* [PATCH AUTOSEL 5.10 15/65] mt76: dma: initialize skip_unmap in mt76_dma_rx_fill
[not found] <20220401144206.1953700-1-sashal@kernel.org>
@ 2022-04-01 14:41 ` Sasha Levin
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 38/65] mt76: mt7615: Fix assigning negative values to unsigned variable Sasha Levin
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 45/65] iommu/iova: Improve 32-bit free space estimate Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2022-04-01 14:41 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Lorenzo Bianconi, Felix Fietkau, Sasha Levin, lorenzo.bianconi83,
ryder.lee, kvalo, davem, kuba, pabeni, matthias.bgg,
linux-wireless, netdev, linux-arm-kernel, linux-mediatek
From: Lorenzo Bianconi <lorenzo@kernel.org>
[ Upstream commit 577298ec55dfc8b9aece54520f0258c3f93a6573 ]
Even if it is only a false-positive since skip_buf0/skip_buf1 are only
used in mt76_dma_tx_cleanup_idx routine, initialize skip_unmap in
mt76_dma_rx_fill in order to fix the following UBSAN report:
[ 13.924906] UBSAN: invalid-load in linux-5.15.0/drivers/net/wireless/mediatek/mt76/dma.c:162:13
[ 13.924909] load of value 225 is not a valid value for type '_Bool'
[ 13.924912] CPU: 9 PID: 672 Comm: systemd-udevd Not tainted 5.15.0-18-generic #18-Ubuntu
[ 13.924914] Hardware name: LENOVO 21A0000CMX/21A0000CMX, BIOS R1MET43W (1.13 ) 11/05/2021
[ 13.924915] Call Trace:
[ 13.924917] <TASK>
[ 13.924920] show_stack+0x52/0x58
[ 13.924925] dump_stack_lvl+0x4a/0x5f
[ 13.924931] dump_stack+0x10/0x12
[ 13.924932] ubsan_epilogue+0x9/0x45
[ 13.924934] __ubsan_handle_load_invalid_value.cold+0x44/0x49
[ 13.924935] ? __iommu_dma_map+0x84/0xf0
[ 13.924939] mt76_dma_add_buf.constprop.0.cold+0x23/0x85 [mt76]
[ 13.924949] mt76_dma_rx_fill.isra.0+0x102/0x1f0 [mt76]
[ 13.924954] mt76_dma_init+0xc9/0x150 [mt76]
[ 13.924959] ? mt7921_dma_enable+0x110/0x110 [mt7921e]
[ 13.924966] mt7921_dma_init+0x1e3/0x260 [mt7921e]
[ 13.924970] mt7921_register_device+0x29d/0x510 [mt7921e]
[ 13.924975] mt7921_pci_probe.part.0+0x17f/0x1b0 [mt7921e]
[ 13.924980] mt7921_pci_probe+0x43/0x60 [mt7921e]
[ 13.924984] local_pci_probe+0x4b/0x90
[ 13.924987] pci_device_probe+0x115/0x1f0
[ 13.924989] really_probe+0x21e/0x420
[ 13.924992] __driver_probe_device+0x115/0x190
[ 13.924994] driver_probe_device+0x23/0xc0
[ 13.924996] __driver_attach+0xbd/0x1d0
[ 13.924998] ? __device_attach_driver+0x110/0x110
[ 13.924999] bus_for_each_dev+0x7e/0xc0
[ 13.925001] driver_attach+0x1e/0x20
[ 13.925003] bus_add_driver+0x135/0x200
[ 13.925005] driver_register+0x95/0xf0
[ 13.925008] ? 0xffffffffc0766000
[ 13.925010] __pci_register_driver+0x68/0x70
[ 13.925011] mt7921_pci_driver_init+0x23/0x1000 [mt7921e]
[ 13.925015] do_one_initcall+0x48/0x1d0
[ 13.925019] ? kmem_cache_alloc_trace+0x19e/0x2e0
[ 13.925022] do_init_module+0x62/0x280
[ 13.925025] load_module+0xac9/0xbb0
[ 13.925027] __do_sys_finit_module+0xbf/0x120
[ 13.925029] __x64_sys_finit_module+0x18/0x20
[ 13.925030] do_syscall_64+0x5c/0xc0
[ 13.925033] ? do_syscall_64+0x69/0xc0
[ 13.925034] ? sysvec_reschedule_ipi+0x78/0xe0
[ 13.925036] ? asm_sysvec_reschedule_ipi+0xa/0x20
[ 13.925039] entry_SYSCALL_64_after_hwframe+0x44/0xae
[ 13.925040] RIP: 0033:0x7fbf2b90f94d
[ 13.925045] RSP: 002b:00007ffe2ec7e5d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 13.925047] RAX: ffffffffffffffda RBX: 000056106b0634e0 RCX: 00007fbf2b90f94d
[ 13.925048] RDX: 0000000000000000 RSI: 00007fbf2baa3441 RDI: 0000000000000013
[ 13.925049] RBP: 0000000000020000 R08: 0000000000000000 R09: 0000000000000002
[ 13.925050] R10: 0000000000000013 R11: 0000000000000246 R12: 00007fbf2baa3441
[ 13.925051] R13: 000056106b062620 R14: 000056106b0610c0 R15: 000056106b0640d0
[ 13.925053] </TASK>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/dma.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/wireless/mediatek/mt76/dma.c b/drivers/net/wireless/mediatek/mt76/dma.c
index 0fdfead45c77..f01b455783b2 100644
--- a/drivers/net/wireless/mediatek/mt76/dma.c
+++ b/drivers/net/wireless/mediatek/mt76/dma.c
@@ -455,6 +455,7 @@ mt76_dma_rx_fill(struct mt76_dev *dev, struct mt76_queue *q)
qbuf.addr = addr + offset;
qbuf.len = len - offset;
+ qbuf.skip_unmap = false;
mt76_dma_add_buf(dev, q, &qbuf, 1, 0, buf, NULL);
frames++;
}
--
2.34.1
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH AUTOSEL 5.10 38/65] mt76: mt7615: Fix assigning negative values to unsigned variable
[not found] <20220401144206.1953700-1-sashal@kernel.org>
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 15/65] mt76: dma: initialize skip_unmap in mt76_dma_rx_fill Sasha Levin
@ 2022-04-01 14:41 ` Sasha Levin
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 45/65] iommu/iova: Improve 32-bit free space estimate Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2022-04-01 14:41 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Yang Li, Abaci Robot, Felix Fietkau, Sasha Levin,
lorenzo.bianconi83, ryder.lee, kvalo, davem, kuba, pabeni,
matthias.bgg, xing.song, linux-wireless, netdev, linux-arm-kernel,
linux-mediatek
From: Yang Li <yang.lee@linux.alibaba.com>
[ Upstream commit 9273ffcc9a11942bd586bb42584337ef3962b692 ]
Smatch reports the following:
drivers/net/wireless/mediatek/mt76/mt7615/mac.c:1865
mt7615_mac_adjust_sensitivity() warn: assigning (-110) to unsigned
variable 'def_th'
drivers/net/wireless/mediatek/mt76/mt7615/mac.c:1865
mt7615_mac_adjust_sensitivity() warn: assigning (-98) to unsigned
variable 'def_th'
Reported-by: Abaci Robot <abaci@linux.alibaba.com>
Signed-off-by: Yang Li <yang.lee@linux.alibaba.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/mediatek/mt76/mt7615/mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
index 424be103093c..1465a92ea3fc 100644
--- a/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
+++ b/drivers/net/wireless/mediatek/mt76/mt7615/mac.c
@@ -1626,7 +1626,7 @@ mt7615_mac_adjust_sensitivity(struct mt7615_phy *phy,
struct mt7615_dev *dev = phy->dev;
int false_cca = ofdm ? phy->false_cca_ofdm : phy->false_cca_cck;
bool ext_phy = phy != &dev->phy;
- u16 def_th = ofdm ? -98 : -110;
+ s16 def_th = ofdm ? -98 : -110;
bool update = false;
s8 *sensitivity;
int signal;
--
2.34.1
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH AUTOSEL 5.10 45/65] iommu/iova: Improve 32-bit free space estimate
[not found] <20220401144206.1953700-1-sashal@kernel.org>
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 15/65] mt76: dma: initialize skip_unmap in mt76_dma_rx_fill Sasha Levin
2022-04-01 14:41 ` [PATCH AUTOSEL 5.10 38/65] mt76: mt7615: Fix assigning negative values to unsigned variable Sasha Levin
@ 2022-04-01 14:41 ` Sasha Levin
2 siblings, 0 replies; 3+ messages in thread
From: Sasha Levin @ 2022-04-01 14:41 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Robin Murphy, Yunfei Wang, Miles Chen, Joerg Roedel, Sasha Levin,
joro, will, matthias.bgg, iommu, linux-arm-kernel, linux-mediatek
From: Robin Murphy <robin.murphy@arm.com>
[ Upstream commit 5b61343b50590fb04a3f6be2cdc4868091757262 ]
For various reasons based on the allocator behaviour and typical
use-cases at the time, when the max32_alloc_size optimisation was
introduced it seemed reasonable to couple the reset of the tracked
size to the update of cached32_node upon freeing a relevant IOVA.
However, since subsequent optimisations focused on helping genuine
32-bit devices make best use of even more limited address spaces, it
is now a lot more likely for cached32_node to be anywhere in a "full"
32-bit address space, and as such more likely for space to become
available from IOVAs below that node being freed.
At this point, the short-cut in __cached_rbnode_delete_update() really
doesn't hold up any more, and we need to fix the logic to reliably
provide the expected behaviour. We still want cached32_node to only move
upwards, but we should reset the allocation size if *any* 32-bit space
has become available.
Reported-by: Yunfei Wang <yf.wang@mediatek.com>
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Reviewed-by: Miles Chen <miles.chen@mediatek.com>
Link: https://lore.kernel.org/r/033815732d83ca73b13c11485ac39336f15c3b40.1646318408.git.robin.murphy@arm.com
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/iommu/iova.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/iommu/iova.c b/drivers/iommu/iova.c
index 1164d1a42cbc..4600e97acb26 100644
--- a/drivers/iommu/iova.c
+++ b/drivers/iommu/iova.c
@@ -138,10 +138,11 @@ __cached_rbnode_delete_update(struct iova_domain *iovad, struct iova *free)
cached_iova = rb_entry(iovad->cached32_node, struct iova, node);
if (free == cached_iova ||
(free->pfn_hi < iovad->dma_32bit_pfn &&
- free->pfn_lo >= cached_iova->pfn_lo)) {
+ free->pfn_lo >= cached_iova->pfn_lo))
iovad->cached32_node = rb_next(&free->node);
+
+ if (free->pfn_lo < iovad->dma_32bit_pfn)
iovad->max32_alloc_size = iovad->dma_32bit_pfn;
- }
cached_iova = rb_entry(iovad->cached_node, struct iova, node);
if (free->pfn_lo >= cached_iova->pfn_lo)
--
2.34.1
_______________________________________________
Linux-mediatek mailing list
Linux-mediatek@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-mediatek
^ permalink raw reply related [flat|nested] 3+ messages in thread