCK_CONTROL);
+ if (ctrl & SDHCI_CLOCK_CARD_EN) {
+ ctrl &= ~SDHCI_CLOCK_CARD_EN;
+ sdhci_writew(host, ctrl, SDHCI_CLOCK_CONTROL);
+ }
+}
+
static void dwcmshc_remove(struct platform_device *pdev)
{
struct sdhci_host *host = platform_get_drvdata(pdev);
@@ -591,8 +602,14 @@ static void dwcmshc_remove(struct platfo
struct dwcmshc_priv *priv = sdhci_pltfm_priv(pltfm_host);
struct rk35xx_priv *rk_priv = priv->priv;
+ pm_runtime_get_sync(&pdev->dev);
+ pm_runtime_disable(&pdev->dev);
+ pm_runtime_put_noidle(&pdev->dev);
+
sdhci_remove_host(host, 0);
+ dwcmshc_disable_card_clk(host);
+
clk_disable_unprepare(pltfm_host->clk);
clk_disable_unprepare(priv->bus_clk);
if (rk_priv)
@@ -683,17 +700,6 @@ static void dwcmshc_enable_card_clk(stru
sdhci_writew(host, ctrl, SDHCI_CLOCK_CONTROL);
}
}
-
-static void dwcmshc_disable_card_clk(struct sdhci_host *host)
-{
- u16 ctrl;
-
- ctrl = sdhci_readw(host, SDHCI_CLOCK_CONTROL);
- if (ctrl & SDHCI_CLOCK_CARD_EN) {
- ctrl &= ~SDHCI_CLOCK_CARD_EN;
- sdhci_writew(host, ctrl, SDHCI_CLOCK_CONTROL);
- }
-}
static int dwcmshc_runtime_suspend(struct device *dev)
{
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 335/396] block: Do not force full zone append completion in req_bio_endio()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (333 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 334/396] sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 336/396] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Greg Kroah-Hartman
` (72 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Christoph Hellwig,
Jens Axboe
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 55251fbdf0146c252ceff146a1bb145546f3e034 upstream.
This reverts commit 748dc0b65ec2b4b7b3dbd7befcc4a54fdcac7988.
Partial zone append completions cannot be supported as there is no
guarantees that the fragmented data will be written sequentially in the
same manner as with a full command. Commit 748dc0b65ec2 ("block: fix
partial zone append completion handling in req_bio_endio()") changed
req_bio_endio() to always advance a partially failed BIO by its full
length, but this can lead to incorrect accounting. So revert this
change and let low level device drivers handle this case by always
failing completely zone append operations. With this revert, users will
still see an IO error for a partially completed zone append BIO.
Fixes: 748dc0b65ec2 ("block: fix partial zone append completion handling in req_bio_endio()")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/r/20240328004409.594888-2-dlemoal@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
block/blk-mq.c | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -767,16 +767,11 @@ static void req_bio_endio(struct request
/*
* Partial zone append completions cannot be supported as the
* BIO fragments may end up not being written sequentially.
- * For such case, force the completed nbytes to be equal to
- * the BIO size so that bio_advance() sets the BIO remaining
- * size to 0 and we end up calling bio_endio() before returning.
*/
- if (bio->bi_iter.bi_size != nbytes) {
+ if (bio->bi_iter.bi_size != nbytes)
bio->bi_status = BLK_STS_IOERR;
- nbytes = bio->bi_iter.bi_size;
- } else {
+ else
bio->bi_iter.bi_sector = rq->__sector;
- }
}
bio_advance(bio, nbytes);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 336/396] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (334 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 335/396] block: Do not force full zone append completion in req_bio_endio() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 337/396] nouveau/dmem: handle kcalloc() allocation failure Greg Kroah-Hartman
` (71 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ye Zhang, Dhruva Gole, Lukasz Luba,
Rafael J. Wysocki
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ye Zhang <ye.zhang@rock-chips.com>
commit a26de34b3c77ae3a969654d94be49e433c947e3b upstream.
The issue occurs when the devfreq cooling device uses the EM power model
and the get_real_power() callback is provided by the driver.
The EM power table is sorted ascending,can't index the table by cooling
device state,so convert cooling state to performance state by
dfc->max_state - dfc->capped_state.
Fixes: 615510fe13bd ("thermal: devfreq_cooling: remove old power model and use EM")
Cc: 5.11+ <stable@vger.kernel.org> # 5.11+
Signed-off-by: Ye Zhang <ye.zhang@rock-chips.com>
Reviewed-by: Dhruva Gole <d-gole@ti.com>
Reviewed-by: Lukasz Luba <lukasz.luba@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/thermal/devfreq_cooling.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/thermal/devfreq_cooling.c
+++ b/drivers/thermal/devfreq_cooling.c
@@ -201,7 +201,7 @@ static int devfreq_cooling_get_requested
res = dfc->power_ops->get_real_power(df, power, freq, voltage);
if (!res) {
- state = dfc->capped_state;
+ state = dfc->max_state - dfc->capped_state;
/* Convert EM power into milli-Watts first */
dfc->res_util = dfc->em_pd->table[state].power;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 337/396] nouveau/dmem: handle kcalloc() allocation failure
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (335 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 336/396] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 338/396] net: ll_temac: platform_get_resource replaced by wrong function Greg Kroah-Hartman
` (70 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Danilo Krummrich, Duoming Zhou
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Duoming Zhou <duoming@zju.edu.cn>
commit 16e87fe23d4af6df920406494ced5c0f4354567b upstream.
The kcalloc() in nouveau_dmem_evict_chunk() will return null if
the physical memory has run out. As a result, if we dereference
src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs
will happen.
Moreover, the GPU is going away. If the kcalloc() fails, we could not
evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL
flag in kcalloc().
Finally, as there is no need to have physically contiguous memory,
this patch switches kcalloc() to kvcalloc() in order to avoid
failing allocations.
CC: <stable@vger.kernel.org> # v6.1
Fixes: 249881232e14 ("nouveau/dmem: evict device private memory during release")
Suggested-by: Danilo Krummrich <dakr@redhat.com>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Signed-off-by: Danilo Krummrich <dakr@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240306050104.11259-1-duoming@zju.edu.cn
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/nouveau/nouveau_dmem.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/nouveau/nouveau_dmem.c
+++ b/drivers/gpu/drm/nouveau/nouveau_dmem.c
@@ -378,9 +378,9 @@ nouveau_dmem_evict_chunk(struct nouveau_
dma_addr_t *dma_addrs;
struct nouveau_fence *fence;
- src_pfns = kcalloc(npages, sizeof(*src_pfns), GFP_KERNEL);
- dst_pfns = kcalloc(npages, sizeof(*dst_pfns), GFP_KERNEL);
- dma_addrs = kcalloc(npages, sizeof(*dma_addrs), GFP_KERNEL);
+ src_pfns = kvcalloc(npages, sizeof(*src_pfns), GFP_KERNEL | __GFP_NOFAIL);
+ dst_pfns = kvcalloc(npages, sizeof(*dst_pfns), GFP_KERNEL | __GFP_NOFAIL);
+ dma_addrs = kvcalloc(npages, sizeof(*dma_addrs), GFP_KERNEL | __GFP_NOFAIL);
migrate_device_range(src_pfns, chunk->pagemap.range.start >> PAGE_SHIFT,
npages);
@@ -406,11 +406,11 @@ nouveau_dmem_evict_chunk(struct nouveau_
migrate_device_pages(src_pfns, dst_pfns, npages);
nouveau_dmem_fence_done(&fence);
migrate_device_finalize(src_pfns, dst_pfns, npages);
- kfree(src_pfns);
- kfree(dst_pfns);
+ kvfree(src_pfns);
+ kvfree(dst_pfns);
for (i = 0; i < npages; i++)
dma_unmap_page(chunk->drm->dev->dev, dma_addrs[i], PAGE_SIZE, DMA_BIDIRECTIONAL);
- kfree(dma_addrs);
+ kvfree(dma_addrs);
}
void
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 338/396] net: ll_temac: platform_get_resource replaced by wrong function
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (336 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 337/396] nouveau/dmem: handle kcalloc() allocation failure Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 339/396] drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Greg Kroah-Hartman
` (69 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Claus Hansen Ries, Simon Horman,
Jakub Kicinski
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Claus Hansen Ries <chr@terma.com>
commit 3a38a829c8bc27d78552c28e582eb1d885d07d11 upstream.
The function platform_get_resource was replaced with
devm_platform_ioremap_resource_byname and is called using 0 as name.
This eventually ends up in platform_get_resource_byname in the call
stack, where it causes a null pointer in strcmp.
if (type == resource_type(r) && !strcmp(r->name, name))
It should have been replaced with devm_platform_ioremap_resource.
Fixes: bd69058f50d5 ("net: ll_temac: Use devm_platform_ioremap_resource_byname()")
Signed-off-by: Claus Hansen Ries <chr@terma.com>
Cc: stable@vger.kernel.org
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/cca18f9c630a41c18487729770b492bb@terma.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/xilinx/ll_temac_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/xilinx/ll_temac_main.c
+++ b/drivers/net/ethernet/xilinx/ll_temac_main.c
@@ -1443,7 +1443,7 @@ static int temac_probe(struct platform_d
}
/* map device registers */
- lp->regs = devm_platform_ioremap_resource_byname(pdev, 0);
+ lp->regs = devm_platform_ioremap_resource(pdev, 0);
if (IS_ERR(lp->regs)) {
dev_err(&pdev->dev, "could not map TEMAC registers\n");
return -ENOMEM;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 339/396] drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (337 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 338/396] net: ll_temac: platform_get_resource replaced by wrong function Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 340/396] drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Greg Kroah-Hartman
` (68 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Jocelyn Falempe, Zack Rusin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jocelyn Falempe <jfalempe@redhat.com>
commit 4be9075fec0a639384ed19975634b662bfab938f upstream.
The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the
corresponding ttm_resource_manager is not allocated.
This leads to a crash when trying to read from this file.
Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file
only when the corresponding ttm_resource_manager is allocated.
crash> bt
PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep"
#0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3
#1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a
#2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1
#3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1
#4 [ffffb954506b3c70] no_context at ffffffffb2a7e913
#5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c
#6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887
#7 [ffffb954506b3d40] page_fault at ffffffffb360116e
[exception RIP: ttm_resource_manager_debug+0x11]
RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246
RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940
RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000
RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000
R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff
R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200
ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
#8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]
#9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3
RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246
RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985
RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003
RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000
R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003
ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
Fixes: af4a25bbe5e7 ("drm/vmwgfx: Add debugfs entries for various ttm resource managers")
Cc: <stable@vger.kernel.org>
Reviewed-by: Zack Rusin <zack.rusin@broadcom.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240312093551.196609-1-jfalempe@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
--- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.c
@@ -1444,12 +1444,15 @@ static void vmw_debugfs_resource_manager
root, "system_ttm");
ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, TTM_PL_VRAM),
root, "vram_ttm");
- ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_GMR),
- root, "gmr_ttm");
- ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_MOB),
- root, "mob_ttm");
- ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_SYSTEM),
- root, "system_mob_ttm");
+ if (vmw->has_gmr)
+ ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_GMR),
+ root, "gmr_ttm");
+ if (vmw->has_mob) {
+ ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_MOB),
+ root, "mob_ttm");
+ ttm_resource_manager_create_debugfs(ttm_manager_type(&vmw->bdev, VMW_PL_SYSTEM),
+ root, "system_mob_ttm");
+ }
}
static int vmwgfx_pm_notifier(struct notifier_block *nb, unsigned long val,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 340/396] drm/amdkfd: fix TLB flush after unmap for GFX9.4.2
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (338 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 339/396] drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 341/396] drm/amdgpu: fix deadlock while reading mqd from debugfs Greg Kroah-Hartman
` (67 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Huang, Harish Kasiviswanathan,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Huang <jinhuieric.huang@amd.com>
commit 1210e2f1033dc56b666c9f6dfb761a2d3f9f5d6c upstream.
TLB flush after unmap accidentially was removed on
gfx9.4.2. It is to add it back.
Signed-off-by: Eric Huang <jinhuieric.huang@amd.com>
Reviewed-by: Harish Kasiviswanathan <Harish.Kasiviswanathan@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
+++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h
@@ -1466,7 +1466,7 @@ void kfd_flush_tlb(struct kfd_process_de
static inline bool kfd_flush_tlb_after_unmap(struct kfd_dev *dev)
{
- return KFD_GC_VERSION(dev) > IP_VERSION(9, 4, 2) ||
+ return KFD_GC_VERSION(dev) >= IP_VERSION(9, 4, 2) ||
(KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && dev->sdma_fw_version >= 18) ||
KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 0);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 341/396] drm/amdgpu: fix deadlock while reading mqd from debugfs
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (339 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 340/396] drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 342/396] drm/i915/hwmon: Fix locking inversion in sysfs getter Greg Kroah-Hartman
` (66 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shashank Sharma, Johannes Weiner,
Alex Deucher
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Weiner <hannes@cmpxchg.org>
commit 8678b1060ae2b75feb60b87e5b75e17374e3c1c5 upstream.
An errant disk backup on my desktop got into debugfs and triggered the
following deadlock scenario in the amdgpu debugfs files. The machine
also hard-resets immediately after those lines are printed (although I
wasn't able to reproduce that part when reading by hand):
[ 1318.016074][ T1082] ======================================================
[ 1318.016607][ T1082] WARNING: possible circular locking dependency detected
[ 1318.017107][ T1082] 6.8.0-rc7-00015-ge0c8221b72c0 #17 Not tainted
[ 1318.017598][ T1082] ------------------------------------------------------
[ 1318.018096][ T1082] tar/1082 is trying to acquire lock:
[ 1318.018585][ T1082] ffff98c44175d6a0 (&mm->mmap_lock){++++}-{3:3}, at: __might_fault+0x40/0x80
[ 1318.019084][ T1082]
[ 1318.019084][ T1082] but task is already holding lock:
[ 1318.020052][ T1082] ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]
[ 1318.020607][ T1082]
[ 1318.020607][ T1082] which lock already depends on the new lock.
[ 1318.020607][ T1082]
[ 1318.022081][ T1082]
[ 1318.022081][ T1082] the existing dependency chain (in reverse order) is:
[ 1318.023083][ T1082]
[ 1318.023083][ T1082] -> #2 (reservation_ww_class_mutex){+.+.}-{3:3}:
[ 1318.024114][ T1082] __ww_mutex_lock.constprop.0+0xe0/0x12f0
[ 1318.024639][ T1082] ww_mutex_lock+0x32/0x90
[ 1318.025161][ T1082] dma_resv_lockdep+0x18a/0x330
[ 1318.025683][ T1082] do_one_initcall+0x6a/0x350
[ 1318.026210][ T1082] kernel_init_freeable+0x1a3/0x310
[ 1318.026728][ T1082] kernel_init+0x15/0x1a0
[ 1318.027242][ T1082] ret_from_fork+0x2c/0x40
[ 1318.027759][ T1082] ret_from_fork_asm+0x11/0x20
[ 1318.028281][ T1082]
[ 1318.028281][ T1082] -> #1 (reservation_ww_class_acquire){+.+.}-{0:0}:
[ 1318.029297][ T1082] dma_resv_lockdep+0x16c/0x330
[ 1318.029790][ T1082] do_one_initcall+0x6a/0x350
[ 1318.030263][ T1082] kernel_init_freeable+0x1a3/0x310
[ 1318.030722][ T1082] kernel_init+0x15/0x1a0
[ 1318.031168][ T1082] ret_from_fork+0x2c/0x40
[ 1318.031598][ T1082] ret_from_fork_asm+0x11/0x20
[ 1318.032011][ T1082]
[ 1318.032011][ T1082] -> #0 (&mm->mmap_lock){++++}-{3:3}:
[ 1318.032778][ T1082] __lock_acquire+0x14bf/0x2680
[ 1318.033141][ T1082] lock_acquire+0xcd/0x2c0
[ 1318.033487][ T1082] __might_fault+0x58/0x80
[ 1318.033814][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu]
[ 1318.034181][ T1082] full_proxy_read+0x55/0x80
[ 1318.034487][ T1082] vfs_read+0xa7/0x360
[ 1318.034788][ T1082] ksys_read+0x70/0xf0
[ 1318.035085][ T1082] do_syscall_64+0x94/0x180
[ 1318.035375][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e
[ 1318.035664][ T1082]
[ 1318.035664][ T1082] other info that might help us debug this:
[ 1318.035664][ T1082]
[ 1318.036487][ T1082] Chain exists of:
[ 1318.036487][ T1082] &mm->mmap_lock --> reservation_ww_class_acquire --> reservation_ww_class_mutex
[ 1318.036487][ T1082]
[ 1318.037310][ T1082] Possible unsafe locking scenario:
[ 1318.037310][ T1082]
[ 1318.037838][ T1082] CPU0 CPU1
[ 1318.038101][ T1082] ---- ----
[ 1318.038350][ T1082] lock(reservation_ww_class_mutex);
[ 1318.038590][ T1082] lock(reservation_ww_class_acquire);
[ 1318.038839][ T1082] lock(reservation_ww_class_mutex);
[ 1318.039083][ T1082] rlock(&mm->mmap_lock);
[ 1318.039328][ T1082]
[ 1318.039328][ T1082] *** DEADLOCK ***
[ 1318.039328][ T1082]
[ 1318.040029][ T1082] 1 lock held by tar/1082:
[ 1318.040259][ T1082] #0: ffff98c4c13f55f8 (reservation_ww_class_mutex){+.+.}-{3:3}, at: amdgpu_debugfs_mqd_read+0x6a/0x250 [amdgpu]
[ 1318.040560][ T1082]
[ 1318.040560][ T1082] stack backtrace:
[ 1318.041053][ T1082] CPU: 22 PID: 1082 Comm: tar Not tainted 6.8.0-rc7-00015-ge0c8221b72c0 #17 3316c85d50e282c5643b075d1f01a4f6365e39c2
[ 1318.041329][ T1082] Hardware name: Gigabyte Technology Co., Ltd. B650 AORUS PRO AX/B650 AORUS PRO AX, BIOS F20 12/14/2023
[ 1318.041614][ T1082] Call Trace:
[ 1318.041895][ T1082] <TASK>
[ 1318.042175][ T1082] dump_stack_lvl+0x4a/0x80
[ 1318.042460][ T1082] check_noncircular+0x145/0x160
[ 1318.042743][ T1082] __lock_acquire+0x14bf/0x2680
[ 1318.043022][ T1082] lock_acquire+0xcd/0x2c0
[ 1318.043301][ T1082] ? __might_fault+0x40/0x80
[ 1318.043580][ T1082] ? __might_fault+0x40/0x80
[ 1318.043856][ T1082] __might_fault+0x58/0x80
[ 1318.044131][ T1082] ? __might_fault+0x40/0x80
[ 1318.044408][ T1082] amdgpu_debugfs_mqd_read+0x103/0x250 [amdgpu 8fe2afaa910cbd7654c8cab23563a94d6caebaab]
[ 1318.044749][ T1082] full_proxy_read+0x55/0x80
[ 1318.045042][ T1082] vfs_read+0xa7/0x360
[ 1318.045333][ T1082] ksys_read+0x70/0xf0
[ 1318.045623][ T1082] do_syscall_64+0x94/0x180
[ 1318.045913][ T1082] ? do_syscall_64+0xa0/0x180
[ 1318.046201][ T1082] ? lockdep_hardirqs_on+0x7d/0x100
[ 1318.046487][ T1082] ? do_syscall_64+0xa0/0x180
[ 1318.046773][ T1082] ? do_syscall_64+0xa0/0x180
[ 1318.047057][ T1082] ? do_syscall_64+0xa0/0x180
[ 1318.047337][ T1082] ? do_syscall_64+0xa0/0x180
[ 1318.047611][ T1082] entry_SYSCALL_64_after_hwframe+0x46/0x4e
[ 1318.047887][ T1082] RIP: 0033:0x7f480b70a39d
[ 1318.048162][ T1082] Code: 91 ba 0d 00 f7 d8 64 89 02 b8 ff ff ff ff eb b2 e8 18 a3 01 00 0f 1f 84 00 00 00 00 00 80 3d a9 3c 0e 00 00 74 17 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 5b c3 66 2e 0f 1f 84 00 00 00 00 00 53 48 83
[ 1318.048769][ T1082] RSP: 002b:00007ffde77f5c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1318.049083][ T1082] RAX: ffffffffffffffda RBX: 0000000000000800 RCX: 00007f480b70a39d
[ 1318.049392][ T1082] RDX: 0000000000000800 RSI: 000055c9f2120c00 RDI: 0000000000000008
[ 1318.049703][ T1082] RBP: 0000000000000800 R08: 000055c9f2120a94 R09: 0000000000000007
[ 1318.050011][ T1082] R10: 0000000000000000 R11: 0000000000000246 R12: 000055c9f2120c00
[ 1318.050324][ T1082] R13: 0000000000000008 R14: 0000000000000008 R15: 0000000000000800
[ 1318.050638][ T1082] </TASK>
amdgpu_debugfs_mqd_read() holds a reservation when it calls
put_user(), which may fault and acquire the mmap_sem. This violates
the established locking order.
Bounce the mqd data through a kernel buffer to get put_user() out of
the illegal section.
Fixes: 445d85e3c1df ("drm/amdgpu: add debugfs interface for reading MQDs")
Cc: stable@vger.kernel.org # v6.5+
Reviewed-by: Shashank Sharma <shashank.sharma@amd.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 46 +++++++++++++++++++------------
1 file changed, 29 insertions(+), 17 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c
@@ -520,46 +520,58 @@ static ssize_t amdgpu_debugfs_mqd_read(s
{
struct amdgpu_ring *ring = file_inode(f)->i_private;
volatile u32 *mqd;
- int r;
+ u32 *kbuf;
+ int r, i;
uint32_t value, result;
if (*pos & 3 || size & 3)
return -EINVAL;
- result = 0;
+ kbuf = kmalloc(ring->mqd_size, GFP_KERNEL);
+ if (!kbuf)
+ return -ENOMEM;
r = amdgpu_bo_reserve(ring->mqd_obj, false);
if (unlikely(r != 0))
- return r;
+ goto err_free;
r = amdgpu_bo_kmap(ring->mqd_obj, (void **)&mqd);
- if (r) {
- amdgpu_bo_unreserve(ring->mqd_obj);
- return r;
- }
+ if (r)
+ goto err_unreserve;
+
+ /*
+ * Copy to local buffer to avoid put_user(), which might fault
+ * and acquire mmap_sem, under reservation_ww_class_mutex.
+ */
+ for (i = 0; i < ring->mqd_size/sizeof(u32); i++)
+ kbuf[i] = mqd[i];
+
+ amdgpu_bo_kunmap(ring->mqd_obj);
+ amdgpu_bo_unreserve(ring->mqd_obj);
+ result = 0;
while (size) {
if (*pos >= ring->mqd_size)
- goto done;
+ break;
- value = mqd[*pos/4];
+ value = kbuf[*pos/4];
r = put_user(value, (uint32_t *)buf);
if (r)
- goto done;
+ goto err_free;
buf += 4;
result += 4;
size -= 4;
*pos += 4;
}
-done:
- amdgpu_bo_kunmap(ring->mqd_obj);
- mqd = NULL;
- amdgpu_bo_unreserve(ring->mqd_obj);
- if (r)
- return r;
-
+ kfree(kbuf);
return result;
+
+err_unreserve:
+ amdgpu_bo_unreserve(ring->mqd_obj);
+err_free:
+ kfree(kbuf);
+ return r;
}
static const struct file_operations amdgpu_debugfs_mqd_fops = {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 342/396] drm/i915/hwmon: Fix locking inversion in sysfs getter
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (340 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 341/396] drm/amdgpu: fix deadlock while reading mqd from debugfs Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 343/396] drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Greg Kroah-Hartman
` (65 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Janusz Krzysztofik, Rodrigo Vivi,
Guenter Roeck, Ashutosh Dixit, Andi Shyti
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
commit b212b79768ccde74429f872c37618c543fa11333 upstream.
In i915 hwmon sysfs getter path we now take a hwmon_lock, then acquire an
rpm wakeref. That results in lock inversion:
<4> [197.079335] ======================================================
<4> [197.085473] WARNING: possible circular locking dependency detected
<4> [197.091611] 6.8.0-rc7-Patchwork_129026v7-gc4dc92fb1152+ #1 Not tainted
<4> [197.098096] ------------------------------------------------------
<4> [197.104231] prometheus-node/839 is trying to acquire lock:
<4> [197.109680] ffffffff82764d80 (fs_reclaim){+.+.}-{0:0}, at: __kmalloc+0x9a/0x350
<4> [197.116939]
but task is already holding lock:
<4> [197.122730] ffff88811b772a40 (&hwmon->hwmon_lock){+.+.}-{3:3}, at: hwm_energy+0x4b/0x100 [i915]
<4> [197.131543]
which lock already depends on the new lock.
...
<4> [197.507922] Chain exists of:
fs_reclaim --> >->reset.mutex --> &hwmon->hwmon_lock
<4> [197.518528] Possible unsafe locking scenario:
<4> [197.524411] CPU0 CPU1
<4> [197.528916] ---- ----
<4> [197.533418] lock(&hwmon->hwmon_lock);
<4> [197.537237] lock(>->reset.mutex);
<4> [197.543376] lock(&hwmon->hwmon_lock);
<4> [197.549682] lock(fs_reclaim);
...
<4> [197.632548] Call Trace:
<4> [197.634990] <TASK>
<4> [197.637088] dump_stack_lvl+0x64/0xb0
<4> [197.640738] check_noncircular+0x15e/0x180
<4> [197.652968] check_prev_add+0xe9/0xce0
<4> [197.656705] __lock_acquire+0x179f/0x2300
<4> [197.660694] lock_acquire+0xd8/0x2d0
<4> [197.673009] fs_reclaim_acquire+0xa1/0xd0
<4> [197.680478] __kmalloc+0x9a/0x350
<4> [197.689063] acpi_ns_internalize_name.part.0+0x4a/0xb0
<4> [197.694170] acpi_ns_get_node_unlocked+0x60/0xf0
<4> [197.720608] acpi_ns_get_node+0x3b/0x60
<4> [197.724428] acpi_get_handle+0x57/0xb0
<4> [197.728164] acpi_has_method+0x20/0x50
<4> [197.731896] acpi_pci_set_power_state+0x43/0x120
<4> [197.736485] pci_power_up+0x24/0x1c0
<4> [197.740047] pci_pm_default_resume_early+0x9/0x30
<4> [197.744725] pci_pm_runtime_resume+0x2d/0x90
<4> [197.753911] __rpm_callback+0x3c/0x110
<4> [197.762586] rpm_callback+0x58/0x70
<4> [197.766064] rpm_resume+0x51e/0x730
<4> [197.769542] rpm_resume+0x267/0x730
<4> [197.773020] rpm_resume+0x267/0x730
<4> [197.776498] rpm_resume+0x267/0x730
<4> [197.779974] __pm_runtime_resume+0x49/0x90
<4> [197.784055] __intel_runtime_pm_get+0x19/0xa0 [i915]
<4> [197.789070] hwm_energy+0x55/0x100 [i915]
<4> [197.793183] hwm_read+0x9a/0x310 [i915]
<4> [197.797124] hwmon_attr_show+0x36/0x120
<4> [197.800946] dev_attr_show+0x15/0x60
<4> [197.804509] sysfs_kf_seq_show+0xb5/0x100
Acquire the wakeref before the lock and hold it as long as the lock is
also held. Follow that pattern across the whole source file where similar
lock inversion can happen.
v2: Keep hardware read under the lock so the whole operation of updating
energy from hardware is still atomic (Guenter),
- instead, acquire the rpm wakeref before the lock and hold it as long
as the lock is held,
- use the same aproach for other similar places across the i915_hwmon.c
source file (Rodrigo).
Fixes: 1b44019a93e2 ("drm/i915/guc: Disable PL1 power limit when loading GuC firmware")
Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Cc: <stable@vger.kernel.org> # v6.5+
Reviewed-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240311203500.518675-2-janusz.krzysztofik@linux.intel.com
(cherry picked from commit 71b218771426ea84c0e0148a2b7ac52c1f76e792)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/i915_hwmon.c | 37 ++++++++++++++++---------------
1 file changed, 19 insertions(+), 18 deletions(-)
diff --git a/drivers/gpu/drm/i915/i915_hwmon.c b/drivers/gpu/drm/i915/i915_hwmon.c
index 8c3f443c8347..b758fd110c20 100644
--- a/drivers/gpu/drm/i915/i915_hwmon.c
+++ b/drivers/gpu/drm/i915/i915_hwmon.c
@@ -72,12 +72,13 @@ hwm_locked_with_pm_intel_uncore_rmw(struct hwm_drvdata *ddat,
struct intel_uncore *uncore = ddat->uncore;
intel_wakeref_t wakeref;
- mutex_lock(&hwmon->hwmon_lock);
+ with_intel_runtime_pm(uncore->rpm, wakeref) {
+ mutex_lock(&hwmon->hwmon_lock);
- with_intel_runtime_pm(uncore->rpm, wakeref)
intel_uncore_rmw(uncore, reg, clear, set);
- mutex_unlock(&hwmon->hwmon_lock);
+ mutex_unlock(&hwmon->hwmon_lock);
+ }
}
/*
@@ -136,20 +137,21 @@ hwm_energy(struct hwm_drvdata *ddat, long *energy)
else
rgaddr = hwmon->rg.energy_status_all;
- mutex_lock(&hwmon->hwmon_lock);
+ with_intel_runtime_pm(uncore->rpm, wakeref) {
+ mutex_lock(&hwmon->hwmon_lock);
- with_intel_runtime_pm(uncore->rpm, wakeref)
reg_val = intel_uncore_read(uncore, rgaddr);
- if (reg_val >= ei->reg_val_prev)
- ei->accum_energy += reg_val - ei->reg_val_prev;
- else
- ei->accum_energy += UINT_MAX - ei->reg_val_prev + reg_val;
- ei->reg_val_prev = reg_val;
+ if (reg_val >= ei->reg_val_prev)
+ ei->accum_energy += reg_val - ei->reg_val_prev;
+ else
+ ei->accum_energy += UINT_MAX - ei->reg_val_prev + reg_val;
+ ei->reg_val_prev = reg_val;
- *energy = mul_u64_u32_shr(ei->accum_energy, SF_ENERGY,
- hwmon->scl_shift_energy);
- mutex_unlock(&hwmon->hwmon_lock);
+ *energy = mul_u64_u32_shr(ei->accum_energy, SF_ENERGY,
+ hwmon->scl_shift_energy);
+ mutex_unlock(&hwmon->hwmon_lock);
+ }
}
static ssize_t
@@ -404,6 +406,7 @@ hwm_power_max_write(struct hwm_drvdata *ddat, long val)
/* Block waiting for GuC reset to complete when needed */
for (;;) {
+ wakeref = intel_runtime_pm_get(ddat->uncore->rpm);
mutex_lock(&hwmon->hwmon_lock);
prepare_to_wait(&ddat->waitq, &wait, TASK_INTERRUPTIBLE);
@@ -417,14 +420,13 @@ hwm_power_max_write(struct hwm_drvdata *ddat, long val)
}
mutex_unlock(&hwmon->hwmon_lock);
+ intel_runtime_pm_put(ddat->uncore->rpm, wakeref);
schedule();
}
finish_wait(&ddat->waitq, &wait);
if (ret)
- goto unlock;
-
- wakeref = intel_runtime_pm_get(ddat->uncore->rpm);
+ goto exit;
/* Disable PL1 limit and verify, because the limit cannot be disabled on all platforms */
if (val == PL1_DISABLE) {
@@ -444,9 +446,8 @@ hwm_power_max_write(struct hwm_drvdata *ddat, long val)
intel_uncore_rmw(ddat->uncore, hwmon->rg.pkg_rapl_limit,
PKG_PWR_LIM_1_EN | PKG_PWR_LIM_1, nval);
exit:
- intel_runtime_pm_put(ddat->uncore->rpm, wakeref);
-unlock:
mutex_unlock(&hwmon->hwmon_lock);
+ intel_runtime_pm_put(ddat->uncore->rpm, wakeref);
return ret;
}
--
2.44.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 343/396] drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (341 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 342/396] drm/i915/hwmon: Fix locking inversion in sysfs getter Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 344/396] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Greg Kroah-Hartman
` (64 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä, Jani Nikula,
Rodrigo Vivi
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 32e39bab59934bfd3f37097d4dd85ac5eb0fd549 upstream.
If we have no VBT, or the VBT didn't declare the encoder
in question, we won't have the 'devdata' for the encoder.
Instead of oopsing just bail early.
We won't be able to tell whether the port is DP++ or not,
but so be it.
Cc: stable@vger.kernel.org
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10464
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240319092443.15769-1-ville.syrjala@linux.intel.com
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/intel_bios.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/gpu/drm/i915/display/intel_bios.c
+++ b/drivers/gpu/drm/i915/display/intel_bios.c
@@ -3313,6 +3313,9 @@ bool intel_bios_encoder_supports_dp_dual
{
const struct child_device_config *child = &devdata->child;
+ if (!devdata)
+ return false;
+
if (!intel_bios_encoder_supports_dp(devdata) ||
!intel_bios_encoder_supports_hdmi(devdata))
return false;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 344/396] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (342 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 343/396] drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 345/396] drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Greg Kroah-Hartman
` (63 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ville Syrjälä, Jani Nikula,
Rodrigo Vivi
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ville Syrjälä <ville.syrjala@linux.intel.com>
commit 18846627ef1210dcd55d65342b055ea97a46ffff upstream.
Reinstate commit 88b065943cb5 ("drm/i915/dsi: Do display on
sequence later on icl+"), for the most part. Turns out some
machines (eg. Chuwi Minibook X) really do need that updated order.
It is also the order the Windows driver uses.
However we can't just undo the revert since that would again
break Lenovo 82TQ. After staring at the VBT sequences for both
machines I've concluded that the Lenovo 82TQ sequences look
somewhat broken:
- INIT_OTP is not present at all
- what should be in INIT_OTP is found in DISPLAY_ON
- what should be in DISPLAY_ON is found in BACKLIGHT_ON
(along with the actual backlight stuff)
The Chuwi Minibook X on the other hand has a full complement
of sequences in its VBT.
So let's try to deal with the broken sequences in the
Lenovo 82TQ VBT by simply swapping the (non-existent)
INIT_OTP sequence with the DISPLAY_ON sequence. Thus we
execute DISPLAY_ON when intending to execute INIT_OTP,
and execute nothing at all when intending to execute
DISPLAY_ON. That should be 100% equivalent to the
revert, for such broken VBTs.
Cc: stable@vger.kernel.org
Fixes: 6992eb815d08 ("Revert "drm/i915/dsi: Do display on sequence later on icl+"")
References: https://gitlab.freedesktop.org/drm/intel/-/issues/10071
Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/10334
Signed-off-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240305083659.8396-1-ville.syrjala@linux.intel.com
Acked-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 94ae4612ea336bfc3c12b3fc68467c6711a4f39b)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/icl_dsi.c | 3 +-
drivers/gpu/drm/i915/display/intel_bios.c | 43 +++++++++++++++++++++++++-----
2 files changed, 39 insertions(+), 7 deletions(-)
--- a/drivers/gpu/drm/i915/display/icl_dsi.c
+++ b/drivers/gpu/drm/i915/display/icl_dsi.c
@@ -1155,7 +1155,6 @@ static void gen11_dsi_powerup_panel(stru
}
intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_INIT_OTP);
- intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON);
/* ensure all panel commands dispatched before enabling transcoder */
wait_for_cmds_dispatched_to_panel(encoder);
@@ -1256,6 +1255,8 @@ static void gen11_dsi_enable(struct inte
/* step6d: enable dsi transcoder */
gen11_dsi_enable_transcoder(encoder);
+ intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DISPLAY_ON);
+
/* step7: enable backlight */
intel_backlight_enable(crtc_state, conn_state);
intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_BACKLIGHT_ON);
--- a/drivers/gpu/drm/i915/display/intel_bios.c
+++ b/drivers/gpu/drm/i915/display/intel_bios.c
@@ -1945,16 +1945,12 @@ static int get_init_otp_deassert_fragmen
* these devices we split the init OTP sequence into a deassert sequence and
* the actual init OTP part.
*/
-static void fixup_mipi_sequences(struct drm_i915_private *i915,
- struct intel_panel *panel)
+static void vlv_fixup_mipi_sequences(struct drm_i915_private *i915,
+ struct intel_panel *panel)
{
u8 *init_otp;
int len;
- /* Limit this to VLV for now. */
- if (!IS_VALLEYVIEW(i915))
- return;
-
/* Limit this to v1 vid-mode sequences */
if (panel->vbt.dsi.config->is_cmd_mode ||
panel->vbt.dsi.seq_version != 1)
@@ -1990,6 +1986,41 @@ static void fixup_mipi_sequences(struct
panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] = init_otp + len - 1;
}
+/*
+ * Some machines (eg. Lenovo 82TQ) appear to have broken
+ * VBT sequences:
+ * - INIT_OTP is not present at all
+ * - what should be in INIT_OTP is in DISPLAY_ON
+ * - what should be in DISPLAY_ON is in BACKLIGHT_ON
+ * (along with the actual backlight stuff)
+ *
+ * To make those work we simply swap DISPLAY_ON and INIT_OTP.
+ *
+ * TODO: Do we need to limit this to specific machines,
+ * or examine the contents of the sequences to
+ * avoid false positives?
+ */
+static void icl_fixup_mipi_sequences(struct drm_i915_private *i915,
+ struct intel_panel *panel)
+{
+ if (!panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP] &&
+ panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]) {
+ drm_dbg_kms(&i915->drm, "Broken VBT: Swapping INIT_OTP and DISPLAY_ON sequences\n");
+
+ swap(panel->vbt.dsi.sequence[MIPI_SEQ_INIT_OTP],
+ panel->vbt.dsi.sequence[MIPI_SEQ_DISPLAY_ON]);
+ }
+}
+
+static void fixup_mipi_sequences(struct drm_i915_private *i915,
+ struct intel_panel *panel)
+{
+ if (DISPLAY_VER(i915) >= 11)
+ icl_fixup_mipi_sequences(i915, panel);
+ else if (IS_VALLEYVIEW(i915))
+ vlv_fixup_mipi_sequences(i915, panel);
+}
+
static void
parse_mipi_sequence(struct drm_i915_private *i915,
struct intel_panel *panel)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 345/396] drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (343 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 344/396] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 346/396] drm/i915/gt: Reset queue_priority_hint on parking Greg Kroah-Hartman
` (62 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Jonathon Hall, Jani Nikula,
Rodrigo Vivi
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jonathon Hall <jonathon.hall@puri.sm>
commit e41d769f1a7a1dc533c35ef7b366be3dbf432a1c upstream.
Since commit 0c65dc062611 ("drm/i915/jsl: s/JSL/JASPERLAKE for
platform/subplatform defines"), boot freezes on a Jasper Lake tablet
(Librem 11), usually with graphical corruption on the eDP display,
but sometimes just a black screen. This commit was included in 6.6 and
later.
That commit was intended to refactor EHL and JSL macros, but the change
to ehl_combo_pll_div_frac_wa_needed() started matching JSL incorrectly
when it was only intended to match EHL.
It replaced:
return ((IS_PLATFORM(i915, INTEL_ELKHARTLAKE) &&
IS_JSL_EHL_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) ||
with:
return (((IS_ELKHARTLAKE(i915) || IS_JASPERLAKE(i915)) &&
IS_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) ||
Remove IS_JASPERLAKE() to fix the regression.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
Cc: stable@vger.kernel.org
Fixes: 0c65dc062611 ("drm/i915/jsl: s/JSL/JASPERLAKE for platform/subplatform defines")
Reviewed-by: Jani Nikula <jani.nikula@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240313135424.3731410-1-jonathon.hall@puri.sm
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
(cherry picked from commit 1ef48859317b2a77672dea8682df133abf9c44ed)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/display/intel_dpll_mgr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/i915/display/intel_dpll_mgr.c
+++ b/drivers/gpu/drm/i915/display/intel_dpll_mgr.c
@@ -2462,7 +2462,7 @@ static void icl_wrpll_params_populate(st
static bool
ehl_combo_pll_div_frac_wa_needed(struct drm_i915_private *i915)
{
- return (((IS_ELKHARTLAKE(i915) || IS_JASPERLAKE(i915)) &&
+ return ((IS_ELKHARTLAKE(i915) &&
IS_DISPLAY_STEP(i915, STEP_B0, STEP_FOREVER)) ||
IS_TIGERLAKE(i915) || IS_ALDERLAKE_S(i915) || IS_ALDERLAKE_P(i915)) &&
i915->display.dpll.ref_clks.nssc == 38400;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 346/396] drm/i915/gt: Reset queue_priority_hint on parking
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (344 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 345/396] drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 347/396] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Greg Kroah-Hartman
` (61 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Chris Wilson, Janusz Krzysztofik,
Mika Kuoppala, Rodrigo Vivi, Andi Shyti
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Chris Wilson <chris@chris-wilson.co.uk>
commit 4a3859ea5240365d21f6053ee219bb240d520895 upstream.
Originally, with strict in order execution, we could complete execution
only when the queue was empty. Preempt-to-busy allows replacement of an
active request that may complete before the preemption is processed by
HW. If that happens, the request is retired from the queue, but the
queue_priority_hint remains set, preventing direct submission until
after the next CS interrupt is processed.
This preempt-to-busy race can be triggered by the heartbeat, which will
also act as the power-management barrier and upon completion allow us to
idle the HW. We may process the completion of the heartbeat, and begin
parking the engine before the CS event that restores the
queue_priority_hint, causing us to fail the assertion that it is MIN.
<3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))
<0>[ 166.210781] Dumping ftrace buffer:
<0>[ 166.210795] ---------------------------------
...
<0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 }
<0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646
<0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0
<0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659
<0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40
<0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 }
<0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2
<0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin
<0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2
<0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin
<0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660
<0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns }
<0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked
<0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040
<0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns }
<0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns }
<0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))
<0>[ 167.303811] ---------------------------------
<4>[ 167.304722] ------------[ cut here ]------------
<2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283!
<4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1
<4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022
<4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915]
<4>[ 167.304839] RIP: 0010:__engine_park+0x3fd/0x680 [i915]
<4>[ 167.304937] Code: 00 48 c7 c2 b0 e5 86 a0 48 8d 3d 00 00 00 00 e8 79 48 d4 e0 bf 01 00 00 00 e8 ef 0a d4 e0 31 f6 bf 09 00 00 00 e8 03 49 c0 e0 <0f> 0b 0f 0b be 01 00 00 00 e8 f5 61 fd ff 31 c0 e9 34 fd ff ff 48
<4>[ 167.304940] RSP: 0018:ffffc9000059fce0 EFLAGS: 00010246
<4>[ 167.304942] RAX: 0000000000000200 RBX: 0000000000000000 RCX: 0000000000000006
<4>[ 167.304944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009
<4>[ 167.304946] RBP: ffff8881330ca1b0 R08: 0000000000000001 R09: 0000000000000001
<4>[ 167.304947] R10: 0000000000000001 R11: 0000000000000001 R12: ffff8881330ca000
<4>[ 167.304948] R13: ffff888110f02aa0 R14: ffff88812d1d0205 R15: ffff88811277d4f0
<4>[ 167.304950] FS: 0000000000000000(0000) GS:ffff88844f780000(0000) knlGS:0000000000000000
<4>[ 167.304952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 167.304953] CR2: 00007fc362200c40 CR3: 000000013306e003 CR4: 0000000000770ef0
<4>[ 167.304955] PKRU: 55555554
<4>[ 167.304957] Call Trace:
<4>[ 167.304958] <TASK>
<4>[ 167.305573] ____intel_wakeref_put_last+0x1d/0x80 [i915]
<4>[ 167.305685] i915_request_retire.part.0+0x34f/0x600 [i915]
<4>[ 167.305800] retire_requests+0x51/0x80 [i915]
<4>[ 167.305892] intel_gt_retire_requests_timeout+0x27f/0x700 [i915]
<4>[ 167.305985] process_scheduled_works+0x2db/0x530
<4>[ 167.305990] worker_thread+0x18c/0x350
<4>[ 167.305993] kthread+0xfe/0x130
<4>[ 167.305997] ret_from_fork+0x2c/0x50
<4>[ 167.306001] ret_from_fork_asm+0x1b/0x30
<4>[ 167.306004] </TASK>
It is necessary for the queue_priority_hint to be lower than the next
request submission upon waking up, as we rely on the hint to decide when
to kick the tasklet to submit that first request.
Fixes: 22b7a426bbe1 ("drm/i915/execlists: Preempt-to-busy")
Closes: https://gitlab.freedesktop.org/drm/intel/issues/10154
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Cc: <stable@vger.kernel.org> # v5.4+
Reviewed-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240318135906.716055-2-janusz.krzysztofik@linux.intel.com
(cherry picked from commit 98850e96cf811dc2d0a7d0af491caff9f5d49c1e)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/i915/gt/intel_engine_pm.c | 3 ---
drivers/gpu/drm/i915/gt/intel_execlists_submission.c | 3 +++
2 files changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/i915/gt/intel_engine_pm.c
+++ b/drivers/gpu/drm/i915/gt/intel_engine_pm.c
@@ -278,9 +278,6 @@ static int __engine_park(struct intel_wa
intel_engine_park_heartbeat(engine);
intel_breadcrumbs_park(engine->breadcrumbs);
- /* Must be reset upon idling, or we may miss the busy wakeup. */
- GEM_BUG_ON(engine->sched_engine->queue_priority_hint != INT_MIN);
-
if (engine->park)
engine->park(engine);
--- a/drivers/gpu/drm/i915/gt/intel_execlists_submission.c
+++ b/drivers/gpu/drm/i915/gt/intel_execlists_submission.c
@@ -3274,6 +3274,9 @@ static void execlists_park(struct intel_
{
cancel_timer(&engine->execlists.timer);
cancel_timer(&engine->execlists.preempt);
+
+ /* Reset upon idling, or we may delay the busy wakeup. */
+ WRITE_ONCE(engine->sched_engine->queue_priority_hint, INT_MIN);
}
static void add_to_engine(struct i915_request *rq)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 347/396] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (345 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 346/396] drm/i915/gt: Reset queue_priority_hint on parking Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 348/396] mtd: spinand: Add support for 5-byte IDs Greg Kroah-Hartman
` (60 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Luiz Augusto von Dentz,
Thorsten Leemhuis
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
commit 1c3366abdbe884be62e5a7502b4db758aa3974c6 upstream.
hci_cmd_sync_cancel_sync shall check the error passed to it since it
will be propagated using req_result which is __u32 it needs to be
properly set to a positive value if it was passed as negative othertise
IS_ERR will not trigger as -(errno) would be converted to a positive
value.
Fixes: 63298d6e752f ("Bluetooth: hci_core: Cancel request on command timeout")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Reported-and-tested-by: Thorsten Leemhuis <linux@leemhuis.info>
Closes: https://lore.kernel.org/all/08275279-7462-4f4a-a0ee-8aa015f829bc@leemhuis.info/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/bluetooth/hci_core.c | 6 +++---
net/bluetooth/hci_sync.c | 5 ++++-
2 files changed, 7 insertions(+), 4 deletions(-)
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -2842,7 +2842,7 @@ static void hci_cancel_cmd_sync(struct h
cancel_delayed_work_sync(&hdev->ncmd_timer);
atomic_set(&hdev->cmd_cnt, 1);
- hci_cmd_sync_cancel_sync(hdev, -err);
+ hci_cmd_sync_cancel_sync(hdev, err);
}
/* Suspend HCI device */
@@ -2862,7 +2862,7 @@ int hci_suspend_dev(struct hci_dev *hdev
return 0;
/* Cancel potentially blocking sync operation before suspend */
- hci_cancel_cmd_sync(hdev, -EHOSTDOWN);
+ hci_cancel_cmd_sync(hdev, EHOSTDOWN);
hci_req_sync_lock(hdev);
ret = hci_suspend_sync(hdev);
@@ -4178,7 +4178,7 @@ static void hci_send_cmd_sync(struct hci
err = hci_send_frame(hdev, skb);
if (err < 0) {
- hci_cmd_sync_cancel_sync(hdev, err);
+ hci_cmd_sync_cancel_sync(hdev, -err);
return;
}
--- a/net/bluetooth/hci_sync.c
+++ b/net/bluetooth/hci_sync.c
@@ -679,7 +679,10 @@ void hci_cmd_sync_cancel_sync(struct hci
bt_dev_dbg(hdev, "err 0x%2.2x", err);
if (hdev->req_status == HCI_REQ_PEND) {
- hdev->req_result = err;
+ /* req_result is __u32 so error must be positive to be properly
+ * propagated.
+ */
+ hdev->req_result = err < 0 ? -err : err;
hdev->req_status = HCI_REQ_CANCELED;
wake_up_interruptible(&hdev->req_wait_q);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 348/396] mtd: spinand: Add support for 5-byte IDs
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (346 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 347/396] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 349/396] Revert "usb: phy: generic: Get the vbus supply" Greg Kroah-Hartman
` (59 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Ezra Buehler, Martin Kurbanov,
Miquel Raynal, Hauke Mehrtens
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
commit 34a956739d295de6010cdaafeed698ccbba87ea4 upstream.
E.g. ESMT chips will return an identification code with a length of 5
bytes. In order to prevent ambiguity, flash chips would actually need to
return IDs that are up to 17 or more bytes long due to JEDEC's
continuation scheme. I understand that if a manufacturer ID is located
in bank N of JEDEC's database (there are currently 16 banks), N - 1
continuation codes (7Fh) need to be added to the identification code
(comprising of manufacturer ID and device ID). However, most flash chip
manufacturers don't seem to implement this (correctly).
Signed-off-by: Ezra Buehler <ezra.buehler@husqvarnagroup.com>
Reviewed-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
Tested-by: Martin Kurbanov <mmkurbanov@salutedevices.com>
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
Link: https://lore.kernel.org/linux-mtd/20240125200108.24374-2-ezra@easyb.ch
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/mtd/spinand.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/include/linux/mtd/spinand.h
+++ b/include/linux/mtd/spinand.h
@@ -169,7 +169,7 @@
struct spinand_op;
struct spinand_device;
-#define SPINAND_MAX_ID_LEN 4
+#define SPINAND_MAX_ID_LEN 5
/*
* For erase, write and read operation, we got the following timings :
* tBERS (erase) 1ms to 4ms
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 349/396] Revert "usb: phy: generic: Get the vbus supply"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (347 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 348/396] mtd: spinand: Add support for 5-byte IDs Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 350/396] usb: cdc-wdm: close race between read and workqueue Greg Kroah-Hartman
` (58 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Stein, stable,
Sean Anderson
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Stein <alexander.stein@ew.tq-group.com>
commit fdada0db0b2ae2addef4ccafe50937874dbeeebe upstream.
This reverts commit 75fd6485cccef269ac9eb3b71cf56753341195ef.
This patch was applied twice by accident, causing probe failures.
Revert the accident.
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Fixes: 75fd6485ccce ("usb: phy: generic: Get the vbus supply")
Cc: stable <stable@kernel.org>
Reviewed-by: Sean Anderson <sean.anderson@seco.com>
Link: https://lore.kernel.org/r/20240314092628.1869414-1-alexander.stein@ew.tq-group.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/phy/phy-generic.c | 7 -------
1 file changed, 7 deletions(-)
--- a/drivers/usb/phy/phy-generic.c
+++ b/drivers/usb/phy/phy-generic.c
@@ -268,13 +268,6 @@ int usb_phy_gen_create_phy(struct device
return dev_err_probe(dev, PTR_ERR(nop->vbus_draw),
"could not get vbus regulator\n");
- nop->vbus_draw = devm_regulator_get_exclusive(dev, "vbus");
- if (PTR_ERR(nop->vbus_draw) == -ENODEV)
- nop->vbus_draw = NULL;
- if (IS_ERR(nop->vbus_draw))
- return dev_err_probe(dev, PTR_ERR(nop->vbus_draw),
- "could not get vbus regulator\n");
-
nop->dev = dev;
nop->phy.dev = nop->dev;
nop->phy.label = "nop-xceiv";
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 350/396] usb: cdc-wdm: close race between read and workqueue
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (348 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 349/396] Revert "usb: phy: generic: Get the vbus supply" Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 351/396] USB: UAS: return ENODEV when submit urbs fail with device not attached Greg Kroah-Hartman
` (57 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Oliver Neukum
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.com>
commit 339f83612f3a569b194680768b22bf113c26a29d upstream.
wdm_read() cannot race with itself. However, in
service_outstanding_interrupt() it can race with the
workqueue, which can be triggered by error handling.
Hence we need to make sure that the WDM_RESPONDING
flag is not just only set but tested.
Fixes: afba937e540c9 ("USB: CDC WDM driver")
Cc: stable <stable@kernel.org>
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Link: https://lore.kernel.org/r/20240314115132.3907-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/class/cdc-wdm.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/usb/class/cdc-wdm.c
+++ b/drivers/usb/class/cdc-wdm.c
@@ -485,6 +485,7 @@ out_free_mem:
static int service_outstanding_interrupt(struct wdm_device *desc)
{
int rv = 0;
+ int used;
/* submit read urb only if the device is waiting for it */
if (!desc->resp_count || !--desc->resp_count)
@@ -499,7 +500,10 @@ static int service_outstanding_interrupt
goto out;
}
- set_bit(WDM_RESPONDING, &desc->flags);
+ used = test_and_set_bit(WDM_RESPONDING, &desc->flags);
+ if (used)
+ goto out;
+
spin_unlock_irq(&desc->iuspin);
rv = usb_submit_urb(desc->response, GFP_KERNEL);
spin_lock_irq(&desc->iuspin);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 351/396] USB: UAS: return ENODEV when submit urbs fail with device not attached
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (349 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 350/396] usb: cdc-wdm: close race between read and workqueue Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 352/396] drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 Greg Kroah-Hartman
` (56 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Oliver Neukum, Weitao Wang
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Weitao Wang <WeitaoWang-oc@zhaoxin.com>
commit cd5432c712351a3d5f82512908f5febfca946ca6 upstream.
In the scenario of entering hibernation with udisk in the system, if the
udisk was gone or resume fail in the thaw phase of hibernation. Its state
will be set to NOTATTACHED. At this point, usb_hub_wq was already freezed
and can't not handle disconnect event. Next, in the poweroff phase of
hibernation, SYNCHRONIZE_CACHE SCSI command will be sent to this udisk
when poweroff this scsi device, which will cause uas_submit_urbs to be
called to submit URB for sense/data/cmd pipe. However, these URBs will
submit fail as device was set to NOTATTACHED state. Then, uas_submit_urbs
will return a value SCSI_MLQUEUE_DEVICE_BUSY to the caller. That will lead
the SCSI layer go into an ugly loop and system fail to go into hibernation.
On the other hand, when we specially check for -ENODEV in function
uas_queuecommand_lck, returning DID_ERROR to SCSI layer will cause device
poweroff fail and system shutdown instead of entering hibernation.
To fix this issue, let uas_submit_urbs to return original generic error
when submitting URB failed. At the same time, we need to translate -ENODEV
to DID_NOT_CONNECT for the SCSI layer.
Suggested-by: Oliver Neukum <oneukum@suse.com>
Cc: stable@vger.kernel.org
Signed-off-by: Weitao Wang <WeitaoWang-oc@zhaoxin.com>
Link: https://lore.kernel.org/r/20240306180814.4897-1-WeitaoWang-oc@zhaoxin.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/storage/uas.c | 28 +++++++++++++---------------
1 file changed, 13 insertions(+), 15 deletions(-)
--- a/drivers/usb/storage/uas.c
+++ b/drivers/usb/storage/uas.c
@@ -533,7 +533,7 @@ static struct urb *uas_alloc_cmd_urb(str
* daft to me.
*/
-static struct urb *uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
+static int uas_submit_sense_urb(struct scsi_cmnd *cmnd, gfp_t gfp)
{
struct uas_dev_info *devinfo = cmnd->device->hostdata;
struct urb *urb;
@@ -541,30 +541,28 @@ static struct urb *uas_submit_sense_urb(
urb = uas_alloc_sense_urb(devinfo, gfp, cmnd);
if (!urb)
- return NULL;
+ return -ENOMEM;
usb_anchor_urb(urb, &devinfo->sense_urbs);
err = usb_submit_urb(urb, gfp);
if (err) {
usb_unanchor_urb(urb);
uas_log_cmd_state(cmnd, "sense submit err", err);
usb_free_urb(urb);
- return NULL;
}
- return urb;
+ return err;
}
static int uas_submit_urbs(struct scsi_cmnd *cmnd,
struct uas_dev_info *devinfo)
{
struct uas_cmd_info *cmdinfo = scsi_cmd_priv(cmnd);
- struct urb *urb;
int err;
lockdep_assert_held(&devinfo->lock);
if (cmdinfo->state & SUBMIT_STATUS_URB) {
- urb = uas_submit_sense_urb(cmnd, GFP_ATOMIC);
- if (!urb)
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ err = uas_submit_sense_urb(cmnd, GFP_ATOMIC);
+ if (err)
+ return err;
cmdinfo->state &= ~SUBMIT_STATUS_URB;
}
@@ -572,7 +570,7 @@ static int uas_submit_urbs(struct scsi_c
cmdinfo->data_in_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC,
cmnd, DMA_FROM_DEVICE);
if (!cmdinfo->data_in_urb)
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return -ENOMEM;
cmdinfo->state &= ~ALLOC_DATA_IN_URB;
}
@@ -582,7 +580,7 @@ static int uas_submit_urbs(struct scsi_c
if (err) {
usb_unanchor_urb(cmdinfo->data_in_urb);
uas_log_cmd_state(cmnd, "data in submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return err;
}
cmdinfo->state &= ~SUBMIT_DATA_IN_URB;
cmdinfo->state |= DATA_IN_URB_INFLIGHT;
@@ -592,7 +590,7 @@ static int uas_submit_urbs(struct scsi_c
cmdinfo->data_out_urb = uas_alloc_data_urb(devinfo, GFP_ATOMIC,
cmnd, DMA_TO_DEVICE);
if (!cmdinfo->data_out_urb)
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return -ENOMEM;
cmdinfo->state &= ~ALLOC_DATA_OUT_URB;
}
@@ -602,7 +600,7 @@ static int uas_submit_urbs(struct scsi_c
if (err) {
usb_unanchor_urb(cmdinfo->data_out_urb);
uas_log_cmd_state(cmnd, "data out submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return err;
}
cmdinfo->state &= ~SUBMIT_DATA_OUT_URB;
cmdinfo->state |= DATA_OUT_URB_INFLIGHT;
@@ -611,7 +609,7 @@ static int uas_submit_urbs(struct scsi_c
if (cmdinfo->state & ALLOC_CMD_URB) {
cmdinfo->cmd_urb = uas_alloc_cmd_urb(devinfo, GFP_ATOMIC, cmnd);
if (!cmdinfo->cmd_urb)
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return -ENOMEM;
cmdinfo->state &= ~ALLOC_CMD_URB;
}
@@ -621,7 +619,7 @@ static int uas_submit_urbs(struct scsi_c
if (err) {
usb_unanchor_urb(cmdinfo->cmd_urb);
uas_log_cmd_state(cmnd, "cmd submit err", err);
- return SCSI_MLQUEUE_DEVICE_BUSY;
+ return err;
}
cmdinfo->cmd_urb = NULL;
cmdinfo->state &= ~SUBMIT_CMD_URB;
@@ -698,7 +696,7 @@ static int uas_queuecommand_lck(struct s
* of queueing, no matter how fatal the error
*/
if (err == -ENODEV) {
- set_host_byte(cmnd, DID_ERROR);
+ set_host_byte(cmnd, DID_NO_CONNECT);
scsi_done(cmnd);
goto zombie;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 352/396] drm/amd/display: Fix hang/underflow when transitioning to ODM4:1
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (350 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 351/396] USB: UAS: return ENODEV when submit urbs fail with device not attached Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 353/396] drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled Greg Kroah-Hartman
` (55 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Alvin Lee, Wayne Lin, Ilya Bakoulin,
Daniel Wheeler, Alex Deucher, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Bakoulin <ilya.bakoulin@amd.com>
[ Upstream commit e7b2b108cdeab76a7e7324459e50b0c1214c0386 ]
[Why]
Under some circumstances, disabling an OPTC and attempting to reclaim
its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs
not being properly disconnected from the disabled OPTC.
[How]
Ensure that all OPPs are unassigned from an OPTC when it gets disabled.
Reviewed-by: Alvin Lee <alvin.lee2@amd.com>
Acked-by: Wayne Lin <wayne.lin@amd.com>
Signed-off-by: Ilya Bakoulin <ilya.bakoulin@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: b4e05bb1dec5 ("drm/amd/display: Clear OPTC mem select on disable")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
index 8abb94f60078f..b1fcc91b65a32 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
@@ -148,6 +148,13 @@ static bool optc32_disable_crtc(struct timing_generator *optc)
REG_UPDATE(OTG_CONTROL,
OTG_MASTER_EN, 0);
+ REG_UPDATE_5(OPTC_DATA_SOURCE_SELECT,
+ OPTC_SEG0_SRC_SEL, 0xf,
+ OPTC_SEG1_SRC_SEL, 0xf,
+ OPTC_SEG2_SRC_SEL, 0xf,
+ OPTC_SEG3_SRC_SEL, 0xf,
+ OPTC_NUM_OF_INPUT_SEGMENT, 0);
+
REG_UPDATE(CONTROL,
VTG0_ENABLE, 0);
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 353/396] drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (351 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 352/396] drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 354/396] drm/amd/display: Clear OPTC mem select on disable Greg Kroah-Hartman
` (54 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Dillon Varone, Rodrigo Siqueira,
George Shen, Daniel Wheeler, Alex Deucher, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: George Shen <george.shen@amd.com>
[ Upstream commit 7bdbfb4e36e34eb788e44f27666bf0a2b3b90803 ]
[Why]
If an OPP is used for a different OPTC without first being disconnected
from the previous OPTC, unexpected behaviour can occur. This also
applies to phantom pipes, which is what the current logic missed.
[How]
Disconnect OPPs from OPTC for phantom pipes before disabling OTG master.
Also move the disconnection to before the OTG master disable, since the
register is double buffered.
Reviewed-by: Dillon Varone <dillon.varone@amd.com>
Acked-by: Rodrigo Siqueira <rodrigo.siqueira@amd.com>
Signed-off-by: George Shen <george.shen@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Stable-dep-of: b4e05bb1dec5 ("drm/amd/display: Clear OPTC mem select on disable")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
index b1fcc91b65a32..93592e8051fb7 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
@@ -142,12 +142,6 @@ static bool optc32_disable_crtc(struct timing_generator *optc)
{
struct optc *optc1 = DCN10TG_FROM_TG(optc);
- /* disable otg request until end of the first line
- * in the vertical blank region
- */
- REG_UPDATE(OTG_CONTROL,
- OTG_MASTER_EN, 0);
-
REG_UPDATE_5(OPTC_DATA_SOURCE_SELECT,
OPTC_SEG0_SRC_SEL, 0xf,
OPTC_SEG1_SRC_SEL, 0xf,
@@ -155,6 +149,12 @@ static bool optc32_disable_crtc(struct timing_generator *optc)
OPTC_SEG3_SRC_SEL, 0xf,
OPTC_NUM_OF_INPUT_SEGMENT, 0);
+ /* disable otg request until end of the first line
+ * in the vertical blank region
+ */
+ REG_UPDATE(OTG_CONTROL,
+ OTG_MASTER_EN, 0);
+
REG_UPDATE(CONTROL,
VTG0_ENABLE, 0);
@@ -181,6 +181,13 @@ static void optc32_disable_phantom_otg(struct timing_generator *optc)
{
struct optc *optc1 = DCN10TG_FROM_TG(optc);
+ REG_UPDATE_5(OPTC_DATA_SOURCE_SELECT,
+ OPTC_SEG0_SRC_SEL, 0xf,
+ OPTC_SEG1_SRC_SEL, 0xf,
+ OPTC_SEG2_SRC_SEL, 0xf,
+ OPTC_SEG3_SRC_SEL, 0xf,
+ OPTC_NUM_OF_INPUT_SEGMENT, 0);
+
REG_UPDATE(OTG_CONTROL, OTG_MASTER_EN, 0);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 354/396] drm/amd/display: Clear OPTC mem select on disable
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (352 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 353/396] drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 355/396] vfio/pds: Make sure migration file isnt accessed after reset Greg Kroah-Hartman
` (53 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Charlene Liu, Alex Hung, Ilya Bakoulin, Daniel Wheeler,
Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ilya Bakoulin <ilya.bakoulin@amd.com>
[ Upstream commit b4e05bb1dec53fe28c3c88425aded824498666e5 ]
[Why]
Not clearing the memory select bits prior to OPTC disable can cause DSC
corruption issues when attempting to reuse a memory instance for another
OPTC that enables ODM.
[How]
Clear the memory select bits prior to disabling an OPTC.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Charlene Liu <charlene.liu@amd.com>
Acked-by: Alex Hung <alex.hung@amd.com>
Signed-off-by: Ilya Bakoulin <ilya.bakoulin@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
index 93592e8051fb7..e817fa4efeee5 100644
--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
+++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_optc.c
@@ -149,6 +149,9 @@ static bool optc32_disable_crtc(struct timing_generator *optc)
OPTC_SEG3_SRC_SEL, 0xf,
OPTC_NUM_OF_INPUT_SEGMENT, 0);
+ REG_UPDATE(OPTC_MEMORY_CONFIG,
+ OPTC_MEM_SEL, 0);
+
/* disable otg request until end of the first line
* in the vertical blank region
*/
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 355/396] vfio/pds: Make sure migration file isnt accessed after reset
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (353 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 354/396] drm/amd/display: Clear OPTC mem select on disable Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 356/396] ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Greg Kroah-Hartman
` (52 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Shannon Nelson, Brett Creeley,
Alex Williamson, Sasha Levin
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Brett Creeley <brett.creeley@amd.com>
[ Upstream commit 457f7308254756b6e4b8fc3876cb770dcf0e7cc7 ]
It's possible the migration file is accessed after reset when it has
been cleaned up, especially when it's initiated by the device. This is
because the driver doesn't rip out the filep when cleaning up it only
frees the related page structures and sets its local struct
pds_vfio_lm_file pointer to NULL. This can cause a NULL pointer
dereference, which is shown in the example below during a restore after
a device initiated reset:
BUG: kernel NULL pointer dereference, address: 000000000000000c
PF: supervisor read access in kernel mode
PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
RIP: 0010:pds_vfio_get_file_page+0x5d/0xf0 [pds_vfio_pci]
[...]
Call Trace:
<TASK>
pds_vfio_restore_write+0xf6/0x160 [pds_vfio_pci]
vfs_write+0xc9/0x3f0
? __fget_light+0xc9/0x110
ksys_write+0xb5/0xf0
__x64_sys_write+0x1a/0x20
do_syscall_64+0x38/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
[...]
Add a disabled flag to the driver's struct pds_vfio_lm_file that gets
set during cleanup. Then make sure to check the flag when the migration
file is accessed via its file_operations. By default this flag will be
false as the memory for struct pds_vfio_lm_file is kzalloc'd, which means
the struct pds_vfio_lm_file is enabled and accessible. Also, since the
file_operations and driver's migration file cleanup happen under the
protection of the same pds_vfio_lm_file.lock, using this flag is thread
safe.
Fixes: 8512ed256334 ("vfio/pds: Always clear the save/restore FDs on reset")
Reviewed-by: Shannon Nelson <shannon.nelson@amd.com>
Signed-off-by: Brett Creeley <brett.creeley@amd.com>
Link: https://lore.kernel.org/r/20240308182149.22036-2-brett.creeley@amd.com
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/vfio/pci/pds/lm.c | 13 +++++++++++++
drivers/vfio/pci/pds/lm.h | 1 +
2 files changed, 14 insertions(+)
diff --git a/drivers/vfio/pci/pds/lm.c b/drivers/vfio/pci/pds/lm.c
index 79fe2e66bb498..6b94cc0bf45b4 100644
--- a/drivers/vfio/pci/pds/lm.c
+++ b/drivers/vfio/pci/pds/lm.c
@@ -92,8 +92,10 @@ static void pds_vfio_put_lm_file(struct pds_vfio_lm_file *lm_file)
{
mutex_lock(&lm_file->lock);
+ lm_file->disabled = true;
lm_file->size = 0;
lm_file->alloc_size = 0;
+ lm_file->filep->f_pos = 0;
/* Free scatter list of file pages */
sg_free_table(&lm_file->sg_table);
@@ -183,6 +185,12 @@ static ssize_t pds_vfio_save_read(struct file *filp, char __user *buf,
pos = &filp->f_pos;
mutex_lock(&lm_file->lock);
+
+ if (lm_file->disabled) {
+ done = -ENODEV;
+ goto out_unlock;
+ }
+
if (*pos > lm_file->size) {
done = -EINVAL;
goto out_unlock;
@@ -283,6 +291,11 @@ static ssize_t pds_vfio_restore_write(struct file *filp, const char __user *buf,
mutex_lock(&lm_file->lock);
+ if (lm_file->disabled) {
+ done = -ENODEV;
+ goto out_unlock;
+ }
+
while (len) {
size_t page_offset;
struct page *page;
diff --git a/drivers/vfio/pci/pds/lm.h b/drivers/vfio/pci/pds/lm.h
index 13be893198b74..9511b1afc6a11 100644
--- a/drivers/vfio/pci/pds/lm.h
+++ b/drivers/vfio/pci/pds/lm.h
@@ -27,6 +27,7 @@ struct pds_vfio_lm_file {
struct scatterlist *last_offset_sg; /* Iterator */
unsigned int sg_last_entry;
unsigned long last_offset;
+ bool disabled;
};
struct pds_vfio_pci_device;
--
2.43.0
^ permalink raw reply related [flat|nested] 414+ messages in thread
* [PATCH 6.6 356/396] ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (354 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 355/396] vfio/pds: Make sure migration file isnt accessed after reset Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 357/396] scsi: sd: Fix TCG OPAL unlock on system resume Greg Kroah-Hartman
` (51 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Iwai, Duoming Zhou
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Duoming Zhou <duoming@zju.edu.cn>
commit 051e0840ffa8ab25554d6b14b62c9ab9e4901457 upstream.
The dreamcastcard->timer could schedule the spu_dma_work and the
spu_dma_work could also arm the dreamcastcard->timer.
When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker
thread. The reason is that del_timer() will return directly
regardless of whether the timer handler is running or not and
the worker could be rescheduled in the timer handler. As a result,
the UAF bug will happen. The racy situation is shown below:
(Thread 1) | (Thread 2)
snd_aicapcm_pcm_close() |
... | run_spu_dma() //worker
| mod_timer()
flush_work() |
del_timer() | aica_period_elapsed() //timer
kfree(dreamcastcard->channel) | schedule_work()
| run_spu_dma() //worker
... | dreamcastcard->channel-> //USE
In order to mitigate this bug and other possible corner cases,
call mod_timer() conditionally in run_spu_dma(), then implement
PCM sync_stop op to cancel both the timer and worker. The sync_stop
op will be called from PCM core appropriately when needed.
Fixes: 198de43d758c ("[ALSA] Add ALSA support for the SEGA Dreamcast PCM device")
Suggested-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Message-ID: <20240326094238.95442-1-duoming@zju.edu.cn>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/sh/aica.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
--- a/sound/sh/aica.c
+++ b/sound/sh/aica.c
@@ -278,7 +278,8 @@ static void run_spu_dma(struct work_stru
dreamcastcard->clicks++;
if (unlikely(dreamcastcard->clicks >= AICA_PERIOD_NUMBER))
dreamcastcard->clicks %= AICA_PERIOD_NUMBER;
- mod_timer(&dreamcastcard->timer, jiffies + 1);
+ if (snd_pcm_running(dreamcastcard->substream))
+ mod_timer(&dreamcastcard->timer, jiffies + 1);
}
}
@@ -290,6 +291,8 @@ static void aica_period_elapsed(struct t
/*timer function - so cannot sleep */
int play_period;
struct snd_pcm_runtime *runtime;
+ if (!snd_pcm_running(substream))
+ return;
runtime = substream->runtime;
dreamcastcard = substream->pcm->private_data;
/* Have we played out an additional period? */
@@ -350,12 +353,19 @@ static int snd_aicapcm_pcm_open(struct s
return 0;
}
+static int snd_aicapcm_pcm_sync_stop(struct snd_pcm_substream *substream)
+{
+ struct snd_card_aica *dreamcastcard = substream->pcm->private_data;
+
+ del_timer_sync(&dreamcastcard->timer);
+ cancel_work_sync(&dreamcastcard->spu_dma_work);
+ return 0;
+}
+
static int snd_aicapcm_pcm_close(struct snd_pcm_substream
*substream)
{
struct snd_card_aica *dreamcastcard = substream->pcm->private_data;
- flush_work(&(dreamcastcard->spu_dma_work));
- del_timer(&dreamcastcard->timer);
dreamcastcard->substream = NULL;
kfree(dreamcastcard->channel);
spu_disable();
@@ -401,6 +411,7 @@ static const struct snd_pcm_ops snd_aica
.prepare = snd_aicapcm_pcm_prepare,
.trigger = snd_aicapcm_pcm_trigger,
.pointer = snd_aicapcm_pcm_pointer,
+ .sync_stop = snd_aicapcm_pcm_sync_stop,
};
/* TO DO: set up to handle more than one pcm instance */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 357/396] scsi: sd: Fix TCG OPAL unlock on system resume
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (355 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 356/396] ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 358/396] scsi: sg: Avoid sg device teardown race Greg Kroah-Hartman
` (50 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Damien Le Moal, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 0c76106cb97548810214def8ee22700bbbb90543 upstream.
Commit 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop
management") introduced the manage_system_start_stop scsi_device flag to
allow libata to indicate to the SCSI disk driver that nothing should be
done when resuming a disk on system resume. This change turned the
execution of sd_resume() into a no-op for ATA devices on system
resume. While this solved deadlock issues during device resume, this change
also wrongly removed the execution of opal_unlock_from_suspend(). As a
result, devices with TCG OPAL locking enabled remain locked and
inaccessible after a system resume from sleep.
To fix this issue, introduce the SCSI driver resume method and implement it
with the sd_resume() function calling opal_unlock_from_suspend(). The
former sd_resume() function is renamed to sd_resume_common() and modified
to call the new sd_resume() function. For non-ATA devices, this result in
no functional changes.
In order for libata to explicitly execute sd_resume() when a device is
resumed during system restart, the function scsi_resume_device() is
introduced. libata calls this function from the revalidation work executed
on devie resume, a state that is indicated with the new device flag
ATA_DFLAG_RESUMING. Doing so, locked TCG OPAL enabled devices are unlocked
on resume, allowing normal operation.
Fixes: 3cc2ffe5c16d ("scsi: sd: Differentiate system and runtime start/stop management")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=218538
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Link: https://lore.kernel.org/r/20240319071209.1179257-1-dlemoal@kernel.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/ata/libata-eh.c | 5 ++++-
drivers/ata/libata-scsi.c | 9 +++++++++
drivers/scsi/scsi_scan.c | 34 ++++++++++++++++++++++++++++++++++
drivers/scsi/sd.c | 23 +++++++++++++++++++----
include/linux/libata.h | 1 +
include/scsi/scsi_driver.h | 1 +
include/scsi/scsi_host.h | 1 +
7 files changed, 69 insertions(+), 5 deletions(-)
--- a/drivers/ata/libata-eh.c
+++ b/drivers/ata/libata-eh.c
@@ -700,8 +700,10 @@ void ata_scsi_port_error_handler(struct
ehc->saved_ncq_enabled |= 1 << devno;
/* If we are resuming, wake up the device */
- if (ap->pflags & ATA_PFLAG_RESUMING)
+ if (ap->pflags & ATA_PFLAG_RESUMING) {
+ dev->flags |= ATA_DFLAG_RESUMING;
ehc->i.dev_action[devno] |= ATA_EH_SET_ACTIVE;
+ }
}
}
@@ -3170,6 +3172,7 @@ static int ata_eh_revalidate_and_attach(
return 0;
err:
+ dev->flags &= ~ATA_DFLAG_RESUMING;
*r_failed_dev = dev;
return rc;
}
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
@@ -4765,6 +4765,7 @@ void ata_scsi_dev_rescan(struct work_str
struct ata_link *link;
struct ata_device *dev;
unsigned long flags;
+ bool do_resume;
int ret = 0;
mutex_lock(&ap->scsi_scan_mutex);
@@ -4786,7 +4787,15 @@ void ata_scsi_dev_rescan(struct work_str
if (scsi_device_get(sdev))
continue;
+ do_resume = dev->flags & ATA_DFLAG_RESUMING;
+
spin_unlock_irqrestore(ap->lock, flags);
+ if (do_resume) {
+ ret = scsi_resume_device(sdev);
+ if (ret == -EWOULDBLOCK)
+ goto unlock;
+ dev->flags &= ~ATA_DFLAG_RESUMING;
+ }
ret = scsi_rescan_device(sdev);
scsi_device_put(sdev);
spin_lock_irqsave(ap->lock, flags);
--- a/drivers/scsi/scsi_scan.c
+++ b/drivers/scsi/scsi_scan.c
@@ -1619,6 +1619,40 @@ int scsi_add_device(struct Scsi_Host *ho
}
EXPORT_SYMBOL(scsi_add_device);
+int scsi_resume_device(struct scsi_device *sdev)
+{
+ struct device *dev = &sdev->sdev_gendev;
+ int ret = 0;
+
+ device_lock(dev);
+
+ /*
+ * Bail out if the device or its queue are not running. Otherwise,
+ * the rescan may block waiting for commands to be executed, with us
+ * holding the device lock. This can result in a potential deadlock
+ * in the power management core code when system resume is on-going.
+ */
+ if (sdev->sdev_state != SDEV_RUNNING ||
+ blk_queue_pm_only(sdev->request_queue)) {
+ ret = -EWOULDBLOCK;
+ goto unlock;
+ }
+
+ if (dev->driver && try_module_get(dev->driver->owner)) {
+ struct scsi_driver *drv = to_scsi_driver(dev->driver);
+
+ if (drv->resume)
+ ret = drv->resume(dev);
+ module_put(dev->driver->owner);
+ }
+
+unlock:
+ device_unlock(dev);
+
+ return ret;
+}
+EXPORT_SYMBOL(scsi_resume_device);
+
int scsi_rescan_device(struct scsi_device *sdev)
{
struct device *dev = &sdev->sdev_gendev;
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3942,7 +3942,21 @@ static int sd_suspend_runtime(struct dev
return sd_suspend_common(dev, true);
}
-static int sd_resume(struct device *dev, bool runtime)
+static int sd_resume(struct device *dev)
+{
+ struct scsi_disk *sdkp = dev_get_drvdata(dev);
+
+ sd_printk(KERN_NOTICE, sdkp, "Starting disk\n");
+
+ if (opal_unlock_from_suspend(sdkp->opal_dev)) {
+ sd_printk(KERN_NOTICE, sdkp, "OPAL unlock failed\n");
+ return -EIO;
+ }
+
+ return 0;
+}
+
+static int sd_resume_common(struct device *dev, bool runtime)
{
struct scsi_disk *sdkp = dev_get_drvdata(dev);
int ret = 0;
@@ -3961,7 +3975,7 @@ static int sd_resume(struct device *dev,
}
if (!ret) {
- opal_unlock_from_suspend(sdkp->opal_dev);
+ sd_resume(dev);
sdkp->suspended = false;
}
@@ -3980,7 +3994,7 @@ static int sd_resume_system(struct devic
return 0;
}
- return sd_resume(dev, false);
+ return sd_resume_common(dev, false);
}
static int sd_resume_runtime(struct device *dev)
@@ -4007,7 +4021,7 @@ static int sd_resume_runtime(struct devi
"Failed to clear sense data\n");
}
- return sd_resume(dev, true);
+ return sd_resume_common(dev, true);
}
static const struct dev_pm_ops sd_pm_ops = {
@@ -4030,6 +4044,7 @@ static struct scsi_driver sd_template =
.pm = &sd_pm_ops,
},
.rescan = sd_rescan,
+ .resume = sd_resume,
.init_command = sd_init_command,
.uninit_command = sd_uninit_command,
.done = sd_done,
--- a/include/linux/libata.h
+++ b/include/linux/libata.h
@@ -107,6 +107,7 @@ enum {
ATA_DFLAG_NCQ_PRIO_ENABLED = (1 << 20), /* Priority cmds sent to dev */
ATA_DFLAG_CDL_ENABLED = (1 << 21), /* cmd duration limits is enabled */
+ ATA_DFLAG_RESUMING = (1 << 22), /* Device is resuming */
ATA_DFLAG_DETACH = (1 << 24),
ATA_DFLAG_DETACHED = (1 << 25),
ATA_DFLAG_DA = (1 << 26), /* device supports Device Attention */
--- a/include/scsi/scsi_driver.h
+++ b/include/scsi/scsi_driver.h
@@ -12,6 +12,7 @@ struct request;
struct scsi_driver {
struct device_driver gendrv;
+ int (*resume)(struct device *);
void (*rescan)(struct device *);
blk_status_t (*init_command)(struct scsi_cmnd *);
void (*uninit_command)(struct scsi_cmnd *);
--- a/include/scsi/scsi_host.h
+++ b/include/scsi/scsi_host.h
@@ -764,6 +764,7 @@ scsi_template_proc_dir(const struct scsi
#define scsi_template_proc_dir(sht) NULL
#endif
extern void scsi_scan_host(struct Scsi_Host *);
+extern int scsi_resume_device(struct scsi_device *sdev);
extern int scsi_rescan_device(struct scsi_device *sdev);
extern void scsi_remove_host(struct Scsi_Host *);
extern struct Scsi_Host *scsi_host_get(struct Scsi_Host *);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 358/396] scsi: sg: Avoid sg device teardown race
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (356 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 357/396] scsi: sd: Fix TCG OPAL unlock on system resume Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 359/396] scsi: core: Fix unremoved procfs host directory regression Greg Kroah-Hartman
` (49 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Alexander Wetzel, Bart Van Assche,
Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Wetzel <Alexander@wetzel-home.de>
commit 27f58c04a8f438078583041468ec60597841284d upstream.
sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling
scsi_device_put().
sg_device_destroy() is accessing the parent scsi_device request_queue which
will already be set to NULL when the preceding call to scsi_device_put()
removed the last reference to the parent scsi_device.
The resulting NULL pointer exception will then crash the kernel.
Link: https://lore.kernel.org/r/20240305150509.23896-1-Alexander@wetzel-home.de
Fixes: db59133e9279 ("scsi: sg: fix blktrace debugfs entries leakage")
Cc: stable@vger.kernel.org
Signed-off-by: Alexander Wetzel <Alexander@wetzel-home.de>
Link: https://lore.kernel.org/r/20240320213032.18221-1-Alexander@wetzel-home.de
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/sg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
@@ -2208,6 +2208,7 @@ sg_remove_sfp_usercontext(struct work_st
{
struct sg_fd *sfp = container_of(work, struct sg_fd, ew.work);
struct sg_device *sdp = sfp->parentdp;
+ struct scsi_device *device = sdp->device;
Sg_request *srp;
unsigned long iflags;
@@ -2233,8 +2234,9 @@ sg_remove_sfp_usercontext(struct work_st
"sg_remove_sfp: sfp=0x%p\n", sfp));
kfree(sfp);
- scsi_device_put(sdp->device);
+ WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1);
kref_put(&sdp->d_ref, sg_device_destroy);
+ scsi_device_put(device);
module_put(THIS_MODULE);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 359/396] scsi: core: Fix unremoved procfs host directory regression
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (357 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 358/396] scsi: sg: Avoid sg device teardown race Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 360/396] staging: vc04_services: changen strncpy() to strscpy_pad() Greg Kroah-Hartman
` (48 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+c645abf505ed21f931b5,
Bart Van Assche, John Garry, Shinichiro Kawasaki,
Guilherme G. Piccoli, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guilherme G. Piccoli <gpiccoli@igalia.com>
commit f23a4d6e07570826fe95023ca1aa96a011fa9f84 upstream.
Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name}
directory earlier") fixed a bug related to modules loading/unloading, by
adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led
to a potential duplicate call to the hostdir_rm() routine, since it's also
called from scsi_host_dev_release(). That triggered a regression report,
which was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host
directory removal regression"). The fix just dropped the hostdir_rm() call
from dev_release().
But it happens that this proc directory is created on scsi_host_alloc(),
and that function "pairs" with scsi_host_dev_release(), while
scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the
reason for removing the proc directory on dev_release() was meant to cover
cases in which a SCSI host structure was allocated, but the call to
scsi_add_host() didn't happen. And that pattern happens to exist in some
error paths, for example.
Syzkaller causes that by using USB raw gadget device, error'ing on
usb-storage driver, at usb_stor_probe2(). By checking that path, we can see
that the BadDevice label leads to a scsi_host_put() after a SCSI host
allocation, but there's no call to scsi_add_host() in such path. That leads
to messages like this in dmesg (and a leak of the SCSI host proc
structure):
usb-storage 4-1:87.51: USB Mass Storage device detected
proc_dir_entry 'scsi/usb-storage' already registered
WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376
The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),
but guard that with the state check for SHOST_CREATED; there is even a
comment in scsi_host_dev_release() detailing that: such conditional is
meant for cases where the SCSI host was allocated but there was no calls to
{add,remove}_host(), like the usb-storage case.
This is what we propose here and with that, the error path of usb-storage
does not trigger the warning anymore.
Reported-by: syzbot+c645abf505ed21f931b5@syzkaller.appspotmail.com
Fixes: be03df3d4bfe ("scsi: core: Fix a procfs host directory removal regression")
Cc: stable@vger.kernel.org
Cc: Bart Van Assche <bvanassche@acm.org>
Cc: John Garry <john.g.garry@oracle.com>
Cc: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Signed-off-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Link: https://lore.kernel.org/r/20240313113006.2834799-1-gpiccoli@igalia.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/hosts.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -353,12 +353,13 @@ static void scsi_host_dev_release(struct
if (shost->shost_state == SHOST_CREATED) {
/*
- * Free the shost_dev device name here if scsi_host_alloc()
- * and scsi_host_put() have been called but neither
+ * Free the shost_dev device name and remove the proc host dir
+ * here if scsi_host_{alloc,put}() have been called but neither
* scsi_host_add() nor scsi_remove_host() has been called.
* This avoids that the memory allocated for the shost_dev
- * name is leaked.
+ * name as well as the proc dir structure are leaked.
*/
+ scsi_proc_hostdir_rm(shost->hostt);
kfree(dev_name(&shost->shost_dev));
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 360/396] staging: vc04_services: changen strncpy() to strscpy_pad()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (358 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 359/396] scsi: core: Fix unremoved procfs host directory regression Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 361/396] staging: vc04_services: fix information leak in create_component() Greg Kroah-Hartman
` (47 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Dan Carpenter
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
commit ef25725b7f8aaffd7756974d3246ec44fae0a5cf upstream.
gcc-14 warns about this strncpy() that results in a non-terminated
string for an overflow:
In file included from include/linux/string.h:369,
from drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c:20:
In function 'strncpy',
inlined from 'create_component' at drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c:940:2:
include/linux/fortify-string.h:108:33: error: '__builtin_strncpy' specified bound 128 equals destination size [-Werror=stringop-truncation]
Change it to strscpy_pad(), which produces a properly terminated and
zero-padded string.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/20240313163712.224585-1-arnd@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
+++ b/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
@@ -937,8 +937,8 @@ static int create_component(struct vchiq
/* build component create message */
m.h.type = MMAL_MSG_TYPE_COMPONENT_CREATE;
m.u.component_create.client_component = component->client_component;
- strncpy(m.u.component_create.name, name,
- sizeof(m.u.component_create.name));
+ strscpy_pad(m.u.component_create.name, name,
+ sizeof(m.u.component_create.name));
ret = send_synchronous_mmal_msg(instance, &m,
sizeof(m.u.component_create),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 361/396] staging: vc04_services: fix information leak in create_component()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (359 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 360/396] staging: vc04_services: changen strncpy() to strscpy_pad() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 362/396] usb: dwc3: Properly set system wakeup Greg Kroah-Hartman
` (46 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Dan Carpenter
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
commit f37e76abd614b68987abc8e5c22d986013349771 upstream.
The m.u.component_create.pid field is for debugging and in the mainline
kernel it's not used anything. However, it still needs to be set to
something to prevent disclosing uninitialized stack data. Set it to
zero.
Fixes: 7b3ad5abf027 ("staging: Import the BCM2835 MMAL-based V4L2 camera driver.")
Cc: stable <stable@kernel.org>
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://lore.kernel.org/r/2d972847-9ebd-481b-b6f9-af390f5aabd3@moroto.mountain
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
+++ b/drivers/staging/vc04_services/vchiq-mmal/mmal-vchiq.c
@@ -939,6 +939,7 @@ static int create_component(struct vchiq
m.u.component_create.client_component = component->client_component;
strscpy_pad(m.u.component_create.name, name,
sizeof(m.u.component_create.name));
+ m.u.component_create.pid = 0;
ret = send_synchronous_mmal_msg(instance, &m,
sizeof(m.u.component_create),
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 362/396] usb: dwc3: Properly set system wakeup
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (360 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 361/396] staging: vc04_services: fix information leak in create_component() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 363/396] USB: core: Fix deadlock in usb_deauthorize_interface() Greg Kroah-Hartman
` (45 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Guilherme G. Piccoli, Thinh Nguyen,
Sanath S
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
commit f9aa41130ac69d13a53ce2a153ca79c70d43f39c upstream.
If the device is configured for system wakeup, then make sure that the
xHCI driver knows about it and make sure to permit wakeup only at the
appropriate time.
For host mode, if the controller goes through the dwc3 code path, then a
child xHCI platform device is created. Make sure the platform device
also inherits the wakeup setting for xHCI to enable remote wakeup.
For device mode, make sure to disable system wakeup if no gadget driver
is bound. We may experience unwanted system wakeup due to the wakeup
signal from the controller PMU detecting connection/disconnection when
in low power (D3). E.g. In the case of Steam Deck, the PCI PME prevents
the system staying in suspend.
Cc: stable@vger.kernel.org
Reported-by: Guilherme G. Piccoli <gpiccoli@igalia.com>
Closes: https://lore.kernel.org/linux-usb/70a7692d-647c-9be7-00a6-06fc60f77294@igalia.com/T/#mf00d6669c2eff7b308d1162acd1d66c09f0853c7
Fixes: d07e8819a03d ("usb: dwc3: add xHCI Host support")
Signed-off-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Tested-by: Sanath S <Sanath.S@amd.com>
Tested-by: Guilherme G. Piccoli <gpiccoli@igalia.com> # Steam Deck
Link: https://lore.kernel.org/r/667cfda7009b502e08462c8fb3f65841d103cc0a.1709865476.git.Thinh.Nguyen@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/core.c | 2 ++
drivers/usb/dwc3/core.h | 2 ++
drivers/usb/dwc3/gadget.c | 10 ++++++++++
drivers/usb/dwc3/host.c | 11 +++++++++++
4 files changed, 25 insertions(+)
--- a/drivers/usb/dwc3/core.c
+++ b/drivers/usb/dwc3/core.c
@@ -1493,6 +1493,8 @@ static void dwc3_get_properties(struct d
else
dwc->sysdev = dwc->dev;
+ dwc->sys_wakeup = device_may_wakeup(dwc->sysdev);
+
ret = device_property_read_string(dev, "usb-psy-name", &usb_psy_name);
if (ret >= 0) {
dwc->usb_psy = power_supply_get_by_name(usb_psy_name);
--- a/drivers/usb/dwc3/core.h
+++ b/drivers/usb/dwc3/core.h
@@ -1123,6 +1123,7 @@ struct dwc3_scratchpad_array {
* 3 - Reserved
* @dis_metastability_quirk: set to disable metastability quirk.
* @dis_split_quirk: set to disable split boundary.
+ * @sys_wakeup: set if the device may do system wakeup.
* @wakeup_configured: set if the device is configured for remote wakeup.
* @suspended: set to track suspend event due to U3/L2.
* @imod_interval: set the interrupt moderation interval in 250ns
@@ -1344,6 +1345,7 @@ struct dwc3 {
unsigned dis_split_quirk:1;
unsigned async_callbacks:1;
+ unsigned sys_wakeup:1;
unsigned wakeup_configured:1;
unsigned suspended:1;
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -2968,6 +2968,9 @@ static int dwc3_gadget_start(struct usb_
dwc->gadget_driver = driver;
spin_unlock_irqrestore(&dwc->lock, flags);
+ if (dwc->sys_wakeup)
+ device_wakeup_enable(dwc->sysdev);
+
return 0;
}
@@ -2983,6 +2986,9 @@ static int dwc3_gadget_stop(struct usb_g
struct dwc3 *dwc = gadget_to_dwc(g);
unsigned long flags;
+ if (dwc->sys_wakeup)
+ device_wakeup_disable(dwc->sysdev);
+
spin_lock_irqsave(&dwc->lock, flags);
dwc->gadget_driver = NULL;
dwc->max_cfg_eps = 0;
@@ -4664,6 +4670,10 @@ int dwc3_gadget_init(struct dwc3 *dwc)
else
dwc3_gadget_set_speed(dwc->gadget, dwc->maximum_speed);
+ /* No system wakeup if no gadget driver bound */
+ if (dwc->sys_wakeup)
+ device_wakeup_disable(dwc->sysdev);
+
return 0;
err5:
--- a/drivers/usb/dwc3/host.c
+++ b/drivers/usb/dwc3/host.c
@@ -123,6 +123,14 @@ int dwc3_host_init(struct dwc3 *dwc)
goto err;
}
+ if (dwc->sys_wakeup) {
+ /* Restore wakeup setting if switched from device */
+ device_wakeup_enable(dwc->sysdev);
+
+ /* Pass on wakeup setting to the new xhci platform device */
+ device_init_wakeup(&xhci->dev, true);
+ }
+
return 0;
err:
platform_device_put(xhci);
@@ -131,6 +139,9 @@ err:
void dwc3_host_exit(struct dwc3 *dwc)
{
+ if (dwc->sys_wakeup)
+ device_init_wakeup(&dwc->xhci->dev, false);
+
platform_device_unregister(dwc->xhci);
dwc->xhci = NULL;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 363/396] USB: core: Fix deadlock in usb_deauthorize_interface()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (361 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 362/396] usb: dwc3: Properly set system wakeup Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 364/396] USB: core: Add hub_get() and hub_put() routines Greg Kroah-Hartman
` (44 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alan Stern
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit 80ba43e9f799cbdd83842fc27db667289b3150f5 upstream.
Among the attribute file callback routines in
drivers/usb/core/sysfs.c, the interface_authorized_store() function is
the only one which acquires a device lock on an ancestor device: It
calls usb_deauthorize_interface(), which locks the interface's parent
USB device.
The will lead to deadlock if another process already owns that lock
and tries to remove the interface, whether through a configuration
change or because the device has been disconnected. As part of the
removal procedure, device_del() waits for all ongoing sysfs attribute
callbacks to complete. But usb_deauthorize_interface() can't complete
until the device lock has been released, and the lock won't be
released until the removal has finished.
The mechanism provided by sysfs to prevent this kind of deadlock is
to use the sysfs_break_active_protection() function, which tells sysfs
not to wait for the attribute callback.
Reported-and-tested by: Yue Sun <samsun1006219@gmail.com>
Reported by: xingwei lee <xrivendell7@gmail.com>
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/linux-usb/CAEkJfYO6jRVC8Tfrd_R=cjO0hguhrV31fDPrLrNOOHocDkPoAA@mail.gmail.com/#r
Fixes: 310d2b4124c0 ("usb: interface authorization: SysFS part of USB interface authorization")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/1c37eea1-9f56-4534-b9d8-b443438dc869@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/sysfs.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
--- a/drivers/usb/core/sysfs.c
+++ b/drivers/usb/core/sysfs.c
@@ -1168,14 +1168,24 @@ static ssize_t interface_authorized_stor
{
struct usb_interface *intf = to_usb_interface(dev);
bool val;
+ struct kernfs_node *kn;
if (kstrtobool(buf, &val) != 0)
return -EINVAL;
- if (val)
+ if (val) {
usb_authorize_interface(intf);
- else
- usb_deauthorize_interface(intf);
+ } else {
+ /*
+ * Prevent deadlock if another process is concurrently
+ * trying to unregister intf.
+ */
+ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
+ if (kn) {
+ usb_deauthorize_interface(intf);
+ sysfs_unbreak_active_protection(kn);
+ }
+ }
return count;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 364/396] USB: core: Add hub_get() and hub_put() routines
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (362 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 363/396] USB: core: Fix deadlock in usb_deauthorize_interface() Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 365/396] USB: core: Fix deadlock in port "disable" sysfs attribute Greg Kroah-Hartman
` (43 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alan Stern, stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 upstream.
Create hub_get() and hub_put() routines to encapsulate the kref_get()
and kref_put() calls in hub.c. The new routines will be used by the
next patch in this series.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/604da420-ae8a-4a9e-91a4-2d511ff404fb@rowland.harvard.edu
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 23 ++++++++++++++++-------
drivers/usb/core/hub.h | 2 ++
2 files changed, 18 insertions(+), 7 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -123,7 +123,6 @@ EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rws
#define HUB_DEBOUNCE_STEP 25
#define HUB_DEBOUNCE_STABLE 100
-static void hub_release(struct kref *kref);
static int usb_reset_and_verify_device(struct usb_device *udev);
static int hub_port_disable(struct usb_hub *hub, int port1, int set_state);
static bool hub_port_warm_reset_required(struct usb_hub *hub, int port1,
@@ -685,14 +684,14 @@ static void kick_hub_wq(struct usb_hub *
*/
intf = to_usb_interface(hub->intfdev);
usb_autopm_get_interface_no_resume(intf);
- kref_get(&hub->kref);
+ hub_get(hub);
if (queue_work(hub_wq, &hub->events))
return;
/* the work has already been scheduled */
usb_autopm_put_interface_async(intf);
- kref_put(&hub->kref, hub_release);
+ hub_put(hub);
}
void usb_kick_hub_wq(struct usb_device *hdev)
@@ -1060,7 +1059,7 @@ static void hub_activate(struct usb_hub
goto init2;
goto init3;
}
- kref_get(&hub->kref);
+ hub_get(hub);
/* The superspeed hub except for root hub has to use Hub Depth
* value as an offset into the route string to locate the bits
@@ -1308,7 +1307,7 @@ static void hub_activate(struct usb_hub
device_unlock(&hdev->dev);
}
- kref_put(&hub->kref, hub_release);
+ hub_put(hub);
}
/* Implement the continuations for the delays above */
@@ -1724,6 +1723,16 @@ static void hub_release(struct kref *kre
kfree(hub);
}
+void hub_get(struct usb_hub *hub)
+{
+ kref_get(&hub->kref);
+}
+
+void hub_put(struct usb_hub *hub)
+{
+ kref_put(&hub->kref, hub_release);
+}
+
static unsigned highspeed_hubs;
static void hub_disconnect(struct usb_interface *intf)
@@ -1772,7 +1781,7 @@ static void hub_disconnect(struct usb_in
onboard_hub_destroy_pdevs(&hub->onboard_hub_devs);
- kref_put(&hub->kref, hub_release);
+ hub_put(hub);
}
static bool hub_descriptor_is_sane(struct usb_host_interface *desc)
@@ -5890,7 +5899,7 @@ out_hdev_lock:
/* Balance the stuff in kick_hub_wq() and allow autosuspend */
usb_autopm_put_interface(intf);
- kref_put(&hub->kref, hub_release);
+ hub_put(hub);
kcov_remote_stop();
}
--- a/drivers/usb/core/hub.h
+++ b/drivers/usb/core/hub.h
@@ -126,6 +126,8 @@ extern void usb_hub_remove_port_device(s
extern int usb_hub_set_port_power(struct usb_device *hdev, struct usb_hub *hub,
int port1, bool set);
extern struct usb_hub *usb_hub_to_struct_hub(struct usb_device *hdev);
+extern void hub_get(struct usb_hub *hub);
+extern void hub_put(struct usb_hub *hub);
extern int hub_port_debounce(struct usb_hub *hub, int port1,
bool must_be_connected);
extern int usb_clear_port_feature(struct usb_device *hdev,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 365/396] USB: core: Fix deadlock in port "disable" sysfs attribute
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (363 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 364/396] USB: core: Add hub_get() and hub_put() routines Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 366/396] usb: dwc2: host: Fix remote wakeup from hibernation Greg Kroah-Hartman
` (42 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alan Stern, stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alan Stern <stern@rowland.harvard.edu>
commit f4d1960764d8a70318b02f15203a1be2b2554ca1 upstream.
The show and store callback routines for the "disable" sysfs attribute
file in port.c acquire the device lock for the port's parent hub
device. This can cause problems if another process has locked the hub
to remove it or change its configuration:
Removing the hub or changing its configuration requires the
hub interface to be removed, which requires the port device
to be removed, and device_del() waits until all outstanding
sysfs attribute callbacks for the ports have returned. The
lock can't be released until then.
But the disable_show() or disable_store() routine can't return
until after it has acquired the lock.
The resulting deadlock can be avoided by calling
sysfs_break_active_protection(). This will cause the sysfs core not
to wait for the attribute's callback routine to return, allowing the
removal to proceed. The disadvantage is that after making this call,
there is no guarantee that the hub structure won't be deallocated at
any moment. To prevent this, we have to acquire a reference to it
first by calling hub_get().
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@kernel.org>
Link: https://lore.kernel.org/r/f7a8c135-a495-4ce6-bd49-405a45e7ea9a@rowland.harvard.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/port.c | 38 ++++++++++++++++++++++++++++++++++----
1 file changed, 34 insertions(+), 4 deletions(-)
--- a/drivers/usb/core/port.c
+++ b/drivers/usb/core/port.c
@@ -55,11 +55,22 @@ static ssize_t disable_show(struct devic
u16 portstatus, unused;
bool disabled;
int rc;
+ struct kernfs_node *kn;
+ hub_get(hub);
rc = usb_autopm_get_interface(intf);
if (rc < 0)
- return rc;
+ goto out_hub_get;
+ /*
+ * Prevent deadlock if another process is concurrently
+ * trying to unregister hdev.
+ */
+ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
+ if (!kn) {
+ rc = -ENODEV;
+ goto out_autopm;
+ }
usb_lock_device(hdev);
if (hub->disconnected) {
rc = -ENODEV;
@@ -69,9 +80,13 @@ static ssize_t disable_show(struct devic
usb_hub_port_status(hub, port1, &portstatus, &unused);
disabled = !usb_port_is_power_on(hub, portstatus);
-out_hdev_lock:
+ out_hdev_lock:
usb_unlock_device(hdev);
+ sysfs_unbreak_active_protection(kn);
+ out_autopm:
usb_autopm_put_interface(intf);
+ out_hub_get:
+ hub_put(hub);
if (rc)
return rc;
@@ -89,15 +104,26 @@ static ssize_t disable_store(struct devi
int port1 = port_dev->portnum;
bool disabled;
int rc;
+ struct kernfs_node *kn;
rc = kstrtobool(buf, &disabled);
if (rc)
return rc;
+ hub_get(hub);
rc = usb_autopm_get_interface(intf);
if (rc < 0)
- return rc;
+ goto out_hub_get;
+ /*
+ * Prevent deadlock if another process is concurrently
+ * trying to unregister hdev.
+ */
+ kn = sysfs_break_active_protection(&dev->kobj, &attr->attr);
+ if (!kn) {
+ rc = -ENODEV;
+ goto out_autopm;
+ }
usb_lock_device(hdev);
if (hub->disconnected) {
rc = -ENODEV;
@@ -118,9 +144,13 @@ static ssize_t disable_store(struct devi
if (!rc)
rc = count;
-out_hdev_lock:
+ out_hdev_lock:
usb_unlock_device(hdev);
+ sysfs_unbreak_active_protection(kn);
+ out_autopm:
usb_autopm_put_interface(intf);
+ out_hub_get:
+ hub_put(hub);
return rc;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 366/396] usb: dwc2: host: Fix remote wakeup from hibernation
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (364 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 365/396] USB: core: Fix deadlock in port "disable" sysfs attribute Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 367/396] usb: dwc2: host: Fix hibernation flow Greg Kroah-Hartman
` (41 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Minas Harutyunyan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
commit bae2bc73a59c200db53b6c15fb26bb758e2c6108 upstream.
Starting from core v4.30a changed order of programming
GPWRDN_PMUACTV to 0 in case of exit from hibernation on
remote wakeup signaling from device.
Fixes: c5c403dc4336 ("usb: dwc2: Add host/device hibernation functions")
CC: stable@vger.kernel.org
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/99385ec55ce73445b6fbd0f471c9bd40eb1c9b9e.1708939799.git.Minas.Harutyunyan@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core.h | 1 +
drivers/usb/dwc2/hcd.c | 17 +++++++++++++----
2 files changed, 14 insertions(+), 4 deletions(-)
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -1086,6 +1086,7 @@ struct dwc2_hsotg {
bool needs_byte_swap;
/* DWC OTG HW Release versions */
+#define DWC2_CORE_REV_4_30a 0x4f54430a
#define DWC2_CORE_REV_2_71a 0x4f54271a
#define DWC2_CORE_REV_2_72a 0x4f54272a
#define DWC2_CORE_REV_2_80a 0x4f54280a
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -5610,10 +5610,12 @@ int dwc2_host_exit_hibernation(struct dw
dwc2_writel(hsotg, hr->hcfg, HCFG);
/* De-assert Wakeup Logic */
- gpwrdn = dwc2_readl(hsotg, GPWRDN);
- gpwrdn &= ~GPWRDN_PMUACTV;
- dwc2_writel(hsotg, gpwrdn, GPWRDN);
- udelay(10);
+ if (!(rem_wakeup && hsotg->hw_params.snpsid >= DWC2_CORE_REV_4_30a)) {
+ gpwrdn = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn &= ~GPWRDN_PMUACTV;
+ dwc2_writel(hsotg, gpwrdn, GPWRDN);
+ udelay(10);
+ }
hprt0 = hr->hprt0;
hprt0 |= HPRT0_PWR;
@@ -5638,6 +5640,13 @@ int dwc2_host_exit_hibernation(struct dw
hprt0 |= HPRT0_RES;
dwc2_writel(hsotg, hprt0, HPRT0);
+ /* De-assert Wakeup Logic */
+ if ((rem_wakeup && hsotg->hw_params.snpsid >= DWC2_CORE_REV_4_30a)) {
+ gpwrdn = dwc2_readl(hsotg, GPWRDN);
+ gpwrdn &= ~GPWRDN_PMUACTV;
+ dwc2_writel(hsotg, gpwrdn, GPWRDN);
+ udelay(10);
+ }
/* Wait for Resume time and then program HPRT again */
mdelay(100);
hprt0 &= ~HPRT0_RES;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 367/396] usb: dwc2: host: Fix hibernation flow
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (365 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 366/396] usb: dwc2: host: Fix remote wakeup from hibernation Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 368/396] usb: dwc2: host: Fix ISOC flow in DDMA mode Greg Kroah-Hartman
` (40 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Minas Harutyunyan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
commit 3c7b9856a82227db01a20171d2e24c7ce305d59b upstream.
Added to backup/restore registers HFLBADDR, HCCHARi, HCSPLTi,
HCTSIZi, HCDMAi and HCDMABi.
Fixes: 58e52ff6a6c3 ("usb: dwc2: Move register save and restore functions")
Fixes: d17ee77b3044 ("usb: dwc2: add controller hibernation support")
CC: stable@vger.kernel.org
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/c2d10ee6098b9b009a8e94191e046004747d3bdd.1708945444.git.Minas.Harutyunyan@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core.h | 12 ++++++++++++
drivers/usb/dwc2/hcd.c | 18 ++++++++++++++++--
2 files changed, 28 insertions(+), 2 deletions(-)
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -729,8 +729,14 @@ struct dwc2_dregs_backup {
* struct dwc2_hregs_backup - Holds host registers state before
* entering partial power down
* @hcfg: Backup of HCFG register
+ * @hflbaddr: Backup of HFLBADDR register
* @haintmsk: Backup of HAINTMSK register
+ * @hcchar: Backup of HCCHAR register
+ * @hcsplt: Backup of HCSPLT register
* @hcintmsk: Backup of HCINTMSK register
+ * @hctsiz: Backup of HCTSIZ register
+ * @hdma: Backup of HCDMA register
+ * @hcdmab: Backup of HCDMAB register
* @hprt0: Backup of HPTR0 register
* @hfir: Backup of HFIR register
* @hptxfsiz: Backup of HPTXFSIZ register
@@ -738,8 +744,14 @@ struct dwc2_dregs_backup {
*/
struct dwc2_hregs_backup {
u32 hcfg;
+ u32 hflbaddr;
u32 haintmsk;
+ u32 hcchar[MAX_EPS_CHANNELS];
+ u32 hcsplt[MAX_EPS_CHANNELS];
u32 hcintmsk[MAX_EPS_CHANNELS];
+ u32 hctsiz[MAX_EPS_CHANNELS];
+ u32 hcidma[MAX_EPS_CHANNELS];
+ u32 hcidmab[MAX_EPS_CHANNELS];
u32 hprt0;
u32 hfir;
u32 hptxfsiz;
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -5406,9 +5406,16 @@ int dwc2_backup_host_registers(struct dw
/* Backup Host regs */
hr = &hsotg->hr_backup;
hr->hcfg = dwc2_readl(hsotg, HCFG);
+ hr->hflbaddr = dwc2_readl(hsotg, HFLBADDR);
hr->haintmsk = dwc2_readl(hsotg, HAINTMSK);
- for (i = 0; i < hsotg->params.host_channels; ++i)
+ for (i = 0; i < hsotg->params.host_channels; ++i) {
+ hr->hcchar[i] = dwc2_readl(hsotg, HCCHAR(i));
+ hr->hcsplt[i] = dwc2_readl(hsotg, HCSPLT(i));
hr->hcintmsk[i] = dwc2_readl(hsotg, HCINTMSK(i));
+ hr->hctsiz[i] = dwc2_readl(hsotg, HCTSIZ(i));
+ hr->hcidma[i] = dwc2_readl(hsotg, HCDMA(i));
+ hr->hcidmab[i] = dwc2_readl(hsotg, HCDMAB(i));
+ }
hr->hprt0 = dwc2_read_hprt0(hsotg);
hr->hfir = dwc2_readl(hsotg, HFIR);
@@ -5442,10 +5449,17 @@ int dwc2_restore_host_registers(struct d
hr->valid = false;
dwc2_writel(hsotg, hr->hcfg, HCFG);
+ dwc2_writel(hsotg, hr->hflbaddr, HFLBADDR);
dwc2_writel(hsotg, hr->haintmsk, HAINTMSK);
- for (i = 0; i < hsotg->params.host_channels; ++i)
+ for (i = 0; i < hsotg->params.host_channels; ++i) {
+ dwc2_writel(hsotg, hr->hcchar[i], HCCHAR(i));
+ dwc2_writel(hsotg, hr->hcsplt[i], HCSPLT(i));
dwc2_writel(hsotg, hr->hcintmsk[i], HCINTMSK(i));
+ dwc2_writel(hsotg, hr->hctsiz[i], HCTSIZ(i));
+ dwc2_writel(hsotg, hr->hcidma[i], HCDMA(i));
+ dwc2_writel(hsotg, hr->hcidmab[i], HCDMAB(i));
+ }
dwc2_writel(hsotg, hr->hprt0, HPRT0);
dwc2_writel(hsotg, hr->hfir, HFIR);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 368/396] usb: dwc2: host: Fix ISOC flow in DDMA mode
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (366 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 367/396] usb: dwc2: host: Fix hibernation flow Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 369/396] usb: dwc2: gadget: Fix exiting from clock gating Greg Kroah-Hartman
` (39 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Minas Harutyunyan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
commit b258e42688501cadb1a6dd658d6f015df9f32d8f upstream.
Fixed ISOC completion flow in DDMA mode. Added isoc
descriptor actual length value and update urb's start_frame
value.
Fixed initialization of ISOC DMA descriptors flow.
Fixes: 56f5b1cff22a ("staging: Core files for the DWC2 driver")
Fixes: 20f2eb9c4cf8 ("staging: dwc2: add microframe scheduler from downstream Pi kernel")
Fixes: c17b337c1ea4 ("usb: dwc2: host: program descriptor for next frame")
Fixes: dc4c76e7b22c ("staging: HCD descriptor DMA support for the DWC2 driver")
Fixes: 762d3a1a9cd7 ("usb: dwc2: host: process all completed urbs")
CC: stable@vger.kernel.org
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/a8b1e1711cc6cabfb45d92ede12e35445c66f06c.1708944698.git.Minas.Harutyunyan@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/hcd.c | 12 ++++++++++--
drivers/usb/dwc2/hcd_ddma.c | 17 +++++++++++------
drivers/usb/dwc2/hw.h | 2 +-
3 files changed, 22 insertions(+), 9 deletions(-)
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -2701,8 +2701,11 @@ enum dwc2_transaction_type dwc2_hcd_sele
hsotg->available_host_channels--;
}
qh = list_entry(qh_ptr, struct dwc2_qh, qh_list_entry);
- if (dwc2_assign_and_init_hc(hsotg, qh))
+ if (dwc2_assign_and_init_hc(hsotg, qh)) {
+ if (hsotg->params.uframe_sched)
+ hsotg->available_host_channels++;
break;
+ }
/*
* Move the QH from the periodic ready schedule to the
@@ -2735,8 +2738,11 @@ enum dwc2_transaction_type dwc2_hcd_sele
hsotg->available_host_channels--;
}
- if (dwc2_assign_and_init_hc(hsotg, qh))
+ if (dwc2_assign_and_init_hc(hsotg, qh)) {
+ if (hsotg->params.uframe_sched)
+ hsotg->available_host_channels++;
break;
+ }
/*
* Move the QH from the non-periodic inactive schedule to the
@@ -4143,6 +4149,8 @@ void dwc2_host_complete(struct dwc2_hsot
urb->actual_length);
if (usb_pipetype(urb->pipe) == PIPE_ISOCHRONOUS) {
+ if (!hsotg->params.dma_desc_enable)
+ urb->start_frame = qtd->qh->start_active_frame;
urb->error_count = dwc2_hcd_urb_get_error_count(qtd->urb);
for (i = 0; i < urb->number_of_packets; ++i) {
urb->iso_frame_desc[i].actual_length =
--- a/drivers/usb/dwc2/hcd_ddma.c
+++ b/drivers/usb/dwc2/hcd_ddma.c
@@ -559,7 +559,7 @@ static void dwc2_init_isoc_dma_desc(stru
idx = qh->td_last;
inc = qh->host_interval;
hsotg->frame_number = dwc2_hcd_get_frame_number(hsotg);
- cur_idx = dwc2_frame_list_idx(hsotg->frame_number);
+ cur_idx = idx;
next_idx = dwc2_desclist_idx_inc(qh->td_last, inc, qh->dev_speed);
/*
@@ -866,6 +866,8 @@ static int dwc2_cmpl_host_isoc_dma_desc(
{
struct dwc2_dma_desc *dma_desc;
struct dwc2_hcd_iso_packet_desc *frame_desc;
+ u16 frame_desc_idx;
+ struct urb *usb_urb = qtd->urb->priv;
u16 remain = 0;
int rc = 0;
@@ -878,8 +880,11 @@ static int dwc2_cmpl_host_isoc_dma_desc(
DMA_FROM_DEVICE);
dma_desc = &qh->desc_list[idx];
+ frame_desc_idx = (idx - qtd->isoc_td_first) & (usb_urb->number_of_packets - 1);
- frame_desc = &qtd->urb->iso_descs[qtd->isoc_frame_index_last];
+ frame_desc = &qtd->urb->iso_descs[frame_desc_idx];
+ if (idx == qtd->isoc_td_first)
+ usb_urb->start_frame = dwc2_hcd_get_frame_number(hsotg);
dma_desc->buf = (u32)(qtd->urb->dma + frame_desc->offset);
if (chan->ep_is_in)
remain = (dma_desc->status & HOST_DMA_ISOC_NBYTES_MASK) >>
@@ -900,7 +905,7 @@ static int dwc2_cmpl_host_isoc_dma_desc(
frame_desc->status = 0;
}
- if (++qtd->isoc_frame_index == qtd->urb->packet_count) {
+ if (++qtd->isoc_frame_index == usb_urb->number_of_packets) {
/*
* urb->status is not used for isoc transfers here. The
* individual frame_desc status are used instead.
@@ -1005,11 +1010,11 @@ static void dwc2_complete_isoc_xfer_ddma
return;
idx = dwc2_desclist_idx_inc(idx, qh->host_interval,
chan->speed);
- if (!rc)
+ if (rc == 0)
continue;
- if (rc == DWC2_CMPL_DONE)
- break;
+ if (rc == DWC2_CMPL_DONE || rc == DWC2_CMPL_STOP)
+ goto stop_scan;
/* rc == DWC2_CMPL_STOP */
--- a/drivers/usb/dwc2/hw.h
+++ b/drivers/usb/dwc2/hw.h
@@ -698,7 +698,7 @@
#define TXSTS_QTOP_TOKEN_MASK (0x3 << 25)
#define TXSTS_QTOP_TOKEN_SHIFT 25
#define TXSTS_QTOP_TERMINATE BIT(24)
-#define TXSTS_QSPCAVAIL_MASK (0xff << 16)
+#define TXSTS_QSPCAVAIL_MASK (0x7f << 16)
#define TXSTS_QSPCAVAIL_SHIFT 16
#define TXSTS_FSPCAVAIL_MASK (0xffff << 0)
#define TXSTS_FSPCAVAIL_SHIFT 0
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 369/396] usb: dwc2: gadget: Fix exiting from clock gating
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (367 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 368/396] usb: dwc2: host: Fix ISOC flow in DDMA mode Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 370/396] usb: dwc2: gadget: LPM flow fix Greg Kroah-Hartman
` (38 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Minas Harutyunyan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
commit 31f42da31417bec88158f3cf62d19db836217f1e upstream.
Added exiting from the clock gating mode on USB Reset Detect interrupt
if core in the clock gating mode.
Added new condition to check core in clock gating mode or no.
Fixes: 9b4965d77e11 ("usb: dwc2: Add exit clock gating from session request interrupt")
Fixes: 5d240efddc7f ("usb: dwc2: Add exit clock gating from wakeup interrupt")
Fixes: 16c729f90bdf ("usb: dwc2: Allow exit clock gating in urb enqueue")
Fixes: 401411bbc4e6 ("usb: dwc2: Add exit clock gating before removing driver")
CC: stable@vger.kernel.org
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/cbcc2ccd37e89e339130797ed68ae4597db773ac.1708938774.git.Minas.Harutyunyan@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core_intr.c | 9 ++++++---
drivers/usb/dwc2/gadget.c | 6 ++++++
drivers/usb/dwc2/hcd.c | 2 +-
drivers/usb/dwc2/platform.c | 2 +-
4 files changed, 14 insertions(+), 5 deletions(-)
--- a/drivers/usb/dwc2/core_intr.c
+++ b/drivers/usb/dwc2/core_intr.c
@@ -297,7 +297,8 @@ static void dwc2_handle_session_req_intr
/* Exit gadget mode clock gating. */
if (hsotg->params.power_down ==
- DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended)
+ DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended &&
+ !hsotg->params.no_clock_gating)
dwc2_gadget_exit_clock_gating(hsotg, 0);
}
@@ -408,7 +409,8 @@ static void dwc2_handle_wakeup_detected_
/* Exit gadget mode clock gating. */
if (hsotg->params.power_down ==
- DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended)
+ DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended &&
+ !hsotg->params.no_clock_gating)
dwc2_gadget_exit_clock_gating(hsotg, 0);
} else {
/* Change to L0 state */
@@ -425,7 +427,8 @@ static void dwc2_handle_wakeup_detected_
}
if (hsotg->params.power_down ==
- DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended)
+ DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended &&
+ !hsotg->params.no_clock_gating)
dwc2_host_exit_clock_gating(hsotg, 1);
/*
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -3727,6 +3727,12 @@ irq_retry:
if (hsotg->in_ppd && hsotg->lx_state == DWC2_L2)
dwc2_exit_partial_power_down(hsotg, 0, true);
+ /* Exit gadget mode clock gating. */
+ if (hsotg->params.power_down ==
+ DWC2_POWER_DOWN_PARAM_NONE && hsotg->bus_suspended &&
+ !hsotg->params.no_clock_gating)
+ dwc2_gadget_exit_clock_gating(hsotg, 0);
+
hsotg->lx_state = DWC2_L0;
}
--- a/drivers/usb/dwc2/hcd.c
+++ b/drivers/usb/dwc2/hcd.c
@@ -4657,7 +4657,7 @@ static int _dwc2_hcd_urb_enqueue(struct
}
if (hsotg->params.power_down == DWC2_POWER_DOWN_PARAM_NONE &&
- hsotg->bus_suspended) {
+ hsotg->bus_suspended && !hsotg->params.no_clock_gating) {
if (dwc2_is_device_mode(hsotg))
dwc2_gadget_exit_clock_gating(hsotg, 0);
else
--- a/drivers/usb/dwc2/platform.c
+++ b/drivers/usb/dwc2/platform.c
@@ -331,7 +331,7 @@ static void dwc2_driver_remove(struct pl
/* Exit clock gating when driver is removed. */
if (hsotg->params.power_down == DWC2_POWER_DOWN_PARAM_NONE &&
- hsotg->bus_suspended) {
+ hsotg->bus_suspended && !hsotg->params.no_clock_gating) {
if (dwc2_is_device_mode(hsotg))
dwc2_gadget_exit_clock_gating(hsotg, 0);
else
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 370/396] usb: dwc2: gadget: LPM flow fix
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (368 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 369/396] usb: dwc2: gadget: Fix exiting from clock gating Greg Kroah-Hartman
@ 2024-04-01 15:46 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 371/396] usb: udc: remove warning when queue disabled ep Greg Kroah-Hartman
` (37 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:46 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Minas Harutyunyan
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
commit 5d69a3b54e5a630c90d82a4c2bdce3d53dc78710 upstream.
Added functionality to exit from L1 state by device initiation
using remote wakeup signaling, in case when function driver queuing
request while core in L1 state.
Fixes: 273d576c4d41 ("usb: dwc2: gadget: Add functionality to exit from LPM L1 state")
Fixes: 88b02f2cb1e1 ("usb: dwc2: Add core state checking")
CC: stable@vger.kernel.org
Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan@synopsys.com>
Link: https://lore.kernel.org/r/b4d9de5382375dddbf7ef6049d9a82066ad87d5d.1710166393.git.Minas.Harutyunyan@synopsys.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc2/core.h | 1
drivers/usb/dwc2/core_intr.c | 65 ++++++++++++++++++++++++++++---------------
drivers/usb/dwc2/gadget.c | 4 ++
3 files changed, 48 insertions(+), 22 deletions(-)
--- a/drivers/usb/dwc2/core.h
+++ b/drivers/usb/dwc2/core.h
@@ -1336,6 +1336,7 @@ int dwc2_backup_global_registers(struct
int dwc2_restore_global_registers(struct dwc2_hsotg *hsotg);
void dwc2_enable_acg(struct dwc2_hsotg *hsotg);
+void dwc2_wakeup_from_lpm_l1(struct dwc2_hsotg *hsotg, bool remotewakeup);
/* This function should be called on every hardware interrupt. */
irqreturn_t dwc2_handle_common_intr(int irq, void *dev);
--- a/drivers/usb/dwc2/core_intr.c
+++ b/drivers/usb/dwc2/core_intr.c
@@ -323,10 +323,11 @@ static void dwc2_handle_session_req_intr
* @hsotg: Programming view of DWC_otg controller
*
*/
-static void dwc2_wakeup_from_lpm_l1(struct dwc2_hsotg *hsotg)
+void dwc2_wakeup_from_lpm_l1(struct dwc2_hsotg *hsotg, bool remotewakeup)
{
u32 glpmcfg;
- u32 i = 0;
+ u32 pcgctl;
+ u32 dctl;
if (hsotg->lx_state != DWC2_L1) {
dev_err(hsotg->dev, "Core isn't in DWC2_L1 state\n");
@@ -335,37 +336,57 @@ static void dwc2_wakeup_from_lpm_l1(stru
glpmcfg = dwc2_readl(hsotg, GLPMCFG);
if (dwc2_is_device_mode(hsotg)) {
- dev_dbg(hsotg->dev, "Exit from L1 state\n");
+ dev_dbg(hsotg->dev, "Exit from L1 state, remotewakeup=%d\n", remotewakeup);
glpmcfg &= ~GLPMCFG_ENBLSLPM;
- glpmcfg &= ~GLPMCFG_HIRD_THRES_EN;
+ glpmcfg &= ~GLPMCFG_HIRD_THRES_MASK;
dwc2_writel(hsotg, glpmcfg, GLPMCFG);
- do {
- glpmcfg = dwc2_readl(hsotg, GLPMCFG);
-
- if (!(glpmcfg & (GLPMCFG_COREL1RES_MASK |
- GLPMCFG_L1RESUMEOK | GLPMCFG_SLPSTS)))
- break;
+ pcgctl = dwc2_readl(hsotg, PCGCTL);
+ pcgctl &= ~PCGCTL_ENBL_SLEEP_GATING;
+ dwc2_writel(hsotg, pcgctl, PCGCTL);
+
+ glpmcfg = dwc2_readl(hsotg, GLPMCFG);
+ if (glpmcfg & GLPMCFG_ENBESL) {
+ glpmcfg |= GLPMCFG_RSTRSLPSTS;
+ dwc2_writel(hsotg, glpmcfg, GLPMCFG);
+ }
- udelay(1);
- } while (++i < 200);
+ if (remotewakeup) {
+ if (dwc2_hsotg_wait_bit_set(hsotg, GLPMCFG, GLPMCFG_L1RESUMEOK, 1000)) {
+ dev_warn(hsotg->dev, "%s: timeout GLPMCFG_L1RESUMEOK\n", __func__);
+ goto fail;
+ return;
+ }
+
+ dctl = dwc2_readl(hsotg, DCTL);
+ dctl |= DCTL_RMTWKUPSIG;
+ dwc2_writel(hsotg, dctl, DCTL);
+
+ if (dwc2_hsotg_wait_bit_set(hsotg, GINTSTS, GINTSTS_WKUPINT, 1000)) {
+ dev_warn(hsotg->dev, "%s: timeout GINTSTS_WKUPINT\n", __func__);
+ goto fail;
+ return;
+ }
+ }
- if (i == 200) {
- dev_err(hsotg->dev, "Failed to exit L1 sleep state in 200us.\n");
+ glpmcfg = dwc2_readl(hsotg, GLPMCFG);
+ if (glpmcfg & GLPMCFG_COREL1RES_MASK || glpmcfg & GLPMCFG_SLPSTS ||
+ glpmcfg & GLPMCFG_L1RESUMEOK) {
+ goto fail;
return;
}
- dwc2_gadget_init_lpm(hsotg);
+
+ /* Inform gadget to exit from L1 */
+ call_gadget(hsotg, resume);
+ /* Change to L0 state */
+ hsotg->lx_state = DWC2_L0;
+ hsotg->bus_suspended = false;
+fail: dwc2_gadget_init_lpm(hsotg);
} else {
/* TODO */
dev_err(hsotg->dev, "Host side LPM is not supported.\n");
return;
}
-
- /* Change to L0 state */
- hsotg->lx_state = DWC2_L0;
-
- /* Inform gadget to exit from L1 */
- call_gadget(hsotg, resume);
}
/*
@@ -386,7 +407,7 @@ static void dwc2_handle_wakeup_detected_
dev_dbg(hsotg->dev, "%s lxstate = %d\n", __func__, hsotg->lx_state);
if (hsotg->lx_state == DWC2_L1) {
- dwc2_wakeup_from_lpm_l1(hsotg);
+ dwc2_wakeup_from_lpm_l1(hsotg, false);
return;
}
--- a/drivers/usb/dwc2/gadget.c
+++ b/drivers/usb/dwc2/gadget.c
@@ -1415,6 +1415,10 @@ static int dwc2_hsotg_ep_queue(struct us
ep->name, req, req->length, req->buf, req->no_interrupt,
req->zero, req->short_not_ok);
+ if (hs->lx_state == DWC2_L1) {
+ dwc2_wakeup_from_lpm_l1(hs, true);
+ }
+
/* Prevent new request submission when controller is suspended */
if (hs->lx_state != DWC2_L0) {
dev_dbg(hs->dev, "%s: submit request only in active state\n",
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 371/396] usb: udc: remove warning when queue disabled ep
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (369 preceding siblings ...)
2024-04-01 15:46 ` [PATCH 6.6 370/396] usb: dwc2: gadget: LPM flow fix Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 372/396] usb: typec: Return size of buffer if pd_set operation succeeds Greg Kroah-Hartman
` (36 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Alan Stern, yuan linyu
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: yuan linyu <yuanlinyu@hihonor.com>
commit 2a587a035214fa1b5ef598aea0b81848c5b72e5e upstream.
It is possible trigger below warning message from mass storage function,
WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104
pc : usb_ep_queue+0x7c/0x104
lr : fsg_main_thread+0x494/0x1b3c
Root cause is mass storage function try to queue request from main thread,
but other thread may already disable ep when function disable.
As there is no function failure in the driver, in order to avoid effort
to fix warning, change WARN_ON_ONCE() in usb_ep_queue() to pr_debug().
Suggested-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable@vger.kernel.org
Signed-off-by: yuan linyu <yuanlinyu@hihonor.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20240315020144.2715575-1-yuanlinyu@hihonor.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/udc/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/drivers/usb/gadget/udc/core.c
+++ b/drivers/usb/gadget/udc/core.c
@@ -292,7 +292,9 @@ int usb_ep_queue(struct usb_ep *ep,
{
int ret = 0;
- if (WARN_ON_ONCE(!ep->enabled && ep->address)) {
+ if (!ep->enabled && ep->address) {
+ pr_debug("USB gadget: queue request to disabled ep 0x%x (%s)\n",
+ ep->address, ep->name);
ret = -ESHUTDOWN;
goto out;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 372/396] usb: typec: Return size of buffer if pd_set operation succeeds
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (370 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 371/396] usb: udc: remove warning when queue disabled ep Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 373/396] usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Greg Kroah-Hartman
` (35 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kyle Tso, Guenter Roeck,
Heikki Krogerus
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kyle Tso <kyletso@google.com>
commit 53f5094fdf5deacd99b8655df692e9278506724d upstream.
The attribute writing should return the number of bytes used from the
buffer on success.
Fixes: a7cff92f0635 ("usb: typec: USB Power Delivery helpers for ports and partners")
Cc: stable@vger.kernel.org
Signed-off-by: Kyle Tso <kyletso@google.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240319074309.3306579-1-kyletso@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/class.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/drivers/usb/typec/class.c
+++ b/drivers/usb/typec/class.c
@@ -1264,6 +1264,7 @@ static ssize_t select_usb_power_delivery
{
struct typec_port *port = to_typec_port(dev);
struct usb_power_delivery *pd;
+ int ret;
if (!port->ops || !port->ops->pd_set)
return -EOPNOTSUPP;
@@ -1272,7 +1273,11 @@ static ssize_t select_usb_power_delivery
if (!pd)
return -EINVAL;
- return port->ops->pd_set(port, pd);
+ ret = port->ops->pd_set(port, pd);
+ if (ret)
+ return ret;
+
+ return size;
}
static ssize_t select_usb_power_delivery_show(struct device *dev,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 373/396] usb: typec: ucsi: Clear EVENT_PENDING under PPM lock
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (371 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 372/396] usb: typec: Return size of buffer if pd_set operation succeeds Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 374/396] usb: typec: ucsi: Check for notifications after init Greg Kroah-Hartman
` (34 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Christian A. Ehrhardt,
Heikki Krogerus, Neil Armstrong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 15b2e71b4653b3e13df34695a29ebeee237c5af2 upstream.
Suppose we sleep on the PPM lock after clearing the EVENT_PENDING
bit because the thread for another connector is executing a command.
In this case the command completion of the other command will still
report the connector change for our connector.
Clear the EVENT_PENDING bit under the PPM lock to avoid another
useless call to ucsi_handle_connector_change() in this case.
Fixes: c9aed03a0a68 ("usb: ucsi: Add missing ppm_lock")
Cc: stable <stable@kernel.org>
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Link: https://lore.kernel.org/r/20240320073927.1641788-2-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -933,11 +933,11 @@ static void ucsi_handle_connector_change
if (con->status.change & UCSI_CONSTAT_CAM_CHANGE)
ucsi_partner_task(con, ucsi_check_altmodes, 1, 0);
- clear_bit(EVENT_PENDING, &con->ucsi->flags);
-
mutex_lock(&ucsi->ppm_lock);
+ clear_bit(EVENT_PENDING, &con->ucsi->flags);
ret = ucsi_acknowledge_connector_change(ucsi);
mutex_unlock(&ucsi->ppm_lock);
+
if (ret)
dev_err(ucsi->dev, "%s: ACK failed (%d)", __func__, ret);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 374/396] usb: typec: ucsi: Check for notifications after init
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (372 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 373/396] usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 375/396] usb: typec: ucsi: Ack unsupported commands Greg Kroah-Hartman
` (33 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt,
Heikki Krogerus, Neil Armstrong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 808a8b9e0b87bbc72bcc1f7ddfe5d04746e7ce56 upstream.
The completion notification for the final SET_NOTIFICATION_ENABLE
command during initialization can include a connector change
notification. However, at the time this completion notification is
processed, the ucsi struct is not ready to handle this notification.
As a result the notification is ignored and the controller
never sends an interrupt again.
Re-check CCI for a pending connector state change after
initialization is complete. Adjust the corresponding debug
message accordingly.
Fixes: 71a1fa0df2a3 ("usb: typec: ucsi: Store the notification mask")
Cc: stable@vger.kernel.org
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Link: https://lore.kernel.org/r/20240320073927.1641788-3-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -955,7 +955,7 @@ void ucsi_connector_change(struct ucsi *
struct ucsi_connector *con = &ucsi->connector[num - 1];
if (!(ucsi->ntfy & UCSI_ENABLE_NTFY_CONNECTOR_CHANGE)) {
- dev_dbg(ucsi->dev, "Bogus connector change event\n");
+ dev_dbg(ucsi->dev, "Early connector change event\n");
return;
}
@@ -1352,6 +1352,7 @@ static int ucsi_init(struct ucsi *ucsi)
{
struct ucsi_connector *con, *connector;
u64 command, ntfy;
+ u32 cci;
int ret;
int i;
@@ -1404,6 +1405,13 @@ static int ucsi_init(struct ucsi *ucsi)
ucsi->connector = connector;
ucsi->ntfy = ntfy;
+
+ ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci));
+ if (ret)
+ return ret;
+ if (UCSI_CCI_CONNECTOR(READ_ONCE(cci)))
+ ucsi_connector_change(ucsi, cci);
+
return 0;
err_unregister:
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 375/396] usb: typec: ucsi: Ack unsupported commands
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (373 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 374/396] usb: typec: ucsi: Check for notifications after init Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 376/396] usb: typec: ucsi_acpi: Refactor and fix DELL quirk Greg Kroah-Hartman
` (32 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt, stable,
Heikki Krogerus, Neil Armstrong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 6b5c85ddeea77d18c4b69e3bda60e9374a20c304 upstream.
If a command completes the OPM must send an ack. This applies
to unsupported commands, too.
Send the required ACK for unsupported commands.
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Cc: stable <stable@kernel.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Link: https://lore.kernel.org/r/20240320073927.1641788-4-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -138,8 +138,12 @@ static int ucsi_exec_command(struct ucsi
if (!(cci & UCSI_CCI_COMMAND_COMPLETE))
return -EIO;
- if (cci & UCSI_CCI_NOT_SUPPORTED)
+ if (cci & UCSI_CCI_NOT_SUPPORTED) {
+ if (ucsi_acknowledge_command(ucsi) < 0)
+ dev_err(ucsi->dev,
+ "ACK of unsupported command failed\n");
return -EOPNOTSUPP;
+ }
if (cci & UCSI_CCI_ERROR) {
if (cmd == UCSI_GET_ERROR_STATUS)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 376/396] usb: typec: ucsi_acpi: Refactor and fix DELL quirk
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (374 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 375/396] usb: typec: ucsi: Ack unsupported commands Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 377/396] usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Greg Kroah-Hartman
` (31 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt,
Heikki Krogerus, Neil Armstrong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 6aaceb7d9cd00f3e065dc4b054ecfe52c5253b03 upstream.
Some DELL systems don't like UCSI_ACK_CC_CI commands with the
UCSI_ACK_CONNECTOR_CHANGE but not the UCSI_ACK_COMMAND_COMPLETE
bit set. The current quirk still leaves room for races because
it requires two consecutive ACK commands to be sent.
Refactor and significantly simplify the quirk to fix this:
Send a dummy command and bundle the connector change ack with the
command completion ack in a single UCSI_ACK_CC_CI command.
This removes the need to probe for the quirk.
While there define flag bits for struct ucsi_acpi->flags in ucsi_acpi.c
and don't re-use definitions from ucsi.h for struct ucsi->flags.
Fixes: f3be347ea42d ("usb: ucsi_acpi: Quirk to ack a connector change ack cmd")
Cc: stable@vger.kernel.org
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Link: https://lore.kernel.org/r/20240320073927.1641788-5-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi_acpi.c | 71 ++++++++++++++++---------------------
1 file changed, 31 insertions(+), 40 deletions(-)
--- a/drivers/usb/typec/ucsi/ucsi_acpi.c
+++ b/drivers/usb/typec/ucsi/ucsi_acpi.c
@@ -23,10 +23,11 @@ struct ucsi_acpi {
void *base;
struct completion complete;
unsigned long flags;
+#define UCSI_ACPI_SUPPRESS_EVENT 0
+#define UCSI_ACPI_COMMAND_PENDING 1
+#define UCSI_ACPI_ACK_PENDING 2
guid_t guid;
u64 cmd;
- bool dell_quirk_probed;
- bool dell_quirk_active;
};
static int ucsi_acpi_dsm(struct ucsi_acpi *ua, int func)
@@ -79,9 +80,9 @@ static int ucsi_acpi_sync_write(struct u
int ret;
if (ack)
- set_bit(ACK_PENDING, &ua->flags);
+ set_bit(UCSI_ACPI_ACK_PENDING, &ua->flags);
else
- set_bit(COMMAND_PENDING, &ua->flags);
+ set_bit(UCSI_ACPI_COMMAND_PENDING, &ua->flags);
ret = ucsi_acpi_async_write(ucsi, offset, val, val_len);
if (ret)
@@ -92,9 +93,9 @@ static int ucsi_acpi_sync_write(struct u
out_clear_bit:
if (ack)
- clear_bit(ACK_PENDING, &ua->flags);
+ clear_bit(UCSI_ACPI_ACK_PENDING, &ua->flags);
else
- clear_bit(COMMAND_PENDING, &ua->flags);
+ clear_bit(UCSI_ACPI_COMMAND_PENDING, &ua->flags);
return ret;
}
@@ -129,51 +130,40 @@ static const struct ucsi_operations ucsi
};
/*
- * Some Dell laptops expect that an ACK command with the
- * UCSI_ACK_CONNECTOR_CHANGE bit set is followed by a (separate)
- * ACK command that only has the UCSI_ACK_COMMAND_COMPLETE bit set.
- * If this is not done events are not delivered to OSPM and
- * subsequent commands will timeout.
+ * Some Dell laptops don't like ACK commands with the
+ * UCSI_ACK_CONNECTOR_CHANGE but not the UCSI_ACK_COMMAND_COMPLETE
+ * bit set. To work around this send a dummy command and bundle the
+ * UCSI_ACK_CONNECTOR_CHANGE with the UCSI_ACK_COMMAND_COMPLETE
+ * for the dummy command.
*/
static int
ucsi_dell_sync_write(struct ucsi *ucsi, unsigned int offset,
const void *val, size_t val_len)
{
struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi);
- u64 cmd = *(u64 *)val, ack = 0;
+ u64 cmd = *(u64 *)val;
+ u64 dummycmd = UCSI_GET_CAPABILITY;
int ret;
- if (UCSI_COMMAND(cmd) == UCSI_ACK_CC_CI &&
- cmd & UCSI_ACK_CONNECTOR_CHANGE)
- ack = UCSI_ACK_CC_CI | UCSI_ACK_COMMAND_COMPLETE;
+ if (cmd == (UCSI_ACK_CC_CI | UCSI_ACK_CONNECTOR_CHANGE)) {
+ cmd |= UCSI_ACK_COMMAND_COMPLETE;
- ret = ucsi_acpi_sync_write(ucsi, offset, val, val_len);
- if (ret != 0)
- return ret;
- if (ack == 0)
- return ret;
-
- if (!ua->dell_quirk_probed) {
- ua->dell_quirk_probed = true;
+ /*
+ * The UCSI core thinks it is sending a connector change ack
+ * and will accept new connector change events. We don't want
+ * this to happen for the dummy command as its response will
+ * still report the very event that the core is trying to clear.
+ */
+ set_bit(UCSI_ACPI_SUPPRESS_EVENT, &ua->flags);
+ ret = ucsi_acpi_sync_write(ucsi, UCSI_CONTROL, &dummycmd,
+ sizeof(dummycmd));
+ clear_bit(UCSI_ACPI_SUPPRESS_EVENT, &ua->flags);
- cmd = UCSI_GET_CAPABILITY;
- ret = ucsi_acpi_sync_write(ucsi, UCSI_CONTROL, &cmd,
- sizeof(cmd));
- if (ret == 0)
- return ucsi_acpi_sync_write(ucsi, UCSI_CONTROL,
- &ack, sizeof(ack));
- if (ret != -ETIMEDOUT)
+ if (ret < 0)
return ret;
-
- ua->dell_quirk_active = true;
- dev_err(ua->dev, "Firmware bug: Additional ACK required after ACKing a connector change.\n");
- dev_err(ua->dev, "Firmware bug: Enabling workaround\n");
}
- if (!ua->dell_quirk_active)
- return ret;
-
- return ucsi_acpi_sync_write(ucsi, UCSI_CONTROL, &ack, sizeof(ack));
+ return ucsi_acpi_sync_write(ucsi, UCSI_CONTROL, &cmd, sizeof(cmd));
}
static const struct ucsi_operations ucsi_dell_ops = {
@@ -209,13 +199,14 @@ static void ucsi_acpi_notify(acpi_handle
if (ret)
return;
- if (UCSI_CCI_CONNECTOR(cci))
+ if (UCSI_CCI_CONNECTOR(cci) &&
+ !test_bit(UCSI_ACPI_SUPPRESS_EVENT, &ua->flags))
ucsi_connector_change(ua->ucsi, UCSI_CCI_CONNECTOR(cci));
if (cci & UCSI_CCI_ACK_COMPLETE && test_bit(ACK_PENDING, &ua->flags))
complete(&ua->complete);
if (cci & UCSI_CCI_COMMAND_COMPLETE &&
- test_bit(COMMAND_PENDING, &ua->flags))
+ test_bit(UCSI_ACPI_COMMAND_PENDING, &ua->flags))
complete(&ua->complete);
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 377/396] usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (375 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 376/396] usb: typec: ucsi_acpi: Refactor and fix DELL quirk Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 378/396] scsi: qla2xxx: Prevent command send on chip reset Greg Kroah-Hartman
` (30 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt, stable,
Heikki Krogerus, Neil Armstrong
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 3de4f996a0b5412aa451729008130a488f71563e upstream.
Check the UCSI_CCI_RESET_COMPLETE complete flag before starting
another reset. Use a UCSI_SET_NOTIFICATION_ENABLE command to clear
the flag if it is set.
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Cc: stable <stable@kernel.org>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Tested-by: Neil Armstrong <neil.armstrong@linaro.org> # on SM8550-QRD
Link: https://lore.kernel.org/r/20240320073927.1641788-6-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 36 +++++++++++++++++++++++++++++++++++-
1 file changed, 35 insertions(+), 1 deletion(-)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -982,13 +982,47 @@ static int ucsi_reset_connector(struct u
static int ucsi_reset_ppm(struct ucsi *ucsi)
{
- u64 command = UCSI_PPM_RESET;
+ u64 command;
unsigned long tmo;
u32 cci;
int ret;
mutex_lock(&ucsi->ppm_lock);
+ ret = ucsi->ops->read(ucsi, UCSI_CCI, &cci, sizeof(cci));
+ if (ret < 0)
+ goto out;
+
+ /*
+ * If UCSI_CCI_RESET_COMPLETE is already set we must clear
+ * the flag before we start another reset. Send a
+ * UCSI_SET_NOTIFICATION_ENABLE command to achieve this.
+ * Ignore a timeout and try the reset anyway if this fails.
+ */
+ if (cci & UCSI_CCI_RESET_COMPLETE) {
+ command = UCSI_SET_NOTIFICATION_ENABLE;
+ ret = ucsi->ops->async_write(ucsi, UCSI_CONTROL, &command,
+ sizeof(command));
+ if (ret < 0)
+ goto out;
+
+ tmo = jiffies + msecs_to_jiffies(UCSI_TIMEOUT_MS);
+ do {
+ ret = ucsi->ops->read(ucsi, UCSI_CCI,
+ &cci, sizeof(cci));
+ if (ret < 0)
+ goto out;
+ if (cci & UCSI_CCI_COMMAND_COMPLETE)
+ break;
+ if (time_is_before_jiffies(tmo))
+ break;
+ msleep(20);
+ } while (1);
+
+ WARN_ON(cci & UCSI_CCI_RESET_COMPLETE);
+ }
+
+ command = UCSI_PPM_RESET;
ret = ucsi->ops->async_write(ucsi, UCSI_CONTROL, &command,
sizeof(command));
if (ret < 0)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 378/396] scsi: qla2xxx: Prevent command send on chip reset
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (376 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 377/396] usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 379/396] scsi: qla2xxx: Fix N2N stuck connection Greg Kroah-Hartman
` (29 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 4895009c4bb72f71f2e682f1e7d2c2d96e482087 upstream.
Currently IOCBs are allowed to push through while chip reset could be in
progress. During chip reset the outstanding_cmds array is cleared
twice. Once when any command on this array is returned as failed and
secondly when the array is initialize to zero. If a command is inserted on
to the array between these intervals, then the command will be lost. Check
for chip reset before sending IOCB.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-2-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 8 ++++++--
drivers/scsi/qla2xxx/qla_iocb.c | 33 +++++++++++++++++++++++++++++++--
2 files changed, 37 insertions(+), 4 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -1193,8 +1193,12 @@ int qla24xx_async_gnl(struct scsi_qla_ho
return rval;
done_free_sp:
- /* ref: INIT */
- kref_put(&sp->cmd_kref, qla2x00_sp_release);
+ /*
+ * use qla24xx_async_gnl_sp_done to purge all pending gnl request.
+ * kref_put is call behind the scene.
+ */
+ sp->u.iocb_cmd.u.mbx.in_mb[0] = MBS_COMMAND_ERROR;
+ qla24xx_async_gnl_sp_done(sp, QLA_COMMAND_ERROR);
fcport->flags &= ~(FCF_ASYNC_SENT);
done:
fcport->flags &= ~(FCF_ASYNC_ACTIVE);
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2587,6 +2587,33 @@ void
qla2x00_sp_release(struct kref *kref)
{
struct srb *sp = container_of(kref, struct srb, cmd_kref);
+ struct scsi_qla_host *vha = sp->vha;
+
+ switch (sp->type) {
+ case SRB_CT_PTHRU_CMD:
+ /* GPSC & GFPNID use fcport->ct_desc.ct_sns for both req & rsp */
+ if (sp->u.iocb_cmd.u.ctarg.req &&
+ (!sp->fcport ||
+ sp->u.iocb_cmd.u.ctarg.req != sp->fcport->ct_desc.ct_sns)) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+ sp->u.iocb_cmd.u.ctarg.req_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.req,
+ sp->u.iocb_cmd.u.ctarg.req_dma);
+ sp->u.iocb_cmd.u.ctarg.req = NULL;
+ }
+ if (sp->u.iocb_cmd.u.ctarg.rsp &&
+ (!sp->fcport ||
+ sp->u.iocb_cmd.u.ctarg.rsp != sp->fcport->ct_desc.ct_sns)) {
+ dma_free_coherent(&vha->hw->pdev->dev,
+ sp->u.iocb_cmd.u.ctarg.rsp_allocated_size,
+ sp->u.iocb_cmd.u.ctarg.rsp,
+ sp->u.iocb_cmd.u.ctarg.rsp_dma);
+ sp->u.iocb_cmd.u.ctarg.rsp = NULL;
+ }
+ break;
+ default:
+ break;
+ }
sp->free(sp);
}
@@ -2692,7 +2719,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v
*/
sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL);
if (!sp) {
- kfree(fcport);
+ qla2x00_free_fcport(fcport);
ql_log(ql_log_info, vha, 0x70e6,
"SRB allocation failed\n");
return -ENOMEM;
@@ -2747,6 +2774,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v
if (rval != QLA_SUCCESS) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
+ qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2756,6 +2784,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
+ qla2x00_free_fcport(fcport);
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
@@ -3918,7 +3947,7 @@ qla2x00_start_sp(srb_t *sp)
return -EAGAIN;
}
- pkt = __qla2x00_alloc_iocbs(sp->qpair, sp);
+ pkt = qla2x00_alloc_iocbs_ready(sp->qpair, sp);
if (!pkt) {
rval = -EAGAIN;
ql_log(ql_log_warn, vha, 0x700c,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 379/396] scsi: qla2xxx: Fix N2N stuck connection
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (377 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 378/396] scsi: qla2xxx: Prevent command send on chip reset Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 380/396] scsi: qla2xxx: Split FCE|EFT trace control Greg Kroah-Hartman
` (28 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 881eb861ca3877300570db10abbf11494e48548d upstream.
Disk failed to rediscover after chip reset error injection. The chip reset
happens at the time when a PLOGI is being sent. This causes a flag to be
left on which blocks the retry. Clear the blocking flag.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-3-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_gbl.h | 2 +-
drivers/scsi/qla2xxx/qla_iocb.c | 32 +++++++++++---------------------
drivers/scsi/qla2xxx/qla_os.c | 2 +-
3 files changed, 13 insertions(+), 23 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
@@ -44,7 +44,7 @@ extern int qla2x00_fabric_login(scsi_qla
extern int qla2x00_local_device_login(scsi_qla_host_t *, fc_port_t *);
extern int qla24xx_els_dcmd_iocb(scsi_qla_host_t *, int, port_id_t);
-extern int qla24xx_els_dcmd2_iocb(scsi_qla_host_t *, int, fc_port_t *, bool);
+extern int qla24xx_els_dcmd2_iocb(scsi_qla_host_t *, int, fc_port_t *);
extern void qla2x00_els_dcmd2_free(scsi_qla_host_t *vha,
struct els_plogi *els_plogi);
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -3041,7 +3041,7 @@ static void qla2x00_els_dcmd2_sp_done(sr
int
qla24xx_els_dcmd2_iocb(scsi_qla_host_t *vha, int els_opcode,
- fc_port_t *fcport, bool wait)
+ fc_port_t *fcport)
{
srb_t *sp;
struct srb_iocb *elsio = NULL;
@@ -3056,8 +3056,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
if (!sp) {
ql_log(ql_log_info, vha, 0x70e6,
"SRB allocation failed\n");
- fcport->flags &= ~FCF_ASYNC_ACTIVE;
- return -ENOMEM;
+ goto done;
}
fcport->flags |= FCF_ASYNC_SENT;
@@ -3066,9 +3065,6 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
ql_dbg(ql_dbg_io, vha, 0x3073,
"%s Enter: PLOGI portid=%06x\n", __func__, fcport->d_id.b24);
- if (wait)
- sp->flags = SRB_WAKEUP_ON_COMP;
-
sp->type = SRB_ELS_DCMD;
sp->name = "ELS_DCMD";
sp->fcport = fcport;
@@ -3084,7 +3080,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
if (!elsio->u.els_plogi.els_plogi_pyld) {
rval = QLA_FUNCTION_FAILED;
- goto out;
+ goto done_free_sp;
}
resp_ptr = elsio->u.els_plogi.els_resp_pyld =
@@ -3093,7 +3089,7 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
if (!elsio->u.els_plogi.els_resp_pyld) {
rval = QLA_FUNCTION_FAILED;
- goto out;
+ goto done_free_sp;
}
ql_dbg(ql_dbg_io, vha, 0x3073, "PLOGI %p %p\n", ptr, resp_ptr);
@@ -3109,7 +3105,6 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
if (els_opcode == ELS_DCMD_PLOGI && DBELL_ACTIVE(vha)) {
struct fc_els_flogi *p = ptr;
-
p->fl_csp.sp_features |= cpu_to_be16(FC_SP_FT_SEC);
}
@@ -3118,10 +3113,11 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
(uint8_t *)elsio->u.els_plogi.els_plogi_pyld,
sizeof(*elsio->u.els_plogi.els_plogi_pyld));
- init_completion(&elsio->u.els_plogi.comp);
rval = qla2x00_start_sp(sp);
if (rval != QLA_SUCCESS) {
- rval = QLA_FUNCTION_FAILED;
+ fcport->flags |= FCF_LOGIN_NEEDED;
+ set_bit(RELOGIN_NEEDED, &vha->dpc_flags);
+ goto done_free_sp;
} else {
ql_dbg(ql_dbg_disc, vha, 0x3074,
"%s PLOGI sent, hdl=%x, loopid=%x, to port_id %06x from port_id %06x\n",
@@ -3129,21 +3125,15 @@ qla24xx_els_dcmd2_iocb(scsi_qla_host_t *
fcport->d_id.b24, vha->d_id.b24);
}
- if (wait) {
- wait_for_completion(&elsio->u.els_plogi.comp);
-
- if (elsio->u.els_plogi.comp_status != CS_COMPLETE)
- rval = QLA_FUNCTION_FAILED;
- } else {
- goto done;
- }
+ return rval;
-out:
- fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE);
+done_free_sp:
qla2x00_els_dcmd2_free(vha, &elsio->u.els_plogi);
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
done:
+ fcport->flags &= ~(FCF_ASYNC_SENT | FCF_ASYNC_ACTIVE);
+ qla2x00_set_fcport_disc_state(fcport, DSC_DELETED);
return rval;
}
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -5582,7 +5582,7 @@ qla2x00_do_work(struct scsi_qla_host *vh
break;
case QLA_EVT_ELS_PLOGI:
qla24xx_els_dcmd2_iocb(vha, ELS_DCMD_PLOGI,
- e->u.fcport.fcport, false);
+ e->u.fcport.fcport);
break;
case QLA_EVT_SA_REPLACE:
rc = qla24xx_issue_sa_replace_iocb(vha, e);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 380/396] scsi: qla2xxx: Split FCE|EFT trace control
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (378 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 379/396] scsi: qla2xxx: Fix N2N stuck connection Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 381/396] scsi: qla2xxx: Update manufacturer detail Greg Kroah-Hartman
` (27 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot, Quinn Tran,
Nilesh Javali, Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 76a192e1a566e15365704b9f8fb3b70825f85064 upstream.
Current code combines the allocation of FCE|EFT trace buffers and enables
the features all in 1 step.
Split this step into separate steps in preparation for follow-on patch to
allow user to have a choice to enable / disable FCE trace feature.
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-4-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 102 ++++++++++++++++------------------------
1 file changed, 41 insertions(+), 61 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -2669,6 +2669,40 @@ exit:
return rval;
}
+static void qla_enable_fce_trace(scsi_qla_host_t *vha)
+{
+ int rval;
+ struct qla_hw_data *ha = vha->hw;
+
+ if (ha->fce) {
+ ha->flags.fce_enabled = 1;
+ memset(ha->fce, 0, fce_calc_size(ha->fce_bufs));
+ rval = qla2x00_enable_fce_trace(vha,
+ ha->fce_dma, ha->fce_bufs, ha->fce_mb, &ha->fce_bufs);
+
+ if (rval) {
+ ql_log(ql_log_warn, vha, 0x8033,
+ "Unable to reinitialize FCE (%d).\n", rval);
+ ha->flags.fce_enabled = 0;
+ }
+ }
+}
+
+static void qla_enable_eft_trace(scsi_qla_host_t *vha)
+{
+ int rval;
+ struct qla_hw_data *ha = vha->hw;
+
+ if (ha->eft) {
+ memset(ha->eft, 0, EFT_SIZE);
+ rval = qla2x00_enable_eft_trace(vha, ha->eft_dma, EFT_NUM_BUFFERS);
+
+ if (rval) {
+ ql_log(ql_log_warn, vha, 0x8034,
+ "Unable to reinitialize EFT (%d).\n", rval);
+ }
+ }
+}
/*
* qla2x00_initialize_adapter
* Initialize board.
@@ -3672,9 +3706,8 @@ qla24xx_chip_diag(scsi_qla_host_t *vha)
}
static void
-qla2x00_init_fce_trace(scsi_qla_host_t *vha)
+qla2x00_alloc_fce_trace(scsi_qla_host_t *vha)
{
- int rval;
dma_addr_t tc_dma;
void *tc;
struct qla_hw_data *ha = vha->hw;
@@ -3703,27 +3736,17 @@ qla2x00_init_fce_trace(scsi_qla_host_t *
return;
}
- rval = qla2x00_enable_fce_trace(vha, tc_dma, FCE_NUM_BUFFERS,
- ha->fce_mb, &ha->fce_bufs);
- if (rval) {
- ql_log(ql_log_warn, vha, 0x00bf,
- "Unable to initialize FCE (%d).\n", rval);
- dma_free_coherent(&ha->pdev->dev, FCE_SIZE, tc, tc_dma);
- return;
- }
-
ql_dbg(ql_dbg_init, vha, 0x00c0,
"Allocated (%d KB) for FCE...\n", FCE_SIZE / 1024);
- ha->flags.fce_enabled = 1;
ha->fce_dma = tc_dma;
ha->fce = tc;
+ ha->fce_bufs = FCE_NUM_BUFFERS;
}
static void
-qla2x00_init_eft_trace(scsi_qla_host_t *vha)
+qla2x00_alloc_eft_trace(scsi_qla_host_t *vha)
{
- int rval;
dma_addr_t tc_dma;
void *tc;
struct qla_hw_data *ha = vha->hw;
@@ -3748,14 +3771,6 @@ qla2x00_init_eft_trace(scsi_qla_host_t *
return;
}
- rval = qla2x00_enable_eft_trace(vha, tc_dma, EFT_NUM_BUFFERS);
- if (rval) {
- ql_log(ql_log_warn, vha, 0x00c2,
- "Unable to initialize EFT (%d).\n", rval);
- dma_free_coherent(&ha->pdev->dev, EFT_SIZE, tc, tc_dma);
- return;
- }
-
ql_dbg(ql_dbg_init, vha, 0x00c3,
"Allocated (%d KB) EFT ...\n", EFT_SIZE / 1024);
@@ -3763,13 +3778,6 @@ qla2x00_init_eft_trace(scsi_qla_host_t *
ha->eft = tc;
}
-static void
-qla2x00_alloc_offload_mem(scsi_qla_host_t *vha)
-{
- qla2x00_init_fce_trace(vha);
- qla2x00_init_eft_trace(vha);
-}
-
void
qla2x00_alloc_fw_dump(scsi_qla_host_t *vha)
{
@@ -3824,10 +3832,10 @@ qla2x00_alloc_fw_dump(scsi_qla_host_t *v
if (ha->tgt.atio_ring)
mq_size += ha->tgt.atio_q_length * sizeof(request_t);
- qla2x00_init_fce_trace(vha);
+ qla2x00_alloc_fce_trace(vha);
if (ha->fce)
fce_size = sizeof(struct qla2xxx_fce_chain) + FCE_SIZE;
- qla2x00_init_eft_trace(vha);
+ qla2x00_alloc_eft_trace(vha);
if (ha->eft)
eft_size = EFT_SIZE;
}
@@ -4257,7 +4265,6 @@ qla2x00_setup_chip(scsi_qla_host_t *vha)
struct qla_hw_data *ha = vha->hw;
struct device_reg_2xxx __iomem *reg = &ha->iobase->isp;
unsigned long flags;
- uint16_t fw_major_version;
int done_once = 0;
if (IS_P3P_TYPE(ha)) {
@@ -4324,7 +4331,6 @@ execute_fw_with_lr:
goto failed;
enable_82xx_npiv:
- fw_major_version = ha->fw_major_version;
if (IS_P3P_TYPE(ha))
qla82xx_check_md_needed(vha);
else
@@ -4353,12 +4359,11 @@ enable_82xx_npiv:
if (rval != QLA_SUCCESS)
goto failed;
- if (!fw_major_version && !(IS_P3P_TYPE(ha)))
- qla2x00_alloc_offload_mem(vha);
-
if (ql2xallocfwdump && !(IS_P3P_TYPE(ha)))
qla2x00_alloc_fw_dump(vha);
+ qla_enable_fce_trace(vha);
+ qla_enable_eft_trace(vha);
} else {
goto failed;
}
@@ -7491,7 +7496,6 @@ qla2x00_abort_isp_cleanup(scsi_qla_host_
int
qla2x00_abort_isp(scsi_qla_host_t *vha)
{
- int rval;
uint8_t status = 0;
struct qla_hw_data *ha = vha->hw;
struct scsi_qla_host *vp, *tvp;
@@ -7585,31 +7589,7 @@ qla2x00_abort_isp(scsi_qla_host_t *vha)
if (IS_QLA81XX(ha) || IS_QLA8031(ha))
qla2x00_get_fw_version(vha);
- if (ha->fce) {
- ha->flags.fce_enabled = 1;
- memset(ha->fce, 0,
- fce_calc_size(ha->fce_bufs));
- rval = qla2x00_enable_fce_trace(vha,
- ha->fce_dma, ha->fce_bufs, ha->fce_mb,
- &ha->fce_bufs);
- if (rval) {
- ql_log(ql_log_warn, vha, 0x8033,
- "Unable to reinitialize FCE "
- "(%d).\n", rval);
- ha->flags.fce_enabled = 0;
- }
- }
- if (ha->eft) {
- memset(ha->eft, 0, EFT_SIZE);
- rval = qla2x00_enable_eft_trace(vha,
- ha->eft_dma, EFT_NUM_BUFFERS);
- if (rval) {
- ql_log(ql_log_warn, vha, 0x8034,
- "Unable to reinitialize EFT "
- "(%d).\n", rval);
- }
- }
} else { /* failed the ISP abort */
vha->flags.online = 1;
if (test_bit(ISP_ABORT_RETRY, &vha->dpc_flags)) {
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 381/396] scsi: qla2xxx: Update manufacturer detail
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (379 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 380/396] scsi: qla2xxx: Split FCE|EFT trace control Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 382/396] scsi: qla2xxx: NVME|FCP prefer flag not being honored Greg Kroah-Hartman
` (26 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Bikash Hazarika, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bikash Hazarika <bhazarika@marvell.com>
commit 688fa069fda6fce24d243cddfe0c7024428acb74 upstream.
Update manufacturer detail from "Marvell Semiconductor, Inc." to
"Marvell".
Cc: stable@vger.kernel.org
Signed-off-by: Bikash Hazarika <bhazarika@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-5-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_def.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_def.h
+++ b/drivers/scsi/qla2xxx/qla_def.h
@@ -82,7 +82,7 @@ typedef union {
#include "qla_nvme.h"
#define QLA2XXX_DRIVER_NAME "qla2xxx"
#define QLA2XXX_APIDEV "ql2xapidev"
-#define QLA2XXX_MANUFACTURER "Marvell Semiconductor, Inc."
+#define QLA2XXX_MANUFACTURER "Marvell"
/*
* We have MAILBOX_REGISTER_COUNT sized arrays in a few places,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 382/396] scsi: qla2xxx: NVME|FCP prefer flag not being honored
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (380 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 381/396] scsi: qla2xxx: Update manufacturer detail Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 383/396] scsi: qla2xxx: Fix command flush on cable pull Greg Kroah-Hartman
` (25 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 69aecdd410106dc3a8f543a4f7ec6379b995b8d0 upstream.
Changing of [FCP|NVME] prefer flag in flash has no effect on driver. For
device that supports both FCP + NVMe over the same connection, driver
continues to connect to this device using the previous successful login
mode.
On completion of flash update, adapter will be reset. Driver will
reset the prefer flag based on setting from flash.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-6-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_init.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_init.c
+++ b/drivers/scsi/qla2xxx/qla_init.c
@@ -7501,6 +7501,7 @@ qla2x00_abort_isp(scsi_qla_host_t *vha)
struct scsi_qla_host *vp, *tvp;
struct req_que *req = ha->req_q_map[0];
unsigned long flags;
+ fc_port_t *fcport;
if (vha->flags.online) {
qla2x00_abort_isp_cleanup(vha);
@@ -7569,6 +7570,15 @@ qla2x00_abort_isp(scsi_qla_host_t *vha)
"ISP Abort - ISP reg disconnect post nvmram config, exiting.\n");
return status;
}
+
+ /* User may have updated [fcp|nvme] prefer in flash */
+ list_for_each_entry(fcport, &vha->vp_fcports, list) {
+ if (NVME_PRIORITY(ha, fcport))
+ fcport->do_prli_nvme = 1;
+ else
+ fcport->do_prli_nvme = 0;
+ }
+
if (!qla2x00_restart_isp(vha)) {
clear_bit(RESET_MARKER_NEEDED, &vha->dpc_flags);
@@ -7639,6 +7649,14 @@ qla2x00_abort_isp(scsi_qla_host_t *vha)
atomic_inc(&vp->vref_count);
spin_unlock_irqrestore(&ha->vport_slock, flags);
+ /* User may have updated [fcp|nvme] prefer in flash */
+ list_for_each_entry(fcport, &vp->vp_fcports, list) {
+ if (NVME_PRIORITY(ha, fcport))
+ fcport->do_prli_nvme = 1;
+ else
+ fcport->do_prli_nvme = 0;
+ }
+
qla2x00_vp_abort_isp(vp);
spin_lock_irqsave(&ha->vport_slock, flags);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 383/396] scsi: qla2xxx: Fix command flush on cable pull
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (381 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 382/396] scsi: qla2xxx: NVME|FCP prefer flag not being honored Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 384/396] scsi: qla2xxx: Fix double free of the ha->vp_map pointer Greg Kroah-Hartman
` (24 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit a27d4d0e7de305def8a5098a614053be208d1aa1 upstream.
System crash due to command failed to flush back to SCSI layer.
BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
PGD 0 P4D 0
Oops: 0000 [#1] SMP NOPTI
CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]
RIP: 0010:__wake_up_common+0x4c/0x190
Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75
RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086
RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000
RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320
RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8
R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20
R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
__wake_up_common_lock+0x7c/0xc0
qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]
qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0
? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]
qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.
? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]
qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1
? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]
qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0
? __switch_to+0x10c/0x450
? process_one_work+0x1a7/0x360
qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.
? worker_thread+0x1ce/0x390
? create_worker+0x1a0/0x1a0
qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70
? kthread+0x10a/0x120
qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8
? set_kthread_struct+0x40/0x40
qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.
? ret_from_fork+0x1f/0x40
qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout
The system was under memory stress where driver was not able to allocate an
SRB to carry out error recovery of cable pull. The failure to flush causes
upper layer to start modifying scsi_cmnd. When the system frees up some
memory, the subsequent cable pull trigger another command flush. At this
point the driver access a null pointer when attempting to DMA unmap the
SGL.
Add a check to make sure commands are flush back on session tear down to
prevent the null pointer access.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-7-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_target.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/scsi/qla2xxx/qla_target.c
+++ b/drivers/scsi/qla2xxx/qla_target.c
@@ -1062,6 +1062,16 @@ void qlt_free_session_done(struct work_s
"%s: sess %p logout completed\n", __func__, sess);
}
+ /* check for any straggling io left behind */
+ if (!(sess->flags & FCF_FCP2_DEVICE) &&
+ qla2x00_eh_wait_for_pending_commands(sess->vha, sess->d_id.b24, 0, WAIT_TARGET)) {
+ ql_log(ql_log_warn, vha, 0x3027,
+ "IO not return. Resetting.\n");
+ set_bit(ISP_ABORT_NEEDED, &vha->dpc_flags);
+ qla2xxx_wake_dpc(vha);
+ qla2x00_wait_for_chip_reset(vha);
+ }
+
if (sess->logo_ack_needed) {
sess->logo_ack_needed = 0;
qla24xx_async_notify_ack(vha, sess,
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 384/396] scsi: qla2xxx: Fix double free of the ha->vp_map pointer
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (382 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 383/396] scsi: qla2xxx: Fix command flush on cable pull Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 385/396] scsi: qla2xxx: Fix double free of fcport Greg Kroah-Hartman
` (23 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saurav Kashyap <skashyap@marvell.com>
commit e288285d47784fdcf7c81be56df7d65c6f10c58b upstream.
Coverity scan reported potential risk of double free of the pointer
ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed
in function qla2x00_mem_free(ha).
Assign NULL to vp_map and kfree take care of NULL.
Cc: stable@vger.kernel.org
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-8-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_os.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
@@ -4601,6 +4601,7 @@ fail_free_init_cb:
ha->init_cb_dma = 0;
fail_free_vp_map:
kfree(ha->vp_map);
+ ha->vp_map = NULL;
fail:
ql_log(ql_log_fatal, NULL, 0x0030,
"Memory allocation failure.\n");
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 385/396] scsi: qla2xxx: Fix double free of fcport
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (383 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 384/396] scsi: qla2xxx: Fix double free of the ha->vp_map pointer Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 386/396] scsi: qla2xxx: Change debug message during driver unload Greg Kroah-Hartman
` (22 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saurav Kashyap <skashyap@marvell.com>
commit 82f522ae0d97119a43da53e0f729275691b9c525 upstream.
The server was crashing after LOGO because fcport was getting freed twice.
-----------[ cut here ]-----------
kernel BUG at mm/slub.c:371!
invalid opcode: 0000 1 SMP PTI
CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1
Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021
RIP: 0010:set_freepointer.part.57+0x0/0x10
RSP: 0018:ffffb07107027d90 EFLAGS: 00010246
RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400
RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500
RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009
R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500
R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58
FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
kfree+0x238/0x250
qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]
? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]
qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]
? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]
? kernfs_fop_write+0x11e/0x1a0
Remove one of the free calls and add check for valid fcport. Also use
function qla2x00_free_fcport() instead of kfree().
Cc: stable@vger.kernel.org
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-9-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_iocb.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_iocb.c
+++ b/drivers/scsi/qla2xxx/qla_iocb.c
@@ -2637,7 +2637,8 @@ static void qla2x00_els_dcmd_sp_free(srb
{
struct srb_iocb *elsio = &sp->u.iocb_cmd;
- kfree(sp->fcport);
+ if (sp->fcport)
+ qla2x00_free_fcport(sp->fcport);
if (elsio->u.els_logo.els_logo_pyld)
dma_free_coherent(&sp->vha->hw->pdev->dev, DMA_POOL_SIZE,
@@ -2750,6 +2751,7 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v
if (!elsio->u.els_logo.els_logo_pyld) {
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
+ qla2x00_free_fcport(fcport);
return QLA_FUNCTION_FAILED;
}
@@ -2784,7 +2786,6 @@ qla24xx_els_dcmd_iocb(scsi_qla_host_t *v
fcport->d_id.b.area, fcport->d_id.b.al_pa);
wait_for_completion(&elsio->u.els_logo.comp);
- qla2x00_free_fcport(fcport);
/* ref: INIT */
kref_put(&sp->cmd_kref, qla2x00_sp_release);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 386/396] scsi: qla2xxx: Change debug message during driver unload
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (384 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 385/396] scsi: qla2xxx: Fix double free of fcport Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 387/396] scsi: qla2xxx: Delay I/O Abort on PCI error Greg Kroah-Hartman
` (21 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Saurav Kashyap, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saurav Kashyap <skashyap@marvell.com>
commit b5a30840727a3e41d12a336d19f6c0716b299161 upstream.
Upon driver unload, purge_mbox flag is set and the heartbeat monitor thread
detects this flag and does not send the mailbox command down to FW with a
debug message "Error detected: purge[1] eeh[0] cmd=0x0, Exiting". This
being not a real error, change the debug message.
Cc: stable@vger.kernel.org
Signed-off-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-10-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_mbx.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/qla2xxx/qla_mbx.c
+++ b/drivers/scsi/qla2xxx/qla_mbx.c
@@ -194,7 +194,7 @@ qla2x00_mailbox_command(scsi_qla_host_t
if (ha->flags.purge_mbox || chip_reset != ha->chip_reset ||
ha->flags.eeh_busy) {
ql_log(ql_log_warn, vha, 0xd035,
- "Error detected: purge[%d] eeh[%d] cmd=0x%x, Exiting.\n",
+ "Purge mbox: purge[%d] eeh[%d] cmd=0x%x, Exiting.\n",
ha->flags.purge_mbox, ha->flags.eeh_busy, mcp->mb[0]);
rval = QLA_ABORTED;
goto premature_exit;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 387/396] scsi: qla2xxx: Delay I/O Abort on PCI error
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (385 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 386/396] scsi: qla2xxx: Change debug message during driver unload Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 388/396] x86/bugs: Use fixed addressing for VERW operand Greg Kroah-Hartman
` (20 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Quinn Tran, Nilesh Javali,
Himanshu Madhani, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Quinn Tran <qutran@marvell.com>
commit 591c1fdf2016d118b8fbde427b796fac13f3f070 upstream.
Currently when PCI error is detected, I/O is aborted manually through the
ABORT IOCB mechanism which is not guaranteed to succeed.
Instead, wait for the OS or system to notify driver to wind down I/O
through the pci_error_handlers api. Set eeh_busy flag to pause all traffic
and wait for I/O to drain.
Cc: stable@vger.kernel.org
Signed-off-by: Quinn Tran <qutran@marvell.com>
Signed-off-by: Nilesh Javali <njavali@marvell.com>
Link: https://lore.kernel.org/r/20240227164127.36465-11-njavali@marvell.com
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/qla2xxx/qla_attr.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
@@ -2741,7 +2741,13 @@ qla2x00_dev_loss_tmo_callbk(struct fc_rp
return;
if (unlikely(pci_channel_offline(fcport->vha->hw->pdev))) {
- qla2x00_abort_all_cmds(fcport->vha, DID_NO_CONNECT << 16);
+ /* Will wait for wind down of adapter */
+ ql_dbg(ql_dbg_aer, fcport->vha, 0x900c,
+ "%s pci offline detected (id %06x)\n", __func__,
+ fcport->d_id.b24);
+ qla_pci_set_eeh_busy(fcport->vha);
+ qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24,
+ 0, WAIT_TARGET);
return;
}
}
@@ -2763,7 +2769,11 @@ qla2x00_terminate_rport_io(struct fc_rpo
vha = fcport->vha;
if (unlikely(pci_channel_offline(fcport->vha->hw->pdev))) {
- qla2x00_abort_all_cmds(fcport->vha, DID_NO_CONNECT << 16);
+ /* Will wait for wind down of adapter */
+ ql_dbg(ql_dbg_aer, fcport->vha, 0x900b,
+ "%s pci offline detected (id %06x)\n", __func__,
+ fcport->d_id.b24);
+ qla_pci_set_eeh_busy(vha);
qla2x00_eh_wait_for_pending_commands(fcport->vha, fcport->d_id.b24,
0, WAIT_TARGET);
return;
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 388/396] x86/bugs: Use fixed addressing for VERW operand
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (386 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 387/396] scsi: qla2xxx: Delay I/O Abort on PCI error Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 389/396] Revert "x86/bugs: Use fixed addressing for VERW operand" Greg Kroah-Hartman
` (19 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Nikolay Borisov, Pawan Gupta,
Dave Hansen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
commit 8009479ee919b9a91674f48050ccbff64eafedaa upstream.
The macro used for MDS mitigation executes VERW with relative
addressing for the operand. This was necessary in earlier versions of
the series. Now it is unnecessary and creates a problem for backports
on older kernels that don't support relocations in alternatives.
Relocation support was added by commit 270a69c4485d ("x86/alternative:
Support relocations in alternatives"). Also asm for fixed addressing
is much cleaner than relative RIP addressing.
Simplify the asm by using fixed addressing for VERW operand.
[ dhansen: tweak changelog ]
Closes: https://lore.kernel.org/lkml/20558f89-299b-472e-9a96-171403a83bd6@suse.com/
Fixes: baf8361e5455 ("x86/bugs: Add asm helpers for executing VERW")
Reported-by: Nikolay Borisov <nik.borisov@suse.com>
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Link: https://lore.kernel.org/all/20240226-verw-arg-fix-v1-1-7b37ee6fd57d%40linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/nospec-branch.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -337,7 +337,7 @@
* Note: Only the memory operand variant of VERW clears the CPU buffers.
*/
.macro CLEAR_CPU_BUFFERS
- ALTERNATIVE "", __stringify(verw _ASM_RIP(mds_verw_sel)), X86_FEATURE_CLEAR_CPU_BUF
+ ALTERNATIVE "", __stringify(verw mds_verw_sel), X86_FEATURE_CLEAR_CPU_BUF
.endm
#else /* __ASSEMBLY__ */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 389/396] Revert "x86/bugs: Use fixed addressing for VERW operand"
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (387 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 388/396] x86/bugs: Use fixed addressing for VERW operand Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 390/396] usb: dwc3: pci: Drop duplicate ID Greg Kroah-Hartman
` (18 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Dave Hansen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dave Hansen <dave.hansen@linux.intel.com>
commit 532a0c57d7ff75e8f07d4e25cba4184989e2a241 upstream.
This was reverts commit 8009479ee919b9a91674f48050ccbff64eafedaa.
It was originally in x86/urgent, but was deemed wrong so got zapped.
But in the meantime, x86/urgent had been merged into x86/apic to
resolve a conflict. I didn't notice the merge so didn't zap it
from x86/apic and it managed to make it up with the x86/apic
material.
The reverted commit is known to cause some KASAN problems.
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/nospec-branch.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/include/asm/nospec-branch.h
+++ b/arch/x86/include/asm/nospec-branch.h
@@ -337,7 +337,7 @@
* Note: Only the memory operand variant of VERW clears the CPU buffers.
*/
.macro CLEAR_CPU_BUFFERS
- ALTERNATIVE "", __stringify(verw mds_verw_sel), X86_FEATURE_CLEAR_CPU_BUF
+ ALTERNATIVE "", __stringify(verw _ASM_RIP(mds_verw_sel)), X86_FEATURE_CLEAR_CPU_BUF
.endm
#else /* __ASSEMBLY__ */
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 390/396] usb: dwc3: pci: Drop duplicate ID
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (388 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 389/396] Revert "x86/bugs: Use fixed addressing for VERW operand" Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 391/396] scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Greg Kroah-Hartman
` (17 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable; +Cc: Greg Kroah-Hartman, patches, Heikki Krogerus, Thinh Nguyen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Heikki Krogerus <heikki.krogerus@linux.intel.com>
commit f121531703ae442edc1dde4b56803680628bc5b7 upstream.
Intel Arrow Lake CPU uses the Meteor Lake ID with this
controller (the controller that's part of the Intel Arrow
Lake chipset (PCH) does still have unique PCI ID).
Fixes: de4b5b28c87c ("usb: dwc3: pci: add support for the Intel Arrow Lake-H")
Signed-off-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Link: https://lore.kernel.org/r/20240312115008.1748637-1-heikki.krogerus@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/dwc3-pci.c | 2 --
1 file changed, 2 deletions(-)
--- a/drivers/usb/dwc3/dwc3-pci.c
+++ b/drivers/usb/dwc3/dwc3-pci.c
@@ -51,7 +51,6 @@
#define PCI_DEVICE_ID_INTEL_MTLP 0x7ec1
#define PCI_DEVICE_ID_INTEL_MTLS 0x7f6f
#define PCI_DEVICE_ID_INTEL_MTL 0x7e7e
-#define PCI_DEVICE_ID_INTEL_ARLH 0x7ec1
#define PCI_DEVICE_ID_INTEL_ARLH_PCH 0x777e
#define PCI_DEVICE_ID_INTEL_TGL 0x9a15
#define PCI_DEVICE_ID_AMD_MR 0x163a
@@ -423,7 +422,6 @@ static const struct pci_device_id dwc3_p
{ PCI_DEVICE_DATA(INTEL, MTLP, &dwc3_pci_intel_swnode) },
{ PCI_DEVICE_DATA(INTEL, MTL, &dwc3_pci_intel_swnode) },
{ PCI_DEVICE_DATA(INTEL, MTLS, &dwc3_pci_intel_swnode) },
- { PCI_DEVICE_DATA(INTEL, ARLH, &dwc3_pci_intel_swnode) },
{ PCI_DEVICE_DATA(INTEL, ARLH_PCH, &dwc3_pci_intel_swnode) },
{ PCI_DEVICE_DATA(INTEL, TGL, &dwc3_pci_intel_swnode) },
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 391/396] scsi: lpfc: Correct size for cmdwqe/rspwqe for memset()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (389 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 390/396] usb: dwc3: pci: Drop duplicate ID Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 392/396] scsi: lpfc: Correct size for wqe " Greg Kroah-Hartman
` (16 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Usama Anjum, Justin Tee,
Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muhammad Usama Anjum <usama.anjum@collabora.com>
commit 16cc2ba71b9f6440805aef7f92ba0f031f79b765 upstream.
The cmdwqe and rspwqe are of type lpfc_wqe128. They should be memset() with
the same type.
Fixes: 61910d6a5243 ("scsi: lpfc: SLI path split: Refactor CT paths")
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/r/20240304091119.847060-1-usama.anjum@collabora.com
Reviewed-by: Justin Tee <justin.tee@broadcom.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_bsg.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/drivers/scsi/lpfc/lpfc_bsg.c
+++ b/drivers/scsi/lpfc/lpfc_bsg.c
@@ -3169,10 +3169,10 @@ lpfc_bsg_diag_loopback_run(struct bsg_jo
}
cmdwqe = &cmdiocbq->wqe;
- memset(cmdwqe, 0, sizeof(union lpfc_wqe));
+ memset(cmdwqe, 0, sizeof(*cmdwqe));
if (phba->sli_rev < LPFC_SLI_REV4) {
rspwqe = &rspiocbq->wqe;
- memset(rspwqe, 0, sizeof(union lpfc_wqe));
+ memset(rspwqe, 0, sizeof(*rspwqe));
}
INIT_LIST_HEAD(&head);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 392/396] scsi: lpfc: Correct size for wqe for memset()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (390 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 391/396] scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 393/396] scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Greg Kroah-Hartman
` (15 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Muhammad Usama Anjum,
AngeloGioacchino Del Regno, Justin Tee, Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Muhammad Usama Anjum <usama.anjum@collabora.com>
commit 28d41991182c210ec1654f8af2e140ef4cc73f20 upstream.
The wqe is of type lpfc_wqe128. It should be memset with the same type.
Fixes: 6c621a2229b0 ("scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context")
Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com>
Link: https://lore.kernel.org/r/20240304090649.833953-1-usama.anjum@collabora.com
Reviewed-by: AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com>
Reviewed-by: Justin Tee <justintee8345@gmail.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/lpfc/lpfc_nvmet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -1586,7 +1586,7 @@ lpfc_nvmet_setup_io_context(struct lpfc_
wqe = &nvmewqe->wqe;
/* Initialize WQE */
- memset(wqe, 0, sizeof(union lpfc_wqe));
+ memset(wqe, 0, sizeof(*wqe));
ctx_buf->iocbq->cmd_dmabuf = NULL;
spin_lock(&phba->sli4_hba.sgl_list_lock);
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 393/396] scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type()
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (391 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 392/396] scsi: lpfc: Correct size for wqe " Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 394/396] scsi: libsas: Fix disk not being scanned in after being removed Greg Kroah-Hartman
` (14 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, John Garry, Xingui Yang,
Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xingui Yang <yangxingui@huawei.com>
commit a57345279fd311ba679b8083feb0eec5272c7729 upstream.
Add a helper to get attached_sas_addr and device type from disc_resp.
Suggested-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Xingui Yang <yangxingui@huawei.com>
Link: https://lore.kernel.org/r/20240307141413.48049-2-yangxingui@huawei.com
Reviewed-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/libsas/sas_expander.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -1621,6 +1621,16 @@ out_err:
/* ---------- Domain revalidation ---------- */
+static void sas_get_sas_addr_and_dev_type(struct smp_disc_resp *disc_resp,
+ u8 *sas_addr,
+ enum sas_device_type *type)
+{
+ memcpy(sas_addr, disc_resp->disc.attached_sas_addr, SAS_ADDR_SIZE);
+ *type = to_dev_type(&disc_resp->disc);
+ if (*type == SAS_PHY_UNUSED)
+ memset(sas_addr, 0, SAS_ADDR_SIZE);
+}
+
static int sas_get_phy_discover(struct domain_device *dev,
int phy_id, struct smp_disc_resp *disc_resp)
{
@@ -1674,13 +1684,8 @@ int sas_get_phy_attached_dev(struct doma
return -ENOMEM;
res = sas_get_phy_discover(dev, phy_id, disc_resp);
- if (res == 0) {
- memcpy(sas_addr, disc_resp->disc.attached_sas_addr,
- SAS_ADDR_SIZE);
- *type = to_dev_type(&disc_resp->disc);
- if (*type == 0)
- memset(sas_addr, 0, SAS_ADDR_SIZE);
- }
+ if (res == 0)
+ sas_get_sas_addr_and_dev_type(disc_resp, sas_addr, type);
kfree(disc_resp);
return res;
}
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 394/396] scsi: libsas: Fix disk not being scanned in after being removed
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (392 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 393/396] scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 395/396] x86/sev: Skip ROM range scans and validation for SEV-SNP guests Greg Kroah-Hartman
` (13 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Xingui Yang, John Garry,
Martin K. Petersen
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Xingui Yang <yangxingui@huawei.com>
commit 8e68a458bcf5b5cb9c3624598bae28f08251601f upstream.
As of commit d8649fc1c5e4 ("scsi: libsas: Do discovery on empty PHY to
update PHY info"), do discovery will send a new SMP_DISCOVER and update
phy->phy_change_count. We found that if the disk is reconnected and phy
change_count changes at this time, the disk scanning process will not be
triggered.
Therefore, call sas_set_ex_phy() to update the PHY info with the results of
the last query. And because the previous phy info will be used when calling
sas_unregister_devs_sas_addr(), sas_unregister_devs_sas_addr() should be
called before sas_set_ex_phy().
Fixes: d8649fc1c5e4 ("scsi: libsas: Do discovery on empty PHY to update PHY info")
Signed-off-by: Xingui Yang <yangxingui@huawei.com>
Link: https://lore.kernel.org/r/20240307141413.48049-3-yangxingui@huawei.com
Reviewed-by: John Garry <john.g.garry@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/libsas/sas_expander.c | 32 ++++++++++++++++++++++----------
1 file changed, 22 insertions(+), 10 deletions(-)
--- a/drivers/scsi/libsas/sas_expander.c
+++ b/drivers/scsi/libsas/sas_expander.c
@@ -1945,6 +1945,7 @@ static int sas_rediscover_dev(struct dom
struct expander_device *ex = &dev->ex_dev;
struct ex_phy *phy = &ex->ex_phy[phy_id];
enum sas_device_type type = SAS_PHY_UNUSED;
+ struct smp_disc_resp *disc_resp;
u8 sas_addr[SAS_ADDR_SIZE];
char msg[80] = "";
int res;
@@ -1956,33 +1957,41 @@ static int sas_rediscover_dev(struct dom
SAS_ADDR(dev->sas_addr), phy_id, msg);
memset(sas_addr, 0, SAS_ADDR_SIZE);
- res = sas_get_phy_attached_dev(dev, phy_id, sas_addr, &type);
+ disc_resp = alloc_smp_resp(DISCOVER_RESP_SIZE);
+ if (!disc_resp)
+ return -ENOMEM;
+
+ res = sas_get_phy_discover(dev, phy_id, disc_resp);
switch (res) {
case SMP_RESP_NO_PHY:
phy->phy_state = PHY_NOT_PRESENT;
sas_unregister_devs_sas_addr(dev, phy_id, last);
- return res;
+ goto out_free_resp;
case SMP_RESP_PHY_VACANT:
phy->phy_state = PHY_VACANT;
sas_unregister_devs_sas_addr(dev, phy_id, last);
- return res;
+ goto out_free_resp;
case SMP_RESP_FUNC_ACC:
break;
case -ECOMM:
break;
default:
- return res;
+ goto out_free_resp;
}
+ if (res == 0)
+ sas_get_sas_addr_and_dev_type(disc_resp, sas_addr, &type);
+
if ((SAS_ADDR(sas_addr) == 0) || (res == -ECOMM)) {
phy->phy_state = PHY_EMPTY;
sas_unregister_devs_sas_addr(dev, phy_id, last);
/*
- * Even though the PHY is empty, for convenience we discover
- * the PHY to update the PHY info, like negotiated linkrate.
+ * Even though the PHY is empty, for convenience we update
+ * the PHY info, like negotiated linkrate.
*/
- sas_ex_phy_discover(dev, phy_id);
- return res;
+ if (res == 0)
+ sas_set_ex_phy(dev, phy_id, disc_resp);
+ goto out_free_resp;
} else if (SAS_ADDR(sas_addr) == SAS_ADDR(phy->attached_sas_addr) &&
dev_type_flutter(type, phy->attached_dev_type)) {
struct domain_device *ata_dev = sas_ex_to_ata(dev, phy_id);
@@ -1994,7 +2003,7 @@ static int sas_rediscover_dev(struct dom
action = ", needs recovery";
pr_debug("ex %016llx phy%02d broadcast flutter%s\n",
SAS_ADDR(dev->sas_addr), phy_id, action);
- return res;
+ goto out_free_resp;
}
/* we always have to delete the old device when we went here */
@@ -2003,7 +2012,10 @@ static int sas_rediscover_dev(struct dom
SAS_ADDR(phy->attached_sas_addr));
sas_unregister_devs_sas_addr(dev, phy_id, last);
- return sas_discover_new(dev, phy_id);
+ res = sas_discover_new(dev, phy_id);
+out_free_resp:
+ kfree(disc_resp);
+ return res;
}
/**
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 395/396] x86/sev: Skip ROM range scans and validation for SEV-SNP guests
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (393 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 394/396] scsi: libsas: Fix disk not being scanned in after being removed Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 396/396] tools/resolve_btfids: fix build with musl libc Greg Kroah-Hartman
` (12 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Kevin Loughlin,
Borislav Petkov (AMD), stable
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kevin Loughlin <kevinloughlin@google.com>
commit 0f4a1e80989aca185d955fcd791d7750082044a2 upstream.
SEV-SNP requires encrypted memory to be validated before access.
Because the ROM memory range is not part of the e820 table, it is not
pre-validated by the BIOS. Therefore, if a SEV-SNP guest kernel wishes
to access this range, the guest must first validate the range.
The current SEV-SNP code does indeed scan the ROM range during early
boot and thus attempts to validate the ROM range in probe_roms().
However, this behavior is neither sufficient nor necessary for the
following reasons:
* With regards to sufficiency, if EFI_CONFIG_TABLES are not enabled and
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK is set, the kernel will
attempt to access the memory at SMBIOS_ENTRY_POINT_SCAN_START (which
falls in the ROM range) prior to validation.
For example, Project Oak Stage 0 provides a minimal guest firmware
that currently meets these configuration conditions, meaning guests
booting atop Oak Stage 0 firmware encounter a problematic call chain
during dmi_setup() -> dmi_scan_machine() that results in a crash
during boot if SEV-SNP is enabled.
* With regards to necessity, SEV-SNP guests generally read garbage
(which changes across boots) from the ROM range, meaning these scans
are unnecessary. The guest reads garbage because the legacy ROM range
is unencrypted data but is accessed via an encrypted PMD during early
boot (where the PMD is marked as encrypted due to potentially mapping
actually-encrypted data in other PMD-contained ranges).
In one exceptional case, EISA probing treats the ROM range as
unencrypted data, which is inconsistent with other probing.
Continuing to allow SEV-SNP guests to use garbage and to inconsistently
classify ROM range encryption status can trigger undesirable behavior.
For instance, if garbage bytes appear to be a valid signature, memory
may be unnecessarily reserved for the ROM range. Future code or other
use cases may result in more problematic (arbitrary) behavior that
should be avoided.
While one solution would be to overhaul the early PMD mapping to always
treat the ROM region of the PMD as unencrypted, SEV-SNP guests do not
currently rely on data from the ROM region during early boot (and even
if they did, they would be mostly relying on garbage data anyways).
As a simpler solution, skip the ROM range scans (and the otherwise-
necessary range validation) during SEV-SNP guest early boot. The
potential SEV-SNP guest crash due to lack of ROM range validation is
thus avoided by simply not accessing the ROM range.
In most cases, skip the scans by overriding problematic x86_init
functions during sme_early_init() to SNP-safe variants, which can be
likened to x86_init overrides done for other platforms (ex: Xen); such
overrides also avoid the spread of cc_platform_has() checks throughout
the tree.
In the exceptional EISA case, still use cc_platform_has() for the
simplest change, given (1) checks for guest type (ex: Xen domain status)
are already performed here, and (2) these checks occur in a subsys
initcall instead of an x86_init function.
[ bp: Massage commit message, remove "we"s. ]
Fixes: 9704c07bf9f7 ("x86/kernel: Validate ROM memory before accessing when SEV-SNP is active")
Signed-off-by: Kevin Loughlin <kevinloughlin@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20240313121546.2964854-1-kevinloughlin@google.com
Signed-off-by: Kevin Loughlin <kevinloughlin@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/include/asm/sev.h | 4 ++--
arch/x86/include/asm/x86_init.h | 3 ++-
arch/x86/kernel/eisa.c | 3 ++-
arch/x86/kernel/probe_roms.c | 10 ----------
arch/x86/kernel/setup.c | 3 +--
arch/x86/kernel/sev.c | 27 ++++++++++++---------------
arch/x86/kernel/x86_init.c | 2 ++
arch/x86/mm/mem_encrypt_amd.c | 18 ++++++++++++++++++
8 files changed, 39 insertions(+), 31 deletions(-)
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -203,12 +203,12 @@ void __init early_snp_set_memory_private
unsigned long npages);
void __init early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr,
unsigned long npages);
-void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op);
void snp_set_memory_shared(unsigned long vaddr, unsigned long npages);
void snp_set_memory_private(unsigned long vaddr, unsigned long npages);
void snp_set_wakeup_secondary_cpu(void);
bool snp_init(struct boot_params *bp);
void __init __noreturn snp_abort(void);
+void snp_dmi_setup(void);
int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio);
void snp_accept_memory(phys_addr_t start, phys_addr_t end);
u64 snp_get_unsupported_features(u64 status);
@@ -227,12 +227,12 @@ static inline void __init
early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned long npages) { }
static inline void __init
early_snp_set_memory_shared(unsigned long vaddr, unsigned long paddr, unsigned long npages) { }
-static inline void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op) { }
static inline void snp_set_memory_shared(unsigned long vaddr, unsigned long npages) { }
static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npages) { }
static inline void snp_set_wakeup_secondary_cpu(void) { }
static inline bool snp_init(struct boot_params *bp) { return false; }
static inline void snp_abort(void) { }
+static inline void snp_dmi_setup(void) { }
static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio)
{
return -ENOTTY;
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -30,12 +30,13 @@ struct x86_init_mpparse {
* @reserve_resources: reserve the standard resources for the
* platform
* @memory_setup: platform specific memory setup
- *
+ * @dmi_setup: platform specific DMI setup
*/
struct x86_init_resources {
void (*probe_roms)(void);
void (*reserve_resources)(void);
char *(*memory_setup)(void);
+ void (*dmi_setup)(void);
};
/**
--- a/arch/x86/kernel/eisa.c
+++ b/arch/x86/kernel/eisa.c
@@ -2,6 +2,7 @@
/*
* EISA specific code
*/
+#include <linux/cc_platform.h>
#include <linux/ioport.h>
#include <linux/eisa.h>
#include <linux/io.h>
@@ -12,7 +13,7 @@ static __init int eisa_bus_probe(void)
{
void __iomem *p;
- if (xen_pv_domain() && !xen_initial_domain())
+ if ((xen_pv_domain() && !xen_initial_domain()) || cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
return 0;
p = ioremap(0x0FFFD9, 4);
--- a/arch/x86/kernel/probe_roms.c
+++ b/arch/x86/kernel/probe_roms.c
@@ -203,16 +203,6 @@ void __init probe_roms(void)
unsigned char c;
int i;
- /*
- * The ROM memory range is not part of the e820 table and is therefore not
- * pre-validated by BIOS. The kernel page table maps the ROM region as encrypted
- * memory, and SNP requires encrypted memory to be validated before access.
- * Do that here.
- */
- snp_prep_memory(video_rom_resource.start,
- ((system_rom_resource.end + 1) - video_rom_resource.start),
- SNP_PAGE_STATE_PRIVATE);
-
/* video rom */
upper = adapter_rom_resources[0].start;
for (start = video_rom_resource.start; start < upper; start += 2048) {
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -9,7 +9,6 @@
#include <linux/console.h>
#include <linux/crash_dump.h>
#include <linux/dma-map-ops.h>
-#include <linux/dmi.h>
#include <linux/efi.h>
#include <linux/ima.h>
#include <linux/init_ohci1394_dma.h>
@@ -1029,7 +1028,7 @@ void __init setup_arch(char **cmdline_p)
efi_init();
reserve_ibft_region();
- dmi_setup();
+ x86_init.resources.dmi_setup();
/*
* VMware detection requires dmi to be available, so this
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -23,6 +23,7 @@
#include <linux/platform_device.h>
#include <linux/io.h>
#include <linux/psp-sev.h>
+#include <linux/dmi.h>
#include <uapi/linux/sev-guest.h>
#include <asm/cpu_entry_area.h>
@@ -774,21 +775,6 @@ void __init early_snp_set_memory_shared(
early_set_pages_state(vaddr, paddr, npages, SNP_PAGE_STATE_SHARED);
}
-void __init snp_prep_memory(unsigned long paddr, unsigned int sz, enum psc_op op)
-{
- unsigned long vaddr, npages;
-
- vaddr = (unsigned long)__va(paddr);
- npages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
-
- if (op == SNP_PAGE_STATE_PRIVATE)
- early_snp_set_memory_private(vaddr, paddr, npages);
- else if (op == SNP_PAGE_STATE_SHARED)
- early_snp_set_memory_shared(vaddr, paddr, npages);
- else
- WARN(1, "invalid memory op %d\n", op);
-}
-
static unsigned long __set_pages_state(struct snp_psc_desc *data, unsigned long vaddr,
unsigned long vaddr_end, int op)
{
@@ -2112,6 +2098,17 @@ void __init __noreturn snp_abort(void)
sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
}
+/*
+ * SEV-SNP guests should only execute dmi_setup() if EFI_CONFIG_TABLES are
+ * enabled, as the alternative (fallback) logic for DMI probing in the legacy
+ * ROM region can cause a crash since this region is not pre-validated.
+ */
+void __init snp_dmi_setup(void)
+{
+ if (efi_enabled(EFI_CONFIG_TABLES))
+ dmi_setup();
+}
+
static void dump_cpuid_table(void)
{
const struct snp_cpuid_table *cpuid_table = snp_cpuid_get_table();
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -3,6 +3,7 @@
*
* For licencing details see kernel-base/COPYING
*/
+#include <linux/dmi.h>
#include <linux/init.h>
#include <linux/ioport.h>
#include <linux/export.h>
@@ -66,6 +67,7 @@ struct x86_init_ops x86_init __initdata
.probe_roms = probe_roms,
.reserve_resources = reserve_standard_io_resources,
.memory_setup = e820__memory_setup_default,
+ .dmi_setup = dmi_setup,
},
.mpparse = {
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -528,6 +528,24 @@ void __init sme_early_init(void)
*/
if (sev_status & MSR_AMD64_SEV_ENABLED)
ia32_disable();
+
+ /*
+ * Override init functions that scan the ROM region in SEV-SNP guests,
+ * as this memory is not pre-validated and would thus cause a crash.
+ */
+ if (sev_status & MSR_AMD64_SEV_SNP_ENABLED) {
+ x86_init.mpparse.find_smp_config = x86_init_noop;
+ x86_init.pci.init_irq = x86_init_noop;
+ x86_init.resources.probe_roms = x86_init_noop;
+
+ /*
+ * DMI setup behavior for SEV-SNP guests depends on
+ * efi_enabled(EFI_CONFIG_TABLES), which hasn't been
+ * parsed yet. snp_dmi_setup() will run after that
+ * parsing has happened.
+ */
+ x86_init.resources.dmi_setup = snp_dmi_setup;
+ }
}
void __init mem_encrypt_free_decrypted_mem(void)
^ permalink raw reply [flat|nested] 414+ messages in thread
* [PATCH 6.6 396/396] tools/resolve_btfids: fix build with musl libc
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (394 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 395/396] x86/sev: Skip ROM range scans and validation for SEV-SNP guests Greg Kroah-Hartman
@ 2024-04-01 15:47 ` Greg Kroah-Hartman
2024-04-01 18:27 ` [PATCH 6.6 000/396] 6.6.24-rc1 review SeongJae Park
` (11 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-01 15:47 UTC (permalink / raw
To: stable
Cc: Greg Kroah-Hartman, patches, Natanael Copa, Greg Thelen,
Alexei Starovoitov
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Natanael Copa <ncopa@alpinelinux.org>
commit 62248b22d01e96a4d669cde0d7005bd51ebf9e76 upstream.
Include the header that defines u32.
This fixes build of 6.6.23 and 6.1.83 kernels for Alpine Linux, which
uses musl libc. I assume that GNU libc indirecly pulls in linux/types.h.
Fixes: 9707ac4fe2f5 ("tools/resolve_btfids: Refactor set sorting with types from btf_ids.h")
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218647
Cc: stable@vger.kernel.org
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Tested-by: Greg Thelen <gthelen@google.com>
Link: https://lore.kernel.org/r/20240328110103.28734-1-ncopa@alpinelinux.org
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/include/linux/btf_ids.h | 2 ++
1 file changed, 2 insertions(+)
--- a/tools/include/linux/btf_ids.h
+++ b/tools/include/linux/btf_ids.h
@@ -3,6 +3,8 @@
#ifndef _LINUX_BTF_IDS_H
#define _LINUX_BTF_IDS_H
+#include <linux/types.h> /* for u32 */
+
struct btf_id_set {
u32 cnt;
u32 ids[];
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (395 preceding siblings ...)
2024-04-01 15:47 ` [PATCH 6.6 396/396] tools/resolve_btfids: fix build with musl libc Greg Kroah-Hartman
@ 2024-04-01 18:27 ` SeongJae Park
2024-04-01 19:01 ` Naresh Kamboju
` (10 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: SeongJae Park @ 2024-04-01 18:27 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: SeongJae Park, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie, damon
Hello,
On Mon, 1 Apr 2024 17:40:49 +0200 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
This rc kernel passes DAMON functionality test[1] on my test machine.
Attaching the test results summary below. Please note that I retrieved the
kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park <sj@kernel.org>
[1] https://github.com/awslabs/damon-tests/tree/next/corr
[2] 75a2533b74d0 ("Linux 6.6.24-rc1")
Thanks,
SJ
[...]
---
ok 1 selftests: damon: debugfs_attrs.sh
ok 2 selftests: damon: debugfs_schemes.sh
ok 3 selftests: damon: debugfs_target_ids.sh
ok 4 selftests: damon: debugfs_empty_targets.sh
ok 5 selftests: damon: debugfs_huge_count_read_write.sh
ok 6 selftests: damon: debugfs_duplicate_context_creation.sh
ok 7 selftests: damon: debugfs_rm_non_contexts.sh
ok 8 selftests: damon: sysfs.sh
ok 9 selftests: damon: sysfs_update_removed_scheme_dir.sh
ok 10 selftests: damon: reclaim.sh
ok 11 selftests: damon: lru_sort.sh
ok 1 selftests: damon-tests: kunit.sh
ok 2 selftests: damon-tests: huge_count_read_write.sh
ok 3 selftests: damon-tests: buffer_overflow.sh
ok 4 selftests: damon-tests: rm_contexts.sh
ok 5 selftests: damon-tests: record_null_deref.sh
ok 6 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh
ok 7 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh
ok 8 selftests: damon-tests: damo_tests.sh
ok 9 selftests: damon-tests: masim-record.sh
ok 10 selftests: damon-tests: build_i386.sh
ok 11 selftests: damon-tests: build_arm64.sh
ok 12 selftests: damon-tests: build_m68k.sh
ok 13 selftests: damon-tests: build_i386_idle_flag.sh
ok 14 selftests: damon-tests: build_i386_highpte.sh
ok 15 selftests: damon-tests: build_nomemcg.sh
[33m
[92mPASS [39m
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (396 preceding siblings ...)
2024-04-01 18:27 ` [PATCH 6.6 000/396] 6.6.24-rc1 review SeongJae Park
@ 2024-04-01 19:01 ` Naresh Kamboju
2024-04-01 19:22 ` Alexander Wetzel
2024-04-01 20:34 ` Florian Fainelli
` (9 subsequent siblings)
407 siblings, 1 reply; 414+ messages in thread
From: Naresh Kamboju @ 2024-04-01 19:01 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
Alexander Wetzel, Bart Van Assche, Martin K. Petersen,
Arnd Bergmann, Anders Roxell, Dan Carpenter, LTP List
On Mon, 1 Apr 2024 at 22:06, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Following kernel warnings have been noticed on qemu-x86_64 while running LTP
cve ioctl_sg01 tests the kernel with stable-rc 6.6.24-rc1, 6.7.12-rc1 and
6.8.3-rc1.
We have started bi-secting this issue.
Always reproduced.
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg0
------------[ cut here ]------------
[ 36.606841] WARNING: CPU: 0 PID: 8 at drivers/scsi/sg.c:2237
sg_remove_sfp_usercontext+0x145/0x150
[ 36.609445] Modules linked in:
[ 36.610793] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.24-rc1 #1
[ 36.611568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 36.612872] Workqueue: events sg_remove_sfp_usercontext
[ 36.613691] RIP: 0010:sg_remove_sfp_usercontext+0x145/0x150
<trim>
[ 36.621539] Call Trace:
[ 36.621953] <TASK>
[ 36.622444] ? show_regs+0x69/0x80
[ 36.622819] ? __warn+0x8d/0x150
[ 36.623078] ? sg_remove_sfp_usercontext+0x145/0x150
[ 36.623558] ? report_bug+0x171/0x1a0
[ 36.623881] ? handle_bug+0x42/0x80
[ 36.624070] ? exc_invalid_op+0x1c/0x70
[ 36.624491] ? asm_exc_invalid_op+0x1f/0x30
[ 36.624897] ? sg_remove_sfp_usercontext+0x145/0x150
[ 36.625408] process_one_work+0x141/0x300
[ 36.625769] worker_thread+0x2f6/0x430
[ 36.626073] ? __pfx_worker_thread+0x10/0x10
[ 36.626529] kthread+0x105/0x140
[ 36.626778] ? __pfx_kthread+0x10/0x10
[ 36.627059] ret_from_fork+0x41/0x60
[ 36.627441] ? __pfx_kthread+0x10/0x10
[ 36.627735] ret_from_fork_asm+0x1b/0x30
[ 36.628293] </TASK>
[ 36.628604] ---[ end trace 0000000000000000 ]---
ioctl_sg01.c:122: TPASS: Output buffer is empty, no data leaked
Suspecting commit:
-----
scsi: sg: Avoid sg device teardown race
commit 27f58c04a8f438078583041468ec60597841284d upstream.
+ WARN_ON_ONCE(kref_read(&sdp->d_ref) != 1);
Steps to reproduce:
- https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2eVWFlAeOUepfeFVkrOXFYNNAqI/reproducer
Links:
- https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.6.y/build/v6.6.23-397-g75a2533b74d0/testrun/23255318/suite/log-parser-test/tests/
- https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2eVTitwVMagaiWhs5T2iKH390D5
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 19:01 ` Naresh Kamboju
@ 2024-04-01 19:22 ` Alexander Wetzel
2024-04-02 7:51 ` Greg Kroah-Hartman
2024-04-02 10:37 ` Dan Carpenter
0 siblings, 2 replies; 414+ messages in thread
From: Alexander Wetzel @ 2024-04-01 19:22 UTC (permalink / raw
To: Naresh Kamboju, Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
Bart Van Assche, Martin K. Petersen, Arnd Bergmann, Anders Roxell,
Dan Carpenter, LTP List
> Following kernel warnings have been noticed on qemu-x86_64 while running LTP
> cve ioctl_sg01 tests the kernel with stable-rc 6.6.24-rc1, 6.7.12-rc1 and
> 6.8.3-rc1.
>
> We have started bi-secting this issue.
> Always reproduced.
>
> Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
>
> ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg0
> ------------[ cut here ]------------
> [ 36.606841] WARNING: CPU: 0 PID: 8 at drivers/scsi/sg.c:2237
> sg_remove_sfp_usercontext+0x145/0x150
> [ 36.609445] Modules linked in:
> [ 36.610793] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.24-rc1 #1
> [ 36.611568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> [ 36.612872] Workqueue: events sg_remove_sfp_usercontext
> [ 36.613691] RIP: 0010:sg_remove_sfp_usercontext+0x145/0x150
>
> <trim>
>
> [ 36.621539] Call Trace:
> [ 36.621953] <TASK>
> [ 36.622444] ? show_regs+0x69/0x80
> [ 36.622819] ? __warn+0x8d/0x150
> [ 36.623078] ? sg_remove_sfp_usercontext+0x145/0x150
> [ 36.623558] ? report_bug+0x171/0x1a0
> [ 36.623881] ? handle_bug+0x42/0x80
> [ 36.624070] ? exc_invalid_op+0x1c/0x70
> [ 36.624491] ? asm_exc_invalid_op+0x1f/0x30
> [ 36.624897] ? sg_remove_sfp_usercontext+0x145/0x150
> [ 36.625408] process_one_work+0x141/0x300
> [ 36.625769] worker_thread+0x2f6/0x430
> [ 36.626073] ? __pfx_worker_thread+0x10/0x10
> [ 36.626529] kthread+0x105/0x140
> [ 36.626778] ? __pfx_kthread+0x10/0x10
> [ 36.627059] ret_from_fork+0x41/0x60
> [ 36.627441] ? __pfx_kthread+0x10/0x10
> [ 36.627735] ret_from_fork_asm+0x1b/0x30
> [ 36.628293] </TASK>
> [ 36.628604] ---[ end trace 0000000000000000 ]---
> ioctl_sg01.c:122: TPASS: Output buffer is empty, no data leaked
>
> Suspecting commit:
> -----
> scsi: sg: Avoid sg device teardown race
> commit 27f58c04a8f438078583041468ec60597841284d upstream.
>
Correct. The issue is already been worked on.
commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") fixed a
real issue. But also added an incorrect WARN_ON_ONCE(). Thus the scary -
but otherwise harmless - error message.
Current patch fixing the broken commit is proposed here:
https://lore.kernel.org/all/20240401191038.18359-1-Alexander@wetzel-home.de/
Sorry for the trouble,
Alexander
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (397 preceding siblings ...)
2024-04-01 19:01 ` Naresh Kamboju
@ 2024-04-01 20:34 ` Florian Fainelli
2024-04-01 23:40 ` Shuah Khan
` (8 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Florian Fainelli @ 2024-04-01 20:34 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, sudipm.mukherjee, srw, rwarsow,
conor, allen.lkml, broonie
On 4/1/24 08:40, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
On ARCH_BRCMSTB using 32-bit and 64-bit ARM kernels, build tested on
BMIPS_GENERIC:
Tested-by: Florian Fainelli <florian.fainelli@broadcom.com>
--
Florian
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (398 preceding siblings ...)
2024-04-01 20:34 ` Florian Fainelli
@ 2024-04-01 23:40 ` Shuah Khan
2024-04-02 0:15 ` Kelsey Steele
` (7 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Shuah Khan @ 2024-04-01 23:40 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie, Shuah Khan
On 4/1/24 09:40, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (399 preceding siblings ...)
2024-04-01 23:40 ` Shuah Khan
@ 2024-04-02 0:15 ` Kelsey Steele
2024-04-02 2:59 ` Harshit Mogalapalli
` (6 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Kelsey Steele @ 2024-04-02 0:15 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
On Mon, Apr 01, 2024 at 05:40:49PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
No regressions found on WSL (x86 and arm64).
Built, booted, and reviewed dmesg.
Thank you. :)
Tested-by: Kelsey Steele <kelseysteele@linux.microsoft.com>
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (400 preceding siblings ...)
2024-04-02 0:15 ` Kelsey Steele
@ 2024-04-02 2:59 ` Harshit Mogalapalli
2024-04-02 5:13 ` Ron Economos
` (5 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Harshit Mogalapalli @ 2024-04-02 2:59 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie, Vegard Nossum, Darren Kenny
Hi Greg,
On 01/04/24 21:10, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
No problems seen on x86_64 and aarch64 with our testing.
Tested-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Thanks,
Harshit
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
> ----
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (401 preceding siblings ...)
2024-04-02 2:59 ` Harshit Mogalapalli
@ 2024-04-02 5:13 ` Ron Economos
2024-04-02 9:18 ` Naresh Kamboju
` (4 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Ron Economos @ 2024-04-02 5:13 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, broonie
On 4/1/24 8:40 AM, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Built and booted successfully on RISC-V RV64 (HiFive Unmatched).
Tested-by: Ron Economos <re@w6rz.net>
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 19:22 ` Alexander Wetzel
@ 2024-04-02 7:51 ` Greg Kroah-Hartman
2024-04-02 10:37 ` Dan Carpenter
1 sibling, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-02 7:51 UTC (permalink / raw
To: Alexander Wetzel
Cc: Naresh Kamboju, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
Bart Van Assche, Martin K. Petersen, Arnd Bergmann, Anders Roxell,
Dan Carpenter, LTP List
On Mon, Apr 01, 2024 at 09:22:52PM +0200, Alexander Wetzel wrote:
>
> > Following kernel warnings have been noticed on qemu-x86_64 while running LTP
> > cve ioctl_sg01 tests the kernel with stable-rc 6.6.24-rc1, 6.7.12-rc1 and
> > 6.8.3-rc1.
> >
> > We have started bi-secting this issue.
> > Always reproduced.
> >
> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> >
> > ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg0
> > ------------[ cut here ]------------
> > [ 36.606841] WARNING: CPU: 0 PID: 8 at drivers/scsi/sg.c:2237
> > sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.609445] Modules linked in:
> > [ 36.610793] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.24-rc1 #1
> > [ 36.611568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> > BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> > [ 36.612872] Workqueue: events sg_remove_sfp_usercontext
> > [ 36.613691] RIP: 0010:sg_remove_sfp_usercontext+0x145/0x150
> >
> > <trim>
> >
> > [ 36.621539] Call Trace:
> > [ 36.621953] <TASK>
> > [ 36.622444] ? show_regs+0x69/0x80
> > [ 36.622819] ? __warn+0x8d/0x150
> > [ 36.623078] ? sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.623558] ? report_bug+0x171/0x1a0
> > [ 36.623881] ? handle_bug+0x42/0x80
> > [ 36.624070] ? exc_invalid_op+0x1c/0x70
> > [ 36.624491] ? asm_exc_invalid_op+0x1f/0x30
> > [ 36.624897] ? sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.625408] process_one_work+0x141/0x300
> > [ 36.625769] worker_thread+0x2f6/0x430
> > [ 36.626073] ? __pfx_worker_thread+0x10/0x10
> > [ 36.626529] kthread+0x105/0x140
> > [ 36.626778] ? __pfx_kthread+0x10/0x10
> > [ 36.627059] ret_from_fork+0x41/0x60
> > [ 36.627441] ? __pfx_kthread+0x10/0x10
> > [ 36.627735] ret_from_fork_asm+0x1b/0x30
> > [ 36.628293] </TASK>
> > [ 36.628604] ---[ end trace 0000000000000000 ]---
> > ioctl_sg01.c:122: TPASS: Output buffer is empty, no data leaked
> >
> > Suspecting commit:
> > -----
> > scsi: sg: Avoid sg device teardown race
> > commit 27f58c04a8f438078583041468ec60597841284d upstream.
> >
>
> Correct. The issue is already been worked on.
>
> commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") fixed a real
> issue. But also added an incorrect WARN_ON_ONCE(). Thus the scary - but
> otherwise harmless - error message.
>
> Current patch fixing the broken commit is proposed here:
> https://lore.kernel.org/all/20240401191038.18359-1-Alexander@wetzel-home.de/
I will drop the offending commit from all queues now, thanks.
greg k-h
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff()
2024-04-01 15:42 ` [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff() Greg Kroah-Hartman
@ 2024-04-02 7:54 ` Ryan Roberts
0 siblings, 0 replies; 414+ messages in thread
From: Ryan Roberts @ 2024-04-02 7:54 UTC (permalink / raw
To: Greg Kroah-Hartman, stable
Cc: patches, David Hildenbrand, Huang, Ying, Andrew Morton,
Sasha Levin
On 01/04/2024 16:42, Greg Kroah-Hartman wrote:
> 6.6-stable review patch. If anyone has any objections, please let me know.
LGTM!
>
> ------------------
>
> From: Ryan Roberts <ryan.roberts@arm.com>
>
> [ Upstream commit 82b1c07a0af603e3c47b906c8e991dc96f01688e ]
>
> There was previously a theoretical window where swapoff() could run and
> teardown a swap_info_struct while a call to free_swap_and_cache() was
> running in another thread. This could cause, amongst other bad
> possibilities, swap_page_trans_huge_swapped() (called by
> free_swap_and_cache()) to access the freed memory for swap_map.
>
> This is a theoretical problem and I haven't been able to provoke it from a
> test case. But there has been agreement based on code review that this is
> possible (see link below).
>
> Fix it by using get_swap_device()/put_swap_device(), which will stall
> swapoff(). There was an extra check in _swap_info_get() to confirm that
> the swap entry was not free. This isn't present in get_swap_device()
> because it doesn't make sense in general due to the race between getting
> the reference and swapoff. So I've added an equivalent check directly in
> free_swap_and_cache().
>
> Details of how to provoke one possible issue (thanks to David Hildenbrand
> for deriving this):
>
> --8<-----
>
> __swap_entry_free() might be the last user and result in
> "count == SWAP_HAS_CACHE".
>
> swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0.
>
> So the question is: could someone reclaim the folio and turn
> si->inuse_pages==0, before we completed swap_page_trans_huge_swapped().
>
> Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are
> still references by swap entries.
>
> Process 1 still references subpage 0 via swap entry.
> Process 2 still references subpage 1 via swap entry.
>
> Process 1 quits. Calls free_swap_and_cache().
> -> count == SWAP_HAS_CACHE
> [then, preempted in the hypervisor etc.]
>
> Process 2 quits. Calls free_swap_and_cache().
> -> count == SWAP_HAS_CACHE
>
> Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls
> __try_to_reclaim_swap().
>
> __try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->
> put_swap_folio()->free_swap_slot()->swapcache_free_entries()->
> swap_entry_free()->swap_range_free()->
> ...
> WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
>
> What stops swapoff to succeed after process 2 reclaimed the swap cache
> but before process1 finished its call to swap_page_trans_huge_swapped()?
>
> --8<-----
>
> Link: https://lkml.kernel.org/r/20240306140356.3974886-1-ryan.roberts@arm.com
> Fixes: 7c00bafee87c ("mm/swap: free swap slots in batch")
> Closes: https://lore.kernel.org/linux-mm/65a66eb9-41f8-4790-8db2-0c70ea15979f@redhat.com/
> Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
> Cc: David Hildenbrand <david@redhat.com>
> Cc: "Huang, Ying" <ying.huang@intel.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Sasha Levin <sashal@kernel.org>
> ---
> mm/swapfile.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/mm/swapfile.c b/mm/swapfile.c
> index 750314fff0c46..eada1351753e3 100644
> --- a/mm/swapfile.c
> +++ b/mm/swapfile.c
> @@ -1226,6 +1226,11 @@ static unsigned char __swap_entry_free_locked(struct swap_info_struct *p,
> * with get_swap_device() and put_swap_device(), unless the swap
> * functions call get/put_swap_device() by themselves.
> *
> + * Note that when only holding the PTL, swapoff might succeed immediately
> + * after freeing a swap entry. Therefore, immediately after
> + * __swap_entry_free(), the swap info might become stale and should not
> + * be touched without a prior get_swap_device().
> + *
> * Check whether swap entry is valid in the swap device. If so,
> * return pointer to swap_info_struct, and keep the swap entry valid
> * via preventing the swap device from being swapoff, until
> @@ -1603,13 +1608,19 @@ int free_swap_and_cache(swp_entry_t entry)
> if (non_swap_entry(entry))
> return 1;
>
> - p = _swap_info_get(entry);
> + p = get_swap_device(entry);
> if (p) {
> + if (WARN_ON(data_race(!p->swap_map[swp_offset(entry)]))) {
> + put_swap_device(p);
> + return 0;
> + }
> +
> count = __swap_entry_free(p, entry);
> if (count == SWAP_HAS_CACHE &&
> !swap_page_trans_huge_swapped(p, entry))
> __try_to_reclaim_swap(p, swp_offset(entry),
> TTRS_UNMAPPED | TTRS_FULL);
> + put_swap_device(p);
> }
> return p != NULL;
> }
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (402 preceding siblings ...)
2024-04-02 5:13 ` Ron Economos
@ 2024-04-02 9:18 ` Naresh Kamboju
2024-04-02 11:32 ` Takeshi Ogasawara
` (3 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Naresh Kamboju @ 2024-04-02 9:18 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
Anders Roxell, Bartosz Golaszewski, Stefan Wahren, Kent Gibson,
Linus Walleij, open list:GPIO SUBSYSTEM
On Mon, 1 Apr 2024 at 22:06, Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
Results from Linaro’s test farm.
Regressions on arm64, arm, x86_64, and i386 with libgpiod tests.
libgpiod test regressions noticed on Linux stable-rc 6.8, 6.7 and 6.6
and Linux next and mainline master.
Anders bisected and found this first bad commit,
gpio: cdev: sanitize the label before requesting the interrupt
commit b34490879baa847d16fc529c8ea6e6d34f004b38 upstream.
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
LKFT is running libgpiod test suite version
v2.0.1-0-gae275c3 (and also tested v2.1)
libgpiod
- _gpiod_edge-event_edge_event_wait_timeout
- _gpiod_edge-event_event_copy
- _gpiod_edge-event_null_buffer
- _gpiod_edge-event_read_both_events
- _gpiod_edge-event_read_both_events_blocking
- _gpiod_edge-event_read_falling_edge_event
- _gpiod_edge-event_read_rising_edge_event
- _gpiod_edge-event_read_rising_edge_event_polled
- _gpiod_edge-event_reading_more_events_than_the_queue_contains_doesnt_block
- _gpiod_edge-event_seqno
- _gpiod_line-info_edge_detection_settings
Test log:
-------
ok 16 /gpiod/edge-event/edge_event_buffer_max_capacity
**
gpiod-test:ERROR:tests-edge-event.c:52:_gpiod_test_func_edge_event_wait_timeout:
'_request' should not be NULL
# gpiod-test:ERROR:tests-edge-event.c:52:_gpiod_test_func_edge_event_wait_timeout:
'_request' should not be NULL
not ok 17 /gpiod/edge-event/edge_event_wait_timeout
ok 18 /gpiod/edge-event/cannot_request_lines_in_output_mode_with_edge_detection
**
gpiod-test:ERROR:tests-edge-event.c:125:_gpiod_test_func_read_both_events:
'_request' should not be NULL
# gpiod-test:ERROR:tests-edge-event.c:125:_gpiod_test_func_read_both_events:
'_request' should not be NULL
not ok 19 /gpiod/edge-event/read_both_events
Links:
- https://qa-reports.linaro.org/lkft/linux-stable-rc-linux-6.6.y/build/v6.6.23-397-g75a2533b74d0/testrun/23254910/suite/libgpiod/tests/
--
Linaro LKFT
https://lkft.linaro.org
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 19:22 ` Alexander Wetzel
2024-04-02 7:51 ` Greg Kroah-Hartman
@ 2024-04-02 10:37 ` Dan Carpenter
2024-04-02 11:44 ` Greg Kroah-Hartman
1 sibling, 1 reply; 414+ messages in thread
From: Dan Carpenter @ 2024-04-02 10:37 UTC (permalink / raw
To: Alexander Wetzel
Cc: Naresh Kamboju, Greg Kroah-Hartman, stable, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor,
allen.lkml, broonie, Bart Van Assche, Martin K. Petersen,
Arnd Bergmann, Anders Roxell, LTP List
On Mon, Apr 01, 2024 at 09:22:52PM +0200, Alexander Wetzel wrote:
>
> > Following kernel warnings have been noticed on qemu-x86_64 while running LTP
> > cve ioctl_sg01 tests the kernel with stable-rc 6.6.24-rc1, 6.7.12-rc1 and
> > 6.8.3-rc1.
> >
> > We have started bi-secting this issue.
> > Always reproduced.
> >
> > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> >
> > ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg0
> > ------------[ cut here ]------------
> > [ 36.606841] WARNING: CPU: 0 PID: 8 at drivers/scsi/sg.c:2237
> > sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.609445] Modules linked in:
> > [ 36.610793] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.24-rc1 #1
> > [ 36.611568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> > BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> > [ 36.612872] Workqueue: events sg_remove_sfp_usercontext
> > [ 36.613691] RIP: 0010:sg_remove_sfp_usercontext+0x145/0x150
> >
> > <trim>
> >
> > [ 36.621539] Call Trace:
> > [ 36.621953] <TASK>
> > [ 36.622444] ? show_regs+0x69/0x80
> > [ 36.622819] ? __warn+0x8d/0x150
> > [ 36.623078] ? sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.623558] ? report_bug+0x171/0x1a0
> > [ 36.623881] ? handle_bug+0x42/0x80
> > [ 36.624070] ? exc_invalid_op+0x1c/0x70
> > [ 36.624491] ? asm_exc_invalid_op+0x1f/0x30
> > [ 36.624897] ? sg_remove_sfp_usercontext+0x145/0x150
> > [ 36.625408] process_one_work+0x141/0x300
> > [ 36.625769] worker_thread+0x2f6/0x430
> > [ 36.626073] ? __pfx_worker_thread+0x10/0x10
> > [ 36.626529] kthread+0x105/0x140
> > [ 36.626778] ? __pfx_kthread+0x10/0x10
> > [ 36.627059] ret_from_fork+0x41/0x60
> > [ 36.627441] ? __pfx_kthread+0x10/0x10
> > [ 36.627735] ret_from_fork_asm+0x1b/0x30
> > [ 36.628293] </TASK>
> > [ 36.628604] ---[ end trace 0000000000000000 ]---
> > ioctl_sg01.c:122: TPASS: Output buffer is empty, no data leaked
> >
> > Suspecting commit:
> > -----
> > scsi: sg: Avoid sg device teardown race
> > commit 27f58c04a8f438078583041468ec60597841284d upstream.
> >
>
> Correct. The issue is already been worked on.
>
> commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") fixed a real
> issue. But also added an incorrect WARN_ON_ONCE(). Thus the scary - but
> otherwise harmless - error message.
If you have Reboot on Oops turned on (apparently Android enables this)
then WARN() will reboot the system so it can be pretty annoying.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (403 preceding siblings ...)
2024-04-02 9:18 ` Naresh Kamboju
@ 2024-04-02 11:32 ` Takeshi Ogasawara
2024-04-02 14:39 ` Mark Brown
` (2 subsequent siblings)
407 siblings, 0 replies; 414+ messages in thread
From: Takeshi Ogasawara @ 2024-04-02 11:32 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie
Hi Greg
On Tue, Apr 2, 2024 at 1:36 AM Greg Kroah-Hartman
<gregkh@linuxfoundation.org> wrote:
>
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
6.6.24-rc1 tested.
Build successfully completed.
Boot successfully completed.
No dmesg regressions.
Video output normal.
Sound output normal.
Lenovo ThinkPad X1 Carbon Gen10(Intel i7-1260P(x86_64) arch linux)
[ 0.000000] Linux version 6.6.24-rc1rv
(takeshi@ThinkPadX1Gen10J0764) (gcc (GCC) 13.2.1 20230801, GNU ld (GNU
Binutils) 2.42.0) #1 SMP PREEMPT_DYNAMIC Tue Apr 2 19:48:41 JST 2024
Thanks
Tested-by: Takeshi Ogasawara <takeshi.ogasawara@futuring-girl.com>
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-02 10:37 ` Dan Carpenter
@ 2024-04-02 11:44 ` Greg Kroah-Hartman
0 siblings, 0 replies; 414+ messages in thread
From: Greg Kroah-Hartman @ 2024-04-02 11:44 UTC (permalink / raw
To: Dan Carpenter
Cc: Alexander Wetzel, Naresh Kamboju, stable, patches, linux-kernel,
torvalds, akpm, linux, shuah, patches, lkft-triage, pavel,
jonathanh, f.fainelli, sudipm.mukherjee, srw, rwarsow, conor,
allen.lkml, broonie, Bart Van Assche, Martin K. Petersen,
Arnd Bergmann, Anders Roxell, LTP List
On Tue, Apr 02, 2024 at 01:37:50PM +0300, Dan Carpenter wrote:
> On Mon, Apr 01, 2024 at 09:22:52PM +0200, Alexander Wetzel wrote:
> >
> > > Following kernel warnings have been noticed on qemu-x86_64 while running LTP
> > > cve ioctl_sg01 tests the kernel with stable-rc 6.6.24-rc1, 6.7.12-rc1 and
> > > 6.8.3-rc1.
> > >
> > > We have started bi-secting this issue.
> > > Always reproduced.
> > >
> > > Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
> > >
> > > ioctl_sg01.c:81: TINFO: Found SCSI device /dev/sg0
> > > ------------[ cut here ]------------
> > > [ 36.606841] WARNING: CPU: 0 PID: 8 at drivers/scsi/sg.c:2237
> > > sg_remove_sfp_usercontext+0x145/0x150
> > > [ 36.609445] Modules linked in:
> > > [ 36.610793] CPU: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.6.24-rc1 #1
> > > [ 36.611568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009),
> > > BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
> > > [ 36.612872] Workqueue: events sg_remove_sfp_usercontext
> > > [ 36.613691] RIP: 0010:sg_remove_sfp_usercontext+0x145/0x150
> > >
> > > <trim>
> > >
> > > [ 36.621539] Call Trace:
> > > [ 36.621953] <TASK>
> > > [ 36.622444] ? show_regs+0x69/0x80
> > > [ 36.622819] ? __warn+0x8d/0x150
> > > [ 36.623078] ? sg_remove_sfp_usercontext+0x145/0x150
> > > [ 36.623558] ? report_bug+0x171/0x1a0
> > > [ 36.623881] ? handle_bug+0x42/0x80
> > > [ 36.624070] ? exc_invalid_op+0x1c/0x70
> > > [ 36.624491] ? asm_exc_invalid_op+0x1f/0x30
> > > [ 36.624897] ? sg_remove_sfp_usercontext+0x145/0x150
> > > [ 36.625408] process_one_work+0x141/0x300
> > > [ 36.625769] worker_thread+0x2f6/0x430
> > > [ 36.626073] ? __pfx_worker_thread+0x10/0x10
> > > [ 36.626529] kthread+0x105/0x140
> > > [ 36.626778] ? __pfx_kthread+0x10/0x10
> > > [ 36.627059] ret_from_fork+0x41/0x60
> > > [ 36.627441] ? __pfx_kthread+0x10/0x10
> > > [ 36.627735] ret_from_fork_asm+0x1b/0x30
> > > [ 36.628293] </TASK>
> > > [ 36.628604] ---[ end trace 0000000000000000 ]---
> > > ioctl_sg01.c:122: TPASS: Output buffer is empty, no data leaked
> > >
> > > Suspecting commit:
> > > -----
> > > scsi: sg: Avoid sg device teardown race
> > > commit 27f58c04a8f438078583041468ec60597841284d upstream.
> > >
> >
> > Correct. The issue is already been worked on.
> >
> > commit 27f58c04a8f4 ("scsi: sg: Avoid sg device teardown race") fixed a real
> > issue. But also added an incorrect WARN_ON_ONCE(). Thus the scary - but
> > otherwise harmless - error message.
>
> If you have Reboot on Oops turned on (apparently Android enables this)
> then WARN() will reboot the system so it can be pretty annoying.
Agreed, I've dropped this stable change for now because of this.
greg k-h
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (404 preceding siblings ...)
2024-04-02 11:32 ` Takeshi Ogasawara
@ 2024-04-02 14:39 ` Mark Brown
2024-04-02 19:13 ` Jon Hunter
2024-04-03 13:45 ` Conor Dooley
407 siblings, 0 replies; 414+ messages in thread
From: Mark Brown @ 2024-04-02 14:39 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml
[-- Attachment #1: Type: text/plain, Size: 345 bytes --]
On Mon, Apr 01, 2024 at 05:40:49PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Tested-by: Mark Brown <broonie@kernel.org>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (405 preceding siblings ...)
2024-04-02 14:39 ` Mark Brown
@ 2024-04-02 19:13 ` Jon Hunter
2024-04-03 13:45 ` Conor Dooley
407 siblings, 0 replies; 414+ messages in thread
From: Jon Hunter @ 2024-04-02 19:13 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, broonie,
linux-tegra, stable
On Mon, 01 Apr 2024 17:40:49 +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Wed, 03 Apr 2024 15:24:46 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.24-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v6.6:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
116 tests: 116 pass, 0 fail
Linux version: 6.6.24-rc1-g75a2533b74d0
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 414+ messages in thread
* Re: [PATCH 6.6 000/396] 6.6.24-rc1 review
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
` (406 preceding siblings ...)
2024-04-02 19:13 ` Jon Hunter
@ 2024-04-03 13:45 ` Conor Dooley
407 siblings, 0 replies; 414+ messages in thread
From: Conor Dooley @ 2024-04-03 13:45 UTC (permalink / raw
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, allen.lkml, broonie
[-- Attachment #1: Type: text/plain, Size: 355 bytes --]
On Mon, Apr 01, 2024 at 05:40:49PM +0200, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.6.24 release.
> There are 396 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
Tested-by: Conor Dooley <conor.dooley@microchip.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] 414+ messages in thread
end of thread, other threads:[~2024-04-03 13:45 UTC | newest]
Thread overview: 414+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-01 15:40 [PATCH 6.6 000/396] 6.6.24-rc1 review Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 001/396] KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 002/396] KVM: x86: Use a switch statement and macros in __feature_translate() Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 003/396] drm/vmwgfx: Unmap the surface before resetting it on a plane state Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 004/396] wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 005/396] wifi: brcmfmac: avoid invalid list operation when vendor attach fails Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 006/396] media: staging: ipu3-imgu: Set fields before media_entity_pads_init() Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 007/396] arm64: dts: qcom: sc7280: Add additional MSI interrupts Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 008/396] remoteproc: virtio: Fix wdg cannot recovery remote processor Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 009/396] clk: qcom: gcc-sdm845: Add soft dependency on rpmhpd Greg Kroah-Hartman
2024-04-01 15:40 ` [PATCH 6.6 010/396] smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 011/396] smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 012/396] arm: dts: marvell: Fix maxium->maxim typo in brownstone dts Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 013/396] drm/vmwgfx: Fix possible null pointer derefence with invalid contexts Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 014/396] serial: max310x: fix NULL pointer dereference in I2C instantiation Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 015/396] drm/vmwgfx: Fix the lifetime of the bo cursor memory Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 016/396] pci_iounmap(): Fix MMIO mapping leak Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 017/396] media: xc4000: Fix atomicity violation in xc4000_get_frequency Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 018/396] media: mc: Add local pad to pipeline regardless of the link state Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 019/396] media: mc: Fix flags handling when creating pad links Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 020/396] media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 021/396] media: mc: Add num_links flag to media_pad Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 022/396] media: mc: Rename pad variable to clarify intent Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 023/396] media: mc: Expand MUST_CONNECT flag to always require an enabled link Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 024/396] media: nxp: imx8-isi: Mark all crossbar sink pads as MUST_CONNECT Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 025/396] KVM: Always flush async #PF workqueue when vCPU is being destroyed Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 026/396] arm64: dts: qcom: sm8550-qrd: correct WCD9385 TX port mapping Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 027/396] arm64: dts: qcom: sm8550-mtp: " Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 028/396] cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 029/396] thermal/intel: Fix intel_tcc_get_temp() to support negative CPU temperature Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 030/396] powercap: intel_rapl: Fix a NULL pointer dereference Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 031/396] sched: Simplify tg_set_cfs_bandwidth() Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 032/396] powercap: intel_rapl: Fix locking in TPMI RAPL Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 033/396] powercap: intel_rapl_tpmi: Fix a register bug Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 034/396] powercap: intel_rapl_tpmi: Fix System Domain probing Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 035/396] powerpc/smp: Adjust nr_cpu_ids to cover all threads of a core Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 036/396] powerpc/smp: Increase nr_cpu_ids to include the boot CPU Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 037/396] sparc64: NMI watchdog: fix return value of __setup handler Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 038/396] sparc: vDSO: " Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 039/396] crypto: qat - resolve race condition during AER recovery Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 040/396] selftests/mqueue: Set timeout to 180 seconds Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 041/396] ext4: correct best extent lstart adjustment logic Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 042/396] block: Clear zone limits for a non-zoned stacked queue Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 043/396] kasan/test: avoid gcc warning for intentional overflow Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 044/396] bounds: support non-power-of-two CONFIG_NR_CPUS Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 045/396] fat: fix uninitialized field in nostale filehandles Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 046/396] fuse: fix VM_MAYSHARE and direct_io_allow_mmap Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 047/396] ubifs: Set page uptodate in the correct place Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 048/396] ubi: Check for too small LEB size in VTBL code Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 049/396] ubi: correct the calculation of fastmap size Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 050/396] mtd: rawnand: meson: fix scrambling mode value in command macro Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 051/396] md/md-bitmap: fix incorrect usage for sb_index Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 052/396] x86/nmi: Fix the inverse "in NMI handler" check Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 053/396] parisc/unaligned: Rewrite 64-bit inline assembly of emulate_ldd() Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 054/396] parisc: Avoid clobbering the C/B bits in the PSW with tophys and tovirt macros Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 055/396] parisc: Fix ip_fast_csum Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 056/396] parisc: Fix csum_ipv6_magic on 32-bit systems Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 057/396] parisc: Fix csum_ipv6_magic on 64-bit systems Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 058/396] parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 059/396] md/raid5: fix atomicity violation in raid5_cache_count Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 060/396] iio: adc: rockchip_saradc: fix bitmask for channels on SARADCv2 Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 061/396] iio: adc: rockchip_saradc: use mask for write_enable bitfield Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 062/396] docs: Restore "smart quotes" for quotes Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 063/396] cpufreq: Limit resolving a frequency to policy min/max Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 064/396] PM: suspend: Set mem_sleep_current during kernel command line setup Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 065/396] vfio/pds: Always clear the save/restore FDs on reset Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 066/396] clk: qcom: gcc-ipq5018: fix terminating of frequency table arrays Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 067/396] clk: qcom: gcc-ipq6018: " Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 068/396] clk: qcom: gcc-ipq8074: " Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 069/396] clk: qcom: gcc-ipq9574: " Greg Kroah-Hartman
2024-04-01 15:41 ` [PATCH 6.6 070/396] clk: qcom: mmcc-apq8084: " Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 071/396] clk: qcom: mmcc-msm8974: " Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 072/396] usb: xhci: Add error handling in xhci_map_urb_for_dma Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 073/396] powerpc/fsl: Fix mfpmr build errors with newer binutils Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 074/396] USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 075/396] USB: serial: add device ID for VeriFone adapter Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 076/396] USB: serial: cp210x: add ID for MGP Instruments PDS100 Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 077/396] USB: serial: option: add MeiG Smart SLM320 product Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 078/396] KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 079/396] USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 080/396] PM: sleep: wakeirq: fix wake irq warning in system suspend Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 081/396] mmc: tmio: avoid concurrent runs of mmc_request_done() Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 082/396] fuse: replace remaining make_bad_inode() with fuse_make_bad() Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 083/396] fuse: fix root lookup with nonzero generation Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 084/396] fuse: dont unhash root Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 085/396] usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 086/396] usb: dwc3-am62: fix module unload/reload behavior Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 087/396] usb: dwc3-am62: Disable wakeup at remove Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 088/396] serial: core: only stop transmit when HW fifo is empty Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 089/396] serial: Lock console when calling into driver before registration Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 090/396] btrfs: qgroup: always free reserved space for extent records Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 091/396] btrfs: fix off-by-one chunk length calculation at contains_pending_extent() Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 092/396] wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 093/396] PCI/PM: Drain runtime-idle callbacks before driver removal Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 094/396] PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 095/396] ACPI: CPPC: Use access_width over bit_width for system memory accesses Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 096/396] dm-raid: fix lockdep waring in "pers->hot_add_disk" Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 097/396] powerpc: xor_vmx: Add -mhard-float to CFLAGS Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 098/396] block: Fix page refcounts for unaligned buffers in __bio_release_pages() Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 099/396] mac802154: fix llsec key resources release in mac802154_llsec_key_del Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 100/396] mm: swap: fix race between free_swap_and_cache() and swapoff() Greg Kroah-Hartman
2024-04-02 7:54 ` Ryan Roberts
2024-04-01 15:42 ` [PATCH 6.6 101/396] mmc: core: Fix switch on gp3 partition Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 102/396] Bluetooth: btnxpuart: Fix btnxpuart_close Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 103/396] leds: trigger: netdev: Fix kernel panic on interface rename trig notify Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 104/396] drm/etnaviv: Restore some id values Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 105/396] landlock: Warn once if a Landlock action is requested while disabled Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 106/396] hwmon: (amc6821) add of_match table Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 107/396] ext4: fix corruption during on-line resize Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 108/396] nvmem: meson-efuse: fix function pointer type mismatch Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 109/396] slimbus: core: Remove usage of the deprecated ida_simple_xx() API Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 110/396] phy: tegra: xusb: Add API to retrieve the port number of phy Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 111/396] usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 112/396] speakup: Fix 8bit characters from direct synth Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 113/396] PCI/AER: Block runtime suspend when handling errors Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 114/396] io_uring/net: correctly handle multishot recvmsg retry setup Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 115/396] io_uring: fix mshot io-wq checks Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 116/396] sparc32: Fix parport build with sparc32 Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 117/396] nfs: fix UAF in direct writes Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 118/396] NFS: Read unlock folio on nfs_page_create_from_folio() error Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 119/396] kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 120/396] PCI: qcom: Enable BDF to SID translation properly Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 121/396] PCI: dwc: endpoint: Fix advertised resizable BAR size Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 122/396] PCI: hv: Fix ring buffer size calculation Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 123/396] smb: client: stop revalidating reparse points unnecessarily Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 124/396] cifs: prevent updating file size from server if we have a read/write lease Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 125/396] cifs: allow changing password during remount Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 126/396] thermal/drivers/mediatek: Fix control buffer enablement on MT7896 Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 127/396] vfio/pci: Disable auto-enable of exclusive INTx IRQ Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 128/396] vfio/pci: Lock external INTx masking ops Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 129/396] vfio/platform: Disable virqfds on cleanup Greg Kroah-Hartman
2024-04-01 15:42 ` [PATCH 6.6 130/396] tpm,tpm_tis: Avoid warning splat at shutdown Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 131/396] server: convert to new timestamp accessors Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 132/396] ksmbd: replace generic_fillattr with vfs_getattr Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 133/396] ksmbd: retrieve number of blocks using vfs_getattr in set_file_allocation_info Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 134/396] platform/x86/intel/tpmi: Change vsec offset to u64 Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 135/396] io_uring: clean rings on NO_MMAP alloc fail Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 136/396] ring-buffer: Fix waking up ring buffer readers Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 137/396] ring-buffer: Do not set shortest_full when full target is hit Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 138/396] ring-buffer: Fix resetting of shortest_full Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 139/396] ring-buffer: Fix full_waiters_pending in poll Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 140/396] ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 141/396] dlm: fix user space lkb refcounting Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 142/396] soc: fsl: qbman: Always disable interrupts when taking cgr_lock Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 143/396] soc: fsl: qbman: Use raw spinlock for cgr_lock Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 144/396] s390/zcrypt: fix reference counting on zcrypt card objects Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 145/396] drm/probe-helper: warn about negative .get_modes() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 146/396] drm/panel: do not return negative error codes from drm_panel_get_modes() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 147/396] drm/exynos: do not return negative values from .get_modes() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 148/396] drm/imx/ipuv3: " Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 149/396] drm/vc4: hdmi: " Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 150/396] memtest: use {READ,WRITE}_ONCE in memory scanning Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 151/396] Revert "block/mq-deadline: use correct way to throttling write requests" Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 152/396] f2fs: mark inode dirty for FI_ATOMIC_COMMITTED flag Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 153/396] f2fs: truncate page cache before clearing flags when aborting atomic write Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 154/396] nilfs2: fix failure to detect DAT corruption in btree and direct mappings Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 155/396] nilfs2: prevent kernel bug at submit_bh_wbc() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 156/396] cifs: add xid to query server interface call Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 157/396] cifs: make sure server interfaces are requested only for SMB3+ Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 158/396] cifs: do not let cifs_chan_update_iface deallocate channels Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 159/396] cifs: delete unnecessary NULL checks in cifs_chan_update_iface() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 160/396] cifs: make cifs_chan_update_iface() a void function Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 161/396] cifs: reduce warning log level for server not advertising interfaces Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 162/396] cifs: open_cached_dir(): add FILE_READ_EA to desired access Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 163/396] mtd: rawnand: Fix and simplify again the continuous read derivations Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 164/396] mtd: rawnand: Constrain even more when continuous reads are enabled Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 165/396] cpufreq: dt: always allocate zeroed cpumask Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 166/396] x86/CPU/AMD: Update the Zenbleed microcode revisions Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 167/396] net: esp: fix bad handling of pages from page_pool Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 168/396] NFSD: Fix nfsd_clid_class use of __string_len() macro Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 169/396] drm/i915: Add missing ; to __assign_str() macros in tracepoint code Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 170/396] net: hns3: tracing: fix hclgevf trace event strings Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 171/396] cxl/trace: Properly initialize cxl_poison region name Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 172/396] virtio: reenable config if freezing device failed Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 173/396] LoongArch: Change __my_cpu_offset definition to avoid mis-optimization Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 174/396] LoongArch: Define the __io_aw() hook as mmiowb() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 175/396] LoongArch/crypto: Clean up useless assignment operations Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 176/396] wireguard: netlink: check for dangling peer via is_dead instead of empty list Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 177/396] wireguard: netlink: access device through ctx instead of peer Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 178/396] wireguard: selftests: set RISCV_ISA_FALLBACK on riscv{32,64} Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 179/396] ahci: asm1064: correct count of reported ports Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 180/396] ahci: asm1064: asm1166: dont limit " Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 181/396] drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 182/396] drm/amd/display: Return the correct HDCP error code Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 183/396] drm/amd/display: Fix noise issue on HDMI AV mute Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 184/396] dm snapshot: fix lockup in dm_exception_table_exit Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 185/396] x86/pm: Work around false positive kmemleak report in msr_build_context() Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 186/396] wifi: brcmfmac: add per-vendor feature detection callback Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 187/396] wifi: brcmfmac: cfg80211: Use WSEC to set SAE password Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 188/396] wifi: brcmfmac: Demote vendor-specific attach/detach messages to info Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 189/396] drm/ttm: Make sure the mapped tt pages are decrypted when needed Greg Kroah-Hartman
2024-04-01 15:43 ` [PATCH 6.6 190/396] drm/bridge: add ->edid_read hook and drm_bridge_edid_read() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 191/396] drm/bridge: lt8912b: use drm_bridge_edid_read() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 192/396] drm/bridge: lt8912b: clear the EDID property on failures Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 193/396] drm/bridge: lt8912b: do not return negative values from .get_modes() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 194/396] workqueue: Shorten events_freezable_power_efficient name Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 195/396] drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 196/396] net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 197/396] netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 198/396] netfilter: nf_tables: disallow anonymous set with timeout flag Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 199/396] netfilter: nf_tables: reject constant set with timeout Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 200/396] Drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 201/396] nouveau: lock the client object tree Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 202/396] drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 203/396] crypto: rk3288 - Fix use after free in unprepare Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 204/396] crypto: sun8i-ce " Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 205/396] xfrm: Avoid clang fortify warning in copy_to_user_tmpl() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 206/396] mm, mmap: fix vma_merge() case 7 with vma_ops->close Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 207/396] selftests: mptcp: diag: return KSFT_FAIL not test_cnt Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 208/396] usb: typec: tpcm: Fix PORT_RESET behavior for self powered devices Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 209/396] cgroup/cpuset: Fix retval in update_cpumask() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 210/396] Input: xpad - add additional HyperX Controller Identifiers Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 211/396] init/Kconfig: lower GCC version check for -Warray-bounds Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 212/396] firewire: ohci: prevent leak of left-over IRQ on unbind Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 213/396] KVM: x86: Mark target gfn of emulated atomic instruction as dirty Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 214/396] KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 215/396] SEV: disable SEV-ES DebugSwap by default Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 216/396] tracing: Use .flush() call to wake up readers Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 217/396] drm/amdgpu/pm: Fix the error of pwm1_enable setting Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 218/396] tty: serial: imx: Fix broken RS485 Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 219/396] drm/i915: Check before removing mm notifier Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 220/396] ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 221/396] USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 222/396] usb: typec: altmodes/displayport: create sysfs nodes as drivers default device attribute group Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 223/396] usb: gadget: ncm: Fix handling of zero block length packets Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 224/396] usb: port: Dont try to peer unused USB ports based on location Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 225/396] xhci: Fix failure to detect ring expansion need Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 226/396] tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 227/396] serial: 8250_dw: Do not reclock if already at correct rate Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 228/396] misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 229/396] misc: fastrpc: Pass proper arguments to scm call Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 230/396] serial: port: Dont suspend if the port is still busy Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 231/396] mei: me: add arrow lake point S DID Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 232/396] mei: me: add arrow lake point H DID Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 233/396] vt: fix unicode buffer corruption when deleting characters Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 234/396] Revert "tty: serial: simplify qcom_geni_serial_send_chunk_fifo()" Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 235/396] fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 236/396] ALSA: hda/realtek - Add Headset Mic supported Acer NB platform Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 237/396] ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 238/396] tee: optee: Fix kernel panic caused by incorrect error handling Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 239/396] ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 240/396] mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 241/396] arm64: dts: qcom: sc8280xp-x13s: limit pcie4 link speed Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 242/396] iio: accel: adxl367: fix DEVID read after reset Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 243/396] iio: accel: adxl367: fix I2C FIFO data register Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 244/396] i2c: i801: Avoid potential double call to gpiod_remove_lookup_table Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 245/396] iio: imu: inv_mpu6050: fix frequency setting when chip is off Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 246/396] iio: imu: inv_mpu6050: fix FIFO parsing when empty Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 247/396] drm/i915: Dont explode when the dig port we dont have an AUX CH Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 248/396] drm/amd/display: handle range offsets in VRR ranges Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 249/396] x86/efistub: Call mixed mode boot services on the firmwares stack Greg Kroah-Hartman
2024-04-01 15:44 ` [PATCH 6.6 250/396] ASoC: amd: yc: Revert "Fix non-functional mic on Lenovo 21J2" Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 251/396] wifi: iwlwifi: pcie: fix RB status reading Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 252/396] wifi: rtw88: 8821cu: Fix connection failure Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 253/396] xfs: move the xfs_rtbitmap.c declarations to xfs_rtbitmap.h Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 254/396] xfs: convert rt bitmap extent lengths to xfs_rtbxlen_t Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 255/396] xfs: consider minlen sized extents in xfs_rtallocate_extent_block Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 256/396] xfs: dont leak recovered attri intent items Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 257/396] xfs: use xfs_defer_pending objects to recover " Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 258/396] xfs: pass the xfs_defer_pending object to iop_recover Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 259/396] xfs: transfer recovered intent item ownership in ->iop_recover Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 260/396] xfs: make rextslog computation consistent with mkfs Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 261/396] xfs: fix 32-bit truncation in xfs_compute_rextslog Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 262/396] xfs: dont allow overly small or large realtime volumes Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 263/396] xfs: make xchk_iget safer in the presence of corrupt inode btrees Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 264/396] xfs: remove unused fields from struct xbtree_ifakeroot Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 265/396] xfs: recompute growfsrtfree transaction reservation while growing rt volume Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 266/396] xfs: fix an off-by-one error in xreap_agextent_binval Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 267/396] xfs: force all buffers to be written during btree bulk load Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 268/396] xfs: add missing nrext64 inode flag check to scrub Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 269/396] xfs: initialise di_crc in xfs_log_dinode Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 270/396] xfs: short circuit xfs_growfs_data_private() if delta is zero Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 271/396] xfs: add lock protection when remove perag from radix tree Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 272/396] xfs: fix perag leak when growfs fails Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 273/396] xfs: ensure logflagsp is initialized in xfs_bmap_del_extent_real Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 274/396] xfs: update dir3 leaf block metadata after swap Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 275/396] xfs: reset XFS_ATTR_INCOMPLETE filter on node removal Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 276/396] xfs: remove conditional building of rt geometry validator functions Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 277/396] btrfs: fix deadlock with fiemap and extent locking Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 278/396] vfio: Introduce interface to flush virqfd inject workqueue Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 279/396] vfio/pci: Create persistent INTx handler Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 280/396] vfio/platform: Create persistent IRQ handlers Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 281/396] vfio/fsl-mc: Block calling interrupt handler without trigger Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 282/396] x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 283/396] x86/sev: Fix position dependent variable references in startup code Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 284/396] clocksource/drivers/arm_global_timer: Fix maximum prescaler value Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 285/396] ARM: 9352/1: iwmmxt: Remove support for PJ4/PJ4B cores Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 286/396] ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 287/396] entry: Respect changes to system call number by trace_sys_enter() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 288/396] swiotlb: Fix double-allocation of slots due to broken alignment handling Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 289/396] swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 290/396] swiotlb: Fix alignment checks when both allocation and DMA masks are present Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 291/396] iommu/dma: Force swiotlb_max_mapping_size on an untrusted device Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 292/396] printk: Update @console_may_schedule in console_trylock_spinning() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 293/396] irqchip/renesas-rzg2l: Implement restriction when writing ISCR register Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 294/396] irqchip/renesas-rzg2l: Flush posted write in irq_eoi() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 295/396] irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on registers index Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 296/396] irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 297/396] irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 298/396] irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 299/396] kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 300/396] efi/libstub: fix efi_random_alloc() to allocate memory at alloc_min or higher address Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 301/396] x86/mpparse: Register APIC address only once Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 302/396] x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 303/396] efi: fix panic in kdump kernel Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 304/396] pwm: img: fix pwm clock lookup Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 305/396] selftests/mm: gup_test: conform test to TAP format output Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 306/396] selftests/mm: Fix build with _FORTIFY_SOURCE Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 307/396] perf top: Use evsels cpus to replace user_requested_cpus Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 308/396] ALSA: hda/tas2781: remove digital gain kcontrol Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 309/396] ALSA: hda/tas2781: add locks to kcontrols Greg Kroah-Hartman
2024-04-01 15:45 ` [PATCH 6.6 310/396] init: open /initrd.image with O_LARGEFILE Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 311/396] x86/efistub: Add missing boot_params for mixed mode compat entry Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 312/396] efi/libstub: Cast away type warning in use of max() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 313/396] x86/efistub: Reinstate soft limit for initrd loading Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 314/396] prctl: generalize PR_SET_MDWE support check to be per-arch Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 315/396] ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 316/396] tmpfs: fix race on handling dquot rbtree Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 317/396] btrfs: fix race in read_extent_buffer_pages() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 318/396] btrfs: zoned: dont skip block groups with 100% zone unusable Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 319/396] btrfs: zoned: use zone aware sb location for scrub Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 320/396] wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 321/396] wifi: cfg80211: add a flag to disable wireless extensions Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 322/396] wifi: iwlwifi: mvm: disable MLO for the time being Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 323/396] wifi: iwlwifi: fw: dont always use FW dump trig Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 324/396] Revert "drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR" Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 325/396] gpio: cdev: sanitize the label before requesting the interrupt Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 326/396] exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 327/396] hexagon: vmlinux.lds.S: handle attributes section Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 328/396] mm: cachestat: fix two shmem bugs Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 329/396] selftests/mm: sigbus-wp test requires UFFD_FEATURE_WP_HUGETLBFS_SHMEM Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 330/396] selftests/mm: fix ARM related issue with fork after pthread_create Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 331/396] mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 332/396] mmc: core: Initialize mmc_blk_ioc_data Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 333/396] mmc: core: Avoid negative index with array access Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 334/396] sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 335/396] block: Do not force full zone append completion in req_bio_endio() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 336/396] thermal: devfreq_cooling: Fix perf state when calculate dfc res_util Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 337/396] nouveau/dmem: handle kcalloc() allocation failure Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 338/396] net: ll_temac: platform_get_resource replaced by wrong function Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 339/396] drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 340/396] drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 341/396] drm/amdgpu: fix deadlock while reading mqd from debugfs Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 342/396] drm/i915/hwmon: Fix locking inversion in sysfs getter Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 343/396] drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 344/396] drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 345/396] drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 346/396] drm/i915/gt: Reset queue_priority_hint on parking Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 347/396] Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 348/396] mtd: spinand: Add support for 5-byte IDs Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 349/396] Revert "usb: phy: generic: Get the vbus supply" Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 350/396] usb: cdc-wdm: close race between read and workqueue Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 351/396] USB: UAS: return ENODEV when submit urbs fail with device not attached Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 352/396] drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 353/396] drm/amd/display: Disconnect phantom pipe OPP from OPTC being disabled Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 354/396] drm/amd/display: Clear OPTC mem select on disable Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 355/396] vfio/pds: Make sure migration file isnt accessed after reset Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 356/396] ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 357/396] scsi: sd: Fix TCG OPAL unlock on system resume Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 358/396] scsi: sg: Avoid sg device teardown race Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 359/396] scsi: core: Fix unremoved procfs host directory regression Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 360/396] staging: vc04_services: changen strncpy() to strscpy_pad() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 361/396] staging: vc04_services: fix information leak in create_component() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 362/396] usb: dwc3: Properly set system wakeup Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 363/396] USB: core: Fix deadlock in usb_deauthorize_interface() Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 364/396] USB: core: Add hub_get() and hub_put() routines Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 365/396] USB: core: Fix deadlock in port "disable" sysfs attribute Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 366/396] usb: dwc2: host: Fix remote wakeup from hibernation Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 367/396] usb: dwc2: host: Fix hibernation flow Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 368/396] usb: dwc2: host: Fix ISOC flow in DDMA mode Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 369/396] usb: dwc2: gadget: Fix exiting from clock gating Greg Kroah-Hartman
2024-04-01 15:46 ` [PATCH 6.6 370/396] usb: dwc2: gadget: LPM flow fix Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 371/396] usb: udc: remove warning when queue disabled ep Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 372/396] usb: typec: Return size of buffer if pd_set operation succeeds Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 373/396] usb: typec: ucsi: Clear EVENT_PENDING under PPM lock Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 374/396] usb: typec: ucsi: Check for notifications after init Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 375/396] usb: typec: ucsi: Ack unsupported commands Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 376/396] usb: typec: ucsi_acpi: Refactor and fix DELL quirk Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 377/396] usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 378/396] scsi: qla2xxx: Prevent command send on chip reset Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 379/396] scsi: qla2xxx: Fix N2N stuck connection Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 380/396] scsi: qla2xxx: Split FCE|EFT trace control Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 381/396] scsi: qla2xxx: Update manufacturer detail Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 382/396] scsi: qla2xxx: NVME|FCP prefer flag not being honored Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 383/396] scsi: qla2xxx: Fix command flush on cable pull Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 384/396] scsi: qla2xxx: Fix double free of the ha->vp_map pointer Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 385/396] scsi: qla2xxx: Fix double free of fcport Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 386/396] scsi: qla2xxx: Change debug message during driver unload Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 387/396] scsi: qla2xxx: Delay I/O Abort on PCI error Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 388/396] x86/bugs: Use fixed addressing for VERW operand Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 389/396] Revert "x86/bugs: Use fixed addressing for VERW operand" Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 390/396] usb: dwc3: pci: Drop duplicate ID Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 391/396] scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 392/396] scsi: lpfc: Correct size for wqe " Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 393/396] scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 394/396] scsi: libsas: Fix disk not being scanned in after being removed Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 395/396] x86/sev: Skip ROM range scans and validation for SEV-SNP guests Greg Kroah-Hartman
2024-04-01 15:47 ` [PATCH 6.6 396/396] tools/resolve_btfids: fix build with musl libc Greg Kroah-Hartman
2024-04-01 18:27 ` [PATCH 6.6 000/396] 6.6.24-rc1 review SeongJae Park
2024-04-01 19:01 ` Naresh Kamboju
2024-04-01 19:22 ` Alexander Wetzel
2024-04-02 7:51 ` Greg Kroah-Hartman
2024-04-02 10:37 ` Dan Carpenter
2024-04-02 11:44 ` Greg Kroah-Hartman
2024-04-01 20:34 ` Florian Fainelli
2024-04-01 23:40 ` Shuah Khan
2024-04-02 0:15 ` Kelsey Steele
2024-04-02 2:59 ` Harshit Mogalapalli
2024-04-02 5:13 ` Ron Economos
2024-04-02 9:18 ` Naresh Kamboju
2024-04-02 11:32 ` Takeshi Ogasawara
2024-04-02 14:39 ` Mark Brown
2024-04-02 19:13 ` Jon Hunter
2024-04-03 13:45 ` Conor Dooley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).