* [PATCH 6.1 000/197] 6.1.79-rc1 review
@ 2024-02-20 20:49 Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 001/197] work around gcc bugs with asm goto with outputs Greg Kroah-Hartman
` (200 more replies)
0 siblings, 201 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml
This is the start of the stable review cycle for the 6.1.79 release.
There are 197 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Linux 6.1.79-rc1
Lokesh Gidra <lokeshgidra@google.com>
userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
Jiri Olsa <jolsa@kernel.org>
bpf: Remove trace_printk_lock
Jiri Olsa <jolsa@kernel.org>
bpf: Do cleanup in bpf_bprintf_cleanup only when needed
Jiri Olsa <jolsa@kernel.org>
bpf: Add struct for bin_args arg in bpf_bprintf_prepare
Eric Dumazet <edumazet@google.com>
net: prevent mss overflow in skb_segment()
Paulo Alcantara <pc@manguebit.com>
smb: client: fix parsing of SMB3.1.1 POSIX create context
Paulo Alcantara <pc@manguebit.com>
smb: client: fix potential OOBs in smb2_parse_contexts()
Mike Marciniszyn <mike.marciniszyn@intel.com>
RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
Davidlohr Bueso <dave@stgolabs.net>
hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
NeilBrown <neilb@suse.de>
nfsd: don't take fi_lock in nfsd_break_deleg_cb()
NeilBrown <neilb@suse.de>
nfsd: fix RELEASE_LOCKOWNER
Helge Deller <deller@gmx.de>
parisc: Fix random data corruption from exception handler
Jozsef Kadlecsik <kadlec@netfilter.org>
netfilter: ipset: Missing gc cancellations fixed
Jozsef Kadlecsik <kadlec@netfilter.org>
netfilter: ipset: fix performance regression in swap operation
Damien Le Moal <dlemoal@kernel.org>
block: fix partial zone append completion handling in req_bio_endio()
Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
David Lin <yu-hao.lin@nxp.com>
wifi: mwifiex: fix uninitialized firmware_stat
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sm8150: fix USB SS wakeup
Johan Hovold <johan+linaro@kernel.org>
arm64: dts: qcom: sdm845: fix USB SS wakeup
Stephan Gerhold <stephan@gerhold.net>
arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely
Stephan Gerhold <stephan@gerhold.net>
arm64: dts: qcom: msm8916: Enable blsp_dma by default
Sjoerd Simons <sjoerd@collabora.com>
bus: moxtet: Add spi device table
David Lin <yu-hao.lin@nxp.com>
wifi: mwifiex: add extra delay for firmware ready
Lukas Wunner <lukas@wunner.de>
wifi: mwifiex: Support SD8978 chipset
Andrejs Cainikovs <andrejs.cainikovs@toradex.com>
ARM: dts: imx6q-apalis: add can power-up delay on ixora board
Junxiao Bi <junxiao.bi@oracle.com>
md: bypass block throttle for superblock update
Audra Mitchell <audra@redhat.com>
selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag
Ryan Roberts <ryan.roberts@arm.com>
selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory
Jann Horn <jannh@google.com>
tls: fix NULL deref on tls_sw_splice_eof() with empty record
Herbert Xu <herbert@gondor.apana.org.au>
xfrm: Silence warnings triggerable by bad packets
Herbert Xu <herbert@gondor.apana.org.au>
xfrm: Use xfrm_state selector for BEET input
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Inform kmemleak of saved_cmdlines allocation
Oleg Nesterov <oleg@redhat.com>
fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()
Konrad Dybcio <konrad.dybcio@linaro.org>
pmdomain: core: Move the unused cleanup to a _sync initcall
Oleksij Rempel <linux@rempel-privat.de>
can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
Ziqi Zhao <astrajoan@yahoo.com>
can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
Maxime Jayat <maxime.jayat@mobile-devices.fr>
can: netlink: Fix TDCO calculation using the old data bittiming
Nuno Sa <nuno.sa@analog.com>
of: property: fix typo in io-channels
Prakash Sangappa <prakash.sangappa@oracle.com>
mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
Oscar Salvador <osalvador@suse.de>
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
Rishabh Dave <ridave@redhat.com>
ceph: prevent use-after-free in encode_cap_msg()
Shradha Gupta <shradhagupta@linux.microsoft.com>
hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
Sinthu Raja <sinthu.raja@ti.com>
net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
Alexandra Winter <wintera@linux.ibm.com>
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
Sinthu Raja <sinthu.raja@ti.com>
net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
Christian Brauner <brauner@kernel.org>
fs: relax mount_setattr() permission checks
Daniel Bristot de Oliveira <bristot@kernel.org>
tools/rtla: Fix Makefile compiler options for clang
Daniel Bristot de Oliveira <bristot@kernel.org>
tools/rtla: Fix uninitialized bucket/data->bucket_size warning
John Kacur <jkacur@redhat.com>
tools/rtla: Exit with EXIT_SUCCESS when help is invoked
limingming3 <limingming890315@gmail.com>
tools/rtla: Replace setting prio with nice for SCHED_OTHER
Daniel Bristot de Oliveira <bristot@kernel.org>
tools/rtla: Remove unused sched_getattr() function
Mario Limonciello <mario.limonciello@amd.com>
ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
Fred Ai <fred.ai@bayhubtech.com>
mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk can't be detected by BIOS
Damien Le Moal <dlemoal@kernel.org>
zonefs: Improve error handling
Marc Zyngier <maz@kernel.org>
irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
Doug Berger <opendmb@gmail.com>
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
Johannes Berg <johannes.berg@intel.com>
wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
Johannes Berg <johannes.berg@intel.com>
wifi: cfg80211: fix wiphy delayed work queueing
Daniel de Villiers <daniel.devilliers@corigine.com>
nfp: flower: prevent re-adding mac index for bonded port
Daniel Basilio <daniel.basilio@corigine.com>
nfp: use correct macro for LengthSelect in BAR config
Kim Phillips <kim.phillips@amd.com>
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
Ryusuke Konishi <konishi.ryusuke@gmail.com>
nilfs2: fix data corruption in dsync block recovery for small block sizes
bo liu <bo.liu@senarytech.com>
ALSA: hda/conexant: Add quirk for SWS JS201D
Eniac Zhang <eniac-xw.zhang@hp.com>
ALSA: hda/realtek: fix mute/micmute LED For HP mt645
Alexander Stein <alexander.stein@ew.tq-group.com>
mmc: slot-gpio: Allow non-sleeping GPIO ro
Jens Axboe <axboe@kernel.dk>
io_uring/net: fix multishot accept overflow handling
Steve Wahl <steve.wahl@hpe.com>
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
Mingwei Zhang <mizhang@google.com>
KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
Andrei Vagin <avagin@google.com>
x86/fpu: Stop relying on userspace for info to fault in xsave buffer
Aleksander Mazur <deweloper@wp.pl>
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
Shrikanth Hegde <sshegde@linux.ibm.com>
powerpc/pseries: fix accuracy of stolen time
David Engraf <david.engraf@sysgo.com>
powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
Naveen N Rao <naveen@kernel.org>
powerpc/64: Set task pt_regs->link to the LR value on scv entry
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: max310x: prevent infinite while() loop in port startup
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: max310x: fail probe if clock crystal is unstable
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: max310x: improve crystal stable clock detection
Hugo Villeneuve <hvilleneuve@dimonoff.com>
serial: max310x: set default value when reading clock ready bit
Hui Zhou <hui.zhou@corigine.com>
nfp: flower: fix hardware offload for the transfer layer port
Vincent Donnefort <vdonnefort@google.com>
ring-buffer: Clean ring_buffer_poll_wait() error return
Souradeep Chakrabarti <schakrabarti@linux.microsoft.com>
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
Tom Chung <chiahsuan.chung@amd.com>
drm/amd/display: Preserve original aspect ratio in create stream
Nathan Chancellor <nathan@kernel.org>
drm/amd/display: Increase frame-larger-than for all display_mode_vba files
Philip Yang <Philip.Yang@amd.com>
drm/prime: Support page array >= 4GB
Rob Clark <robdclark@chromium.org>
drm/msm: Wire up tlb ops
Herbert Xu <herbert@gondor.apana.org.au>
xfrm: Remove inner/outer modes from input path
Herbert Xu <herbert@gondor.apana.org.au>
xfrm: Remove inner/outer modes from output path
Fedor Pchelkin <pchelkin@ispras.ru>
ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
Sean Young <sean@mess.org>
media: rc: bpf attach/detach requires write permission
Randy Dunlap <rdunlap@infradead.org>
iio: imu: bno055: serdev requires REGMAP
Nuno Sa <nuno.sa@analog.com>
iio: imu: adis: ensure proper DMA alignment
Nuno Sa <nuno.sa@analog.com>
iio: adc: ad_sigma_delta: ensure proper DMA alignment
Mario Limonciello <mario.limonciello@amd.com>
iio: accel: bma400: Fix a compilation problem
Nuno Sa <nuno.sa@analog.com>
iio: commom: st_sensors: ensure proper DMA alignment
Dinghao Liu <dinghao.liu@zju.edu.cn>
iio: core: fix memleak in iio_device_register_sysfs
zhili.liu <zhili.liu@ucas.com.cn>
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
David Schiller <david.schiller@jku.at>
staging: iio: ad5933: fix type mismatch regression
Steven Rostedt (Google) <rostedt@goodmis.org>
tracing: Fix wasted memory in saved_cmdlines logic
Baokun Li <libaokun1@huawei.com>
ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
Baokun Li <libaokun1@huawei.com>
ext4: fix double-free of blocks due to wrong extents moved_len
Ekansh Gupta <quic_ekangupt@quicinc.com>
misc: fastrpc: Mark all sessions as invalid in cb_remove
Carlos Llamas <cmllamas@google.com>
binder: signal epoll threads of self-work
Andy Chi <andy.chi@canonical.com>
ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
Vitaly Rodionov <vitalyr@opensource.cirrus.com>
ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
ASoC: codecs: wcd938x: handle deferred probe
Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
Nathan Chancellor <nathan@kernel.org>
modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS
Nathan Chancellor <nathan@kernel.org>
um: Fix adding '-no-pie' for clang
Nathan Chancellor <nathan@kernel.org>
modpost: Include '.text.*' in TEXT_SECTIONS
Masahiro Yamada <masahiroy@kernel.org>
linux/init: remove __memexit* annotations
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
modpost: Don't let "driver"s reference .exit.*
Masahiro Yamada <masahiroy@kernel.org>
modpost: propagate W=1 build option to modpost
Jan Beulich <jbeulich@suse.com>
xen-netback: properly sync TX responses
Esben Haabendal <esben@geanix.com>
net: stmmac: do not clear TBS enable bit on link up/down
Nikita Zhandarovich <n.zhandarovich@fintech.ru>
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
Fedor Pchelkin <pchelkin@ispras.ru>
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
Nathan Chancellor <nathan@kernel.org>
kbuild: Fix changing ELF file type for output of gen_btf for big endian
José Relvas <josemonsantorelvas@gmail.com>
ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
Takashi Sakamoto <o-takashi@sakamocchi.jp>
firewire: core: correct documentation of fw_csr_string() kernel API
Ondrej Mosnacek <omosnace@redhat.com>
lsm: fix the logic in security_inode_getsecctx()
Sebastian Ott <sebott@redhat.com>
drm/virtio: Set segment size for virtio_gpu device
Mario Limonciello <mario.limonciello@amd.com>
Revert "drm/amd: flush any delayed gfxoff on suspend entry"
Lee Duncan <lduncan@suse.com>
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
media: Revert "media: rkisp1: Drop IRQF_SHARED"
Geliang Tang <geliang@kernel.org>
mptcp: check addrs list in userspace_pm_get_local_id
Paolo Abeni <pabeni@redhat.com>
mptcp: drop the push_pending field
Matthieu Baerts (NGI0) <matttbe@kernel.org>
selftests: mptcp: increase timeout to 30 min
Matthieu Baerts (NGI0) <matttbe@kernel.org>
selftests: mptcp: add missing kconfig for NF Mangle
Matthieu Baerts (NGI0) <matttbe@kernel.org>
selftests: mptcp: add missing kconfig for NF Filter in v6
Matthieu Baerts (NGI0) <matttbe@kernel.org>
selftests: mptcp: add missing kconfig for NF Filter
Paolo Abeni <pabeni@redhat.com>
mptcp: fix data re-injection from stale subflow
Paolo Abeni <pabeni@redhat.com>
mptcp: get rid of msk->subflow
Radek Krejci <radek.krejci@oracle.com>
modpost: trim leading spaces when processing source files list
Jean Delvare <jdelvare@suse.de>
i2c: i801: Fix block process call transactions
Arnd Bergmann <arnd@arndb.de>
i2c: pasemi: split driver into two separate modules
Michael Ellerman <mpe@ellerman.id.au>
powerpc/kasan: Limit KASAN thread size increase to 32KB
Bibo Mao <maobibo@loongson.cn>
irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc()
Viken Dadhaniya <quic_vdadhani@quicinc.com>
i2c: qcom-geni: Correct I2C TRE sequence
Dan Carpenter <dan.carpenter@linaro.org>
cifs: fix underflow in parse_server_interfaces()
Jiangfeng Xiao <xiaojiangfeng@huawei.com>
powerpc/kasan: Fix addr error caused by page alignment
Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
powerpc/6xx: set High BAT Enable flag on G2_LE cores
Saravana Kannan <saravanak@google.com>
driver core: fw_devlink: Improve detection of overlapping cycles
Zhipeng Lu <alexious@zju.edu.cn>
media: ir_toy: fix a memleak in irtoy_tx
Konrad Dybcio <konrad.dybcio@linaro.org>
interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
yuan linyu <yuanlinyu@hihonor.com>
usb: f_mass_storage: forbid async queue when shutdown happen
Oliver Neukum <oneukum@suse.com>
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
Christian A. Ehrhardt <lk@c--e.de>
usb: ucsi_acpi: Fix command completion handling
Sean Anderson <sean.anderson@seco.com>
usb: ulpi: Fix debugfs directory leak
Christian A. Ehrhardt <lk@c--e.de>
usb: ucsi: Add missing ppm_lock
Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
Jason Gerecke <killertofu@gmail.com>
HID: wacom: Do not register input devices until after hid_hw_start
Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
Johan Hovold <johan+linaro@kernel.org>
HID: i2c-hid-of: fix NULL-deref on failed power up
Luka Guzenko <l.guzenko@web.de>
ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
David Senoner <seda18@rolmail.net>
ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
Helge Deller <deller@gmx.de>
parisc: Prevent hung tasks when printing inventory on serial console
Techno Mooney <techno.mooney@gmail.com>
ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
Mikulas Patocka <mpatocka@redhat.com>
dm-crypt, dm-verity: disable tasklets
Michael Kelley <mhklinux@outlook.com>
scsi: storvsc: Fix ring buffer size calculation
Zach O'Keefe <zokeefe@google.com>
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
Jan Kara <jack@suse.cz>
readahead: avoid multiple marked readahead pages
Masami Hiramatsu (Google) <mhiramat@kernel.org>
tracing/trigger: Fix to return error if failed to alloc snapshot
Samuel Holland <samuel.holland@sifive.com>
scs: add CONFIG_MMU dependency for vfree_atomic()
Ivan Vecera <ivecera@redhat.com>
i40e: Fix waiting for queues of all VSIs to be disabled
Ivan Vecera <ivecera@redhat.com>
i40e: Do not allow untrusted VF to remove administratively set MAC
Guenter Roeck <linux@roeck-us.net>
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
Arnd Bergmann <arnd@arndb.de>
nouveau/svm: fix kvcalloc() argument order
Breno Leitao <leitao@debian.org>
net: sysfs: Fix /sys/class/net/<iface> path for statistics
Alexey Khoroshilov <khoroshilov@ispras.ru>
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
spi: ppc4xx: Drop write-only variable
Jakub Kicinski <kuba@kernel.org>
net: tls: fix returned read length with async decrypt
Sabrina Dubroca <sd@queasysnail.net>
net: tls: fix use-after-free with partial reads and async decrypt
Jakub Kicinski <kuba@kernel.org>
tls: fix race between async notify and socket close
Jakub Kicinski <kuba@kernel.org>
net: tls: factor out tls_*crypt_async_wait()
Sabrina Dubroca <sd@queasysnail.net>
tls: extract context alloc/initialization out of tls_set_sw_offload
David Howells <dhowells@redhat.com>
tls/sw: Use splice_eof() to flush
Horatiu Vultur <horatiu.vultur@microchip.com>
lan966x: Fix crash when adding interface under a lag
Aaron Conole <aconole@redhat.com>
net: openvswitch: limit the number of recursions from action sets
Saravana Kannan <saravanak@google.com>
of: property: Improve finding the supplier of a remote-endpoint property
Dan Carpenter <dan.carpenter@linaro.org>
wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
Dan Carpenter <dan.carpenter@linaro.org>
wifi: iwlwifi: Fix some error codes
Sean Christopherson <seanjc@google.com>
KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test
Gavin Shan <gshan@redhat.com>
KVM: selftests: Clear dirty ring states between two modes in dirty_log_test
Christian A. Ehrhardt <lk@c--e.de>
of: unittest: Fix compile in the non-dynamic case
Saravana Kannan <saravanak@google.com>
driver core: Fix device_link_flag_is_sync_state_only()
Josef Bacik <josef@toxicpanda.com>
btrfs: don't drop extent_map for free space inode on write error
Filipe Manana <fdmanana@suse.com>
btrfs: reject encoded write if inode has nodatasum flag set
Filipe Manana <fdmanana@suse.com>
btrfs: don't reserve space for checksums when writing to nocow files
David Sterba <dsterba@suse.com>
btrfs: send: return EOPNOTSUPP on unknown flags
Boris Burkov <boris@bur.io>
btrfs: forbid deleting live subvol qgroup
Qu Wenruo <wqu@suse.com>
btrfs: do not ASSERT() if the newly created subvolume already got read
Boris Burkov <boris@bur.io>
btrfs: forbid creating subvol qgroups
Filipe Manana <fdmanana@suse.com>
btrfs: do not delete unused block group if it may be used soon
Filipe Manana <fdmanana@suse.com>
btrfs: add and use helper to check if block group is used
Linus Torvalds <torvalds@linux-foundation.org>
update workarounds for gcc "asm goto" issue
Linus Torvalds <torvalds@linux-foundation.org>
work around gcc bugs with 'asm goto' with outputs
-------------
Diffstat:
.../ABI/testing/sysfs-class-net-statistics | 48 ++---
.../bindings/net/wireless/marvell-8xxx.txt | 4 +-
Makefile | 4 +-
arch/Kconfig | 1 +
arch/arc/include/asm/jump_label.h | 4 +-
arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts | 2 +
arch/arm/include/asm/jump_label.h | 4 +-
arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 4 -
arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 +-
arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +-
arch/arm64/boot/dts/qcom/sm8150.dtsi | 4 +-
arch/arm64/include/asm/alternative-macros.h | 4 +-
arch/arm64/include/asm/jump_label.h | 4 +-
arch/csky/include/asm/jump_label.h | 4 +-
arch/mips/include/asm/checksum.h | 3 +-
arch/mips/include/asm/jump_label.h | 4 +-
arch/parisc/Kconfig | 1 -
arch/parisc/include/asm/assembly.h | 1 +
arch/parisc/include/asm/extable.h | 64 ++++++
arch/parisc/include/asm/jump_label.h | 4 +-
arch/parisc/include/asm/special_insns.h | 6 +-
arch/parisc/include/asm/uaccess.h | 48 +----
arch/parisc/kernel/drivers.c | 3 +
arch/parisc/kernel/unaligned.c | 44 ++--
arch/parisc/mm/fault.c | 11 +-
arch/powerpc/include/asm/bug.h | 2 +-
arch/powerpc/include/asm/jump_label.h | 4 +-
arch/powerpc/include/asm/reg.h | 2 +
arch/powerpc/include/asm/thread_info.h | 2 +-
arch/powerpc/include/asm/uaccess.h | 8 +-
arch/powerpc/kernel/cpu_setup_6xx.S | 20 +-
arch/powerpc/kernel/cpu_specs_e500mc.h | 3 +-
arch/powerpc/kernel/interrupt_64.S | 4 +-
arch/powerpc/kernel/irq_64.c | 2 +-
arch/powerpc/mm/kasan/init_32.c | 1 +
arch/powerpc/platforms/pseries/lpar.c | 8 +-
arch/riscv/include/asm/jump_label.h | 4 +-
arch/s390/include/asm/jump_label.h | 4 +-
arch/sparc/include/asm/jump_label.h | 4 +-
arch/um/Makefile | 4 +-
arch/um/include/asm/cpufeature.h | 2 +-
arch/x86/Kconfig.cpu | 2 +-
arch/x86/include/asm/cpufeature.h | 2 +-
arch/x86/include/asm/jump_label.h | 6 +-
arch/x86/include/asm/rmwcc.h | 2 +-
arch/x86/include/asm/uaccess.h | 10 +-
arch/x86/include/asm/virtext.h | 12 +-
arch/x86/kernel/fpu/signal.c | 13 +-
arch/x86/kvm/svm/svm_ops.h | 6 +-
arch/x86/kvm/vmx/pmu_intel.c | 2 +-
arch/x86/kvm/vmx/vmx.c | 8 +-
arch/x86/kvm/vmx/vmx_ops.h | 6 +-
arch/x86/mm/ident_map.c | 23 ++-
arch/xtensa/include/asm/jump_label.h | 4 +-
block/blk-mq.c | 9 +-
drivers/android/binder.c | 10 +
drivers/base/core.c | 15 +-
drivers/base/power/domain.c | 2 +-
drivers/bus/moxtet.c | 7 +
drivers/crypto/ccp/sev-dev.c | 10 +-
drivers/firewire/core-device.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 -
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 +
drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +-
drivers/gpu/drm/drm_prime.c | 2 +-
drivers/gpu/drm/msm/msm_iommu.c | 32 ++-
drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +-
drivers/gpu/drm/virtio/virtgpu_drv.c | 1 +
drivers/hid/i2c-hid/i2c-hid-of.c | 1 +
drivers/hid/wacom_sys.c | 63 ++++--
drivers/hid/wacom_wac.c | 9 +-
drivers/i2c/busses/Makefile | 6 +-
drivers/i2c/busses/i2c-i801.c | 4 +-
drivers/i2c/busses/i2c-pasemi-core.c | 5 +
drivers/i2c/busses/i2c-qcom-geni.c | 16 +-
drivers/iio/accel/Kconfig | 2 +
drivers/iio/imu/bno055/Kconfig | 1 +
drivers/iio/industrialio-core.c | 5 +-
drivers/iio/light/hid-sensor-als.c | 1 +
drivers/iio/magnetometer/rm3100-core.c | 10 +-
drivers/infiniband/hw/irdma/verbs.c | 7 +
drivers/interconnect/qcom/sc8180x.c | 1 +
drivers/irqchip/irq-brcmstb-l2.c | 5 +-
drivers/irqchip/irq-gic-v3-its.c | 22 +-
drivers/irqchip/irq-loongson-eiointc.c | 2 +-
drivers/md/dm-crypt.c | 37 +---
drivers/md/dm-verity-target.c | 26 +--
drivers/md/dm-verity.h | 1 -
drivers/md/md.c | 7 +-
.../media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +-
drivers/media/rc/bpf-lirc.c | 6 +-
drivers/media/rc/ir_toy.c | 2 +
drivers/media/rc/lirc_dev.c | 5 +-
drivers/media/rc/rc-core-priv.h | 2 +-
drivers/misc/fastrpc.c | 2 +-
drivers/mmc/core/slot-gpio.c | 6 +-
drivers/mmc/host/sdhci-pci-o2micro.c | 30 +++
drivers/net/can/dev/netlink.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +-
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 +++-
.../net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +-
.../net/ethernet/netronome/nfp/flower/conntrack.c | 24 ++-
.../ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +-
.../ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 +-
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +
drivers/net/ethernet/ti/cpsw.c | 2 +
drivers/net/ethernet/ti/cpsw_new.c | 3 +
drivers/net/hyperv/netvsc.c | 5 +-
drivers/net/hyperv/netvsc_drv.c | 82 ++++++--
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 15 +-
drivers/net/wireless/marvell/mwifiex/Kconfig | 5 +-
drivers/net/wireless/marvell/mwifiex/sdio.c | 46 ++++-
drivers/net/wireless/marvell/mwifiex/sdio.h | 3 +
drivers/net/xen-netback/netback.c | 100 +++++----
drivers/of/property.c | 14 +-
drivers/of/unittest.c | 12 +-
drivers/s390/net/qeth_l3_main.c | 9 +-
drivers/scsi/fcoe/fcoe_ctlr.c | 20 +-
drivers/scsi/storvsc_drv.c | 12 +-
drivers/spi/spi-ppc4xx.c | 5 -
drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +-
drivers/tty/serial/max310x.c | 53 ++++-
drivers/usb/common/ulpi.c | 2 +-
drivers/usb/core/hub.c | 30 ++-
drivers/usb/dwc3/gadget.c | 6 +-
drivers/usb/gadget/function/f_mass_storage.c | 20 +-
drivers/usb/typec/ucsi/ucsi.c | 2 +
drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +-
fs/btrfs/block-group.c | 49 ++++-
fs/btrfs/block-group.h | 7 +
fs/btrfs/delalloc-space.c | 29 ++-
fs/btrfs/disk-io.c | 13 +-
fs/btrfs/inode.c | 26 ++-
fs/btrfs/ioctl.c | 5 +
fs/btrfs/qgroup.c | 14 ++
fs/btrfs/send.c | 2 +-
fs/ceph/caps.c | 3 +-
fs/ext4/mballoc.c | 39 ++--
fs/ext4/move_extent.c | 6 +-
fs/hugetlbfs/inode.c | 19 +-
fs/namespace.c | 11 +-
fs/nfsd/nfs4state.c | 37 ++--
fs/nilfs2/file.c | 8 +-
fs/nilfs2/recovery.c | 7 +-
fs/proc/array.c | 10 +-
fs/smb/client/cached_dir.c | 8 +-
fs/smb/client/smb2ops.c | 2 +-
fs/smb/client/smb2pdu.c | 95 +++++----
fs/smb/client/smb2proto.h | 12 +-
fs/smb/server/smb2pdu.c | 8 +-
fs/zonefs/file.c | 42 ++--
fs/zonefs/super.c | 66 +++---
include/asm-generic/vmlinux.lds.h | 6 -
include/linux/bpf.h | 12 +-
include/linux/compiler-gcc.h | 20 ++
include/linux/compiler_types.h | 11 +-
include/linux/iio/adc/ad_sigma_delta.h | 4 +-
include/linux/iio/common/st_sensors.h | 4 +-
include/linux/iio/imu/adis.h | 3 +-
include/linux/init.h | 3 -
include/linux/mmc/sdio_ids.h | 1 +
include/linux/netfilter/ipset/ip_set.h | 4 +
include/net/tls.h | 5 -
init/Kconfig | 9 +
io_uring/net.c | 5 +-
kernel/bpf/helpers.c | 67 +++---
kernel/bpf/verifier.c | 3 +-
kernel/time/hrtimer.c | 14 +-
kernel/trace/bpf_trace.c | 56 +++--
kernel/trace/ring_buffer.c | 2 +-
kernel/trace/trace.c | 78 +++----
kernel/trace/trace_events_trigger.c | 6 +-
lib/mpi/ec.c | 3 +
mm/page-writeback.c | 2 +-
mm/readahead.c | 4 +-
mm/userfaultfd.c | 15 +-
net/can/j1939/j1939-priv.h | 3 +-
net/can/j1939/main.c | 2 +-
net/can/j1939/socket.c | 46 +++--
net/core/skbuff.c | 3 +-
net/hsr/hsr_device.c | 4 +-
net/mac80211/tx.c | 5 +-
net/mptcp/pm_userspace.c | 13 +-
net/mptcp/protocol.c | 24 +--
net/mptcp/protocol.h | 4 +-
net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +-
net/netfilter/ipset/ip_set_core.c | 39 +++-
net/netfilter/ipset/ip_set_hash_gen.h | 19 +-
net/netfilter/ipset/ip_set_list_set.c | 13 +-
net/netfilter/nft_set_pipapo_avx2.c | 2 +-
net/nfc/nci/core.c | 4 +
net/openvswitch/flow_netlink.c | 49 +++--
net/tls/tls.h | 1 +
net/tls/tls_main.c | 2 +
net/tls/tls_sw.c | 226 +++++++++++++--------
net/wireless/core.c | 1 +
net/xfrm/xfrm_input.c | 77 +++----
net/xfrm/xfrm_output.c | 33 +--
samples/bpf/asm_goto_workaround.h | 8 +-
scripts/Makefile.modpost | 1 +
scripts/link-vmlinux.sh | 9 +-
scripts/mod/modpost.c | 43 ++--
scripts/mod/sumversion.c | 7 +-
security/security.c | 14 +-
sound/pci/hda/patch_conexant.c | 18 ++
sound/pci/hda/patch_cs8409.c | 1 +
sound/pci/hda/patch_realtek.c | 11 +-
sound/soc/amd/yc/acp6x-mach.c | 14 ++
sound/soc/codecs/rt5645.c | 1 +
sound/soc/codecs/wcd938x.c | 2 +-
tools/arch/x86/include/asm/rmwcc.h | 2 +-
tools/include/linux/compiler_types.h | 4 +-
tools/testing/selftests/kvm/dirty_log_test.c | 77 ++++---
tools/testing/selftests/net/mptcp/config | 3 +
tools/testing/selftests/net/mptcp/settings | 2 +-
tools/testing/selftests/vm/ksm_tests.c | 2 +-
tools/testing/selftests/vm/va_128TBswitch.sh | 6 +
tools/tracing/rtla/Makefile | 7 +-
tools/tracing/rtla/src/osnoise_hist.c | 9 +-
tools/tracing/rtla/src/osnoise_top.c | 6 +-
tools/tracing/rtla/src/timerlat_hist.c | 9 +-
tools/tracing/rtla/src/timerlat_top.c | 6 +-
tools/tracing/rtla/src/utils.c | 12 +-
tools/tracing/rtla/src/utils.h | 2 +
225 files changed, 2020 insertions(+), 1099 deletions(-)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 001/197] work around gcc bugs with asm goto with outputs
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 002/197] update workarounds for gcc "asm goto" issue Greg Kroah-Hartman
` (199 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nick Desaulniers, Uros Bizjak,
Jakub Jelinek, Andrew Pinski, Linus Torvalds, Sean Christopherson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 68fb3ca0e408e00db1c3f8fccdfa19e274c033be upstream.
We've had issues with gcc and 'asm goto' before, and we created a
'asm_volatile_goto()' macro for that in the past: see commits
3f0116c3238a ("compiler/gcc4: Add quirk for 'asm goto' miscompilation
bug") and a9f180345f53 ("compiler/gcc4: Make quirk for
asm_volatile_goto() unconditional").
Then, much later, we ended up removing the workaround in commit
43c249ea0b1e ("compiler-gcc.h: remove ancient workaround for gcc PR
58670") because we no longer supported building the kernel with the
affected gcc versions, but we left the macro uses around.
Now, Sean Christopherson reports a new version of a very similar
problem, which is fixed by re-applying that ancient workaround. But the
problem in question is limited to only the 'asm goto with outputs'
cases, so instead of re-introducing the old workaround as-is, let's
rename and limit the workaround to just that much less common case.
It looks like there are at least two separate issues that all hit in
this area:
(a) some versions of gcc don't mark the asm goto as 'volatile' when it
has outputs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98619
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110420
which is easy to work around by just adding the 'volatile' by hand.
(b) Internal compiler errors:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110422
which are worked around by adding the extra empty 'asm' as a
barrier, as in the original workaround.
but the problem Sean sees may be a third thing since it involves bad
code generation (not an ICE) even with the manually added 'volatile'.
The same old workaround works for this case, even if this feels a
bit like voodoo programming and may only be hiding the issue.
Reported-and-tested-by: Sean Christopherson <seanjc@google.com>
Link: https://lore.kernel.org/all/20240208220604.140859-1-seanjc@google.com/
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Cc: Andrew Pinski <quic_apinski@quicinc.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arc/include/asm/jump_label.h | 4 ++--
arch/arm/include/asm/jump_label.h | 4 ++--
arch/arm64/include/asm/alternative-macros.h | 4 ++--
arch/arm64/include/asm/jump_label.h | 4 ++--
arch/csky/include/asm/jump_label.h | 4 ++--
arch/mips/include/asm/jump_label.h | 4 ++--
arch/parisc/include/asm/jump_label.h | 4 ++--
arch/powerpc/include/asm/bug.h | 2 +-
arch/powerpc/include/asm/jump_label.h | 4 ++--
arch/powerpc/include/asm/uaccess.h | 8 ++++----
arch/powerpc/kernel/irq_64.c | 2 +-
arch/riscv/include/asm/jump_label.h | 4 ++--
arch/s390/include/asm/jump_label.h | 4 ++--
arch/sparc/include/asm/jump_label.h | 4 ++--
arch/um/include/asm/cpufeature.h | 2 +-
arch/x86/include/asm/cpufeature.h | 2 +-
arch/x86/include/asm/jump_label.h | 6 +++---
arch/x86/include/asm/rmwcc.h | 2 +-
arch/x86/include/asm/uaccess.h | 10 +++++-----
arch/x86/include/asm/virtext.h | 12 ++++++------
arch/x86/kvm/svm/svm_ops.h | 6 +++---
arch/x86/kvm/vmx/vmx.c | 8 ++++----
arch/x86/kvm/vmx/vmx_ops.h | 6 +++---
arch/xtensa/include/asm/jump_label.h | 4 ++--
include/linux/compiler-gcc.h | 19 +++++++++++++++++++
include/linux/compiler_types.h | 4 ++--
net/netfilter/nft_set_pipapo_avx2.c | 2 +-
samples/bpf/asm_goto_workaround.h | 8 ++++----
tools/arch/x86/include/asm/rmwcc.h | 2 +-
tools/include/linux/compiler_types.h | 4 ++--
30 files changed, 86 insertions(+), 67 deletions(-)
--- a/arch/arc/include/asm/jump_label.h
+++ b/arch/arc/include/asm/jump_label.h
@@ -31,7 +31,7 @@
static __always_inline bool arch_static_branch(struct static_key *key,
bool branch)
{
- asm_volatile_goto(".balign "__stringify(JUMP_LABEL_NOP_SIZE)" \n"
+ asm goto(".balign "__stringify(JUMP_LABEL_NOP_SIZE)" \n"
"1: \n"
"nop \n"
".pushsection __jump_table, \"aw\" \n"
@@ -47,7 +47,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key,
bool branch)
{
- asm_volatile_goto(".balign "__stringify(JUMP_LABEL_NOP_SIZE)" \n"
+ asm goto(".balign "__stringify(JUMP_LABEL_NOP_SIZE)" \n"
"1: \n"
"b %l[l_yes] \n"
".pushsection __jump_table, \"aw\" \n"
--- a/arch/arm/include/asm/jump_label.h
+++ b/arch/arm/include/asm/jump_label.h
@@ -11,7 +11,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
WASM(nop) "\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
@@ -25,7 +25,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
WASM(b) " %l[l_yes]\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
--- a/arch/arm64/include/asm/alternative-macros.h
+++ b/arch/arm64/include/asm/alternative-macros.h
@@ -229,7 +229,7 @@ alternative_has_feature_likely(unsigned
compiletime_assert(feature < ARM64_NCAPS,
"feature must be < ARM64_NCAPS");
- asm_volatile_goto(
+ asm goto(
ALTERNATIVE_CB("b %l[l_no]", %[feature], alt_cb_patch_nops)
:
: [feature] "i" (feature)
@@ -247,7 +247,7 @@ alternative_has_feature_unlikely(unsigne
compiletime_assert(feature < ARM64_NCAPS,
"feature must be < ARM64_NCAPS");
- asm_volatile_goto(
+ asm goto(
ALTERNATIVE("nop", "b %l[l_yes]", %[feature])
:
: [feature] "i" (feature)
--- a/arch/arm64/include/asm/jump_label.h
+++ b/arch/arm64/include/asm/jump_label.h
@@ -18,7 +18,7 @@
static __always_inline bool arch_static_branch(struct static_key *key,
bool branch)
{
- asm_volatile_goto(
+ asm goto(
"1: nop \n\t"
" .pushsection __jump_table, \"aw\" \n\t"
" .align 3 \n\t"
@@ -35,7 +35,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key,
bool branch)
{
- asm_volatile_goto(
+ asm goto(
"1: b %l[l_yes] \n\t"
" .pushsection __jump_table, \"aw\" \n\t"
" .align 3 \n\t"
--- a/arch/csky/include/asm/jump_label.h
+++ b/arch/csky/include/asm/jump_label.h
@@ -12,7 +12,7 @@
static __always_inline bool arch_static_branch(struct static_key *key,
bool branch)
{
- asm_volatile_goto(
+ asm goto(
"1: nop32 \n"
" .pushsection __jump_table, \"aw\" \n"
" .align 2 \n"
@@ -29,7 +29,7 @@ label:
static __always_inline bool arch_static_branch_jump(struct static_key *key,
bool branch)
{
- asm_volatile_goto(
+ asm goto(
"1: bsr32 %l[label] \n"
" .pushsection __jump_table, \"aw\" \n"
" .align 2 \n"
--- a/arch/mips/include/asm/jump_label.h
+++ b/arch/mips/include/asm/jump_label.h
@@ -36,7 +36,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\t" B_INSN " 2f\n\t"
+ asm goto("1:\t" B_INSN " 2f\n\t"
"2:\t.insn\n\t"
".pushsection __jump_table, \"aw\"\n\t"
WORD_INSN " 1b, %l[l_yes], %0\n\t"
@@ -50,7 +50,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\t" J_INSN " %l[l_yes]\n\t"
+ asm goto("1:\t" J_INSN " %l[l_yes]\n\t"
".pushsection __jump_table, \"aw\"\n\t"
WORD_INSN " 1b, %l[l_yes], %0\n\t"
".popsection\n\t"
--- a/arch/parisc/include/asm/jump_label.h
+++ b/arch/parisc/include/asm/jump_label.h
@@ -12,7 +12,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"nop\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".align %1\n\t"
@@ -29,7 +29,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"b,n %l[l_yes]\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".align %1\n\t"
--- a/arch/powerpc/include/asm/bug.h
+++ b/arch/powerpc/include/asm/bug.h
@@ -74,7 +74,7 @@
##__VA_ARGS__)
#define WARN_ENTRY(insn, flags, label, ...) \
- asm_volatile_goto( \
+ asm goto( \
"1: " insn "\n" \
EX_TABLE(1b, %l[label]) \
_EMIT_BUG_ENTRY \
--- a/arch/powerpc/include/asm/jump_label.h
+++ b/arch/powerpc/include/asm/jump_label.h
@@ -17,7 +17,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"nop # arch_static_branch\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".long 1b - ., %l[l_yes] - .\n\t"
@@ -32,7 +32,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"b %l[l_yes] # arch_static_branch_jump\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".long 1b - ., %l[l_yes] - .\n\t"
--- a/arch/powerpc/include/asm/uaccess.h
+++ b/arch/powerpc/include/asm/uaccess.h
@@ -72,7 +72,7 @@ __pu_failed: \
* are no aliasing issues.
*/
#define __put_user_asm_goto(x, addr, label, op) \
- asm_volatile_goto( \
+ asm goto( \
"1: " op "%U1%X1 %0,%1 # put_user\n" \
EX_TABLE(1b, %l2) \
: \
@@ -85,7 +85,7 @@ __pu_failed: \
__put_user_asm_goto(x, ptr, label, "std")
#else /* __powerpc64__ */
#define __put_user_asm2_goto(x, addr, label) \
- asm_volatile_goto( \
+ asm goto( \
"1: stw%X1 %0, %1\n" \
"2: stw%X1 %L0, %L1\n" \
EX_TABLE(1b, %l2) \
@@ -132,7 +132,7 @@ do { \
#ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
#define __get_user_asm_goto(x, addr, label, op) \
- asm_volatile_goto( \
+ asm_goto_output( \
"1: "op"%U1%X1 %0, %1 # get_user\n" \
EX_TABLE(1b, %l2) \
: "=r" (x) \
@@ -145,7 +145,7 @@ do { \
__get_user_asm_goto(x, addr, label, "ld")
#else /* __powerpc64__ */
#define __get_user_asm2_goto(x, addr, label) \
- asm_volatile_goto( \
+ asm_goto_output( \
"1: lwz%X1 %0, %1\n" \
"2: lwz%X1 %L0, %L1\n" \
EX_TABLE(1b, %l2) \
--- a/arch/powerpc/kernel/irq_64.c
+++ b/arch/powerpc/kernel/irq_64.c
@@ -230,7 +230,7 @@ again:
* This allows interrupts to be unmasked without hard disabling, and
* also without new hard interrupts coming in ahead of pending ones.
*/
- asm_volatile_goto(
+ asm goto(
"1: \n"
" lbz 9,%0(13) \n"
" cmpwi 9,0 \n"
--- a/arch/riscv/include/asm/jump_label.h
+++ b/arch/riscv/include/asm/jump_label.h
@@ -17,7 +17,7 @@
static __always_inline bool arch_static_branch(struct static_key * const key,
const bool branch)
{
- asm_volatile_goto(
+ asm goto(
" .align 2 \n\t"
" .option push \n\t"
" .option norelax \n\t"
@@ -39,7 +39,7 @@ label:
static __always_inline bool arch_static_branch_jump(struct static_key * const key,
const bool branch)
{
- asm_volatile_goto(
+ asm goto(
" .align 2 \n\t"
" .option push \n\t"
" .option norelax \n\t"
--- a/arch/s390/include/asm/jump_label.h
+++ b/arch/s390/include/asm/jump_label.h
@@ -25,7 +25,7 @@
*/
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("0: brcl 0,%l[label]\n"
+ asm goto("0: brcl 0,%l[label]\n"
".pushsection __jump_table,\"aw\"\n"
".balign 8\n"
".long 0b-.,%l[label]-.\n"
@@ -39,7 +39,7 @@ label:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("0: brcl 15,%l[label]\n"
+ asm goto("0: brcl 15,%l[label]\n"
".pushsection __jump_table,\"aw\"\n"
".balign 8\n"
".long 0b-.,%l[label]-.\n"
--- a/arch/sparc/include/asm/jump_label.h
+++ b/arch/sparc/include/asm/jump_label.h
@@ -10,7 +10,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"nop\n\t"
"nop\n\t"
".pushsection __jump_table, \"aw\"\n\t"
@@ -26,7 +26,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"b %l[l_yes]\n\t"
"nop\n\t"
".pushsection __jump_table, \"aw\"\n\t"
--- a/arch/um/include/asm/cpufeature.h
+++ b/arch/um/include/asm/cpufeature.h
@@ -75,7 +75,7 @@ extern void setup_clear_cpu_cap(unsigned
*/
static __always_inline bool _static_cpu_has(u16 bit)
{
- asm_volatile_goto("1: jmp 6f\n"
+ asm goto("1: jmp 6f\n"
"2:\n"
".skip -(((5f-4f) - (2b-1b)) > 0) * "
"((5f-4f) - (2b-1b)),0x90\n"
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
@@ -173,7 +173,7 @@ extern void clear_cpu_cap(struct cpuinfo
*/
static __always_inline bool _static_cpu_has(u16 bit)
{
- asm_volatile_goto(
+ asm goto(
ALTERNATIVE_TERNARY("jmp 6f", %P[feature], "", "jmp %l[t_no]")
".pushsection .altinstr_aux,\"ax\"\n"
"6:\n"
--- a/arch/x86/include/asm/jump_label.h
+++ b/arch/x86/include/asm/jump_label.h
@@ -24,7 +24,7 @@
static __always_inline bool arch_static_branch(struct static_key *key, bool branch)
{
- asm_volatile_goto("1:"
+ asm goto("1:"
"jmp %l[l_yes] # objtool NOPs this \n\t"
JUMP_TABLE_ENTRY
: : "i" (key), "i" (2 | branch) : : l_yes);
@@ -38,7 +38,7 @@ l_yes:
static __always_inline bool arch_static_branch(struct static_key * const key, const bool branch)
{
- asm_volatile_goto("1:"
+ asm goto("1:"
".byte " __stringify(BYTES_NOP5) "\n\t"
JUMP_TABLE_ENTRY
: : "i" (key), "i" (branch) : : l_yes);
@@ -52,7 +52,7 @@ l_yes:
static __always_inline bool arch_static_branch_jump(struct static_key * const key, const bool branch)
{
- asm_volatile_goto("1:"
+ asm goto("1:"
"jmp %l[l_yes]\n\t"
JUMP_TABLE_ENTRY
: : "i" (key), "i" (branch) : : l_yes);
--- a/arch/x86/include/asm/rmwcc.h
+++ b/arch/x86/include/asm/rmwcc.h
@@ -18,7 +18,7 @@
#define __GEN_RMWcc(fullop, _var, cc, clobbers, ...) \
({ \
bool c = false; \
- asm_volatile_goto (fullop "; j" #cc " %l[cc_label]" \
+ asm goto (fullop "; j" #cc " %l[cc_label]" \
: : [var] "m" (_var), ## __VA_ARGS__ \
: clobbers : cc_label); \
if (0) { \
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -155,7 +155,7 @@ extern int __get_user_bad(void);
#ifdef CONFIG_X86_32
#define __put_user_goto_u64(x, addr, label) \
- asm_volatile_goto("\n" \
+ asm goto("\n" \
"1: movl %%eax,0(%1)\n" \
"2: movl %%edx,4(%1)\n" \
_ASM_EXTABLE_UA(1b, %l2) \
@@ -317,7 +317,7 @@ do { \
} while (0)
#define __get_user_asm(x, addr, itype, ltype, label) \
- asm_volatile_goto("\n" \
+ asm_goto_output("\n" \
"1: mov"itype" %[umem],%[output]\n" \
_ASM_EXTABLE_UA(1b, %l2) \
: [output] ltype(x) \
@@ -397,7 +397,7 @@ do { \
__typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
__typeof__(*(_ptr)) __old = *_old; \
__typeof__(*(_ptr)) __new = (_new); \
- asm_volatile_goto("\n" \
+ asm_goto_output("\n" \
"1: " LOCK_PREFIX "cmpxchg"itype" %[new], %[ptr]\n"\
_ASM_EXTABLE_UA(1b, %l[label]) \
: CC_OUT(z) (success), \
@@ -416,7 +416,7 @@ do { \
__typeof__(_ptr) _old = (__typeof__(_ptr))(_pold); \
__typeof__(*(_ptr)) __old = *_old; \
__typeof__(*(_ptr)) __new = (_new); \
- asm_volatile_goto("\n" \
+ asm_goto_output("\n" \
"1: " LOCK_PREFIX "cmpxchg8b %[ptr]\n" \
_ASM_EXTABLE_UA(1b, %l[label]) \
: CC_OUT(z) (success), \
@@ -499,7 +499,7 @@ struct __large_struct { unsigned long bu
* aliasing issues.
*/
#define __put_user_goto(x, addr, itype, ltype, label) \
- asm_volatile_goto("\n" \
+ asm goto("\n" \
"1: mov"itype" %0,%1\n" \
_ASM_EXTABLE_UA(1b, %l2) \
: : ltype(x), "m" (__m(addr)) \
--- a/arch/x86/include/asm/virtext.h
+++ b/arch/x86/include/asm/virtext.h
@@ -43,9 +43,9 @@ static inline int cpu_has_vmx(void)
*/
static inline int cpu_vmxoff(void)
{
- asm_volatile_goto("1: vmxoff\n\t"
- _ASM_EXTABLE(1b, %l[fault])
- ::: "cc", "memory" : fault);
+ asm goto("1: vmxoff\n\t"
+ _ASM_EXTABLE(1b, %l[fault])
+ ::: "cc", "memory" : fault);
cr4_clear_bits(X86_CR4_VMXE);
return 0;
@@ -129,9 +129,9 @@ static inline void cpu_svm_disable(void)
* case, GIF must already be set, otherwise the NMI would have
* been blocked, so just eat the fault.
*/
- asm_volatile_goto("1: stgi\n\t"
- _ASM_EXTABLE(1b, %l[fault])
- ::: "memory" : fault);
+ asm goto("1: stgi\n\t"
+ _ASM_EXTABLE(1b, %l[fault])
+ ::: "memory" : fault);
fault:
wrmsrl(MSR_EFER, efer & ~EFER_SVME);
}
--- a/arch/x86/kvm/svm/svm_ops.h
+++ b/arch/x86/kvm/svm/svm_ops.h
@@ -8,7 +8,7 @@
#define svm_asm(insn, clobber...) \
do { \
- asm_volatile_goto("1: " __stringify(insn) "\n\t" \
+ asm goto("1: " __stringify(insn) "\n\t" \
_ASM_EXTABLE(1b, %l[fault]) \
::: clobber : fault); \
return; \
@@ -18,7 +18,7 @@ fault: \
#define svm_asm1(insn, op1, clobber...) \
do { \
- asm_volatile_goto("1: " __stringify(insn) " %0\n\t" \
+ asm goto("1: " __stringify(insn) " %0\n\t" \
_ASM_EXTABLE(1b, %l[fault]) \
:: op1 : clobber : fault); \
return; \
@@ -28,7 +28,7 @@ fault: \
#define svm_asm2(insn, op1, op2, clobber...) \
do { \
- asm_volatile_goto("1: " __stringify(insn) " %1, %0\n\t" \
+ asm goto("1: " __stringify(insn) " %1, %0\n\t" \
_ASM_EXTABLE(1b, %l[fault]) \
:: op1, op2 : clobber : fault); \
return; \
--- a/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@ -2469,10 +2469,10 @@ static int kvm_cpu_vmxon(u64 vmxon_point
cr4_set_bits(X86_CR4_VMXE);
- asm_volatile_goto("1: vmxon %[vmxon_pointer]\n\t"
- _ASM_EXTABLE(1b, %l[fault])
- : : [vmxon_pointer] "m"(vmxon_pointer)
- : : fault);
+ asm goto("1: vmxon %[vmxon_pointer]\n\t"
+ _ASM_EXTABLE(1b, %l[fault])
+ : : [vmxon_pointer] "m"(vmxon_pointer)
+ : : fault);
return 0;
fault:
--- a/arch/x86/kvm/vmx/vmx_ops.h
+++ b/arch/x86/kvm/vmx/vmx_ops.h
@@ -73,7 +73,7 @@ static __always_inline unsigned long __v
#ifdef CONFIG_CC_HAS_ASM_GOTO_OUTPUT
- asm_volatile_goto("1: vmread %[field], %[output]\n\t"
+ asm_goto_output("1: vmread %[field], %[output]\n\t"
"jna %l[do_fail]\n\t"
_ASM_EXTABLE(1b, %l[do_exception])
@@ -166,7 +166,7 @@ static __always_inline unsigned long vmc
#define vmx_asm1(insn, op1, error_args...) \
do { \
- asm_volatile_goto("1: " __stringify(insn) " %0\n\t" \
+ asm goto("1: " __stringify(insn) " %0\n\t" \
".byte 0x2e\n\t" /* branch not taken hint */ \
"jna %l[error]\n\t" \
_ASM_EXTABLE(1b, %l[fault]) \
@@ -183,7 +183,7 @@ fault: \
#define vmx_asm2(insn, op1, op2, error_args...) \
do { \
- asm_volatile_goto("1: " __stringify(insn) " %1, %0\n\t" \
+ asm goto("1: " __stringify(insn) " %1, %0\n\t" \
".byte 0x2e\n\t" /* branch not taken hint */ \
"jna %l[error]\n\t" \
_ASM_EXTABLE(1b, %l[fault]) \
--- a/arch/xtensa/include/asm/jump_label.h
+++ b/arch/xtensa/include/asm/jump_label.h
@@ -13,7 +13,7 @@
static __always_inline bool arch_static_branch(struct static_key *key,
bool branch)
{
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
"_nop\n\t"
".pushsection __jump_table, \"aw\"\n\t"
".word 1b, %l[l_yes], %c0\n\t"
@@ -38,7 +38,7 @@ static __always_inline bool arch_static_
* make it reachable and wrap both into a no-transform block
* to avoid any assembler interference with this.
*/
- asm_volatile_goto("1:\n\t"
+ asm goto("1:\n\t"
".begin no-transform\n\t"
"_j %l[l_yes]\n\t"
"2:\n\t"
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -66,6 +66,25 @@
__builtin_unreachable(); \
} while (0)
+/*
+ * GCC 'asm goto' with outputs miscompiles certain code sequences:
+ *
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110420
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110422
+ *
+ * Work it around via the same compiler barrier quirk that we used
+ * to use for the old 'asm goto' workaround.
+ *
+ * Also, always mark such 'asm goto' statements as volatile: all
+ * asm goto statements are supposed to be volatile as per the
+ * documentation, but some versions of gcc didn't actually do
+ * that for asms with outputs:
+ *
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98619
+ */
+#define asm_goto_output(x...) \
+ do { asm volatile goto(x); asm (""); } while (0)
+
#if defined(CONFIG_ARCH_USE_BUILTIN_BSWAP)
#define __HAVE_BUILTIN_BSWAP32__
#define __HAVE_BUILTIN_BSWAP64__
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -284,8 +284,8 @@ struct ftrace_likely_data {
# define __realloc_size(x, ...)
#endif
-#ifndef asm_volatile_goto
-#define asm_volatile_goto(x...) asm goto(x)
+#ifndef asm_goto_output
+#define asm_goto_output(x...) asm goto(x)
#endif
#ifdef CONFIG_CC_HAS_ASM_INLINE
--- a/net/netfilter/nft_set_pipapo_avx2.c
+++ b/net/netfilter/nft_set_pipapo_avx2.c
@@ -57,7 +57,7 @@
/* Jump to label if @reg is zero */
#define NFT_PIPAPO_AVX2_NOMATCH_GOTO(reg, label) \
- asm_volatile_goto("vptest %%ymm" #reg ", %%ymm" #reg ";" \
+ asm goto("vptest %%ymm" #reg ", %%ymm" #reg ";" \
"je %l[" #label "]" : : : : label)
/* Store 256 bits from YMM register into memory. Contrary to bucket load
--- a/samples/bpf/asm_goto_workaround.h
+++ b/samples/bpf/asm_goto_workaround.h
@@ -4,14 +4,14 @@
#define __ASM_GOTO_WORKAROUND_H
/*
- * This will bring in asm_volatile_goto and asm_inline macro definitions
+ * This will bring in asm_goto_output and asm_inline macro definitions
* if enabled by compiler and config options.
*/
#include <linux/types.h>
-#ifdef asm_volatile_goto
-#undef asm_volatile_goto
-#define asm_volatile_goto(x...) asm volatile("invalid use of asm_volatile_goto")
+#ifdef asm_goto_output
+#undef asm_goto_output
+#define asm_goto_output(x...) asm volatile("invalid use of asm_goto_output")
#endif
/*
--- a/tools/arch/x86/include/asm/rmwcc.h
+++ b/tools/arch/x86/include/asm/rmwcc.h
@@ -4,7 +4,7 @@
#define __GEN_RMWcc(fullop, var, cc, ...) \
do { \
- asm_volatile_goto (fullop "; j" cc " %l[cc_label]" \
+ asm goto (fullop "; j" cc " %l[cc_label]" \
: : "m" (var), ## __VA_ARGS__ \
: "memory" : cc_label); \
return 0; \
--- a/tools/include/linux/compiler_types.h
+++ b/tools/include/linux/compiler_types.h
@@ -36,8 +36,8 @@
#include <linux/compiler-gcc.h>
#endif
-#ifndef asm_volatile_goto
-#define asm_volatile_goto(x...) asm goto(x)
+#ifndef asm_goto_output
+#define asm_goto_output(x...) asm goto(x)
#endif
#endif /* __LINUX_COMPILER_TYPES_H */
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 002/197] update workarounds for gcc "asm goto" issue
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 001/197] work around gcc bugs with asm goto with outputs Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 003/197] btrfs: add and use helper to check if block group is used Greg Kroah-Hartman
` (198 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Jelinek, Uros Bizjak,
Nick Desaulniers, Sean Christopherson, Andrew Pinski,
Linus Torvalds
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 68fb3ca0e408e00db1c3f8fccdfa19e274c033be upstream.
In commit 4356e9f841f7 ("work around gcc bugs with 'asm goto' with
outputs") I did the gcc workaround unconditionally, because the cause of
the bad code generation wasn't entirely clear.
In the meantime, Jakub Jelinek debugged the issue, and has come up with
a fix in gcc [2], which also got backported to the still maintained
branches of gcc-11, gcc-12 and gcc-13.
Note that while the fix technically wasn't in the original gcc-14
branch, Jakub says:
"while it is true that no GCC 14 snapshots until today (or whenever the
fix will be committed) have the fix, for GCC trunk it is up to the
distros to use the latest snapshot if they use it at all and would
allow better testing of the kernel code without the workaround, so
that if there are other issues they won't be discovered years later.
Most userland code doesn't actually use asm goto with outputs..."
so we will consider gcc-14 to be fixed - if somebody is using gcc
snapshots of the gcc-14 before the fix, they should upgrade.
Note that while the bug goes back to gcc-11, in practice other gcc
changes seem to have effectively hidden it since gcc-12.1 as per a
bisect by Jakub. So even a gcc-14 snapshot without the fix likely
doesn't show actual problems.
Also, make the default 'asm_goto_output()' macro mark the asm as
volatile by hand, because of an unrelated gcc issue [1] where it doesn't
match the documented behavior ("asm goto is always volatile").
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103979 [1]
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921 [2]
Link: https://lore.kernel.org/all/20240208220604.140859-1-seanjc@google.com/
Requested-by: Jakub Jelinek <jakub@redhat.com>
Cc: Uros Bizjak <ubizjak@gmail.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Andrew Pinski <quic_apinski@quicinc.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/compiler-gcc.h | 7 ++++---
include/linux/compiler_types.h | 9 ++++++++-
init/Kconfig | 9 +++++++++
3 files changed, 21 insertions(+), 4 deletions(-)
--- a/include/linux/compiler-gcc.h
+++ b/include/linux/compiler-gcc.h
@@ -69,10 +69,9 @@
/*
* GCC 'asm goto' with outputs miscompiles certain code sequences:
*
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110420
- * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110422
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921
*
- * Work it around via the same compiler barrier quirk that we used
+ * Work around it via the same compiler barrier quirk that we used
* to use for the old 'asm goto' workaround.
*
* Also, always mark such 'asm goto' statements as volatile: all
@@ -82,8 +81,10 @@
*
* https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98619
*/
+#ifdef CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND
#define asm_goto_output(x...) \
do { asm volatile goto(x); asm (""); } while (0)
+#endif
#if defined(CONFIG_ARCH_USE_BUILTIN_BSWAP)
#define __HAVE_BUILTIN_BSWAP32__
--- a/include/linux/compiler_types.h
+++ b/include/linux/compiler_types.h
@@ -284,8 +284,15 @@ struct ftrace_likely_data {
# define __realloc_size(x, ...)
#endif
+/*
+ * Some versions of gcc do not mark 'asm goto' volatile:
+ *
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103979
+ *
+ * We do it here by hand, because it doesn't hurt.
+ */
#ifndef asm_goto_output
-#define asm_goto_output(x...) asm goto(x)
+#define asm_goto_output(x...) asm volatile goto(x)
#endif
#ifdef CONFIG_CC_HAS_ASM_INLINE
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -89,6 +89,15 @@ config CC_HAS_ASM_GOTO_TIED_OUTPUT
# Detect buggy gcc and clang, fixed in gcc-11 clang-14.
def_bool $(success,echo 'int foo(int *x) { asm goto (".long (%l[bar]) - .": "+m"(*x) ::: bar); return *x; bar: return 0; }' | $CC -x c - -c -o /dev/null)
+config GCC_ASM_GOTO_OUTPUT_WORKAROUND
+ bool
+ depends on CC_IS_GCC && CC_HAS_ASM_GOTO_OUTPUT
+ # Fixed in GCC 14, 13.3, 12.4 and 11.5
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921
+ default y if GCC_VERSION < 110500
+ default y if GCC_VERSION >= 120000 && GCC_VERSION < 120400
+ default y if GCC_VERSION >= 130000 && GCC_VERSION < 130300
+
config TOOLS_SUPPORT_RELR
def_bool $(success,env "CC=$(CC)" "LD=$(LD)" "NM=$(NM)" "OBJCOPY=$(OBJCOPY)" $(srctree)/scripts/tools-support-relr.sh)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 003/197] btrfs: add and use helper to check if block group is used
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 001/197] work around gcc bugs with asm goto with outputs Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 002/197] update workarounds for gcc "asm goto" issue Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 004/197] btrfs: do not delete unused block group if it may be used soon Greg Kroah-Hartman
` (197 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Josef Bacik,
Boris Burkov, Filipe Manana, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 1693d5442c458ae8d5b0d58463b873cd879569ed upstream.
Add a helper function to determine if a block group is being used and make
use of it at btrfs_delete_unused_bgs(). This helper will also be used in
future code changes.
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 3 +--
fs/btrfs/block-group.h | 7 +++++++
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -1375,8 +1375,7 @@ void btrfs_delete_unused_bgs(struct btrf
}
spin_lock(&block_group->lock);
- if (block_group->reserved || block_group->pinned ||
- block_group->used || block_group->ro ||
+ if (btrfs_is_block_group_used(block_group) || block_group->ro ||
list_is_singular(&block_group->list)) {
/*
* We want to bail if we made new allocations or have
--- a/fs/btrfs/block-group.h
+++ b/fs/btrfs/block-group.h
@@ -241,6 +241,13 @@ static inline u64 btrfs_block_group_end(
return (block_group->start + block_group->length);
}
+static inline bool btrfs_is_block_group_used(const struct btrfs_block_group *bg)
+{
+ lockdep_assert_held(&bg->lock);
+
+ return (bg->used > 0 || bg->reserved > 0 || bg->pinned > 0);
+}
+
static inline bool btrfs_is_block_group_data_only(
struct btrfs_block_group *block_group)
{
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 004/197] btrfs: do not delete unused block group if it may be used soon
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (2 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 003/197] btrfs: add and use helper to check if block group is used Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 005/197] btrfs: forbid creating subvol qgroups Greg Kroah-Hartman
` (196 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Josef Bacik,
Boris Burkov, Filipe Manana, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit f4a9f219411f318ae60d6ff7f129082a75686c6c upstream.
Before deleting a block group that is in the list of unused block groups
(fs_info->unused_bgs), we check if the block group became used before
deleting it, as extents from it may have been allocated after it was added
to the list.
However even if the block group was not yet used, there may be tasks that
have only reserved space and have not yet allocated extents, and they
might be relying on the availability of the unused block group in order
to allocate extents. The reservation works first by increasing the
"bytes_may_use" field of the corresponding space_info object (which may
first require flushing delayed items, allocating a new block group, etc),
and only later a task does the actual allocation of extents.
For metadata we usually don't end up using all reserved space, as we are
pessimistic and typically account for the worst cases (need to COW every
single node in a path of a tree at maximum possible height, etc). For
data we usually reserve the exact amount of space we're going to allocate
later, except when using compression where we always reserve space based
on the uncompressed size, as compression is only triggered when writeback
starts so we don't know in advance how much space we'll actually need, or
if the data is compressible.
So don't delete an unused block group if the total size of its space_info
object minus the block group's size is less then the sum of used space and
space that may be used (space_info->bytes_may_use), as that means we have
tasks that reserved space and may need to allocate extents from the block
group. In this case, besides skipping the deletion, re-add the block group
to the list of unused block groups so that it may be reconsidered later,
in case the tasks that reserved space end up not needing to allocate
extents from it.
Allowing the deletion of the block group while we have reserved space, can
result in tasks failing to allocate metadata extents (-ENOSPC) while under
a transaction handle, resulting in a transaction abort, or failure during
writeback for the case of data extents.
CC: stable@vger.kernel.org # 6.0+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: Boris Burkov <boris@bur.io>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/block-group.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
--- a/fs/btrfs/block-group.c
+++ b/fs/btrfs/block-group.c
@@ -1318,6 +1318,7 @@ out:
*/
void btrfs_delete_unused_bgs(struct btrfs_fs_info *fs_info)
{
+ LIST_HEAD(retry_list);
struct btrfs_block_group *block_group;
struct btrfs_space_info *space_info;
struct btrfs_trans_handle *trans;
@@ -1339,6 +1340,7 @@ void btrfs_delete_unused_bgs(struct btrf
spin_lock(&fs_info->unused_bgs_lock);
while (!list_empty(&fs_info->unused_bgs)) {
+ u64 used;
int trimming;
block_group = list_first_entry(&fs_info->unused_bgs,
@@ -1374,6 +1376,7 @@ void btrfs_delete_unused_bgs(struct btrf
goto next;
}
+ spin_lock(&space_info->lock);
spin_lock(&block_group->lock);
if (btrfs_is_block_group_used(block_group) || block_group->ro ||
list_is_singular(&block_group->list)) {
@@ -1385,10 +1388,49 @@ void btrfs_delete_unused_bgs(struct btrf
*/
trace_btrfs_skip_unused_block_group(block_group);
spin_unlock(&block_group->lock);
+ spin_unlock(&space_info->lock);
up_write(&space_info->groups_sem);
goto next;
}
+
+ /*
+ * The block group may be unused but there may be space reserved
+ * accounting with the existence of that block group, that is,
+ * space_info->bytes_may_use was incremented by a task but no
+ * space was yet allocated from the block group by the task.
+ * That space may or may not be allocated, as we are generally
+ * pessimistic about space reservation for metadata as well as
+ * for data when using compression (as we reserve space based on
+ * the worst case, when data can't be compressed, and before
+ * actually attempting compression, before starting writeback).
+ *
+ * So check if the total space of the space_info minus the size
+ * of this block group is less than the used space of the
+ * space_info - if that's the case, then it means we have tasks
+ * that might be relying on the block group in order to allocate
+ * extents, and add back the block group to the unused list when
+ * we finish, so that we retry later in case no tasks ended up
+ * needing to allocate extents from the block group.
+ */
+ used = btrfs_space_info_used(space_info, true);
+ if (space_info->total_bytes - block_group->length < used) {
+ /*
+ * Add a reference for the list, compensate for the ref
+ * drop under the "next" label for the
+ * fs_info->unused_bgs list.
+ */
+ btrfs_get_block_group(block_group);
+ list_add_tail(&block_group->bg_list, &retry_list);
+
+ trace_btrfs_skip_unused_block_group(block_group);
+ spin_unlock(&block_group->lock);
+ spin_unlock(&space_info->lock);
+ up_write(&space_info->groups_sem);
+ goto next;
+ }
+
spin_unlock(&block_group->lock);
+ spin_unlock(&space_info->lock);
/* We don't want to force the issue, only flip if it's ok. */
ret = inc_block_group_ro(block_group, 0);
@@ -1512,12 +1554,16 @@ next:
btrfs_put_block_group(block_group);
spin_lock(&fs_info->unused_bgs_lock);
}
+ list_splice_tail(&retry_list, &fs_info->unused_bgs);
spin_unlock(&fs_info->unused_bgs_lock);
mutex_unlock(&fs_info->reclaim_bgs_lock);
return;
flip_async:
btrfs_end_transaction(trans);
+ spin_lock(&fs_info->unused_bgs_lock);
+ list_splice_tail(&retry_list, &fs_info->unused_bgs);
+ spin_unlock(&fs_info->unused_bgs_lock);
mutex_unlock(&fs_info->reclaim_bgs_lock);
btrfs_put_block_group(block_group);
btrfs_discard_punt_unused_bgs_list(fs_info);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 005/197] btrfs: forbid creating subvol qgroups
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (3 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 004/197] btrfs: do not delete unused block group if it may be used soon Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 006/197] btrfs: do not ASSERT() if the newly created subvolume already got read Greg Kroah-Hartman
` (195 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Boris Burkov,
David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Burkov <boris@bur.io>
commit 0c309d66dacddf8ce939b891d9ead4a8e21ad6f0 upstream.
Creating a qgroup 0/subvolid leads to various races and it isn't
helpful, because you can't specify a subvol id when creating a subvol,
so you can't be sure it will be the right one. Any requirements on the
automatic subvol can be gratified by using a higher level qgroup and the
inheritance parameters of subvol creation.
Fixes: cecbb533b5fc ("btrfs: record simple quota deltas in delayed refs")
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Boris Burkov <boris@bur.io>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/ioctl.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -4695,6 +4695,11 @@ static long btrfs_ioctl_qgroup_create(st
goto out;
}
+ if (sa->create && is_fstree(sa->qgroupid)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
trans = btrfs_join_transaction(root);
if (IS_ERR(trans)) {
ret = PTR_ERR(trans);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 006/197] btrfs: do not ASSERT() if the newly created subvolume already got read
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (4 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 005/197] btrfs: forbid creating subvol qgroups Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 007/197] btrfs: forbid deleting live subvol qgroup Greg Kroah-Hartman
` (194 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Chenyuan Yang, Filipe Manana,
Qu Wenruo, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Qu Wenruo <wqu@suse.com>
commit e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb upstream.
[BUG]
There is a syzbot crash, triggered by the ASSERT() during subvolume
creation:
assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319
------------[ cut here ]------------
kernel BUG at fs/btrfs/disk-io.c:1319!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60
<TASK>
btrfs_get_new_fs_root+0xd3/0xf0
create_subvol+0xd02/0x1650
btrfs_mksubvol+0xe95/0x12b0
__btrfs_ioctl_snap_create+0x2f9/0x4f0
btrfs_ioctl_snap_create+0x16b/0x200
btrfs_ioctl+0x35f0/0x5cf0
__x64_sys_ioctl+0x19d/0x210
do_syscall_64+0x3f/0xe0
entry_SYSCALL_64_after_hwframe+0x63/0x6b
---[ end trace 0000000000000000 ]---
[CAUSE]
During create_subvol(), after inserting root item for the newly created
subvolume, we would trigger btrfs_get_new_fs_root() to get the
btrfs_root of that subvolume.
The idea here is, we have preallocated an anonymous device number for
the subvolume, thus we can assign it to the new subvolume.
But there is really nothing preventing things like backref walk to read
the new subvolume.
If that happens before we call btrfs_get_new_fs_root(), the subvolume
would be read out, with a new anonymous device number assigned already.
In that case, we would trigger ASSERT(), as we really expect no one to
read out that subvolume (which is not yet accessible from the fs).
But things like backref walk is still possible to trigger the read on
the subvolume.
Thus our assumption on the ASSERT() is not correct in the first place.
[FIX]
Fix it by removing the ASSERT(), and just free the @anon_dev, reset it
to 0, and continue.
If the subvolume tree is read out by something else, it should have
already get a new anon_dev assigned thus we only need to free the
preallocated one.
Reported-by: Chenyuan Yang <chenyuan0y@gmail.com>
Fixes: 2dfb1e43f57d ("btrfs: preallocate anon block device at first phase of snapshot creation")
CC: stable@vger.kernel.org # 5.15+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Qu Wenruo <wqu@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/disk-io.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
--- a/fs/btrfs/disk-io.c
+++ b/fs/btrfs/disk-io.c
@@ -1662,8 +1662,17 @@ static struct btrfs_root *btrfs_get_root
again:
root = btrfs_lookup_fs_root(fs_info, objectid);
if (root) {
- /* Shouldn't get preallocated anon_dev for cached roots */
- ASSERT(!anon_dev);
+ /*
+ * Some other caller may have read out the newly inserted
+ * subvolume already (for things like backref walk etc). Not
+ * that common but still possible. In that case, we just need
+ * to free the anon_dev.
+ */
+ if (unlikely(anon_dev)) {
+ free_anon_bdev(anon_dev);
+ anon_dev = 0;
+ }
+
if (check_ref && btrfs_root_refs(&root->root_item) == 0) {
btrfs_put_root(root);
return ERR_PTR(-ENOENT);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 007/197] btrfs: forbid deleting live subvol qgroup
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (5 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 006/197] btrfs: do not ASSERT() if the newly created subvolume already got read Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 008/197] btrfs: send: return EOPNOTSUPP on unknown flags Greg Kroah-Hartman
` (193 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Qu Wenruo, Boris Burkov,
David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Boris Burkov <boris@bur.io>
commit a8df35619948bd8363d330c20a90c9a7fbff28c0 upstream.
If a subvolume still exists, forbid deleting its qgroup 0/subvolid.
This behavior generally leads to incorrect behavior in squotas and
doesn't have a legitimate purpose.
Fixes: cecbb533b5fc ("btrfs: record simple quota deltas in delayed refs")
CC: stable@vger.kernel.org # 5.4+
Reviewed-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Boris Burkov <boris@bur.io>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/qgroup.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/fs/btrfs/qgroup.c
+++ b/fs/btrfs/qgroup.c
@@ -1635,6 +1635,15 @@ out:
return ret;
}
+static bool qgroup_has_usage(struct btrfs_qgroup *qgroup)
+{
+ return (qgroup->rfer > 0 || qgroup->rfer_cmpr > 0 ||
+ qgroup->excl > 0 || qgroup->excl_cmpr > 0 ||
+ qgroup->rsv.values[BTRFS_QGROUP_RSV_DATA] > 0 ||
+ qgroup->rsv.values[BTRFS_QGROUP_RSV_META_PREALLOC] > 0 ||
+ qgroup->rsv.values[BTRFS_QGROUP_RSV_META_PERTRANS] > 0);
+}
+
int btrfs_remove_qgroup(struct btrfs_trans_handle *trans, u64 qgroupid)
{
struct btrfs_fs_info *fs_info = trans->fs_info;
@@ -1654,6 +1663,11 @@ int btrfs_remove_qgroup(struct btrfs_tra
goto out;
}
+ if (is_fstree(qgroupid) && qgroup_has_usage(qgroup)) {
+ ret = -EBUSY;
+ goto out;
+ }
+
/* Check if there are no children of this qgroup */
if (!list_empty(&qgroup->members)) {
ret = -EBUSY;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 008/197] btrfs: send: return EOPNOTSUPP on unknown flags
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (6 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 007/197] btrfs: forbid deleting live subvol qgroup Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 009/197] btrfs: dont reserve space for checksums when writing to nocow files Greg Kroah-Hartman
` (192 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Sterba <dsterba@suse.com>
commit f884a9f9e59206a2d41f265e7e403f080d10b493 upstream.
When some ioctl flags are checked we return EOPNOTSUPP, like for
BTRFS_SCRUB_SUPPORTED_FLAGS, BTRFS_SUBVOL_CREATE_ARGS_MASK or fallocate
modes. The EINVAL is supposed to be for a supported but invalid
values or combination of options. Fix that when checking send flags so
it's consistent with the rest.
CC: stable@vger.kernel.org # 4.14+
Link: https://lore.kernel.org/linux-btrfs/CAL3q7H5rryOLzp3EKq8RTbjMHMHeaJubfpsVLF6H4qJnKCUR1w@mail.gmail.com/
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/send.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -7852,7 +7852,7 @@ long btrfs_ioctl_send(struct inode *inod
}
if (arg->flags & ~BTRFS_SEND_FLAG_MASK) {
- ret = -EINVAL;
+ ret = -EOPNOTSUPP;
goto out;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 009/197] btrfs: dont reserve space for checksums when writing to nocow files
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (7 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 008/197] btrfs: send: return EOPNOTSUPP on unknown flags Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 010/197] btrfs: reject encoded write if inode has nodatasum flag set Greg Kroah-Hartman
` (191 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Filipe Manana, David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit feefe1f49d26bad9d8997096e3a200280fa7b1c5 upstream.
Currently when doing a write to a file we always reserve metadata space
for inserting data checksums. However we don't need to do it if we have
a nodatacow file (-o nodatacow mount option or chattr +C) or if checksums
are disabled (-o nodatasum mount option), as in that case we are only
adding unnecessary pressure to metadata reservations.
For example on x86_64, with the default node size of 16K, a 4K buffered
write into a nodatacow file is reserving 655360 bytes of metadata space,
as it's accounting for checksums. After this change, which stops reserving
space for checksums if we have a nodatacow file or checksums are disabled,
we only need to reserve 393216 bytes of metadata.
CC: stable@vger.kernel.org # 6.1+
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/delalloc-space.c | 29 +++++++++++++++++++----------
1 file changed, 19 insertions(+), 10 deletions(-)
--- a/fs/btrfs/delalloc-space.c
+++ b/fs/btrfs/delalloc-space.c
@@ -243,7 +243,6 @@ static void btrfs_calculate_inode_block_
struct btrfs_block_rsv *block_rsv = &inode->block_rsv;
u64 reserve_size = 0;
u64 qgroup_rsv_size = 0;
- u64 csum_leaves;
unsigned outstanding_extents;
lockdep_assert_held(&inode->lock);
@@ -258,10 +257,12 @@ static void btrfs_calculate_inode_block_
outstanding_extents);
reserve_size += btrfs_calc_metadata_size(fs_info, 1);
}
- csum_leaves = btrfs_csum_bytes_to_leaves(fs_info,
- inode->csum_bytes);
- reserve_size += btrfs_calc_insert_metadata_size(fs_info,
- csum_leaves);
+ if (!(inode->flags & BTRFS_INODE_NODATASUM)) {
+ u64 csum_leaves;
+
+ csum_leaves = btrfs_csum_bytes_to_leaves(fs_info, inode->csum_bytes);
+ reserve_size += btrfs_calc_insert_metadata_size(fs_info, csum_leaves);
+ }
/*
* For qgroup rsv, the calculation is very simple:
* account one nodesize for each outstanding extent
@@ -276,14 +277,20 @@ static void btrfs_calculate_inode_block_
spin_unlock(&block_rsv->lock);
}
-static void calc_inode_reservations(struct btrfs_fs_info *fs_info,
+static void calc_inode_reservations(struct btrfs_inode *inode,
u64 num_bytes, u64 disk_num_bytes,
u64 *meta_reserve, u64 *qgroup_reserve)
{
+ struct btrfs_fs_info *fs_info = inode->root->fs_info;
u64 nr_extents = count_max_extents(fs_info, num_bytes);
- u64 csum_leaves = btrfs_csum_bytes_to_leaves(fs_info, disk_num_bytes);
+ u64 csum_leaves;
u64 inode_update = btrfs_calc_metadata_size(fs_info, 1);
+ if (inode->flags & BTRFS_INODE_NODATASUM)
+ csum_leaves = 0;
+ else
+ csum_leaves = btrfs_csum_bytes_to_leaves(fs_info, disk_num_bytes);
+
*meta_reserve = btrfs_calc_insert_metadata_size(fs_info,
nr_extents + csum_leaves);
@@ -335,7 +342,7 @@ int btrfs_delalloc_reserve_metadata(stru
* everything out and try again, which is bad. This way we just
* over-reserve slightly, and clean up the mess when we are done.
*/
- calc_inode_reservations(fs_info, num_bytes, disk_num_bytes,
+ calc_inode_reservations(inode, num_bytes, disk_num_bytes,
&meta_reserve, &qgroup_reserve);
ret = btrfs_qgroup_reserve_meta_prealloc(root, qgroup_reserve, true,
noflush);
@@ -356,7 +363,8 @@ int btrfs_delalloc_reserve_metadata(stru
spin_lock(&inode->lock);
nr_extents = count_max_extents(fs_info, num_bytes);
btrfs_mod_outstanding_extents(inode, nr_extents);
- inode->csum_bytes += disk_num_bytes;
+ if (!(inode->flags & BTRFS_INODE_NODATASUM))
+ inode->csum_bytes += disk_num_bytes;
btrfs_calculate_inode_block_rsv_size(fs_info, inode);
spin_unlock(&inode->lock);
@@ -390,7 +398,8 @@ void btrfs_delalloc_release_metadata(str
num_bytes = ALIGN(num_bytes, fs_info->sectorsize);
spin_lock(&inode->lock);
- inode->csum_bytes -= num_bytes;
+ if (!(inode->flags & BTRFS_INODE_NODATASUM))
+ inode->csum_bytes -= num_bytes;
btrfs_calculate_inode_block_rsv_size(fs_info, inode);
spin_unlock(&inode->lock);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 010/197] btrfs: reject encoded write if inode has nodatasum flag set
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (8 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 009/197] btrfs: dont reserve space for checksums when writing to nocow files Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 011/197] btrfs: dont drop extent_map for free space inode on write error Greg Kroah-Hartman
` (190 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johannes Thumshirn, Filipe Manana,
David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Filipe Manana <fdmanana@suse.com>
commit 1bd96c92c6a0a4d43815eb685c15aa4b78879dc9 upstream.
Currently we allow an encoded write against inodes that have the NODATASUM
flag set, either because they are NOCOW files or they were created while
the filesystem was mounted with "-o nodatasum". This results in having
compressed extents without corresponding checksums, which is a filesystem
inconsistency reported by 'btrfs check'.
For example, running btrfs/281 with MOUNT_OPTIONS="-o nodatacow" triggers
this and 'btrfs check' errors out with:
[1/7] checking root items
[2/7] checking extents
[3/7] checking free space tree
[4/7] checking fs roots
root 256 inode 257 errors 1040, bad file extent, some csum missing
root 256 inode 258 errors 1040, bad file extent, some csum missing
ERROR: errors found in fs roots
(...)
So reject encoded writes if the target inode has NODATASUM set.
CC: stable@vger.kernel.org # 6.1+
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -10774,6 +10774,13 @@ ssize_t btrfs_do_encoded_write(struct ki
if (encoded->encryption != BTRFS_ENCODED_IO_ENCRYPTION_NONE)
return -EINVAL;
+ /*
+ * Compressed extents should always have checksums, so error out if we
+ * have a NOCOW file or inode was created while mounted with NODATASUM.
+ */
+ if (inode->flags & BTRFS_INODE_NODATASUM)
+ return -EINVAL;
+
orig_count = iov_iter_count(from);
/* The extent size must be sane. */
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 011/197] btrfs: dont drop extent_map for free space inode on write error
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (9 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 010/197] btrfs: reject encoded write if inode has nodatasum flag set Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 012/197] driver core: Fix device_link_flag_is_sync_state_only() Greg Kroah-Hartman
` (189 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Filipe Manana, Josef Bacik,
David Sterba
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Josef Bacik <josef@toxicpanda.com>
commit 5571e41ec6e56e35f34ae9f5b3a335ef510e0ade upstream.
While running the CI for an unrelated change I hit the following panic
with generic/648 on btrfs_holes_spacecache.
assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385
------------[ cut here ]------------
kernel BUG at fs/btrfs/extent_io.c:1385!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1
RIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0
Call Trace:
<TASK>
extent_write_cache_pages+0x2ac/0x8f0
extent_writepages+0x87/0x110
do_writepages+0xd5/0x1f0
filemap_fdatawrite_wbc+0x63/0x90
__filemap_fdatawrite_range+0x5c/0x80
btrfs_fdatawrite_range+0x1f/0x50
btrfs_write_out_cache+0x507/0x560
btrfs_write_dirty_block_groups+0x32a/0x420
commit_cowonly_roots+0x21b/0x290
btrfs_commit_transaction+0x813/0x1360
btrfs_sync_file+0x51a/0x640
__x64_sys_fdatasync+0x52/0x90
do_syscall_64+0x9c/0x190
entry_SYSCALL_64_after_hwframe+0x6e/0x76
This happens because we fail to write out the free space cache in one
instance, come back around and attempt to write it again. However on
the second pass through we go to call btrfs_get_extent() on the inode to
get the extent mapping. Because this is a new block group, and with the
free space inode we always search the commit root to avoid deadlocking
with the tree, we find nothing and return a EXTENT_MAP_HOLE for the
requested range.
This happens because the first time we try to write the space cache out
we hit an error, and on an error we drop the extent mapping. This is
normal for normal files, but the free space cache inode is special. We
always expect the extent map to be correct. Thus the second time
through we end up with a bogus extent map.
Since we're deprecating this feature, the most straightforward way to
fix this is to simply skip dropping the extent map range for this failed
range.
I shortened the test by using error injection to stress the area to make
it easier to reproduce. With this patch in place we no longer panic
with my error injection test.
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/btrfs/inode.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
--- a/fs/btrfs/inode.c
+++ b/fs/btrfs/inode.c
@@ -3364,8 +3364,23 @@ out:
unwritten_start += logical_len;
clear_extent_uptodate(io_tree, unwritten_start, end, NULL);
- /* Drop extent maps for the part of the extent we didn't write. */
- btrfs_drop_extent_map_range(inode, unwritten_start, end, false);
+ /*
+ * Drop extent maps for the part of the extent we didn't write.
+ *
+ * We have an exception here for the free_space_inode, this is
+ * because when we do btrfs_get_extent() on the free space inode
+ * we will search the commit root. If this is a new block group
+ * we won't find anything, and we will trip over the assert in
+ * writepage where we do ASSERT(em->block_start !=
+ * EXTENT_MAP_HOLE).
+ *
+ * Theoretically we could also skip this for any NOCOW extent as
+ * we don't mess with the extent map tree in the NOCOW case, but
+ * for now simply skip this if we are the free space inode.
+ */
+ if (!btrfs_is_free_space_inode(inode))
+ btrfs_drop_extent_map_range(inode, unwritten_start,
+ end, false);
/*
* If the ordered extent had an IOERR or something else went
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 012/197] driver core: Fix device_link_flag_is_sync_state_only()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (10 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 011/197] btrfs: dont drop extent_map for free space inode on write error Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 013/197] of: unittest: Fix compile in the non-dynamic case Greg Kroah-Hartman
` (188 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Saravana Kannan, Xu Yang
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saravana Kannan <saravanak@google.com>
commit 7fddac12c38237252431d5b8af7b6d5771b6d125 upstream.
device_link_flag_is_sync_state_only() correctly returns true on the flags
of an existing device link that only implements sync_state() functionality.
However, it incorrectly and confusingly returns false if it's called with
DL_FLAG_SYNC_STATE_ONLY.
This bug doesn't manifest in any of the existing calls to this function,
but fix this confusing behavior to avoid future bugs.
Fixes: 67cad5c67019 ("driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Tested-by: Xu Yang <xu.yang_2@nxp.com>
Link: https://lore.kernel.org/r/20240202095636.868578-2-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/core.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -337,10 +337,12 @@ static bool device_is_ancestor(struct de
return false;
}
+#define DL_MARKER_FLAGS (DL_FLAG_INFERRED | \
+ DL_FLAG_CYCLE | \
+ DL_FLAG_MANAGED)
static inline bool device_link_flag_is_sync_state_only(u32 flags)
{
- return (flags & ~(DL_FLAG_INFERRED | DL_FLAG_CYCLE)) ==
- (DL_FLAG_SYNC_STATE_ONLY | DL_FLAG_MANAGED);
+ return (flags & ~DL_MARKER_FLAGS) == DL_FLAG_SYNC_STATE_ONLY;
}
/**
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 013/197] of: unittest: Fix compile in the non-dynamic case
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (11 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 012/197] driver core: Fix device_link_flag_is_sync_state_only() Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 014/197] KVM: selftests: Clear dirty ring states between two modes in dirty_log_test Greg Kroah-Hartman
` (187 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, kernel test robot,
Christian A. Ehrhardt, Rob Herring, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
[ Upstream commit 607aad1e4356c210dbef9022955a3089377909b2 ]
If CONFIG_OF_KOBJ is not set, a device_node does not contain a
kobj and attempts to access the embedded kobj via kref_read break
the compile.
Replace affected kref_read calls with a macro that reads the
refcount if it exists and returns 1 if there is no embedded kobj.
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202401291740.VP219WIz-lkp@intel.com/
Fixes: 4dde83569832 ("of: Fix double free in of_parse_phandle_with_args_map")
Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
Link: https://lore.kernel.org/r/20240129192556.403271-1-lk@c--e.de
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/unittest.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c
index e541a8960f1d..ce1386074e66 100644
--- a/drivers/of/unittest.c
+++ b/drivers/of/unittest.c
@@ -49,6 +49,12 @@ static struct unittest_results {
failed; \
})
+#ifdef CONFIG_OF_KOBJ
+#define OF_KREF_READ(NODE) kref_read(&(NODE)->kobj.kref)
+#else
+#define OF_KREF_READ(NODE) 1
+#endif
+
/*
* Expected message may have a message level other than KERN_INFO.
* Print the expected message only if the current loglevel will allow
@@ -562,7 +568,7 @@ static void __init of_unittest_parse_phandle_with_args_map(void)
pr_err("missing testcase data\n");
return;
}
- prefs[i] = kref_read(&p[i]->kobj.kref);
+ prefs[i] = OF_KREF_READ(p[i]);
}
rc = of_count_phandle_with_args(np, "phandle-list", "#phandle-cells");
@@ -685,9 +691,9 @@ static void __init of_unittest_parse_phandle_with_args_map(void)
unittest(rc == -EINVAL, "expected:%i got:%i\n", -EINVAL, rc);
for (i = 0; i < ARRAY_SIZE(p); ++i) {
- unittest(prefs[i] == kref_read(&p[i]->kobj.kref),
+ unittest(prefs[i] == OF_KREF_READ(p[i]),
"provider%d: expected:%d got:%d\n",
- i, prefs[i], kref_read(&p[i]->kobj.kref));
+ i, prefs[i], OF_KREF_READ(p[i]));
of_node_put(p[i]);
}
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 014/197] KVM: selftests: Clear dirty ring states between two modes in dirty_log_test
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (12 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 013/197] of: unittest: Fix compile in the non-dynamic case Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 015/197] KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Greg Kroah-Hartman
` (186 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Gavin Shan, Marc Zyngier,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Gavin Shan <gshan@redhat.com>
[ Upstream commit 7167190ddb863bd061c0c6b61f4cec94184b40da ]
There are two states, which need to be cleared before next mode
is executed. Otherwise, we will hit failure as the following messages
indicate.
- The variable 'dirty_ring_vcpu_ring_full' shared by main and vcpu
thread. It's indicating if the vcpu exit due to full ring buffer.
The value can be carried from previous mode (VM_MODE_P40V48_4K) to
current one (VM_MODE_P40V48_64K) when VM_MODE_P40V48_16K isn't
supported.
- The current ring buffer index needs to be reset before next mode
(VM_MODE_P40V48_64K) is executed. Otherwise, the stale value is
carried from previous mode (VM_MODE_P40V48_4K).
# ./dirty_log_test -M dirty-ring
Setting log mode to: 'dirty-ring'
Test iterations: 32, interval: 10 (ms)
Testing guest mode: PA-bits:40, VA-bits:48, 4K pages
guest physical test memory offset: 0xffbfffc000
:
Dirtied 995328 pages
Total bits checked: dirty (1012434), clear (7114123), track_next (966700)
Testing guest mode: PA-bits:40, VA-bits:48, 64K pages
guest physical test memory offset: 0xffbffc0000
vcpu stops because vcpu is kicked out...
vcpu continues now.
Notifying vcpu to continue
Iteration 1 collected 0 pages
vcpu stops because dirty ring is full...
vcpu continues now.
vcpu stops because dirty ring is full...
vcpu continues now.
vcpu stops because dirty ring is full...
==== Test Assertion Failure ====
dirty_log_test.c:369: cleared == count
pid=10541 tid=10541 errno=22 - Invalid argument
1 0x0000000000403087: dirty_ring_collect_dirty_pages at dirty_log_test.c:369
2 0x0000000000402a0b: log_mode_collect_dirty_pages at dirty_log_test.c:492
3 (inlined by) run_test at dirty_log_test.c:795
4 (inlined by) run_test at dirty_log_test.c:705
5 0x0000000000403a37: for_each_guest_mode at guest_modes.c:100
6 0x0000000000401ccf: main at dirty_log_test.c:938
7 0x0000ffff9ecd279b: ?? ??:0
8 0x0000ffff9ecd286b: ?? ??:0
9 0x0000000000401def: _start at ??:?
Reset dirty pages (0) mismatch with collected (35566)
Fix the issues by clearing 'dirty_ring_vcpu_ring_full' and the ring
buffer index before next new mode is to be executed.
Signed-off-by: Gavin Shan <gshan@redhat.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Link: https://lore.kernel.org/r/20221110104914.31280-7-gshan@redhat.com
Stable-dep-of: ba58f873cdee ("KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/kvm/dirty_log_test.c | 27 ++++++++++++--------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/tools/testing/selftests/kvm/dirty_log_test.c b/tools/testing/selftests/kvm/dirty_log_test.c
index b5234d6efbe1..8758c10ec850 100644
--- a/tools/testing/selftests/kvm/dirty_log_test.c
+++ b/tools/testing/selftests/kvm/dirty_log_test.c
@@ -226,13 +226,15 @@ static void clear_log_create_vm_done(struct kvm_vm *vm)
}
static void dirty_log_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
- void *bitmap, uint32_t num_pages)
+ void *bitmap, uint32_t num_pages,
+ uint32_t *unused)
{
kvm_vm_get_dirty_log(vcpu->vm, slot, bitmap);
}
static void clear_log_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
- void *bitmap, uint32_t num_pages)
+ void *bitmap, uint32_t num_pages,
+ uint32_t *unused)
{
kvm_vm_get_dirty_log(vcpu->vm, slot, bitmap);
kvm_vm_clear_dirty_log(vcpu->vm, slot, bitmap, 0, num_pages);
@@ -329,10 +331,9 @@ static void dirty_ring_continue_vcpu(void)
}
static void dirty_ring_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
- void *bitmap, uint32_t num_pages)
+ void *bitmap, uint32_t num_pages,
+ uint32_t *ring_buf_idx)
{
- /* We only have one vcpu */
- static uint32_t fetch_index = 0;
uint32_t count = 0, cleared;
bool continued_vcpu = false;
@@ -349,7 +350,8 @@ static void dirty_ring_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
/* Only have one vcpu */
count = dirty_ring_collect_one(vcpu_map_dirty_ring(vcpu),
- slot, bitmap, num_pages, &fetch_index);
+ slot, bitmap, num_pages,
+ ring_buf_idx);
cleared = kvm_vm_reset_dirty_ring(vcpu->vm);
@@ -406,7 +408,8 @@ struct log_mode {
void (*create_vm_done)(struct kvm_vm *vm);
/* Hook to collect the dirty pages into the bitmap provided */
void (*collect_dirty_pages) (struct kvm_vcpu *vcpu, int slot,
- void *bitmap, uint32_t num_pages);
+ void *bitmap, uint32_t num_pages,
+ uint32_t *ring_buf_idx);
/* Hook to call when after each vcpu run */
void (*after_vcpu_run)(struct kvm_vcpu *vcpu, int ret, int err);
void (*before_vcpu_join) (void);
@@ -471,13 +474,14 @@ static void log_mode_create_vm_done(struct kvm_vm *vm)
}
static void log_mode_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
- void *bitmap, uint32_t num_pages)
+ void *bitmap, uint32_t num_pages,
+ uint32_t *ring_buf_idx)
{
struct log_mode *mode = &log_modes[host_log_mode];
TEST_ASSERT(mode->collect_dirty_pages != NULL,
"collect_dirty_pages() is required for any log mode!");
- mode->collect_dirty_pages(vcpu, slot, bitmap, num_pages);
+ mode->collect_dirty_pages(vcpu, slot, bitmap, num_pages, ring_buf_idx);
}
static void log_mode_after_vcpu_run(struct kvm_vcpu *vcpu, int ret, int err)
@@ -696,6 +700,7 @@ static void run_test(enum vm_guest_mode mode, void *arg)
struct kvm_vcpu *vcpu;
struct kvm_vm *vm;
unsigned long *bmap;
+ uint32_t ring_buf_idx = 0;
if (!log_mode_supported()) {
print_skip("Log mode '%s' not supported",
@@ -771,6 +776,7 @@ static void run_test(enum vm_guest_mode mode, void *arg)
host_dirty_count = 0;
host_clear_count = 0;
host_track_next_count = 0;
+ WRITE_ONCE(dirty_ring_vcpu_ring_full, false);
pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu);
@@ -778,7 +784,8 @@ static void run_test(enum vm_guest_mode mode, void *arg)
/* Give the vcpu thread some time to dirty some pages */
usleep(p->interval * 1000);
log_mode_collect_dirty_pages(vcpu, TEST_MEM_SLOT_INDEX,
- bmap, host_num_pages);
+ bmap, host_num_pages,
+ &ring_buf_idx);
/*
* See vcpu_sync_stop_requested definition for details on why
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 015/197] KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (13 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 014/197] KVM: selftests: Clear dirty ring states between two modes in dirty_log_test Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 016/197] wifi: iwlwifi: Fix some error codes Greg Kroah-Hartman
` (185 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shaoqin Huang, Peter Xu,
Sean Christopherson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Christopherson <seanjc@google.com>
[ Upstream commit ba58f873cdeec30b6da48e28dd5782c5a3e1371b ]
When finishing the final iteration of dirty_log_test testcase, set
host_quit _before_ the final "continue" so that the vCPU worker doesn't
run an extra iteration, and delete the hack-a-fix of an extra "continue"
from the dirty ring testcase. This fixes a bug where the extra post to
sem_vcpu_cont may not be consumed, which results in failures in subsequent
runs of the testcases. The bug likely was missed during development as
x86 supports only a single "guest mode", i.e. there aren't any subsequent
testcases after the dirty ring test, because for_each_guest_mode() only
runs a single iteration.
For the regular dirty log testcases, letting the vCPU run one extra
iteration is a non-issue as the vCPU worker waits on sem_vcpu_cont if and
only if the worker is explicitly told to stop (vcpu_sync_stop_requested).
But for the dirty ring test, which needs to periodically stop the vCPU to
reap the dirty ring, letting the vCPU resume the guest _after_ the last
iteration means the vCPU will get stuck without an extra "continue".
However, blindly firing off an post to sem_vcpu_cont isn't guaranteed to
be consumed, e.g. if the vCPU worker sees host_quit==true before resuming
the guest. This results in a dangling sem_vcpu_cont, which leads to
subsequent iterations getting out of sync, as the vCPU worker will
continue on before the main task is ready for it to resume the guest,
leading to a variety of asserts, e.g.
==== Test Assertion Failure ====
dirty_log_test.c:384: dirty_ring_vcpu_ring_full
pid=14854 tid=14854 errno=22 - Invalid argument
1 0x00000000004033eb: dirty_ring_collect_dirty_pages at dirty_log_test.c:384
2 0x0000000000402d27: log_mode_collect_dirty_pages at dirty_log_test.c:505
3 (inlined by) run_test at dirty_log_test.c:802
4 0x0000000000403dc7: for_each_guest_mode at guest_modes.c:100
5 0x0000000000401dff: main at dirty_log_test.c:941 (discriminator 3)
6 0x0000ffff9be173c7: ?? ??:0
7 0x0000ffff9be1749f: ?? ??:0
8 0x000000000040206f: _start at ??:?
Didn't continue vcpu even without ring full
Alternatively, the test could simply reset the semaphores before each
testcase, but papering over hacks with more hacks usually ends in tears.
Reported-by: Shaoqin Huang <shahuang@redhat.com>
Fixes: 84292e565951 ("KVM: selftests: Add dirty ring buffer test")
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Shaoqin Huang <shahuang@redhat.com>
Link: https://lore.kernel.org/r/20240202231831.354848-1-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/kvm/dirty_log_test.c | 50 +++++++++++---------
1 file changed, 27 insertions(+), 23 deletions(-)
diff --git a/tools/testing/selftests/kvm/dirty_log_test.c b/tools/testing/selftests/kvm/dirty_log_test.c
index 8758c10ec850..ec40a33c29fd 100644
--- a/tools/testing/selftests/kvm/dirty_log_test.c
+++ b/tools/testing/selftests/kvm/dirty_log_test.c
@@ -355,7 +355,10 @@ static void dirty_ring_collect_dirty_pages(struct kvm_vcpu *vcpu, int slot,
cleared = kvm_vm_reset_dirty_ring(vcpu->vm);
- /* Cleared pages should be the same as collected */
+ /*
+ * Cleared pages should be the same as collected, as KVM is supposed to
+ * clear only the entries that have been harvested.
+ */
TEST_ASSERT(cleared == count, "Reset dirty pages (%u) mismatch "
"with collected (%u)", cleared, count);
@@ -394,12 +397,6 @@ static void dirty_ring_after_vcpu_run(struct kvm_vcpu *vcpu, int ret, int err)
}
}
-static void dirty_ring_before_vcpu_join(void)
-{
- /* Kick another round of vcpu just to make sure it will quit */
- sem_post(&sem_vcpu_cont);
-}
-
struct log_mode {
const char *name;
/* Return true if this mode is supported, otherwise false */
@@ -412,7 +409,6 @@ struct log_mode {
uint32_t *ring_buf_idx);
/* Hook to call when after each vcpu run */
void (*after_vcpu_run)(struct kvm_vcpu *vcpu, int ret, int err);
- void (*before_vcpu_join) (void);
} log_modes[LOG_MODE_NUM] = {
{
.name = "dirty-log",
@@ -431,7 +427,6 @@ struct log_mode {
.supported = dirty_ring_supported,
.create_vm_done = dirty_ring_create_vm_done,
.collect_dirty_pages = dirty_ring_collect_dirty_pages,
- .before_vcpu_join = dirty_ring_before_vcpu_join,
.after_vcpu_run = dirty_ring_after_vcpu_run,
},
};
@@ -492,14 +487,6 @@ static void log_mode_after_vcpu_run(struct kvm_vcpu *vcpu, int ret, int err)
mode->after_vcpu_run(vcpu, ret, err);
}
-static void log_mode_before_vcpu_join(void)
-{
- struct log_mode *mode = &log_modes[host_log_mode];
-
- if (mode->before_vcpu_join)
- mode->before_vcpu_join();
-}
-
static void generate_random_array(uint64_t *guest_array, uint64_t size)
{
uint64_t i;
@@ -701,6 +688,7 @@ static void run_test(enum vm_guest_mode mode, void *arg)
struct kvm_vm *vm;
unsigned long *bmap;
uint32_t ring_buf_idx = 0;
+ int sem_val;
if (!log_mode_supported()) {
print_skip("Log mode '%s' not supported",
@@ -772,12 +760,22 @@ static void run_test(enum vm_guest_mode mode, void *arg)
/* Start the iterations */
iteration = 1;
sync_global_to_guest(vm, iteration);
- host_quit = false;
+ WRITE_ONCE(host_quit, false);
host_dirty_count = 0;
host_clear_count = 0;
host_track_next_count = 0;
WRITE_ONCE(dirty_ring_vcpu_ring_full, false);
+ /*
+ * Ensure the previous iteration didn't leave a dangling semaphore, i.e.
+ * that the main task and vCPU worker were synchronized and completed
+ * verification of all iterations.
+ */
+ sem_getvalue(&sem_vcpu_stop, &sem_val);
+ TEST_ASSERT_EQ(sem_val, 0);
+ sem_getvalue(&sem_vcpu_cont, &sem_val);
+ TEST_ASSERT_EQ(sem_val, 0);
+
pthread_create(&vcpu_thread, NULL, vcpu_worker, vcpu);
while (iteration < p->iterations) {
@@ -803,15 +801,21 @@ static void run_test(enum vm_guest_mode mode, void *arg)
assert(host_log_mode == LOG_MODE_DIRTY_RING ||
atomic_read(&vcpu_sync_stop_requested) == false);
vm_dirty_log_verify(mode, bmap);
- sem_post(&sem_vcpu_cont);
- iteration++;
+ /*
+ * Set host_quit before sem_vcpu_cont in the final iteration to
+ * ensure that the vCPU worker doesn't resume the guest. As
+ * above, the dirty ring test may stop and wait even when not
+ * explicitly request to do so, i.e. would hang waiting for a
+ * "continue" if it's allowed to resume the guest.
+ */
+ if (++iteration == p->iterations)
+ WRITE_ONCE(host_quit, true);
+
+ sem_post(&sem_vcpu_cont);
sync_global_to_guest(vm, iteration);
}
- /* Tell the vcpu thread to quit */
- host_quit = true;
- log_mode_before_vcpu_join();
pthread_join(vcpu_thread, NULL);
pr_info("Total bits checked: dirty (%"PRIu64"), clear (%"PRIu64"), "
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 016/197] wifi: iwlwifi: Fix some error codes
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (14 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 015/197] KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 017/197] wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Greg Kroah-Hartman
` (184 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Johannes Berg,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit c6ebb5b67641994de8bc486b33457fe0b681d6fe ]
This saves the error as PTR_ERR(wifi_pkg). The problem is that
"wifi_pkg" is a valid pointer, not an error pointer. Set the error code
to -EINVAL instead.
Fixes: 2a8084147bff ("iwlwifi: acpi: support reading and storing WRDS revision 1 and 2")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://msgid.link/9620bb77-2d7c-4d76-b255-ad824ebf8e35@moroto.mountain
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
index 585e8cd2d332..bdb8464cd432 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
@@ -576,7 +576,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 2) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
@@ -592,7 +592,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 1) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
@@ -608,7 +608,7 @@ int iwl_sar_get_wrds_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 0) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
@@ -665,7 +665,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 2) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
@@ -681,7 +681,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 1) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
@@ -697,7 +697,7 @@ int iwl_sar_get_ewrd_table(struct iwl_fw_runtime *fwrt)
&tbl_rev);
if (!IS_ERR(wifi_pkg)) {
if (tbl_rev != 0) {
- ret = PTR_ERR(wifi_pkg);
+ ret = -EINVAL;
goto out_free;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 017/197] wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (15 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 016/197] wifi: iwlwifi: Fix some error codes Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 018/197] of: property: Improve finding the supplier of a remote-endpoint property Greg Kroah-Hartman
` (183 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Johannes Berg,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit 65c6ee90455053cfd3067c17aaa4a42b0c766543 ]
This is an error path and Smatch complains that "tbl_rev" is uninitialized
on this path. All the other functions follow this same patter where they
set the error code and goto out_free so that's probably what was intended
here as well.
Fixes: e8e10a37c51c ("iwlwifi: acpi: move ppag code from mvm to fw/acpi")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Link: https://msgid.link/09900c01-6540-4a32-9451-563da0029cb6@moroto.mountain
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/intel/iwlwifi/fw/acpi.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
index bdb8464cd432..f5fcc547de39 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/acpi.c
@@ -1044,6 +1044,9 @@ int iwl_acpi_get_ppag_table(struct iwl_fw_runtime *fwrt)
goto read_table;
}
+ ret = PTR_ERR(wifi_pkg);
+ goto out_free;
+
read_table:
fwrt->ppag_ver = tbl_rev;
flags = &wifi_pkg->package.elements[1];
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 018/197] of: property: Improve finding the supplier of a remote-endpoint property
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (16 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 017/197] wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 019/197] net: openvswitch: limit the number of recursions from action sets Greg Kroah-Hartman
` (182 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Saravana Kannan, Rob Herring,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saravana Kannan <saravanak@google.com>
[ Upstream commit 782bfd03c3ae2c0e6e01b661b8e18f1de50357be ]
After commit 4a032827daa8 ("of: property: Simplify of_link_to_phandle()"),
remote-endpoint properties created a fwnode link from the consumer device
to the supplier endpoint. This is a tiny bit inefficient (not buggy) when
trying to create device links or detecting cycles. So, improve this the
same way we improved finding the consumer of a remote-endpoint property.
Fixes: 4a032827daa8 ("of: property: Simplify of_link_to_phandle()")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Link: https://lore.kernel.org/r/20240207011803.2637531-3-saravanak@google.com
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/of/property.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/drivers/of/property.c b/drivers/of/property.c
index b636777e6f7c..e1946cc17030 100644
--- a/drivers/of/property.c
+++ b/drivers/of/property.c
@@ -1261,7 +1261,6 @@ DEFINE_SIMPLE_PROP(pinctrl5, "pinctrl-5", NULL)
DEFINE_SIMPLE_PROP(pinctrl6, "pinctrl-6", NULL)
DEFINE_SIMPLE_PROP(pinctrl7, "pinctrl-7", NULL)
DEFINE_SIMPLE_PROP(pinctrl8, "pinctrl-8", NULL)
-DEFINE_SIMPLE_PROP(remote_endpoint, "remote-endpoint", NULL)
DEFINE_SIMPLE_PROP(pwms, "pwms", "#pwm-cells")
DEFINE_SIMPLE_PROP(resets, "resets", "#reset-cells")
DEFINE_SIMPLE_PROP(leds, "leds", NULL)
@@ -1326,6 +1325,17 @@ static struct device_node *parse_interrupts(struct device_node *np,
return of_irq_parse_one(np, index, &sup_args) ? NULL : sup_args.np;
}
+static struct device_node *parse_remote_endpoint(struct device_node *np,
+ const char *prop_name,
+ int index)
+{
+ /* Return NULL for index > 0 to signify end of remote-endpoints. */
+ if (!index || strcmp(prop_name, "remote-endpoint"))
+ return NULL;
+
+ return of_graph_get_remote_port_parent(np);
+}
+
static const struct supplier_bindings of_supplier_bindings[] = {
{ .parse_prop = parse_clocks, },
{ .parse_prop = parse_interconnects, },
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 019/197] net: openvswitch: limit the number of recursions from action sets
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (17 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 018/197] of: property: Improve finding the supplier of a remote-endpoint property Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 020/197] lan966x: Fix crash when adding interface under a lag Greg Kroah-Hartman
` (181 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aaron Conole, Simon Horman,
Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aaron Conole <aconole@redhat.com>
[ Upstream commit 6e2f90d31fe09f2b852de25125ca875aabd81367 ]
The ovs module allows for some actions to recursively contain an action
list for complex scenarios, such as sampling, checking lengths, etc.
When these actions are copied into the internal flow table, they are
evaluated to validate that such actions make sense, and these calls
happen recursively.
The ovs-vswitchd userspace won't emit more than 16 recursion levels
deep. However, the module has no such limit and will happily accept
limits larger than 16 levels nested. Prevent this by tracking the
number of recursions happening and manually limiting it to 16 levels
nested.
The initial implementation of the sample action would track this depth
and prevent more than 3 levels of recursion, but this was removed to
support the clone use case, rather than limited at the current userspace
limit.
Fixes: 798c166173ff ("openvswitch: Optimize sample action for the clone use cases")
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240207132416.1488485-2-aconole@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/openvswitch/flow_netlink.c | 49 +++++++++++++++++++++++-----------
1 file changed, 33 insertions(+), 16 deletions(-)
diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c
index ead5418c126e..e3c85ceb1f0a 100644
--- a/net/openvswitch/flow_netlink.c
+++ b/net/openvswitch/flow_netlink.c
@@ -47,6 +47,7 @@ struct ovs_len_tbl {
#define OVS_ATTR_NESTED -1
#define OVS_ATTR_VARIABLE -2
+#define OVS_COPY_ACTIONS_MAX_DEPTH 16
static bool actions_may_change_flow(const struct nlattr *actions)
{
@@ -2543,13 +2544,15 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log);
+ u32 mpls_label_count, bool log,
+ u32 depth);
static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log, bool last)
+ u32 mpls_label_count, bool log, bool last,
+ u32 depth)
{
const struct nlattr *attrs[OVS_SAMPLE_ATTR_MAX + 1];
const struct nlattr *probability, *actions;
@@ -2600,7 +2603,8 @@ static int validate_and_copy_sample(struct net *net, const struct nlattr *attr,
return err;
err = __ovs_nla_copy_actions(net, actions, key, sfa,
- eth_type, vlan_tci, mpls_label_count, log);
+ eth_type, vlan_tci, mpls_label_count, log,
+ depth + 1);
if (err)
return err;
@@ -2615,7 +2619,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
const struct sw_flow_key *key,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log)
+ u32 mpls_label_count, bool log,
+ u32 depth)
{
const struct nlattr *attrs[OVS_DEC_TTL_ATTR_MAX + 1];
int start, action_start, err, rem;
@@ -2658,7 +2663,8 @@ static int validate_and_copy_dec_ttl(struct net *net,
return action_start;
err = __ovs_nla_copy_actions(net, actions, key, sfa, eth_type,
- vlan_tci, mpls_label_count, log);
+ vlan_tci, mpls_label_count, log,
+ depth + 1);
if (err)
return err;
@@ -2672,7 +2678,8 @@ static int validate_and_copy_clone(struct net *net,
const struct sw_flow_key *key,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log, bool last)
+ u32 mpls_label_count, bool log, bool last,
+ u32 depth)
{
int start, err;
u32 exec;
@@ -2692,7 +2699,8 @@ static int validate_and_copy_clone(struct net *net,
return err;
err = __ovs_nla_copy_actions(net, attr, key, sfa,
- eth_type, vlan_tci, mpls_label_count, log);
+ eth_type, vlan_tci, mpls_label_count, log,
+ depth + 1);
if (err)
return err;
@@ -3061,7 +3069,7 @@ static int validate_and_copy_check_pkt_len(struct net *net,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
u32 mpls_label_count,
- bool log, bool last)
+ bool log, bool last, u32 depth)
{
const struct nlattr *acts_if_greater, *acts_if_lesser_eq;
struct nlattr *a[OVS_CHECK_PKT_LEN_ATTR_MAX + 1];
@@ -3109,7 +3117,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
return nested_acts_start;
err = __ovs_nla_copy_actions(net, acts_if_lesser_eq, key, sfa,
- eth_type, vlan_tci, mpls_label_count, log);
+ eth_type, vlan_tci, mpls_label_count, log,
+ depth + 1);
if (err)
return err;
@@ -3122,7 +3131,8 @@ static int validate_and_copy_check_pkt_len(struct net *net,
return nested_acts_start;
err = __ovs_nla_copy_actions(net, acts_if_greater, key, sfa,
- eth_type, vlan_tci, mpls_label_count, log);
+ eth_type, vlan_tci, mpls_label_count, log,
+ depth + 1);
if (err)
return err;
@@ -3150,12 +3160,16 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
const struct sw_flow_key *key,
struct sw_flow_actions **sfa,
__be16 eth_type, __be16 vlan_tci,
- u32 mpls_label_count, bool log)
+ u32 mpls_label_count, bool log,
+ u32 depth)
{
u8 mac_proto = ovs_key_mac_proto(key);
const struct nlattr *a;
int rem, err;
+ if (depth > OVS_COPY_ACTIONS_MAX_DEPTH)
+ return -EOVERFLOW;
+
nla_for_each_nested(a, attr, rem) {
/* Expected argument lengths, (u32)-1 for variable length. */
static const u32 action_lens[OVS_ACTION_ATTR_MAX + 1] = {
@@ -3350,7 +3364,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
err = validate_and_copy_sample(net, a, key, sfa,
eth_type, vlan_tci,
mpls_label_count,
- log, last);
+ log, last, depth);
if (err)
return err;
skip_copy = true;
@@ -3421,7 +3435,7 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
err = validate_and_copy_clone(net, a, key, sfa,
eth_type, vlan_tci,
mpls_label_count,
- log, last);
+ log, last, depth);
if (err)
return err;
skip_copy = true;
@@ -3435,7 +3449,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
eth_type,
vlan_tci,
mpls_label_count,
- log, last);
+ log, last,
+ depth);
if (err)
return err;
skip_copy = true;
@@ -3445,7 +3460,8 @@ static int __ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
case OVS_ACTION_ATTR_DEC_TTL:
err = validate_and_copy_dec_ttl(net, a, key, sfa,
eth_type, vlan_tci,
- mpls_label_count, log);
+ mpls_label_count, log,
+ depth);
if (err)
return err;
skip_copy = true;
@@ -3485,7 +3501,8 @@ int ovs_nla_copy_actions(struct net *net, const struct nlattr *attr,
(*sfa)->orig_len = nla_len(attr);
err = __ovs_nla_copy_actions(net, attr, key, sfa, key->eth.type,
- key->eth.vlan.tci, mpls_label_count, log);
+ key->eth.vlan.tci, mpls_label_count, log,
+ 0);
if (err)
ovs_nla_free_flow_actions(*sfa);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 020/197] lan966x: Fix crash when adding interface under a lag
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (18 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 019/197] net: openvswitch: limit the number of recursions from action sets Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 021/197] tls/sw: Use splice_eof() to flush Greg Kroah-Hartman
` (180 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Horatiu Vultur, Michal Swiatkowski,
Simon Horman, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Horatiu Vultur <horatiu.vultur@microchip.com>
[ Upstream commit 15faa1f67ab405d47789d4702f587ec7df7ef03e ]
There is a crash when adding one of the lan966x interfaces under a lag
interface. The issue can be reproduced like this:
ip link add name bond0 type bond miimon 100 mode balance-xor
ip link set dev eth0 master bond0
The reason is because when adding a interface under the lag it would go
through all the ports and try to figure out which other ports are under
that lag interface. And the issue is that lan966x can have ports that are
NULL pointer as they are not probed. So then iterating over these ports
it would just crash as they are NULL pointers.
The fix consists in actually checking for NULL pointers before accessing
something from the ports. Like we do in other places.
Fixes: cabc9d49333d ("net: lan966x: Add lag support for lan966x")
Signed-off-by: Horatiu Vultur <horatiu.vultur@microchip.com>
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@linux.intel.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20240206123054.3052966-1-horatiu.vultur@microchip.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/microchip/lan966x/lan966x_lag.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
index 41fa2523d91d..5f2cd9a8cf8f 100644
--- a/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
+++ b/drivers/net/ethernet/microchip/lan966x/lan966x_lag.c
@@ -37,19 +37,24 @@ static void lan966x_lag_set_aggr_pgids(struct lan966x *lan966x)
/* Now, set PGIDs for each active LAG */
for (lag = 0; lag < lan966x->num_phys_ports; ++lag) {
- struct net_device *bond = lan966x->ports[lag]->bond;
+ struct lan966x_port *port = lan966x->ports[lag];
int num_active_ports = 0;
+ struct net_device *bond;
unsigned long bond_mask;
u8 aggr_idx[16];
- if (!bond || (visited & BIT(lag)))
+ if (!port || !port->bond || (visited & BIT(lag)))
continue;
+ bond = port->bond;
bond_mask = lan966x_lag_get_mask(lan966x, bond);
for_each_set_bit(p, &bond_mask, lan966x->num_phys_ports) {
struct lan966x_port *port = lan966x->ports[p];
+ if (!port)
+ continue;
+
lan_wr(ANA_PGID_PGID_SET(bond_mask),
lan966x, ANA_PGID(p));
if (port->lag_tx_active)
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 021/197] tls/sw: Use splice_eof() to flush
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (19 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 020/197] lan966x: Fix crash when adding interface under a lag Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 022/197] tls: extract context alloc/initialization out of tls_set_sw_offload Greg Kroah-Hartman
` (179 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Linus Torvalds, David Howells,
Jakub Kicinski, Chuck Lever, Boris Pismenny, John Fastabend,
Jens Axboe, Matthew Wilcox, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit df720d288dbb1793e82b6ccbfc670ec871e9def4 ]
Allow splice to end a TLS record after prematurely ending a splice/sendfile
due to getting an EOF condition (->splice_read() returned 0) after splice
had called TLS with a sendmsg() with MSG_MORE set when the user didn't set
MSG_MORE.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Link: https://lore.kernel.org/r/CAHk-=wh=V579PDYvkpnTobCLGczbgxpMgGmmhqiTyE34Cpi5Gg@mail.gmail.com/
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jakub Kicinski <kuba@kernel.org>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Boris Pismenny <borisp@nvidia.com>
cc: John Fastabend <john.fastabend@gmail.com>
cc: Jens Axboe <axboe@kernel.dk>
cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls.h | 1 +
net/tls/tls_main.c | 2 ++
net/tls/tls_sw.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 77 insertions(+)
diff --git a/net/tls/tls.h b/net/tls/tls.h
index 0672acab2773..4922668fefaa 100644
--- a/net/tls/tls.h
+++ b/net/tls/tls.h
@@ -97,6 +97,7 @@ void tls_update_rx_zc_capable(struct tls_context *tls_ctx);
void tls_sw_strparser_arm(struct sock *sk, struct tls_context *ctx);
void tls_sw_strparser_done(struct tls_context *tls_ctx);
int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size);
+void tls_sw_splice_eof(struct socket *sock);
int tls_sw_sendpage_locked(struct sock *sk, struct page *page,
int offset, size_t size, int flags);
int tls_sw_sendpage(struct sock *sk, struct page *page,
diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
index 338a443fa47b..80b42a3e7883 100644
--- a/net/tls/tls_main.c
+++ b/net/tls/tls_main.c
@@ -922,6 +922,7 @@ static void build_proto_ops(struct proto_ops ops[TLS_NUM_CONFIG][TLS_NUM_CONFIG]
ops[TLS_BASE][TLS_BASE] = *base;
ops[TLS_SW ][TLS_BASE] = ops[TLS_BASE][TLS_BASE];
+ ops[TLS_SW ][TLS_BASE].splice_eof = tls_sw_splice_eof;
ops[TLS_SW ][TLS_BASE].sendpage_locked = tls_sw_sendpage_locked;
ops[TLS_BASE][TLS_SW ] = ops[TLS_BASE][TLS_BASE];
@@ -990,6 +991,7 @@ static void build_protos(struct proto prot[TLS_NUM_CONFIG][TLS_NUM_CONFIG],
prot[TLS_SW][TLS_BASE] = prot[TLS_BASE][TLS_BASE];
prot[TLS_SW][TLS_BASE].sendmsg = tls_sw_sendmsg;
+ prot[TLS_SW][TLS_BASE].splice_eof = tls_sw_splice_eof;
prot[TLS_SW][TLS_BASE].sendpage = tls_sw_sendpage;
prot[TLS_BASE][TLS_SW] = prot[TLS_BASE][TLS_BASE];
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 0323040d34bc..fbe6aab5f5b2 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1158,6 +1158,80 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
return copied > 0 ? copied : ret;
}
+/*
+ * Handle unexpected EOF during splice without SPLICE_F_MORE set.
+ */
+void tls_sw_splice_eof(struct socket *sock)
+{
+ struct sock *sk = sock->sk;
+ struct tls_context *tls_ctx = tls_get_ctx(sk);
+ struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
+ struct tls_rec *rec;
+ struct sk_msg *msg_pl;
+ ssize_t copied = 0;
+ bool retrying = false;
+ int ret = 0;
+ int pending;
+
+ if (!ctx->open_rec)
+ return;
+
+ mutex_lock(&tls_ctx->tx_lock);
+ lock_sock(sk);
+
+retry:
+ rec = ctx->open_rec;
+ if (!rec)
+ goto unlock;
+
+ msg_pl = &rec->msg_plaintext;
+
+ /* Check the BPF advisor and perform transmission. */
+ ret = bpf_exec_tx_verdict(msg_pl, sk, false, TLS_RECORD_TYPE_DATA,
+ &copied, 0);
+ switch (ret) {
+ case 0:
+ case -EAGAIN:
+ if (retrying)
+ goto unlock;
+ retrying = true;
+ goto retry;
+ case -EINPROGRESS:
+ break;
+ default:
+ goto unlock;
+ }
+
+ /* Wait for pending encryptions to get completed */
+ spin_lock_bh(&ctx->encrypt_compl_lock);
+ ctx->async_notify = true;
+
+ pending = atomic_read(&ctx->encrypt_pending);
+ spin_unlock_bh(&ctx->encrypt_compl_lock);
+ if (pending)
+ crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+ else
+ reinit_completion(&ctx->async_wait.completion);
+
+ /* There can be no concurrent accesses, since we have no pending
+ * encrypt operations
+ */
+ WRITE_ONCE(ctx->async_notify, false);
+
+ if (ctx->async_wait.err)
+ goto unlock;
+
+ /* Transmit if any encryptions have completed */
+ if (test_and_clear_bit(BIT_TX_SCHEDULED, &ctx->tx_bitmask)) {
+ cancel_delayed_work(&ctx->tx_work.work);
+ tls_tx_records(sk, 0);
+ }
+
+unlock:
+ release_sock(sk);
+ mutex_unlock(&tls_ctx->tx_lock);
+}
+
static int tls_sw_do_sendpage(struct sock *sk, struct page *page,
int offset, size_t size, int flags)
{
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 022/197] tls: extract context alloc/initialization out of tls_set_sw_offload
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (20 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 021/197] tls/sw: Use splice_eof() to flush Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 023/197] net: tls: factor out tls_*crypt_async_wait() Greg Kroah-Hartman
` (178 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, David S. Miller,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 615580cbc99af0da2d1c7226fab43a3d5003eb97 ]
Simplify tls_set_sw_offload a bit.
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 86 ++++++++++++++++++++++++++++--------------------
1 file changed, 51 insertions(+), 35 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index fbe6aab5f5b2..47ae429e50e3 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2587,6 +2587,48 @@ void tls_update_rx_zc_capable(struct tls_context *tls_ctx)
tls_ctx->prot_info.version != TLS_1_3_VERSION;
}
+static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct sock *sk)
+{
+ struct tls_sw_context_tx *sw_ctx_tx;
+
+ if (!ctx->priv_ctx_tx) {
+ sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
+ if (!sw_ctx_tx)
+ return NULL;
+ } else {
+ sw_ctx_tx = ctx->priv_ctx_tx;
+ }
+
+ crypto_init_wait(&sw_ctx_tx->async_wait);
+ spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
+ INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
+ INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
+ sw_ctx_tx->tx_work.sk = sk;
+
+ return sw_ctx_tx;
+}
+
+static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx)
+{
+ struct tls_sw_context_rx *sw_ctx_rx;
+
+ if (!ctx->priv_ctx_rx) {
+ sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
+ if (!sw_ctx_rx)
+ return NULL;
+ } else {
+ sw_ctx_rx = ctx->priv_ctx_rx;
+ }
+
+ crypto_init_wait(&sw_ctx_rx->async_wait);
+ spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
+ init_waitqueue_head(&sw_ctx_rx->wq);
+ skb_queue_head_init(&sw_ctx_rx->rx_list);
+ skb_queue_head_init(&sw_ctx_rx->async_hold);
+
+ return sw_ctx_rx;
+}
+
int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
{
struct tls_context *tls_ctx = tls_get_ctx(sk);
@@ -2608,48 +2650,22 @@ int tls_set_sw_offload(struct sock *sk, struct tls_context *ctx, int tx)
}
if (tx) {
- if (!ctx->priv_ctx_tx) {
- sw_ctx_tx = kzalloc(sizeof(*sw_ctx_tx), GFP_KERNEL);
- if (!sw_ctx_tx) {
- rc = -ENOMEM;
- goto out;
- }
- ctx->priv_ctx_tx = sw_ctx_tx;
- } else {
- sw_ctx_tx =
- (struct tls_sw_context_tx *)ctx->priv_ctx_tx;
- }
- } else {
- if (!ctx->priv_ctx_rx) {
- sw_ctx_rx = kzalloc(sizeof(*sw_ctx_rx), GFP_KERNEL);
- if (!sw_ctx_rx) {
- rc = -ENOMEM;
- goto out;
- }
- ctx->priv_ctx_rx = sw_ctx_rx;
- } else {
- sw_ctx_rx =
- (struct tls_sw_context_rx *)ctx->priv_ctx_rx;
- }
- }
+ ctx->priv_ctx_tx = init_ctx_tx(ctx, sk);
+ if (!ctx->priv_ctx_tx)
+ return -ENOMEM;
- if (tx) {
- crypto_init_wait(&sw_ctx_tx->async_wait);
- spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
+ sw_ctx_tx = ctx->priv_ctx_tx;
crypto_info = &ctx->crypto_send.info;
cctx = &ctx->tx;
aead = &sw_ctx_tx->aead_send;
- INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
- INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
- sw_ctx_tx->tx_work.sk = sk;
} else {
- crypto_init_wait(&sw_ctx_rx->async_wait);
- spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
- init_waitqueue_head(&sw_ctx_rx->wq);
+ ctx->priv_ctx_rx = init_ctx_rx(ctx);
+ if (!ctx->priv_ctx_rx)
+ return -ENOMEM;
+
+ sw_ctx_rx = ctx->priv_ctx_rx;
crypto_info = &ctx->crypto_recv.info;
cctx = &ctx->rx;
- skb_queue_head_init(&sw_ctx_rx->rx_list);
- skb_queue_head_init(&sw_ctx_rx->async_hold);
aead = &sw_ctx_rx->aead_recv;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 023/197] net: tls: factor out tls_*crypt_async_wait()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (21 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 022/197] tls: extract context alloc/initialization out of tls_set_sw_offload Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 024/197] tls: fix race between async notify and socket close Greg Kroah-Hartman
` (177 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jakub Kicinski, Simon Horman,
Sabrina Dubroca, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit c57ca512f3b68ddcd62bda9cc24a8f5584ab01b1 ]
Factor out waiting for async encrypt and decrypt to finish.
There are already multiple copies and a subsequent fix will
need more. No functional changes.
Note that crypto_wait_req() returns wait->err
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Stable-dep-of: aec7961916f3 ("tls: fix race between async notify and socket close")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 96 +++++++++++++++++++++++-------------------------
1 file changed, 45 insertions(+), 51 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 47ae429e50e3..b146be099a3f 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -229,6 +229,20 @@ static void tls_decrypt_done(crypto_completion_data_t *data, int err)
spin_unlock_bh(&ctx->decrypt_compl_lock);
}
+static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx)
+{
+ int pending;
+
+ spin_lock_bh(&ctx->decrypt_compl_lock);
+ reinit_completion(&ctx->async_wait.completion);
+ pending = atomic_read(&ctx->decrypt_pending);
+ spin_unlock_bh(&ctx->decrypt_compl_lock);
+ if (pending)
+ crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+
+ return ctx->async_wait.err;
+}
+
static int tls_do_decryption(struct sock *sk,
struct scatterlist *sgin,
struct scatterlist *sgout,
@@ -496,6 +510,28 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err)
schedule_delayed_work(&ctx->tx_work.work, 1);
}
+static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)
+{
+ int pending;
+
+ spin_lock_bh(&ctx->encrypt_compl_lock);
+ ctx->async_notify = true;
+
+ pending = atomic_read(&ctx->encrypt_pending);
+ spin_unlock_bh(&ctx->encrypt_compl_lock);
+ if (pending)
+ crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+ else
+ reinit_completion(&ctx->async_wait.completion);
+
+ /* There can be no concurrent accesses, since we have no
+ * pending encrypt operations
+ */
+ WRITE_ONCE(ctx->async_notify, false);
+
+ return ctx->async_wait.err;
+}
+
static int tls_do_encryption(struct sock *sk,
struct tls_context *tls_ctx,
struct tls_sw_context_tx *ctx,
@@ -953,7 +989,6 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
int num_zc = 0;
int orig_size;
int ret = 0;
- int pending;
if (msg->msg_flags & ~(MSG_MORE | MSG_DONTWAIT | MSG_NOSIGNAL |
MSG_CMSG_COMPAT))
@@ -1122,24 +1157,12 @@ int tls_sw_sendmsg(struct sock *sk, struct msghdr *msg, size_t size)
if (!num_async) {
goto send_end;
} else if (num_zc) {
- /* Wait for pending encryptions to get completed */
- spin_lock_bh(&ctx->encrypt_compl_lock);
- ctx->async_notify = true;
-
- pending = atomic_read(&ctx->encrypt_pending);
- spin_unlock_bh(&ctx->encrypt_compl_lock);
- if (pending)
- crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
- else
- reinit_completion(&ctx->async_wait.completion);
-
- /* There can be no concurrent accesses, since we have no
- * pending encrypt operations
- */
- WRITE_ONCE(ctx->async_notify, false);
+ int err;
- if (ctx->async_wait.err) {
- ret = ctx->async_wait.err;
+ /* Wait for pending encryptions to get completed */
+ err = tls_encrypt_async_wait(ctx);
+ if (err) {
+ ret = err;
copied = 0;
}
}
@@ -1171,7 +1194,6 @@ void tls_sw_splice_eof(struct socket *sock)
ssize_t copied = 0;
bool retrying = false;
int ret = 0;
- int pending;
if (!ctx->open_rec)
return;
@@ -1203,22 +1225,7 @@ void tls_sw_splice_eof(struct socket *sock)
}
/* Wait for pending encryptions to get completed */
- spin_lock_bh(&ctx->encrypt_compl_lock);
- ctx->async_notify = true;
-
- pending = atomic_read(&ctx->encrypt_pending);
- spin_unlock_bh(&ctx->encrypt_compl_lock);
- if (pending)
- crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
- else
- reinit_completion(&ctx->async_wait.completion);
-
- /* There can be no concurrent accesses, since we have no pending
- * encrypt operations
- */
- WRITE_ONCE(ctx->async_notify, false);
-
- if (ctx->async_wait.err)
+ if (tls_encrypt_async_wait(ctx))
goto unlock;
/* Transmit if any encryptions have completed */
@@ -2197,16 +2204,10 @@ int tls_sw_recvmsg(struct sock *sk,
recv_end:
if (async) {
- int ret, pending;
+ int ret;
/* Wait for all previously submitted records to be decrypted */
- spin_lock_bh(&ctx->decrypt_compl_lock);
- reinit_completion(&ctx->async_wait.completion);
- pending = atomic_read(&ctx->decrypt_pending);
- spin_unlock_bh(&ctx->decrypt_compl_lock);
- ret = 0;
- if (pending)
- ret = crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+ ret = tls_decrypt_async_wait(ctx);
__skb_queue_purge(&ctx->async_hold);
if (ret) {
@@ -2425,16 +2426,9 @@ void tls_sw_release_resources_tx(struct sock *sk)
struct tls_context *tls_ctx = tls_get_ctx(sk);
struct tls_sw_context_tx *ctx = tls_sw_ctx_tx(tls_ctx);
struct tls_rec *rec, *tmp;
- int pending;
/* Wait for any pending async encryptions to complete */
- spin_lock_bh(&ctx->encrypt_compl_lock);
- ctx->async_notify = true;
- pending = atomic_read(&ctx->encrypt_pending);
- spin_unlock_bh(&ctx->encrypt_compl_lock);
-
- if (pending)
- crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+ tls_encrypt_async_wait(ctx);
tls_tx_records(sk, -1);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 024/197] tls: fix race between async notify and socket close
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (22 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 023/197] net: tls: factor out tls_*crypt_async_wait() Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 025/197] net: tls: fix use-after-free with partial reads and async decrypt Greg Kroah-Hartman
` (176 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, valis, Jakub Kicinski, Simon Horman,
Eric Dumazet, Sabrina Dubroca, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit aec7961916f3f9e88766e2688992da6980f11b8d ]
The submitting thread (one which called recvmsg/sendmsg)
may exit as soon as the async crypto handler calls complete()
so any code past that point risks touching already freed data.
Try to avoid the locking and extra flags altogether.
Have the main thread hold an extra reference, this way
we can depend solely on the atomic ref counter for
synchronization.
Don't futz with reiniting the completion, either, we are now
tightly controlling when completion fires.
Reported-by: valis <sec@valis.email>
Fixes: 0cada33241d9 ("net/tls: fix race condition causing kernel panic")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/tls.h | 5 -----
net/tls/tls_sw.c | 43 ++++++++++---------------------------------
2 files changed, 10 insertions(+), 38 deletions(-)
diff --git a/include/net/tls.h b/include/net/tls.h
index c36bf4c50027..899c863aba02 100644
--- a/include/net/tls.h
+++ b/include/net/tls.h
@@ -108,9 +108,6 @@ struct tls_sw_context_tx {
struct tls_rec *open_rec;
struct list_head tx_list;
atomic_t encrypt_pending;
- /* protect crypto_wait with encrypt_pending */
- spinlock_t encrypt_compl_lock;
- int async_notify;
u8 async_capable:1;
#define BIT_TX_SCHEDULED 0
@@ -147,8 +144,6 @@ struct tls_sw_context_rx {
struct tls_strparser strp;
atomic_t decrypt_pending;
- /* protect crypto_wait with decrypt_pending*/
- spinlock_t decrypt_compl_lock;
struct sk_buff_head async_hold;
struct wait_queue_head wq;
};
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index b146be099a3f..ee11932237c0 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -223,22 +223,15 @@ static void tls_decrypt_done(crypto_completion_data_t *data, int err)
kfree(aead_req);
- spin_lock_bh(&ctx->decrypt_compl_lock);
- if (!atomic_dec_return(&ctx->decrypt_pending))
+ if (atomic_dec_and_test(&ctx->decrypt_pending))
complete(&ctx->async_wait.completion);
- spin_unlock_bh(&ctx->decrypt_compl_lock);
}
static int tls_decrypt_async_wait(struct tls_sw_context_rx *ctx)
{
- int pending;
-
- spin_lock_bh(&ctx->decrypt_compl_lock);
- reinit_completion(&ctx->async_wait.completion);
- pending = atomic_read(&ctx->decrypt_pending);
- spin_unlock_bh(&ctx->decrypt_compl_lock);
- if (pending)
+ if (!atomic_dec_and_test(&ctx->decrypt_pending))
crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
+ atomic_inc(&ctx->decrypt_pending);
return ctx->async_wait.err;
}
@@ -266,6 +259,7 @@ static int tls_do_decryption(struct sock *sk,
aead_request_set_callback(aead_req,
CRYPTO_TFM_REQ_MAY_BACKLOG,
tls_decrypt_done, aead_req);
+ DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->decrypt_pending) < 1);
atomic_inc(&ctx->decrypt_pending);
} else {
aead_request_set_callback(aead_req,
@@ -455,7 +449,6 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err)
struct tls_rec *rec;
bool ready = false;
struct sock *sk;
- int pending;
rec = container_of(aead_req, struct tls_rec, aead_req);
msg_en = &rec->msg_encrypted;
@@ -495,12 +488,8 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err)
ready = true;
}
- spin_lock_bh(&ctx->encrypt_compl_lock);
- pending = atomic_dec_return(&ctx->encrypt_pending);
-
- if (!pending && ctx->async_notify)
+ if (atomic_dec_and_test(&ctx->encrypt_pending))
complete(&ctx->async_wait.completion);
- spin_unlock_bh(&ctx->encrypt_compl_lock);
if (!ready)
return;
@@ -512,22 +501,9 @@ static void tls_encrypt_done(crypto_completion_data_t *data, int err)
static int tls_encrypt_async_wait(struct tls_sw_context_tx *ctx)
{
- int pending;
-
- spin_lock_bh(&ctx->encrypt_compl_lock);
- ctx->async_notify = true;
-
- pending = atomic_read(&ctx->encrypt_pending);
- spin_unlock_bh(&ctx->encrypt_compl_lock);
- if (pending)
+ if (!atomic_dec_and_test(&ctx->encrypt_pending))
crypto_wait_req(-EINPROGRESS, &ctx->async_wait);
- else
- reinit_completion(&ctx->async_wait.completion);
-
- /* There can be no concurrent accesses, since we have no
- * pending encrypt operations
- */
- WRITE_ONCE(ctx->async_notify, false);
+ atomic_inc(&ctx->encrypt_pending);
return ctx->async_wait.err;
}
@@ -578,6 +554,7 @@ static int tls_do_encryption(struct sock *sk,
/* Add the record in tx_list */
list_add_tail((struct list_head *)&rec->list, &ctx->tx_list);
+ DEBUG_NET_WARN_ON_ONCE(atomic_read(&ctx->encrypt_pending) < 1);
atomic_inc(&ctx->encrypt_pending);
rc = crypto_aead_encrypt(aead_req);
@@ -2594,7 +2571,7 @@ static struct tls_sw_context_tx *init_ctx_tx(struct tls_context *ctx, struct soc
}
crypto_init_wait(&sw_ctx_tx->async_wait);
- spin_lock_init(&sw_ctx_tx->encrypt_compl_lock);
+ atomic_set(&sw_ctx_tx->encrypt_pending, 1);
INIT_LIST_HEAD(&sw_ctx_tx->tx_list);
INIT_DELAYED_WORK(&sw_ctx_tx->tx_work.work, tx_work_handler);
sw_ctx_tx->tx_work.sk = sk;
@@ -2615,7 +2592,7 @@ static struct tls_sw_context_rx *init_ctx_rx(struct tls_context *ctx)
}
crypto_init_wait(&sw_ctx_rx->async_wait);
- spin_lock_init(&sw_ctx_rx->decrypt_compl_lock);
+ atomic_set(&sw_ctx_rx->decrypt_pending, 1);
init_waitqueue_head(&sw_ctx_rx->wq);
skb_queue_head_init(&sw_ctx_rx->rx_list);
skb_queue_head_init(&sw_ctx_rx->async_hold);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 025/197] net: tls: fix use-after-free with partial reads and async decrypt
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (23 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 024/197] tls: fix race between async notify and socket close Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 026/197] net: tls: fix returned read length with " Greg Kroah-Hartman
` (175 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, Jakub Kicinski,
Simon Horman, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sabrina Dubroca <sd@queasysnail.net>
[ Upstream commit 32b55c5ff9103b8508c1e04bfa5a08c64e7a925f ]
tls_decrypt_sg doesn't take a reference on the pages from clear_skb,
so the put_page() in tls_decrypt_done releases them, and we trigger
a use-after-free in process_rx_list when we try to read from the
partially-read skb.
Fixes: fd31f3996af2 ("tls: rx: decrypt into a fresh skb")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index ee11932237c0..d651c50746a8 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -62,6 +62,7 @@ struct tls_decrypt_ctx {
u8 iv[MAX_IV_SIZE];
u8 aad[TLS_MAX_AAD_SIZE];
u8 tail;
+ bool free_sgout;
struct scatterlist sg[];
};
@@ -186,7 +187,6 @@ static void tls_decrypt_done(crypto_completion_data_t *data, int err)
struct aead_request *aead_req = crypto_get_completion_data(data);
struct crypto_aead *aead = crypto_aead_reqtfm(aead_req);
struct scatterlist *sgout = aead_req->dst;
- struct scatterlist *sgin = aead_req->src;
struct tls_sw_context_rx *ctx;
struct tls_decrypt_ctx *dctx;
struct tls_context *tls_ctx;
@@ -212,7 +212,7 @@ static void tls_decrypt_done(crypto_completion_data_t *data, int err)
}
/* Free the destination pages if skb was not decrypted inplace */
- if (sgout != sgin) {
+ if (dctx->free_sgout) {
/* Skip the first S/G entry as it points to AAD */
for_each_sg(sg_next(sgout), sg, UINT_MAX, pages) {
if (!sg)
@@ -1653,6 +1653,7 @@ static int tls_decrypt_sg(struct sock *sk, struct iov_iter *out_iov,
} else if (out_sg) {
memcpy(sgout, out_sg, n_sgout * sizeof(*sgout));
}
+ dctx->free_sgout = !!pages;
/* Prepare and submit AEAD request */
err = tls_do_decryption(sk, sgin, sgout, dctx->iv,
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 026/197] net: tls: fix returned read length with async decrypt
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (24 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 025/197] net: tls: fix use-after-free with partial reads and async decrypt Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 027/197] spi: ppc4xx: Drop write-only variable Greg Kroah-Hartman
` (174 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sabrina Dubroca, Jakub Kicinski,
Simon Horman, David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jakub Kicinski <kuba@kernel.org>
[ Upstream commit ac437a51ce662364062f704e321227f6728e6adc ]
We double count async, non-zc rx data. The previous fix was
lucky because if we fully zc async_copy_bytes is 0 so we add 0.
Decrypted already has all the bytes we handled, in all cases.
We don't have to adjust anything, delete the erroneous line.
Fixes: 4d42cd6bc2ac ("tls: rx: fix return value for async crypto")
Co-developed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/tls/tls_sw.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index d651c50746a8..09d258bb2df7 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2202,7 +2202,6 @@ int tls_sw_recvmsg(struct sock *sk,
else
err = process_rx_list(ctx, msg, &control, 0,
async_copy_bytes, is_peek);
- decrypted += max(err, 0);
}
copied += decrypted;
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 027/197] spi: ppc4xx: Drop write-only variable
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (25 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 026/197] net: tls: fix returned read length with " Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 028/197] ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Greg Kroah-Hartman
` (173 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
[ Upstream commit b3aa619a8b4706f35cb62f780c14e68796b37f3f ]
Since commit 24778be20f87 ("spi: convert drivers to use
bits_per_word_mask") the bits_per_word variable is only written to. The
check that was there before isn't needed any more as the spi core
ensures that only 8 bit transfers are used, so the variable can go away
together with all assignments to it.
Fixes: 24778be20f87 ("spi: convert drivers to use bits_per_word_mask")
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Link: https://lore.kernel.org/r/20240210164006.208149-8-u.kleine-koenig@pengutronix.de
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/spi/spi-ppc4xx.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/drivers/spi/spi-ppc4xx.c b/drivers/spi/spi-ppc4xx.c
index d65f047b6c82..1179a1115137 100644
--- a/drivers/spi/spi-ppc4xx.c
+++ b/drivers/spi/spi-ppc4xx.c
@@ -166,10 +166,8 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t)
int scr;
u8 cdm = 0;
u32 speed;
- u8 bits_per_word;
/* Start with the generic configuration for this device. */
- bits_per_word = spi->bits_per_word;
speed = spi->max_speed_hz;
/*
@@ -177,9 +175,6 @@ static int spi_ppc4xx_setupxfer(struct spi_device *spi, struct spi_transfer *t)
* the transfer to overwrite the generic configuration with zeros.
*/
if (t) {
- if (t->bits_per_word)
- bits_per_word = t->bits_per_word;
-
if (t->speed_hz)
speed = min(t->speed_hz, spi->max_speed_hz);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 028/197] ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (26 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 027/197] spi: ppc4xx: Drop write-only variable Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 029/197] net: sysfs: Fix /sys/class/net/<iface> path for statistics Greg Kroah-Hartman
` (172 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Alexey Khoroshilov, Mark Brown,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexey Khoroshilov <khoroshilov@ispras.ru>
[ Upstream commit 6ef5d5b92f7117b324efaac72b3db27ae8bb3082 ]
There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex
is left locked forever. That may lead to deadlock
when rt5645_jack_detect_work() is called for the second time.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: cdba4301adda ("ASoC: rt5650: add mutex to avoid the jack detection failure")
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Link: https://lore.kernel.org/r/1707645514-21196-1-git-send-email-khoroshilov@ispras.ru
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
sound/soc/codecs/rt5645.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/sound/soc/codecs/rt5645.c b/sound/soc/codecs/rt5645.c
index fd3dca08460b..844d14d4c9a5 100644
--- a/sound/soc/codecs/rt5645.c
+++ b/sound/soc/codecs/rt5645.c
@@ -3288,6 +3288,7 @@ static void rt5645_jack_detect_work(struct work_struct *work)
report, SND_JACK_HEADPHONE);
snd_soc_jack_report(rt5645->mic_jack,
report, SND_JACK_MICROPHONE);
+ mutex_unlock(&rt5645->jd_mutex);
return;
case 4:
val = snd_soc_component_read(rt5645->component, RT5645_A_JD_CTRL1) & 0x0020;
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 029/197] net: sysfs: Fix /sys/class/net/<iface> path for statistics
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (27 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 028/197] ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 030/197] nouveau/svm: fix kvcalloc() argument order Greg Kroah-Hartman
` (171 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Breno Leitao, Andrew Lunn,
David S. Miller, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Breno Leitao <leitao@debian.org>
[ Upstream commit 5b3fbd61b9d1f4ed2db95aaf03f9adae0373784d ]
The Documentation/ABI/testing/sysfs-class-net-statistics documentation
is pointing to the wrong path for the interface. Documentation is
pointing to /sys/class/<iface>, instead of /sys/class/net/<iface>.
Fix it by adding the `net/` directory before the interface.
Fixes: 6044f9700645 ("net: sysfs: document /sys/class/net/statistics/*")
Signed-off-by: Breno Leitao <leitao@debian.org>
Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ABI/testing/sysfs-class-net-statistics | 48 +++++++++----------
1 file changed, 24 insertions(+), 24 deletions(-)
diff --git a/Documentation/ABI/testing/sysfs-class-net-statistics b/Documentation/ABI/testing/sysfs-class-net-statistics
index 55db27815361..53e508c6936a 100644
--- a/Documentation/ABI/testing/sysfs-class-net-statistics
+++ b/Documentation/ABI/testing/sysfs-class-net-statistics
@@ -1,4 +1,4 @@
-What: /sys/class/<iface>/statistics/collisions
+What: /sys/class/net/<iface>/statistics/collisions
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -6,7 +6,7 @@ Description:
Indicates the number of collisions seen by this network device.
This value might not be relevant with all MAC layers.
-What: /sys/class/<iface>/statistics/multicast
+What: /sys/class/net/<iface>/statistics/multicast
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -14,7 +14,7 @@ Description:
Indicates the number of multicast packets received by this
network device.
-What: /sys/class/<iface>/statistics/rx_bytes
+What: /sys/class/net/<iface>/statistics/rx_bytes
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -23,7 +23,7 @@ Description:
See the network driver for the exact meaning of when this
value is incremented.
-What: /sys/class/<iface>/statistics/rx_compressed
+What: /sys/class/net/<iface>/statistics/rx_compressed
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -32,7 +32,7 @@ Description:
network device. This value might only be relevant for interfaces
that support packet compression (e.g: PPP).
-What: /sys/class/<iface>/statistics/rx_crc_errors
+What: /sys/class/net/<iface>/statistics/rx_crc_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -41,7 +41,7 @@ Description:
by this network device. Note that the specific meaning might
depend on the MAC layer used by the interface.
-What: /sys/class/<iface>/statistics/rx_dropped
+What: /sys/class/net/<iface>/statistics/rx_dropped
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -51,7 +51,7 @@ Description:
packet processing. See the network driver for the exact
meaning of this value.
-What: /sys/class/<iface>/statistics/rx_errors
+What: /sys/class/net/<iface>/statistics/rx_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -59,7 +59,7 @@ Description:
Indicates the number of receive errors on this network device.
See the network driver for the exact meaning of this value.
-What: /sys/class/<iface>/statistics/rx_fifo_errors
+What: /sys/class/net/<iface>/statistics/rx_fifo_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -68,7 +68,7 @@ Description:
network device. See the network driver for the exact
meaning of this value.
-What: /sys/class/<iface>/statistics/rx_frame_errors
+What: /sys/class/net/<iface>/statistics/rx_frame_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -78,7 +78,7 @@ Description:
on the MAC layer protocol used. See the network driver for
the exact meaning of this value.
-What: /sys/class/<iface>/statistics/rx_length_errors
+What: /sys/class/net/<iface>/statistics/rx_length_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -87,7 +87,7 @@ Description:
error, oversized or undersized. See the network driver for the
exact meaning of this value.
-What: /sys/class/<iface>/statistics/rx_missed_errors
+What: /sys/class/net/<iface>/statistics/rx_missed_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -96,7 +96,7 @@ Description:
due to lack of capacity in the receive side. See the network
driver for the exact meaning of this value.
-What: /sys/class/<iface>/statistics/rx_nohandler
+What: /sys/class/net/<iface>/statistics/rx_nohandler
Date: February 2016
KernelVersion: 4.6
Contact: netdev@vger.kernel.org
@@ -104,7 +104,7 @@ Description:
Indicates the number of received packets that were dropped on
an inactive device by the network core.
-What: /sys/class/<iface>/statistics/rx_over_errors
+What: /sys/class/net/<iface>/statistics/rx_over_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -114,7 +114,7 @@ Description:
(e.g: larger than MTU). See the network driver for the exact
meaning of this value.
-What: /sys/class/<iface>/statistics/rx_packets
+What: /sys/class/net/<iface>/statistics/rx_packets
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -122,7 +122,7 @@ Description:
Indicates the total number of good packets received by this
network device.
-What: /sys/class/<iface>/statistics/tx_aborted_errors
+What: /sys/class/net/<iface>/statistics/tx_aborted_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -132,7 +132,7 @@ Description:
a medium collision). See the network driver for the exact
meaning of this value.
-What: /sys/class/<iface>/statistics/tx_bytes
+What: /sys/class/net/<iface>/statistics/tx_bytes
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -143,7 +143,7 @@ Description:
transmitted packets or all packets that have been queued for
transmission.
-What: /sys/class/<iface>/statistics/tx_carrier_errors
+What: /sys/class/net/<iface>/statistics/tx_carrier_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -152,7 +152,7 @@ Description:
because of carrier errors (e.g: physical link down). See the
network driver for the exact meaning of this value.
-What: /sys/class/<iface>/statistics/tx_compressed
+What: /sys/class/net/<iface>/statistics/tx_compressed
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -161,7 +161,7 @@ Description:
this might only be relevant for devices that support
compression (e.g: PPP).
-What: /sys/class/<iface>/statistics/tx_dropped
+What: /sys/class/net/<iface>/statistics/tx_dropped
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -170,7 +170,7 @@ Description:
See the driver for the exact reasons as to why the packets were
dropped.
-What: /sys/class/<iface>/statistics/tx_errors
+What: /sys/class/net/<iface>/statistics/tx_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -179,7 +179,7 @@ Description:
a network device. See the driver for the exact reasons as to
why the packets were dropped.
-What: /sys/class/<iface>/statistics/tx_fifo_errors
+What: /sys/class/net/<iface>/statistics/tx_fifo_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -188,7 +188,7 @@ Description:
FIFO error. See the driver for the exact reasons as to why the
packets were dropped.
-What: /sys/class/<iface>/statistics/tx_heartbeat_errors
+What: /sys/class/net/<iface>/statistics/tx_heartbeat_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -197,7 +197,7 @@ Description:
reported as heartbeat errors. See the driver for the exact
reasons as to why the packets were dropped.
-What: /sys/class/<iface>/statistics/tx_packets
+What: /sys/class/net/<iface>/statistics/tx_packets
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
@@ -206,7 +206,7 @@ Description:
device. See the driver for whether this reports the number of all
attempted or successful transmissions.
-What: /sys/class/<iface>/statistics/tx_window_errors
+What: /sys/class/net/<iface>/statistics/tx_window_errors
Date: April 2005
KernelVersion: 2.6.12
Contact: netdev@vger.kernel.org
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 030/197] nouveau/svm: fix kvcalloc() argument order
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (28 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 029/197] net: sysfs: Fix /sys/class/net/<iface> path for statistics Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 031/197] MIPS: Add memory clobber to csum_ipv6_magic() inline assembler Greg Kroah-Hartman
` (170 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Danilo Krummrich,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 2c80a2b715df75881359d07dbaacff8ad411f40e ]
The conversion to kvcalloc() mixed up the object size and count
arguments, causing a warning:
drivers/gpu/drm/nouveau/nouveau_svm.c: In function 'nouveau_svm_fault_buffer_ctor':
drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: error: 'kvcalloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
1010 | buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL);
| ^
drivers/gpu/drm/nouveau/nouveau_svm.c:1010:40: note: earlier argument should specify number of elements, later size of each element
The behavior is still correct aside from the warning, but fixing it avoids
the warnings and can help the compiler track the individual objects better.
Fixes: 71e4bbca070e ("nouveau/svm: Use kvcalloc() instead of kvzalloc()")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Danilo Krummrich <dakr@redhat.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20240212112230.1117284-1-arnd@kernel.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/gpu/drm/nouveau/nouveau_svm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nouveau_svm.c b/drivers/gpu/drm/nouveau/nouveau_svm.c
index 31a5b81ee9fc..be6674fb1af7 100644
--- a/drivers/gpu/drm/nouveau/nouveau_svm.c
+++ b/drivers/gpu/drm/nouveau/nouveau_svm.c
@@ -997,7 +997,7 @@ nouveau_svm_fault_buffer_ctor(struct nouveau_svm *svm, s32 oclass, int id)
if (ret)
return ret;
- buffer->fault = kvcalloc(sizeof(*buffer->fault), buffer->entries, GFP_KERNEL);
+ buffer->fault = kvcalloc(buffer->entries, sizeof(*buffer->fault), GFP_KERNEL);
if (!buffer->fault)
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 031/197] MIPS: Add memory clobber to csum_ipv6_magic() inline assembler
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (29 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 030/197] nouveau/svm: fix kvcalloc() argument order Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 032/197] i40e: Do not allow untrusted VF to remove administratively set MAC Greg Kroah-Hartman
` (169 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Charlie Jenkins, Palmer Dabbelt,
Guenter Roeck, Thomas Bogendoerfer, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guenter Roeck <linux@roeck-us.net>
[ Upstream commit d55347bfe4e66dce2e1e7501e5492f4af3e315f8 ]
After 'lib: checksum: Use aligned accesses for ip_fast_csum and
csum_ipv6_magic tests' was applied, the test_csum_ipv6_magic unit test
started failing for all mips platforms, both little and bit endian.
Oddly enough, adding debug code into test_csum_ipv6_magic() made the
problem disappear.
The gcc manual says:
"The "memory" clobber tells the compiler that the assembly code performs
memory reads or writes to items other than those listed in the input
and output operands (for example, accessing the memory pointed to by one
of the input parameters)
"
This is definitely the case for csum_ipv6_magic(). Indeed, adding the
'memory' clobber fixes the problem.
Cc: Charlie Jenkins <charlie@rivosinc.com>
Cc: Palmer Dabbelt <palmer@rivosinc.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Charlie Jenkins <charlie@rivosinc.com>
Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/mips/include/asm/checksum.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/arch/mips/include/asm/checksum.h b/arch/mips/include/asm/checksum.h
index 4044eaf989ac..0921ddda11a4 100644
--- a/arch/mips/include/asm/checksum.h
+++ b/arch/mips/include/asm/checksum.h
@@ -241,7 +241,8 @@ static __inline__ __sum16 csum_ipv6_magic(const struct in6_addr *saddr,
" .set pop"
: "=&r" (sum), "=&r" (tmp)
: "r" (saddr), "r" (daddr),
- "0" (htonl(len)), "r" (htonl(proto)), "r" (sum));
+ "0" (htonl(len)), "r" (htonl(proto)), "r" (sum)
+ : "memory");
return csum_fold(sum);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 032/197] i40e: Do not allow untrusted VF to remove administratively set MAC
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (30 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 031/197] MIPS: Add memory clobber to csum_ipv6_magic() inline assembler Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 033/197] i40e: Fix waiting for queues of all VSIs to be disabled Greg Kroah-Hartman
` (168 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ivan Vecera, Simon Horman,
Rafal Romanowski, Tony Nguyen, Jakub Kicinski, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit 73d9629e1c8c1982f13688c4d1019c3994647ccc ]
Currently when PF administratively sets VF's MAC address and the VF
is put down (VF tries to delete all MACs) then the MAC is removed
from MAC filters and primary VF MAC is zeroed.
Do not allow untrusted VF to remove primary MAC when it was set
administratively by PF.
Reproducer:
1) Create VF
2) Set VF interface up
3) Administratively set the VF's MAC
4) Put VF interface down
[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs
[root@host ~]# ip link set enp2s0f0v0 up
[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d
[root@host ~]# ip link show enp2s0f0
23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff
vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
[root@host ~]# ip link set enp2s0f0v0 down
[root@host ~]# ip link show enp2s0f0
23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff
vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off
Fixes: 700bbf6c1f9e ("i40e: allow VF to remove any MAC filter")
Fixes: ceb29474bbbc ("i40e: Add support for VF to specify its primary MAC address")
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Tested-by: Rafal Romanowski <rafal.romanowski@intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20240208180335.1844996-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../ethernet/intel/i40e/i40e_virtchnl_pf.c | 38 ++++++++++++++++---
1 file changed, 33 insertions(+), 5 deletions(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
index 3d3db58090ed..ed4be80fec2a 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c
@@ -2846,6 +2846,24 @@ static int i40e_vc_get_stats_msg(struct i40e_vf *vf, u8 *msg)
(u8 *)&stats, sizeof(stats));
}
+/**
+ * i40e_can_vf_change_mac
+ * @vf: pointer to the VF info
+ *
+ * Return true if the VF is allowed to change its MAC filters, false otherwise
+ */
+static bool i40e_can_vf_change_mac(struct i40e_vf *vf)
+{
+ /* If the VF MAC address has been set administratively (via the
+ * ndo_set_vf_mac command), then deny permission to the VF to
+ * add/delete unicast MAC addresses, unless the VF is trusted
+ */
+ if (vf->pf_set_mac && !vf->trusted)
+ return false;
+
+ return true;
+}
+
#define I40E_MAX_MACVLAN_PER_HW 3072
#define I40E_MAX_MACVLAN_PER_PF(num_ports) (I40E_MAX_MACVLAN_PER_HW / \
(num_ports))
@@ -2905,8 +2923,8 @@ static inline int i40e_check_vf_permission(struct i40e_vf *vf,
* The VF may request to set the MAC address filter already
* assigned to it so do not return an error in that case.
*/
- if (!test_bit(I40E_VIRTCHNL_VF_CAP_PRIVILEGE, &vf->vf_caps) &&
- !is_multicast_ether_addr(addr) && vf->pf_set_mac &&
+ if (!i40e_can_vf_change_mac(vf) &&
+ !is_multicast_ether_addr(addr) &&
!ether_addr_equal(addr, vf->default_lan_addr.addr)) {
dev_err(&pf->pdev->dev,
"VF attempting to override administratively set MAC address, bring down and up the VF interface to resume normal operation\n");
@@ -3049,19 +3067,29 @@ static int i40e_vc_del_mac_addr_msg(struct i40e_vf *vf, u8 *msg)
ret = I40E_ERR_INVALID_MAC_ADDR;
goto error_param;
}
- if (ether_addr_equal(al->list[i].addr, vf->default_lan_addr.addr))
- was_unimac_deleted = true;
}
vsi = pf->vsi[vf->lan_vsi_idx];
spin_lock_bh(&vsi->mac_filter_hash_lock);
/* delete addresses from the list */
- for (i = 0; i < al->num_elements; i++)
+ for (i = 0; i < al->num_elements; i++) {
+ const u8 *addr = al->list[i].addr;
+
+ /* Allow to delete VF primary MAC only if it was not set
+ * administratively by PF or if VF is trusted.
+ */
+ if (ether_addr_equal(addr, vf->default_lan_addr.addr) &&
+ i40e_can_vf_change_mac(vf))
+ was_unimac_deleted = true;
+ else
+ continue;
+
if (i40e_del_mac_filter(vsi, al->list[i].addr)) {
ret = I40E_ERR_INVALID_MAC_ADDR;
spin_unlock_bh(&vsi->mac_filter_hash_lock);
goto error_param;
}
+ }
spin_unlock_bh(&vsi->mac_filter_hash_lock);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 033/197] i40e: Fix waiting for queues of all VSIs to be disabled
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (31 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 032/197] i40e: Do not allow untrusted VF to remove administratively set MAC Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 034/197] scs: add CONFIG_MMU dependency for vfree_atomic() Greg Kroah-Hartman
` (167 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ivan Vecera, Jacob Keller,
Wojciech Drewek, Tony Nguyen, Sasha Levin, Pucha Himasekhar Reddy
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit c73729b64bb692186da080602cd13612783f52ac ]
The function i40e_pf_wait_queues_disabled() iterates all PF's VSIs
up to 'pf->hw.func_caps.num_vsis' but this is incorrect because
the real number of VSIs can be up to 'pf->num_alloc_vsi' that
can be higher. Fix this loop.
Fixes: 69129dc39fac ("i40e: Modify Tx disable wait flow in case of DCB reconfiguration")
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Reviewed-by: Wojciech Drewek <wojciech.drewek@intel.com>
Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 63d43ef86f9b..76455405a6d8 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -5333,7 +5333,7 @@ static int i40e_pf_wait_queues_disabled(struct i40e_pf *pf)
{
int v, ret = 0;
- for (v = 0; v < pf->hw.func_caps.num_vsis; v++) {
+ for (v = 0; v < pf->num_alloc_vsi; v++) {
if (pf->vsi[v]) {
ret = i40e_vsi_wait_queues_disabled(pf->vsi[v]);
if (ret)
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 034/197] scs: add CONFIG_MMU dependency for vfree_atomic()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (32 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 033/197] i40e: Fix waiting for queues of all VSIs to be disabled Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 035/197] tracing/trigger: Fix to return error if failed to alloc snapshot Greg Kroah-Hartman
` (166 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Samuel Holland, Sami Tolvanen,
Will Deacon, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Samuel Holland <samuel.holland@sifive.com>
commit 6f9dc684cae638dda0570154509884ee78d0f75c upstream.
The shadow call stack implementation fails to build without CONFIG_MMU:
ld.lld: error: undefined symbol: vfree_atomic
>>> referenced by scs.c
>>> kernel/scs.o:(scs_free) in archive vmlinux.a
Link: https://lkml.kernel.org/r/20240122175204.2371009-1-samuel.holland@sifive.com
Fixes: a2abe7cbd8fe ("scs: switch to vmapped shadow stacks")
Signed-off-by: Samuel Holland <samuel.holland@sifive.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Cc: Will Deacon <will@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/Kconfig | 1 +
1 file changed, 1 insertion(+)
--- a/arch/Kconfig
+++ b/arch/Kconfig
@@ -642,6 +642,7 @@ config SHADOW_CALL_STACK
bool "Shadow Call Stack"
depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
depends on DYNAMIC_FTRACE_WITH_ARGS || DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
+ depends on MMU
help
This option enables the compiler's Shadow Call Stack, which
uses a shadow stack to protect function return addresses from
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 035/197] tracing/trigger: Fix to return error if failed to alloc snapshot
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (33 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 034/197] scs: add CONFIG_MMU dependency for vfree_atomic() Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages Greg Kroah-Hartman
` (165 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vincent Donnefort,
Masami Hiramatsu (Google), Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masami Hiramatsu (Google) <mhiramat@kernel.org>
commit 0958b33ef5a04ed91f61cef4760ac412080c4e08 upstream.
Fix register_snapshot_trigger() to return error code if it failed to
allocate a snapshot instead of 0 (success). Unless that, it will register
snapshot trigger without an error.
Link: https://lore.kernel.org/linux-trace-kernel/170622977792.270660.2789298642759362200.stgit@devnote2
Fixes: 0bbe7f719985 ("tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation")
Cc: stable@vger.kernel.org
Cc: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace_events_trigger.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/kernel/trace/trace_events_trigger.c
+++ b/kernel/trace/trace_events_trigger.c
@@ -1455,8 +1455,10 @@ register_snapshot_trigger(char *glob,
struct event_trigger_data *data,
struct trace_event_file *file)
{
- if (tracing_alloc_snapshot_instance(file->tr) != 0)
- return 0;
+ int ret = tracing_alloc_snapshot_instance(file->tr);
+
+ if (ret < 0)
+ return ret;
return register_trigger(glob, data, file);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (34 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 035/197] tracing/trigger: Fix to return error if failed to alloc snapshot Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 21:05 ` Matthew Wilcox
2024-02-20 20:49 ` [PATCH 6.1 037/197] mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Greg Kroah-Hartman
` (164 subsequent siblings)
200 siblings, 1 reply; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Kara, Matthew Wilcox, Guo Xuenan,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Kara <jack@suse.cz>
commit ab4443fe3ca6298663a55c4a70efc6c3ce913ca6 upstream.
ra_alloc_folio() marks a page that should trigger next round of async
readahead. However it rounds up computed index to the order of page being
allocated. This can however lead to multiple consecutive pages being
marked with readahead flag. Consider situation with index == 1, mark ==
1, order == 0. We insert order 0 page at index 1 and mark it. Then we
bump order to 1, index to 2, mark (still == 1) is rounded up to 2 so page
at index 2 is marked as well. Then we bump order to 2, index is
incremented to 4, mark gets rounded to 4 so page at index 4 is marked as
well. The fact that multiple pages get marked within a single readahead
window confuses the readahead logic and results in readahead window being
trimmed back to 1. This situation is triggered in particular when maximum
readahead window size is not a power of two (in the observed case it was
768 KB) and as a result sequential read throughput suffers.
Fix the problem by rounding 'mark' down instead of up. Because the index
is naturally aligned to 'order', we are guaranteed 'rounded mark' == index
iff 'mark' is within the page we are allocating at 'index' and thus
exactly one page is marked with readahead flag as required by the
readahead code and sequential read performance is restored.
This effectively reverts part of commit b9ff43dd2743 ("mm/readahead: Fix
readahead with large folios"). The commit changed the rounding with the
rationale:
"... we were setting the readahead flag on the folio which contains the
last byte read from the block. This is wrong because we will trigger
readahead at the end of the read without waiting to see if a subsequent
read is going to use the pages we just read."
Although this is true, the fact is this was always the case with read
sizes not aligned to folio boundaries and large folios in the page cache
just make the situation more obvious (and frequent). Also for sequential
read workloads it is better to trigger the readahead earlier rather than
later. It is true that the difference in the rounding and thus earlier
triggering of the readahead can result in reading more for semi-random
workloads. However workloads really suffering from this seem to be rare.
In particular I have verified that the workload described in commit
b9ff43dd2743 ("mm/readahead: Fix readahead with large folios") of reading
random 100k blocks from a file like:
[reader]
bs=100k
rw=randread
numjobs=1
size=64g
runtime=60s
is not impacted by the rounding change and achieves ~70MB/s in both cases.
[jack@suse.cz: fix one more place where mark rounding was done as well]
Link: https://lkml.kernel.org/r/20240123153254.5206-1-jack@suse.cz
Link: https://lkml.kernel.org/r/20240104085839.21029-1-jack@suse.cz
Fixes: b9ff43dd2743 ("mm/readahead: Fix readahead with large folios")
Signed-off-by: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Guo Xuenan <guoxuenan@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/readahead.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/readahead.c
+++ b/mm/readahead.c
@@ -483,7 +483,7 @@ static inline int ra_alloc_folio(struct
if (!folio)
return -ENOMEM;
- mark = round_up(mark, 1UL << order);
+ mark = round_down(mark, 1UL << order);
if (index == mark)
folio_set_readahead(folio);
err = filemap_add_folio(ractl->mapping, folio, index, gfp);
@@ -591,7 +591,7 @@ static void ondemand_readahead(struct re
* It's the expected callback index, assume sequential access.
* Ramp up sizes, and push forward the readahead window.
*/
- expected = round_up(ra->start + ra->size - ra->async_size,
+ expected = round_down(ra->start + ra->size - ra->async_size,
1UL << order);
if (index == expected || index == (ra->start + ra->size)) {
ra->start += ra->size;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 037/197] mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (35 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 038/197] scsi: storvsc: Fix ring buffer size calculation Greg Kroah-Hartman
` (163 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zach OKeefe, Maxim Patlasov,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zach O'Keefe <zokeefe@google.com>
commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78 upstream.
(struct dirty_throttle_control *)->thresh is an unsigned long, but is
passed as the u32 divisor argument to div_u64(). On architectures where
unsigned long is 64 bytes, the argument will be implicitly truncated.
Use div64_u64() instead of div_u64() so that the value used in the "is
this a safe division" check is the same as the divisor.
Also, remove redundant cast of the numerator to u64, as that should happen
implicitly.
This would be difficult to exploit in memcg domain, given the ratio-based
arithmetic domain_drity_limits() uses, but is much easier in global
writeback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g.
vm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)
Link: https://lkml.kernel.org/r/20240118181954.1415197-1-zokeefe@google.com
Fixes: f6789593d5ce ("mm/page-writeback.c: fix divide by zero in bdi_dirty_limits()")
Signed-off-by: Zach O'Keefe <zokeefe@google.com>
Cc: Maxim Patlasov <MPatlasov@parallels.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/page-writeback.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -1526,7 +1526,7 @@ static inline void wb_dirty_limits(struc
*/
dtc->wb_thresh = __wb_calc_thresh(dtc);
dtc->wb_bg_thresh = dtc->thresh ?
- div_u64((u64)dtc->wb_thresh * dtc->bg_thresh, dtc->thresh) : 0;
+ div64_u64(dtc->wb_thresh * dtc->bg_thresh, dtc->thresh) : 0;
/*
* In order to avoid the stacked BDI deadlock we need
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 038/197] scsi: storvsc: Fix ring buffer size calculation
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (36 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 037/197] mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 039/197] dm-crypt, dm-verity: disable tasklets Greg Kroah-Hartman
` (162 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Michael Kelley, Martin K. Petersen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Kelley <mhklinux@outlook.com>
commit f4469f3858352ad1197434557150b1f7086762a0 upstream.
Current code uses the specified ring buffer size (either the default of 128
Kbytes or a module parameter specified value) to encompass the one page
ring buffer header plus the actual ring itself. When the page size is 4K,
carving off one page for the header isn't significant. But when the page
size is 64K on ARM64, only half of the default 128 Kbytes is left for the
actual ring. While this doesn't break anything, the smaller ring size
could be a performance bottleneck.
Fix this by applying the VMBUS_RING_SIZE macro to the specified ring buffer
size. This macro adds a page for the header, and rounds up the size to a
page boundary, using the page size for which the kernel is built. Use this
new size for subsequent ring buffer calculations. For example, on ARM64
with 64K page size and the default ring size, this results in the actual
ring being 128 Kbytes, which is intended.
Cc: stable@vger.kernel.org # 5.15.x
Signed-off-by: Michael Kelley <mhklinux@outlook.com>
Link: https://lore.kernel.org/r/20240122170956.496436-1-mhklinux@outlook.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/storvsc_drv.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
--- a/drivers/scsi/storvsc_drv.c
+++ b/drivers/scsi/storvsc_drv.c
@@ -326,6 +326,7 @@ enum storvsc_request_type {
*/
static int storvsc_ringbuffer_size = (128 * 1024);
+static int aligned_ringbuffer_size;
static u32 max_outstanding_req_per_channel;
static int storvsc_change_queue_depth(struct scsi_device *sdev, int queue_depth);
@@ -683,8 +684,8 @@ static void handle_sc_creation(struct vm
new_sc->next_request_id_callback = storvsc_next_request_id;
ret = vmbus_open(new_sc,
- storvsc_ringbuffer_size,
- storvsc_ringbuffer_size,
+ aligned_ringbuffer_size,
+ aligned_ringbuffer_size,
(void *)&props,
sizeof(struct vmstorage_channel_properties),
storvsc_on_channel_callback, new_sc);
@@ -1964,7 +1965,7 @@ static int storvsc_probe(struct hv_devic
dma_set_min_align_mask(&device->device, HV_HYP_PAGE_SIZE - 1);
stor_device->port_number = host->host_no;
- ret = storvsc_connect_to_vsp(device, storvsc_ringbuffer_size, is_fc);
+ ret = storvsc_connect_to_vsp(device, aligned_ringbuffer_size, is_fc);
if (ret)
goto err_out1;
@@ -2157,7 +2158,7 @@ static int storvsc_resume(struct hv_devi
{
int ret;
- ret = storvsc_connect_to_vsp(hv_dev, storvsc_ringbuffer_size,
+ ret = storvsc_connect_to_vsp(hv_dev, aligned_ringbuffer_size,
hv_dev_is_fc(hv_dev));
return ret;
}
@@ -2191,8 +2192,9 @@ static int __init storvsc_drv_init(void)
* the ring buffer indices) by the max request size (which is
* vmbus_channel_packet_multipage_buffer + struct vstor_packet + u64)
*/
+ aligned_ringbuffer_size = VMBUS_RING_SIZE(storvsc_ringbuffer_size);
max_outstanding_req_per_channel =
- ((storvsc_ringbuffer_size - PAGE_SIZE) /
+ ((aligned_ringbuffer_size - PAGE_SIZE) /
ALIGN(MAX_MULTIPAGE_BUFFER_PACKET +
sizeof(struct vstor_packet) + sizeof(u64),
sizeof(u64)));
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 039/197] dm-crypt, dm-verity: disable tasklets
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (37 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 038/197] scsi: storvsc: Fix ring buffer size calculation Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 040/197] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Greg Kroah-Hartman
` (161 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mikulas Patocka, Mike Snitzer
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mikulas Patocka <mpatocka@redhat.com>
commit 0a9bab391e336489169b95cb0d4553d921302189 upstream.
Tasklets have an inherent problem with memory corruption. The function
tasklet_action_common calls tasklet_trylock, then it calls the tasklet
callback and then it calls tasklet_unlock. If the tasklet callback frees
the structure that contains the tasklet or if it calls some code that may
free it, tasklet_unlock will write into free memory.
The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but
it is not a sufficient fix and the data corruption can still happen [1].
There is no fix for dm-verity and dm-verity will write into free memory
with every tasklet-processed bio.
There will be atomic workqueues implemented in the kernel 6.9 [2]. They
will have better interface and they will not suffer from the memory
corruption problem.
But we need something that stops the memory corruption now and that can be
backported to the stable kernels. So, I'm proposing this commit that
disables tasklets in both dm-crypt and dm-verity. This commit doesn't
remove the tasklet support, because the tasklet code will be reused when
atomic workqueues will be implemented.
[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/
[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 39d42fa96ba1b ("dm crypt: add flags to optionally bypass kcryptd workqueues")
Fixes: 5721d4e5a9cdb ("dm verity: Add optional "try_verify_in_tasklet" feature")
Signed-off-by: Mike Snitzer <snitzer@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/md/dm-crypt.c | 37 ++-----------------------------------
drivers/md/dm-verity-target.c | 26 ++------------------------
drivers/md/dm-verity.h | 1 -
3 files changed, 4 insertions(+), 60 deletions(-)
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -72,10 +72,8 @@ struct dm_crypt_io {
struct bio *base_bio;
u8 *integrity_metadata;
bool integrity_metadata_from_pool:1;
- bool in_tasklet:1;
struct work_struct work;
- struct tasklet_struct tasklet;
struct convert_context ctx;
@@ -1729,7 +1727,6 @@ static void crypt_io_init(struct dm_cryp
io->ctx.r.req = NULL;
io->integrity_metadata = NULL;
io->integrity_metadata_from_pool = false;
- io->in_tasklet = false;
atomic_set(&io->io_pending, 0);
}
@@ -1738,12 +1735,6 @@ static void crypt_inc_pending(struct dm_
atomic_inc(&io->io_pending);
}
-static void kcryptd_io_bio_endio(struct work_struct *work)
-{
- struct dm_crypt_io *io = container_of(work, struct dm_crypt_io, work);
- bio_endio(io->base_bio);
-}
-
/*
* One of the bios was finished. Check for completion of
* the whole request and correctly clean up the buffer.
@@ -1767,20 +1758,6 @@ static void crypt_dec_pending(struct dm_
base_bio->bi_status = error;
- /*
- * If we are running this function from our tasklet,
- * we can't call bio_endio() here, because it will call
- * clone_endio() from dm.c, which in turn will
- * free the current struct dm_crypt_io structure with
- * our tasklet. In this case we need to delay bio_endio()
- * execution to after the tasklet is done and dequeued.
- */
- if (io->in_tasklet) {
- INIT_WORK(&io->work, kcryptd_io_bio_endio);
- queue_work(cc->io_queue, &io->work);
- return;
- }
-
bio_endio(base_bio);
}
@@ -2213,11 +2190,6 @@ static void kcryptd_crypt(struct work_st
kcryptd_crypt_write_convert(io);
}
-static void kcryptd_crypt_tasklet(unsigned long work)
-{
- kcryptd_crypt((struct work_struct *)work);
-}
-
static void kcryptd_queue_crypt(struct dm_crypt_io *io)
{
struct crypt_config *cc = io->cc;
@@ -2229,15 +2201,10 @@ static void kcryptd_queue_crypt(struct d
* irqs_disabled(): the kernel may run some IO completion from the idle thread, but
* it is being executed with irqs disabled.
*/
- if (in_hardirq() || irqs_disabled()) {
- io->in_tasklet = true;
- tasklet_init(&io->tasklet, kcryptd_crypt_tasklet, (unsigned long)&io->work);
- tasklet_schedule(&io->tasklet);
+ if (!(in_hardirq() || irqs_disabled())) {
+ kcryptd_crypt(&io->work);
return;
}
-
- kcryptd_crypt(&io->work);
- return;
}
INIT_WORK(&io->work, kcryptd_crypt);
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -634,23 +634,6 @@ static void verity_work(struct work_stru
verity_finish_io(io, errno_to_blk_status(verity_verify_io(io)));
}
-static void verity_tasklet(unsigned long data)
-{
- struct dm_verity_io *io = (struct dm_verity_io *)data;
- int err;
-
- io->in_tasklet = true;
- err = verity_verify_io(io);
- if (err == -EAGAIN || err == -ENOMEM) {
- /* fallback to retrying with work-queue */
- INIT_WORK(&io->work, verity_work);
- queue_work(io->v->verify_wq, &io->work);
- return;
- }
-
- verity_finish_io(io, errno_to_blk_status(err));
-}
-
static void verity_end_io(struct bio *bio)
{
struct dm_verity_io *io = bio->bi_private;
@@ -663,13 +646,8 @@ static void verity_end_io(struct bio *bi
return;
}
- if (static_branch_unlikely(&use_tasklet_enabled) && io->v->use_tasklet) {
- tasklet_init(&io->tasklet, verity_tasklet, (unsigned long)io);
- tasklet_schedule(&io->tasklet);
- } else {
- INIT_WORK(&io->work, verity_work);
- queue_work(io->v->verify_wq, &io->work);
- }
+ INIT_WORK(&io->work, verity_work);
+ queue_work(io->v->verify_wq, &io->work);
}
/*
--- a/drivers/md/dm-verity.h
+++ b/drivers/md/dm-verity.h
@@ -83,7 +83,6 @@ struct dm_verity_io {
struct bvec_iter iter;
struct work_struct work;
- struct tasklet_struct tasklet;
/*
* Three variably-size fields follow this struct:
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 040/197] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (38 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 039/197] dm-crypt, dm-verity: disable tasklets Greg Kroah-Hartman
@ 2024-02-20 20:49 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 041/197] parisc: Prevent hung tasks when printing inventory on serial console Greg Kroah-Hartman
` (160 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:49 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Techno Mooney, Bagas Sanjaya,
Mark Brown
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Techno Mooney <techno.mooney@gmail.com>
commit c6dce23ec993f7da7790a9eadb36864ceb60e942 upstream.
The laptop requires a quirk ID to enable its internal microphone. Add
it to the DMI quirk table.
Reported-by: Techno Mooney <techno.mooney@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218402
Cc: stable@vger.kernel.org
Signed-off-by: Techno Mooney <techno.mooney@gmail.com>
Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>
Link: https://msgid.link/r/20240129081148.1044891-1-bagasdotme@gmail.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -300,6 +300,13 @@ static const struct dmi_system_id yc_acp
{
.driver_data = &acp6x_card,
.matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "Micro-Star International Co., Ltd."),
+ DMI_MATCH(DMI_PRODUCT_NAME, "Bravo 15 C7VF"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "Razer"),
DMI_MATCH(DMI_PRODUCT_NAME, "Blade 14 (2022) - RZ09-0427"),
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 041/197] parisc: Prevent hung tasks when printing inventory on serial console
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (39 preceding siblings ...)
2024-02-20 20:49 ` [PATCH 6.1 040/197] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 042/197] ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Greg Kroah-Hartman
` (159 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit c8708d758e715c3824a73bf0cda97292b52be44d upstream.
Printing the inventory on a serial console can be quite slow and thus may
trigger the hung task detector (CONFIG_DETECT_HUNG_TASK=y) and possibly
reboot the machine. Adding a cond_resched() prevents this.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org> # v6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/parisc/kernel/drivers.c | 3 +++
1 file changed, 3 insertions(+)
--- a/arch/parisc/kernel/drivers.c
+++ b/arch/parisc/kernel/drivers.c
@@ -1003,6 +1003,9 @@ static __init int qemu_print_iodc_data(s
pr_info("\n");
+ /* Prevent hung task messages when printing on serial console */
+ cond_resched();
+
pr_info("#define HPA_%08lx_DESCRIPTION \"%s\"\n",
hpa, parisc_hardware_description(&dev->id));
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 042/197] ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (40 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 041/197] parisc: Prevent hung tasks when printing inventory on serial console Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 043/197] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx Greg Kroah-Hartman
` (158 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, David Senoner, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Senoner <seda18@rolmail.net>
commit efb56d84dd9c3de3c99fc396abb57c6d330038b5 upstream.
If you connect an external headset/microphone to the 3.5mm jack on the
Acer Swift 1 SF114-32 it does not recognize the microphone. This fixes
that and gives the user the ability to choose between internal and
headset mic.
Signed-off-by: David Senoner <seda18@rolmail.net>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240126155626.2304465-1-seda18@rolmail.net
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9431,6 +9431,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1025, 0x1247, "Acer vCopperbox", ALC269VC_FIXUP_ACER_VCOPPERBOX_PINS),
SND_PCI_QUIRK(0x1025, 0x1248, "Acer Veriton N4660G", ALC269VC_FIXUP_ACER_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1025, 0x1269, "Acer SWIFT SF314-54", ALC256_FIXUP_ACER_HEADSET_MIC),
+ SND_PCI_QUIRK(0x1025, 0x126a, "Acer Swift SF114-32", ALC256_FIXUP_ACER_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1025, 0x128f, "Acer Veriton Z6860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
SND_PCI_QUIRK(0x1025, 0x1290, "Acer Veriton Z4860G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
SND_PCI_QUIRK(0x1025, 0x1291, "Acer Veriton Z4660G", ALC286_FIXUP_ACER_AIO_HEADSET_MIC),
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 043/197] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (41 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 042/197] ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 044/197] HID: i2c-hid-of: fix NULL-deref on failed power up Greg Kroah-Hartman
` (157 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Luka Guzenko, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Luka Guzenko <l.guzenko@web.de>
commit f0d78972f27dc1d1d51fbace2713ad3cdc60a877 upstream.
This HP Laptop uses ALC236 codec with COEF 0x07 controlling the
mute LED. Enable existing quirk for this device.
Signed-off-by: Luka Guzenko <l.guzenko@web.de>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240128155704.2333812-1-l.guzenko@web.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9618,6 +9618,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8786, "HP OMEN 15", ALC285_FIXUP_HP_MUTE_LED),
SND_PCI_QUIRK(0x103c, 0x8787, "HP OMEN 15", ALC285_FIXUP_HP_MUTE_LED),
SND_PCI_QUIRK(0x103c, 0x8788, "HP OMEN 15", ALC285_FIXUP_HP_MUTE_LED),
+ SND_PCI_QUIRK(0x103c, 0x87b7, "HP Laptop 14-fq0xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
SND_PCI_QUIRK(0x103c, 0x87c8, "HP", ALC287_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x87e5, "HP ProBook 440 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x87e7, "HP ProBook 450 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED),
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 044/197] HID: i2c-hid-of: fix NULL-deref on failed power up
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (42 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 043/197] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 045/197] HID: wacom: generic: Avoid reporting a serial of 0 to userspace Greg Kroah-Hartman
` (156 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Douglas Anderson, Johan Hovold,
Jiri Kosina
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan+linaro@kernel.org>
commit 00aab7dcb2267f2aef59447602f34501efe1a07f upstream.
A while back the I2C HID implementation was split in an ACPI and OF
part, but the new OF driver never initialises the client pointer which
is dereferenced on power-up failures.
Fixes: b33752c30023 ("HID: i2c-hid: Reorganize so ACPI and OF are separate modules")
Cc: stable@vger.kernel.org # 5.12
Cc: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/i2c-hid/i2c-hid-of.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/hid/i2c-hid/i2c-hid-of.c
+++ b/drivers/hid/i2c-hid/i2c-hid-of.c
@@ -80,6 +80,7 @@ static int i2c_hid_of_probe(struct i2c_c
if (!ihid_of)
return -ENOMEM;
+ ihid_of->client = client;
ihid_of->ops.power_up = i2c_hid_of_power_up;
ihid_of->ops.power_down = i2c_hid_of_power_down;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 045/197] HID: wacom: generic: Avoid reporting a serial of 0 to userspace
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (43 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 044/197] HID: i2c-hid-of: fix NULL-deref on failed power up Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 046/197] HID: wacom: Do not register input devices until after hid_hw_start Greg Kroah-Hartman
` (155 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jason Gerecke, Tatsunosuke Tobita,
Jiri Kosina
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
commit ab41a31dd5e2681803642b6d08590b61867840ec upstream.
The xf86-input-wacom driver does not treat '0' as a valid serial
number and will drop any input report which contains an
MSC_SERIAL = 0 event. The kernel driver already takes care to
avoid sending any MSC_SERIAL event if the value of serial[0] == 0
(which is the case for devices that don't actually report a
serial number), but this is not quite sufficient.
Only the lower 32 bits of the serial get reported to userspace,
so if this portion of the serial is zero then there can still
be problems.
This commit allows the driver to report either the lower 32 bits
if they are non-zero or the upper 32 bits otherwise.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Tatsunosuke Tobita <tatsunosuke.tobita@wacom.com>
Fixes: f85c9dc678a5 ("HID: wacom: generic: Support tool ID and additional tool types")
CC: stable@vger.kernel.org # v4.10
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_wac.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/hid/wacom_wac.c
+++ b/drivers/hid/wacom_wac.c
@@ -2571,7 +2571,14 @@ static void wacom_wac_pen_report(struct
wacom_wac->hid_data.tipswitch);
input_report_key(input, wacom_wac->tool[0], sense);
if (wacom_wac->serial[0]) {
- input_event(input, EV_MSC, MSC_SERIAL, wacom_wac->serial[0]);
+ /*
+ * xf86-input-wacom does not accept a serial number
+ * of '0'. Report the low 32 bits if possible, but
+ * if they are zero, report the upper ones instead.
+ */
+ __u32 serial_lo = wacom_wac->serial[0] & 0xFFFFFFFFu;
+ __u32 serial_hi = wacom_wac->serial[0] >> 32;
+ input_event(input, EV_MSC, MSC_SERIAL, (int)(serial_lo ? serial_lo : serial_hi));
input_report_abs(input, ABS_MISC, sense ? id : 0);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 046/197] HID: wacom: Do not register input devices until after hid_hw_start
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (44 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 045/197] HID: wacom: generic: Avoid reporting a serial of 0 to userspace Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 047/197] iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Greg Kroah-Hartman
` (154 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dmitry Torokhov, Jason Gerecke,
Jiri Kosina
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jason Gerecke <killertofu@gmail.com>
commit c1d6708bf0d3dd976460d435373cf5abf21ce258 upstream.
If a input device is opened before hid_hw_start is called, events may
not be received from the hardware. In the case of USB-backed devices,
for example, the hid_hw_start function is responsible for filling in
the URB which is submitted when the input device is opened. If a device
is opened prematurely, polling will never start because the device will
not have been in the correct state to send the URB.
Because the wacom driver registers its input devices before calling
hid_hw_start, there is a window of time where a device can be opened
and end up in an inoperable state. Some ARM-based Chromebooks in particular
reliably trigger this bug.
This commit splits the wacom_register_inputs function into two pieces.
One which is responsible for setting up the allocated inputs (and runs
prior to hid_hw_start so that devices are ready for any input events
they may end up receiving) and another which only registers the devices
(and runs after hid_hw_start to ensure devices can be immediately opened
without issue). Note that the functions to initialize the LEDs and remotes
are also moved after hid_hw_start to maintain their own dependency chains.
Fixes: 7704ac937345 ("HID: wacom: implement generic HID handling for pen generic devices")
Cc: stable@vger.kernel.org # v3.18+
Suggested-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Tested-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/hid/wacom_sys.c | 63 ++++++++++++++++++++++++++++++++----------------
1 file changed, 43 insertions(+), 20 deletions(-)
--- a/drivers/hid/wacom_sys.c
+++ b/drivers/hid/wacom_sys.c
@@ -2080,7 +2080,7 @@ static int wacom_allocate_inputs(struct
return 0;
}
-static int wacom_register_inputs(struct wacom *wacom)
+static int wacom_setup_inputs(struct wacom *wacom)
{
struct input_dev *pen_input_dev, *touch_input_dev, *pad_input_dev;
struct wacom_wac *wacom_wac = &(wacom->wacom_wac);
@@ -2099,10 +2099,6 @@ static int wacom_register_inputs(struct
input_free_device(pen_input_dev);
wacom_wac->pen_input = NULL;
pen_input_dev = NULL;
- } else {
- error = input_register_device(pen_input_dev);
- if (error)
- goto fail;
}
error = wacom_setup_touch_input_capabilities(touch_input_dev, wacom_wac);
@@ -2111,10 +2107,6 @@ static int wacom_register_inputs(struct
input_free_device(touch_input_dev);
wacom_wac->touch_input = NULL;
touch_input_dev = NULL;
- } else {
- error = input_register_device(touch_input_dev);
- if (error)
- goto fail;
}
error = wacom_setup_pad_input_capabilities(pad_input_dev, wacom_wac);
@@ -2123,7 +2115,34 @@ static int wacom_register_inputs(struct
input_free_device(pad_input_dev);
wacom_wac->pad_input = NULL;
pad_input_dev = NULL;
- } else {
+ }
+
+ return 0;
+}
+
+static int wacom_register_inputs(struct wacom *wacom)
+{
+ struct input_dev *pen_input_dev, *touch_input_dev, *pad_input_dev;
+ struct wacom_wac *wacom_wac = &(wacom->wacom_wac);
+ int error = 0;
+
+ pen_input_dev = wacom_wac->pen_input;
+ touch_input_dev = wacom_wac->touch_input;
+ pad_input_dev = wacom_wac->pad_input;
+
+ if (pen_input_dev) {
+ error = input_register_device(pen_input_dev);
+ if (error)
+ goto fail;
+ }
+
+ if (touch_input_dev) {
+ error = input_register_device(touch_input_dev);
+ if (error)
+ goto fail;
+ }
+
+ if (pad_input_dev) {
error = input_register_device(pad_input_dev);
if (error)
goto fail;
@@ -2379,6 +2398,20 @@ static int wacom_parse_and_register(stru
goto fail;
}
+ error = wacom_setup_inputs(wacom);
+ if (error)
+ goto fail;
+
+ if (features->type == HID_GENERIC)
+ connect_mask |= HID_CONNECT_DRIVER;
+
+ /* Regular HID work starts now */
+ error = hid_hw_start(hdev, connect_mask);
+ if (error) {
+ hid_err(hdev, "hw start failed\n");
+ goto fail;
+ }
+
error = wacom_register_inputs(wacom);
if (error)
goto fail;
@@ -2393,16 +2426,6 @@ static int wacom_parse_and_register(stru
goto fail;
}
- if (features->type == HID_GENERIC)
- connect_mask |= HID_CONNECT_DRIVER;
-
- /* Regular HID work starts now */
- error = hid_hw_start(hdev, connect_mask);
- if (error) {
- hid_err(hdev, "hw start failed\n");
- goto fail;
- }
-
if (!wireless) {
/* Note that if query fails it is not a hard failure */
wacom_query_tablet_data(wacom);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 047/197] iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (45 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 046/197] HID: wacom: Do not register input devices until after hid_hw_start Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 048/197] usb: ucsi: Add missing ppm_lock Greg Kroah-Hartman
` (153 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Srinivas Pandruvada, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
commit 621c6257128149e45b36ffb973a01c3f3461b893 upstream.
When als_capture_sample() is called with usage ID
HID_USAGE_SENSOR_TIME_TIMESTAMP, return 0. The HID sensor core ignores
the return value for capture_sample() callback, so return value doesn't
make difference. But correct the return value to return success instead
of -EINVAL.
Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Link: https://lore.kernel.org/r/20240204125617.2635574-1-srinivas.pandruvada@linux.intel.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/light/hid-sensor-als.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/iio/light/hid-sensor-als.c
+++ b/drivers/iio/light/hid-sensor-als.c
@@ -228,6 +228,7 @@ static int als_capture_sample(struct hid
case HID_USAGE_SENSOR_TIME_TIMESTAMP:
als_state->timestamp = hid_sensor_convert_timestamp(&als_state->common_attributes,
*(s64 *)raw_data);
+ ret = 0;
break;
default:
break;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 048/197] usb: ucsi: Add missing ppm_lock
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (46 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 047/197] iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 049/197] usb: ulpi: Fix debugfs directory leak Greg Kroah-Hartman
` (152 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt,
Heikki Krogerus
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit c9aed03a0a683fd1600ea92f2ad32232d4736272 upstream.
Calling ->sync_write must be done while holding the PPM lock as
the mailbox logic does not support concurrent commands.
At least since the addition of partner task this means that
ucsi_acknowledge_connector_change should be called with the
PPM lock held as it calls ->sync_write.
Thus protect the only call to ucsi_acknowledge_connector_change
with the PPM. All other calls to ->sync_write already happen
under the PPM lock.
Fixes: b9aa02ca39a4 ("usb: typec: ucsi: Add polling mechanism for partner tasks like alt mode checking")
Cc: stable@vger.kernel.org
Signed-off-by: "Christian A. Ehrhardt" <lk@c--e.de>
Reviewed-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240121204123.275441-2-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/usb/typec/ucsi/ucsi.c
+++ b/drivers/usb/typec/ucsi/ucsi.c
@@ -831,7 +831,9 @@ static void ucsi_handle_connector_change
clear_bit(EVENT_PENDING, &con->ucsi->flags);
+ mutex_lock(&ucsi->ppm_lock);
ret = ucsi_acknowledge_connector_change(ucsi);
+ mutex_unlock(&ucsi->ppm_lock);
if (ret)
dev_err(ucsi->dev, "%s: ACK failed (%d)", __func__, ret);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 049/197] usb: ulpi: Fix debugfs directory leak
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (47 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 048/197] usb: ucsi: Add missing ppm_lock Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 050/197] usb: ucsi_acpi: Fix command completion handling Greg Kroah-Hartman
` (151 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sean Anderson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Anderson <sean.anderson@seco.com>
commit 3caf2b2ad7334ef35f55b95f3e1b138c6f77b368 upstream.
The ULPI per-device debugfs root is named after the ulpi device's
parent, but ulpi_unregister_interface tries to remove a debugfs
directory named after the ulpi device itself. This results in the
directory sticking around and preventing subsequent (deferred) probes
from succeeding. Change the directory name to match the ulpi device.
Fixes: bd0a0a024f2a ("usb: ulpi: Add debugfs support")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Link: https://lore.kernel.org/r/20240126223800.2864613-1-sean.anderson@seco.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/common/ulpi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/common/ulpi.c
+++ b/drivers/usb/common/ulpi.c
@@ -301,7 +301,7 @@ static int ulpi_register(struct device *
return ret;
}
- root = debugfs_create_dir(dev_name(dev), ulpi_root);
+ root = debugfs_create_dir(dev_name(&ulpi->dev), ulpi_root);
debugfs_create_file("regs", 0444, root, ulpi, &ulpi_regs_fops);
dev_dbg(&ulpi->dev, "registered ULPI PHY: vendor %04x, product %04x\n",
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 050/197] usb: ucsi_acpi: Fix command completion handling
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (48 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 049/197] usb: ulpi: Fix debugfs directory leak Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 051/197] USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Greg Kroah-Hartman
` (150 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Christian A. Ehrhardt,
Heikki Krogerus
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian A. Ehrhardt <lk@c--e.de>
commit 2840143e393a4ddc1caab4372969ea337371168c upstream.
In case of a spurious or otherwise delayed notification it is
possible that CCI still reports the previous completion. The
UCSI spec is aware of this and provides two completion bits in
CCI, one for normal commands and one for acks. As acks and commands
alternate the notification handler can determine if the completion
bit is from the current command.
The initial UCSI code correctly handled this but the distinction
between the two completion bits was lost with the introduction of
the new API.
To fix this revive the ACK_PENDING bit for ucsi_acpi and only complete
commands if the completion bit matches.
Fixes: f56de278e8ec ("usb: typec: ucsi: acpi: Move to the new API")
Cc: stable@vger.kernel.org
Signed-off-by: "Christian A. Ehrhardt" <lk@c--e.de>
Acked-by: Heikki Krogerus <heikki.krogerus@linux.intel.com>
Link: https://lore.kernel.org/r/20240121204123.275441-3-lk@c--e.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/typec/ucsi/ucsi_acpi.c | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
--- a/drivers/usb/typec/ucsi/ucsi_acpi.c
+++ b/drivers/usb/typec/ucsi/ucsi_acpi.c
@@ -73,9 +73,13 @@ static int ucsi_acpi_sync_write(struct u
const void *val, size_t val_len)
{
struct ucsi_acpi *ua = ucsi_get_drvdata(ucsi);
+ bool ack = UCSI_COMMAND(*(u64 *)val) == UCSI_ACK_CC_CI;
int ret;
- set_bit(COMMAND_PENDING, &ua->flags);
+ if (ack)
+ set_bit(ACK_PENDING, &ua->flags);
+ else
+ set_bit(COMMAND_PENDING, &ua->flags);
ret = ucsi_acpi_async_write(ucsi, offset, val, val_len);
if (ret)
@@ -85,7 +89,10 @@ static int ucsi_acpi_sync_write(struct u
ret = -ETIMEDOUT;
out_clear_bit:
- clear_bit(COMMAND_PENDING, &ua->flags);
+ if (ack)
+ clear_bit(ACK_PENDING, &ua->flags);
+ else
+ clear_bit(COMMAND_PENDING, &ua->flags);
return ret;
}
@@ -142,8 +149,10 @@ static void ucsi_acpi_notify(acpi_handle
if (UCSI_CCI_CONNECTOR(cci))
ucsi_connector_change(ua->ucsi, UCSI_CCI_CONNECTOR(cci));
- if (test_bit(COMMAND_PENDING, &ua->flags) &&
- cci & (UCSI_CCI_ACK_COMPLETE | UCSI_CCI_COMMAND_COMPLETE))
+ if (cci & UCSI_CCI_ACK_COMPLETE && test_bit(ACK_PENDING, &ua->flags))
+ complete(&ua->complete);
+ if (cci & UCSI_CCI_COMMAND_COMPLETE &&
+ test_bit(COMMAND_PENDING, &ua->flags))
complete(&ua->complete);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 051/197] USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (49 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 050/197] usb: ucsi_acpi: Fix command completion handling Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 052/197] usb: f_mass_storage: forbid async queue when shutdown happen Greg Kroah-Hartman
` (149 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Oliver Neukum, stable
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Neukum <oneukum@suse.com>
commit f17c34ffc792bbb520e4b61baa16b6cfc7d44b13 upstream.
The OTG 1.3 spec has the feature A_ALT_HNP_SUPPORT, which tells
a device that it is connected to the wrong port. Some devices
refuse to operate if you enable that feature, because it indicates
to them that they ought to request to be connected to another port.
According to the spec this feature may be used based only the following
three conditions:
6.5.3 a_alt_hnp_support
Setting this feature indicates to the B-device that it is connected to
an A-device port that is not capable of HNP, but that the A-device does
have an alternate port that is capable of HNP.
The A-device is required to set this feature under the following conditions:
• the A-device has multiple receptacles
• the A-device port that connects to the B-device does not support HNP
• the A-device has another port that does support HNP
A check for the third and first condition is missing. Add it.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@kernel.org>
Fixes: 7d2d641c44269 ("usb: otg: don't set a_alt_hnp_support feature for OTG 2.0 device")
Link: https://lore.kernel.org/r/20240122153545.12284-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/core/hub.c | 30 +++++++++++++++++++-----------
1 file changed, 19 insertions(+), 11 deletions(-)
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -2389,17 +2389,25 @@ static int usb_enumerate_device_otg(stru
}
} else if (desc->bLength == sizeof
(struct usb_otg_descriptor)) {
- /* Set a_alt_hnp_support for legacy otg device */
- err = usb_control_msg(udev,
- usb_sndctrlpipe(udev, 0),
- USB_REQ_SET_FEATURE, 0,
- USB_DEVICE_A_ALT_HNP_SUPPORT,
- 0, NULL, 0,
- USB_CTRL_SET_TIMEOUT);
- if (err < 0)
- dev_err(&udev->dev,
- "set a_alt_hnp_support failed: %d\n",
- err);
+ /*
+ * We are operating on a legacy OTP device
+ * These should be told that they are operating
+ * on the wrong port if we have another port that does
+ * support HNP
+ */
+ if (bus->otg_port != 0) {
+ /* Set a_alt_hnp_support for legacy otg device */
+ err = usb_control_msg(udev,
+ usb_sndctrlpipe(udev, 0),
+ USB_REQ_SET_FEATURE, 0,
+ USB_DEVICE_A_ALT_HNP_SUPPORT,
+ 0, NULL, 0,
+ USB_CTRL_SET_TIMEOUT);
+ if (err < 0)
+ dev_err(&udev->dev,
+ "set a_alt_hnp_support failed: %d\n",
+ err);
+ }
}
}
#endif
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 052/197] usb: f_mass_storage: forbid async queue when shutdown happen
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (50 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 051/197] USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 053/197] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Greg Kroah-Hartman
` (148 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, yuan linyu, Alan Stern
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: yuan linyu <yuanlinyu@hihonor.com>
commit b2d2d7ea0dd09802cf5a0545bf54d8ad8987d20c upstream.
When write UDC to empty and unbind gadget driver from gadget device, it is
possible that there are many queue failures for mass storage function.
The root cause is mass storage main thread alaways try to queue request to
receive a command from host if running flag is on, on platform like dwc3,
if pull down called, it will not queue request again and return
-ESHUTDOWN, but it not affect running flag of mass storage function.
Check return code from mass storage function and clear running flag if it
is -ESHUTDOWN, also indicate start in/out transfer failure to break loops.
Cc: stable <stable@kernel.org>
Signed-off-by: yuan linyu <yuanlinyu@hihonor.com>
Reviewed-by: Alan Stern <stern@rowland.harvard.edu>
Link: https://lore.kernel.org/r/20240123034829.3848409-1-yuanlinyu@hihonor.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/gadget/function/f_mass_storage.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
--- a/drivers/usb/gadget/function/f_mass_storage.c
+++ b/drivers/usb/gadget/function/f_mass_storage.c
@@ -544,21 +544,37 @@ static int start_transfer(struct fsg_dev
static bool start_in_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
{
+ int rc;
+
if (!fsg_is_set(common))
return false;
bh->state = BUF_STATE_SENDING;
- if (start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq))
+ rc = start_transfer(common->fsg, common->fsg->bulk_in, bh->inreq);
+ if (rc) {
bh->state = BUF_STATE_EMPTY;
+ if (rc == -ESHUTDOWN) {
+ common->running = 0;
+ return false;
+ }
+ }
return true;
}
static bool start_out_transfer(struct fsg_common *common, struct fsg_buffhd *bh)
{
+ int rc;
+
if (!fsg_is_set(common))
return false;
bh->state = BUF_STATE_RECEIVING;
- if (start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq))
+ rc = start_transfer(common->fsg, common->fsg->bulk_out, bh->outreq);
+ if (rc) {
bh->state = BUF_STATE_FULL;
+ if (rc == -ESHUTDOWN) {
+ common->running = 0;
+ return false;
+ }
+ }
return true;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 053/197] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (51 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 052/197] usb: f_mass_storage: forbid async queue when shutdown happen Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 054/197] interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Greg Kroah-Hartman
` (147 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Thinh Nguyen, Uttkarsh Aggarwal
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
commit 61a348857e869432e6a920ad8ea9132e8d44c316 upstream.
In current scenario if Plug-out and Plug-In performed continuously
there could be a chance while checking for dwc->gadget_driver in
dwc3_gadget_suspend, a NULL pointer dereference may occur.
Call Stack:
CPU1: CPU2:
gadget_unbind_driver dwc3_suspend_common
dwc3_gadget_stop dwc3_gadget_suspend
dwc3_disconnect_gadget
CPU1 basically clears the variable and CPU2 checks the variable.
Consider CPU1 is running and right before gadget_driver is cleared
and in parallel CPU2 executes dwc3_gadget_suspend where it finds
dwc->gadget_driver which is not NULL and resumes execution and then
CPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where
it checks dwc->gadget_driver is already NULL because of which the
NULL pointer deference occur.
Cc: stable@vger.kernel.org
Fixes: 9772b47a4c29 ("usb: dwc3: gadget: Fix suspend/resume during device mode")
Acked-by: Thinh Nguyen <Thinh.Nguyen@synopsys.com>
Signed-off-by: Uttkarsh Aggarwal <quic_uaggarwa@quicinc.com>
Link: https://lore.kernel.org/r/20240119094825.26530-1-quic_uaggarwa@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/usb/dwc3/gadget.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -4583,15 +4583,13 @@ int dwc3_gadget_suspend(struct dwc3 *dwc
unsigned long flags;
int ret;
- if (!dwc->gadget_driver)
- return 0;
-
ret = dwc3_gadget_soft_disconnect(dwc);
if (ret)
goto err;
spin_lock_irqsave(&dwc->lock, flags);
- dwc3_disconnect_gadget(dwc);
+ if (dwc->gadget_driver)
+ dwc3_disconnect_gadget(dwc);
spin_unlock_irqrestore(&dwc->lock, flags);
return 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 054/197] interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (52 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 053/197] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 055/197] media: ir_toy: fix a memleak in irtoy_tx Greg Kroah-Hartman
` (146 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Georgi Djakov,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@linaro.org>
[ Upstream commit 85e985a4f46e462a37f1875cb74ed380e7c0c2e0 ]
The CO0 BCM needs to be up at all times, otherwise some hardware (like
the UFS controller) loses its connection to the rest of the SoC,
resulting in a hang of the platform, accompanied by a spectacular
logspam.
Mark it as keepalive to prevent such cases.
Fixes: 9c8c6bac1ae8 ("interconnect: qcom: Add SC8180x providers")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20231214-topic-sc8180_fixes-v1-1-421904863006@linaro.org
Signed-off-by: Georgi Djakov <djakov@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/interconnect/qcom/sc8180x.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/interconnect/qcom/sc8180x.c b/drivers/interconnect/qcom/sc8180x.c
index 83461e31774e..d9ee193fb18b 100644
--- a/drivers/interconnect/qcom/sc8180x.c
+++ b/drivers/interconnect/qcom/sc8180x.c
@@ -1387,6 +1387,7 @@ static struct qcom_icc_bcm bcm_mm0 = {
static struct qcom_icc_bcm bcm_co0 = {
.name = "CO0",
+ .keepalive = true,
.num_nodes = 1,
.nodes = { &slv_qns_cdsp_mem_noc }
};
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 055/197] media: ir_toy: fix a memleak in irtoy_tx
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (53 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 054/197] interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 056/197] driver core: fw_devlink: Improve detection of overlapping cycles Greg Kroah-Hartman
` (145 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhipeng Lu, Sean Young,
Mauro Carvalho Chehab, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Zhipeng Lu <alexious@zju.edu.cn>
[ Upstream commit dc9ceb90c4b42c6e5c6757df1d6257110433788e ]
When irtoy_command fails, buf should be freed since it is allocated by
irtoy_tx, or there is a memleak.
Fixes: 4114978dcd24 ("media: ir_toy: prevent device from hanging during transmit")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/media/rc/ir_toy.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/rc/ir_toy.c b/drivers/media/rc/ir_toy.c
index 196806709259..69e630d85262 100644
--- a/drivers/media/rc/ir_toy.c
+++ b/drivers/media/rc/ir_toy.c
@@ -332,6 +332,7 @@ static int irtoy_tx(struct rc_dev *rc, uint *txbuf, uint count)
sizeof(COMMAND_SMODE_EXIT), STATE_COMMAND_NO_RESP);
if (err) {
dev_err(irtoy->dev, "exit sample mode: %d\n", err);
+ kfree(buf);
return err;
}
@@ -339,6 +340,7 @@ static int irtoy_tx(struct rc_dev *rc, uint *txbuf, uint count)
sizeof(COMMAND_SMODE_ENTER), STATE_COMMAND);
if (err) {
dev_err(irtoy->dev, "enter sample mode: %d\n", err);
+ kfree(buf);
return err;
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 056/197] driver core: fw_devlink: Improve detection of overlapping cycles
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (54 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 055/197] media: ir_toy: fix a memleak in irtoy_tx Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 057/197] powerpc/6xx: set High BAT Enable flag on G2_LE cores Greg Kroah-Hartman
` (144 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Xu Yang, Saravana Kannan,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Saravana Kannan <saravanak@google.com>
[ Upstream commit 6442d79d880cf7a2fff18779265d657fef0cce4c ]
fw_devlink can detect most overlapping/intersecting cycles. However it was
missing a few corner cases because of an incorrect optimization logic that
tries to avoid repeating cycle detection for devices that are already
marked as part of a cycle.
Here's an example provided by Xu Yang (edited for clarity):
usb
+-----+
tcpc | |
+-----+ | +--|
| |----------->|EP|
|--+ | | +--|
|EP|<-----------| |
|--+ | | B |
| | +-----+
| A | |
+-----+ |
^ +-----+ |
| | | |
+-----| C |<--+
| |
+-----+
usb-phy
Node A (tcpc) will be populated as device 1-0050.
Node B (usb) will be populated as device 38100000.usb.
Node C (usb-phy) will be populated as device 381f0040.usb-phy.
The description below uses the notation:
consumer --> supplier
child ==> parent
1. Node C is populated as device C. No cycles detected because cycle
detection is only run when a fwnode link is converted to a device link.
2. Node B is populated as device B. As we convert B --> C into a device
link we run cycle detection and find and mark the device link/fwnode
link cycle:
C--> A --> B.EP ==> B --> C
3. Node A is populated as device A. As we convert C --> A into a device
link, we see it's already part of a cycle (from step 2) and don't run
cycle detection. Thus we miss detecting the cycle:
A --> B.EP ==> B --> A.EP ==> A
Looking at it another way, A depends on B in one way:
A --> B.EP ==> B
But B depends on A in two ways and we only detect the first:
B --> C --> A
B --> A.EP ==> A
To detect both of these, we remove the incorrect optimization attempt in
step 3 and run cycle detection even if the fwnode link from which the
device link is being created has already been marked as part of a cycle.
Reported-by: Xu Yang <xu.yang_2@nxp.com>
Closes: https://lore.kernel.org/lkml/DU2PR04MB8822693748725F85DC0CB86C8C792@DU2PR04MB8822.eurprd04.prod.outlook.com/
Fixes: 3fb16866b51d ("driver core: fw_devlink: Make cycle detection more robust")
Signed-off-by: Saravana Kannan <saravanak@google.com>
Tested-by: Xu Yang <xu.yang_2@nxp.com>
Link: https://lore.kernel.org/r/20240202095636.868578-3-saravanak@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/base/core.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/drivers/base/core.c b/drivers/base/core.c
index 191590055932..3078f44dc186 100644
--- a/drivers/base/core.c
+++ b/drivers/base/core.c
@@ -2056,9 +2056,14 @@ static int fw_devlink_create_devlink(struct device *con,
/*
* SYNC_STATE_ONLY device links don't block probing and supports cycles.
- * So cycle detection isn't necessary and shouldn't be done.
+ * So, one might expect that cycle detection isn't necessary for them.
+ * However, if the device link was marked as SYNC_STATE_ONLY because
+ * it's part of a cycle, then we still need to do cycle detection. This
+ * is because the consumer and supplier might be part of multiple cycles
+ * and we need to detect all those cycles.
*/
- if (!(flags & DL_FLAG_SYNC_STATE_ONLY)) {
+ if (!device_link_flag_is_sync_state_only(flags) ||
+ flags & DL_FLAG_CYCLE) {
device_links_write_lock();
if (__fw_devlink_relax_cycles(con, sup_handle)) {
__fwnode_link_cycle(link);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 057/197] powerpc/6xx: set High BAT Enable flag on G2_LE cores
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (55 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 056/197] driver core: fw_devlink: Improve detection of overlapping cycles Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 058/197] powerpc/kasan: Fix addr error caused by page alignment Greg Kroah-Hartman
` (143 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Matthias Schiffer, Christophe Leroy,
Michael Ellerman, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
[ Upstream commit a038a3ff8c6582404834852c043dadc73a5b68b4 ]
MMU_FTR_USE_HIGH_BATS is set for G2_LE cores and derivatives like e300cX,
but the high BATs need to be enabled in HID2 to work. Add register
definitions and add the needed setup to __setup_cpu_603.
This fixes boot on CPUs like the MPC5200B with STRICT_KERNEL_RWX enabled
on systems where the flag has not been set by the bootloader already.
Fixes: e4d6654ebe6e ("powerpc/mm/32s: rework mmu_mapin_ram()")
Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240124103838.43675-1-matthias.schiffer@ew.tq-group.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/reg.h | 2 ++
arch/powerpc/kernel/cpu_setup_6xx.S | 20 +++++++++++++++++++-
2 files changed, 21 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
index 8fda87af2fa5..6c0ab745f0c8 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -608,6 +608,8 @@
#endif
#define SPRN_HID2 0x3F8 /* Hardware Implementation Register 2 */
#define SPRN_HID2_GEKKO 0x398 /* Gekko HID2 Register */
+#define SPRN_HID2_G2_LE 0x3F3 /* G2_LE HID2 Register */
+#define HID2_G2_LE_HBE (1<<18) /* High BAT Enable (G2_LE) */
#define SPRN_IABR 0x3F2 /* Instruction Address Breakpoint Register */
#define SPRN_IABR2 0x3FA /* 83xx */
#define SPRN_IBCR 0x135 /* 83xx Insn Breakpoint Control Reg */
diff --git a/arch/powerpc/kernel/cpu_setup_6xx.S b/arch/powerpc/kernel/cpu_setup_6xx.S
index f8b5ff64b604..6cbad50c71f6 100644
--- a/arch/powerpc/kernel/cpu_setup_6xx.S
+++ b/arch/powerpc/kernel/cpu_setup_6xx.S
@@ -24,6 +24,15 @@ BEGIN_FTR_SECTION
bl __init_fpu_registers
END_FTR_SECTION_IFCLR(CPU_FTR_FPU_UNAVAILABLE)
bl setup_common_caches
+
+ /*
+ * This assumes that all cores using __setup_cpu_603 with
+ * MMU_FTR_USE_HIGH_BATS are G2_LE compatible
+ */
+BEGIN_MMU_FTR_SECTION
+ bl setup_g2_le_hid2
+END_MMU_FTR_SECTION_IFSET(MMU_FTR_USE_HIGH_BATS)
+
mtlr r5
blr
_GLOBAL(__setup_cpu_604)
@@ -111,6 +120,16 @@ setup_604_hid0:
isync
blr
+/* Enable high BATs for G2_LE and derivatives like e300cX */
+SYM_FUNC_START_LOCAL(setup_g2_le_hid2)
+ mfspr r11,SPRN_HID2_G2_LE
+ oris r11,r11,HID2_G2_LE_HBE@h
+ mtspr SPRN_HID2_G2_LE,r11
+ sync
+ isync
+ blr
+SYM_FUNC_END(setup_g2_le_hid2)
+
/* 7400 <= rev 2.7 and 7410 rev = 1.0 suffer from some
* erratas we work around here.
* Moto MPC710CE.pdf describes them, those are errata
@@ -485,4 +504,3 @@ _GLOBAL(__restore_cpu_setup)
mtcr r7
blr
_ASM_NOKPROBE_SYMBOL(__restore_cpu_setup)
-
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 058/197] powerpc/kasan: Fix addr error caused by page alignment
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (56 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 057/197] powerpc/6xx: set High BAT Enable flag on G2_LE cores Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 059/197] cifs: fix underflow in parse_server_interfaces() Greg Kroah-Hartman
` (142 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiangfeng Xiao, Michael Ellerman,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
[ Upstream commit 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 ]
In kasan_init_region, when k_start is not page aligned, at the begin of
for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then
`va = block + k_cur - k_start` is less than block, the addr va is invalid,
because the memory address space from va to block is not alloced by
memblock_alloc, which will not be reserved by memblock_reserve later, it
will be used by other places.
As a result, memory overwriting occurs.
for example:
int __init __weak kasan_init_region(void *start, size_t size)
{
[...]
/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */
block = memblock_alloc(k_end - k_start, PAGE_SIZE);
[...]
for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {
/* at the begin of for loop
* block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)
* va(dcd96c00) is less than block(dcd97000), va is invalid
*/
void *va = block + k_cur - k_start;
[...]
}
[...]
}
Therefore, page alignment is performed on k_start before
memblock_alloc() to ensure the validity of the VA address.
Fixes: 663c0c9496a6 ("powerpc/kasan: Fix shadow area set up for modules.")
Signed-off-by: Jiangfeng Xiao <xiaojiangfeng@huawei.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/1705974359-43790-1-git-send-email-xiaojiangfeng@huawei.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/mm/kasan/init_32.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/powerpc/mm/kasan/init_32.c b/arch/powerpc/mm/kasan/init_32.c
index a70828a6d935..aa9aa11927b2 100644
--- a/arch/powerpc/mm/kasan/init_32.c
+++ b/arch/powerpc/mm/kasan/init_32.c
@@ -64,6 +64,7 @@ int __init __weak kasan_init_region(void *start, size_t size)
if (ret)
return ret;
+ k_start = k_start & PAGE_MASK;
block = memblock_alloc(k_end - k_start, PAGE_SIZE);
if (!block)
return -ENOMEM;
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 059/197] cifs: fix underflow in parse_server_interfaces()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (57 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 058/197] powerpc/kasan: Fix addr error caused by page alignment Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 060/197] i2c: qcom-geni: Correct I2C TRE sequence Greg Kroah-Hartman
` (141 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dan Carpenter, Shyam Prasad N,
Steve French, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dan Carpenter <dan.carpenter@linaro.org>
[ Upstream commit cffe487026be13eaf37ea28b783d9638ab147204 ]
In this loop, we step through the buffer and after each item we check
if the size_left is greater than the minimum size we need. However,
the problem is that "bytes_left" is type ssize_t while sizeof() is type
size_t. That means that because of type promotion, the comparison is
done as an unsigned and if we have negative bytes left the loop
continues instead of ending.
Fixes: fe856be475f7 ("CIFS: parse and store info on iface queries")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Shyam Prasad N <sprasad@microsoft.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/smb/client/smb2ops.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
index 5a157000bdfe..34d1262004df 100644
--- a/fs/smb/client/smb2ops.c
+++ b/fs/smb/client/smb2ops.c
@@ -613,7 +613,7 @@ parse_server_interfaces(struct network_interface_info_ioctl_rsp *buf,
goto out;
}
- while (bytes_left >= sizeof(*p)) {
+ while (bytes_left >= (ssize_t)sizeof(*p)) {
memset(&tmp_iface, 0, sizeof(tmp_iface));
tmp_iface.speed = le64_to_cpu(p->LinkSpeed);
tmp_iface.rdma_capable = le32_to_cpu(p->Capability & RDMA_CAPABLE) ? 1 : 0;
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 060/197] i2c: qcom-geni: Correct I2C TRE sequence
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (58 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 059/197] cifs: fix underflow in parse_server_interfaces() Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 061/197] irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Greg Kroah-Hartman
` (140 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andi Shyti, Bryan ODonoghue,
Mukesh Kumar Savaliya, Viken Dadhaniya, Dmitry Baryshkov,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Viken Dadhaniya <quic_vdadhani@quicinc.com>
[ Upstream commit 83ef106fa732aea8558253641cd98e8a895604d7 ]
For i2c read operation in GSI mode, we are getting timeout
due to malformed TRE basically incorrect TRE sequence
in gpi(drivers/dma/qcom/gpi.c) driver.
I2C driver has geni_i2c_gpi(I2C_WRITE) function which generates GO TRE and
geni_i2c_gpi(I2C_READ)generates DMA TRE. Hence to generate GO TRE before
DMA TRE, we should move geni_i2c_gpi(I2C_WRITE) before
geni_i2c_gpi(I2C_READ) inside the I2C GSI mode transfer function
i.e. geni_i2c_gpi_xfer().
TRE stands for Transfer Ring Element - which is basically an element with
size of 4 words. It contains all information like slave address,
clk divider, dma address value data size etc).
Mainly we have 3 TREs(Config, GO and DMA tre).
- CONFIG TRE : consists of internal register configuration which is
required before start of the transfer.
- DMA TRE : contains DDR/Memory address, called as DMA descriptor.
- GO TRE : contains Transfer directions, slave ID, Delay flags, Length
of the transfer.
I2c driver calls GPI driver API to config each TRE depending on the
protocol.
For read operation tre sequence will be as below which is not aligned
to hardware programming guide.
- CONFIG tre
- DMA tre
- GO tre
As per Qualcomm's internal Hardware Programming Guide, we should configure
TREs in below sequence for any RX only transfer.
- CONFIG tre
- GO tre
- DMA tre
Fixes: d8703554f4de ("i2c: qcom-geni: Add support for GPI DMA")
Reviewed-by: Andi Shyti <andi.shyti@kernel.org>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Tested-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org> # qrb5165-rb5
Co-developed-by: Mukesh Kumar Savaliya <quic_msavaliy@quicinc.com>
Signed-off-by: Mukesh Kumar Savaliya <quic_msavaliy@quicinc.com>
Signed-off-by: Viken Dadhaniya <quic_vdadhani@quicinc.com>
Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-qcom-geni.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/drivers/i2c/busses/i2c-qcom-geni.c b/drivers/i2c/busses/i2c-qcom-geni.c
index 8fce98bb77ff..75b9c3f26bba 100644
--- a/drivers/i2c/busses/i2c-qcom-geni.c
+++ b/drivers/i2c/busses/i2c-qcom-geni.c
@@ -605,20 +605,20 @@ static int geni_i2c_gpi_xfer(struct geni_i2c_dev *gi2c, struct i2c_msg msgs[], i
peripheral.addr = msgs[i].addr;
+ ret = geni_i2c_gpi(gi2c, &msgs[i], &config,
+ &tx_addr, &tx_buf, I2C_WRITE, gi2c->tx_c);
+ if (ret)
+ goto err;
+
if (msgs[i].flags & I2C_M_RD) {
ret = geni_i2c_gpi(gi2c, &msgs[i], &config,
&rx_addr, &rx_buf, I2C_READ, gi2c->rx_c);
if (ret)
goto err;
- }
-
- ret = geni_i2c_gpi(gi2c, &msgs[i], &config,
- &tx_addr, &tx_buf, I2C_WRITE, gi2c->tx_c);
- if (ret)
- goto err;
- if (msgs[i].flags & I2C_M_RD)
dma_async_issue_pending(gi2c->rx_c);
+ }
+
dma_async_issue_pending(gi2c->tx_c);
timeout = wait_for_completion_timeout(&gi2c->done, XFER_TIMEOUT);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 061/197] irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (59 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 060/197] i2c: qcom-geni: Correct I2C TRE sequence Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 062/197] powerpc/kasan: Limit KASAN thread size increase to 32KB Greg Kroah-Hartman
` (139 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Bibo Mao, Thomas Gleixner,
Huacai Chen, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Bibo Mao <maobibo@loongson.cn>
[ Upstream commit f1c2765c6afcd1f71f76ed8c9bf94acedab4cecb ]
eiointc_domain_alloc() uses struct eiointc, which is not defined, for a
pointer. Older compilers treat that as a forward declaration and due to
assignment of a void pointer there is no warning emitted. As the variable
is then handed in as a void pointer argument to irq_domain_set_info() the
code is functional.
Use struct eiointc_priv instead.
[ tglx: Rewrote changelog ]
Fixes: dd281e1a1a93 ("irqchip: Add Loongson Extended I/O interrupt controller support")
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Huacai Chen <chenhuacai@loongson.cn>
Link: https://lore.kernel.org/r/20240130082722.2912576-2-maobibo@loongson.cn
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/irqchip/irq-loongson-eiointc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/irqchip/irq-loongson-eiointc.c b/drivers/irqchip/irq-loongson-eiointc.c
index 3d99b8bdd8ef..de115ee6e9ec 100644
--- a/drivers/irqchip/irq-loongson-eiointc.c
+++ b/drivers/irqchip/irq-loongson-eiointc.c
@@ -242,7 +242,7 @@ static int eiointc_domain_alloc(struct irq_domain *domain, unsigned int virq,
int ret;
unsigned int i, type;
unsigned long hwirq = 0;
- struct eiointc *priv = domain->host_data;
+ struct eiointc_priv *priv = domain->host_data;
ret = irq_domain_translate_onecell(domain, arg, &hwirq, &type);
if (ret)
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 062/197] powerpc/kasan: Limit KASAN thread size increase to 32KB
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (60 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 061/197] irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 063/197] i2c: pasemi: split driver into two separate modules Greg Kroah-Hartman
` (138 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Spoorthy, Benjamin Gray,
Michael Ellerman, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Michael Ellerman <mpe@ellerman.id.au>
[ Upstream commit f1acb109505d983779bbb7e20a1ee6244d2b5736 ]
KASAN is seen to increase stack usage, to the point that it was reported
to lead to stack overflow on some 32-bit machines (see link).
To avoid overflows the stack size was doubled for KASAN builds in
commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with
KASAN").
However with a 32KB stack size to begin with, the doubling leads to a
64KB stack, which causes build errors:
arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)
Although the asm could be reworked, in practice a 32KB stack seems
sufficient even for KASAN builds - the additional usage seems to be in
the 2-3KB range for a 64-bit KASAN build.
So only increase the stack for KASAN if the stack size is < 32KB.
Fixes: 18f14afe2816 ("powerpc/64s: Increase default stack size to 32KB")
Reported-by: Spoorthy <spoorthy@linux.ibm.com>
Reported-by: Benjamin Gray <bgray@linux.ibm.com>
Reviewed-by: Benjamin Gray <bgray@linux.ibm.com>
Link: https://lore.kernel.org/linuxppc-dev/bug-207129-206035@https.bugzilla.kernel.org%2F/
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240212064244.3924505-1-mpe@ellerman.id.au
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/powerpc/include/asm/thread_info.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
index af58f1ed3952..c4b798aa6ce8 100644
--- a/arch/powerpc/include/asm/thread_info.h
+++ b/arch/powerpc/include/asm/thread_info.h
@@ -14,7 +14,7 @@
#ifdef __KERNEL__
-#ifdef CONFIG_KASAN
+#if defined(CONFIG_KASAN) && CONFIG_THREAD_SHIFT < 15
#define MIN_THREAD_SHIFT (CONFIG_THREAD_SHIFT + 1)
#else
#define MIN_THREAD_SHIFT CONFIG_THREAD_SHIFT
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 063/197] i2c: pasemi: split driver into two separate modules
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (61 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 062/197] powerpc/kasan: Limit KASAN thread size increase to 32KB Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 064/197] i2c: i801: Fix block process call transactions Greg Kroah-Hartman
` (137 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arnd Bergmann, Sven Peter,
Andi Shyti, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit f44bff19268517ee98e80e944cad0f04f1db72e3 ]
On powerpc, it is possible to compile test both the new apple (arm) and
old pasemi (powerpc) drivers for the i2c hardware at the same time,
which leads to a warning about linking the same object file twice:
scripts/Makefile.build:244: drivers/i2c/busses/Makefile: i2c-pasemi-core.o is added to multiple modules: i2c-apple i2c-pasemi
Rework the driver to have an explicit helper module, letting Kbuild
take care of whether this should be built-in or a loadable driver.
Fixes: 9bc5f4f660ff ("i2c: pasemi: Split pci driver to its own file")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: Sven Peter <sven@svenpeter.dev>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/Makefile | 6 ++----
drivers/i2c/busses/i2c-pasemi-core.c | 5 +++++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/drivers/i2c/busses/Makefile b/drivers/i2c/busses/Makefile
index e73cdb1d2b5a..784a803279d9 100644
--- a/drivers/i2c/busses/Makefile
+++ b/drivers/i2c/busses/Makefile
@@ -89,10 +89,8 @@ obj-$(CONFIG_I2C_NPCM) += i2c-npcm7xx.o
obj-$(CONFIG_I2C_OCORES) += i2c-ocores.o
obj-$(CONFIG_I2C_OMAP) += i2c-omap.o
obj-$(CONFIG_I2C_OWL) += i2c-owl.o
-i2c-pasemi-objs := i2c-pasemi-core.o i2c-pasemi-pci.o
-obj-$(CONFIG_I2C_PASEMI) += i2c-pasemi.o
-i2c-apple-objs := i2c-pasemi-core.o i2c-pasemi-platform.o
-obj-$(CONFIG_I2C_APPLE) += i2c-apple.o
+obj-$(CONFIG_I2C_PASEMI) += i2c-pasemi-core.o i2c-pasemi-pci.o
+obj-$(CONFIG_I2C_APPLE) += i2c-pasemi-core.o i2c-pasemi-platform.o
obj-$(CONFIG_I2C_PCA_PLATFORM) += i2c-pca-platform.o
obj-$(CONFIG_I2C_PNX) += i2c-pnx.o
obj-$(CONFIG_I2C_PXA) += i2c-pxa.o
diff --git a/drivers/i2c/busses/i2c-pasemi-core.c b/drivers/i2c/busses/i2c-pasemi-core.c
index 9028ffb58cc0..f297e41352e7 100644
--- a/drivers/i2c/busses/i2c-pasemi-core.c
+++ b/drivers/i2c/busses/i2c-pasemi-core.c
@@ -356,3 +356,8 @@ int pasemi_i2c_common_probe(struct pasemi_smbus *smbus)
return 0;
}
+EXPORT_SYMBOL_GPL(pasemi_i2c_common_probe);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Olof Johansson <olof@lixom.net>");
+MODULE_DESCRIPTION("PA Semi PWRficient SMBus driver");
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 064/197] i2c: i801: Fix block process call transactions
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (62 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 063/197] i2c: pasemi: split driver into two separate modules Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 065/197] modpost: trim leading spaces when processing source files list Greg Kroah-Hartman
` (136 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jean Delvare, Piotr Zakowski,
Alexander Sverdlin, Andi Shyti, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jean Delvare <jdelvare@suse.de>
[ Upstream commit c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 ]
According to the Intel datasheets, software must reset the block
buffer index twice for block process call transactions: once before
writing the outgoing data to the buffer, and once again before
reading the incoming data from the buffer.
The driver is currently missing the second reset, causing the wrong
portion of the block buffer to be read.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Reported-by: Piotr Zakowski <piotr.zakowski@intel.com>
Closes: https://lore.kernel.org/linux-i2c/20240213120553.7b0ab120@endymion.delvare/
Fixes: 315cd67c9453 ("i2c: i801: Add Block Write-Block Read Process Call support")
Reviewed-by: Alexander Sverdlin <alexander.sverdlin@gmail.com>
Signed-off-by: Andi Shyti <andi.shyti@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/i2c/busses/i2c-i801.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
index 3159ffbb77a2..9a4e9bf304c2 100644
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -500,11 +500,10 @@ static int i801_block_transaction_by_block(struct i801_priv *priv,
/* Set block buffer mode */
outb_p(inb_p(SMBAUXCTL(priv)) | SMBAUXCTL_E32B, SMBAUXCTL(priv));
- inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */
-
if (read_write == I2C_SMBUS_WRITE) {
len = data->block[0];
outb_p(len, SMBHSTDAT0(priv));
+ inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */
for (i = 0; i < len; i++)
outb_p(data->block[i+1], SMBBLKDAT(priv));
}
@@ -520,6 +519,7 @@ static int i801_block_transaction_by_block(struct i801_priv *priv,
return -EPROTO;
data->block[0] = len;
+ inb_p(SMBHSTCNT(priv)); /* reset the data buffer index */
for (i = 0; i < len; i++)
data->block[i + 1] = inb_p(SMBBLKDAT(priv));
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 065/197] modpost: trim leading spaces when processing source files list
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (63 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 064/197] i2c: i801: Fix block process call transactions Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 066/197] mptcp: get rid of msk->subflow Greg Kroah-Hartman
` (135 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Radek Krejci, Masahiro Yamada,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Radek Krejci <radek.krejci@oracle.com>
[ Upstream commit 5d9a16b2a4d9e8fa028892ded43f6501bc2969e5 ]
get_line() does not trim the leading spaces, but the
parse_source_files() expects to get lines with source files paths where
the first space occurs after the file path.
Fixes: 70f30cfe5b89 ("modpost: use read_text_file() and get_line() for reading text files")
Signed-off-by: Radek Krejci <radek.krejci@oracle.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
scripts/mod/sumversion.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/scripts/mod/sumversion.c b/scripts/mod/sumversion.c
index 6bf9caca0968..a72e6cf61a1f 100644
--- a/scripts/mod/sumversion.c
+++ b/scripts/mod/sumversion.c
@@ -326,7 +326,12 @@ static int parse_source_files(const char *objfile, struct md4_ctx *md)
/* Sum all files in the same dir or subdirs. */
while ((line = get_line(&pos))) {
- char* p = line;
+ char* p;
+
+ /* trim the leading spaces away */
+ while (isspace(*line))
+ line++;
+ p = line;
if (strncmp(line, "source_", sizeof("source_")-1) == 0) {
p = strrchr(line, ' ');
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 066/197] mptcp: get rid of msk->subflow
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (64 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 065/197] modpost: trim leading spaces when processing source files list Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 067/197] mptcp: fix data re-injection from stale subflow Greg Kroah-Hartman
` (134 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Christoph Paasch
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit 39880bd808ad2ddfb9b7fee129568c3b814f0609 upstream.
This is a partial backport of the upstram commit 39880bd808ad ("mptcp:
get rid of msk->subflow"). It's partial to avoid a long a complex
dependency chain not suitable for stable.
The only bit remaning from the original commit is the introduction of a
new field avoid a race at close time causing an UaF:
BUG: KASAN: use-after-free in mptcp_subflow_queue_clean+0x2c9/0x390 include/net/mptcp.h:104
Read of size 1 at addr ffff88803bf72884 by task syz-executor.6/23092
CPU: 0 PID: 23092 Comm: syz-executor.6 Not tainted 6.1.65-gc6114c845984 #50
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x125/0x18f lib/dump_stack.c:106
print_report+0x163/0x4f0 mm/kasan/report.c:284
kasan_report+0xc4/0x100 mm/kasan/report.c:495
mptcp_subflow_queue_clean+0x2c9/0x390 include/net/mptcp.h:104
mptcp_check_listen_stop+0x190/0x2a0 net/mptcp/protocol.c:3009
__mptcp_close+0x9a/0x970 net/mptcp/protocol.c:3024
mptcp_close+0x2a/0x130 net/mptcp/protocol.c:3089
inet_release+0x13d/0x190 net/ipv4/af_inet.c:429
sock_close+0xcf/0x230 net/socket.c:652
__fput+0x3a2/0x870 fs/file_table.c:320
task_work_run+0x24e/0x300 kernel/task_work.c:179
resume_user_mode_work include/linux/resume_user_mode.h:49 [inline]
exit_to_user_mode_loop+0xa4/0xc0 kernel/entry/common.c:171
exit_to_user_mode_prepare+0x51/0x90 kernel/entry/common.c:204
syscall_exit_to_user_mode+0x26/0x140 kernel/entry/common.c:286
do_syscall_64+0x53/0xa0 arch/x86/entry/common.c:86
entry_SYSCALL_64_after_hwframe+0x64/0xce
RIP: 0033:0x41d791
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 74 2a 00 00 c3 48 83 ec 08 e8 9a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 e3 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00000000008bfb90 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000004 RCX: 000000000041d791
RDX: 0000001b33920000 RSI: ffffffff8139adff RDI: 0000000000000003
RBP: 000000000079d980 R08: 0000001b33d20000 R09: 0000000000000951
R10: 000000008139a955 R11: 0000000000000293 R12: 00000000000c739b
R13: 000000000079bf8c R14: 00007fa301053000 R15: 00000000000c705a
</TASK>
Allocated by task 22528:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x40/0x70 mm/kasan/common.c:52
____kasan_kmalloc mm/kasan/common.c:374 [inline]
__kasan_kmalloc+0xa0/0xb0 mm/kasan/common.c:383
kasan_kmalloc include/linux/kasan.h:211 [inline]
__do_kmalloc_node mm/slab_common.c:955 [inline]
__kmalloc+0xaa/0x1c0 mm/slab_common.c:968
kmalloc include/linux/slab.h:558 [inline]
sk_prot_alloc+0xac/0x200 net/core/sock.c:2038
sk_clone_lock+0x56/0x1090 net/core/sock.c:2236
inet_csk_clone_lock+0x26/0x420 net/ipv4/inet_connection_sock.c:1141
tcp_create_openreq_child+0x30/0x1910 net/ipv4/tcp_minisocks.c:474
tcp_v6_syn_recv_sock+0x413/0x1a90 net/ipv6/tcp_ipv6.c:1283
subflow_syn_recv_sock+0x621/0x1300 net/mptcp/subflow.c:730
tcp_get_cookie_sock+0xf0/0x5f0 net/ipv4/syncookies.c:201
cookie_v6_check+0x130f/0x1c50 net/ipv6/syncookies.c:261
tcp_v6_do_rcv+0x7e0/0x12b0 net/ipv6/tcp_ipv6.c:1147
tcp_v6_rcv+0x2494/0x2f50 net/ipv6/tcp_ipv6.c:1743
ip6_protocol_deliver_rcu+0xba3/0x1620 net/ipv6/ip6_input.c:438
ip6_input+0x1bc/0x470 net/ipv6/ip6_input.c:483
ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:302
__netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5525
process_backlog+0x353/0x660 net/core/dev.c:5967
__napi_poll+0xc6/0x5a0 net/core/dev.c:6534
net_rx_action+0x652/0xea0 net/core/dev.c:6601
__do_softirq+0x176/0x525 kernel/softirq.c:571
Freed by task 23093:
kasan_save_stack mm/kasan/common.c:45 [inline]
kasan_set_track+0x40/0x70 mm/kasan/common.c:52
kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:516
____kasan_slab_free+0x13a/0x1b0 mm/kasan/common.c:236
kasan_slab_free include/linux/kasan.h:177 [inline]
slab_free_hook mm/slub.c:1724 [inline]
slab_free_freelist_hook mm/slub.c:1750 [inline]
slab_free mm/slub.c:3661 [inline]
__kmem_cache_free+0x1eb/0x340 mm/slub.c:3674
sk_prot_free net/core/sock.c:2074 [inline]
__sk_destruct+0x4ad/0x620 net/core/sock.c:2160
tcp_v6_rcv+0x269c/0x2f50 net/ipv6/tcp_ipv6.c:1761
ip6_protocol_deliver_rcu+0xba3/0x1620 net/ipv6/ip6_input.c:438
ip6_input+0x1bc/0x470 net/ipv6/ip6_input.c:483
ipv6_rcv+0xef/0x2c0 include/linux/netfilter.h:302
__netif_receive_skb+0x1ea/0x6a0 net/core/dev.c:5525
process_backlog+0x353/0x660 net/core/dev.c:5967
__napi_poll+0xc6/0x5a0 net/core/dev.c:6534
net_rx_action+0x652/0xea0 net/core/dev.c:6601
__do_softirq+0x176/0x525 kernel/softirq.c:571
The buggy address belongs to the object at ffff88803bf72000
which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 2180 bytes inside of
4096-byte region [ffff88803bf72000, ffff88803bf73000)
The buggy address belongs to the physical page:
page:00000000a72e4e51 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3bf70
head:00000000a72e4e51 order:3 compound_mapcount:0 compound_pincount:0
flags: 0x100000000010200(slab|head|node=0|zone=1)
raw: 0100000000010200 ffffea0000a0ea00 dead000000000002 ffff888100042140
raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88803bf72780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88803bf72800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
>ffff88803bf72880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff88803bf72900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff88803bf72980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
Prevent the MPTCP worker from freeing the first subflow for unaccepted
socket when such sockets transition to TCP_CLOSE state, and let that
happen at accept() or listener close() time.
Fixes: b6985b9b8295 ("mptcp: use the workqueue to destroy unaccepted sockets")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Reported-by: Christoph Paasch <cpaasch@apple.com>
Tested-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/protocol.c | 9 ++++-----
net/mptcp/protocol.h | 3 ++-
2 files changed, 6 insertions(+), 6 deletions(-)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2422,7 +2422,7 @@ static void __mptcp_close_ssk(struct soc
goto out_release;
}
- dispose_it = !msk->subflow || ssk != msk->subflow->sk;
+ dispose_it = msk->free_first || ssk != msk->first;
if (dispose_it)
list_del(&subflow->node);
@@ -2440,7 +2440,6 @@ static void __mptcp_close_ssk(struct soc
need_push = (flags & MPTCP_CF_PUSH) && __mptcp_retransmit_pending_data(sk);
if (!dispose_it) {
__mptcp_subflow_disconnect(ssk, subflow, flags);
- msk->subflow->state = SS_UNCONNECTED;
release_sock(ssk);
goto out;
@@ -3341,10 +3340,10 @@ static void mptcp_destroy(struct sock *s
{
struct mptcp_sock *msk = mptcp_sk(sk);
- /* clears msk->subflow, allowing the following to close
- * even the initial subflow
- */
mptcp_dispose_initial_subflow(msk);
+
+ /* allow the following to close even the initial subflow */
+ msk->free_first = 1;
mptcp_destroy_common(msk, 0);
sk_sockets_allocated_dec(sk);
}
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -287,7 +287,8 @@ struct mptcp_sock {
cork:1,
nodelay:1,
fastopening:1,
- in_accept_queue:1;
+ in_accept_queue:1,
+ free_first:1;
struct work_struct work;
struct sk_buff *ooo_last_skb;
struct rb_root out_of_order_queue;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 067/197] mptcp: fix data re-injection from stale subflow
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (65 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 066/197] mptcp: get rid of msk->subflow Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 068/197] selftests: mptcp: add missing kconfig for NF Filter Greg Kroah-Hartman
` (133 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Matthieu Baerts (NGI0), Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit b6c620dc43ccb4e802894e54b651cf81495e9598 upstream.
When the MPTCP PM detects that a subflow is stale, all the packet
scheduler must re-inject all the mptcp-level unacked data. To avoid
acquiring unneeded locks, it first try to check if any unacked data
is present at all in the RTX queue, but such check is currently
broken, as it uses TCP-specific helper on an MPTCP socket.
Funnily enough fuzzers and static checkers are happy, as the accessed
memory still belongs to the mptcp_sock struct, and even from a
functional perspective the recovery completed successfully, as
the short-cut test always failed.
A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize
tcp_sock fast path variables") - exposed the issue, as the tcp field
reorganization makes the mptcp code always skip the re-inection.
Fix the issue dropping the bogus call: we are on a slow path, the early
optimization proved once again to be evil.
Fixes: 1e1d9d6f119c ("mptcp: handle pending data on closed subflow")
Cc: stable@vger.kernel.org
Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/468
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-1-4c1c11e571ff@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/protocol.c | 3 ---
1 file changed, 3 deletions(-)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2336,9 +2336,6 @@ bool __mptcp_retransmit_pending_data(str
if (__mptcp_check_fallback(mptcp_sk(sk)))
return false;
- if (tcp_rtx_and_write_queues_empty(sk))
- return false;
-
/* the closing socket has some data untransmitted and/or unacked:
* some data in the mptcp rtx queue has not really xmitted yet.
* keep it simple and re-inject the whole mptcp level rtx queue
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 068/197] selftests: mptcp: add missing kconfig for NF Filter
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (66 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 067/197] mptcp: fix data re-injection from stale subflow Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 069/197] selftests: mptcp: add missing kconfig for NF Filter in v6 Greg Kroah-Hartman
` (132 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geliang Tang, Matthieu Baerts (NGI0),
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
commit 3645c844902bd4e173d6704fc2a37e8746904d67 upstream.
Since the commit mentioned below, 'mptcp_join' selftests is using
IPTables to add rules to the Filter table.
It is then required to have IP_NF_FILTER KConfig.
This KConfig is usually enabled by default in many defconfig, but we
recently noticed that some CI were running our selftests without them
enabled.
Fixes: 8d014eaa9254 ("selftests: mptcp: add ADD_ADDR timeout test case")
Cc: stable@vger.kernel.org
Reviewed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/config | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -22,6 +22,7 @@ CONFIG_NFT_TPROXY=m
CONFIG_NFT_SOCKET=m
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
+CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_NET_ACT_CSUM=m
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 069/197] selftests: mptcp: add missing kconfig for NF Filter in v6
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (67 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 068/197] selftests: mptcp: add missing kconfig for NF Filter Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 070/197] selftests: mptcp: add missing kconfig for NF Mangle Greg Kroah-Hartman
` (131 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geliang Tang, Matthieu Baerts (NGI0),
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
commit 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa upstream.
Since the commit mentioned below, 'mptcp_join' selftests is using
IPTables to add rules to the Filter table for IPv6.
It is then required to have IP6_NF_FILTER KConfig.
This KConfig is usually enabled by default in many defconfig, but we
recently noticed that some CI were running our selftests without them
enabled.
Fixes: 523514ed0a99 ("selftests: mptcp: add ADD_ADDR IPv6 test cases")
Cc: stable@vger.kernel.org
Reviewed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-3-4c1c11e571ff@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/config | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -25,6 +25,7 @@ CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IP6_NF_FILTER=m
CONFIG_NET_ACT_CSUM=m
CONFIG_NET_ACT_PEDIT=m
CONFIG_NET_CLS_ACT=y
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 070/197] selftests: mptcp: add missing kconfig for NF Mangle
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (68 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 069/197] selftests: mptcp: add missing kconfig for NF Filter in v6 Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 071/197] selftests: mptcp: increase timeout to 30 min Greg Kroah-Hartman
` (130 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geliang Tang, Matthieu Baerts (NGI0),
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
commit 2d41f10fa497182df9012d3e95d9cea24eb42e61 upstream.
Since the commit mentioned below, 'mptcp_join' selftests is using
IPTables to add rules to the Mangle table, only in IPv4.
This KConfig is usually enabled by default in many defconfig, but we
recently noticed that some CI were running our selftests without them
enabled.
Fixes: b6e074e171bc ("selftests: mptcp: add infinite map testcase")
Cc: stable@vger.kernel.org
Reviewed-by: Geliang Tang <geliang@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-4-4c1c11e571ff@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/config | 1 +
1 file changed, 1 insertion(+)
--- a/tools/testing/selftests/net/mptcp/config
+++ b/tools/testing/selftests/net/mptcp/config
@@ -23,6 +23,7 @@ CONFIG_NFT_SOCKET=m
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IP6_NF_FILTER=m
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 071/197] selftests: mptcp: increase timeout to 30 min
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (69 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 070/197] selftests: mptcp: add missing kconfig for NF Mangle Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 072/197] mptcp: drop the push_pending field Greg Kroah-Hartman
` (129 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Matthieu Baerts (NGI0),
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Matthieu Baerts (NGI0) <matttbe@kernel.org>
commit 4d4dfb2019d7010efb65926d9d1c1793f9a367c6 upstream.
On very slow environments -- e.g. when QEmu is used without KVM --,
mptcp_join.sh selftest can take a bit more than 20 minutes. Bump the
default timeout by 50% as it seems normal to take that long on some
environments.
When a debug kernel config is used, this selftest will take even longer,
but that's certainly not a common test env to consider for the timeout.
The Fixes tag that has been picked here is there simply to help having
this patch backported to older stable versions. It is difficult to point
to the exact commit that made some env reaching the timeout from time to
time.
Fixes: d17b968b9876 ("selftests: mptcp: increase timeout to 20 minutes")
Cc: stable@vger.kernel.org
Acked-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-5-4c1c11e571ff@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/testing/selftests/net/mptcp/settings | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/net/mptcp/settings b/tools/testing/selftests/net/mptcp/settings
index 79b65bdf05db..abc5648b59ab 100644
--- a/tools/testing/selftests/net/mptcp/settings
+++ b/tools/testing/selftests/net/mptcp/settings
@@ -1 +1 @@
-timeout=1200
+timeout=1800
--
2.43.2
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 072/197] mptcp: drop the push_pending field
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (70 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 071/197] selftests: mptcp: increase timeout to 30 min Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 073/197] mptcp: check addrs list in userspace_pm_get_local_id Greg Kroah-Hartman
` (128 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paolo Abeni, Mat Martineau,
Matthieu Baerts (NGI0), David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paolo Abeni <pabeni@redhat.com>
commit bdd70eb68913c960acb895b00a8c62eb64715b1f upstream.
Such field is there to avoid acquiring the data lock in a few spots,
but it adds complexity to the already non trivial locking schema.
All the relevant call sites (mptcp-level re-injection, set socket
options), are slow-path, drop such field in favor of 'cb_flags', adding
the relevant locking.
This patch could be seen as an improvement, instead of a fix. But it
simplifies the next patch. The 'Fixes' tag has been added to help having
this series backported to stable.
Fixes: e9d09baca676 ("mptcp: avoid atomic bit manipulation when possible")
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/protocol.c | 12 ++++++------
net/mptcp/protocol.h | 1 -
2 files changed, 6 insertions(+), 7 deletions(-)
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1582,8 +1582,11 @@ static void mptcp_update_post_push(struc
void mptcp_check_and_set_pending(struct sock *sk)
{
- if (mptcp_send_head(sk))
- mptcp_sk(sk)->push_pending |= BIT(MPTCP_PUSH_PENDING);
+ if (mptcp_send_head(sk)) {
+ mptcp_data_lock(sk);
+ mptcp_sk(sk)->cb_flags |= BIT(MPTCP_PUSH_PENDING);
+ mptcp_data_unlock(sk);
+ }
}
void __mptcp_push_pending(struct sock *sk, unsigned int flags)
@@ -3140,7 +3143,6 @@ static int mptcp_disconnect(struct sock
msk->last_snd = NULL;
WRITE_ONCE(msk->flags, 0);
msk->cb_flags = 0;
- msk->push_pending = 0;
msk->recovery = false;
msk->can_ack = false;
msk->fully_established = false;
@@ -3384,8 +3386,7 @@ static void mptcp_release_cb(struct sock
struct mptcp_sock *msk = mptcp_sk(sk);
for (;;) {
- unsigned long flags = (msk->cb_flags & MPTCP_FLAGS_PROCESS_CTX_NEED) |
- msk->push_pending;
+ unsigned long flags = (msk->cb_flags & MPTCP_FLAGS_PROCESS_CTX_NEED);
struct list_head join_list;
if (!flags)
@@ -3401,7 +3402,6 @@ static void mptcp_release_cb(struct sock
* datapath acquires the msk socket spinlock while helding
* the subflow socket lock
*/
- msk->push_pending = 0;
msk->cb_flags &= ~flags;
spin_unlock_bh(&sk->sk_lock.slock);
--- a/net/mptcp/protocol.h
+++ b/net/mptcp/protocol.h
@@ -272,7 +272,6 @@ struct mptcp_sock {
int rmem_released;
unsigned long flags;
unsigned long cb_flags;
- unsigned long push_pending;
bool recovery; /* closing subflow write queue reinjected */
bool can_ack;
bool fully_established;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 073/197] mptcp: check addrs list in userspace_pm_get_local_id
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (71 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 072/197] mptcp: drop the push_pending field Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 074/197] media: Revert "media: rkisp1: Drop IRQF_SHARED" Greg Kroah-Hartman
` (127 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Geliang Tang, Mat Martineau,
Matthieu Baerts (NGI0), David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Geliang Tang <geliang@kernel.org>
commit f012d796a6de662692159c539689e47e662853a8 upstream.
Before adding a new entry in mptcp_userspace_pm_get_local_id(), it's
better to check whether this address is already in userspace pm local
address list. If it's in the list, no need to add a new entry, just
return it's address ID and use this address.
Fixes: 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs")
Cc: stable@vger.kernel.org
Signed-off-by: Geliang Tang <geliang.tang@linux.dev>
Reviewed-by: Mat Martineau <martineau@kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mptcp/pm_userspace.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/net/mptcp/pm_userspace.c
+++ b/net/mptcp/pm_userspace.c
@@ -132,10 +132,21 @@ int mptcp_userspace_pm_get_flags_and_ifi
int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk,
struct mptcp_addr_info *skc)
{
- struct mptcp_pm_addr_entry new_entry;
+ struct mptcp_pm_addr_entry *entry = NULL, *e, new_entry;
__be16 msk_sport = ((struct inet_sock *)
inet_sk((struct sock *)msk))->inet_sport;
+ spin_lock_bh(&msk->pm.lock);
+ list_for_each_entry(e, &msk->pm.userspace_pm_local_addr_list, list) {
+ if (mptcp_addresses_equal(&e->addr, skc, false)) {
+ entry = e;
+ break;
+ }
+ }
+ spin_unlock_bh(&msk->pm.lock);
+ if (entry)
+ return entry->addr.id;
+
memset(&new_entry, 0, sizeof(struct mptcp_pm_addr_entry));
new_entry.addr = *skc;
new_entry.addr.id = 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 074/197] media: Revert "media: rkisp1: Drop IRQF_SHARED"
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (72 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 073/197] mptcp: check addrs list in userspace_pm_get_local_id Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 075/197] scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Greg Kroah-Hartman
` (126 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mikhail Rudenko, Tomi Valkeinen,
Laurent Pinchart, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d upstream.
This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74.
The rkisp1 does share interrupt lines on some platforms, after all. Thus
we need to revert this, and implement a fix for the rkisp1 shared irq
handling in a follow-up patch.
Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/
Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideasonboard.com
Reported-by: Mikhail Rudenko <mike.rudenko@gmail.com>
Signed-off-by: Tomi Valkeinen <tomi.valkeinen@ideasonboard.com>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c
+++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c
@@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_
rkisp1->irqs[il] = irq;
}
- ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0,
+ ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED,
dev_driver_string(dev), dev);
if (ret) {
dev_err(dev, "request irq failed: %d\n", ret);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 075/197] scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (73 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 074/197] media: Revert "media: rkisp1: Drop IRQF_SHARED" Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 076/197] Revert "drm/amd: flush any delayed gfxoff on suspend entry" Greg Kroah-Hartman
` (125 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lee Duncan, Hannes Reinecke,
Martin K. Petersen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lee Duncan <lduncan@suse.com>
commit 977fe773dcc7098d8eaf4ee6382cb51e13e784cb upstream.
This reverts commit 1a1975551943f681772720f639ff42fbaa746212.
This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".
Instead, a work queue should be used, and will be addressed in a separate
commit.
Fixes: 1a1975551943 ("scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock")
Signed-off-by: Lee Duncan <lduncan@suse.com>
Link: https://lore.kernel.org/r/c578cdcd46b60470535c4c4a953e6a1feca0dffd.1707500786.git.lduncan@suse.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/scsi/fcoe/fcoe_ctlr.c | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
--- a/drivers/scsi/fcoe/fcoe_ctlr.c
+++ b/drivers/scsi/fcoe/fcoe_ctlr.c
@@ -319,17 +319,16 @@ static void fcoe_ctlr_announce(struct fc
{
struct fcoe_fcf *sel;
struct fcoe_fcf *fcf;
- unsigned long flags;
mutex_lock(&fip->ctlr_mutex);
- spin_lock_irqsave(&fip->ctlr_lock, flags);
+ spin_lock_bh(&fip->ctlr_lock);
kfree_skb(fip->flogi_req);
fip->flogi_req = NULL;
list_for_each_entry(fcf, &fip->fcfs, list)
fcf->flogi_sent = 0;
- spin_unlock_irqrestore(&fip->ctlr_lock, flags);
+ spin_unlock_bh(&fip->ctlr_lock);
sel = fip->sel_fcf;
if (sel && ether_addr_equal(sel->fcf_mac, fip->dest_addr))
@@ -700,7 +699,6 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr
{
struct fc_frame *fp;
struct fc_frame_header *fh;
- unsigned long flags;
u16 old_xid;
u8 op;
u8 mac[ETH_ALEN];
@@ -734,11 +732,11 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr
op = FIP_DT_FLOGI;
if (fip->mode == FIP_MODE_VN2VN)
break;
- spin_lock_irqsave(&fip->ctlr_lock, flags);
+ spin_lock_bh(&fip->ctlr_lock);
kfree_skb(fip->flogi_req);
fip->flogi_req = skb;
fip->flogi_req_send = 1;
- spin_unlock_irqrestore(&fip->ctlr_lock, flags);
+ spin_unlock_bh(&fip->ctlr_lock);
schedule_work(&fip->timer_work);
return -EINPROGRESS;
case ELS_FDISC:
@@ -1707,11 +1705,10 @@ static int fcoe_ctlr_flogi_send_locked(s
static int fcoe_ctlr_flogi_retry(struct fcoe_ctlr *fip)
{
struct fcoe_fcf *fcf;
- unsigned long flags;
int error;
mutex_lock(&fip->ctlr_mutex);
- spin_lock_irqsave(&fip->ctlr_lock, flags);
+ spin_lock_bh(&fip->ctlr_lock);
LIBFCOE_FIP_DBG(fip, "re-sending FLOGI - reselect\n");
fcf = fcoe_ctlr_select(fip);
if (!fcf || fcf->flogi_sent) {
@@ -1722,7 +1719,7 @@ static int fcoe_ctlr_flogi_retry(struct
fcoe_ctlr_solicit(fip, NULL);
error = fcoe_ctlr_flogi_send_locked(fip);
}
- spin_unlock_irqrestore(&fip->ctlr_lock, flags);
+ spin_unlock_bh(&fip->ctlr_lock);
mutex_unlock(&fip->ctlr_mutex);
return error;
}
@@ -1739,9 +1736,8 @@ static int fcoe_ctlr_flogi_retry(struct
static void fcoe_ctlr_flogi_send(struct fcoe_ctlr *fip)
{
struct fcoe_fcf *fcf;
- unsigned long flags;
- spin_lock_irqsave(&fip->ctlr_lock, flags);
+ spin_lock_bh(&fip->ctlr_lock);
fcf = fip->sel_fcf;
if (!fcf || !fip->flogi_req_send)
goto unlock;
@@ -1768,7 +1764,7 @@ static void fcoe_ctlr_flogi_send(struct
} else /* XXX */
LIBFCOE_FIP_DBG(fip, "No FCF selected - defer send\n");
unlock:
- spin_unlock_irqrestore(&fip->ctlr_lock, flags);
+ spin_unlock_bh(&fip->ctlr_lock);
}
/**
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 076/197] Revert "drm/amd: flush any delayed gfxoff on suspend entry"
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (74 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 075/197] scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 077/197] drm/virtio: Set segment size for virtio_gpu device Greg Kroah-Hartman
` (124 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alex Deucher, Mario Limonciello
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 916361685319098f696b798ef1560f69ed96e934 upstream.
commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring
callbacks") caused GFXOFF control to be used more heavily and the
codepath that was removed from commit 0dee72639533 ("drm/amd: flush any
delayed gfxoff on suspend entry") now can be exercised at suspend again.
Users report that by using GNOME to suspend the lockscreen trigger will
cause SDMA traffic and the system can deadlock.
This reverts commit 0dee726395333fea833eaaf838bc80962df886c8.
Acked-by: Alex Deucher <alexander.deucher@amd.com>
Fixes: ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 -
drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 ++++++++-
2 files changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c
@@ -4203,7 +4203,6 @@ int amdgpu_device_suspend(struct drm_dev
drm_fb_helper_set_suspend_unlocked(adev_to_drm(adev)->fb_helper, true);
cancel_delayed_work_sync(&adev->delayed_init_work);
- flush_delayed_work(&adev->gfx.gfx_off_delay_work);
amdgpu_ras_suspend(adev);
--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
+++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c
@@ -585,8 +585,15 @@ void amdgpu_gfx_off_ctrl(struct amdgpu_d
if (adev->gfx.gfx_off_req_count == 0 &&
!adev->gfx.gfx_off_state) {
- schedule_delayed_work(&adev->gfx.gfx_off_delay_work,
+ /* If going to s2idle, no need to wait */
+ if (adev->in_s0ix) {
+ if (!amdgpu_dpm_set_powergating_by_smu(adev,
+ AMD_IP_BLOCK_TYPE_GFX, true))
+ adev->gfx.gfx_off_state = true;
+ } else {
+ schedule_delayed_work(&adev->gfx.gfx_off_delay_work,
delay);
+ }
}
} else {
if (adev->gfx.gfx_off_req_count == 0) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 077/197] drm/virtio: Set segment size for virtio_gpu device
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (75 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 076/197] Revert "drm/amd: flush any delayed gfxoff on suspend entry" Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 078/197] lsm: fix the logic in security_inode_getsecctx() Greg Kroah-Hartman
` (123 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhenyu Zhang, Vivek Kasireddy,
Sebastian Ott, Dmitry Osipenko
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sebastian Ott <sebott@redhat.com>
commit 9c64e749cebd9c2d3d55261530a98bcccb83b950 upstream.
Set the segment size of the virtio_gpu device to the value
used by the drm helpers when allocating sg lists to fix the
following complaint from DMA_API debug code:
DMA-API: virtio-pci 0000:07:00.0: mapping sg segment longer than
device claims to support [len=262144] [max=65536]
Cc: stable@vger.kernel.org
Tested-by: Zhenyu Zhang <zhenyzha@redhat.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Sebastian Ott <sebott@redhat.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Link: https://patchwork.freedesktop.org/patch/msgid/7258a4cc-da16-5c34-a042-2a23ee396d56@redhat.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/virtio/virtgpu_drv.c | 1 +
1 file changed, 1 insertion(+)
--- a/drivers/gpu/drm/virtio/virtgpu_drv.c
+++ b/drivers/gpu/drm/virtio/virtgpu_drv.c
@@ -93,6 +93,7 @@ static int virtio_gpu_probe(struct virti
goto err_free;
}
+ dma_set_max_seg_size(dev->dev, dma_max_mapping_size(dev->dev) ?: UINT_MAX);
ret = virtio_gpu_init(vdev, dev);
if (ret)
goto err_free;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 078/197] lsm: fix the logic in security_inode_getsecctx()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (76 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 077/197] drm/virtio: Set segment size for virtio_gpu device Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 079/197] firewire: core: correct documentation of fw_csr_string() kernel API Greg Kroah-Hartman
` (122 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephen Smalley, Ondrej Mosnacek,
Casey Schaufler, Paul Moore
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ondrej Mosnacek <omosnace@redhat.com>
commit 99b817c173cd213671daecd25ca27f56b0c7c4ec upstream.
The inode_getsecctx LSM hook has previously been corrected to have
-EOPNOTSUPP instead of 0 as the default return value to fix BPF LSM
behavior. However, the call_int_hook()-generated loop in
security_inode_getsecctx() was left treating 0 as the neutral value, so
after an LSM returns 0, the loop continues to try other LSMs, and if one
of them returns a non-zero value, the function immediately returns with
said value. So in a situation where SELinux and the BPF LSMs registered
this hook, -EOPNOTSUPP would be incorrectly returned whenever SELinux
returned 0.
Fix this by open-coding the call_int_hook() loop and making it use the
correct LSM_RET_DEFAULT() value as the neutral one, similar to what
other hooks do.
Cc: stable@vger.kernel.org
Reported-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Link: https://lore.kernel.org/selinux/CAEjxPJ4ev-pasUwGx48fDhnmjBnq_Wh90jYPwRQRAqXxmOKD4Q@mail.gmail.com/
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2257983
Fixes: b36995b8609a ("lsm: fix default return value for inode_getsecctx")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
security/security.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
--- a/security/security.c
+++ b/security/security.c
@@ -2186,7 +2186,19 @@ EXPORT_SYMBOL(security_inode_setsecctx);
int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
{
- return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen);
+ struct security_hook_list *hp;
+ int rc;
+
+ /*
+ * Only one module will provide a security context.
+ */
+ hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) {
+ rc = hp->hook.inode_getsecctx(inode, ctx, ctxlen);
+ if (rc != LSM_RET_DEFAULT(inode_getsecctx))
+ return rc;
+ }
+
+ return LSM_RET_DEFAULT(inode_getsecctx);
}
EXPORT_SYMBOL(security_inode_getsecctx);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 079/197] firewire: core: correct documentation of fw_csr_string() kernel API
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (77 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 078/197] lsm: fix the logic in security_inode_getsecctx() Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 080/197] ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Greg Kroah-Hartman
` (121 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Takashi Sakamoto
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Takashi Sakamoto <o-takashi@sakamocchi.jp>
commit 5f9ab17394f831cb7986ec50900fa37507a127f1 upstream.
Against its current description, the kernel API can accepts all types of
directory entries.
This commit corrects the documentation.
Cc: stable@vger.kernel.org
Fixes: 3c2c58cb33b3 ("firewire: core: fw_csr_string addendum")
Link: https://lore.kernel.org/r/20240130100409.30128-2-o-takashi@sakamocchi.jp
Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/firewire/core-device.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -100,10 +100,9 @@ static int textual_leaf_to_string(const
* @buf: where to put the string
* @size: size of @buf, in bytes
*
- * The string is taken from a minimal ASCII text descriptor leaf after
- * the immediate entry with @key. The string is zero-terminated.
- * An overlong string is silently truncated such that it and the
- * zero byte fit into @size.
+ * The string is taken from a minimal ASCII text descriptor leaf just after the entry with the
+ * @key. The string is zero-terminated. An overlong string is silently truncated such that it
+ * and the zero byte fit into @size.
*
* Returns strlen(buf) or a negative error code.
*/
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 080/197] ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (78 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 079/197] firewire: core: correct documentation of fw_csr_string() kernel API Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 081/197] kbuild: Fix changing ELF file type for output of gen_btf for big endian Greg Kroah-Hartman
` (120 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, José Relvas, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: José Relvas <josemonsantorelvas@gmail.com>
commit 2468e8922d2f6da81a6192b73023eff67e3fefdd upstream.
There currently exists two thinkpad headset jack fixups:
ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK
ALC285_FIXUP_THINKPAD_HEADSET_JACK
The latter is applied to alc285 and alc287 thinkpads which contain
bass speakers.
However, the former was only being applied to alc285 thinkpads,
leaving non-bass alc287 thinkpads with no headset button controls.
This patch fixes that by adding ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK
to the alc287 chains, allowing the detection of headset buttons.
Signed-off-by: José Relvas <josemonsantorelvas@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240131113407.34698-3-josemonsantorelvas@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9377,7 +9377,7 @@ static const struct hda_fixup alc269_fix
.type = HDA_FIXUP_FUNC,
.v.func = cs35l41_fixup_i2c_two,
.chained = true,
- .chain_id = ALC269_FIXUP_THINKPAD_ACPI,
+ .chain_id = ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK,
},
[ALC245_FIXUP_HP_MUTE_LED_COEFBIT] = {
.type = HDA_FIXUP_FUNC,
@@ -9392,6 +9392,8 @@ static const struct hda_fixup alc269_fix
[ALC287_FIXUP_THINKPAD_I2S_SPK] = {
.type = HDA_FIXUP_FUNC,
.v.func = alc287_fixup_bind_dacs,
+ .chained = true,
+ .chain_id = ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK,
},
[ALC287_FIXUP_MG_RTKC_CSAMP_CS35L41_I2C_THINKPAD] = {
.type = HDA_FIXUP_FUNC,
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 081/197] kbuild: Fix changing ELF file type for output of gen_btf for big endian
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (79 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 080/197] ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 082/197] nfc: nci: free rx_data_reassembly skb on NCI device cleanup Greg Kroah-Hartman
` (119 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Nathan Chancellor,
Fangrui Song, Nicolas Schier, Kees Cook, Justin Stitt
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit e3a9ee963ad8ba677ca925149812c5932b49af69 upstream.
Commit 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF")
changed the ELF type of .btf.vmlinux.bin.o to ET_REL via dd, which works
fine for little endian platforms:
00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
-00000010 03 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................|
+00000010 01 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................|
However, for big endian platforms, it changes the wrong byte, resulting
in an invalid ELF file type, which ld.lld rejects:
00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............|
-00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................|
+00000010 01 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................|
Type: <unknown>: 103
ld.lld: error: .btf.vmlinux.bin.o: unknown file type
Fix this by updating the entire 16-bit e_type field rather than just a
single byte, so that everything works correctly for all platforms and
linkers.
00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............|
-00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................|
+00000010 00 01 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................|
Type: REL (Relocatable file)
While in the area, update the comment to mention that binutils 2.35+
matches LLD's behavior of rejecting an ET_EXEC input, which occurred
after the comment was added.
Cc: stable@vger.kernel.org
Fixes: 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF")
Link: https://github.com/llvm/llvm-project/pull/75643
Suggested-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Fangrui Song <maskray@google.com>
Reviewed-by: Nicolas Schier <nicolas@fjasle.eu>
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Justin Stitt <justinstitt@google.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/link-vmlinux.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
@@ -135,8 +135,13 @@ gen_btf()
${OBJCOPY} --only-section=.BTF --set-section-flags .BTF=alloc,readonly \
--strip-all ${1} ${2} 2>/dev/null
# Change e_type to ET_REL so that it can be used to link final vmlinux.
- # Unlike GNU ld, lld does not allow an ET_EXEC input.
- printf '\1' | dd of=${2} conv=notrunc bs=1 seek=16 status=none
+ # GNU ld 2.35+ and lld do not allow an ET_EXEC input.
+ if is_enabled CONFIG_CPU_BIG_ENDIAN; then
+ et_rel='\0\1'
+ else
+ et_rel='\1\0'
+ fi
+ printf "${et_rel}" | dd of=${2} conv=notrunc bs=1 seek=16 status=none
}
# Create ${2} .S file with all symbols from the ${1} object file
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 082/197] nfc: nci: free rx_data_reassembly skb on NCI device cleanup
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (80 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 081/197] kbuild: Fix changing ELF file type for output of gen_btf for big endian Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 083/197] net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Greg Kroah-Hartman
` (118 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+6b7c68d9c21e4ee4251b,
Fedor Pchelkin, David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c upstream.
rx_data_reassembly skb is stored during NCI data exchange for processing
fragmented packets. It is dropped only when the last fragment is processed
or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.
However, the NCI device may be deallocated before that which leads to skb
leak.
As by design the rx_data_reassembly skb is bound to the NCI device and
nothing prevents the device to be freed before the skb is processed in
some way and cleaned, free it on the NCI device cleanup.
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
Cc: stable@vger.kernel.org
Reported-by: syzbot+6b7c68d9c21e4ee4251b@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/lkml/000000000000f43987060043da7b@google.com/
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/nfc/nci/core.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -1207,6 +1207,10 @@ void nci_free_device(struct nci_dev *nde
{
nfc_free_device(ndev->nfc_dev);
nci_hci_deallocate(ndev);
+
+ /* drop partial rx data packet if present */
+ if (ndev->rx_data_reassembly)
+ kfree_skb(ndev->rx_data_reassembly);
kfree(ndev);
}
EXPORT_SYMBOL(nci_free_device);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 083/197] net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (81 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 082/197] nfc: nci: free rx_data_reassembly skb on NCI device cleanup Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 084/197] net: stmmac: do not clear TBS enable bit on link up/down Greg Kroah-Hartman
` (117 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+3ae0a3f42c84074b7c8e,
Nikita Zhandarovich, David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
commit 37e8c97e539015637cb920d3e6f1e404f707a06e upstream.
Syzkaller reported [1] hitting a warning after failing to allocate
resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will
not help much in this case, it might be prudent to switch to
netdev_warn_once(). At the very least it will suppress syzkaller
reports such as [1].
Just in case, use netdev_warn_once() in send_prp_supervision_frame()
for similar reasons.
[1]
HSR: Could not send supervision frame
WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
RIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294
...
Call Trace:
<IRQ>
hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382
call_timer_fn+0x193/0x590 kernel/time/timer.c:1700
expire_timers kernel/time/timer.c:1751 [inline]
__run_timers+0x764/0xb20 kernel/time/timer.c:2022
run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035
__do_softirq+0x21a/0x8de kernel/softirq.c:553
invoke_softirq kernel/softirq.c:427 [inline]
__irq_exit_rcu kernel/softirq.c:632 [inline]
irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644
sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076
</IRQ>
<TASK>
asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649
...
This issue is also found in older kernels (at least up to 5.10).
Cc: stable@vger.kernel.org
Reported-by: syzbot+3ae0a3f42c84074b7c8e@syzkaller.appspotmail.com
Fixes: 121c33b07b31 ("net: hsr: introduce common code for skb initialization")
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_device.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/hsr/hsr_device.c
+++ b/net/hsr/hsr_device.c
@@ -291,7 +291,7 @@ static void send_hsr_supervision_frame(s
skb = hsr_init_skb(master);
if (!skb) {
- WARN_ONCE(1, "HSR: Could not send supervision frame\n");
+ netdev_warn_once(master->dev, "HSR: Could not send supervision frame\n");
return;
}
@@ -338,7 +338,7 @@ static void send_prp_supervision_frame(s
skb = hsr_init_skb(master);
if (!skb) {
- WARN_ONCE(1, "PRP: Could not send supervision frame\n");
+ netdev_warn_once(master->dev, "PRP: Could not send supervision frame\n");
return;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 084/197] net: stmmac: do not clear TBS enable bit on link up/down
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (82 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 083/197] net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 085/197] xen-netback: properly sync TX responses Greg Kroah-Hartman
` (116 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Esben Haabendal, Paolo Abeni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Esben Haabendal <esben@geanix.com>
commit 4896bb7c0b31a0a3379b290ea7729900c59e0c69 upstream.
With the dma conf being reallocated on each call to stmmac_open(), any
information in there is lost, unless we specifically handle it.
The STMMAC_TBS_EN bit is set when adding an etf qdisc, and the etf qdisc
therefore would stop working when link was set down and then back up.
Fixes: ba39b344e924 ("net: ethernet: stmicro: stmmac: generate stmmac dma conf before open")
Cc: stable@vger.kernel.org
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
+++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
@@ -3826,6 +3826,9 @@ static int __stmmac_open(struct net_devi
priv->rx_copybreak = STMMAC_RX_COPYBREAK;
buf_sz = dma_conf->dma_buf_sz;
+ for (int i = 0; i < MTL_MAX_TX_QUEUES; i++)
+ if (priv->dma_conf.tx_queue[i].tbs & STMMAC_TBS_EN)
+ dma_conf->tx_queue[i].tbs = priv->dma_conf.tx_queue[i].tbs;
memcpy(&priv->dma_conf, dma_conf, sizeof(*dma_conf));
stmmac_reset_queues_param(priv);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 085/197] xen-netback: properly sync TX responses
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (83 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 084/197] net: stmmac: do not clear TBS enable bit on link up/down Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 086/197] modpost: propagate W=1 build option to modpost Greg Kroah-Hartman
` (115 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jan Beulich, Paul Durrant,
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jan Beulich <jbeulich@suse.com>
commit 7b55984c96ffe9e236eb9c82a2196e0b1f84990d upstream.
Invoking the make_tx_response() / push_tx_responses() pair with no lock
held would be acceptable only if all such invocations happened from the
same context (NAPI instance or dealloc thread). Since this isn't the
case, and since the interface "spec" also doesn't demand that multicast
operations may only be performed with no in-flight transmits,
MCAST_{ADD,DEL} processing also needs to acquire the response lock
around the invocations.
To prevent similar mistakes going forward, "downgrade" the present
functions to private helpers of just the two remaining ones using them
directly, with no forward declarations anymore. This involves renaming
what so far was make_tx_response(), for the new function of that name
to serve the new (wrapper) purpose.
While there,
- constify the txp parameters,
- correct xenvif_idx_release()'s status parameter's type,
- rename {,_}make_tx_response()'s status parameters for consistency with
xenvif_idx_release()'s.
Fixes: 210c34dcd8d9 ("xen-netback: add support for multicast control")
Cc: stable@vger.kernel.org
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Link: https://lore.kernel.org/r/980c6c3d-e10e-4459-8565-e8fbde122f00@suse.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/xen-netback/netback.c | 84 ++++++++++++++++++--------------------
1 file changed, 40 insertions(+), 44 deletions(-)
--- a/drivers/net/xen-netback/netback.c
+++ b/drivers/net/xen-netback/netback.c
@@ -104,13 +104,12 @@ bool provides_xdp_headroom = true;
module_param(provides_xdp_headroom, bool, 0644);
static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx,
- u8 status);
+ s8 status);
static void make_tx_response(struct xenvif_queue *queue,
- struct xen_netif_tx_request *txp,
+ const struct xen_netif_tx_request *txp,
unsigned int extra_count,
- s8 st);
-static void push_tx_responses(struct xenvif_queue *queue);
+ s8 status);
static void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx);
@@ -208,13 +207,9 @@ static void xenvif_tx_err(struct xenvif_
unsigned int extra_count, RING_IDX end)
{
RING_IDX cons = queue->tx.req_cons;
- unsigned long flags;
do {
- spin_lock_irqsave(&queue->response_lock, flags);
make_tx_response(queue, txp, extra_count, XEN_NETIF_RSP_ERROR);
- push_tx_responses(queue);
- spin_unlock_irqrestore(&queue->response_lock, flags);
if (cons == end)
break;
RING_COPY_REQUEST(&queue->tx, cons++, txp);
@@ -465,12 +460,7 @@ static void xenvif_get_requests(struct x
for (shinfo->nr_frags = 0; nr_slots > 0 && shinfo->nr_frags < MAX_SKB_FRAGS;
nr_slots--) {
if (unlikely(!txp->size)) {
- unsigned long flags;
-
- spin_lock_irqsave(&queue->response_lock, flags);
make_tx_response(queue, txp, 0, XEN_NETIF_RSP_OKAY);
- push_tx_responses(queue);
- spin_unlock_irqrestore(&queue->response_lock, flags);
++txp;
continue;
}
@@ -496,14 +486,8 @@ static void xenvif_get_requests(struct x
for (shinfo->nr_frags = 0; shinfo->nr_frags < nr_slots; ++txp) {
if (unlikely(!txp->size)) {
- unsigned long flags;
-
- spin_lock_irqsave(&queue->response_lock, flags);
make_tx_response(queue, txp, 0,
XEN_NETIF_RSP_OKAY);
- push_tx_responses(queue);
- spin_unlock_irqrestore(&queue->response_lock,
- flags);
continue;
}
@@ -997,7 +981,6 @@ static void xenvif_tx_build_gops(struct
(ret == 0) ?
XEN_NETIF_RSP_OKAY :
XEN_NETIF_RSP_ERROR);
- push_tx_responses(queue);
continue;
}
@@ -1009,7 +992,6 @@ static void xenvif_tx_build_gops(struct
make_tx_response(queue, &txreq, extra_count,
XEN_NETIF_RSP_OKAY);
- push_tx_responses(queue);
continue;
}
@@ -1444,8 +1426,35 @@ int xenvif_tx_action(struct xenvif_queue
return work_done;
}
+static void _make_tx_response(struct xenvif_queue *queue,
+ const struct xen_netif_tx_request *txp,
+ unsigned int extra_count,
+ s8 status)
+{
+ RING_IDX i = queue->tx.rsp_prod_pvt;
+ struct xen_netif_tx_response *resp;
+
+ resp = RING_GET_RESPONSE(&queue->tx, i);
+ resp->id = txp->id;
+ resp->status = status;
+
+ while (extra_count-- != 0)
+ RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL;
+
+ queue->tx.rsp_prod_pvt = ++i;
+}
+
+static void push_tx_responses(struct xenvif_queue *queue)
+{
+ int notify;
+
+ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify);
+ if (notify)
+ notify_remote_via_irq(queue->tx_irq);
+}
+
static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx,
- u8 status)
+ s8 status)
{
struct pending_tx_info *pending_tx_info;
pending_ring_idx_t index;
@@ -1455,8 +1464,8 @@ static void xenvif_idx_release(struct xe
spin_lock_irqsave(&queue->response_lock, flags);
- make_tx_response(queue, &pending_tx_info->req,
- pending_tx_info->extra_count, status);
+ _make_tx_response(queue, &pending_tx_info->req,
+ pending_tx_info->extra_count, status);
/* Release the pending index before pusing the Tx response so
* its available before a new Tx request is pushed by the
@@ -1470,32 +1479,19 @@ static void xenvif_idx_release(struct xe
spin_unlock_irqrestore(&queue->response_lock, flags);
}
-
static void make_tx_response(struct xenvif_queue *queue,
- struct xen_netif_tx_request *txp,
+ const struct xen_netif_tx_request *txp,
unsigned int extra_count,
- s8 st)
+ s8 status)
{
- RING_IDX i = queue->tx.rsp_prod_pvt;
- struct xen_netif_tx_response *resp;
-
- resp = RING_GET_RESPONSE(&queue->tx, i);
- resp->id = txp->id;
- resp->status = st;
-
- while (extra_count-- != 0)
- RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL;
+ unsigned long flags;
- queue->tx.rsp_prod_pvt = ++i;
-}
+ spin_lock_irqsave(&queue->response_lock, flags);
-static void push_tx_responses(struct xenvif_queue *queue)
-{
- int notify;
+ _make_tx_response(queue, txp, extra_count, status);
+ push_tx_responses(queue);
- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify);
- if (notify)
- notify_remote_via_irq(queue->tx_irq);
+ spin_unlock_irqrestore(&queue->response_lock, flags);
}
static void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 086/197] modpost: propagate W=1 build option to modpost
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (84 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 085/197] xen-netback: properly sync TX responses Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 087/197] modpost: Dont let "driver"s reference .exit.* Greg Kroah-Hartman
` (114 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Nick Desaulniers,
Nathan Chancellor
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
commit 20ff36856fe00879f82de71fe6f1482ca1b72334 upstream.
"No build warning" is a strong requirement these days, so you must fix
all issues before enabling a new warning flag.
We often add a new warning to W=1 first so that the kbuild test robot
blocks new breakages.
This commit allows modpost to show extra warnings only when W=1
(or KBUILD_EXTRA_WARN=1) is given.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Stable-dep-of: 846cfbeed09b ("um: Fix adding '-no-pie' for clang")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/Makefile.modpost | 1 +
scripts/mod/modpost.c | 7 ++++++-
2 files changed, 7 insertions(+), 1 deletion(-)
--- a/scripts/Makefile.modpost
+++ b/scripts/Makefile.modpost
@@ -44,6 +44,7 @@ modpost-args = \
$(if $(CONFIG_SECTION_MISMATCH_WARN_ONLY),,-E) \
$(if $(KBUILD_NSDEPS),-d $(MODULES_NSDEPS)) \
$(if $(CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS)$(KBUILD_NSDEPS),-N) \
+ $(if $(findstring 1, $(KBUILD_EXTRA_WARN)),-W) \
-o $@
# 'make -i -k' ignores compile errors, and builds as many modules as possible.
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -41,6 +41,8 @@ static bool allow_missing_ns_imports;
static bool error_occurred;
+static bool extra_warn;
+
/*
* Cut off the warnings when there are too many. This typically occurs when
* vmlinux is missing. ('make modules' without building vmlinux.)
@@ -2290,7 +2292,7 @@ int main(int argc, char **argv)
LIST_HEAD(dump_lists);
struct dump_list *dl, *dl2;
- while ((opt = getopt(argc, argv, "ei:mnT:o:awENd:")) != -1) {
+ while ((opt = getopt(argc, argv, "ei:mnT:o:aWwENd:")) != -1) {
switch (opt) {
case 'e':
external_module = true;
@@ -2315,6 +2317,9 @@ int main(int argc, char **argv)
case 'T':
files_source = optarg;
break;
+ case 'W':
+ extra_warn = true;
+ break;
case 'w':
warn_unresolved = true;
break;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 087/197] modpost: Dont let "driver"s reference .exit.*
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (85 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 086/197] modpost: propagate W=1 build option to modpost Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 088/197] linux/init: remove __memexit* annotations Greg Kroah-Hartman
` (113 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Uwe Kleine-König,
Masahiro Yamada, Nathan Chancellor
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: "Uwe Kleine-König" <u.kleine-koenig@pengutronix.de>
commit f177cd0c15fcc7bdbb68d8d1a3166dead95314c8 upstream.
Drivers must not reference functions marked with __exit as these likely
are not available when the code is built-in.
There are few creative offenders uncovered for example in ARCH=amd64
allmodconfig builds. So only trigger the section mismatch warning for
W=1 builds.
The dual rule that drivers must not reference .init.* is implemented
since commit 0db252452378 ("modpost: don't allow *driver to reference
.init.*") which however missed that .exit.* should be handled in the
same way.
Thanks to Masahiro Yamada and Arnd Bergmann who gave valuable hints to
find this improvement.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Stable-dep-of: 846cfbeed09b ("um: Fix adding '-no-pie' for clang")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/mod/modpost.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -1087,9 +1087,20 @@ static int secref_whitelist(const struct
"*_console")))
return 0;
- /* symbols in data sections that may refer to meminit/exit sections */
+ /* symbols in data sections that may refer to meminit sections */
if (match(fromsec, PATTERNS(DATA_SECTIONS)) &&
- match(tosec, PATTERNS(ALL_XXXINIT_SECTIONS, ALL_EXIT_SECTIONS)) &&
+ match(tosec, PATTERNS(ALL_XXXINIT_SECTIONS, ALL_XXXEXIT_SECTIONS)) &&
+ match(fromsym, PATTERNS("*driver")))
+ return 0;
+
+ /*
+ * symbols in data sections must not refer to .exit.*, but there are
+ * quite a few offenders, so hide these unless for W=1 builds until
+ * these are fixed.
+ */
+ if (!extra_warn &&
+ match(fromsec, PATTERNS(DATA_SECTIONS)) &&
+ match(tosec, PATTERNS(EXIT_SECTIONS)) &&
match(fromsym, PATTERNS("*driver")))
return 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 088/197] linux/init: remove __memexit* annotations
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (86 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 087/197] modpost: Dont let "driver"s reference .exit.* Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 089/197] modpost: Include .text.* in TEXT_SECTIONS Greg Kroah-Hartman
` (112 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masahiro Yamada, Arnd Bergmann,
Nathan Chancellor
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Masahiro Yamada <masahiroy@kernel.org>
commit 6a4e59eeedc3018cb57722eecfcbb49431aeb05f upstream.
We have never used __memexit, __memexitdata, or __memexitconst.
These were unneeded.
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
[nathan: Remove additional case of XXXEXIT_TO_SOME_EXIT due to lack of
78dac1a22944 in 6.1]
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Stable-dep-of: 846cfbeed09b ("um: Fix adding '-no-pie' for clang")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/asm-generic/vmlinux.lds.h | 6 ------
include/linux/init.h | 3 ---
scripts/mod/modpost.c | 16 +++-------------
3 files changed, 3 insertions(+), 22 deletions(-)
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
@@ -351,7 +351,6 @@
*(.ref.data) \
*(.data..shared_aligned) /* percpu related */ \
MEM_KEEP(init.data*) \
- MEM_KEEP(exit.data*) \
*(.data.unlikely) \
__start_once = .; \
*(.data.once) \
@@ -546,7 +545,6 @@
__init_rodata : AT(ADDR(__init_rodata) - LOAD_OFFSET) { \
*(.ref.rodata) \
MEM_KEEP(init.rodata) \
- MEM_KEEP(exit.rodata) \
} \
\
/* Built-in module parameters. */ \
@@ -601,7 +599,6 @@
*(.ref.text) \
*(.text.asan.* .text.tsan.*) \
MEM_KEEP(init.text*) \
- MEM_KEEP(exit.text*) \
/* sched.text is aling to function alignment to secure we have same
@@ -751,13 +748,10 @@
*(.exit.data .exit.data.*) \
*(.fini_array .fini_array.*) \
*(.dtors .dtors.*) \
- MEM_DISCARD(exit.data*) \
- MEM_DISCARD(exit.rodata*)
#define EXIT_TEXT \
*(.exit.text) \
*(.text.exit) \
- MEM_DISCARD(exit.text)
#define EXIT_CALL \
*(.exitcall.exit)
--- a/include/linux/init.h
+++ b/include/linux/init.h
@@ -87,9 +87,6 @@
__latent_entropy
#define __meminitdata __section(".meminit.data")
#define __meminitconst __section(".meminit.rodata")
-#define __memexit __section(".memexit.text") __exitused __cold notrace
-#define __memexitdata __section(".memexit.data")
-#define __memexitconst __section(".memexit.rodata")
/* For assembly routines */
#define __HEAD .section ".head.text","ax"
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -811,7 +811,7 @@ static void check_section(const char *mo
#define ALL_INIT_TEXT_SECTIONS \
".init.text", ".meminit.text"
#define ALL_EXIT_TEXT_SECTIONS \
- ".exit.text", ".memexit.text"
+ ".exit.text"
#define ALL_PCI_INIT_SECTIONS \
".pci_fixup_early", ".pci_fixup_header", ".pci_fixup_final", \
@@ -819,10 +819,9 @@ static void check_section(const char *mo
".pci_fixup_resume_early", ".pci_fixup_suspend"
#define ALL_XXXINIT_SECTIONS MEM_INIT_SECTIONS
-#define ALL_XXXEXIT_SECTIONS MEM_EXIT_SECTIONS
#define ALL_INIT_SECTIONS INIT_SECTIONS, ALL_XXXINIT_SECTIONS
-#define ALL_EXIT_SECTIONS EXIT_SECTIONS, ALL_XXXEXIT_SECTIONS
+#define ALL_EXIT_SECTIONS EXIT_SECTIONS
#define DATA_SECTIONS ".data", ".data.rel"
#define TEXT_SECTIONS ".text", ".text.unlikely", ".sched.text", \
@@ -835,7 +834,6 @@ static void check_section(const char *mo
#define MEM_INIT_SECTIONS ".meminit.*"
#define EXIT_SECTIONS ".exit.*"
-#define MEM_EXIT_SECTIONS ".memexit.*"
#define ALL_TEXT_SECTIONS ALL_INIT_TEXT_SECTIONS, ALL_EXIT_TEXT_SECTIONS, \
TEXT_SECTIONS, OTHER_TEXT_SECTIONS
@@ -864,7 +862,6 @@ enum mismatch {
TEXT_TO_ANY_EXIT,
DATA_TO_ANY_EXIT,
XXXINIT_TO_SOME_INIT,
- XXXEXIT_TO_SOME_EXIT,
ANY_INIT_TO_ANY_EXIT,
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
@@ -939,12 +936,6 @@ static const struct sectioncheck section
.bad_tosec = { INIT_SECTIONS, NULL },
.mismatch = XXXINIT_TO_SOME_INIT,
},
-/* Do not reference exit code/data from memexit code/data */
-{
- .fromsec = { ALL_XXXEXIT_SECTIONS, NULL },
- .bad_tosec = { EXIT_SECTIONS, NULL },
- .mismatch = XXXEXIT_TO_SOME_EXIT,
-},
/* Do not use exit code/data from init code */
{
.fromsec = { ALL_INIT_SECTIONS, NULL },
@@ -1089,7 +1080,7 @@ static int secref_whitelist(const struct
/* symbols in data sections that may refer to meminit sections */
if (match(fromsec, PATTERNS(DATA_SECTIONS)) &&
- match(tosec, PATTERNS(ALL_XXXINIT_SECTIONS, ALL_XXXEXIT_SECTIONS)) &&
+ match(tosec, PATTERNS(ALL_XXXINIT_SECTIONS)) &&
match(fromsym, PATTERNS("*driver")))
return 0;
@@ -1267,7 +1258,6 @@ static void report_sec_mismatch(const ch
case TEXT_TO_ANY_EXIT:
case DATA_TO_ANY_EXIT:
case XXXINIT_TO_SOME_INIT:
- case XXXEXIT_TO_SOME_EXIT:
case ANY_INIT_TO_ANY_EXIT:
case ANY_EXIT_TO_ANY_INIT:
warn("%s: section mismatch in reference: %s (section: %s) -> %s (section: %s)\n",
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 089/197] modpost: Include .text.* in TEXT_SECTIONS
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (87 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 088/197] linux/init: remove __memexit* annotations Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 090/197] um: Fix adding -no-pie for clang Greg Kroah-Hartman
` (111 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vincent Donnefort, Sami Tolvanen,
Nathan Chancellor, Masahiro Yamada, Alexander Lobakin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 19331e84c3873256537d446afec1f6c507f8c4ef upstream.
Commit 6c730bfc894f ("modpost: handle -ffunction-sections") added
".text.*" to the OTHER_TEXT_SECTIONS macro to fix certain section
mismatch warnings. Unfortunately, this makes it impossible for modpost
to warn about section mismatches with LTO, which implies
'-ffunction-sections', as all functions are put in their own
'.text.<func_name>' sections, which may still reference functions in
sections they are not supposed to, such as __init.
Fix this by moving ".text.*" into TEXT_SECTIONS, so that configurations
with '-ffunction-sections' will see warnings about mismatched sections.
Link: https://lore.kernel.org/Y39kI3MOtVI5BAnV@google.com/
Reported-by: Vincent Donnefort <vdonnefort@google.com>
Reviewed-and-tested-by: Alexander Lobakin <alexandr.lobakin@intel.com>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Stable-dep-of: 846cfbeed09b ("um: Fix adding '-no-pie' for clang")
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/mod/modpost.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -824,10 +824,10 @@ static void check_section(const char *mo
#define ALL_EXIT_SECTIONS EXIT_SECTIONS
#define DATA_SECTIONS ".data", ".data.rel"
-#define TEXT_SECTIONS ".text", ".text.unlikely", ".sched.text", \
+#define TEXT_SECTIONS ".text", ".text.*", ".sched.text", \
".kprobes.text", ".cpuidle.text", ".noinstr.text"
#define OTHER_TEXT_SECTIONS ".ref.text", ".head.text", ".spinlock.text", \
- ".fixup", ".entry.text", ".exception.text", ".text.*", \
+ ".fixup", ".entry.text", ".exception.text", \
".coldtext", ".softirqentry.text"
#define INIT_SECTIONS ".init.*"
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 090/197] um: Fix adding -no-pie for clang
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (88 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 089/197] modpost: Include .text.* in TEXT_SECTIONS Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 091/197] modpost: Add .ltext and .ltext.* to TEXT_SECTIONS Greg Kroah-Hartman
` (110 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Masahiro Yamada
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 846cfbeed09b45d985079a9173cf390cc053715b upstream.
The kernel builds with -fno-PIE, so commit 883354afbc10 ("um: link
vmlinux with -no-pie") added the compiler linker flag '-no-pie' via
cc-option because '-no-pie' was only supported in GCC 6.1.0 and newer.
While this works for GCC, this does not work for clang because cc-option
uses '-c', which stops the pipeline right before linking, so '-no-pie'
is unconsumed and clang warns, causing cc-option to fail just as it
would if the option was entirely unsupported:
$ clang -Werror -no-pie -c -o /dev/null -x c /dev/null
clang-16: error: argument unused during compilation: '-no-pie' [-Werror,-Wunused-command-line-argument]
A recent version of clang exposes this because it generates a relocation
under '-mcmodel=large' that is not supported in PIE mode:
/usr/sbin/ld: init/main.o: relocation R_X86_64_32 against symbol `saved_command_line' can not be used when making a PIE object; recompile with -fPIE
/usr/sbin/ld: failed to set dynamic section sizes: bad value
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Remove the cc-option check altogether. It is wasteful to invoke the
compiler to check for '-no-pie' because only one supported compiler
version does not support it, GCC 5.x (as it is supported with the
minimum version of clang and GCC 6.1.0+). Use a combination of the
gcc-min-version macro and CONFIG_CC_IS_CLANG to unconditionally add
'-no-pie' with CONFIG_LD_SCRIPT_DYN=y, so that it is enabled with all
compilers that support this. Furthermore, using gcc-min-version can help
turn this back into
LINK-$(CONFIG_LD_SCRIPT_DYN) += -no-pie
when the minimum version of GCC is bumped past 6.1.0.
Cc: stable@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issues/1982
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/um/Makefile | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/arch/um/Makefile
+++ b/arch/um/Makefile
@@ -118,7 +118,9 @@ archprepare:
$(Q)$(MAKE) $(build)=$(HOST_DIR)/um include/generated/user_constants.h
LINK-$(CONFIG_LD_SCRIPT_STATIC) += -static
-LINK-$(CONFIG_LD_SCRIPT_DYN) += $(call cc-option, -no-pie)
+ifdef CONFIG_LD_SCRIPT_DYN
+LINK-$(call gcc-min-version, 60100)$(CONFIG_CC_IS_CLANG) += -no-pie
+endif
LINK-$(CONFIG_LD_SCRIPT_DYN_RPATH) += -Wl,-rpath,/lib
CFLAGS_NO_HARDENING := $(call cc-option, -fno-PIC,) $(call cc-option, -fno-pic,) \
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 091/197] modpost: Add .ltext and .ltext.* to TEXT_SECTIONS
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (89 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 090/197] um: Fix adding -no-pie for clang Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 092/197] ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Greg Kroah-Hartman
` (109 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Masahiro Yamada
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit 397586506c3da005b9333ce5947ad01e8018a3be upstream.
After the linked LLVM change, building ARCH=um defconfig results in a
segmentation fault in modpost. Prior to commit a23e7584ecf3 ("modpost:
unify 'sym' and 'to' in default_mismatch_handler()"), there was a
warning:
WARNING: modpost: vmlinux.o(__ex_table+0x88): Section mismatch in reference to the .ltext:(unknown)
WARNING: modpost: The relocation at __ex_table+0x88 references
section ".ltext" which is not in the list of
authorized sections. If you're adding a new section
and/or if this reference is valid, add ".ltext" to the
list of authorized sections to jump to on fault.
This can be achieved by adding ".ltext" to
OTHER_TEXT_SECTIONS in scripts/mod/modpost.c.
The linked LLVM change moves global objects to the '.ltext' (and
'.ltext.*' with '-ffunction-sections') sections with '-mcmodel=large',
which ARCH=um uses. These sections should be handled just as '.text'
and '.text.*' are, so add them to TEXT_SECTIONS.
Cc: stable@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issues/1981
Link: https://github.com/llvm/llvm-project/commit/4bf8a688956a759b7b6b8d94f42d25c13c7af130
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
scripts/mod/modpost.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
@@ -825,7 +825,8 @@ static void check_section(const char *mo
#define DATA_SECTIONS ".data", ".data.rel"
#define TEXT_SECTIONS ".text", ".text.*", ".sched.text", \
- ".kprobes.text", ".cpuidle.text", ".noinstr.text"
+ ".kprobes.text", ".cpuidle.text", ".noinstr.text", \
+ ".ltext", ".ltext.*"
#define OTHER_TEXT_SECTIONS ".ref.text", ".head.text", ".spinlock.text", \
".fixup", ".entry.text", ".exception.text", \
".coldtext", ".softirqentry.text"
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 092/197] ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (90 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 091/197] modpost: Add .ltext and .ltext.* to TEXT_SECTIONS Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 093/197] ASoC: codecs: wcd938x: handle deferred probe Greg Kroah-Hartman
` (108 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Edson Juliano Drosdeck, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
commit c7de2d9bb68a5fc71c25ff96705a80a76c8436eb upstream.
Vaio VJFE-ADL is equipped with ALC269VC, and it needs
ALC298_FIXUP_SPK_VOLUME quirk to make its headset mic work.
Signed-off-by: Edson Juliano Drosdeck <edson.drosdeck@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240201122114.30080-1-edson.drosdeck@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -10053,6 +10053,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x1d72, 0x1945, "Redmi G", ALC256_FIXUP_ASUS_HEADSET_MIC),
SND_PCI_QUIRK(0x1d72, 0x1947, "RedmiBook Air", ALC255_FIXUP_XIAOMI_HEADSET_MIC),
SND_PCI_QUIRK(0x2782, 0x0232, "CHUWI CoreBook XPro", ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO),
+ SND_PCI_QUIRK(0x2782, 0x1707, "Vaio VJFE-ADL", ALC298_FIXUP_SPK_VOLUME),
SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC),
SND_PCI_QUIRK(0x8086, 0x2080, "Intel NUC 8 Rugged", ALC256_FIXUP_INTEL_NUC8_RUGGED),
SND_PCI_QUIRK(0x8086, 0x2081, "Intel NUC 10", ALC256_FIXUP_INTEL_NUC10),
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 093/197] ASoC: codecs: wcd938x: handle deferred probe
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (91 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 092/197] ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 094/197] ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Greg Kroah-Hartman
` (107 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Krzysztof Kozlowski, Mark Brown
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
commit 086df711d9b886194481b4fbe525eb43e9ae7403 upstream.
WCD938x sound codec driver ignores return status of getting regulators
and returns EINVAL instead of EPROBE_DEFER. If regulator provider
probes after the codec, system is left without probed audio:
wcd938x_codec audio-codec: wcd938x_probe: Fail to obtain platform data
wcd938x_codec: probe of audio-codec failed with error -22
Fixes: 16572522aece ("ASoC: codecs: wcd938x-sdw: add SoundWire driver")
Cc: <stable@vger.kernel.org>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://msgid.link/r/20240117151208.1219755-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/codecs/wcd938x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sound/soc/codecs/wcd938x.c
+++ b/sound/soc/codecs/wcd938x.c
@@ -3588,7 +3588,7 @@ static int wcd938x_probe(struct platform
ret = wcd938x_populate_dt_data(wcd938x, dev);
if (ret) {
dev_err(dev, "%s: Fail to obtain platform data\n", __func__);
- return -EINVAL;
+ return ret;
}
ret = wcd938x_add_slave_components(wcd938x, dev, &match);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 094/197] ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (92 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 093/197] ASoC: codecs: wcd938x: handle deferred probe Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 095/197] ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Greg Kroah-Hartman
` (106 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Vitaly Rodionov, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vitaly Rodionov <vitalyr@opensource.cirrus.com>
commit a2ed0a44d637ef9deca595054c206da7d6cbdcbc upstream.
Customer has reported an issue with specific desktop platform
where two CS42L42 codecs are connected to CS8409 HDA bridge.
If "Master Volume Control" is created then on Ubuntu OS UCM
left/right balance slider in UI audio settings has no effect.
This patch will fix this issue for a target paltform.
Fixes: 20e507724113 ("ALSA: hda/cs8409: Add support for dolphin")
Signed-off-by: Vitaly Rodionov <vitalyr@opensource.cirrus.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240122184710.5802-1-vitalyr@opensource.cirrus.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_cs8409.c | 1 +
1 file changed, 1 insertion(+)
--- a/sound/pci/hda/patch_cs8409.c
+++ b/sound/pci/hda/patch_cs8409.c
@@ -1371,6 +1371,7 @@ void dolphin_fixups(struct hda_codec *co
spec->scodecs[CS8409_CODEC1] = &dolphin_cs42l42_1;
spec->scodecs[CS8409_CODEC1]->codec = codec;
spec->num_scodecs = 2;
+ spec->gen.suppress_vmaster = 1;
codec->patch_ops = cs8409_dolphin_patch_ops;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 095/197] ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (93 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 094/197] ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 096/197] binder: signal epoll threads of self-work Greg Kroah-Hartman
` (105 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Andy Chi, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andy Chi <andy.chi@canonical.com>
commit 1513664f340289cf10402753110f3cff12a738aa upstream.
The HP ZBook Power using ALC236 codec which using 0x02 to
control mute LED and 0x01 to control micmute LED.
Therefore, add a quirk to make it works.
Signed-off-by: Andy Chi <andy.chi@canonical.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240122074826.1020964-1-andy.chi@canonical.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9726,6 +9726,8 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8c97, "HP ZBook", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
+ SND_PCI_QUIRK(0x103c, 0x8ca1, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8ca2, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8ca4, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8ca7, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8cf5, "HP ZBook Studio 16", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED),
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 096/197] binder: signal epoll threads of self-work
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (94 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 095/197] ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 097/197] misc: fastrpc: Mark all sessions as invalid in cb_remove Greg Kroah-Hartman
` (104 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Arve Hjønnevåg,
Martijn Coenen, Alice Ryhl, Steven Moreland, Carlos Llamas
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Carlos Llamas <cmllamas@google.com>
commit 97830f3c3088638ff90b20dfba2eb4d487bf14d7 upstream.
In (e)poll mode, threads often depend on I/O events to determine when
data is ready for consumption. Within binder, a thread may initiate a
command via BINDER_WRITE_READ without a read buffer and then make use
of epoll_wait() or similar to consume any responses afterwards.
It is then crucial that epoll threads are signaled via wakeup when they
queue their own work. Otherwise, they risk waiting indefinitely for an
event leaving their work unhandled. What is worse, subsequent commands
won't trigger a wakeup either as the thread has pending work.
Fixes: 457b9a6f09f0 ("Staging: android: add binder driver")
Cc: Arve Hjønnevåg <arve@android.com>
Cc: Martijn Coenen <maco@android.com>
Cc: Alice Ryhl <aliceryhl@google.com>
Cc: Steven Moreland <smoreland@google.com>
Cc: stable@vger.kernel.org # v4.19+
Signed-off-by: Carlos Llamas <cmllamas@google.com>
Link: https://lore.kernel.org/r/20240131215347.1808751-1-cmllamas@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/android/binder.c | 10 ++++++++++
1 file changed, 10 insertions(+)
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -477,6 +477,16 @@ binder_enqueue_thread_work_ilocked(struc
{
WARN_ON(!list_empty(&thread->waiting_thread_node));
binder_enqueue_work_ilocked(work, &thread->todo);
+
+ /* (e)poll-based threads require an explicit wakeup signal when
+ * queuing their own work; they rely on these events to consume
+ * messages without I/O block. Without it, threads risk waiting
+ * indefinitely without handling the work.
+ */
+ if (thread->looper & BINDER_LOOPER_STATE_POLL &&
+ thread->pid == current->pid && !thread->process_todo)
+ wake_up_interruptible_sync(&thread->wait);
+
thread->process_todo = true;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 097/197] misc: fastrpc: Mark all sessions as invalid in cb_remove
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (95 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 096/197] binder: signal epoll threads of self-work Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 098/197] ext4: fix double-free of blocks due to wrong extents moved_len Greg Kroah-Hartman
` (103 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, stable, Ekansh Gupta
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ekansh Gupta <quic_ekangupt@quicinc.com>
commit a4e61de63e34860c36a71d1a364edba16fb6203b upstream.
In remoteproc shutdown sequence, rpmsg_remove will get called which
would depopulate all the child nodes that have been created during
rpmsg_probe. This would result in cb_remove call for all the context
banks for the remoteproc. In cb_remove function, session 0 is
getting skipped which is not correct as session 0 will never become
available again. Add changes to mark session 0 also as invalid.
Fixes: f6f9279f2bf0 ("misc: fastrpc: Add Qualcomm fastrpc basic driver model")
Cc: stable <stable@kernel.org>
Signed-off-by: Ekansh Gupta <quic_ekangupt@quicinc.com>
Link: https://lore.kernel.org/r/20240108114833.20480-1-quic_ekangupt@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/misc/fastrpc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/misc/fastrpc.c
+++ b/drivers/misc/fastrpc.c
@@ -1990,7 +1990,7 @@ static int fastrpc_cb_remove(struct plat
int i;
spin_lock_irqsave(&cctx->lock, flags);
- for (i = 1; i < FASTRPC_MAX_SESSIONS; i++) {
+ for (i = 0; i < FASTRPC_MAX_SESSIONS; i++) {
if (cctx->session[i].sid == sess->sid) {
cctx->session[i].valid = false;
cctx->sesscount--;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 098/197] ext4: fix double-free of blocks due to wrong extents moved_len
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (96 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 097/197] misc: fastrpc: Mark all sessions as invalid in cb_remove Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 099/197] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Greg Kroah-Hartman
` (102 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Wei Chen, xingwei lee, Baokun Li,
Jan Kara, Theodore Tso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
commit 55583e899a5357308274601364741a83e78d6ac4 upstream.
In ext4_move_extents(), moved_len is only updated when all moves are
successfully executed, and only discards orig_inode and donor_inode
preallocations when moved_len is not zero. When the loop fails to exit
after successfully moving some extents, moved_len is not updated and
remains at 0, so it does not discard the preallocations.
If the moved extents overlap with the preallocated extents, the
overlapped extents are freed twice in ext4_mb_release_inode_pa() and
ext4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4:
Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is
incremented twice. Hence when trim is executed, a zero-division bug is
triggered in mb_update_avg_fragment_size() because bb_free is not zero
and bb_fragments is zero.
Therefore, update move_len after each extent move to avoid the issue.
Reported-by: Wei Chen <harperchen1110@gmail.com>
Reported-by: xingwei lee <xrivendell7@gmail.com>
Closes: https://lore.kernel.org/r/CAO4mrferzqBUnCag8R3m2zf897ts9UEuhjFQGPtODT92rYyR2Q@mail.gmail.com
Fixes: fcf6b1b729bc ("ext4: refactor ext4_move_extents code base")
CC: <stable@vger.kernel.org> # 3.18
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240104142040.2835097-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/move_extent.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
--- a/fs/ext4/move_extent.c
+++ b/fs/ext4/move_extent.c
@@ -621,6 +621,7 @@ ext4_move_extents(struct file *o_filp, s
goto out;
o_end = o_start + len;
+ *moved_len = 0;
while (o_start < o_end) {
struct ext4_extent *ex;
ext4_lblk_t cur_blk, next_blk;
@@ -675,7 +676,7 @@ ext4_move_extents(struct file *o_filp, s
*/
ext4_double_up_write_data_sem(orig_inode, donor_inode);
/* Swap original branches with new branches */
- move_extent_per_page(o_filp, donor_inode,
+ *moved_len += move_extent_per_page(o_filp, donor_inode,
orig_page_index, donor_page_index,
offset_in_page, cur_len,
unwritten, &ret);
@@ -685,9 +686,6 @@ ext4_move_extents(struct file *o_filp, s
o_start += cur_len;
d_start += cur_len;
}
- *moved_len = o_start - orig_blk;
- if (*moved_len > len)
- *moved_len = len;
out:
if (*moved_len) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 099/197] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (97 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 098/197] ext4: fix double-free of blocks due to wrong extents moved_len Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 100/197] tracing: Fix wasted memory in saved_cmdlines logic Greg Kroah-Hartman
` (101 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Baokun Li, Theodore Tso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Baokun Li <libaokun1@huawei.com>
commit 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 upstream.
After updating bb_free in mb_free_blocks, it is possible to return without
updating bb_fragments because the block being freed is found to have
already been freed, which leads to inconsistency between bb_free and
bb_fragments.
Since the group may be unlocked in ext4_grp_locked_error(), this can lead
to problems such as dividing by zero when calculating the average fragment
length. Hence move the update of bb_free to after the block double-free
check guarantees that the corresponding statistics are updated only after
the core block bitmap is modified.
Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit")
CC: <stable@vger.kernel.org> # 3.10
Suggested-by: Jan Kara <jack@suse.cz>
Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/mballoc.c | 39 +++++++++++++++++++++------------------
1 file changed, 21 insertions(+), 18 deletions(-)
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -1785,11 +1785,6 @@ static void mb_free_blocks(struct inode
mb_check_buddy(e4b);
mb_free_blocks_double(inode, e4b, first, count);
- this_cpu_inc(discard_pa_seq);
- e4b->bd_info->bb_free += count;
- if (first < e4b->bd_info->bb_first_free)
- e4b->bd_info->bb_first_free = first;
-
/* access memory sequentially: check left neighbour,
* clear range and then check right neighbour
*/
@@ -1803,23 +1798,31 @@ static void mb_free_blocks(struct inode
struct ext4_sb_info *sbi = EXT4_SB(sb);
ext4_fsblk_t blocknr;
+ /*
+ * Fastcommit replay can free already freed blocks which
+ * corrupts allocation info. Regenerate it.
+ */
+ if (sbi->s_mount_state & EXT4_FC_REPLAY) {
+ mb_regenerate_buddy(e4b);
+ goto check;
+ }
+
blocknr = ext4_group_first_block_no(sb, e4b->bd_group);
blocknr += EXT4_C2B(sbi, block);
- if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) {
- ext4_grp_locked_error(sb, e4b->bd_group,
- inode ? inode->i_ino : 0,
- blocknr,
- "freeing already freed block (bit %u); block bitmap corrupt.",
- block);
- ext4_mark_group_bitmap_corrupted(
- sb, e4b->bd_group,
+ ext4_grp_locked_error(sb, e4b->bd_group,
+ inode ? inode->i_ino : 0, blocknr,
+ "freeing already freed block (bit %u); block bitmap corrupt.",
+ block);
+ ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group,
EXT4_GROUP_INFO_BBITMAP_CORRUPT);
- } else {
- mb_regenerate_buddy(e4b);
- }
- goto done;
+ return;
}
+ this_cpu_inc(discard_pa_seq);
+ e4b->bd_info->bb_free += count;
+ if (first < e4b->bd_info->bb_first_free)
+ e4b->bd_info->bb_first_free = first;
+
/* let's maintain fragments counter */
if (left_is_free && right_is_free)
e4b->bd_info->bb_fragments--;
@@ -1844,9 +1847,9 @@ static void mb_free_blocks(struct inode
if (first <= last)
mb_buddy_mark_free(e4b, first >> 1, last >> 1);
-done:
mb_set_largest_free_order(sb, e4b->bd_info);
mb_update_avg_fragment_size(sb, e4b->bd_info);
+check:
mb_check_buddy(e4b);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 100/197] tracing: Fix wasted memory in saved_cmdlines logic
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (98 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 099/197] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Greg Kroah-Hartman
@ 2024-02-20 20:50 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 101/197] staging: iio: ad5933: fix type mismatch regression Greg Kroah-Hartman
` (100 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:50 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mathieu Desnoyers,
Vincent Donnefort, Sven Schnelle, Mete Durlu,
Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 44dc5c41b5b1267d4dd037d26afc0c4d3a568acb upstream.
While looking at improving the saved_cmdlines cache I found a huge amount
of wasted memory that should be used for the cmdlines.
The tracing data saves pids during the trace. At sched switch, if a trace
occurred, it will save the comm of the task that did the trace. This is
saved in a "cache" that maps pids to comms and exposed to user space via
the /sys/kernel/tracing/saved_cmdlines file. Currently it only caches by
default 128 comms.
The structure that uses this creates an array to store the pids using
PID_MAX_DEFAULT (which is usually set to 32768). This causes the structure
to be of the size of 131104 bytes on 64 bit machines.
In hex: 131104 = 0x20020, and since the kernel allocates generic memory in
powers of two, the kernel would allocate 0x40000 or 262144 bytes to store
this structure. That leaves 131040 bytes of wasted space.
Worse, the structure points to an allocated array to store the comm names,
which is 16 bytes times the amount of names to save (currently 128), which
is 2048 bytes. Instead of allocating a separate array, make the structure
end with a variable length string and use the extra space for that.
This is similar to a recommendation that Linus had made about eventfs_inode names:
https://lore.kernel.org/all/20240130190355.11486-5-torvalds@linux-foundation.org/
Instead of allocating a separate string array to hold the saved comms,
have the structure end with: char saved_cmdlines[]; and round up to the
next power of two over sizeof(struct saved_cmdline_buffers) + num_cmdlines * TASK_COMM_LEN
It will use this extra space for the saved_cmdline portion.
Now, instead of saving only 128 comms by default, by using this wasted
space at the end of the structure it can save over 8000 comms and even
saves space by removing the need for allocating the other array.
Link: https://lore.kernel.org/linux-trace-kernel/20240209063622.1f7b6d5f@rorschach.local.home
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Vincent Donnefort <vdonnefort@google.com>
Cc: Sven Schnelle <svens@linux.ibm.com>
Cc: Mete Durlu <meted@linux.ibm.com>
Fixes: 939c7a4f04fcd ("tracing: Introduce saved_cmdlines_size file")
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 75 +++++++++++++++++++++++++--------------------------
1 file changed, 37 insertions(+), 38 deletions(-)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -2249,7 +2249,7 @@ struct saved_cmdlines_buffer {
unsigned *map_cmdline_to_pid;
unsigned cmdline_num;
int cmdline_idx;
- char *saved_cmdlines;
+ char saved_cmdlines[];
};
static struct saved_cmdlines_buffer *savedcmd;
@@ -2263,47 +2263,58 @@ static inline void set_cmdline(int idx,
strncpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN);
}
-static int allocate_cmdlines_buffer(unsigned int val,
- struct saved_cmdlines_buffer *s)
+static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s)
{
+ int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN);
+
+ kfree(s->map_cmdline_to_pid);
+ free_pages((unsigned long)s, order);
+}
+
+static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val)
+{
+ struct saved_cmdlines_buffer *s;
+ struct page *page;
+ int orig_size, size;
+ int order;
+
+ /* Figure out how much is needed to hold the given number of cmdlines */
+ orig_size = sizeof(*s) + val * TASK_COMM_LEN;
+ order = get_order(orig_size);
+ size = 1 << (order + PAGE_SHIFT);
+ page = alloc_pages(GFP_KERNEL, order);
+ if (!page)
+ return NULL;
+
+ s = page_address(page);
+ memset(s, 0, sizeof(*s));
+
+ /* Round up to actual allocation */
+ val = (size - sizeof(*s)) / TASK_COMM_LEN;
+ s->cmdline_num = val;
+
s->map_cmdline_to_pid = kmalloc_array(val,
sizeof(*s->map_cmdline_to_pid),
GFP_KERNEL);
- if (!s->map_cmdline_to_pid)
- return -ENOMEM;
-
- s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL);
- if (!s->saved_cmdlines) {
- kfree(s->map_cmdline_to_pid);
- return -ENOMEM;
+ if (!s->map_cmdline_to_pid) {
+ free_saved_cmdlines_buffer(s);
+ return NULL;
}
s->cmdline_idx = 0;
- s->cmdline_num = val;
memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP,
sizeof(s->map_pid_to_cmdline));
memset(s->map_cmdline_to_pid, NO_CMDLINE_MAP,
val * sizeof(*s->map_cmdline_to_pid));
- return 0;
+ return s;
}
static int trace_create_savedcmd(void)
{
- int ret;
-
- savedcmd = kmalloc(sizeof(*savedcmd), GFP_KERNEL);
- if (!savedcmd)
- return -ENOMEM;
+ savedcmd = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT);
- ret = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT, savedcmd);
- if (ret < 0) {
- kfree(savedcmd);
- savedcmd = NULL;
- return -ENOMEM;
- }
-
- return 0;
+ return savedcmd ? 0 : -ENOMEM;
}
int is_tracing_stopped(void)
@@ -5972,26 +5983,14 @@ tracing_saved_cmdlines_size_read(struct
return simple_read_from_buffer(ubuf, cnt, ppos, buf, r);
}
-static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s)
-{
- kfree(s->saved_cmdlines);
- kfree(s->map_cmdline_to_pid);
- kfree(s);
-}
-
static int tracing_resize_saved_cmdlines(unsigned int val)
{
struct saved_cmdlines_buffer *s, *savedcmd_temp;
- s = kmalloc(sizeof(*s), GFP_KERNEL);
+ s = allocate_cmdlines_buffer(val);
if (!s)
return -ENOMEM;
- if (allocate_cmdlines_buffer(val, s) < 0) {
- kfree(s);
- return -ENOMEM;
- }
-
preempt_disable();
arch_spin_lock(&trace_cmdline_lock);
savedcmd_temp = savedcmd;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 101/197] staging: iio: ad5933: fix type mismatch regression
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (99 preceding siblings ...)
2024-02-20 20:50 ` [PATCH 6.1 100/197] tracing: Fix wasted memory in saved_cmdlines logic Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 102/197] iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Greg Kroah-Hartman
` (99 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Schiller, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Schiller <david.schiller@jku.at>
commit 6db053cd949fcd6254cea9f2cd5d39f7bd64379c upstream.
Commit 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse
warning") fixed a compiler warning, but introduced a bug that resulted
in one of the two 16 bit IIO channels always being zero (when both are
enabled).
This is because int is 32 bits wide on most architectures and in the
case of a little-endian machine the two most significant bytes would
occupy the buffer for the second channel as 'val' is being passed as a
void pointer to 'iio_push_to_buffers()'.
Fix by defining 'val' as u16. Tested working on ARM64.
Fixes: 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse warning")
Signed-off-by: David Schiller <david.schiller@jku.at>
Link: https://lore.kernel.org/r/20240122134916.2137957-1-david.schiller@jku.at
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/staging/iio/impedance-analyzer/ad5933.c
+++ b/drivers/staging/iio/impedance-analyzer/ad5933.c
@@ -608,7 +608,7 @@ static void ad5933_work(struct work_stru
struct ad5933_state, work.work);
struct iio_dev *indio_dev = i2c_get_clientdata(st->client);
__be16 buf[2];
- int val[2];
+ u16 val[2];
unsigned char status;
int ret;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 102/197] iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (100 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 101/197] staging: iio: ad5933: fix type mismatch regression Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 103/197] iio: core: fix memleak in iio_device_register_sysfs Greg Kroah-Hartman
` (98 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Zhouyi Zhou, zhili.liu, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: zhili.liu <zhili.liu@ucas.com.cn>
commit 792595bab4925aa06532a14dd256db523eb4fa5e upstream.
Recently, we encounter kernel crash in function rm3100_common_probe
caused by out of bound access of array rm3100_samp_rates (because of
underlying hardware failures). Add boundary check to prevent out of
bound access.
Fixes: 121354b2eceb ("iio: magnetometer: Add driver support for PNI RM3100")
Suggested-by: Zhouyi Zhou <zhouzhouyi@gmail.com>
Signed-off-by: zhili.liu <zhili.liu@ucas.com.cn>
Link: https://lore.kernel.org/r/1704157631-3814-1-git-send-email-zhouzhouyi@gmail.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/magnetometer/rm3100-core.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/iio/magnetometer/rm3100-core.c
+++ b/drivers/iio/magnetometer/rm3100-core.c
@@ -530,6 +530,7 @@ int rm3100_common_probe(struct device *d
struct rm3100_data *data;
unsigned int tmp;
int ret;
+ int samp_rate_index;
indio_dev = devm_iio_device_alloc(dev, sizeof(*data));
if (!indio_dev)
@@ -586,9 +587,14 @@ int rm3100_common_probe(struct device *d
ret = regmap_read(regmap, RM3100_REG_TMRC, &tmp);
if (ret < 0)
return ret;
+
+ samp_rate_index = tmp - RM3100_TMRC_OFFSET;
+ if (samp_rate_index < 0 || samp_rate_index >= RM3100_SAMP_NUM) {
+ dev_err(dev, "The value read from RM3100_REG_TMRC is invalid!\n");
+ return -EINVAL;
+ }
/* Initializing max wait time, which is double conversion time. */
- data->conversion_time = rm3100_samp_rates[tmp - RM3100_TMRC_OFFSET][2]
- * 2;
+ data->conversion_time = rm3100_samp_rates[samp_rate_index][2] * 2;
/* Cycle count values may not be what we want. */
if ((tmp - RM3100_TMRC_OFFSET) == 0)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 103/197] iio: core: fix memleak in iio_device_register_sysfs
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (101 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 102/197] iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 104/197] iio: commom: st_sensors: ensure proper DMA alignment Greg Kroah-Hartman
` (97 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Dinghao Liu, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Dinghao Liu <dinghao.liu@zju.edu.cn>
commit 95a0d596bbd0552a78e13ced43f2be1038883c81 upstream.
When iio_device_register_sysfs_group() fails, we should
free iio_dev_opaque->chan_attr_group.attrs to prevent
potential memleak.
Fixes: 32f171724e5c ("iio: core: rework iio device group creation")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Link: https://lore.kernel.org/r/20231208073119.29283-1-dinghao.liu@zju.edu.cn
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/industrialio-core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -1601,10 +1601,13 @@ static int iio_device_register_sysfs(str
ret = iio_device_register_sysfs_group(indio_dev,
&iio_dev_opaque->chan_attr_group);
if (ret)
- goto error_clear_attrs;
+ goto error_free_chan_attrs;
return 0;
+error_free_chan_attrs:
+ kfree(iio_dev_opaque->chan_attr_group.attrs);
+ iio_dev_opaque->chan_attr_group.attrs = NULL;
error_clear_attrs:
iio_free_chan_devattr_list(&iio_dev_opaque->channel_attr_list);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 104/197] iio: commom: st_sensors: ensure proper DMA alignment
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (102 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 103/197] iio: core: fix memleak in iio_device_register_sysfs Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 105/197] iio: accel: bma400: Fix a compilation problem Greg Kroah-Hartman
` (96 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nuno Sa, Stable, Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
commit 862cf85fef85becc55a173387527adb4f076fab0 upstream.
Aligning the buffer to the L1 cache is not sufficient in some platforms
as they might have larger cacheline sizes for caches after L1 and thus,
we can't guarantee DMA safety.
That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same
for st_sensors common buffer.
While at it, moved the odr_lock before buffer_data as we definitely
don't want any other data to share a cacheline with the buffer.
[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/
Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable")
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@analog.com
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/iio/common/st_sensors.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/include/linux/iio/common/st_sensors.h
+++ b/include/linux/iio/common/st_sensors.h
@@ -261,9 +261,9 @@ struct st_sensor_data {
bool hw_irq_trigger;
s64 hw_timestamp;
- char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned;
-
struct mutex odr_lock;
+
+ char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN);
};
#ifdef CONFIG_IIO_BUFFER
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 105/197] iio: accel: bma400: Fix a compilation problem
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (103 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 104/197] iio: commom: st_sensors: ensure proper DMA alignment Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 106/197] iio: adc: ad_sigma_delta: ensure proper DMA alignment Greg Kroah-Hartman
` (95 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 4cb81840d8f29b66d9d05c6d7f360c9560f7e2f4 upstream.
The kernel fails when compiling without `CONFIG_REGMAP_I2C` but with
`CONFIG_BMA400`.
```
ld: drivers/iio/accel/bma400_i2c.o: in function `bma400_i2c_probe':
bma400_i2c.c:(.text+0x23): undefined reference to `__devm_regmap_init_i2c'
```
Link: https://download.01.org/0day-ci/archive/20240131/202401311634.FE5CBVwe-lkp@intel.com/config
Fixes: 465c811f1f20 ("iio: accel: Add driver for the BMA400")
Fixes: 9bea10642396 ("iio: accel: bma400: add support for bma400 spi")
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20240131225246.14169-1-mario.limonciello@amd.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/accel/Kconfig | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/iio/accel/Kconfig
+++ b/drivers/iio/accel/Kconfig
@@ -219,10 +219,12 @@ config BMA400
config BMA400_I2C
tristate
+ select REGMAP_I2C
depends on BMA400
config BMA400_SPI
tristate
+ select REGMAP_SPI
depends on BMA400
config BMC150_ACCEL
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 106/197] iio: adc: ad_sigma_delta: ensure proper DMA alignment
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (104 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 105/197] iio: accel: bma400: Fix a compilation problem Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 107/197] iio: imu: adis: " Greg Kroah-Hartman
` (94 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nuno Sa, Stable, Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
commit 59598510be1d49e1cff7fd7593293bb8e1b2398b upstream.
Aligning the buffer to the L1 cache is not sufficient in some platforms
as they might have larger cacheline sizes for caches after L1 and thus,
we can't guarantee DMA safety.
That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same
for the sigma_delta ADCs.
[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/
Fixes: 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack")
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20240117-dev_sigma_delta_no_irq_flags-v1-1-db39261592cf@analog.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/iio/adc/ad_sigma_delta.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/include/linux/iio/adc/ad_sigma_delta.h
+++ b/include/linux/iio/adc/ad_sigma_delta.h
@@ -8,6 +8,8 @@
#ifndef __AD_SIGMA_DELTA_H__
#define __AD_SIGMA_DELTA_H__
+#include <linux/iio/iio.h>
+
enum ad_sigma_delta_mode {
AD_SD_MODE_CONTINUOUS = 0,
AD_SD_MODE_SINGLE = 1,
@@ -99,7 +101,7 @@ struct ad_sigma_delta {
* 'rx_buf' is up to 32 bits per sample + 64 bit timestamp,
* rounded to 16 bytes to take into account padding.
*/
- uint8_t tx_buf[4] ____cacheline_aligned;
+ uint8_t tx_buf[4] __aligned(IIO_DMA_MINALIGN);
uint8_t rx_buf[16] __aligned(8);
};
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 107/197] iio: imu: adis: ensure proper DMA alignment
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (105 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 106/197] iio: adc: ad_sigma_delta: ensure proper DMA alignment Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 108/197] iio: imu: bno055: serdev requires REGMAP Greg Kroah-Hartman
` (93 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nuno Sa, Stable, Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
commit 8e98b87f515d8c4bae521048a037b2cc431c3fd5 upstream.
Aligning the buffer to the L1 cache is not sufficient in some platforms
as they might have larger cacheline sizes for caches after L1 and thus,
we can't guarantee DMA safety.
That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same
for the sigma_delta ADCs.
[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/
Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library")
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/iio/imu/adis.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/linux/iio/imu/adis.h
+++ b/include/linux/iio/imu/adis.h
@@ -11,6 +11,7 @@
#include <linux/spi/spi.h>
#include <linux/interrupt.h>
+#include <linux/iio/iio.h>
#include <linux/iio/types.h>
#define ADIS_WRITE_REG(reg) ((0x80 | (reg)))
@@ -131,7 +132,7 @@ struct adis {
unsigned long irq_flag;
void *buffer;
- u8 tx[10] ____cacheline_aligned;
+ u8 tx[10] __aligned(IIO_DMA_MINALIGN);
u8 rx[4];
};
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 108/197] iio: imu: bno055: serdev requires REGMAP
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (106 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 107/197] iio: imu: adis: " Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 109/197] media: rc: bpf attach/detach requires write permission Greg Kroah-Hartman
` (92 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Randy Dunlap, Andrea Merello,
Jonathan Cameron, Lars-Peter Clausen, linux-iio, Stable,
Jonathan Cameron
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Randy Dunlap <rdunlap@infradead.org>
commit 35ec2d03b282a939949090bd8c39eb37a5856721 upstream.
There are a ton of build errors when REGMAP is not set, so select
REGMAP to fix all of them.
Examples (not all of them):
../drivers/iio/imu/bno055/bno055_ser_core.c:495:15: error: variable 'bno055_ser_regmap_bus' has initializer but incomplete type
495 | static struct regmap_bus bno055_ser_regmap_bus = {
../drivers/iio/imu/bno055/bno055_ser_core.c:496:10: error: 'struct regmap_bus' has no member named 'write'
496 | .write = bno055_ser_write_reg,
../drivers/iio/imu/bno055/bno055_ser_core.c:497:10: error: 'struct regmap_bus' has no member named 'read'
497 | .read = bno055_ser_read_reg,
../drivers/iio/imu/bno055/bno055_ser_core.c: In function 'bno055_ser_probe':
../drivers/iio/imu/bno055/bno055_ser_core.c:532:18: error: implicit declaration of function 'devm_regmap_init'; did you mean 'vmem_map_init'? [-Werror=implicit-function-declaration]
532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus,
../drivers/iio/imu/bno055/bno055_ser_core.c:532:16: warning: assignment to 'struct regmap *' from 'int' makes pointer from integer without a cast [-Wint-conversion]
532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus,
../drivers/iio/imu/bno055/bno055_ser_core.c: At top level:
../drivers/iio/imu/bno055/bno055_ser_core.c:495:26: error: storage size of 'bno055_ser_regmap_bus' isn't known
495 | static struct regmap_bus bno055_ser_regmap_bus = {
Fixes: 2eef5a9cc643 ("iio: imu: add BNO055 serdev driver")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Andrea Merello <andrea.merello@iit.it>
Cc: Jonathan Cameron <jic23@kernel.org>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: linux-iio@vger.kernel.org
Cc: <Stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240110185611.19723-1-rdunlap@infradead.org
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/iio/imu/bno055/Kconfig | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/iio/imu/bno055/Kconfig b/drivers/iio/imu/bno055/Kconfig
index 83e53acfbe88..c7f5866a177d 100644
--- a/drivers/iio/imu/bno055/Kconfig
+++ b/drivers/iio/imu/bno055/Kconfig
@@ -8,6 +8,7 @@ config BOSCH_BNO055
config BOSCH_BNO055_SERIAL
tristate "Bosch BNO055 attached via UART"
depends on SERIAL_DEV_BUS
+ select REGMAP
select BOSCH_BNO055
help
Enable this to support Bosch BNO055 IMUs attached via UART.
--
2.43.2
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 109/197] media: rc: bpf attach/detach requires write permission
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (107 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 108/197] iio: imu: bno055: serdev requires REGMAP Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 110/197] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Greg Kroah-Hartman
` (91 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sean Young, Mauro Carvalho Chehab
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sean Young <sean@mess.org>
commit 6a9d552483d50953320b9d3b57abdee8d436f23f upstream.
Note that bpf attach/detach also requires CAP_NET_ADMIN.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/media/rc/bpf-lirc.c | 6 +++---
drivers/media/rc/lirc_dev.c | 5 ++++-
drivers/media/rc/rc-core-priv.h | 2 +-
3 files changed, 8 insertions(+), 5 deletions(-)
--- a/drivers/media/rc/bpf-lirc.c
+++ b/drivers/media/rc/bpf-lirc.c
@@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_att
if (attr->attach_flags)
return -EINVAL;
- rcdev = rc_dev_get_from_fd(attr->target_fd);
+ rcdev = rc_dev_get_from_fd(attr->target_fd, true);
if (IS_ERR(rcdev))
return PTR_ERR(rcdev);
@@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_att
if (IS_ERR(prog))
return PTR_ERR(prog);
- rcdev = rc_dev_get_from_fd(attr->target_fd);
+ rcdev = rc_dev_get_from_fd(attr->target_fd, true);
if (IS_ERR(rcdev)) {
bpf_prog_put(prog);
return PTR_ERR(rcdev);
@@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr
if (attr->query.query_flags)
return -EINVAL;
- rcdev = rc_dev_get_from_fd(attr->query.target_fd);
+ rcdev = rc_dev_get_from_fd(attr->query.target_fd, false);
if (IS_ERR(rcdev))
return PTR_ERR(rcdev);
--- a/drivers/media/rc/lirc_dev.c
+++ b/drivers/media/rc/lirc_dev.c
@@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void)
unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX);
}
-struct rc_dev *rc_dev_get_from_fd(int fd)
+struct rc_dev *rc_dev_get_from_fd(int fd, bool write)
{
struct fd f = fdget(fd);
struct lirc_fh *fh;
@@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd
return ERR_PTR(-EINVAL);
}
+ if (write && !(f.file->f_mode & FMODE_WRITE))
+ return ERR_PTR(-EPERM);
+
fh = f.file->private_data;
dev = fh->rc;
--- a/drivers/media/rc/rc-core-priv.h
+++ b/drivers/media/rc/rc-core-priv.h
@@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev,
void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc);
int lirc_register(struct rc_dev *dev);
void lirc_unregister(struct rc_dev *dev);
-struct rc_dev *rc_dev_get_from_fd(int fd);
+struct rc_dev *rc_dev_get_from_fd(int fd, bool write);
#else
static inline int lirc_dev_init(void) { return 0; }
static inline void lirc_dev_exit(void) {}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 110/197] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (108 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 109/197] media: rc: bpf attach/detach requires write permission Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 111/197] xfrm: Remove inner/outer modes from output path Greg Kroah-Hartman
` (90 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Fedor Pchelkin, Namjae Jeon,
Steve French
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fedor Pchelkin <pchelkin@ispras.ru>
commit 108a020c64434fed4b69762879d78cd24088b4c7 upstream.
ksmbd_iov_pin_rsp_read() doesn't free the provided aux buffer if it
fails. Seems to be the caller's responsibility to clear the buffer in
error case.
Found by Linux Verification Center (linuxtesting.org).
Fixes: e2b76ab8b5c9 ("ksmbd: add support for read compound")
Cc: stable@vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
Acked-by: Namjae Jeon <linkinjeon@kernel.org>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/server/smb2pdu.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/fs/smb/server/smb2pdu.c
+++ b/fs/smb/server/smb2pdu.c
@@ -6171,8 +6171,10 @@ static noinline int smb2_read_pipe(struc
err = ksmbd_iov_pin_rsp_read(work, (void *)rsp,
offsetof(struct smb2_read_rsp, Buffer),
aux_payload_buf, nbytes);
- if (err)
+ if (err) {
+ kvfree(aux_payload_buf);
goto out;
+ }
kvfree(rpc_resp);
} else {
err = ksmbd_iov_pin_rsp(work, (void *)rsp,
@@ -6382,8 +6384,10 @@ int smb2_read(struct ksmbd_work *work)
err = ksmbd_iov_pin_rsp_read(work, (void *)rsp,
offsetof(struct smb2_read_rsp, Buffer),
aux_payload_buf, nbytes);
- if (err)
+ if (err) {
+ kvfree(aux_payload_buf);
goto out;
+ }
ksmbd_fd_put(work, fp);
return 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 111/197] xfrm: Remove inner/outer modes from output path
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (109 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 110/197] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 112/197] xfrm: Remove inner/outer modes from input path Greg Kroah-Hartman
` (89 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Herbert Xu, Steffen Klassert,
Sri Sakthi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit f4796398f21b9844017a2dac883b1dd6ad6edd60 upstream.
The inner/outer modes were added to abstract out common code that
were once duplicated between IPv4 and IPv6. As time went on the
abstractions have been removed and we are now left with empty
shells that only contain duplicate information. These can be
removed one-by-one as the same information is already present
elsewhere in the xfrm_state object.
Just like the input-side, removing this from the output code
makes it possible to use transport-mode SAs underneath an
inter-family tunnel mode SA.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Sri Sakthi <srisakthi.s@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_output.c | 33 +++++++++++----------------------
1 file changed, 11 insertions(+), 22 deletions(-)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -414,7 +414,7 @@ static int xfrm4_prepare_output(struct x
IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
skb->protocol = htons(ETH_P_IP);
- switch (x->outer_mode.encap) {
+ switch (x->props.mode) {
case XFRM_MODE_BEET:
return xfrm4_beet_encap_add(x, skb);
case XFRM_MODE_TUNNEL:
@@ -437,7 +437,7 @@ static int xfrm6_prepare_output(struct x
skb->ignore_df = 1;
skb->protocol = htons(ETH_P_IPV6);
- switch (x->outer_mode.encap) {
+ switch (x->props.mode) {
case XFRM_MODE_BEET:
return xfrm6_beet_encap_add(x, skb);
case XFRM_MODE_TUNNEL:
@@ -453,22 +453,22 @@ static int xfrm6_prepare_output(struct x
static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)
{
- switch (x->outer_mode.encap) {
+ switch (x->props.mode) {
case XFRM_MODE_BEET:
case XFRM_MODE_TUNNEL:
- if (x->outer_mode.family == AF_INET)
+ if (x->props.family == AF_INET)
return xfrm4_prepare_output(x, skb);
- if (x->outer_mode.family == AF_INET6)
+ if (x->props.family == AF_INET6)
return xfrm6_prepare_output(x, skb);
break;
case XFRM_MODE_TRANSPORT:
- if (x->outer_mode.family == AF_INET)
+ if (x->props.family == AF_INET)
return xfrm4_transport_output(x, skb);
- if (x->outer_mode.family == AF_INET6)
+ if (x->props.family == AF_INET6)
return xfrm6_transport_output(x, skb);
break;
case XFRM_MODE_ROUTEOPTIMIZATION:
- if (x->outer_mode.family == AF_INET6)
+ if (x->props.family == AF_INET6)
return xfrm6_ro_output(x, skb);
WARN_ON_ONCE(1);
break;
@@ -866,21 +866,10 @@ static int xfrm6_extract_output(struct x
static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
{
- const struct xfrm_mode *inner_mode;
-
- if (x->sel.family == AF_UNSPEC)
- inner_mode = xfrm_ip2inner_mode(x,
- xfrm_af2proto(skb_dst(skb)->ops->family));
- else
- inner_mode = &x->inner_mode;
-
- if (inner_mode == NULL)
- return -EAFNOSUPPORT;
-
- switch (inner_mode->family) {
- case AF_INET:
+ switch (skb->protocol) {
+ case htons(ETH_P_IP):
return xfrm4_extract_output(x, skb);
- case AF_INET6:
+ case htons(ETH_P_IPV6):
return xfrm6_extract_output(x, skb);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 112/197] xfrm: Remove inner/outer modes from input path
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (110 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 111/197] xfrm: Remove inner/outer modes from output path Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 113/197] drm/msm: Wire up tlb ops Greg Kroah-Hartman
` (88 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Herbert Xu, Steffen Klassert,
Sri Sakthi
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 5f24f41e8ea62a6a9095f9bbafb8b3aebe265c68 upstream.
The inner/outer modes were added to abstract out common code that
were once duplicated between IPv4 and IPv6. As time went on the
abstractions have been removed and we are now left with empty
shells that only contain duplicate information. These can be
removed one-by-one as the same information is already present
elsewhere in the xfrm_state object.
Removing them from the input path actually allows certain valid
combinations that are currently disallowed. In particular, when
a transport mode SA sits beneath a tunnel mode SA that changes
address families, at present the transport mode SA cannot have
AF_UNSPEC as its selector because it will be erroneously be treated
as inter-family itself even though it simply sits beneath one.
This is a serious problem because you can't set the selector to
non-AF_UNSPEC either as that will cause the selector match to
fail as we always match selectors to the inner-most traffic.
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Sri Sakthi <srisakthi.s@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_input.c | 66 +++++++++++++++++---------------------------------
1 file changed, 23 insertions(+), 43 deletions(-)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -232,9 +232,6 @@ static int xfrm4_remove_tunnel_encap(str
{
int err = -EINVAL;
- if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
- goto out;
-
if (!pskb_may_pull(skb, sizeof(struct iphdr)))
goto out;
@@ -270,8 +267,6 @@ static int xfrm6_remove_tunnel_encap(str
{
int err = -EINVAL;
- if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
- goto out;
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
goto out;
@@ -332,22 +327,26 @@ out:
*/
static int
xfrm_inner_mode_encap_remove(struct xfrm_state *x,
- const struct xfrm_mode *inner_mode,
struct sk_buff *skb)
{
- switch (inner_mode->encap) {
+ switch (x->props.mode) {
case XFRM_MODE_BEET:
- if (inner_mode->family == AF_INET)
+ switch (XFRM_MODE_SKB_CB(skb)->protocol) {
+ case IPPROTO_IPIP:
+ case IPPROTO_BEETPH:
return xfrm4_remove_beet_encap(x, skb);
- if (inner_mode->family == AF_INET6)
+ case IPPROTO_IPV6:
return xfrm6_remove_beet_encap(x, skb);
+ }
break;
case XFRM_MODE_TUNNEL:
- if (inner_mode->family == AF_INET)
+ switch (XFRM_MODE_SKB_CB(skb)->protocol) {
+ case IPPROTO_IPIP:
return xfrm4_remove_tunnel_encap(x, skb);
- if (inner_mode->family == AF_INET6)
+ case IPPROTO_IPV6:
return xfrm6_remove_tunnel_encap(x, skb);
break;
+ }
}
WARN_ON_ONCE(1);
@@ -356,9 +355,7 @@ xfrm_inner_mode_encap_remove(struct xfrm
static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
{
- const struct xfrm_mode *inner_mode = &x->inner_mode;
-
- switch (x->outer_mode.family) {
+ switch (x->props.family) {
case AF_INET:
xfrm4_extract_header(skb);
break;
@@ -370,17 +367,12 @@ static int xfrm_prepare_input(struct xfr
return -EAFNOSUPPORT;
}
- if (x->sel.family == AF_UNSPEC) {
- inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
- if (!inner_mode)
- return -EAFNOSUPPORT;
- }
-
- switch (inner_mode->family) {
- case AF_INET:
+ switch (XFRM_MODE_SKB_CB(skb)->protocol) {
+ case IPPROTO_IPIP:
+ case IPPROTO_BEETPH:
skb->protocol = htons(ETH_P_IP);
break;
- case AF_INET6:
+ case IPPROTO_IPV6:
skb->protocol = htons(ETH_P_IPV6);
break;
default:
@@ -388,7 +380,7 @@ static int xfrm_prepare_input(struct xfr
break;
}
- return xfrm_inner_mode_encap_remove(x, inner_mode, skb);
+ return xfrm_inner_mode_encap_remove(x, skb);
}
/* Remove encapsulation header.
@@ -434,17 +426,16 @@ static int xfrm6_transport_input(struct
}
static int xfrm_inner_mode_input(struct xfrm_state *x,
- const struct xfrm_mode *inner_mode,
struct sk_buff *skb)
{
- switch (inner_mode->encap) {
+ switch (x->props.mode) {
case XFRM_MODE_BEET:
case XFRM_MODE_TUNNEL:
return xfrm_prepare_input(x, skb);
case XFRM_MODE_TRANSPORT:
- if (inner_mode->family == AF_INET)
+ if (x->props.family == AF_INET)
return xfrm4_transport_input(x, skb);
- if (inner_mode->family == AF_INET6)
+ if (x->props.family == AF_INET6)
return xfrm6_transport_input(x, skb);
break;
case XFRM_MODE_ROUTEOPTIMIZATION:
@@ -462,7 +453,6 @@ int xfrm_input(struct sk_buff *skb, int
{
const struct xfrm_state_afinfo *afinfo;
struct net *net = dev_net(skb->dev);
- const struct xfrm_mode *inner_mode;
int err;
__be32 seq;
__be32 seq_hi;
@@ -492,7 +482,7 @@ int xfrm_input(struct sk_buff *skb, int
goto drop;
}
- family = x->outer_mode.family;
+ family = x->props.family;
/* An encap_type of -1 indicates async resumption. */
if (encap_type == -1) {
@@ -676,17 +666,7 @@ resume:
XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
- inner_mode = &x->inner_mode;
-
- if (x->sel.family == AF_UNSPEC) {
- inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
- if (inner_mode == NULL) {
- XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
- goto drop;
- }
- }
-
- if (xfrm_inner_mode_input(x, inner_mode, skb)) {
+ if (xfrm_inner_mode_input(x, skb)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
goto drop;
}
@@ -701,7 +681,7 @@ resume:
* transport mode so the outer address is identical.
*/
daddr = &x->id.daddr;
- family = x->outer_mode.family;
+ family = x->props.family;
err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
if (err < 0) {
@@ -732,7 +712,7 @@ resume:
err = -EAFNOSUPPORT;
rcu_read_lock();
- afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);
+ afinfo = xfrm_state_afinfo_get_rcu(x->props.family);
if (likely(afinfo))
err = afinfo->transport_finish(skb, xfrm_gro || async);
rcu_read_unlock();
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 113/197] drm/msm: Wire up tlb ops
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (111 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 112/197] xfrm: Remove inner/outer modes from input path Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 114/197] drm/prime: Support page array >= 4GB Greg Kroah-Hartman
` (87 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Robin Murphy, Rob Clark
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rob Clark <robdclark@chromium.org>
commit 8c7bfd8262319fd3f127a5380f593ea76f1b88a2 upstream.
The brute force iommu_flush_iotlb_all() was good enough for unmap, but
in some cases a map operation could require removing a table pte entry
to replace with a block entry. This also requires tlb invalidation.
Missing this was resulting an obscure iova fault on what should be a
valid buffer address.
Thanks to Robin Murphy for helping me understand the cause of the fault.
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: stable@vger.kernel.org
Fixes: b145c6e65eb0 ("drm/msm: Add support to create a local pagetable")
Signed-off-by: Rob Clark <robdclark@chromium.org>
Patchwork: https://patchwork.freedesktop.org/patch/578117/
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/msm/msm_iommu.c | 32 +++++++++++++++++++++++++++++---
1 file changed, 29 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/msm/msm_iommu.c
+++ b/drivers/gpu/drm/msm/msm_iommu.c
@@ -21,6 +21,8 @@ struct msm_iommu_pagetable {
struct msm_mmu base;
struct msm_mmu *parent;
struct io_pgtable_ops *pgtbl_ops;
+ const struct iommu_flush_ops *tlb;
+ struct device *iommu_dev;
unsigned long pgsize_bitmap; /* Bitmap of page sizes in use */
phys_addr_t ttbr;
u32 asid;
@@ -194,11 +196,33 @@ static const struct msm_mmu_funcs pageta
static void msm_iommu_tlb_flush_all(void *cookie)
{
+ struct msm_iommu_pagetable *pagetable = cookie;
+ struct adreno_smmu_priv *adreno_smmu;
+
+ if (!pm_runtime_get_if_in_use(pagetable->iommu_dev))
+ return;
+
+ adreno_smmu = dev_get_drvdata(pagetable->parent->dev);
+
+ pagetable->tlb->tlb_flush_all((void *)adreno_smmu->cookie);
+
+ pm_runtime_put_autosuspend(pagetable->iommu_dev);
}
static void msm_iommu_tlb_flush_walk(unsigned long iova, size_t size,
size_t granule, void *cookie)
{
+ struct msm_iommu_pagetable *pagetable = cookie;
+ struct adreno_smmu_priv *adreno_smmu;
+
+ if (!pm_runtime_get_if_in_use(pagetable->iommu_dev))
+ return;
+
+ adreno_smmu = dev_get_drvdata(pagetable->parent->dev);
+
+ pagetable->tlb->tlb_flush_walk(iova, size, granule, (void *)adreno_smmu->cookie);
+
+ pm_runtime_put_autosuspend(pagetable->iommu_dev);
}
static void msm_iommu_tlb_add_page(struct iommu_iotlb_gather *gather,
@@ -206,7 +230,7 @@ static void msm_iommu_tlb_add_page(struc
{
}
-static const struct iommu_flush_ops null_tlb_ops = {
+static const struct iommu_flush_ops tlb_ops = {
.tlb_flush_all = msm_iommu_tlb_flush_all,
.tlb_flush_walk = msm_iommu_tlb_flush_walk,
.tlb_add_page = msm_iommu_tlb_add_page,
@@ -254,10 +278,10 @@ struct msm_mmu *msm_iommu_pagetable_crea
/* The incoming cfg will have the TTBR1 quirk enabled */
ttbr0_cfg.quirks &= ~IO_PGTABLE_QUIRK_ARM_TTBR1;
- ttbr0_cfg.tlb = &null_tlb_ops;
+ ttbr0_cfg.tlb = &tlb_ops;
pagetable->pgtbl_ops = alloc_io_pgtable_ops(ARM_64_LPAE_S1,
- &ttbr0_cfg, iommu->domain);
+ &ttbr0_cfg, pagetable);
if (!pagetable->pgtbl_ops) {
kfree(pagetable);
@@ -282,6 +306,8 @@ struct msm_mmu *msm_iommu_pagetable_crea
/* Needed later for TLB flush */
pagetable->parent = parent;
+ pagetable->tlb = ttbr1_cfg->tlb;
+ pagetable->iommu_dev = ttbr1_cfg->iommu_dev;
pagetable->pgsize_bitmap = ttbr0_cfg.pgsize_bitmap;
pagetable->ttbr = ttbr0_cfg.arm_lpae_s1_cfg.ttbr;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 114/197] drm/prime: Support page array >= 4GB
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (112 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 113/197] drm/msm: Wire up tlb ops Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 115/197] drm/amd/display: Increase frame-larger-than for all display_mode_vba files Greg Kroah-Hartman
` (86 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Philip Yang, Felix Kuehling,
Christian König
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Philip Yang <Philip.Yang@amd.com>
commit b671cd3d456315f63171a670769356a196cf7fd0 upstream.
Without unsigned long typecast, the size is passed in as zero if page
array size >= 4GB, nr_pages >= 0x100000, then sg list converted will
have the first and the last chunk lost.
Signed-off-by: Philip Yang <Philip.Yang@amd.com>
Acked-by: Felix Kuehling <Felix.Kuehling@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20230821200201.24685-1-Philip.Yang@amd.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/drm_prime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/gpu/drm/drm_prime.c
+++ b/drivers/gpu/drm/drm_prime.c
@@ -828,7 +828,7 @@ struct sg_table *drm_prime_pages_to_sg(s
if (max_segment == 0)
max_segment = UINT_MAX;
err = sg_alloc_table_from_pages_segment(sg, pages, nr_pages, 0,
- nr_pages << PAGE_SHIFT,
+ (unsigned long)nr_pages << PAGE_SHIFT,
max_segment, GFP_KERNEL);
if (err) {
kfree(sg);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 115/197] drm/amd/display: Increase frame-larger-than for all display_mode_vba files
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (113 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 114/197] drm/prime: Support page array >= 4GB Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 116/197] drm/amd/display: Preserve original aspect ratio in create stream Greg Kroah-Hartman
` (85 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Nathan Chancellor, Alex Deucher
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nathan Chancellor <nathan@kernel.org>
commit e63e35f0164c43fbc1adb481d6604f253b9f9667 upstream.
After a recent change in LLVM, allmodconfig (which has CONFIG_KCSAN=y
and CONFIG_WERROR=y enabled) has a few new instances of
-Wframe-larger-than for the mode support and system configuration
functions:
drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn20/display_mode_vba_20v2.c:3393:6: error: stack frame size (2144) exceeds limit (2048) in 'dml20v2_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than]
3393 | void dml20v2_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib)
| ^
1 error generated.
drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn21/display_mode_vba_21.c:3520:6: error: stack frame size (2192) exceeds limit (2048) in 'dml21_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than]
3520 | void dml21_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib)
| ^
1 error generated.
drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn20/display_mode_vba_20.c:3286:6: error: stack frame size (2128) exceeds limit (2048) in 'dml20_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than]
3286 | void dml20_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib)
| ^
1 error generated.
Without the sanitizers enabled, there are no warnings.
This was the catalyst for commit 6740ec97bcdb ("drm/amd/display:
Increase frame warning limit with KASAN or KCSAN in dml2") and that same
change was made to dml in commit 5b750b22530f ("drm/amd/display:
Increase frame warning limit with KASAN or KCSAN in dml") but the
frame_warn_flag variable was not applied to all files. Do so now to
clear up the warnings and make all these files consistent.
Cc: stable@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issue/1990
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/dc/dml/Makefile | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--- a/drivers/gpu/drm/amd/display/dc/dml/Makefile
+++ b/drivers/gpu/drm/amd/display/dc/dml/Makefile
@@ -60,11 +60,11 @@ ifdef CONFIG_DRM_AMD_DC_DCN
CFLAGS_$(AMDDALPATH)/dc/dml/display_mode_vba.o := $(dml_ccflags)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn10/dcn10_fpu.o := $(dml_ccflags)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/dcn20_fpu.o := $(dml_ccflags)
-CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20.o := $(dml_ccflags)
+CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20.o := $(dml_ccflags) $(frame_warn_flag)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_rq_dlg_calc_20.o := $(dml_ccflags)
-CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20v2.o := $(dml_ccflags)
+CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_mode_vba_20v2.o := $(dml_ccflags) $(frame_warn_flag)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn20/display_rq_dlg_calc_20v2.o := $(dml_ccflags)
-CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_mode_vba_21.o := $(dml_ccflags)
+CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_mode_vba_21.o := $(dml_ccflags) $(frame_warn_flag)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn21/display_rq_dlg_calc_21.o := $(dml_ccflags)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn30/display_mode_vba_30.o := $(dml_ccflags) $(frame_warn_flag)
CFLAGS_$(AMDDALPATH)/dc/dml/dcn30/display_rq_dlg_calc_30.o := $(dml_ccflags)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 116/197] drm/amd/display: Preserve original aspect ratio in create stream
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (114 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 115/197] drm/amd/display: Increase frame-larger-than for all display_mode_vba files Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 117/197] hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Greg Kroah-Hartman
` (84 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Alex Deucher,
Aurabindo Pillai, Tom Chung, Daniel Wheeler
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tom Chung <chiahsuan.chung@amd.com>
commit deb110292180cd501f6fde2a0178d65fcbcabb0c upstream.
[Why]
The original picture aspect ratio in mode struct may have chance be
overwritten with wrong aspect ratio data in create_stream_for_sink().
It will create a different VIC output and cause HDMI compliance test
failed.
[How]
Preserve the original picture aspect ratio data during create the
stream.
Cc: Mario Limonciello <mario.limonciello@amd.com>
Cc: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Reviewed-by: Aurabindo Pillai <aurabindo.pillai@amd.com>
Signed-off-by: Tom Chung <chiahsuan.chung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -6001,7 +6001,9 @@ create_stream_for_sink(struct amdgpu_dm_
if (recalculate_timing) {
freesync_mode = get_highest_refresh_rate_mode(aconnector, false);
drm_mode_copy(&saved_mode, &mode);
+ saved_mode.picture_aspect_ratio = mode.picture_aspect_ratio;
drm_mode_copy(&mode, freesync_mode);
+ mode.picture_aspect_ratio = saved_mode.picture_aspect_ratio;
} else {
decide_crtc_timing_for_drm_display_mode(
&mode, preferred_mode, scale);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 117/197] hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (115 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 116/197] drm/amd/display: Preserve original aspect ratio in create stream Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 118/197] ring-buffer: Clean ring_buffer_poll_wait() error return Greg Kroah-Hartman
` (83 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Souradeep Chakrabarti, Dexuan Cui,
Haiyang Zhang, Simon Horman, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Souradeep Chakrabarti <schakrabarti@linux.microsoft.com>
commit e0526ec5360a48ad3ab2e26e802b0532302a7e11 upstream.
In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the
VMBus channel"), napi_disable was getting called for all channels,
including all subchannels without confirming if they are enabled or not.
This caused hv_netvsc getting hung at napi_disable, when netvsc_probe()
has finished running but nvdev->subchan_work has not started yet.
netvsc_subchan_work() -> rndis_set_subchannel() has not created the
sub-channels and because of that netvsc_sc_open() is not running.
netvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which
netvsc_subchan_work did not run.
netif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI
cannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the
NAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the
opposite.
Now during netvsc_device_remove(), when napi_disable is called for those
subchannels, napi_disable gets stuck on infinite msleep.
This fix addresses this problem by ensuring that napi_disable() is not
getting called for non-enabled NAPI struct.
But netif_napi_del() is still necessary for these non-enabled NAPI struct
for cleanup purpose.
Call trace:
[ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002
[ 654.568030] Call Trace:
[ 654.571221] <TASK>
[ 654.573790] __schedule+0x2d6/0x960
[ 654.577733] schedule+0x69/0xf0
[ 654.581214] schedule_timeout+0x87/0x140
[ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20
[ 654.590291] msleep+0x2d/0x40
[ 654.593625] napi_disable+0x2b/0x80
[ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]
[ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]
[ 654.611101] ? do_wait_intr+0xb0/0xb0
[ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc]
[ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]
Cc: stable@vger.kernel.org
Fixes: ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel")
Signed-off-by: Souradeep Chakrabarti <schakrabarti@linux.microsoft.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/1706686551-28510-1-git-send-email-schakrabarti@linux.microsoft.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/net/hyperv/netvsc.c
+++ b/drivers/net/hyperv/netvsc.c
@@ -740,7 +740,10 @@ void netvsc_device_remove(struct hv_devi
/* Disable NAPI and disassociate its context from the device. */
for (i = 0; i < net_device->num_chn; i++) {
/* See also vmbus_reset_channel_cb(). */
- napi_disable(&net_device->chan_table[i].napi);
+ /* only disable enabled NAPI channel */
+ if (i < ndev->real_num_rx_queues)
+ napi_disable(&net_device->chan_table[i].napi);
+
netif_napi_del(&net_device->chan_table[i].napi);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 118/197] ring-buffer: Clean ring_buffer_poll_wait() error return
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (116 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 117/197] hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 119/197] nfp: flower: fix hardware offload for the transfer layer port Greg Kroah-Hartman
` (82 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Vincent Donnefort,
Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Vincent Donnefort <vdonnefort@google.com>
commit 66bbea9ed6446b8471d365a22734dc00556c4785 upstream.
The return type for ring_buffer_poll_wait() is __poll_t. This is behind
the scenes an unsigned where we can set event bits. In case of a
non-allocated CPU, we do return instead -EINVAL (0xffffffea). Lucky us,
this ends up setting few error bits (EPOLLERR | EPOLLHUP | EPOLLNVAL), so
user-space at least is aware something went wrong.
Nonetheless, this is an incorrect code. Replace that -EINVAL with a
proper EPOLLERR to clean that output. As this doesn't change the
behaviour, there's no need to treat this change as a bug fix.
Link: https://lore.kernel.org/linux-trace-kernel/20240131140955.3322792-1-vdonnefort@google.com
Cc: stable@vger.kernel.org
Fixes: 6721cb6002262 ("ring-buffer: Do not poll non allocated cpu buffers")
Signed-off-by: Vincent Donnefort <vdonnefort@google.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/ring_buffer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
@@ -1095,7 +1095,7 @@ __poll_t ring_buffer_poll_wait(struct tr
full = 0;
} else {
if (!cpumask_test_cpu(cpu, buffer->cpumask))
- return -EINVAL;
+ return EPOLLERR;
cpu_buffer = buffer->buffers[cpu];
work = &cpu_buffer->irq_work;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 119/197] nfp: flower: fix hardware offload for the transfer layer port
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (117 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 118/197] ring-buffer: Clean ring_buffer_poll_wait() error return Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 120/197] serial: max310x: set default value when reading clock ready bit Greg Kroah-Hartman
` (81 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hui Zhou, Louis Peens,
Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hui Zhou <hui.zhou@corigine.com>
commit 3a007b8009b5f8af021021b7a590a6da0dc4c6e0 upstream.
The nfp driver will merge the tp source port and tp destination port
into one dword which the offset must be zero to do hardware offload.
However, the mangle action for the tp source port and tp destination
port is separated for tc ct action. Modify the mangle action for the
FLOW_ACT_MANGLE_HDR_TYPE_TCP and FLOW_ACT_MANGLE_HDR_TYPE_UDP to
satisfy the nfp driver offload check for the tp port.
The mangle action provides a 4B value for source, and a 4B value for
the destination, but only 2B of each contains the useful information.
For offload the 2B of each is combined into a single 4B word. Since the
incoming mask for the source is '0xFFFF<mask>' the shift-left will
throw away the 0xFFFF part. When this gets combined together in the
offload it will clear the destination field. Fix this by setting the
lower bits back to 0xFFFF, effectively doing a rotate-left operation on
the mask.
Fixes: 5cee92c6f57a ("nfp: flower: support hw offload for ct nat action")
CC: stable@vger.kernel.org # 6.1+
Signed-off-by: Hui Zhou <hui.zhou@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Link: https://lore.kernel.org/r/20240124151909.31603-3-louis.peens@corigine.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/flower/conntrack.c | 24 ++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/conntrack.c
@@ -1379,10 +1379,30 @@ static void nfp_nft_ct_translate_mangle_
mangle_action->mangle.mask = (__force u32)cpu_to_be32(mangle_action->mangle.mask);
return;
+ /* Both struct tcphdr and struct udphdr start with
+ * __be16 source;
+ * __be16 dest;
+ * so we can use the same code for both.
+ */
case FLOW_ACT_MANGLE_HDR_TYPE_TCP:
case FLOW_ACT_MANGLE_HDR_TYPE_UDP:
- mangle_action->mangle.val = (__force u16)cpu_to_be16(mangle_action->mangle.val);
- mangle_action->mangle.mask = (__force u16)cpu_to_be16(mangle_action->mangle.mask);
+ if (mangle_action->mangle.offset == offsetof(struct tcphdr, source)) {
+ mangle_action->mangle.val =
+ (__force u32)cpu_to_be32(mangle_action->mangle.val << 16);
+ /* The mask of mangle action is inverse mask,
+ * so clear the dest tp port with 0xFFFF to
+ * instead of rotate-left operation.
+ */
+ mangle_action->mangle.mask =
+ (__force u32)cpu_to_be32(mangle_action->mangle.mask << 16 | 0xFFFF);
+ }
+ if (mangle_action->mangle.offset == offsetof(struct tcphdr, dest)) {
+ mangle_action->mangle.offset = 0;
+ mangle_action->mangle.val =
+ (__force u32)cpu_to_be32(mangle_action->mangle.val);
+ mangle_action->mangle.mask =
+ (__force u32)cpu_to_be32(mangle_action->mangle.mask);
+ }
return;
default:
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 120/197] serial: max310x: set default value when reading clock ready bit
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (118 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 119/197] nfp: flower: fix hardware offload for the transfer layer port Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 121/197] serial: max310x: improve crystal stable clock detection Greg Kroah-Hartman
` (80 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hugo Villeneuve
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
commit 0419373333c2f2024966d36261fd82a453281e80 upstream.
If regmap_read() returns a non-zero value, the 'val' variable can be left
uninitialized.
Clear it before calling regmap_read() to make sure we properly detect
the clock ready bit.
Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness")
Cc: stable@vger.kernel.org
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Link: https://lore.kernel.org/r/20240116213001.3691629-2-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/max310x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -641,7 +641,7 @@ static u32 max310x_set_ref_clk(struct de
/* Wait for crystal */
if (xtal) {
- unsigned int val;
+ unsigned int val = 0;
msleep(10);
regmap_read(s->regmap, MAX310X_STS_IRQSTS_REG, &val);
if (!(val & MAX310X_STS_CLKREADY_BIT)) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 121/197] serial: max310x: improve crystal stable clock detection
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (119 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 120/197] serial: max310x: set default value when reading clock ready bit Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 122/197] serial: max310x: fail probe if clock crystal is unstable Greg Kroah-Hartman
` (79 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kundrát, Hugo Villeneuve
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
commit 93cd256ab224c2519e7c4e5f58bb4f1ac2bf0965 upstream.
Some people are seeing a warning similar to this when using a crystal:
max310x 11-006c: clock is not stable yet
The datasheet doesn't mention the maximum time to wait for the clock to be
stable when using a crystal, and it seems that the 10ms delay in the driver
is not always sufficient.
Jan Kundrát reported that it took three tries (each separated by 10ms) to
get a stable clock.
Modify behavior to check stable clock ready bit multiple times (20), and
waiting 10ms between each try.
Note: the first draft of the driver originally used a 50ms delay, without
checking the clock stable bit.
Then a loop with 1000 retries was implemented, each time reading the clock
stable bit.
Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness")
Cc: stable@vger.kernel.org
Suggested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Link: https://www.spinics.net/lists/linux-serial/msg35773.html
Link: https://lore.kernel.org/all/20240110174015.6f20195fde08e5c9e64e5675@hugovil.com/raw
Link: https://github.com/boundarydevices/linux/commit/e5dfe3e4a751392515d78051973190301a37ca9a
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Link: https://lore.kernel.org/r/20240116213001.3691629-3-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/max310x.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -237,6 +237,10 @@
#define MAX310x_REV_MASK (0xf8)
#define MAX310X_WRITE_BIT 0x80
+/* Crystal-related definitions */
+#define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */
+#define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */
+
/* MAX3107 specific */
#define MAX3107_REV_ID (0xa0)
@@ -641,12 +645,19 @@ static u32 max310x_set_ref_clk(struct de
/* Wait for crystal */
if (xtal) {
- unsigned int val = 0;
- msleep(10);
- regmap_read(s->regmap, MAX310X_STS_IRQSTS_REG, &val);
- if (!(val & MAX310X_STS_CLKREADY_BIT)) {
+ bool stable = false;
+ unsigned int try = 0, val = 0;
+
+ do {
+ msleep(MAX310X_XTAL_WAIT_DELAY_MS);
+ regmap_read(s->regmap, MAX310X_STS_IRQSTS_REG, &val);
+
+ if (val & MAX310X_STS_CLKREADY_BIT)
+ stable = true;
+ } while (!stable && (++try < MAX310X_XTAL_WAIT_RETRIES));
+
+ if (!stable)
dev_warn(dev, "clock is not stable yet\n");
- }
}
return bestfreq;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 122/197] serial: max310x: fail probe if clock crystal is unstable
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (120 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 121/197] serial: max310x: improve crystal stable clock detection Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 123/197] serial: max310x: prevent infinite while() loop in port startup Greg Kroah-Hartman
` (78 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kundrát, Hugo Villeneuve
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
commit 8afa6c6decea37e7cb473d2c60473f37f46cea35 upstream.
A stable clock is really required in order to use this UART, so log an
error message and bail out if the chip reports that the clock is not
stable.
Fixes: 4cf9a888fd3c ("serial: max310x: Check the clock readiness")
Cc: stable@vger.kernel.org
Suggested-by: Jan Kundrát <jan.kundrat@cesnet.cz>
Link: https://www.spinics.net/lists/linux-serial/msg35773.html
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Link: https://lore.kernel.org/r/20240116213001.3691629-4-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/max310x.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -587,7 +587,7 @@ static int max310x_update_best_err(unsig
return 1;
}
-static u32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s,
+static s32 max310x_set_ref_clk(struct device *dev, struct max310x_port *s,
unsigned long freq, bool xtal)
{
unsigned int div, clksrc, pllcfg = 0;
@@ -657,7 +657,8 @@ static u32 max310x_set_ref_clk(struct de
} while (!stable && (++try < MAX310X_XTAL_WAIT_RETRIES));
if (!stable)
- dev_warn(dev, "clock is not stable yet\n");
+ return dev_err_probe(dev, -EAGAIN,
+ "clock is not stable\n");
}
return bestfreq;
@@ -1285,7 +1286,7 @@ static int max310x_probe(struct device *
{
int i, ret, fmin, fmax, freq;
struct max310x_port *s;
- u32 uartclk = 0;
+ s32 uartclk = 0;
bool xtal;
for (i = 0; i < devtype->nr; i++)
@@ -1363,6 +1364,11 @@ static int max310x_probe(struct device *
}
uartclk = max310x_set_ref_clk(dev, s, freq, xtal);
+ if (uartclk < 0) {
+ ret = uartclk;
+ goto out_uart;
+ }
+
dev_dbg(dev, "Reference clock set to %i Hz\n", uartclk);
for (i = 0; i < devtype->nr; i++) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 123/197] serial: max310x: prevent infinite while() loop in port startup
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (121 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 122/197] serial: max310x: fail probe if clock crystal is unstable Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 124/197] powerpc/64: Set task pt_regs->link to the LR value on scv entry Greg Kroah-Hartman
` (77 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Hugo Villeneuve
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hugo Villeneuve <hvilleneuve@dimonoff.com>
commit b35f8dbbce818b02c730dc85133dc7754266e084 upstream.
If there is a problem after resetting a port, the do/while() loop that
checks the default value of DIVLSB register may run forever and spam the
I2C bus.
Add a delay before each read of DIVLSB, and a maximum number of tries to
prevent that situation from happening.
Also fail probe if port reset is unsuccessful.
Fixes: 10d8b34a4217 ("serial: max310x: Driver rework")
Cc: stable@vger.kernel.org
Signed-off-by: Hugo Villeneuve <hvilleneuve@dimonoff.com>
Link: https://lore.kernel.org/r/20240116213001.3691629-5-hugo@hugovil.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/tty/serial/max310x.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
--- a/drivers/tty/serial/max310x.c
+++ b/drivers/tty/serial/max310x.c
@@ -237,6 +237,10 @@
#define MAX310x_REV_MASK (0xf8)
#define MAX310X_WRITE_BIT 0x80
+/* Port startup definitions */
+#define MAX310X_PORT_STARTUP_WAIT_RETRIES 20 /* Number of retries */
+#define MAX310X_PORT_STARTUP_WAIT_DELAY_MS 10 /* Delay between retries */
+
/* Crystal-related definitions */
#define MAX310X_XTAL_WAIT_RETRIES 20 /* Number of retries */
#define MAX310X_XTAL_WAIT_DELAY_MS 10 /* Delay between retries */
@@ -1349,6 +1353,9 @@ static int max310x_probe(struct device *
goto out_clk;
for (i = 0; i < devtype->nr; i++) {
+ bool started = false;
+ unsigned int try = 0, val = 0;
+
/* Reset port */
regmap_write(regmaps[i], MAX310X_MODE2_REG,
MAX310X_MODE2_RST_BIT);
@@ -1357,8 +1364,17 @@ static int max310x_probe(struct device *
/* Wait for port startup */
do {
- regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &ret);
- } while (ret != 0x01);
+ msleep(MAX310X_PORT_STARTUP_WAIT_DELAY_MS);
+ regmap_read(regmaps[i], MAX310X_BRGDIVLSB_REG, &val);
+
+ if (val == 0x01)
+ started = true;
+ } while (!started && (++try < MAX310X_PORT_STARTUP_WAIT_RETRIES));
+
+ if (!started) {
+ ret = dev_err_probe(dev, -EAGAIN, "port reset failed\n");
+ goto out_uart;
+ }
regmap_write(regmaps[i], MAX310X_MODE1_REG, devtype->mode1);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 124/197] powerpc/64: Set task pt_regs->link to the LR value on scv entry
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (122 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 123/197] serial: max310x: prevent infinite while() loop in port startup Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 125/197] powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Greg Kroah-Hartman
` (76 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nysal Jan K.A, Naveen N Rao,
Michael Ellerman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Naveen N Rao <naveen@kernel.org>
commit aad98efd0b121f63a2e1c221dcb4d4850128c697 upstream.
Nysal reported that userspace backtraces are missing in offcputime bcc
tool. As an example:
$ sudo ./bcc/tools/offcputime.py -uU
Tracing off-CPU time (us) of user threads by user stack... Hit Ctrl-C to end.
^C
write
- python (9107)
8
write
- sudo (9105)
9
mmap
- python (9107)
16
clock_nanosleep
- multipathd (697)
3001604
The offcputime bcc tool attaches a bpf program to a kprobe on
finish_task_switch(), which is usually hit on a syscall from userspace.
With the switch to system call vectored, we started setting
pt_regs->link to zero. This is because system call vectored behaves like
a function call with LR pointing to the system call return address, and
with no modification to SRR0/SRR1. The LR value does indicate our next
instruction, so it is being saved as pt_regs->nip, and pt_regs->link is
being set to zero. This is not a problem by itself, but BPF uses perf
callchain infrastructure for capturing stack traces, and that stores LR
as the second entry in the stack trace. perf has code to cope with the
second entry being zero, and skips over it. However, generic userspace
unwinders assume that a zero entry indicates end of the stack trace,
resulting in a truncated userspace stack trace.
Rather than fixing all userspace unwinders to ignore/skip past the
second entry, store the real LR value in pt_regs->link so that there
continues to be a valid, though duplicate entry in the stack trace.
With this change:
$ sudo ./bcc/tools/offcputime.py -uU
Tracing off-CPU time (us) of user threads by user stack... Hit Ctrl-C to end.
^C
write
write
[unknown]
[unknown]
[unknown]
[unknown]
[unknown]
PyObject_VectorcallMethod
[unknown]
[unknown]
PyObject_CallOneArg
PyFile_WriteObject
PyFile_WriteString
[unknown]
[unknown]
PyObject_Vectorcall
_PyEval_EvalFrameDefault
PyEval_EvalCode
[unknown]
[unknown]
[unknown]
_PyRun_SimpleFileObject
_PyRun_AnyFileObject
Py_RunMain
[unknown]
Py_BytesMain
[unknown]
__libc_start_main
- python (1293)
7
write
write
[unknown]
sudo_ev_loop_v1
sudo_ev_dispatch_v1
[unknown]
[unknown]
[unknown]
[unknown]
__libc_start_main
- sudo (1291)
7
syscall
syscall
bpf_open_perf_buffer_opts
[unknown]
[unknown]
[unknown]
[unknown]
_PyObject_MakeTpCall
PyObject_Vectorcall
_PyEval_EvalFrameDefault
PyEval_EvalCode
[unknown]
[unknown]
[unknown]
_PyRun_SimpleFileObject
_PyRun_AnyFileObject
Py_RunMain
[unknown]
Py_BytesMain
[unknown]
__libc_start_main
- python (1293)
11
clock_nanosleep
clock_nanosleep
nanosleep
sleep
[unknown]
[unknown]
__clone
- multipathd (698)
3001661
Fixes: 7fa95f9adaee ("powerpc/64s: system call support for scv/rfscv instructions")
Cc: stable@vger.kernel.org
Reported-by: "Nysal Jan K.A" <nysal@linux.ibm.com>
Signed-off-by: Naveen N Rao <naveen@kernel.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240202154316.395276-1-naveen@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/interrupt_64.S | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/arch/powerpc/kernel/interrupt_64.S
+++ b/arch/powerpc/kernel/interrupt_64.S
@@ -52,7 +52,8 @@ _ASM_NOKPROBE_SYMBOL(system_call_vectore
mr r10,r1
ld r1,PACAKSAVE(r13)
std r10,0(r1)
- std r11,_NIP(r1)
+ std r11,_LINK(r1)
+ std r11,_NIP(r1) /* Saved LR is also the next instruction */
std r12,_MSR(r1)
std r0,GPR0(r1)
std r10,GPR1(r1)
@@ -70,7 +71,6 @@ _ASM_NOKPROBE_SYMBOL(system_call_vectore
std r9,GPR13(r1)
SAVE_NVGPRS(r1)
std r11,_XER(r1)
- std r11,_LINK(r1)
std r11,_CTR(r1)
li r11,\trapnr
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 125/197] powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (123 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 124/197] powerpc/64: Set task pt_regs->link to the LR value on scv entry Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 126/197] powerpc/pseries: fix accuracy of stolen time Greg Kroah-Hartman
` (75 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Engraf, Christophe Leroy,
Michael Ellerman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Engraf <david.engraf@sysgo.com>
commit eb6d871f4ba49ac8d0537e051fe983a3a4027f61 upstream.
Commit e320a76db4b0 ("powerpc/cputable: Split cpu_specs[] out of
cputable.h") moved the cpu_specs to separate header files. Previously
PPC_FEATURE_BOOKE was enabled by CONFIG_PPC_BOOK3E_64. The definition in
cpu_specs_e500mc.h for PPC64 no longer enables PPC_FEATURE_BOOKE.
This breaks user space reading the ELF hwcaps and expect
PPC_FEATURE_BOOKE. Debugging an application with gdb is no longer
working on e5500/e6500 because the 64-bit detection relies on
PPC_FEATURE_BOOKE for Book-E.
Fixes: e320a76db4b0 ("powerpc/cputable: Split cpu_specs[] out of cputable.h")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: David Engraf <david.engraf@sysgo.com>
Reviewed-by: Christophe Leroy <christophe.leroy@csgroup.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240207092758.1058893-1-david.engraf@sysgo.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/kernel/cpu_specs_e500mc.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/arch/powerpc/kernel/cpu_specs_e500mc.h
+++ b/arch/powerpc/kernel/cpu_specs_e500mc.h
@@ -8,7 +8,8 @@
#ifdef CONFIG_PPC64
#define COMMON_USER_BOOKE (PPC_FEATURE_32 | PPC_FEATURE_HAS_MMU | \
- PPC_FEATURE_HAS_FPU | PPC_FEATURE_64)
+ PPC_FEATURE_HAS_FPU | PPC_FEATURE_64 | \
+ PPC_FEATURE_BOOKE)
#else
#define COMMON_USER_BOOKE (PPC_FEATURE_32 | PPC_FEATURE_HAS_MMU | \
PPC_FEATURE_BOOKE)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 126/197] powerpc/pseries: fix accuracy of stolen time
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (124 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 125/197] powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 127/197] x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Greg Kroah-Hartman
` (74 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shrikanth Hegde, Nicholas Piggin,
Srikar Dronamraju, Michael Ellerman
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shrikanth Hegde <sshegde@linux.ibm.com>
commit cbecc9fcbbec60136b0180ba0609c829afed5c81 upstream.
powerVM hypervisor updates the VPA fields with stolen time data.
It currently reports enqueue_dispatch_tb and ready_enqueue_tb for
this purpose. In linux these two fields are used to report the stolen time.
The VPA fields are updated at the TB frequency. On powerPC its mostly
set at 512Mhz. Hence this needs a conversion to ns when reporting it
back as rest of the kernel timings are in ns. This conversion is already
handled in tb_to_ns function. So use that function to report accurate
stolen time.
Observed this issue and used an Capped Shared Processor LPAR(SPLPAR) to
simplify the experiments. In all these cases, 100% VP Load is run using
stress-ng workload. Values of stolen time is in percentages as reported
by mpstat. With the patch values are close to expected.
6.8.rc1 +Patch
12EC/12VP 0.0 0.0
12EC/24VP 25.7 50.2
12EC/36VP 37.3 69.2
12EC/48VP 38.5 78.3
Fixes: 0e8a63132800 ("powerpc/pseries: Implement CONFIG_PARAVIRT_TIME_ACCOUNTING")
Cc: stable@vger.kernel.org # v6.1+
Signed-off-by: Shrikanth Hegde <sshegde@linux.ibm.com>
Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Srikar Dronamraju <srikar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://msgid.link/20240213052635.231597-1-sshegde@linux.ibm.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/powerpc/platforms/pseries/lpar.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- a/arch/powerpc/platforms/pseries/lpar.c
+++ b/arch/powerpc/platforms/pseries/lpar.c
@@ -660,8 +660,12 @@ u64 pseries_paravirt_steal_clock(int cpu
{
struct lppaca *lppaca = &lppaca_of(cpu);
- return be64_to_cpu(READ_ONCE(lppaca->enqueue_dispatch_tb)) +
- be64_to_cpu(READ_ONCE(lppaca->ready_enqueue_tb));
+ /*
+ * VPA steal time counters are reported at TB frequency. Hence do a
+ * conversion to ns before returning
+ */
+ return tb_to_ns(be64_to_cpu(READ_ONCE(lppaca->enqueue_dispatch_tb)) +
+ be64_to_cpu(READ_ONCE(lppaca->ready_enqueue_tb)));
}
#endif
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 127/197] x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (125 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 126/197] powerpc/pseries: fix accuracy of stolen time Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 128/197] x86/fpu: Stop relying on userspace for info to fault in xsave buffer Greg Kroah-Hartman
` (73 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Aleksander Mazur,
Borislav Petkov (AMD), H. Peter Anvin, stable
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Aleksander Mazur <deweloper@wp.pl>
commit f6a1892585cd19e63c4ef2334e26cd536d5b678d upstream.
The kernel built with MCRUSOE is unbootable on Transmeta Crusoe. It shows
the following error message:
This kernel requires an i686 CPU, but only detected an i586 CPU.
Unable to boot - please use a kernel appropriate for your CPU.
Remove MCRUSOE from the condition introduced in commit in Fixes, effectively
changing X86_MINIMUM_CPU_FAMILY back to 5 on that machine, which matches the
CPU family given by CPUID.
[ bp: Massage commit message. ]
Fixes: 25d76ac88821 ("x86/Kconfig: Explicitly enumerate i686-class CPUs in Kconfig")
Signed-off-by: Aleksander Mazur <deweloper@wp.pl>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Acked-by: H. Peter Anvin <hpa@zytor.com>
Cc: <stable@kernel.org>
Link: https://lore.kernel.org/r/20240123134309.1117782-1-deweloper@wp.pl
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/Kconfig.cpu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/Kconfig.cpu
+++ b/arch/x86/Kconfig.cpu
@@ -375,7 +375,7 @@ config X86_CMOV
config X86_MINIMUM_CPU_FAMILY
int
default "64" if X86_64
- default "6" if X86_32 && (MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MEFFICEON || MATOM || MCRUSOE || MCORE2 || MK7 || MK8)
+ default "6" if X86_32 && (MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MEFFICEON || MATOM || MCORE2 || MK7 || MK8)
default "5" if X86_32 && X86_CMPXCHG64
default "4"
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 128/197] x86/fpu: Stop relying on userspace for info to fault in xsave buffer
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (126 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 127/197] x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 129/197] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Greg Kroah-Hartman
` (72 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Konstantin Bogomolov,
Thomas Gleixner, Andrei Vagin, Dave Hansen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrei Vagin <avagin@google.com>
commit d877550eaf2dc9090d782864c96939397a3c6835 upstream.
Before this change, the expected size of the user space buffer was
taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed
from user-space, so it is possible construct a sigreturn frame where:
* fx_sw->xstate_size is smaller than the size required by valid bits in
fx_sw->xfeatures.
* user-space unmaps parts of the sigrame fpu buffer so that not all of
the buffer required by xrstor is accessible.
In this case, xrstor tries to restore and accesses the unmapped area
which results in a fault. But fault_in_readable succeeds because buf +
fx_sw->xstate_size is within the still mapped area, so it goes back and
tries xrstor again. It will spin in this loop forever.
Instead, fault in the maximum size which can be touched by XRSTOR (taken
from fpstate->user_size).
[ dhansen: tweak subject / changelog ]
Fixes: fcb3635f5018 ("x86/fpu/signal: Handle #PF in the direct restore path")
Reported-by: Konstantin Bogomolov <bogomolov@google.com>
Suggested-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrei Vagin <avagin@google.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc:stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240130063603.3392627-1-avagin%40google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kernel/fpu/signal.c | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
--- a/arch/x86/kernel/fpu/signal.c
+++ b/arch/x86/kernel/fpu/signal.c
@@ -274,12 +274,13 @@ static int __restore_fpregs_from_user(vo
* Attempt to restore the FPU registers directly from user memory.
* Pagefaults are handled and any errors returned are fatal.
*/
-static bool restore_fpregs_from_user(void __user *buf, u64 xrestore,
- bool fx_only, unsigned int size)
+static bool restore_fpregs_from_user(void __user *buf, u64 xrestore, bool fx_only)
{
struct fpu *fpu = ¤t->thread.fpu;
int ret;
+ /* Restore enabled features only. */
+ xrestore &= fpu->fpstate->user_xfeatures;
retry:
fpregs_lock();
/* Ensure that XFD is up to date */
@@ -309,7 +310,7 @@ retry:
if (ret != X86_TRAP_PF)
return false;
- if (!fault_in_readable(buf, size))
+ if (!fault_in_readable(buf, fpu->fpstate->user_size))
goto retry;
return false;
}
@@ -339,7 +340,6 @@ static bool __fpu_restore_sig(void __use
struct user_i387_ia32_struct env;
bool success, fx_only = false;
union fpregs_state *fpregs;
- unsigned int state_size;
u64 user_xfeatures = 0;
if (use_xsave()) {
@@ -349,17 +349,14 @@ static bool __fpu_restore_sig(void __use
return false;
fx_only = !fx_sw_user.magic1;
- state_size = fx_sw_user.xstate_size;
user_xfeatures = fx_sw_user.xfeatures;
} else {
user_xfeatures = XFEATURE_MASK_FPSSE;
- state_size = fpu->fpstate->user_size;
}
if (likely(!ia32_fxstate)) {
/* Restore the FPU registers directly from user memory. */
- return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only,
- state_size);
+ return restore_fpregs_from_user(buf_fx, user_xfeatures, fx_only);
}
/*
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 129/197] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (127 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 128/197] x86/fpu: Stop relying on userspace for info to fault in xsave buffer Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 130/197] x86/mm/ident_map: Use gbpages only where full GB page should be mapped Greg Kroah-Hartman
` (71 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Mingwei Zhang, Sean Christopherson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mingwei Zhang <mizhang@google.com>
commit 05519c86d6997cfb9bb6c82ce1595d1015b718dc upstream.
Use a u64 instead of a u8 when taking a snapshot of pmu->fixed_ctr_ctrl
when reprogramming fixed counters, as truncating the value results in KVM
thinking fixed counter 2 is already disabled (the bug also affects fixed
counters 3+, but KVM doesn't yet support those). As a result, if the
guest disables fixed counter 2, KVM will get a false negative and fail to
reprogram/disable emulation of the counter, which can leads to incorrect
counts and spurious PMIs in the guest.
Fixes: 76d287b2342e ("KVM: x86/pmu: Drop "u8 ctrl, int idx" for reprogram_fixed_counter()")
Cc: stable@vger.kernel.org
Signed-off-by: Mingwei Zhang <mizhang@google.com>
Link: https://lore.kernel.org/r/20240123221220.3911317-1-mizhang@google.com
[sean: rewrite changelog to call out the effects of the bug]
Signed-off-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/kvm/vmx/pmu_intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/x86/kvm/vmx/pmu_intel.c
+++ b/arch/x86/kvm/vmx/pmu_intel.c
@@ -38,7 +38,7 @@ static int fixed_pmc_events[] = {1, 0, 7
static void reprogram_fixed_counters(struct kvm_pmu *pmu, u64 data)
{
struct kvm_pmc *pmc;
- u8 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl;
+ u64 old_fixed_ctr_ctrl = pmu->fixed_ctr_ctrl;
int i;
pmu->fixed_ctr_ctrl = data;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 130/197] x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (128 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 129/197] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 131/197] io_uring/net: fix multishot accept overflow handling Greg Kroah-Hartman
` (70 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Steve Wahl, Dave Hansen
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steve Wahl <steve.wahl@hpe.com>
commit d794734c9bbfe22f86686dc2909c25f5ffe1a572 upstream.
When ident_pud_init() uses only gbpages to create identity maps, large
ranges of addresses not actually requested can be included in the
resulting table; a 4K request will map a full GB. On UV systems, this
ends up including regions that will cause hardware to halt the system
if accessed (these are marked "reserved" by BIOS). Even processor
speculation into these regions is enough to trigger the system halt.
Only use gbpages when map creation requests include the full GB page
of space. Fall back to using smaller 2M pages when only portions of a
GB page are included in the request.
No attempt is made to coalesce mapping requests. If a request requires
a map entry at the 2M (pmd) level, subsequent mapping requests within
the same 1G region will also be at the pmd level, even if adjacent or
overlapping such requests could have been combined to map a full
gbpage. Existing usage starts with larger regions and then adds
smaller regions, so this should not have any great consequence.
[ dhansen: fix up comment formatting, simplifty changelog ]
Signed-off-by: Steve Wahl <steve.wahl@hpe.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/20240126164841.170866-1-steve.wahl%40hpe.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/x86/mm/ident_map.c | 23 ++++++++++++++++++-----
1 file changed, 18 insertions(+), 5 deletions(-)
--- a/arch/x86/mm/ident_map.c
+++ b/arch/x86/mm/ident_map.c
@@ -26,18 +26,31 @@ static int ident_pud_init(struct x86_map
for (; addr < end; addr = next) {
pud_t *pud = pud_page + pud_index(addr);
pmd_t *pmd;
+ bool use_gbpage;
next = (addr & PUD_MASK) + PUD_SIZE;
if (next > end)
next = end;
- if (info->direct_gbpages) {
- pud_t pudval;
+ /* if this is already a gbpage, this portion is already mapped */
+ if (pud_large(*pud))
+ continue;
+
+ /* Is using a gbpage allowed? */
+ use_gbpage = info->direct_gbpages;
- if (pud_present(*pud))
- continue;
+ /* Don't use gbpage if it maps more than the requested region. */
+ /* at the begining: */
+ use_gbpage &= ((addr & ~PUD_MASK) == 0);
+ /* ... or at the end: */
+ use_gbpage &= ((next & ~PUD_MASK) == 0);
+
+ /* Never overwrite existing mappings */
+ use_gbpage &= !pud_present(*pud);
+
+ if (use_gbpage) {
+ pud_t pudval;
- addr &= PUD_MASK;
pudval = __pud((addr - info->offset) | info->page_flag);
set_pud(pud, pudval);
continue;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 131/197] io_uring/net: fix multishot accept overflow handling
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (129 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 130/197] x86/mm/ident_map: Use gbpages only where full GB page should be mapped Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 132/197] mmc: slot-gpio: Allow non-sleeping GPIO ro Greg Kroah-Hartman
` (69 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jens Axboe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jens Axboe <axboe@kernel.dk>
commit a37ee9e117ef73bbc2f5c0b31911afd52d229861 upstream.
If we hit CQ ring overflow when attempting to post a multishot accept
completion, we don't properly save the result or return code. This
results in losing the accepted fd value.
Instead, we return the result from the poll operation that triggered
the accept retry. This is generally POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND
which is 0xc3, or 195, which looks like a valid file descriptor, but it
really has no connection to that.
Handle this like we do for other multishot completions - assign the
result, and return IOU_STOP_MULTISHOT to cancel any further completions
from this request when overflow is hit. This preserves the result, as we
should, and tells the application that the request needs to be re-armed.
Cc: stable@vger.kernel.org
Fixes: 515e26961295 ("io_uring: revert "io_uring fix multishot accept ordering"")
Link: https://github.com/axboe/liburing/issues/1062
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
io_uring/net.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/io_uring/net.c
+++ b/io_uring/net.c
@@ -1326,7 +1326,7 @@ retry:
* has already been done
*/
if (issue_flags & IO_URING_F_MULTISHOT)
- ret = IOU_ISSUE_SKIP_COMPLETE;
+ return IOU_ISSUE_SKIP_COMPLETE;
return ret;
}
if (ret == -ERESTARTSYS)
@@ -1350,7 +1350,8 @@ retry:
if (io_post_aux_cqe(ctx, req->cqe.user_data, ret, IORING_CQE_F_MORE, false))
goto retry;
- return -ECANCELED;
+ io_req_set_res(req, ret, 0);
+ return IOU_STOP_MULTISHOT;
}
int io_socket_prep(struct io_kiocb *req, const struct io_uring_sqe *sqe)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 132/197] mmc: slot-gpio: Allow non-sleeping GPIO ro
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (130 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 131/197] io_uring/net: fix multishot accept overflow handling Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 133/197] ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Greg Kroah-Hartman
` (68 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexander Stein, Ulf Hansson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexander Stein <alexander.stein@ew.tq-group.com>
commit cc9432c4fb159a3913e0ce3173b8218cd5bad2e0 upstream.
This change uses the appropriate _cansleep or non-sleeping API for
reading GPIO read-only state. This allows users with GPIOs that
never sleepbeing called in atomic context.
Implement the same mechanism as in commit 52af318c93e97 ("mmc: Allow
non-sleeping GPIO cd").
Signed-off-by: Alexander Stein <alexander.stein@ew.tq-group.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240206083912.2543142-1-alexander.stein@ew.tq-group.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/core/slot-gpio.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/drivers/mmc/core/slot-gpio.c
+++ b/drivers/mmc/core/slot-gpio.c
@@ -62,11 +62,15 @@ int mmc_gpio_alloc(struct mmc_host *host
int mmc_gpio_get_ro(struct mmc_host *host)
{
struct mmc_gpio *ctx = host->slot.handler_priv;
+ int cansleep;
if (!ctx || !ctx->ro_gpio)
return -ENOSYS;
- return gpiod_get_value_cansleep(ctx->ro_gpio);
+ cansleep = gpiod_cansleep(ctx->ro_gpio);
+ return cansleep ?
+ gpiod_get_value_cansleep(ctx->ro_gpio) :
+ gpiod_get_value(ctx->ro_gpio);
}
EXPORT_SYMBOL(mmc_gpio_get_ro);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 133/197] ALSA: hda/realtek: fix mute/micmute LED For HP mt645
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (131 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 132/197] mmc: slot-gpio: Allow non-sleeping GPIO ro Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 134/197] ALSA: hda/conexant: Add quirk for SWS JS201D Greg Kroah-Hartman
` (67 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eniac Zhang, Alexandru Gagniuc,
Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eniac Zhang <eniac-xw.zhang@hp.com>
commit 32f03f4002c5df837fb920eb23fcd2f4af9b0b23 upstream.
The HP mt645 G7 Thin Client uses an ALC236 codec and needs the
ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF quirk to make the mute and
micmute LEDs work.
There are two variants of the USB-C PD chip on this device. Each uses
a different BIOS and board ID, hence the two entries.
Signed-off-by: Eniac Zhang <eniac-xw.zhang@hp.com>
Signed-off-by: Alexandru Gagniuc <alexandru.gagniuc@hp.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240215154922.778394-1-alexandru.gagniuc@hp.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_realtek.c | 2 ++
1 file changed, 2 insertions(+)
--- a/sound/pci/hda/patch_realtek.c
+++ b/sound/pci/hda/patch_realtek.c
@@ -9690,6 +9690,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8abb, "HP ZBook Firefly 14 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8ad1, "HP EliteBook 840 14 inch G9 Notebook PC", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8ad2, "HP EliteBook 860 16 inch G9 Notebook PC", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8b0f, "HP Elite mt645 G7 Mobile Thin Client U81", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8b2f, "HP 255 15.6 inch G10 Notebook PC", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2),
SND_PCI_QUIRK(0x103c, 0x8b42, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8b43, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
@@ -9697,6 +9698,7 @@ static const struct snd_pci_quirk alc269
SND_PCI_QUIRK(0x103c, 0x8b45, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8b46, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
SND_PCI_QUIRK(0x103c, 0x8b47, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
+ SND_PCI_QUIRK(0x103c, 0x8b59, "HP Elite mt645 G7 Mobile Thin Client U89", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8b5d, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8b5e, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF),
SND_PCI_QUIRK(0x103c, 0x8b63, "HP Elite Dragonfly 13.5 inch G4", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED),
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 134/197] ALSA: hda/conexant: Add quirk for SWS JS201D
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (132 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 133/197] ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 135/197] nilfs2: fix data corruption in dsync block recovery for small block sizes Greg Kroah-Hartman
` (66 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, bo liu, Takashi Iwai
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: bo liu <bo.liu@senarytech.com>
commit 4639c5021029d49fd2f97fa8d74731f167f98919 upstream.
The SWS JS201D need a different pinconfig from windows driver.
Add a quirk to use a specific pinconfig to SWS JS201D.
Signed-off-by: bo liu <bo.liu@senarytech.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20240205013802.51907-1-bo.liu@senarytech.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/pci/hda/patch_conexant.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/sound/pci/hda/patch_conexant.c
+++ b/sound/pci/hda/patch_conexant.c
@@ -344,6 +344,7 @@ enum {
CXT_FIXUP_HP_ZBOOK_MUTE_LED,
CXT_FIXUP_HEADSET_MIC,
CXT_FIXUP_HP_MIC_NO_PRESENCE,
+ CXT_PINCFG_SWS_JS201D,
};
/* for hda_fixup_thinkpad_acpi() */
@@ -841,6 +842,17 @@ static const struct hda_pintbl cxt_pincf
{}
};
+/* SuoWoSi/South-holding JS201D with sn6140 */
+static const struct hda_pintbl cxt_pincfg_sws_js201d[] = {
+ { 0x16, 0x03211040 }, /* hp out */
+ { 0x17, 0x91170110 }, /* SPK/Class_D */
+ { 0x18, 0x95a70130 }, /* Internal mic */
+ { 0x19, 0x03a11020 }, /* Headset Mic */
+ { 0x1a, 0x40f001f0 }, /* Not used */
+ { 0x21, 0x40f001f0 }, /* Not used */
+ {}
+};
+
static const struct hda_fixup cxt_fixups[] = {
[CXT_PINCFG_LENOVO_X200] = {
.type = HDA_FIXUP_PINS,
@@ -996,6 +1008,10 @@ static const struct hda_fixup cxt_fixups
.chained = true,
.chain_id = CXT_FIXUP_HEADSET_MIC,
},
+ [CXT_PINCFG_SWS_JS201D] = {
+ .type = HDA_FIXUP_PINS,
+ .v.pins = cxt_pincfg_sws_js201d,
+ },
};
static const struct snd_pci_quirk cxt5045_fixups[] = {
@@ -1069,6 +1085,7 @@ static const struct snd_pci_quirk cxt506
SND_PCI_QUIRK(0x103c, 0x8457, "HP Z2 G4 mini", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x103c, 0x8458, "HP Z2 G4 mini premium", CXT_FIXUP_HP_MIC_NO_PRESENCE),
SND_PCI_QUIRK(0x1043, 0x138d, "Asus", CXT_FIXUP_HEADPHONE_MIC_PIN),
+ SND_PCI_QUIRK(0x14f1, 0x0265, "SWS JS201D", CXT_PINCFG_SWS_JS201D),
SND_PCI_QUIRK(0x152d, 0x0833, "OLPC XO-1.5", CXT_FIXUP_OLPC_XO),
SND_PCI_QUIRK(0x17aa, 0x20f2, "Lenovo T400", CXT_PINCFG_LENOVO_TP410),
SND_PCI_QUIRK(0x17aa, 0x215e, "Lenovo T410", CXT_PINCFG_LENOVO_TP410),
@@ -1109,6 +1126,7 @@ static const struct hda_model_fixup cxt5
{ .id = CXT_FIXUP_HP_ZBOOK_MUTE_LED, .name = "hp-zbook-mute-led" },
{ .id = CXT_FIXUP_HP_MIC_NO_PRESENCE, .name = "hp-mic-fix" },
{ .id = CXT_PINCFG_LENOVO_NOTEBOOK, .name = "lenovo-20149" },
+ { .id = CXT_PINCFG_SWS_JS201D, .name = "sws-js201d" },
{}
};
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 135/197] nilfs2: fix data corruption in dsync block recovery for small block sizes
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (133 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 134/197] ALSA: hda/conexant: Add quirk for SWS JS201D Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 136/197] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
` (65 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 67b8bcbaed4777871bb0dcc888fb02a614a98ab1 upstream.
The helper function nilfs_recovery_copy_block() of
nilfs_recovery_dsync_blocks(), which recovers data from logs created by
data sync writes during a mount after an unclean shutdown, incorrectly
calculates the on-page offset when copying repair data to the file's page
cache. In environments where the block size is smaller than the page
size, this flaw can cause data corruption and leak uninitialized memory
bytes during the recovery process.
Fix these issues by correcting this byte offset calculation on the page.
Link: https://lkml.kernel.org/r/20240124121936.10575-1-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/recovery.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--- a/fs/nilfs2/recovery.c
+++ b/fs/nilfs2/recovery.c
@@ -472,9 +472,10 @@ static int nilfs_prepare_segment_for_rec
static int nilfs_recovery_copy_block(struct the_nilfs *nilfs,
struct nilfs_recovery_block *rb,
- struct page *page)
+ loff_t pos, struct page *page)
{
struct buffer_head *bh_org;
+ size_t from = pos & ~PAGE_MASK;
void *kaddr;
bh_org = __bread(nilfs->ns_bdev, rb->blocknr, nilfs->ns_blocksize);
@@ -482,7 +483,7 @@ static int nilfs_recovery_copy_block(str
return -EIO;
kaddr = kmap_atomic(page);
- memcpy(kaddr + bh_offset(bh_org), bh_org->b_data, bh_org->b_size);
+ memcpy(kaddr + from, bh_org->b_data, bh_org->b_size);
kunmap_atomic(kaddr);
brelse(bh_org);
return 0;
@@ -521,7 +522,7 @@ static int nilfs_recover_dsync_blocks(st
goto failed_inode;
}
- err = nilfs_recovery_copy_block(nilfs, rb, page);
+ err = nilfs_recovery_copy_block(nilfs, rb, pos, page);
if (unlikely(err))
goto failed_page;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 136/197] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (134 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 135/197] nilfs2: fix data corruption in dsync block recovery for small block sizes Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 137/197] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Greg Kroah-Hartman
` (64 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryusuke Konishi,
syzbot+ee2ae68da3b22d04cd8d, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
commit 38296afe3c6ee07319e01bb249aa4bb47c07b534 upstream.
Syzbot reported a hang issue in migrate_pages_batch() called by mbind()
and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.
While migrate_pages_batch() locks a folio and waits for the writeback to
complete, the log writer thread that should bring the writeback to
completion picks up the folio being written back in
nilfs_lookup_dirty_data_buffers() that it calls for subsequent log
creation and was trying to lock the folio. Thus causing a deadlock.
In the first place, it is unexpected that folios/pages in the middle of
writeback will be updated and become dirty. Nilfs2 adds a checksum to
verify the validity of the log being written and uses it for recovery at
mount, so data changes during writeback are suppressed. Since this is
broken, an unclean shutdown could potentially cause recovery to fail.
Investigation revealed that the root cause is that the wait for writeback
completion in nilfs_page_mkwrite() is conditional, and if the backing
device does not require stable writes, data may be modified without
waiting.
Fix these issues by making nilfs_page_mkwrite() wait for writeback to
finish regardless of the stable write requirement of the backing device.
Link: https://lkml.kernel.org/r/20240131145657.4209-1-konishi.ryusuke@gmail.com
Fixes: 1d1d1a767206 ("mm: only enforce stable page writes if the backing device requires it")
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Reported-by: syzbot+ee2ae68da3b22d04cd8d@syzkaller.appspotmail.com
Closes: https://lkml.kernel.org/r/00000000000047d819061004ad6c@google.com
Tested-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nilfs2/file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
--- a/fs/nilfs2/file.c
+++ b/fs/nilfs2/file.c
@@ -105,7 +105,13 @@ static vm_fault_t nilfs_page_mkwrite(str
nilfs_transaction_commit(inode->i_sb);
mapped:
- wait_for_stable_page(page);
+ /*
+ * Since checksumming including data blocks is performed to determine
+ * the validity of the log to be written and used for recovery, it is
+ * necessary to wait for writeback to finish here, regardless of the
+ * stable write requirement of the backing device.
+ */
+ wait_on_page_writeback(page);
out:
sb_end_pagefault(inode->i_sb);
return block_page_mkwrite_return(ret);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 137/197] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (135 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 136/197] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 138/197] nfp: use correct macro for LengthSelect in BAR config Greg Kroah-Hartman
` (63 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mario Limonciello, Kim Phillips,
Liam Merwick, John Allen, Herbert Xu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Kim Phillips <kim.phillips@amd.com>
commit ccb88e9549e7cfd8bcd511c538f437e20026e983 upstream.
The SEV platform device can be shutdown with a null psp_master,
e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:
[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)
[ 137.162647] ccp 0000:23:00.1: no command queues available
[ 137.170598] ccp 0000:23:00.1: sev enabled
[ 137.174645] ccp 0000:23:00.1: psp enabled
[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI
[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]
[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311
[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180
[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c
[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216
[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e
[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0
[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66
[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28
[ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8
[ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000
[ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0
[ 137.182693] Call Trace:
[ 137.182693] <TASK>
[ 137.182693] ? show_regs+0x6c/0x80
[ 137.182693] ? __die_body+0x24/0x70
[ 137.182693] ? die_addr+0x4b/0x80
[ 137.182693] ? exc_general_protection+0x126/0x230
[ 137.182693] ? asm_exc_general_protection+0x2b/0x30
[ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180
[ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80
[ 137.182693] sev_dev_destroy+0x49/0x100
[ 137.182693] psp_dev_destroy+0x47/0xb0
[ 137.182693] sp_destroy+0xbb/0x240
[ 137.182693] sp_pci_remove+0x45/0x60
[ 137.182693] pci_device_remove+0xaa/0x1d0
[ 137.182693] device_remove+0xc7/0x170
[ 137.182693] really_probe+0x374/0xbe0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] __driver_probe_device+0x199/0x460
[ 137.182693] driver_probe_device+0x4e/0xd0
[ 137.182693] __driver_attach+0x191/0x3d0
[ 137.182693] ? __pfx___driver_attach+0x10/0x10
[ 137.182693] bus_for_each_dev+0x100/0x190
[ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10
[ 137.182693] ? __kasan_check_read+0x15/0x20
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? _raw_spin_unlock+0x27/0x50
[ 137.182693] driver_attach+0x41/0x60
[ 137.182693] bus_add_driver+0x2a8/0x580
[ 137.182693] driver_register+0x141/0x480
[ 137.182693] __pci_register_driver+0x1d6/0x2a0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0
[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10
[ 137.182693] sp_pci_init+0x22/0x30
[ 137.182693] sp_mod_init+0x14/0x30
[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10
[ 137.182693] do_one_initcall+0xd1/0x470
[ 137.182693] ? __pfx_do_one_initcall+0x10/0x10
[ 137.182693] ? parameq+0x80/0xf0
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] ? __kmalloc+0x3b0/0x4e0
[ 137.182693] ? kernel_init_freeable+0x92d/0x1050
[ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190
[ 137.182693] ? srso_return_thunk+0x5/0x5f
[ 137.182693] kernel_init_freeable+0xa64/0x1050
[ 137.182693] ? __pfx_kernel_init+0x10/0x10
[ 137.182693] kernel_init+0x24/0x160
[ 137.182693] ? __switch_to_asm+0x3e/0x70
[ 137.182693] ret_from_fork+0x40/0x80
[ 137.182693] ? __pfx_kernel_init+0x10/0x10
[ 137.182693] ret_from_fork_asm+0x1b/0x30
[ 137.182693] </TASK>
[ 137.182693] Modules linked in:
[ 137.538483] ---[ end trace 0000000000000000 ]---
Fixes: 1b05ece0c931 ("crypto: ccp - During shutdown, check SEV data pointer before using")
Cc: stable@vger.kernel.org
Reviewed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
Acked-by: John Allen <john.allen@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/crypto/ccp/sev-dev.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -515,10 +515,16 @@ EXPORT_SYMBOL_GPL(sev_platform_init);
static int __sev_platform_shutdown_locked(int *error)
{
- struct sev_device *sev = psp_master->sev_data;
+ struct psp_device *psp = psp_master;
+ struct sev_device *sev;
int ret;
- if (!sev || sev->state == SEV_STATE_UNINIT)
+ if (!psp || !psp->sev_data)
+ return 0;
+
+ sev = psp->sev_data;
+
+ if (sev->state == SEV_STATE_UNINIT)
return 0;
ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 138/197] nfp: use correct macro for LengthSelect in BAR config
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (136 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 137/197] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 139/197] nfp: flower: prevent re-adding mac index for bonded port Greg Kroah-Hartman
` (62 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel Basilio, Louis Peens,
David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Basilio <daniel.basilio@corigine.com>
commit b3d4f7f2288901ed2392695919b3c0e24c1b4084 upstream.
The 1st and 2nd expansion BAR configuration registers are configured,
when the driver starts up, in variables 'barcfg_msix_general' and
'barcfg_msix_xpb', respectively. The 'LengthSelect' field is ORed in
from bit 0, which is incorrect. The 'LengthSelect' field should
start from bit 27.
This has largely gone un-noticed because
NFP_PCIE_BAR_PCIE2CPP_LengthSelect_32BIT happens to be 0.
Fixes: 4cb584e0ee7d ("nfp: add CPP access core")
Cc: stable@vger.kernel.org # 4.11+
Signed-off-by: Daniel Basilio <daniel.basilio@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
+++ b/drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c
@@ -537,11 +537,13 @@ static int enable_bars(struct nfp6000_pc
const u32 barcfg_msix_general =
NFP_PCIE_BAR_PCIE2CPP_MapType(
NFP_PCIE_BAR_PCIE2CPP_MapType_GENERAL) |
- NFP_PCIE_BAR_PCIE2CPP_LengthSelect_32BIT;
+ NFP_PCIE_BAR_PCIE2CPP_LengthSelect(
+ NFP_PCIE_BAR_PCIE2CPP_LengthSelect_32BIT);
const u32 barcfg_msix_xpb =
NFP_PCIE_BAR_PCIE2CPP_MapType(
NFP_PCIE_BAR_PCIE2CPP_MapType_BULK) |
- NFP_PCIE_BAR_PCIE2CPP_LengthSelect_32BIT |
+ NFP_PCIE_BAR_PCIE2CPP_LengthSelect(
+ NFP_PCIE_BAR_PCIE2CPP_LengthSelect_32BIT) |
NFP_PCIE_BAR_PCIE2CPP_Target_BaseAddress(
NFP_CPP_TARGET_ISLAND_XPB);
const u32 barcfg_explicit[4] = {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 139/197] nfp: flower: prevent re-adding mac index for bonded port
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (137 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 138/197] nfp: use correct macro for LengthSelect in BAR config Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 140/197] wifi: cfg80211: fix wiphy delayed work queueing Greg Kroah-Hartman
` (61 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Daniel de Villiers, Louis Peens,
David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel de Villiers <daniel.devilliers@corigine.com>
commit 1a1c13303ff6d64e6f718dc8aa614e580ca8d9b4 upstream.
When physical ports are reset (either through link failure or manually
toggled down and up again) that are slaved to a Linux bond with a tunnel
endpoint IP address on the bond device, not all tunnel packets arriving
on the bond port are decapped as expected.
The bond dev assigns the same MAC address to itself and each of its
slaves. When toggling a slave device, the same MAC address is therefore
offloaded to the NFP multiple times with different indexes.
The issue only occurs when re-adding the shared mac. The
nfp_tunnel_add_shared_mac() function has a conditional check early on
that checks if a mac entry already exists and if that mac entry is
global: (entry && nfp_tunnel_is_mac_idx_global(entry->index)). In the
case of a bonded device (For example br-ex), the mac index is obtained,
and no new index is assigned.
We therefore modify the conditional in nfp_tunnel_add_shared_mac() to
check if the port belongs to the LAG along with the existing checks to
prevent a new global mac index from being re-assigned to the slave port.
Fixes: 20cce8865098 ("nfp: flower: enable MAC address sharing for offloadable devs")
CC: stable@vger.kernel.org # 5.1+
Signed-off-by: Daniel de Villiers <daniel.devilliers@corigine.com>
Signed-off-by: Louis Peens <louis.peens@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
+++ b/drivers/net/ethernet/netronome/nfp/flower/tunnel_conf.c
@@ -980,7 +980,7 @@ nfp_tunnel_add_shared_mac(struct nfp_app
u16 nfp_mac_idx = 0;
entry = nfp_tunnel_lookup_offloaded_macs(app, netdev->dev_addr);
- if (entry && nfp_tunnel_is_mac_idx_global(entry->index)) {
+ if (entry && (nfp_tunnel_is_mac_idx_global(entry->index) || netif_is_lag_port(netdev))) {
if (entry->bridge_count ||
!nfp_flower_is_supported_bridge(netdev)) {
nfp_tunnel_offloaded_macs_inc_ref_and_link(entry,
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 140/197] wifi: cfg80211: fix wiphy delayed work queueing
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (138 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 139/197] nfp: flower: prevent re-adding mac index for bonded port Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 141/197] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Greg Kroah-Hartman
` (60 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jouni Malinen, Johannes Berg
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit b743287d7a0007493f5cada34ed2085d475050b4 upstream.
When a wiphy work is queued with timer, and then again
without a delay, it's started immediately but *also*
started again after the timer expires. This can lead,
for example, to warnings in mac80211's offchannel code
as reported by Jouni. Running the same work twice isn't
expected, of course. Fix this by deleting the timer at
this point, when queuing immediately due to delay=0.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Fixes: a3ee4dc84c4e ("wifi: cfg80211: add a work abstraction with special semantics")
Link: https://msgid.link/20240125095108.2feb0eaaa446.I4617f3210ed0e7f252290d5970dac6a876aa595b@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/wireless/core.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/wireless/core.c
+++ b/net/wireless/core.c
@@ -1671,6 +1671,7 @@ void wiphy_delayed_work_queue(struct wip
unsigned long delay)
{
if (!delay) {
+ del_timer(&dwork->timer);
wiphy_work_queue(wiphy, &dwork->work);
return;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 141/197] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (139 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 140/197] wifi: cfg80211: fix wiphy delayed work queueing Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 142/197] irqchip/irq-brcmstb-l2: Add write memory barrier before exit Greg Kroah-Hartman
` (59 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Johannes Berg
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johannes Berg <johannes.berg@intel.com>
commit c98d8836b817d11fdff4ca7749cbbe04ff7f0c64 upstream.
This pointer can change here since the SKB can change, so we
actually later open-coded IEEE80211_SKB_CB() again. Reload
the pointer where needed, so the monitor-mode case using it
gets fixed, and then use info-> later as well.
Cc: stable@vger.kernel.org
Fixes: 531682159092 ("mac80211: fix VLAN handling with TXQs")
Link: https://msgid.link/20240131164910.b54c28d583bc.I29450cec84ea6773cff5d9c16ff92b836c331471@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/mac80211/tx.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -5,7 +5,7 @@
* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
* Copyright 2013-2014 Intel Mobile Communications GmbH
- * Copyright (C) 2018-2022 Intel Corporation
+ * Copyright (C) 2018-2024 Intel Corporation
*
* Transmit and frame generation functions.
*/
@@ -3838,6 +3838,7 @@ begin:
goto begin;
skb = __skb_dequeue(&tx.skbs);
+ info = IEEE80211_SKB_CB(skb);
if (!skb_queue_empty(&tx.skbs)) {
spin_lock_bh(&fq->lock);
@@ -3882,7 +3883,7 @@ begin:
}
encap_out:
- IEEE80211_SKB_CB(skb)->control.vif = vif;
+ info->control.vif = vif;
if (tx.sta &&
wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 142/197] irqchip/irq-brcmstb-l2: Add write memory barrier before exit
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (140 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 141/197] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 143/197] irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Greg Kroah-Hartman
` (58 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Doug Berger, Florian Fainelli,
Thomas Gleixner, Marc Zyngier
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Doug Berger <opendmb@gmail.com>
commit b0344d6854d25a8b3b901c778b1728885dd99007 upstream.
It was observed on Broadcom devices that use GIC v3 architecture L1
interrupt controllers as the parent of brcmstb-l2 interrupt controllers
that the deactivation of the parent interrupt could happen before the
brcmstb-l2 deasserted its output. This would lead the GIC to reactivate the
interrupt only to find that no L2 interrupt was pending. The result was a
spurious interrupt invoking handle_bad_irq() with its associated
messaging. While this did not create a functional problem it is a waste of
cycles.
The hazard exists because the memory mapped bus writes to the brcmstb-l2
registers are buffered and the GIC v3 architecture uses a very efficient
system register write to deactivate the interrupt.
Add a write memory barrier prior to invoking chained_irq_exit() to
introduce a dsb(st) on those systems to ensure the system register write
cannot be executed until the memory mapped writes are visible to the
system.
[ florian: Added Fixes tag ]
Fixes: 7f646e92766e ("irqchip: brcmstb-l2: Add Broadcom Set Top Box Level-2 interrupt controller")
Signed-off-by: Doug Berger <opendmb@gmail.com>
Signed-off-by: Florian Fainelli <florian.fainelli@broadcom.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Florian Fainelli <florian.fainelli@broadcom.com>
Acked-by: Marc Zyngier <maz@kernel.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240210012449.3009125-1-florian.fainelli@broadcom.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-brcmstb-l2.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/irqchip/irq-brcmstb-l2.c
+++ b/drivers/irqchip/irq-brcmstb-l2.c
@@ -2,7 +2,7 @@
/*
* Generic Broadcom Set Top Box Level 2 Interrupt controller driver
*
- * Copyright (C) 2014-2017 Broadcom
+ * Copyright (C) 2014-2024 Broadcom
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
@@ -113,6 +113,9 @@ static void brcmstb_l2_intc_irq_handle(s
generic_handle_domain_irq(b->domain, irq);
} while (status);
out:
+ /* Don't ack parent before all device writes are done */
+ wmb();
+
chained_irq_exit(chip, desc);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 143/197] irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (141 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 142/197] irqchip/irq-brcmstb-l2: Add write memory barrier before exit Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 144/197] zonefs: Improve error handling Greg Kroah-Hartman
` (57 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Kunkun Jiang, Marc Zyngier,
Thomas Gleixner
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Zyngier <maz@kernel.org>
commit af9acbfc2c4b72c378d0b9a2ee023ed01055d3e2 upstream.
When updating the affinity of a VPE, the VMOVP command is currently skipped
if the two CPUs are part of the same VPE affinity.
But this is wrong, as the doorbell corresponding to this VPE is still
delivered on the 'old' CPU, which screws up the balancing. Furthermore,
offlining that 'old' CPU results in doorbell interrupts generated for this
VPE being discarded.
The harsh reality is that VMOVP cannot be elided when a set_affinity()
request occurs. It needs to be obeyed, and if an optimisation is to be
made, it is at the point where the affinity change request is made (such as
in KVM).
Drop the VMOVP elision altogether, and only use the vpe_table_mask
to try and stay within the same ITS affinity group if at all possible.
Fixes: dd3f050a216e (irqchip/gic-v4.1: Implement the v4.1 flavour of VMOVP)
Reported-by: Kunkun Jiang <jiangkunkun@huawei.com>
Signed-off-by: Marc Zyngier <maz@kernel.org>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240213101206.2137483-4-maz@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/irqchip/irq-gic-v3-its.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
--- a/drivers/irqchip/irq-gic-v3-its.c
+++ b/drivers/irqchip/irq-gic-v3-its.c
@@ -3805,8 +3805,9 @@ static int its_vpe_set_affinity(struct i
bool force)
{
struct its_vpe *vpe = irq_data_get_irq_chip_data(d);
- int from, cpu = cpumask_first(mask_val);
+ struct cpumask common, *table_mask;
unsigned long flags;
+ int from, cpu;
/*
* Changing affinity is mega expensive, so let's be as lazy as
@@ -3822,19 +3823,22 @@ static int its_vpe_set_affinity(struct i
* taken on any vLPI handling path that evaluates vpe->col_idx.
*/
from = vpe_to_cpuid_lock(vpe, &flags);
- if (from == cpu)
- goto out;
-
- vpe->col_idx = cpu;
+ table_mask = gic_data_rdist_cpu(from)->vpe_table_mask;
/*
- * GICv4.1 allows us to skip VMOVP if moving to a cpu whose RD
- * is sharing its VPE table with the current one.
+ * If we are offered another CPU in the same GICv4.1 ITS
+ * affinity, pick this one. Otherwise, any CPU will do.
*/
- if (gic_data_rdist_cpu(cpu)->vpe_table_mask &&
- cpumask_test_cpu(from, gic_data_rdist_cpu(cpu)->vpe_table_mask))
+ if (table_mask && cpumask_and(&common, mask_val, table_mask))
+ cpu = cpumask_test_cpu(from, &common) ? from : cpumask_first(&common);
+ else
+ cpu = cpumask_first(mask_val);
+
+ if (from == cpu)
goto out;
+ vpe->col_idx = cpu;
+
its_send_vmovp(vpe);
its_vpe_db_proxy_move(vpe, from, cpu);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 144/197] zonefs: Improve error handling
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (142 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 143/197] irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 145/197] mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk cant be detected by BIOS Greg Kroah-Hartman
` (56 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Shinichiro Kawasaki, Damien Le Moal,
Johannes Thumshirn, Himanshu Madhani
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
commit 14db5f64a971fce3d8ea35de4dfc7f443a3efb92 upstream.
Write error handling is racy and can sometime lead to the error recovery
path wrongly changing the inode size of a sequential zone file to an
incorrect value which results in garbage data being readable at the end
of a file. There are 2 problems:
1) zonefs_file_dio_write() updates a zone file write pointer offset
after issuing a direct IO with iomap_dio_rw(). This update is done
only if the IO succeed for synchronous direct writes. However, for
asynchronous direct writes, the update is done without waiting for
the IO completion so that the next asynchronous IO can be
immediately issued. However, if an asynchronous IO completes with a
failure right before the i_truncate_mutex lock protecting the update,
the update may change the value of the inode write pointer offset
that was corrected by the error path (zonefs_io_error() function).
2) zonefs_io_error() is called when a read or write error occurs. This
function executes a report zone operation using the callback function
zonefs_io_error_cb(), which does all the error recovery handling
based on the current zone condition, write pointer position and
according to the mount options being used. However, depending on the
zoned device being used, a report zone callback may be executed in a
context that is different from the context of __zonefs_io_error(). As
a result, zonefs_io_error_cb() may be executed without the inode
truncate mutex lock held, which can lead to invalid error processing.
Fix both problems as follows:
- Problem 1: Perform the inode write pointer offset update before a
direct write is issued with iomap_dio_rw(). This is safe to do as
partial direct writes are not supported (IOMAP_DIO_PARTIAL is not
set) and any failed IO will trigger the execution of zonefs_io_error()
which will correct the inode write pointer offset to reflect the
current state of the one on the device.
- Problem 2: Change zonefs_io_error_cb() into zonefs_handle_io_error()
and call this function directly from __zonefs_io_error() after
obtaining the zone information using blkdev_report_zones() with a
simple callback function that copies to a local stack variable the
struct blk_zone obtained from the device. This ensures that error
handling is performed holding the inode truncate mutex.
This change also simplifies error handling for conventional zone files
by bypassing the execution of report zones entirely. This is safe to
do because the condition of conventional zones cannot be read-only or
offline and conventional zone files are always fully mapped with a
constant file size.
Reported-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Fixes: 8dcc1a9d90c1 ("fs: New zonefs file system")
Cc: stable@vger.kernel.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/zonefs/file.c | 42 +++++++++++++++++++++------------
fs/zonefs/super.c | 68 ++++++++++++++++++++++++++++++------------------------
2 files changed, 66 insertions(+), 44 deletions(-)
--- a/fs/zonefs/file.c
+++ b/fs/zonefs/file.c
@@ -349,7 +349,12 @@ static int zonefs_file_write_dio_end_io(
struct zonefs_inode_info *zi = ZONEFS_I(inode);
if (error) {
- zonefs_io_error(inode, true);
+ /*
+ * For Sync IOs, error recovery is called from
+ * zonefs_file_dio_write().
+ */
+ if (!is_sync_kiocb(iocb))
+ zonefs_io_error(inode, true);
return error;
}
@@ -577,6 +582,14 @@ static ssize_t zonefs_file_dio_write(str
ret = -EINVAL;
goto inode_unlock;
}
+ /*
+ * Advance the zone write pointer offset. This assumes that the
+ * IO will succeed, which is OK to do because we do not allow
+ * partial writes (IOMAP_DIO_PARTIAL is not set) and if the IO
+ * fails, the error path will correct the write pointer offset.
+ */
+ z->z_wpoffset += count;
+ zonefs_inode_account_active(inode);
mutex_unlock(&zi->i_truncate_mutex);
append = sync;
}
@@ -596,20 +609,19 @@ static ssize_t zonefs_file_dio_write(str
ret = -EBUSY;
}
- if (zonefs_zone_is_seq(z) &&
- (ret > 0 || ret == -EIOCBQUEUED)) {
- if (ret > 0)
- count = ret;
-
- /*
- * Update the zone write pointer offset assuming the write
- * operation succeeded. If it did not, the error recovery path
- * will correct it. Also do active seq file accounting.
- */
- mutex_lock(&zi->i_truncate_mutex);
- z->z_wpoffset += count;
- zonefs_inode_account_active(inode);
- mutex_unlock(&zi->i_truncate_mutex);
+ /*
+ * For a failed IO or partial completion, trigger error recovery
+ * to update the zone write pointer offset to a correct value.
+ * For asynchronous IOs, zonefs_file_write_dio_end_io() may already
+ * have executed error recovery if the IO already completed when we
+ * reach here. However, we cannot know that and execute error recovery
+ * again (that will not change anything).
+ */
+ if (zonefs_zone_is_seq(z)) {
+ if (ret > 0 && ret != count)
+ ret = -EIO;
+ if (ret < 0 && ret != -EIOCBQUEUED)
+ zonefs_io_error(inode, true);
}
inode_unlock:
--- a/fs/zonefs/super.c
+++ b/fs/zonefs/super.c
@@ -245,16 +245,18 @@ static void zonefs_inode_update_mode(str
z->z_flags &= ~ZONEFS_ZONE_INIT_MODE;
}
-struct zonefs_ioerr_data {
- struct inode *inode;
- bool write;
-};
-
static int zonefs_io_error_cb(struct blk_zone *zone, unsigned int idx,
void *data)
{
- struct zonefs_ioerr_data *err = data;
- struct inode *inode = err->inode;
+ struct blk_zone *z = data;
+
+ *z = *zone;
+ return 0;
+}
+
+static void zonefs_handle_io_error(struct inode *inode, struct blk_zone *zone,
+ bool write)
+{
struct zonefs_zone *z = zonefs_inode_zone(inode);
struct super_block *sb = inode->i_sb;
struct zonefs_sb_info *sbi = ZONEFS_SB(sb);
@@ -269,8 +271,8 @@ static int zonefs_io_error_cb(struct blk
data_size = zonefs_check_zone_condition(sb, z, zone);
isize = i_size_read(inode);
if (!(z->z_flags & (ZONEFS_ZONE_READONLY | ZONEFS_ZONE_OFFLINE)) &&
- !err->write && isize == data_size)
- return 0;
+ !write && isize == data_size)
+ return;
/*
* At this point, we detected either a bad zone or an inconsistency
@@ -291,7 +293,7 @@ static int zonefs_io_error_cb(struct blk
* In all cases, warn about inode size inconsistency and handle the
* IO error according to the zone condition and to the mount options.
*/
- if (zonefs_zone_is_seq(z) && isize != data_size)
+ if (isize != data_size)
zonefs_warn(sb,
"inode %lu: invalid size %lld (should be %lld)\n",
inode->i_ino, isize, data_size);
@@ -351,8 +353,6 @@ static int zonefs_io_error_cb(struct blk
zonefs_i_size_write(inode, data_size);
z->z_wpoffset = data_size;
zonefs_inode_account_active(inode);
-
- return 0;
}
/*
@@ -366,23 +366,25 @@ void __zonefs_io_error(struct inode *ino
{
struct zonefs_zone *z = zonefs_inode_zone(inode);
struct super_block *sb = inode->i_sb;
- struct zonefs_sb_info *sbi = ZONEFS_SB(sb);
unsigned int noio_flag;
- unsigned int nr_zones = 1;
- struct zonefs_ioerr_data err = {
- .inode = inode,
- .write = write,
- };
+ struct blk_zone zone;
int ret;
/*
- * The only files that have more than one zone are conventional zone
- * files with aggregated conventional zones, for which the inode zone
- * size is always larger than the device zone size.
- */
- if (z->z_size > bdev_zone_sectors(sb->s_bdev))
- nr_zones = z->z_size >>
- (sbi->s_zone_sectors_shift + SECTOR_SHIFT);
+ * Conventional zone have no write pointer and cannot become read-only
+ * or offline. So simply fake a report for a single or aggregated zone
+ * and let zonefs_handle_io_error() correct the zone inode information
+ * according to the mount options.
+ */
+ if (!zonefs_zone_is_seq(z)) {
+ zone.start = z->z_sector;
+ zone.len = z->z_size >> SECTOR_SHIFT;
+ zone.wp = zone.start + zone.len;
+ zone.type = BLK_ZONE_TYPE_CONVENTIONAL;
+ zone.cond = BLK_ZONE_COND_NOT_WP;
+ zone.capacity = zone.len;
+ goto handle_io_error;
+ }
/*
* Memory allocations in blkdev_report_zones() can trigger a memory
@@ -393,12 +395,20 @@ void __zonefs_io_error(struct inode *ino
* the GFP_NOIO context avoids both problems.
*/
noio_flag = memalloc_noio_save();
- ret = blkdev_report_zones(sb->s_bdev, z->z_sector, nr_zones,
- zonefs_io_error_cb, &err);
- if (ret != nr_zones)
+ ret = blkdev_report_zones(sb->s_bdev, z->z_sector, 1,
+ zonefs_io_error_cb, &zone);
+ memalloc_noio_restore(noio_flag);
+
+ if (ret != 1) {
zonefs_err(sb, "Get inode %lu zone information failed %d\n",
inode->i_ino, ret);
- memalloc_noio_restore(noio_flag);
+ zonefs_warn(sb, "remounting filesystem read-only\n");
+ sb->s_flags |= SB_RDONLY;
+ return;
+ }
+
+handle_io_error:
+ zonefs_handle_io_error(inode, &zone, write);
}
static struct kmem_cache *zonefs_inode_cachep;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 145/197] mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk cant be detected by BIOS
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (143 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 144/197] zonefs: Improve error handling Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 146/197] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Greg Kroah-Hartman
` (55 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Fred Ai, Ulf Hansson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Fred Ai <fred.ai@bayhubtech.com>
commit 58aeb5623c2ebdadefe6352b14f8076a7073fea0 upstream.
Driver shall switch clock source from DLL clock to
OPE clock when power off card to ensure that card
can be identified with OPE clock by BIOS.
Signed-off-by: Fred Ai <fred.ai@bayhubtech.com>
Fixes:4be33cf18703 ("mmc: sdhci-pci-o2micro: Improve card input timing at SDR104/HS200 mode")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240203102908.4683-1-fredaibayhubtech@126.com
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/mmc/host/sdhci-pci-o2micro.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
--- a/drivers/mmc/host/sdhci-pci-o2micro.c
+++ b/drivers/mmc/host/sdhci-pci-o2micro.c
@@ -602,6 +602,35 @@ static void sdhci_pci_o2_set_clock(struc
sdhci_o2_enable_clk(host, clk);
}
+static void sdhci_pci_o2_set_power(struct sdhci_host *host, unsigned char mode, unsigned short vdd)
+{
+ struct sdhci_pci_chip *chip;
+ struct sdhci_pci_slot *slot = sdhci_priv(host);
+ u32 scratch_32 = 0;
+ u8 scratch_8 = 0;
+
+ chip = slot->chip;
+
+ if (mode == MMC_POWER_OFF) {
+ /* UnLock WP */
+ pci_read_config_byte(chip->pdev, O2_SD_LOCK_WP, &scratch_8);
+ scratch_8 &= 0x7f;
+ pci_write_config_byte(chip->pdev, O2_SD_LOCK_WP, scratch_8);
+
+ /* Set PCR 0x354[16] to switch Clock Source back to OPE Clock */
+ pci_read_config_dword(chip->pdev, O2_SD_OUTPUT_CLK_SOURCE_SWITCH, &scratch_32);
+ scratch_32 &= ~(O2_SD_SEL_DLL);
+ pci_write_config_dword(chip->pdev, O2_SD_OUTPUT_CLK_SOURCE_SWITCH, scratch_32);
+
+ /* Lock WP */
+ pci_read_config_byte(chip->pdev, O2_SD_LOCK_WP, &scratch_8);
+ scratch_8 |= 0x80;
+ pci_write_config_byte(chip->pdev, O2_SD_LOCK_WP, scratch_8);
+ }
+
+ sdhci_set_power(host, mode, vdd);
+}
+
static int sdhci_pci_o2_probe_slot(struct sdhci_pci_slot *slot)
{
struct sdhci_pci_chip *chip;
@@ -911,6 +940,7 @@ static const struct sdhci_ops sdhci_pci_
.set_bus_width = sdhci_set_bus_width,
.reset = sdhci_reset,
.set_uhs_signaling = sdhci_set_uhs_signaling,
+ .set_power = sdhci_pci_o2_set_power,
};
const struct sdhci_pci_fixes sdhci_o2 = {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 146/197] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (144 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 145/197] mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk cant be detected by BIOS Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 147/197] tools/rtla: Remove unused sched_getattr() function Greg Kroah-Hartman
` (54 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stanislav Petrov, Mario Limonciello,
Mark Brown
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mario Limonciello <mario.limonciello@amd.com>
commit 610010737f74482a61896596a0116876ecf9e65c upstream.
The laptop requires a quirk ID to enable its internal microphone. Add
it to the DMI quirk table.
Reported-by: Stanislav Petrov <stanislav.i.petrov@gmail.com>
Closes: https://bugzilla.kernel.org/show_bug.cgi?id=216925
Cc: stable@vger.kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Link: https://lore.kernel.org/r/20240205214853.2689-1-mario.limonciello@amd.com
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
sound/soc/amd/yc/acp6x-mach.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/sound/soc/amd/yc/acp6x-mach.c
+++ b/sound/soc/amd/yc/acp6x-mach.c
@@ -245,6 +245,13 @@ static const struct dmi_system_id yc_acp
.driver_data = &acp6x_card,
.matches = {
DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
+ DMI_MATCH(DMI_PRODUCT_NAME, "83AS"),
+ }
+ },
+ {
+ .driver_data = &acp6x_card,
+ .matches = {
+ DMI_MATCH(DMI_BOARD_VENDOR, "LENOVO"),
DMI_MATCH(DMI_PRODUCT_NAME, "82UG"),
}
},
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 147/197] tools/rtla: Remove unused sched_getattr() function
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (145 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 146/197] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 148/197] tools/rtla: Replace setting prio with nice for SCHED_OTHER Greg Kroah-Hartman
` (53 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Nathan Chancellor,
Nick Desaulniers, Bill Wendling, Justin Stitt, Donald Zickus,
Daniel Bristot de Oliveira
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Bristot de Oliveira <bristot@kernel.org>
commit 084ce16df0f060efd371092a09a7ae74a536dc11 upstream.
Clang is reporting:
$ make HOSTCC=clang CC=clang LLVM_IAS=1
[...]
clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c
src/utils.c:241:19: warning: unused function 'sched_getattr' [-Wunused-function]
241 | static inline int sched_getattr(pid_t pid, struct sched_attr *attr,
| ^~~~~~~~~~~~~
1 warning generated.
Which is correct, so remove the unused function.
Link: https://lkml.kernel.org/r/eaed7ba122c4ae88ce71277c824ef41cbf789385.1707217097.git.bristot@kernel.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Bill Wendling <morbo@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Cc: Donald Zickus <dzickus@redhat.com>
Fixes: b1696371d865 ("rtla: Helper functions for rtla")
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/utils.c | 6 ------
1 file changed, 6 deletions(-)
--- a/tools/tracing/rtla/src/utils.c
+++ b/tools/tracing/rtla/src/utils.c
@@ -243,12 +243,6 @@ static inline int sched_setattr(pid_t pi
return syscall(__NR_sched_setattr, pid, attr, flags);
}
-static inline int sched_getattr(pid_t pid, struct sched_attr *attr,
- unsigned int size, unsigned int flags)
-{
- return syscall(__NR_sched_getattr, pid, attr, size, flags);
-}
-
int __set_sched_attr(int pid, struct sched_attr *attr)
{
int flags = 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 148/197] tools/rtla: Replace setting prio with nice for SCHED_OTHER
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (146 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 147/197] tools/rtla: Remove unused sched_getattr() function Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 149/197] tools/rtla: Exit with EXIT_SUCCESS when help is invoked Greg Kroah-Hartman
` (52 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, limingming3,
Daniel Bristot de Oliveira
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: limingming3 <limingming890315@gmail.com>
commit 14f08c976ffe0d2117c6199c32663df1cbc45c65 upstream.
Since the sched_priority for SCHED_OTHER is always 0, it makes no
sence to set it.
Setting nice for SCHED_OTHER seems more meaningful.
Link: https://lkml.kernel.org/r/20240207065142.1753909-1-limingming3@lixiang.com
Cc: stable@vger.kernel.org
Fixes: b1696371d865 ("rtla: Helper functions for rtla")
Signed-off-by: limingming3 <limingming3@lixiang.com>
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/utils.c | 6 +++---
tools/tracing/rtla/src/utils.h | 2 ++
2 files changed, 5 insertions(+), 3 deletions(-)
--- a/tools/tracing/rtla/src/utils.c
+++ b/tools/tracing/rtla/src/utils.c
@@ -478,13 +478,13 @@ int parse_prio(char *arg, struct sched_a
if (prio == INVALID_VAL)
return -1;
- if (prio < sched_get_priority_min(SCHED_OTHER))
+ if (prio < MIN_NICE)
return -1;
- if (prio > sched_get_priority_max(SCHED_OTHER))
+ if (prio > MAX_NICE)
return -1;
sched_param->sched_policy = SCHED_OTHER;
- sched_param->sched_priority = prio;
+ sched_param->sched_nice = prio;
break;
default:
return -1;
--- a/tools/tracing/rtla/src/utils.h
+++ b/tools/tracing/rtla/src/utils.h
@@ -7,6 +7,8 @@
*/
#define BUFF_U64_STR_SIZE 24
#define MAX_PATH 1024
+#define MAX_NICE 20
+#define MIN_NICE -19
#define container_of(ptr, type, member)({ \
const typeof(((type *)0)->member) *__mptr = (ptr); \
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 149/197] tools/rtla: Exit with EXIT_SUCCESS when help is invoked
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (147 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 148/197] tools/rtla: Replace setting prio with nice for SCHED_OTHER Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 150/197] tools/rtla: Fix uninitialized bucket/data->bucket_size warning Greg Kroah-Hartman
` (51 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, John Kacur,
Daniel Bristot de Oliveira
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: John Kacur <jkacur@redhat.com>
commit b5f319360371087d52070d8f3fc7789e80ce69a6 upstream.
Fix rtla so that the following commands exit with 0 when help is invoked
rtla osnoise top -h
rtla osnoise hist -h
rtla timerlat top -h
rtla timerlat hist -h
Link: https://lore.kernel.org/linux-trace-devel/20240203001607.69703-1-jkacur@redhat.com
Cc: stable@vger.kernel.org
Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode")
Signed-off-by: John Kacur <jkacur@redhat.com>
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/osnoise_hist.c | 6 +++++-
tools/tracing/rtla/src/osnoise_top.c | 6 +++++-
tools/tracing/rtla/src/timerlat_hist.c | 6 +++++-
tools/tracing/rtla/src/timerlat_top.c | 6 +++++-
4 files changed, 20 insertions(+), 4 deletions(-)
--- a/tools/tracing/rtla/src/osnoise_hist.c
+++ b/tools/tracing/rtla/src/osnoise_hist.c
@@ -472,7 +472,11 @@ static void osnoise_hist_usage(char *usa
for (i = 0; msg[i]; i++)
fprintf(stderr, "%s\n", msg[i]);
- exit(1);
+
+ if (usage)
+ exit(EXIT_FAILURE);
+
+ exit(EXIT_SUCCESS);
}
/*
--- a/tools/tracing/rtla/src/osnoise_top.c
+++ b/tools/tracing/rtla/src/osnoise_top.c
@@ -282,7 +282,11 @@ void osnoise_top_usage(char *usage)
for (i = 0; msg[i]; i++)
fprintf(stderr, "%s\n", msg[i]);
- exit(1);
+
+ if (usage)
+ exit(EXIT_FAILURE);
+
+ exit(EXIT_SUCCESS);
}
/*
--- a/tools/tracing/rtla/src/timerlat_hist.c
+++ b/tools/tracing/rtla/src/timerlat_hist.c
@@ -475,7 +475,11 @@ static void timerlat_hist_usage(char *us
for (i = 0; msg[i]; i++)
fprintf(stderr, "%s\n", msg[i]);
- exit(1);
+
+ if (usage)
+ exit(EXIT_FAILURE);
+
+ exit(EXIT_SUCCESS);
}
/*
--- a/tools/tracing/rtla/src/timerlat_top.c
+++ b/tools/tracing/rtla/src/timerlat_top.c
@@ -305,7 +305,11 @@ static void timerlat_top_usage(char *usa
for (i = 0; msg[i]; i++)
fprintf(stderr, "%s\n", msg[i]);
- exit(1);
+
+ if (usage)
+ exit(EXIT_FAILURE);
+
+ exit(EXIT_SUCCESS);
}
/*
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 150/197] tools/rtla: Fix uninitialized bucket/data->bucket_size warning
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (148 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 149/197] tools/rtla: Exit with EXIT_SUCCESS when help is invoked Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 151/197] tools/rtla: Fix Makefile compiler options for clang Greg Kroah-Hartman
` (50 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Nathan Chancellor,
Nick Desaulniers, Bill Wendling, Justin Stitt, Donald Zickus,
Daniel Bristot de Oliveira
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Bristot de Oliveira <bristot@kernel.org>
commit 64dc40f7523369912d7adb22c8cb655f71610505 upstream.
When compiling rtla with clang, I am getting the following warnings:
$ make HOSTCC=clang CC=clang LLVM_IAS=1
[..]
clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions
-fstack-protector-strong -fasynchronous-unwind-tables
-fstack-clash-protection -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
$(pkg-config --cflags libtracefs)
-c -o src/osnoise_hist.o src/osnoise_hist.c
src/osnoise_hist.c:138:6: warning: variable 'bucket' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
138 | if (data->bucket_size)
| ^~~~~~~~~~~~~~~~~
src/osnoise_hist.c:149:6: note: uninitialized use occurs here
149 | if (bucket < entries)
| ^~~~~~
src/osnoise_hist.c:138:2: note: remove the 'if' if its condition is always true
138 | if (data->bucket_size)
| ^~~~~~~~~~~~~~~~~~~~~~
139 | bucket = duration / data->bucket_size;
src/osnoise_hist.c:132:12: note: initialize the variable 'bucket' to silence this warning
132 | int bucket;
| ^
| = 0
1 warning generated.
[...]
clang -O -g -DVERSION=\"6.8.0-rc3\" -flto=auto -fexceptions
-fstack-protector-strong -fasynchronous-unwind-tables
-fstack-clash-protection -Wall -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS
$(pkg-config --cflags libtracefs)
-c -o src/timerlat_hist.o src/timerlat_hist.c
src/timerlat_hist.c:181:6: warning: variable 'bucket' is used uninitialized whenever 'if' condition is false [-Wsometimes-uninitialized]
181 | if (data->bucket_size)
| ^~~~~~~~~~~~~~~~~
src/timerlat_hist.c:204:6: note: uninitialized use occurs here
204 | if (bucket < entries)
| ^~~~~~
src/timerlat_hist.c:181:2: note: remove the 'if' if its condition is always true
181 | if (data->bucket_size)
| ^~~~~~~~~~~~~~~~~~~~~~
182 | bucket = latency / data->bucket_size;
src/timerlat_hist.c:175:12: note: initialize the variable 'bucket' to silence this warning
175 | int bucket;
| ^
| = 0
1 warning generated.
This is a legit warning, but data->bucket_size is always > 0 (see
timerlat_hist_parse_args()), so the if is not necessary.
Remove the unneeded if (data->bucket_size) to avoid the warning.
Link: https://lkml.kernel.org/r/6e1b1665cd99042ae705b3e0fc410858c4c42346.1707217097.git.bristot@kernel.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Bill Wendling <morbo@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Cc: Donald Zickus <dzickus@redhat.com>
Fixes: 1eeb6328e8b3 ("rtla/timerlat: Add timerlat hist mode")
Fixes: 829a6c0b5698 ("rtla/osnoise: Add the hist mode")
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/src/osnoise_hist.c | 3 +--
tools/tracing/rtla/src/timerlat_hist.c | 3 +--
2 files changed, 2 insertions(+), 4 deletions(-)
--- a/tools/tracing/rtla/src/osnoise_hist.c
+++ b/tools/tracing/rtla/src/osnoise_hist.c
@@ -129,8 +129,7 @@ static void osnoise_hist_update_multiple
if (params->output_divisor)
duration = duration / params->output_divisor;
- if (data->bucket_size)
- bucket = duration / data->bucket_size;
+ bucket = duration / data->bucket_size;
total_duration = duration * count;
--- a/tools/tracing/rtla/src/timerlat_hist.c
+++ b/tools/tracing/rtla/src/timerlat_hist.c
@@ -151,8 +151,7 @@ timerlat_hist_update(struct osnoise_tool
if (params->output_divisor)
latency = latency / params->output_divisor;
- if (data->bucket_size)
- bucket = latency / data->bucket_size;
+ bucket = latency / data->bucket_size;
if (!thread) {
hist = data->hist[cpu].irq;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 151/197] tools/rtla: Fix Makefile compiler options for clang
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (149 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 150/197] tools/rtla: Fix uninitialized bucket/data->bucket_size warning Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 152/197] fs: relax mount_setattr() permission checks Greg Kroah-Hartman
` (49 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Nathan Chancellor,
Nick Desaulniers, Bill Wendling, Justin Stitt, Donald Zickus,
Daniel Bristot de Oliveira
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Daniel Bristot de Oliveira <bristot@kernel.org>
commit bc4cbc9d260ba8358ca63662919f4bb223cb603b upstream.
The following errors are showing up when compiling rtla with clang:
$ make HOSTCC=clang CC=clang LLVM_IAS=1
[...]
clang -O -g -DVERSION=\"6.8.0-rc1\" -flto=auto -ffat-lto-objects
-fexceptions -fstack-protector-strong
-fasynchronous-unwind-tables -fstack-clash-protection -Wall
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2
-Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized
$(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c
clang: warning: optimization flag '-ffat-lto-objects' is not supported [-Wignored-optimization-argument]
warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option]
1 warning generated.
clang -o rtla -ggdb src/osnoise.o src/osnoise_hist.o src/osnoise_top.o
src/rtla.o src/timerlat_aa.o src/timerlat.o src/timerlat_hist.o
src/timerlat_top.o src/timerlat_u.o src/trace.o src/utils.o $(pkg-config --libs libtracefs)
src/osnoise.o: file not recognized: file format not recognized
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [Makefile:110: rtla] Error 1
Solve these issues by:
- removing -ffat-lto-objects and -Wno-maybe-uninitialized if using clang
- informing the linker about -flto=auto
Link: https://lore.kernel.org/linux-trace-kernel/567ac1b94effc228ce9a0225b9df7232a9b35b55.1707217097.git.bristot@kernel.org
Cc: stable@vger.kernel.org
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Nathan Chancellor <nathan@kernel.org>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Bill Wendling <morbo@google.com>
Cc: Justin Stitt <justinstitt@google.com>
Fixes: 1a7b22ab15eb ("tools/rtla: Build with EXTRA_{C,LD}FLAGS")
Suggested-by: Donald Zickus <dzickus@redhat.com>
Signed-off-by: Daniel Bristot de Oliveira <bristot@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
tools/tracing/rtla/Makefile | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- a/tools/tracing/rtla/Makefile
+++ b/tools/tracing/rtla/Makefile
@@ -28,10 +28,15 @@ FOPTS := -flto=auto -ffat-lto-objects -f
-fasynchronous-unwind-tables -fstack-clash-protection
WOPTS := -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized
+ifeq ($(CC),clang)
+ FOPTS := $(filter-out -ffat-lto-objects, $(FOPTS))
+ WOPTS := $(filter-out -Wno-maybe-uninitialized, $(WOPTS))
+endif
+
TRACEFS_HEADERS := $$($(PKG_CONFIG) --cflags libtracefs)
CFLAGS := -O -g -DVERSION=\"$(VERSION)\" $(FOPTS) $(MOPTS) $(WOPTS) $(TRACEFS_HEADERS) $(EXTRA_CFLAGS)
-LDFLAGS := -ggdb $(EXTRA_LDFLAGS)
+LDFLAGS := -flto=auto -ggdb $(EXTRA_LDFLAGS)
LIBS := $$($(PKG_CONFIG) --libs libtracefs)
SRC := $(wildcard src/*.c)
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 152/197] fs: relax mount_setattr() permission checks
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (150 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 151/197] tools/rtla: Fix Makefile compiler options for clang Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 153/197] net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
` (48 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Jan Kara, Karel Zak,
Christian Brauner
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Christian Brauner <brauner@kernel.org>
commit 46f5ab762d048dad224436978315cbc2fa79c630 upstream.
When we added mount_setattr() I added additional checks compared to the
legacy do_reconfigure_mnt() and do_change_type() helpers used by regular
mount(2). If that mount had a parent then verify that the caller and the
mount namespace the mount is attached to match and if not make sure that
it's an anonymous mount.
The real rootfs falls into neither category. It is neither an anoymous
mount because it is obviously attached to the initial mount namespace
but it also obviously doesn't have a parent mount. So that means legacy
mount(2) allows changing mount properties on the real rootfs but
mount_setattr(2) blocks this. I never thought much about this but of
course someone on this planet of earth changes properties on the real
rootfs as can be seen in [1].
Since util-linux finally switched to the new mount api in 2.39 not so
long ago it also relies on mount_setattr() and that surfaced this issue
when Fedora 39 finally switched to it. Fix this.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=2256843
Link: https://lore.kernel.org/r/20240206-vfs-mount-rootfs-v1-1-19b335eee133@kernel.org
Reviewed-by: Jan Kara <jack@suse.cz>
Reported-by: Karel Zak <kzak@redhat.com>
Cc: stable@vger.kernel.org # v5.12+
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/namespace.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -4172,10 +4172,15 @@ static int do_mount_setattr(struct path
/*
* If this is an attached mount make sure it's located in the callers
* mount namespace. If it's not don't let the caller interact with it.
- * If this is a detached mount make sure it has an anonymous mount
- * namespace attached to it, i.e. we've created it via OPEN_TREE_CLONE.
+ *
+ * If this mount doesn't have a parent it's most often simply a
+ * detached mount with an anonymous mount namespace. IOW, something
+ * that's simply not attached yet. But there are apparently also users
+ * that do change mount properties on the rootfs itself. That obviously
+ * neither has a parent nor is it a detached mount so we cannot
+ * unconditionally check for detached mounts.
*/
- if (!(mnt_has_parent(mnt) ? check_mnt(mnt) : is_anon_ns(mnt->mnt_ns)))
+ if ((mnt_has_parent(mnt) || !is_anon_ns(mnt->mnt_ns)) && !check_mnt(mnt))
goto out;
/*
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 153/197] net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (151 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 152/197] fs: relax mount_setattr() permission checks Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 154/197] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Greg Kroah-Hartman
` (47 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sinthu Raja, Paolo Abeni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sinthu Raja <sinthu.raja@ti.com>
commit bc4ce46b1e3d1da4309405cd4afc7c0fcddd0b90 upstream.
The below commit introduced a WARN when phy state is not in the states:
PHY_HALTED, PHY_READY and PHY_UP.
commit 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state")
When cpsw resumes, there have port in PHY_NOLINK state, so the below
warning comes out. Set mac_managed_pm be true to tell mdio that the phy
resume/suspend is managed by the mac, to fix the following warning:
WARNING: CPU: 0 PID: 965 at drivers/net/phy/phy_device.c:326 mdio_bus_phy_resume+0x140/0x144
CPU: 0 PID: 965 Comm: sh Tainted: G O 6.1.46-g247b2535b2 #1
Hardware name: Generic AM33XX (Flattened Device Tree)
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x24/0x2c
dump_stack_lvl from __warn+0x84/0x15c
__warn from warn_slowpath_fmt+0x1a8/0x1c8
warn_slowpath_fmt from mdio_bus_phy_resume+0x140/0x144
mdio_bus_phy_resume from dpm_run_callback+0x3c/0x140
dpm_run_callback from device_resume+0xb8/0x2b8
device_resume from dpm_resume+0x144/0x314
dpm_resume from dpm_resume_end+0x14/0x20
dpm_resume_end from suspend_devices_and_enter+0xd0/0x924
suspend_devices_and_enter from pm_suspend+0x2e0/0x33c
pm_suspend from state_store+0x74/0xd0
state_store from kernfs_fop_write_iter+0x104/0x1ec
kernfs_fop_write_iter from vfs_write+0x1b8/0x358
vfs_write from ksys_write+0x78/0xf8
ksys_write from ret_fast_syscall+0x0/0x54
Exception stack(0xe094dfa8 to 0xe094dff0)
dfa0: 00000004 005c3fb8 00000001 005c3fb8 00000004 00000001
dfc0: 00000004 005c3fb8 b6f6bba0 00000004 00000004 0059edb8 00000000 00000000
dfe0: 00000004 bed918f0 b6f09bd3 b6e89a66
Cc: <stable@vger.kernel.org> # v6.0+
Fixes: 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state")
Fixes: fba863b81604 ("net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM")
Signed-off-by: Sinthu Raja <sinthu.raja@ti.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/cpsw.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/ti/cpsw.c
+++ b/drivers/net/ethernet/ti/cpsw.c
@@ -631,6 +631,8 @@ static void cpsw_slave_open(struct cpsw_
}
}
+ phy->mac_managed_pm = true;
+
slave->phy = phy;
phy_attached_info(slave->phy);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 154/197] s390/qeth: Fix potential loss of L3-IP@ in case of network issues
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (152 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 153/197] net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 155/197] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
` (46 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Alexandra Winter, Paolo Abeni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Alexandra Winter <wintera@linux.ibm.com>
commit 2fe8a236436fe40d8d26a1af8d150fc80f04ee1a upstream.
Symptom:
In case of a bad cable connection (e.g. dirty optics) a fast sequence of
network DOWN-UP-DOWN-UP could happen. UP triggers recovery of the qeth
interface. In case of a second DOWN while recovery is still ongoing, it
can happen that the IP@ of a Layer3 qeth interface is lost and will not
be recovered by the second UP.
Problem:
When registration of IP addresses with Layer 3 qeth devices fails, (e.g.
because of bad address format) the respective IP address is deleted from
its hash-table in the driver. If registration fails because of a ENETDOWN
condition, the address should stay in the hashtable, so a subsequent
recovery can restore it.
3caa4af834df ("qeth: keep ip-address after LAN_OFFLINE failure")
fixes this for registration failures during normal operation, but not
during recovery.
Solution:
Keep L3-IP address in case of ENETDOWN in qeth_l3_recover_ip(). For
consistency with qeth_l3_add_ip() we also keep it in case of EADDRINUSE,
i.e. for some reason the card already/still has this address registered.
Fixes: 4a71df50047f ("qeth: new qeth device driver")
Cc: stable@vger.kernel.org
Signed-off-by: Alexandra Winter <wintera@linux.ibm.com>
Link: https://lore.kernel.org/r/20240206085849.2902775-1-wintera@linux.ibm.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/s390/net/qeth_l3_main.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/drivers/s390/net/qeth_l3_main.c
+++ b/drivers/s390/net/qeth_l3_main.c
@@ -254,9 +254,10 @@ static void qeth_l3_clear_ip_htable(stru
if (!recover) {
hash_del(&addr->hnode);
kfree(addr);
- continue;
+ } else {
+ /* prepare for recovery */
+ addr->disp_flag = QETH_DISP_ADDR_ADD;
}
- addr->disp_flag = QETH_DISP_ADDR_ADD;
}
mutex_unlock(&card->ip_lock);
@@ -277,9 +278,11 @@ static void qeth_l3_recover_ip(struct qe
if (addr->disp_flag == QETH_DISP_ADDR_ADD) {
rc = qeth_l3_register_addr_entry(card, addr);
- if (!rc) {
+ if (!rc || rc == -EADDRINUSE || rc == -ENETDOWN) {
+ /* keep it in the records */
addr->disp_flag = QETH_DISP_ADDR_DO_NOTHING;
} else {
+ /* bad address */
hash_del(&addr->hnode);
kfree(addr);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 155/197] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (153 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 154/197] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 156/197] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Greg Kroah-Hartman
` (45 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Sinthu Raja, Paolo Abeni
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sinthu Raja <sinthu.raja@ti.com>
commit 9def04e759caa5a3d741891037ae99f81e2fff01 upstream.
The below commit introduced a WARN when phy state is not in the states:
PHY_HALTED, PHY_READY and PHY_UP.
commit 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state")
When cpsw_new resumes, there have port in PHY_NOLINK state, so the below
warning comes out. Set mac_managed_pm be true to tell mdio that the phy
resume/suspend is managed by the mac, to fix the following warning:
WARNING: CPU: 0 PID: 965 at drivers/net/phy/phy_device.c:326 mdio_bus_phy_resume+0x140/0x144
CPU: 0 PID: 965 Comm: sh Tainted: G O 6.1.46-g247b2535b2 #1
Hardware name: Generic AM33XX (Flattened Device Tree)
unwind_backtrace from show_stack+0x18/0x1c
show_stack from dump_stack_lvl+0x24/0x2c
dump_stack_lvl from __warn+0x84/0x15c
__warn from warn_slowpath_fmt+0x1a8/0x1c8
warn_slowpath_fmt from mdio_bus_phy_resume+0x140/0x144
mdio_bus_phy_resume from dpm_run_callback+0x3c/0x140
dpm_run_callback from device_resume+0xb8/0x2b8
device_resume from dpm_resume+0x144/0x314
dpm_resume from dpm_resume_end+0x14/0x20
dpm_resume_end from suspend_devices_and_enter+0xd0/0x924
suspend_devices_and_enter from pm_suspend+0x2e0/0x33c
pm_suspend from state_store+0x74/0xd0
state_store from kernfs_fop_write_iter+0x104/0x1ec
kernfs_fop_write_iter from vfs_write+0x1b8/0x358
vfs_write from ksys_write+0x78/0xf8
ksys_write from ret_fast_syscall+0x0/0x54
Exception stack(0xe094dfa8 to 0xe094dff0)
dfa0: 00000004 005c3fb8 00000001 005c3fb8 00000004 00000001
dfc0: 00000004 005c3fb8 b6f6bba0 00000004 00000004 0059edb8 00000000 00000000
dfe0: 00000004 bed918f0 b6f09bd3 b6e89a66
Cc: <stable@vger.kernel.org> # v6.0+
Fixes: 744d23c71af3 ("net: phy: Warn about incorrect mdio_bus_phy_resume() state")
Fixes: fba863b81604 ("net: phy: make PHY PM ops a no-op if MAC driver manages PHY PM")
Signed-off-by: Sinthu Raja <sinthu.raja@ti.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/ti/cpsw_new.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/net/ethernet/ti/cpsw_new.c
+++ b/drivers/net/ethernet/ti/cpsw_new.c
@@ -772,6 +772,9 @@ static void cpsw_slave_open(struct cpsw_
slave->slave_num);
return;
}
+
+ phy->mac_managed_pm = true;
+
slave->phy = phy;
phy_attached_info(slave->phy);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 156/197] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (154 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 155/197] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 157/197] ceph: prevent use-after-free in encode_cap_msg() Greg Kroah-Hartman
` (44 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Dexuan Cui, Shradha Gupta,
Haiyang Zhang, David S. Miller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Shradha Gupta <shradhagupta@linux.microsoft.com>
commit 9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2 upstream.
If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER
handler cannot perform VF register successfully as the register call
is received before netvsc_probe is finished. This is because we
register register_netdevice_notifier() very early( even before
vmbus_driver_register()).
To fix this, we try to register each such matching VF( if it is visible
as a netdevice) at the end of netvsc_probe.
Cc: stable@vger.kernel.org
Fixes: 85520856466e ("hv_netvsc: Fix race of register_netdevice_notifier and VF register")
Suggested-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: Dexuan Cui <decui@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/hyperv/netvsc_drv.c | 82 ++++++++++++++++++++++++++++++----------
1 file changed, 62 insertions(+), 20 deletions(-)
--- a/drivers/net/hyperv/netvsc_drv.c
+++ b/drivers/net/hyperv/netvsc_drv.c
@@ -42,6 +42,10 @@
#define LINKCHANGE_INT (2 * HZ)
#define VF_TAKEOVER_INT (HZ / 10)
+/* Macros to define the context of vf registration */
+#define VF_REG_IN_PROBE 1
+#define VF_REG_IN_NOTIFIER 2
+
static unsigned int ring_size __ro_after_init = 128;
module_param(ring_size, uint, 0444);
MODULE_PARM_DESC(ring_size, "Ring buffer size (# of 4K pages)");
@@ -2181,7 +2185,7 @@ static rx_handler_result_t netvsc_vf_han
}
static int netvsc_vf_join(struct net_device *vf_netdev,
- struct net_device *ndev)
+ struct net_device *ndev, int context)
{
struct net_device_context *ndev_ctx = netdev_priv(ndev);
int ret;
@@ -2204,7 +2208,11 @@ static int netvsc_vf_join(struct net_dev
goto upper_link_failed;
}
- schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT);
+ /* If this registration is called from probe context vf_takeover
+ * is taken care of later in probe itself.
+ */
+ if (context == VF_REG_IN_NOTIFIER)
+ schedule_delayed_work(&ndev_ctx->vf_takeover, VF_TAKEOVER_INT);
call_netdevice_notifiers(NETDEV_JOIN, vf_netdev);
@@ -2342,7 +2350,7 @@ static int netvsc_prepare_bonding(struct
return NOTIFY_DONE;
}
-static int netvsc_register_vf(struct net_device *vf_netdev)
+static int netvsc_register_vf(struct net_device *vf_netdev, int context)
{
struct net_device_context *net_device_ctx;
struct netvsc_device *netvsc_dev;
@@ -2382,7 +2390,7 @@ static int netvsc_register_vf(struct net
netdev_info(ndev, "VF registering: %s\n", vf_netdev->name);
- if (netvsc_vf_join(vf_netdev, ndev) != 0)
+ if (netvsc_vf_join(vf_netdev, ndev, context) != 0)
return NOTIFY_DONE;
dev_hold(vf_netdev);
@@ -2480,10 +2488,31 @@ static int netvsc_unregister_vf(struct n
return NOTIFY_OK;
}
+static int check_dev_is_matching_vf(struct net_device *event_ndev)
+{
+ /* Skip NetVSC interfaces */
+ if (event_ndev->netdev_ops == &device_ops)
+ return -ENODEV;
+
+ /* Avoid non-Ethernet type devices */
+ if (event_ndev->type != ARPHRD_ETHER)
+ return -ENODEV;
+
+ /* Avoid Vlan dev with same MAC registering as VF */
+ if (is_vlan_dev(event_ndev))
+ return -ENODEV;
+
+ /* Avoid Bonding master dev with same MAC registering as VF */
+ if (netif_is_bond_master(event_ndev))
+ return -ENODEV;
+
+ return 0;
+}
+
static int netvsc_probe(struct hv_device *dev,
const struct hv_vmbus_device_id *dev_id)
{
- struct net_device *net = NULL;
+ struct net_device *net = NULL, *vf_netdev;
struct net_device_context *net_device_ctx;
struct netvsc_device_info *device_info = NULL;
struct netvsc_device *nvdev;
@@ -2592,6 +2621,30 @@ static int netvsc_probe(struct hv_device
}
list_add(&net_device_ctx->list, &netvsc_dev_list);
+
+ /* When the hv_netvsc driver is unloaded and reloaded, the
+ * NET_DEVICE_REGISTER for the vf device is replayed before probe
+ * is complete. This is because register_netdevice_notifier() gets
+ * registered before vmbus_driver_register() so that callback func
+ * is set before probe and we don't miss events like NETDEV_POST_INIT
+ * So, in this section we try to register the matching vf device that
+ * is present as a netdevice, knowing that its register call is not
+ * processed in the netvsc_netdev_notifier(as probing is progress and
+ * get_netvsc_byslot fails).
+ */
+ for_each_netdev(dev_net(net), vf_netdev) {
+ ret = check_dev_is_matching_vf(vf_netdev);
+ if (ret != 0)
+ continue;
+
+ if (net != get_netvsc_byslot(vf_netdev))
+ continue;
+
+ netvsc_prepare_bonding(vf_netdev);
+ netvsc_register_vf(vf_netdev, VF_REG_IN_PROBE);
+ __netvsc_vf_setup(net, vf_netdev);
+ break;
+ }
rtnl_unlock();
netvsc_devinfo_put(device_info);
@@ -2748,28 +2801,17 @@ static int netvsc_netdev_event(struct no
unsigned long event, void *ptr)
{
struct net_device *event_dev = netdev_notifier_info_to_dev(ptr);
+ int ret = 0;
- /* Skip our own events */
- if (event_dev->netdev_ops == &device_ops)
- return NOTIFY_DONE;
-
- /* Avoid non-Ethernet type devices */
- if (event_dev->type != ARPHRD_ETHER)
- return NOTIFY_DONE;
-
- /* Avoid Vlan dev with same MAC registering as VF */
- if (is_vlan_dev(event_dev))
- return NOTIFY_DONE;
-
- /* Avoid Bonding master dev with same MAC registering as VF */
- if (netif_is_bond_master(event_dev))
+ ret = check_dev_is_matching_vf(event_dev);
+ if (ret != 0)
return NOTIFY_DONE;
switch (event) {
case NETDEV_POST_INIT:
return netvsc_prepare_bonding(event_dev);
case NETDEV_REGISTER:
- return netvsc_register_vf(event_dev);
+ return netvsc_register_vf(event_dev, VF_REG_IN_NOTIFIER);
case NETDEV_UNREGISTER:
return netvsc_unregister_vf(event_dev);
case NETDEV_UP:
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 157/197] ceph: prevent use-after-free in encode_cap_msg()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (155 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 156/197] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 158/197] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Greg Kroah-Hartman
` (43 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Rishabh Dave, Jeff Layton, Xiubo Li,
Ilya Dryomov
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Rishabh Dave <ridave@redhat.com>
commit cda4672da1c26835dcbd7aec2bfed954eda9b5ef upstream.
In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was
caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This
implies before the refcount could be increment here, it was freed.
In same file, in "handle_cap_grant()" refcount is decremented by this
line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race
occurred and resource was freed by the latter line before the former
line could increment it.
encode_cap_msg() is called by __send_cap() and __send_cap() is called by
ceph_check_caps() after calling __prep_cap(). __prep_cap() is where
arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where
the refcount must be increased to prevent "use after free" error.
Cc: stable@vger.kernel.org
Link: https://tracker.ceph.com/issues/59259
Signed-off-by: Rishabh Dave <ridave@redhat.com>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Xiubo Li <xiubli@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ceph/caps.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -1391,7 +1391,7 @@ static void __prep_cap(struct cap_msg_ar
if (flushing & CEPH_CAP_XATTR_EXCL) {
arg->old_xattr_buf = __ceph_build_xattrs_blob(ci);
arg->xattr_version = ci->i_xattrs.version;
- arg->xattr_buf = ci->i_xattrs.blob;
+ arg->xattr_buf = ceph_buffer_get(ci->i_xattrs.blob);
} else {
arg->xattr_buf = NULL;
arg->old_xattr_buf = NULL;
@@ -1457,6 +1457,7 @@ static void __send_cap(struct cap_msg_ar
encode_cap_msg(msg, arg);
ceph_con_send(&arg->session->s_con, msg);
ceph_buffer_put(arg->old_xattr_buf);
+ ceph_buffer_put(arg->xattr_buf);
if (arg->wake)
wake_up_all(&ci->i_cap_wq);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 158/197] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (156 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 157/197] ceph: prevent use-after-free in encode_cap_msg() Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 159/197] mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Greg Kroah-Hartman
` (42 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Michal Hocko, Oscar Salvador,
Muchun Song, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oscar Salvador <osalvador@suse.de>
commit 79d72c68c58784a3e1cd2378669d51bfd0cb7498 upstream.
When configuring a hugetlb filesystem via the fsconfig() syscall, there is
a possible NULL dereference in hugetlbfs_fill_super() caused by assigning
NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize
is non valid.
E.g: Taking the following steps:
fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC);
fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0);
fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);
Given that the requested "pagesize" is invalid, ctxt->hstate will be replaced
with NULL, losing its previous value, and we will print an error:
...
...
case Opt_pagesize:
ps = memparse(param->string, &rest);
ctx->hstate = h;
if (!ctx->hstate) {
pr_err("Unsupported page size %lu MB\n", ps / SZ_1M);
return -EINVAL;
}
return 0;
...
...
This is a problem because later on, we will dereference ctxt->hstate in
hugetlbfs_fill_super()
...
...
sb->s_blocksize = huge_page_size(ctx->hstate);
...
...
Causing below Oops.
Fix this by replacing cxt->hstate value only when then pagesize is known
to be valid.
kernel: hugetlbfs: Unsupported page size 0 MB
kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028
kernel: #PF: supervisor read access in kernel mode
kernel: #PF: error_code(0x0000) - not-present page
kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0
kernel: Oops: 0000 [#1] PREEMPT SMP PTI
kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f
kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017
kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0
kernel: Call Trace:
kernel: <TASK>
kernel: ? __die_body+0x1a/0x60
kernel: ? page_fault_oops+0x16f/0x4a0
kernel: ? search_bpf_extables+0x65/0x70
kernel: ? fixup_exception+0x22/0x310
kernel: ? exc_page_fault+0x69/0x150
kernel: ? asm_exc_page_fault+0x22/0x30
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: ? hugetlbfs_fill_super+0xb4/0x1a0
kernel: ? hugetlbfs_fill_super+0x28/0x1a0
kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10
kernel: vfs_get_super+0x40/0xa0
kernel: ? __pfx_bpf_lsm_capable+0x10/0x10
kernel: vfs_get_tree+0x25/0xd0
kernel: vfs_cmd_create+0x64/0xe0
kernel: __x64_sys_fsconfig+0x395/0x410
kernel: do_syscall_64+0x80/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? syscall_exit_to_user_mode+0x82/0x240
kernel: ? do_syscall_64+0x8d/0x160
kernel: ? exc_page_fault+0x69/0x150
kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76
kernel: RIP: 0033:0x7ffbc0cb87c9
kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48
kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af
kernel: RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffbc0cb87c9
kernel: RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003
kernel: RBP: 00007ffc29d2f3b0 R08: 0000000000000000 R09: 0000000000000000
kernel: R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
kernel: R13: 00007ffc29d2f4c0 R14: 0000000000000000 R15: 0000000000000000
kernel: </TASK>
kernel: Modules linked in: rpcsec_gss_krb5(E) auth_rpcgss(E) nfsv4(E) dns_resolver(E) nfs(E) lockd(E) grace(E) sunrpc(E) netfs(E) af_packet(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) intel_rapl_msr(E) intel_rapl_common(E) iTCO_wdt(E) intel_pmc_bxt(E) sb_edac(E) iTCO_vendor_support(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) kvm_intel(E) rfkill(E) ipmi_ssif(E) kvm(E) acpi_ipmi(E) irqbypass(E) pcspkr(E) igb(E) ipmi_si(E) mei_me(E) i2c_i801(E) joydev(E) intel_pch_thermal(E) i2c_smbus(E) dca(E) lpc_ich(E) mei(E) ipmi_devintf(E) ipmi_msghandler(E) acpi_pad(E) tiny_power_button(E) button(E) fuse(E) efi_pstore(E) configfs(E) ip_tables(E) x_tables(E) ext4(E) mbcache(E) jbd2(E) hid_generic(E) usbhid(E) sd_mod(E) t10_pi(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) polyval_clmulni(E) ahci(E) xhci_pci(E) polyval_generic(E) gf128mul(E) ghash_clmulni_intel(E) sha512_ssse3(E) sha256_ssse3(E) xhci_pci_renesas(E) libahci(E) ehci_pci(E) sha1_ssse3(E) xhci_hcd(E) ehci_hcd(E) libata(E)
kernel: mgag200(E) i2c_algo_bit(E) usbcore(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) scsi_mod(E) scsi_common(E) aesni_intel(E) crypto_simd(E) cryptd(E)
kernel: Unloaded tainted modules: acpi_cpufreq(E):1 fjes(E):1
kernel: CR2: 0000000000000028
kernel: ---[ end trace 0000000000000000 ]---
kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0
kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28
kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246
kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004
kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000
kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004
kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000
kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400
kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0
Link: https://lkml.kernel.org/r/20240130210418.3771-1-osalvador@suse.de
Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context")
Signed-off-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Oscar Salvador <osalvador@suse.de>
Acked-by: Muchun Song <muchun.song@linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hugetlbfs/inode.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -1350,6 +1350,7 @@ static int hugetlbfs_parse_param(struct
{
struct hugetlbfs_fs_context *ctx = fc->fs_private;
struct fs_parse_result result;
+ struct hstate *h;
char *rest;
unsigned long ps;
int opt;
@@ -1394,11 +1395,12 @@ static int hugetlbfs_parse_param(struct
case Opt_pagesize:
ps = memparse(param->string, &rest);
- ctx->hstate = size_to_hstate(ps);
- if (!ctx->hstate) {
+ h = size_to_hstate(ps);
+ if (!h) {
pr_err("Unsupported page size %lu MB\n", ps / SZ_1M);
return -EINVAL;
}
+ ctx->hstate = h;
return 0;
case Opt_min_size:
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 159/197] mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (157 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 158/197] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 160/197] of: property: fix typo in io-channels Greg Kroah-Hartman
` (41 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Prakash Sangappa, Muchun Song,
Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Prakash Sangappa <prakash.sangappa@oracle.com>
commit e656c7a9e59607d1672d85ffa9a89031876ffe67 upstream.
For shared memory of type SHM_HUGETLB, hugetlb pages are reserved in
shmget() call. If SHM_NORESERVE flags is specified then the hugetlb pages
are not reserved. However when the shared memory is attached with the
shmat() call the hugetlb pages are getting reserved incorrectly for
SHM_HUGETLB shared memory created with SHM_NORESERVE which is a bug.
-------------------------------
Following test shows the issue.
$cat shmhtb.c
int main()
{
int shmflags = 0660 | IPC_CREAT | SHM_HUGETLB | SHM_NORESERVE;
int shmid;
shmid = shmget(SKEY, SHMSZ, shmflags);
if (shmid < 0)
{
printf("shmat: shmget() failed, %d\n", errno);
return 1;
}
printf("After shmget()\n");
system("cat /proc/meminfo | grep -i hugepages_");
shmat(shmid, NULL, 0);
printf("\nAfter shmat()\n");
system("cat /proc/meminfo | grep -i hugepages_");
shmctl(shmid, IPC_RMID, NULL);
return 0;
}
#sysctl -w vm.nr_hugepages=20
#./shmhtb
After shmget()
HugePages_Total: 20
HugePages_Free: 20
HugePages_Rsvd: 0
HugePages_Surp: 0
After shmat()
HugePages_Total: 20
HugePages_Free: 20
HugePages_Rsvd: 5 <--
HugePages_Surp: 0
--------------------------------
Fix is to ensure that hugetlb pages are not reserved for SHM_HUGETLB shared
memory in the shmat() call.
Link: https://lkml.kernel.org/r/1706040282-12388-1-git-send-email-prakash.sangappa@oracle.com
Signed-off-by: Prakash Sangappa <prakash.sangappa@oracle.com>
Acked-by: Muchun Song <muchun.song@linux.dev>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/hugetlbfs/inode.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
--- a/fs/hugetlbfs/inode.c
+++ b/fs/hugetlbfs/inode.c
@@ -123,6 +123,7 @@ static int hugetlbfs_file_mmap(struct fi
loff_t len, vma_len;
int ret;
struct hstate *h = hstate_file(file);
+ vm_flags_t vm_flags;
/*
* vma address alignment (but not the pgoff alignment) has
@@ -164,10 +165,20 @@ static int hugetlbfs_file_mmap(struct fi
file_accessed(file);
ret = -ENOMEM;
+
+ vm_flags = vma->vm_flags;
+ /*
+ * for SHM_HUGETLB, the pages are reserved in the shmget() call so skip
+ * reserving here. Note: only for SHM hugetlbfs file, the inode
+ * flag S_PRIVATE is set.
+ */
+ if (inode->i_flags & S_PRIVATE)
+ vm_flags |= VM_NORESERVE;
+
if (!hugetlb_reserve_pages(inode,
vma->vm_pgoff >> huge_page_order(h),
len >> huge_page_shift(h), vma,
- vma->vm_flags))
+ vm_flags))
goto out;
ret = 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 160/197] of: property: fix typo in io-channels
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (158 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 159/197] mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Greg Kroah-Hartman
@ 2024-02-20 20:51 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 161/197] can: netlink: Fix TDCO calculation using the old data bittiming Greg Kroah-Hartman
` (40 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:51 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Nuno Sa, Saravana Kannan,
Jonathan Cameron, Rob Herring
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Nuno Sa <nuno.sa@analog.com>
commit 8f7e917907385e112a845d668ae2832f41e64bf5 upstream.
The property is io-channels and not io-channel. This was effectively
preventing the devlink creation.
Fixes: 8e12257dead7 ("of: property: Add device link support for iommus, mboxes and io-channels")
Cc: stable@vger.kernel.org
Signed-off-by: Nuno Sa <nuno.sa@analog.com>
Reviewed-by: Saravana Kannan <saravanak@google.com>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Link: https://lore.kernel.org/r/20240123-iio-backend-v7-1-1bff236b8693@analog.com
Signed-off-by: Rob Herring <robh@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/of/property.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/of/property.c
+++ b/drivers/of/property.c
@@ -1243,7 +1243,7 @@ DEFINE_SIMPLE_PROP(clocks, "clocks", "#c
DEFINE_SIMPLE_PROP(interconnects, "interconnects", "#interconnect-cells")
DEFINE_SIMPLE_PROP(iommus, "iommus", "#iommu-cells")
DEFINE_SIMPLE_PROP(mboxes, "mboxes", "#mbox-cells")
-DEFINE_SIMPLE_PROP(io_channels, "io-channel", "#io-channel-cells")
+DEFINE_SIMPLE_PROP(io_channels, "io-channels", "#io-channel-cells")
DEFINE_SIMPLE_PROP(interrupt_parent, "interrupt-parent", NULL)
DEFINE_SIMPLE_PROP(dmas, "dmas", "#dma-cells")
DEFINE_SIMPLE_PROP(power_domains, "power-domains", "#power-domain-cells")
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 161/197] can: netlink: Fix TDCO calculation using the old data bittiming
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (159 preceding siblings ...)
2024-02-20 20:51 ` [PATCH 6.1 160/197] of: property: fix typo in io-channels Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 162/197] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Greg Kroah-Hartman
` (39 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maxime Jayat, Vincent Mailhol,
Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Jayat <maxime.jayat@mobile-devices.fr>
commit 2aa0a5e65eae27dbd96faca92c84ecbf6f492d42 upstream.
The TDCO calculation was done using the currently applied data bittiming,
instead of the newly computed data bittiming, which means that the TDCO
had an invalid value unless setting the same data bittiming twice.
Fixes: d99755f71a80 ("can: netlink: add interface for CAN-FD Transmitter Delay Compensation (TDC)")
Signed-off-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Reviewed-by: Vincent Mailhol <mailhol.vincent@wanadoo.fr>
Link: https://lore.kernel.org/all/40579c18-63c0-43a4-8d4c-f3a6c1c0b417@munic.io
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/can/dev/netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/net/can/dev/netlink.c
+++ b/drivers/net/can/dev/netlink.c
@@ -311,7 +311,7 @@ static int can_changelink(struct net_dev
/* Neither of TDC parameters nor TDC flags are
* provided: do calculation
*/
- can_calc_tdco(&priv->tdc, priv->tdc_const, &priv->data_bittiming,
+ can_calc_tdco(&priv->tdc, priv->tdc_const, &dbt,
&priv->ctrlmode, priv->ctrlmode_supported);
} /* else: both CAN_CTRLMODE_TDC_{AUTO,MANUAL} are explicitly
* turned off. TDC is disabled: do nothing
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 162/197] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (160 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 161/197] can: netlink: Fix TDCO calculation using the old data bittiming Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 163/197] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Greg Kroah-Hartman
` (38 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+1591462f226d9cbf0564,
Ziqi Zhao, Oleksij Rempel, Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ziqi Zhao <astrajoan@yahoo.com>
commit 6cdedc18ba7b9dacc36466e27e3267d201948c8d upstream.
The following 3 locks would race against each other, causing the
deadlock situation in the Syzbot bug report:
- j1939_socks_lock
- active_session_list_lock
- sk_session_queue_lock
A reasonable fix is to change j1939_socks_lock to an rwlock, since in
the rare situations where a write lock is required for the linked list
that j1939_socks_lock is protecting, the code does not attempt to
acquire any more locks. This would break the circular lock dependency,
where, for example, the current thread already locks j1939_socks_lock
and attempts to acquire sk_session_queue_lock, and at the same time,
another thread attempts to acquire j1939_socks_lock while holding
sk_session_queue_lock.
NOTE: This patch along does not fix the unregister_netdevice bug
reported by Syzbot; instead, it solves a deadlock situation to prepare
for one or more further patches to actually fix the Syzbot bug, which
appears to be a reference counting problem within the j1939 codebase.
Reported-by: <syzbot+1591462f226d9cbf0564@syzkaller.appspotmail.com>
Signed-off-by: Ziqi Zhao <astrajoan@yahoo.com>
Reviewed-by: Oleksij Rempel <o.rempel@pengutronix.de>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/all/20230721162226.8639-1-astrajoan@yahoo.com
[mkl: remove unrelated newline change]
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/j1939/j1939-priv.h | 2 +-
net/can/j1939/main.c | 2 +-
net/can/j1939/socket.c | 24 ++++++++++++------------
3 files changed, 14 insertions(+), 14 deletions(-)
--- a/net/can/j1939/j1939-priv.h
+++ b/net/can/j1939/j1939-priv.h
@@ -86,7 +86,7 @@ struct j1939_priv {
unsigned int tp_max_packet_size;
/* lock for j1939_socks list */
- spinlock_t j1939_socks_lock;
+ rwlock_t j1939_socks_lock;
struct list_head j1939_socks;
struct kref rx_kref;
--- a/net/can/j1939/main.c
+++ b/net/can/j1939/main.c
@@ -274,7 +274,7 @@ struct j1939_priv *j1939_netdev_start(st
return ERR_PTR(-ENOMEM);
j1939_tp_init(priv);
- spin_lock_init(&priv->j1939_socks_lock);
+ rwlock_init(&priv->j1939_socks_lock);
INIT_LIST_HEAD(&priv->j1939_socks);
mutex_lock(&j1939_netdev_lock);
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -80,16 +80,16 @@ static void j1939_jsk_add(struct j1939_p
jsk->state |= J1939_SOCK_BOUND;
j1939_priv_get(priv);
- spin_lock_bh(&priv->j1939_socks_lock);
+ write_lock_bh(&priv->j1939_socks_lock);
list_add_tail(&jsk->list, &priv->j1939_socks);
- spin_unlock_bh(&priv->j1939_socks_lock);
+ write_unlock_bh(&priv->j1939_socks_lock);
}
static void j1939_jsk_del(struct j1939_priv *priv, struct j1939_sock *jsk)
{
- spin_lock_bh(&priv->j1939_socks_lock);
+ write_lock_bh(&priv->j1939_socks_lock);
list_del_init(&jsk->list);
- spin_unlock_bh(&priv->j1939_socks_lock);
+ write_unlock_bh(&priv->j1939_socks_lock);
j1939_priv_put(priv);
jsk->state &= ~J1939_SOCK_BOUND;
@@ -329,13 +329,13 @@ bool j1939_sk_recv_match(struct j1939_pr
struct j1939_sock *jsk;
bool match = false;
- spin_lock_bh(&priv->j1939_socks_lock);
+ read_lock_bh(&priv->j1939_socks_lock);
list_for_each_entry(jsk, &priv->j1939_socks, list) {
match = j1939_sk_recv_match_one(jsk, skcb);
if (match)
break;
}
- spin_unlock_bh(&priv->j1939_socks_lock);
+ read_unlock_bh(&priv->j1939_socks_lock);
return match;
}
@@ -344,11 +344,11 @@ void j1939_sk_recv(struct j1939_priv *pr
{
struct j1939_sock *jsk;
- spin_lock_bh(&priv->j1939_socks_lock);
+ read_lock_bh(&priv->j1939_socks_lock);
list_for_each_entry(jsk, &priv->j1939_socks, list) {
j1939_sk_recv_one(jsk, skb);
}
- spin_unlock_bh(&priv->j1939_socks_lock);
+ read_unlock_bh(&priv->j1939_socks_lock);
}
static void j1939_sk_sock_destruct(struct sock *sk)
@@ -1080,12 +1080,12 @@ void j1939_sk_errqueue(struct j1939_sess
}
/* spread RX notifications to all sockets subscribed to this session */
- spin_lock_bh(&priv->j1939_socks_lock);
+ read_lock_bh(&priv->j1939_socks_lock);
list_for_each_entry(jsk, &priv->j1939_socks, list) {
if (j1939_sk_recv_match_one(jsk, &session->skcb))
__j1939_sk_errqueue(session, &jsk->sk, type);
}
- spin_unlock_bh(&priv->j1939_socks_lock);
+ read_unlock_bh(&priv->j1939_socks_lock);
};
void j1939_sk_send_loop_abort(struct sock *sk, int err)
@@ -1273,7 +1273,7 @@ void j1939_sk_netdev_event_netdown(struc
struct j1939_sock *jsk;
int error_code = ENETDOWN;
- spin_lock_bh(&priv->j1939_socks_lock);
+ read_lock_bh(&priv->j1939_socks_lock);
list_for_each_entry(jsk, &priv->j1939_socks, list) {
jsk->sk.sk_err = error_code;
if (!sock_flag(&jsk->sk, SOCK_DEAD))
@@ -1281,7 +1281,7 @@ void j1939_sk_netdev_event_netdown(struc
j1939_sk_queue_drop_all(priv, jsk, error_code);
}
- spin_unlock_bh(&priv->j1939_socks_lock);
+ read_unlock_bh(&priv->j1939_socks_lock);
}
static int j1939_sk_no_ioctlcmd(struct socket *sock, unsigned int cmd,
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 163/197] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (161 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 162/197] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 164/197] pmdomain: core: Move the unused cleanup to a _sync initcall Greg Kroah-Hartman
` (37 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sili Luo, Oleksij Rempel,
Marc Kleine-Budde
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleksij Rempel <o.rempel@pengutronix.de>
commit efe7cf828039aedb297c1f9920b638fffee6aabc upstream.
Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...)
modifies jsk->filters while receiving packets.
Following trace was seen on affected system:
==================================================================
BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
Read of size 4 at addr ffff888012144014 by task j1939/350
CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Call Trace:
print_report+0xd3/0x620
? kasan_complete_mode_report_info+0x7d/0x200
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
kasan_report+0xc2/0x100
? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
__asan_load4+0x84/0xb0
j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939]
j1939_sk_recv+0x20b/0x320 [can_j1939]
? __kasan_check_write+0x18/0x20
? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939]
? j1939_simple_recv+0x69/0x280 [can_j1939]
? j1939_ac_recv+0x5e/0x310 [can_j1939]
j1939_can_recv+0x43f/0x580 [can_j1939]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
? raw_rcv+0x42/0x3c0 [can_raw]
? __pfx_j1939_can_recv+0x10/0x10 [can_j1939]
can_rcv_filter+0x11f/0x350 [can]
can_receive+0x12f/0x190 [can]
? __pfx_can_rcv+0x10/0x10 [can]
can_rcv+0xdd/0x130 [can]
? __pfx_can_rcv+0x10/0x10 [can]
__netif_receive_skb_one_core+0x13d/0x150
? __pfx___netif_receive_skb_one_core+0x10/0x10
? __kasan_check_write+0x18/0x20
? _raw_spin_lock_irq+0x8c/0xe0
__netif_receive_skb+0x23/0xb0
process_backlog+0x107/0x260
__napi_poll+0x69/0x310
net_rx_action+0x2a1/0x580
? __pfx_net_rx_action+0x10/0x10
? __pfx__raw_spin_lock+0x10/0x10
? handle_irq_event+0x7d/0xa0
__do_softirq+0xf3/0x3f8
do_softirq+0x53/0x80
</IRQ>
<TASK>
__local_bh_enable_ip+0x6e/0x70
netif_rx+0x16b/0x180
can_send+0x32b/0x520 [can]
? __pfx_can_send+0x10/0x10 [can]
? __check_object_size+0x299/0x410
raw_sendmsg+0x572/0x6d0 [can_raw]
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
? apparmor_socket_sendmsg+0x2f/0x40
? __pfx_raw_sendmsg+0x10/0x10 [can_raw]
sock_sendmsg+0xef/0x100
sock_write_iter+0x162/0x220
? __pfx_sock_write_iter+0x10/0x10
? __rtnl_unlock+0x47/0x80
? security_file_permission+0x54/0x320
vfs_write+0x6ba/0x750
? __pfx_vfs_write+0x10/0x10
? __fget_light+0x1ca/0x1f0
? __rcu_read_unlock+0x5b/0x280
ksys_write+0x143/0x170
? __pfx_ksys_write+0x10/0x10
? __kasan_check_read+0x15/0x20
? fpregs_assert_state_consistent+0x62/0x70
__x64_sys_write+0x47/0x60
do_syscall_64+0x60/0x90
? do_syscall_64+0x6d/0x90
? irqentry_exit+0x3f/0x50
? exc_page_fault+0x79/0xf0
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Allocated by task 348:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_alloc_info+0x1f/0x30
__kasan_kmalloc+0xb5/0xc0
__kmalloc_node_track_caller+0x67/0x160
j1939_sk_setsockopt+0x284/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Freed by task 349:
kasan_save_stack+0x2a/0x50
kasan_set_track+0x29/0x40
kasan_save_free_info+0x2f/0x50
__kasan_slab_free+0x12e/0x1c0
__kmem_cache_free+0x1b9/0x380
kfree+0x7a/0x120
j1939_sk_setsockopt+0x3b2/0x450 [can_j1939]
__sys_setsockopt+0x15c/0x2f0
__x64_sys_setsockopt+0x6b/0x80
do_syscall_64+0x60/0x90
entry_SYSCALL_64_after_hwframe+0x6e/0xd8
Fixes: 9d71dd0c70099 ("can: add support of SAE J1939 protocol")
Reported-by: Sili Luo <rootlab@huawei.com>
Suggested-by: Sili Luo <rootlab@huawei.com>
Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
Cc: stable@vger.kernel.org
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Link: https://lore.kernel.org/all/20231020133814.383996-1-o.rempel@pengutronix.de
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/j1939/j1939-priv.h | 1 +
net/can/j1939/socket.c | 22 ++++++++++++++++++----
2 files changed, 19 insertions(+), 4 deletions(-)
--- a/net/can/j1939/j1939-priv.h
+++ b/net/can/j1939/j1939-priv.h
@@ -301,6 +301,7 @@ struct j1939_sock {
int ifindex;
struct j1939_addr addr;
+ spinlock_t filters_lock;
struct j1939_filter *filters;
int nfilters;
pgn_t pgn_rx_filter;
--- a/net/can/j1939/socket.c
+++ b/net/can/j1939/socket.c
@@ -262,12 +262,17 @@ static bool j1939_sk_match_dst(struct j1
static bool j1939_sk_match_filter(struct j1939_sock *jsk,
const struct j1939_sk_buff_cb *skcb)
{
- const struct j1939_filter *f = jsk->filters;
- int nfilter = jsk->nfilters;
+ const struct j1939_filter *f;
+ int nfilter;
+
+ spin_lock_bh(&jsk->filters_lock);
+
+ f = jsk->filters;
+ nfilter = jsk->nfilters;
if (!nfilter)
/* receive all when no filters are assigned */
- return true;
+ goto filter_match_found;
for (; nfilter; ++f, --nfilter) {
if ((skcb->addr.pgn & f->pgn_mask) != f->pgn)
@@ -276,9 +281,15 @@ static bool j1939_sk_match_filter(struct
continue;
if ((skcb->addr.src_name & f->name_mask) != f->name)
continue;
- return true;
+ goto filter_match_found;
}
+
+ spin_unlock_bh(&jsk->filters_lock);
return false;
+
+filter_match_found:
+ spin_unlock_bh(&jsk->filters_lock);
+ return true;
}
static bool j1939_sk_recv_match_one(struct j1939_sock *jsk,
@@ -401,6 +412,7 @@ static int j1939_sk_init(struct sock *sk
atomic_set(&jsk->skb_pending, 0);
spin_lock_init(&jsk->sk_session_queue_lock);
INIT_LIST_HEAD(&jsk->sk_session_queue);
+ spin_lock_init(&jsk->filters_lock);
/* j1939_sk_sock_destruct() depends on SOCK_RCU_FREE flag */
sock_set_flag(sk, SOCK_RCU_FREE);
@@ -703,9 +715,11 @@ static int j1939_sk_setsockopt(struct so
}
lock_sock(&jsk->sk);
+ spin_lock_bh(&jsk->filters_lock);
ofilters = jsk->filters;
jsk->filters = filters;
jsk->nfilters = count;
+ spin_unlock_bh(&jsk->filters_lock);
release_sock(&jsk->sk);
kfree(ofilters);
return 0;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 164/197] pmdomain: core: Move the unused cleanup to a _sync initcall
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (162 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 163/197] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 165/197] fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Greg Kroah-Hartman
` (36 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Konrad Dybcio, Ulf Hansson
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Konrad Dybcio <konrad.dybcio@linaro.org>
commit 741ba0134fa7822fcf4e4a0a537a5c4cfd706b20 upstream.
The unused clock cleanup uses the _sync initcall to give all users at
earlier initcalls time to probe. Do the same to avoid leaving some PDs
dangling at "on" (which actually happened on qcom!).
Fixes: 2fe71dcdfd10 ("PM / domains: Add late_initcall to disable unused PM domains")
Signed-off-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20231227-topic-pmdomain_sync_cleanup-v1-1-5f36769d538b@linaro.org
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/base/power/domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -1052,7 +1052,7 @@ static int __init genpd_power_off_unused
return 0;
}
-late_initcall(genpd_power_off_unused);
+late_initcall_sync(genpd_power_off_unused);
#ifdef CONFIG_PM_SLEEP
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 165/197] fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (163 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 164/197] pmdomain: core: Move the unused cleanup to a _sync initcall Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 166/197] tracing: Inform kmemleak of saved_cmdlines allocation Greg Kroah-Hartman
` (35 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Oleg Nesterov, Dylan Hatch,
Eric W. Biederman, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oleg Nesterov <oleg@redhat.com>
commit 60f92acb60a989b14e4b744501a0df0f82ef30a3 upstream.
Patch series "fs/proc: do_task_stat: use sig->stats_".
do_task_stat() has the same problem as getrusage() had before "getrusage:
use sig->stats_lock rather than lock_task_sighand()": a hard lockup. If
NR_CPUS threads call lock_task_sighand() at the same time and the process
has NR_THREADS, spin_lock_irq will spin with irqs disabled O(NR_CPUS *
NR_THREADS) time.
This patch (of 3):
thread_group_cputime() does its own locking, we can safely shift
thread_group_cputime_adjusted() which does another for_each_thread loop
outside of ->siglock protected section.
Not only this removes for_each_thread() from the critical section with
irqs disabled, this removes another case when stats_lock is taken with
siglock held. We want to remove this dependency, then we can change the
users of stats_lock to not disable irqs.
Link: https://lkml.kernel.org/r/20240123153313.GA21832@redhat.com
Link: https://lkml.kernel.org/r/20240123153355.GA21854@redhat.com
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Dylan Hatch <dylanbhatch@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/proc/array.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/fs/proc/array.c
+++ b/fs/proc/array.c
@@ -501,7 +501,7 @@ static int do_task_stat(struct seq_file
sigemptyset(&sigign);
sigemptyset(&sigcatch);
- cutime = cstime = utime = stime = 0;
+ cutime = cstime = 0;
cgtime = gtime = 0;
if (lock_task_sighand(task, &flags)) {
@@ -535,7 +535,6 @@ static int do_task_stat(struct seq_file
min_flt += sig->min_flt;
maj_flt += sig->maj_flt;
- thread_group_cputime_adjusted(task, &utime, &stime);
gtime += sig->gtime;
if (sig->flags & (SIGNAL_GROUP_EXIT | SIGNAL_STOP_STOPPED))
@@ -551,10 +550,13 @@ static int do_task_stat(struct seq_file
if (permitted && (!whole || num_threads < 2))
wchan = !task_is_running(task);
- if (!whole) {
+
+ if (whole) {
+ thread_group_cputime_adjusted(task, &utime, &stime);
+ } else {
+ task_cputime_adjusted(task, &utime, &stime);
min_flt = task->min_flt;
maj_flt = task->maj_flt;
- task_cputime_adjusted(task, &utime, &stime);
gtime = task_gtime(task);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 166/197] tracing: Inform kmemleak of saved_cmdlines allocation
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (164 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 165/197] fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 167/197] xfrm: Use xfrm_state selector for BEET input Greg Kroah-Hartman
` (34 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Masami Hiramatsu, Mathieu Desnoyers,
Catalin Marinas, Kalle Valo, Steven Rostedt (Google)
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Steven Rostedt (Google) <rostedt@goodmis.org>
commit 2394ac4145ea91b92271e675a09af2a9ea6840b7 upstream.
The allocation of the struct saved_cmdlines_buffer structure changed from:
s = kmalloc(sizeof(*s), GFP_KERNEL);
s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL);
to:
orig_size = sizeof(*s) + val * TASK_COMM_LEN;
order = get_order(orig_size);
size = 1 << (order + PAGE_SHIFT);
page = alloc_pages(GFP_KERNEL, order);
if (!page)
return NULL;
s = page_address(page);
memset(s, 0, sizeof(*s));
s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL);
Where that s->saved_cmdlines allocation looks to be a dangling allocation
to kmemleak. That's because kmemleak only keeps track of kmalloc()
allocations. For allocations that use page_alloc() directly, the kmemleak
needs to be explicitly informed about it.
Add kmemleak_alloc() and kmemleak_free() around the page allocation so
that it doesn't give the following false positive:
unreferenced object 0xffff8881010c8000 (size 32760):
comm "swapper", pid 0, jiffies 4294667296
hex dump (first 32 bytes):
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................
backtrace (crc ae6ec1b9):
[<ffffffff86722405>] kmemleak_alloc+0x45/0x80
[<ffffffff8414028d>] __kmalloc_large_node+0x10d/0x190
[<ffffffff84146ab1>] __kmalloc+0x3b1/0x4c0
[<ffffffff83ed7103>] allocate_cmdlines_buffer+0x113/0x230
[<ffffffff88649c34>] tracer_alloc_buffers.isra.0+0x124/0x460
[<ffffffff8864a174>] early_trace_init+0x14/0xa0
[<ffffffff885dd5ae>] start_kernel+0x12e/0x3c0
[<ffffffff885f5758>] x86_64_start_reservations+0x18/0x30
[<ffffffff885f582b>] x86_64_start_kernel+0x7b/0x80
[<ffffffff83a001c3>] secondary_startup_64_no_verify+0x15e/0x16b
Link: https://lore.kernel.org/linux-trace-kernel/87r0hfnr9r.fsf@kernel.org/
Link: https://lore.kernel.org/linux-trace-kernel/20240214112046.09a322d6@gandalf.local.home
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Fixes: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic")
Reported-by: Kalle Valo <kvalo@kernel.org>
Tested-by: Kalle Valo <kvalo@kernel.org>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/trace/trace.c | 3 +++
1 file changed, 3 insertions(+)
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -40,6 +40,7 @@
#include <linux/ctype.h>
#include <linux/init.h>
#include <linux/panic_notifier.h>
+#include <linux/kmemleak.h>
#include <linux/poll.h>
#include <linux/nmi.h>
#include <linux/fs.h>
@@ -2268,6 +2269,7 @@ static void free_saved_cmdlines_buffer(s
int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN);
kfree(s->map_cmdline_to_pid);
+ kmemleak_free(s);
free_pages((unsigned long)s, order);
}
@@ -2287,6 +2289,7 @@ static struct saved_cmdlines_buffer *all
return NULL;
s = page_address(page);
+ kmemleak_alloc(s, size, 1, GFP_KERNEL);
memset(s, 0, sizeof(*s));
/* Round up to actual allocation */
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 167/197] xfrm: Use xfrm_state selector for BEET input
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (165 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 166/197] tracing: Inform kmemleak of saved_cmdlines allocation Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 168/197] xfrm: Silence warnings triggerable by bad packets Greg Kroah-Hartman
` (33 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Steffen Klassert, Herbert Xu
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 842665a9008a53ff13ac22a4e4b8ae2f10e92aca upstream.
For BEET the inner address and therefore family is stored in the
xfrm_state selector. Use that when decapsulating an input packet
instead of incorrectly relying on a non-existent tunnel protocol.
Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
Reported-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_input.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -331,11 +331,10 @@ xfrm_inner_mode_encap_remove(struct xfrm
{
switch (x->props.mode) {
case XFRM_MODE_BEET:
- switch (XFRM_MODE_SKB_CB(skb)->protocol) {
- case IPPROTO_IPIP:
- case IPPROTO_BEETPH:
+ switch (x->sel.family) {
+ case AF_INET:
return xfrm4_remove_beet_encap(x, skb);
- case IPPROTO_IPV6:
+ case AF_INET6:
return xfrm6_remove_beet_encap(x, skb);
}
break;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 168/197] xfrm: Silence warnings triggerable by bad packets
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (166 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 167/197] xfrm: Use xfrm_state selector for BEET input Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 169/197] tls: fix NULL deref on tls_sw_splice_eof() with empty record Greg Kroah-Hartman
` (32 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Maciej Żenczykowski, Herbert Xu,
Steffen Klassert
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Herbert Xu <herbert@gondor.apana.org.au>
commit 57010b8ece2821a1fdfdba2197d14a022f3769db upstream.
After the elimination of inner modes, a couple of warnings that
were previously unreachable can now be triggered by malformed
inbound packets.
Fix this by:
1. Moving the setting of skb->protocol into the decap functions.
2. Returning -EINVAL when unexpected protocol is seen.
Reported-by: Maciej Żenczykowski<maze@google.com>
Fixes: 5f24f41e8ea6 ("xfrm: Remove inner/outer modes from input path")
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Maciej Żenczykowski <maze@google.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/xfrm/xfrm_input.c | 22 +++++++++-------------
1 file changed, 9 insertions(+), 13 deletions(-)
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -180,6 +180,8 @@ static int xfrm4_remove_beet_encap(struc
int optlen = 0;
int err = -EINVAL;
+ skb->protocol = htons(ETH_P_IP);
+
if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) {
struct ip_beet_phdr *ph;
int phlen;
@@ -232,6 +234,8 @@ static int xfrm4_remove_tunnel_encap(str
{
int err = -EINVAL;
+ skb->protocol = htons(ETH_P_IP);
+
if (!pskb_may_pull(skb, sizeof(struct iphdr)))
goto out;
@@ -267,6 +271,8 @@ static int xfrm6_remove_tunnel_encap(str
{
int err = -EINVAL;
+ skb->protocol = htons(ETH_P_IPV6);
+
if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
goto out;
@@ -296,6 +302,8 @@ static int xfrm6_remove_beet_encap(struc
int size = sizeof(struct ipv6hdr);
int err;
+ skb->protocol = htons(ETH_P_IPV6);
+
err = skb_cow_head(skb, size + skb->mac_len);
if (err)
goto out;
@@ -346,6 +354,7 @@ xfrm_inner_mode_encap_remove(struct xfrm
return xfrm6_remove_tunnel_encap(x, skb);
break;
}
+ return -EINVAL;
}
WARN_ON_ONCE(1);
@@ -366,19 +375,6 @@ static int xfrm_prepare_input(struct xfr
return -EAFNOSUPPORT;
}
- switch (XFRM_MODE_SKB_CB(skb)->protocol) {
- case IPPROTO_IPIP:
- case IPPROTO_BEETPH:
- skb->protocol = htons(ETH_P_IP);
- break;
- case IPPROTO_IPV6:
- skb->protocol = htons(ETH_P_IPV6);
- break;
- default:
- WARN_ON_ONCE(1);
- break;
- }
-
return xfrm_inner_mode_encap_remove(x, skb);
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 169/197] tls: fix NULL deref on tls_sw_splice_eof() with empty record
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (167 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 168/197] xfrm: Silence warnings triggerable by bad packets Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 170/197] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Greg Kroah-Hartman
` (31 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+40d43509a099ea756317,
Jann Horn, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jann Horn <jannh@google.com>
commit 53f2cb491b500897a619ff6abd72f565933760f0 upstream.
syzkaller discovered that if tls_sw_splice_eof() is executed as part of
sendfile() when the plaintext/ciphertext sk_msg are empty, the send path
gets confused because the empty ciphertext buffer does not have enough
space for the encryption overhead. This causes tls_push_record() to go on
the `split = true` path (which is only supposed to be used when interacting
with an attached BPF program), and then get further confused and hit the
tls_merge_open_record() path, which then assumes that there must be at
least one populated buffer element, leading to a NULL deref.
It is possible to have empty plaintext/ciphertext buffers if we previously
bailed from tls_sw_sendmsg_locked() via the tls_trim_both_msgs() path.
tls_sw_push_pending_record() already handles this case correctly; let's do
the same check in tls_sw_splice_eof().
Fixes: df720d288dbb ("tls/sw: Use splice_eof() to flush")
Cc: stable@vger.kernel.org
Reported-by: syzbot+40d43509a099ea756317@syzkaller.appspotmail.com
Signed-off-by: Jann Horn <jannh@google.com>
Link: https://lore.kernel.org/r/20231122214447.675768-1-jannh@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tls/tls_sw.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1179,11 +1179,14 @@ void tls_sw_splice_eof(struct socket *so
lock_sock(sk);
retry:
+ /* same checks as in tls_sw_push_pending_record() */
rec = ctx->open_rec;
if (!rec)
goto unlock;
msg_pl = &rec->msg_plaintext;
+ if (msg_pl->sg.size == 0)
+ goto unlock;
/* Check the BPF advisor and perform transmission. */
ret = bpf_exec_tx_verdict(msg_pl, sk, false, TLS_RECORD_TYPE_DATA,
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 170/197] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (168 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 169/197] tls: fix NULL deref on tls_sw_splice_eof() with empty record Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 171/197] selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Greg Kroah-Hartman
` (30 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ryan Roberts, Pedro Demarchi Gomes,
Shuah Khan, Andrew Morton, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ryan Roberts <ryan.roberts@arm.com>
[ Upstream commit d021b442cf312664811783e92b3d5e4548e92a53 ]
ksm_tests was previously mmapping a region of memory, aligning the
returned pointer to a PMD boundary, then setting MADV_HUGEPAGE, but was
setting it past the end of the mmapped area due to not taking the pointer
alignment into consideration. Fix this behaviour.
Up until commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP
boundaries"), this buggy behavior was (usually) masked because the
alignment difference was always less than PMD-size. But since the
mentioned commit, `ksm_tests -H -s 100` started failing.
Link: https://lkml.kernel.org/r/20240122120554.3108022-1-ryan.roberts@arm.com
Fixes: 325254899684 ("selftests: vm: add KSM huge pages merging time test")
Signed-off-by: Ryan Roberts <ryan.roberts@arm.com>
Cc: Pedro Demarchi Gomes <pedrodemargomes@gmail.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/vm/ksm_tests.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/vm/ksm_tests.c b/tools/testing/selftests/vm/ksm_tests.c
index 0d85be2350fa..a81165930785 100644
--- a/tools/testing/selftests/vm/ksm_tests.c
+++ b/tools/testing/selftests/vm/ksm_tests.c
@@ -470,7 +470,7 @@ static int ksm_merge_hugepages_time(int mapping, int prot, int timeout, size_t m
if (map_ptr_orig == MAP_FAILED)
err(2, "initial mmap");
- if (madvise(map_ptr, len + HPAGE_SIZE, MADV_HUGEPAGE))
+ if (madvise(map_ptr, len, MADV_HUGEPAGE))
err(2, "MADV_HUGEPAGE");
pagemap_fd = open("/proc/self/pagemap", O_RDONLY);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 171/197] selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (169 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 170/197] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 172/197] md: bypass block throttle for superblock update Greg Kroah-Hartman
` (29 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Audra Mitchell, Rafael Aquini,
Shuah Khan, Adam Sindelar, Andrew Morton, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Audra Mitchell <audra@redhat.com>
[ Upstream commit 52e63d67b5bb423b33d7a262ac7f8bd375a90145 ]
In order for the page table level 5 to be in use, the CPU must have the
setting enabled in addition to the CONFIG option. Check for the flag to be
set to avoid false test failures on systems that do not have this cpu flag
set.
The test does a series of mmap calls including three using the
MAP_FIXED flag and specifying an address that is 1<<47 or 1<<48. These
addresses are only available if you are using level 5 page tables,
which requires both the CPU to have the capabiltiy (la57 flag) and the
kernel to be configured. Currently the test only checks for the kernel
configuration option, so this test can still report a false positive.
Here are the three failing lines:
$ ./va_high_addr_switch | grep FAILED
mmap(ADDR_SWITCH_HINT, 2 * PAGE_SIZE, MAP_FIXED): 0xffffffffffffffff - FAILED
mmap(HIGH_ADDR, MAP_FIXED): 0xffffffffffffffff - FAILED
mmap(ADDR_SWITCH_HINT, 2 * PAGE_SIZE, MAP_FIXED): 0xffffffffffffffff - FAILED
I thought (for about a second) refactoring the test so that these three
mmap calls will only be run on systems with the level 5 page tables
available, but the whole point of the test is to check the level 5
feature...
Link: https://lkml.kernel.org/r/20240119205801.62769-1-audra@redhat.com
Fixes: 4f2930c6718a ("selftests/vm: only run 128TBswitch with 5-level paging")
Signed-off-by: Audra Mitchell <audra@redhat.com>
Cc: Rafael Aquini <raquini@redhat.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Adam Sindelar <adam@wowsignal.io>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
tools/testing/selftests/vm/va_128TBswitch.sh | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/testing/selftests/vm/va_128TBswitch.sh b/tools/testing/selftests/vm/va_128TBswitch.sh
index 41580751dc51..231622b3a232 100755
--- a/tools/testing/selftests/vm/va_128TBswitch.sh
+++ b/tools/testing/selftests/vm/va_128TBswitch.sh
@@ -29,9 +29,15 @@ check_supported_x86_64()
# See man 1 gzip under '-f'.
local pg_table_levels=$(gzip -dcfq "${config}" | grep PGTABLE_LEVELS | cut -d'=' -f 2)
+ local cpu_supports_pl5=$(awk '/^flags/ {if (/la57/) {print 0;}
+ else {print 1}; exit}' /proc/cpuinfo 2>/dev/null)
+
if [[ "${pg_table_levels}" -lt 5 ]]; then
echo "$0: PGTABLE_LEVELS=${pg_table_levels}, must be >= 5 to run this test"
exit $ksft_skip
+ elif [[ "${cpu_supports_pl5}" -ne 0 ]]; then
+ echo "$0: CPU does not have the necessary la57 flag to support page table level 5"
+ exit $ksft_skip
fi
}
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 172/197] md: bypass block throttle for superblock update
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (170 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 171/197] selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 173/197] ARM: dts: imx6q-apalis: add can power-up delay on ixora board Greg Kroah-Hartman
` (28 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Yu Kuai, Junxiao Bi, Logan Gunthorpe,
Song Liu, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Junxiao Bi <junxiao.bi@oracle.com>
[ Upstream commit d6e035aad6c09991da1c667fb83419329a3baed8 ]
commit 5e2cf333b7bd ("md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d")
introduced a hung bug and will be reverted in next patch, since the issue
that commit is fixing is due to md superblock write is throttled by wbt,
to fix it, we can have superblock write bypass block layer throttle.
Fixes: 5e2cf333b7bd ("md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d")
Cc: stable@vger.kernel.org # v5.19+
Suggested-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Reviewed-by: Logan Gunthorpe <logang@deltatee.com>
Reviewed-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20231108182216.73611-1-junxiao.bi@oracle.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/md/md.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/md/md.c b/drivers/md/md.c
index 3ccf1920682c..c7efe1522951 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -963,9 +963,10 @@ void md_super_write(struct mddev *mddev, struct md_rdev *rdev,
return;
bio = bio_alloc_bioset(rdev->meta_bdev ? rdev->meta_bdev : rdev->bdev,
- 1,
- REQ_OP_WRITE | REQ_SYNC | REQ_PREFLUSH | REQ_FUA,
- GFP_NOIO, &mddev->sync_set);
+ 1,
+ REQ_OP_WRITE | REQ_SYNC | REQ_IDLE | REQ_META
+ | REQ_PREFLUSH | REQ_FUA,
+ GFP_NOIO, &mddev->sync_set);
atomic_inc(&rdev->nr_pending);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 173/197] ARM: dts: imx6q-apalis: add can power-up delay on ixora board
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (171 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 172/197] md: bypass block throttle for superblock update Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset Greg Kroah-Hartman
` (27 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Andrejs Cainikovs, Shawn Guo,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Andrejs Cainikovs <andrejs.cainikovs@toradex.com>
[ Upstream commit b76bbf835d8945080b22b52fc1e6f41cde06865d ]
Newer variants of Ixora boards require a power-up delay when powering up
the CAN transceiver of up to 1ms.
Cc: stable@vger.kernel.org
Signed-off-by: Andrejs Cainikovs <andrejs.cainikovs@toradex.com>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts b/arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts
index f9f7d99bd4db..76f3e07bc882 100644
--- a/arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts
+++ b/arch/arm/boot/dts/imx6q-apalis-ixora-v1.2.dts
@@ -76,6 +76,7 @@ reg_can1_supply: regulator-can1-supply {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enable_can1_power>;
regulator-name = "can1_supply";
+ startup-delay-us = <1000>;
};
reg_can2_supply: regulator-can2-supply {
@@ -85,6 +86,7 @@ reg_can2_supply: regulator-can2-supply {
pinctrl-names = "default";
pinctrl-0 = <&pinctrl_enable_can2_power>;
regulator-name = "can2_supply";
+ startup-delay-us = <1000>;
};
};
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (172 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 173/197] ARM: dts: imx6q-apalis: add can power-up delay on ixora board Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-21 8:03 ` Francesco Dolcini
2024-02-20 20:52 ` [PATCH 6.1 175/197] wifi: mwifiex: add extra delay for firmware ready Greg Kroah-Hartman
` (26 subsequent siblings)
200 siblings, 1 reply; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Lukas Wunner, Kalle Valo,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lukas Wunner <lukas@wunner.de>
[ Upstream commit bba047f15851c8b053221f1b276eb7682d59f755 ]
The Marvell SD8978 (aka NXP IW416) uses identical registers as SD8987,
so reuse the existing mwifiex_reg_sd8987 definition.
Note that mwifiex_reg_sd8977 and mwifiex_reg_sd8997 are likewise
identical, save for the fw_dump_ctrl register: They define it as 0xf0
whereas mwifiex_reg_sd8987 defines it as 0xf9. I've verified that
0xf9 is the correct value on SD8978. NXP's out-of-tree driver uses
0xf9 for all of them, so there's a chance that 0xf0 is not correct
in the mwifiex_reg_sd8977 and mwifiex_reg_sd8997 definitions. I cannot
test that for lack of hardware, hence am leaving it as is.
NXP has only released a firmware which runs Bluetooth over UART.
Perhaps Bluetooth over SDIO is unsupported by this chipset.
Consequently, only an "sdiouart" firmware image is referenced, not an
alternative "sdsd" image.
Signed-off-by: Lukas Wunner <lukas@wunner.de>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://lore.kernel.org/r/536b4f17a72ca460ad1b07045757043fb0778988.1674827105.git.lukas@wunner.de
Stable-dep-of: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
.../bindings/net/wireless/marvell-8xxx.txt | 4 ++-
drivers/net/wireless/marvell/mwifiex/Kconfig | 5 ++--
drivers/net/wireless/marvell/mwifiex/sdio.c | 25 +++++++++++++++++--
drivers/net/wireless/marvell/mwifiex/sdio.h | 1 +
include/linux/mmc/sdio_ids.h | 1 +
5 files changed, 31 insertions(+), 5 deletions(-)
diff --git a/Documentation/devicetree/bindings/net/wireless/marvell-8xxx.txt b/Documentation/devicetree/bindings/net/wireless/marvell-8xxx.txt
index 9bf9bbac16e2..cdc303caf5f4 100644
--- a/Documentation/devicetree/bindings/net/wireless/marvell-8xxx.txt
+++ b/Documentation/devicetree/bindings/net/wireless/marvell-8xxx.txt
@@ -1,4 +1,4 @@
-Marvell 8787/8897/8997 (sd8787/sd8897/sd8997/pcie8997) SDIO/PCIE devices
+Marvell 8787/8897/8978/8997 (sd8787/sd8897/sd8978/sd8997/pcie8997) SDIO/PCIE devices
------
This node provides properties for controlling the Marvell SDIO/PCIE wireless device.
@@ -10,7 +10,9 @@ Required properties:
- compatible : should be one of the following:
* "marvell,sd8787"
* "marvell,sd8897"
+ * "marvell,sd8978"
* "marvell,sd8997"
+ * "nxp,iw416"
* "pci11ab,2b42"
* "pci1b4b,2b42"
diff --git a/drivers/net/wireless/marvell/mwifiex/Kconfig b/drivers/net/wireless/marvell/mwifiex/Kconfig
index 2b4ff2b78a7e..b182f7155d66 100644
--- a/drivers/net/wireless/marvell/mwifiex/Kconfig
+++ b/drivers/net/wireless/marvell/mwifiex/Kconfig
@@ -10,13 +10,14 @@ config MWIFIEX
mwifiex.
config MWIFIEX_SDIO
- tristate "Marvell WiFi-Ex Driver for SD8786/SD8787/SD8797/SD8887/SD8897/SD8977/SD8987/SD8997"
+ tristate "Marvell WiFi-Ex Driver for SD8786/SD8787/SD8797/SD8887/SD8897/SD8977/SD8978/SD8987/SD8997"
depends on MWIFIEX && MMC
select FW_LOADER
select WANT_DEV_COREDUMP
help
This adds support for wireless adapters based on Marvell
- 8786/8787/8797/8887/8897/8977/8987/8997 chipsets with SDIO interface.
+ 8786/8787/8797/8887/8897/8977/8978/8987/8997 chipsets with
+ SDIO interface. SD8978 is also known as NXP IW416.
If you choose to build it as a module, it will be called
mwifiex_sdio.
diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
index ea1c1c2412e7..a24bd40dd41a 100644
--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
@@ -263,7 +263,7 @@ static const struct mwifiex_sdio_card_reg mwifiex_reg_sd8887 = {
0x68, 0x69, 0x6a},
};
-static const struct mwifiex_sdio_card_reg mwifiex_reg_sd8987 = {
+static const struct mwifiex_sdio_card_reg mwifiex_reg_sd89xx = {
.start_rd_port = 0,
.start_wr_port = 0,
.base_0_reg = 0xF8,
@@ -394,6 +394,22 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8977 = {
.can_ext_scan = true,
};
+static const struct mwifiex_sdio_device mwifiex_sdio_sd8978 = {
+ .firmware_sdiouart = SD8978_SDIOUART_FW_NAME,
+ .reg = &mwifiex_reg_sd89xx,
+ .max_ports = 32,
+ .mp_agg_pkt_limit = 16,
+ .tx_buf_size = MWIFIEX_TX_DATA_BUF_SIZE_4K,
+ .mp_tx_agg_buf_size = MWIFIEX_MP_AGGR_BUF_SIZE_MAX,
+ .mp_rx_agg_buf_size = MWIFIEX_MP_AGGR_BUF_SIZE_MAX,
+ .supports_sdio_new_mode = true,
+ .has_control_mask = false,
+ .can_dump_fw = true,
+ .fw_dump_enh = true,
+ .can_auto_tdls = false,
+ .can_ext_scan = true,
+};
+
static const struct mwifiex_sdio_device mwifiex_sdio_sd8997 = {
.firmware = SD8997_DEFAULT_FW_NAME,
.firmware_sdiouart = SD8997_SDIOUART_FW_NAME,
@@ -428,7 +444,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8887 = {
static const struct mwifiex_sdio_device mwifiex_sdio_sd8987 = {
.firmware = SD8987_DEFAULT_FW_NAME,
- .reg = &mwifiex_reg_sd8987,
+ .reg = &mwifiex_reg_sd89xx,
.max_ports = 32,
.mp_agg_pkt_limit = 16,
.tx_buf_size = MWIFIEX_TX_DATA_BUF_SIZE_2K,
@@ -482,7 +498,9 @@ static struct memory_type_mapping mem_type_mapping_tbl[] = {
static const struct of_device_id mwifiex_sdio_of_match_table[] __maybe_unused = {
{ .compatible = "marvell,sd8787" },
{ .compatible = "marvell,sd8897" },
+ { .compatible = "marvell,sd8978" },
{ .compatible = "marvell,sd8997" },
+ { .compatible = "nxp,iw416" },
{ }
};
@@ -920,6 +938,8 @@ static const struct sdio_device_id mwifiex_ids[] = {
.driver_data = (unsigned long)&mwifiex_sdio_sd8801},
{SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, SDIO_DEVICE_ID_MARVELL_8977_WLAN),
.driver_data = (unsigned long)&mwifiex_sdio_sd8977},
+ {SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, SDIO_DEVICE_ID_MARVELL_8978_WLAN),
+ .driver_data = (unsigned long)&mwifiex_sdio_sd8978},
{SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, SDIO_DEVICE_ID_MARVELL_8987_WLAN),
.driver_data = (unsigned long)&mwifiex_sdio_sd8987},
{SDIO_DEVICE(SDIO_VENDOR_ID_MARVELL, SDIO_DEVICE_ID_MARVELL_8997_WLAN),
@@ -3164,6 +3184,7 @@ MODULE_FIRMWARE(SD8797_DEFAULT_FW_NAME);
MODULE_FIRMWARE(SD8897_DEFAULT_FW_NAME);
MODULE_FIRMWARE(SD8887_DEFAULT_FW_NAME);
MODULE_FIRMWARE(SD8977_DEFAULT_FW_NAME);
+MODULE_FIRMWARE(SD8978_SDIOUART_FW_NAME);
MODULE_FIRMWARE(SD8987_DEFAULT_FW_NAME);
MODULE_FIRMWARE(SD8997_DEFAULT_FW_NAME);
MODULE_FIRMWARE(SD8997_SDIOUART_FW_NAME);
diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.h b/drivers/net/wireless/marvell/mwifiex/sdio.h
index 3a24bb48b299..ae94c172310f 100644
--- a/drivers/net/wireless/marvell/mwifiex/sdio.h
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.h
@@ -25,6 +25,7 @@
#define SD8887_DEFAULT_FW_NAME "mrvl/sd8887_uapsta.bin"
#define SD8801_DEFAULT_FW_NAME "mrvl/sd8801_uapsta.bin"
#define SD8977_DEFAULT_FW_NAME "mrvl/sdsd8977_combo_v2.bin"
+#define SD8978_SDIOUART_FW_NAME "mrvl/sdiouartiw416_combo_v0.bin"
#define SD8987_DEFAULT_FW_NAME "mrvl/sd8987_uapsta.bin"
#define SD8997_DEFAULT_FW_NAME "mrvl/sdsd8997_combo_v4.bin"
#define SD8997_SDIOUART_FW_NAME "mrvl/sdiouart8997_combo_v4.bin"
diff --git a/include/linux/mmc/sdio_ids.h b/include/linux/mmc/sdio_ids.h
index 74f9d9a6d330..0e4ef9c5127a 100644
--- a/include/linux/mmc/sdio_ids.h
+++ b/include/linux/mmc/sdio_ids.h
@@ -102,6 +102,7 @@
#define SDIO_DEVICE_ID_MARVELL_8977_BT 0x9146
#define SDIO_DEVICE_ID_MARVELL_8987_WLAN 0x9149
#define SDIO_DEVICE_ID_MARVELL_8987_BT 0x914a
+#define SDIO_DEVICE_ID_MARVELL_8978_WLAN 0x9159
#define SDIO_VENDOR_ID_MEDIATEK 0x037a
#define SDIO_DEVICE_ID_MEDIATEK_MT7663 0x7663
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 175/197] wifi: mwifiex: add extra delay for firmware ready
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (173 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 176/197] bus: moxtet: Add spi device table Greg Kroah-Hartman
` (25 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Lin, Francesco Dolcini,
Brian Norris, Kalle Valo, Sasha Levin, Marcel Ziswiler
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Lin <yu-hao.lin@nxp.com>
[ Upstream commit 1c5d463c0770c6fa2037511a24fb17966fd07d97 ]
For SDIO IW416, due to a bug, FW may return ready before complete full
initialization. Command timeout may occur at driver load after reboot.
Workaround by adding 100ms delay at checking FW status.
Signed-off-by: David Lin <yu-hao.lin@nxp.com>
Cc: stable@vger.kernel.org
Reviewed-by: Francesco Dolcini <francesco.dolcini@toradex.com>
Acked-by: Brian Norris <briannorris@chromium.org>
Tested-by: Marcel Ziswiler <marcel.ziswiler@toradex.com> # Verdin AM62 (IW416)
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20231208234029.2197-1-yu-hao.lin@nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sdio.c | 19 +++++++++++++++++++
drivers/net/wireless/marvell/mwifiex/sdio.h | 2 ++
2 files changed, 21 insertions(+)
diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
index a24bd40dd41a..e55747b50dbf 100644
--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
@@ -331,6 +331,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8786 = {
.can_dump_fw = false,
.can_auto_tdls = false,
.can_ext_scan = false,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8787 = {
@@ -346,6 +347,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8787 = {
.can_dump_fw = false,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8797 = {
@@ -361,6 +363,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8797 = {
.can_dump_fw = false,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8897 = {
@@ -376,6 +379,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8897 = {
.can_dump_fw = true,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8977 = {
@@ -392,6 +396,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8977 = {
.fw_dump_enh = true,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8978 = {
@@ -408,6 +413,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8978 = {
.fw_dump_enh = true,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = true,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8997 = {
@@ -425,6 +431,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8997 = {
.fw_dump_enh = true,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8887 = {
@@ -440,6 +447,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8887 = {
.can_dump_fw = false,
.can_auto_tdls = true,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8987 = {
@@ -456,6 +464,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8987 = {
.fw_dump_enh = true,
.can_auto_tdls = true,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static const struct mwifiex_sdio_device mwifiex_sdio_sd8801 = {
@@ -471,6 +480,7 @@ static const struct mwifiex_sdio_device mwifiex_sdio_sd8801 = {
.can_dump_fw = false,
.can_auto_tdls = false,
.can_ext_scan = true,
+ .fw_ready_extra_delay = false,
};
static struct memory_type_mapping generic_mem_type_map[] = {
@@ -563,6 +573,7 @@ mwifiex_sdio_probe(struct sdio_func *func, const struct sdio_device_id *id)
card->fw_dump_enh = data->fw_dump_enh;
card->can_auto_tdls = data->can_auto_tdls;
card->can_ext_scan = data->can_ext_scan;
+ card->fw_ready_extra_delay = data->fw_ready_extra_delay;
INIT_WORK(&card->work, mwifiex_sdio_work);
}
@@ -766,6 +777,7 @@ mwifiex_sdio_read_fw_status(struct mwifiex_adapter *adapter, u16 *dat)
static int mwifiex_check_fw_status(struct mwifiex_adapter *adapter,
u32 poll_num)
{
+ struct sdio_mmc_card *card = adapter->card;
int ret = 0;
u16 firmware_stat;
u32 tries;
@@ -783,6 +795,13 @@ static int mwifiex_check_fw_status(struct mwifiex_adapter *adapter,
ret = -1;
}
+ if (card->fw_ready_extra_delay &&
+ firmware_stat == FIRMWARE_READY_SDIO)
+ /* firmware might pretend to be ready, when it's not.
+ * Wait a little bit more as a workaround.
+ */
+ msleep(100);
+
return ret;
}
diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.h b/drivers/net/wireless/marvell/mwifiex/sdio.h
index ae94c172310f..a5112cb35cdc 100644
--- a/drivers/net/wireless/marvell/mwifiex/sdio.h
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.h
@@ -258,6 +258,7 @@ struct sdio_mmc_card {
bool fw_dump_enh;
bool can_auto_tdls;
bool can_ext_scan;
+ bool fw_ready_extra_delay;
struct mwifiex_sdio_mpa_tx mpa_tx;
struct mwifiex_sdio_mpa_rx mpa_rx;
@@ -281,6 +282,7 @@ struct mwifiex_sdio_device {
bool fw_dump_enh;
bool can_auto_tdls;
bool can_ext_scan;
+ bool fw_ready_extra_delay;
};
/*
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 176/197] bus: moxtet: Add spi device table
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (174 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 175/197] wifi: mwifiex: add extra delay for firmware ready Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 177/197] arm64: dts: qcom: msm8916: Enable blsp_dma by default Greg Kroah-Hartman
` (24 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Sjoerd Simons, Marek Behún,
Gregory CLEMENT, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Sjoerd Simons <sjoerd@collabora.com>
[ Upstream commit aaafe88d5500ba18b33be72458439367ef878788 ]
The moxtet module fails to auto-load on. Add a SPI id table to
allow it to do so.
Signed-off-by: Sjoerd Simons <sjoerd@collabora.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: Marek Behún <kabel@kernel.org>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/bus/moxtet.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/bus/moxtet.c b/drivers/bus/moxtet.c
index 5eb0fe73ddc4..79fc96c8d836 100644
--- a/drivers/bus/moxtet.c
+++ b/drivers/bus/moxtet.c
@@ -830,6 +830,12 @@ static void moxtet_remove(struct spi_device *spi)
mutex_destroy(&moxtet->lock);
}
+static const struct spi_device_id moxtet_spi_ids[] = {
+ { "moxtet" },
+ { },
+};
+MODULE_DEVICE_TABLE(spi, moxtet_spi_ids);
+
static const struct of_device_id moxtet_dt_ids[] = {
{ .compatible = "cznic,moxtet" },
{},
@@ -841,6 +847,7 @@ static struct spi_driver moxtet_spi_driver = {
.name = "moxtet",
.of_match_table = moxtet_dt_ids,
},
+ .id_table = moxtet_spi_ids,
.probe = moxtet_probe,
.remove = moxtet_remove,
};
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 177/197] arm64: dts: qcom: msm8916: Enable blsp_dma by default
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (175 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 176/197] bus: moxtet: Add spi device table Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 178/197] arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Greg Kroah-Hartman
` (23 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephan Gerhold, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephan Gerhold <stephan@gerhold.net>
[ Upstream commit 0154d3594af3c198532ac7b4ab70f50fb5207a15 ]
Adding the "dmas" to the I2C controllers prevents probing them if
blsp_dma is disabled (infinite probe deferral). Avoid this by enabling
blsp_dma by default - it's an integral part of the SoC that is almost
always used (even if just for UART).
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230107110958.5762-2-stephan@gerhold.net
Stable-dep-of: 7c45b6ddbcff ("arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely")
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/apq8016-sbc.dts | 4 ----
arch/arm64/boot/dts/qcom/msm8916.dtsi | 1 -
2 files changed, 5 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/apq8016-sbc.dts b/arch/arm64/boot/dts/qcom/apq8016-sbc.dts
index 9d116e1fbe10..1ac4f8c24e23 100644
--- a/arch/arm64/boot/dts/qcom/apq8016-sbc.dts
+++ b/arch/arm64/boot/dts/qcom/apq8016-sbc.dts
@@ -169,10 +169,6 @@ led@6 {
};
};
-&blsp_dma {
- status = "okay";
-};
-
&blsp_i2c2 {
/* On Low speed expansion */
status = "okay";
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index bafac2cf7e3d..f0d097ade84c 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -1522,7 +1522,6 @@ blsp_dma: dma-controller@7884000 {
clock-names = "bam_clk";
#dma-cells = <1>;
qcom,ee = <0>;
- status = "disabled";
};
blsp1_uart1: serial@78af000 {
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 178/197] arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (176 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 177/197] arm64: dts: qcom: msm8916: Enable blsp_dma by default Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 179/197] arm64: dts: qcom: sdm845: fix USB SS wakeup Greg Kroah-Hartman
` (22 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Stephan Gerhold, Bryan ODonoghue,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stephan Gerhold <stephan@gerhold.net>
[ Upstream commit 7c45b6ddbcff01f9934d11802010cfeb0879e693 ]
The blsp_dma controller is shared between the different subsystems,
which is why it is already initialized by the firmware. We should not
reinitialize it from Linux to avoid potential other users of the DMA
engine to misbehave.
In mainline this can be described using the "qcom,controlled-remotely"
property. In the downstream/vendor kernel from Qualcomm there is an
opposite "qcom,managed-locally" property. This property is *not* set
for the qcom,sps-dma@7884000 [1] so adding "qcom,controlled-remotely"
upstream matches the behavior of the downstream/vendor kernel.
Adding this seems to fix some weird issues with UART where both
input/output becomes garbled with certain obscure firmware versions on
some devices.
[1]: https://git.codelinaro.org/clo/la/kernel/msm-3.10/-/blob/LA.BR.1.2.9.1-02310-8x16.0/arch/arm/boot/dts/qcom/msm8916.dtsi#L1466-1472
Cc: stable@vger.kernel.org # 6.5
Fixes: a0e5fb103150 ("arm64: dts: qcom: Add msm8916 BLSP device nodes")
Signed-off-by: Stephan Gerhold <stephan@gerhold.net>
Reviewed-by: Bryan O'Donoghue <bryan.odonoghue@linaro.org>
Link: https://lore.kernel.org/r/20231204-msm8916-blsp-dma-remote-v1-1-3e49c8838c8d@gerhold.net
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/msm8916.dtsi | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/arm64/boot/dts/qcom/msm8916.dtsi b/arch/arm64/boot/dts/qcom/msm8916.dtsi
index f0d097ade84c..987cebbda057 100644
--- a/arch/arm64/boot/dts/qcom/msm8916.dtsi
+++ b/arch/arm64/boot/dts/qcom/msm8916.dtsi
@@ -1522,6 +1522,7 @@ blsp_dma: dma-controller@7884000 {
clock-names = "bam_clk";
#dma-cells = <1>;
qcom,ee = <0>;
+ qcom,controlled-remotely;
};
blsp1_uart1: serial@78af000 {
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 179/197] arm64: dts: qcom: sdm845: fix USB SS wakeup
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (177 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 178/197] arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 180/197] arm64: dts: qcom: sm8150: " Greg Kroah-Hartman
` (21 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Johan Hovold, Konrad Dybcio,
Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit 971f5d8b0618d09db75184ddd8cca0767514db5d ]
The USB SS PHY interrupts need to be provided by the PDC interrupt
controller in order to be able to wake the system up from low-power
states.
Fixes: ca4db2b538a1 ("arm64: dts: qcom: sdm845: Add USB-related nodes")
Cc: stable@vger.kernel.org # 4.20
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20231213173403.29544-4-johan+linaro@kernel.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sdm845.dtsi b/arch/arm64/boot/dts/qcom/sdm845.dtsi
index 4d5905ef0b41..95c515da9f2e 100644
--- a/arch/arm64/boot/dts/qcom/sdm845.dtsi
+++ b/arch/arm64/boot/dts/qcom/sdm845.dtsi
@@ -4049,7 +4049,7 @@ usb_1: usb@a6f8800 {
assigned-clock-rates = <19200000>, <150000000>;
interrupts-extended = <&intc GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>,
- <&intc GIC_SPI 486 IRQ_TYPE_LEVEL_HIGH>,
+ <&pdc_intc 6 IRQ_TYPE_LEVEL_HIGH>,
<&pdc_intc 8 IRQ_TYPE_EDGE_BOTH>,
<&pdc_intc 9 IRQ_TYPE_EDGE_BOTH>;
interrupt-names = "hs_phy_irq", "ss_phy_irq",
@@ -4100,7 +4100,7 @@ usb_2: usb@a8f8800 {
assigned-clock-rates = <19200000>, <150000000>;
interrupts-extended = <&intc GIC_SPI 136 IRQ_TYPE_LEVEL_HIGH>,
- <&intc GIC_SPI 487 IRQ_TYPE_LEVEL_HIGH>,
+ <&pdc_intc 7 IRQ_TYPE_LEVEL_HIGH>,
<&pdc_intc 10 IRQ_TYPE_EDGE_BOTH>,
<&pdc_intc 11 IRQ_TYPE_EDGE_BOTH>;
interrupt-names = "hs_phy_irq", "ss_phy_irq",
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 180/197] arm64: dts: qcom: sm8150: fix USB SS wakeup
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (178 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 179/197] arm64: dts: qcom: sdm845: fix USB SS wakeup Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 181/197] wifi: mwifiex: fix uninitialized firmware_stat Greg Kroah-Hartman
` (20 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jack Pham, Jonathan Marek,
Johan Hovold, Konrad Dybcio, Bjorn Andersson, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Johan Hovold <johan+linaro@kernel.org>
[ Upstream commit cc4e1da491b84ca05339a19893884cda78f74aef ]
The USB SS PHY interrupts need to be provided by the PDC interrupt
controller in order to be able to wake the system up from low-power
states.
Fixes: 0c9dde0d2015 ("arm64: dts: qcom: sm8150: Add secondary USB and PHY nodes")
Fixes: b33d2868e8d3 ("arm64: dts: qcom: sm8150: Add USB and PHY device nodes")
Cc: stable@vger.kernel.org # 5.10
Cc: Jack Pham <quic_jackp@quicinc.com>
Cc: Jonathan Marek <jonathan@marek.ca>
Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
Reviewed-by: Konrad Dybcio <konrad.dybcio@linaro.org>
Link: https://lore.kernel.org/r/20231213173403.29544-6-johan+linaro@kernel.org
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/arm64/boot/dts/qcom/sm8150.dtsi | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/boot/dts/qcom/sm8150.dtsi b/arch/arm64/boot/dts/qcom/sm8150.dtsi
index 8efd0e227d78..eb1a9369926d 100644
--- a/arch/arm64/boot/dts/qcom/sm8150.dtsi
+++ b/arch/arm64/boot/dts/qcom/sm8150.dtsi
@@ -3629,7 +3629,7 @@ usb_1: usb@a6f8800 {
assigned-clock-rates = <19200000>, <200000000>;
interrupts-extended = <&intc GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>,
- <&intc GIC_SPI 486 IRQ_TYPE_LEVEL_HIGH>,
+ <&pdc 6 IRQ_TYPE_LEVEL_HIGH>,
<&pdc 8 IRQ_TYPE_EDGE_BOTH>,
<&pdc 9 IRQ_TYPE_EDGE_BOTH>;
interrupt-names = "hs_phy_irq", "ss_phy_irq",
@@ -3678,7 +3678,7 @@ usb_2: usb@a8f8800 {
assigned-clock-rates = <19200000>, <200000000>;
interrupts-extended = <&intc GIC_SPI 136 IRQ_TYPE_LEVEL_HIGH>,
- <&intc GIC_SPI 487 IRQ_TYPE_LEVEL_HIGH>,
+ <&pdc 7 IRQ_TYPE_LEVEL_HIGH>,
<&pdc 10 IRQ_TYPE_EDGE_BOTH>,
<&pdc 11 IRQ_TYPE_EDGE_BOTH>;
interrupt-names = "hs_phy_irq", "ss_phy_irq",
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 181/197] wifi: mwifiex: fix uninitialized firmware_stat
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (179 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 180/197] arm64: dts: qcom: sm8150: " Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 182/197] crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init Greg Kroah-Hartman
` (19 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, David Lin, kernel test robot,
Dan Carpenter, Brian Norris, Kalle Valo, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Lin <yu-hao.lin@nxp.com>
[ Upstream commit 3df95e265924ac898c1a38a0c01846dd0bd3b354 ]
Variable firmware_stat is possible to be used without initialization.
Signed-off-by: David Lin <yu-hao.lin@nxp.com>
Fixes: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <error27@gmail.com>
Closes: https://lore.kernel.org/r/202312192236.ZflaWYCw-lkp@intel.com/
Acked-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@kernel.org>
Link: https://msgid.link/20231221015511.1032128-1-yu-hao.lin@nxp.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/wireless/marvell/mwifiex/sdio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/sdio.c b/drivers/net/wireless/marvell/mwifiex/sdio.c
index e55747b50dbf..2c9b70e9a726 100644
--- a/drivers/net/wireless/marvell/mwifiex/sdio.c
+++ b/drivers/net/wireless/marvell/mwifiex/sdio.c
@@ -779,7 +779,7 @@ static int mwifiex_check_fw_status(struct mwifiex_adapter *adapter,
{
struct sdio_mmc_card *card = adapter->card;
int ret = 0;
- u16 firmware_stat;
+ u16 firmware_stat = 0;
u32 tries;
for (tries = 0; tries < poll_num; tries++) {
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 182/197] crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (180 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 181/197] wifi: mwifiex: fix uninitialized firmware_stat Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 183/197] block: fix partial zone append completion handling in req_bio_endio() Greg Kroah-Hartman
` (18 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Tianjia Zhang, Herbert Xu,
Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
[ Upstream commit ba3c5574203034781ac4231acf117da917efcd2a ]
When the mpi_ec_ctx structure is initialized, some fields are not
cleared, causing a crash when referencing the field when the
structure was released. Initially, this issue was ignored because
memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.
For example, this error will be triggered when calculating the
Za value for SM2 separately.
Fixes: d58bb7e55a8a ("lib/mpi: Introduce ec implementation to MPI library")
Cc: stable@vger.kernel.org # v6.5
Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
lib/mpi/ec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/mpi/ec.c b/lib/mpi/ec.c
index 40f5908e57a4..e16dca1e23d5 100644
--- a/lib/mpi/ec.c
+++ b/lib/mpi/ec.c
@@ -584,6 +584,9 @@ void mpi_ec_init(struct mpi_ec_ctx *ctx, enum gcry_mpi_ec_models model,
ctx->a = mpi_copy(a);
ctx->b = mpi_copy(b);
+ ctx->d = NULL;
+ ctx->t.two_inv_p = NULL;
+
ctx->t.p_barrett = use_barrett > 0 ? mpi_barrett_init(ctx->p, 0) : NULL;
mpi_ec_get_reset(ctx);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 183/197] block: fix partial zone append completion handling in req_bio_endio()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (181 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 182/197] crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 184/197] netfilter: ipset: fix performance regression in swap operation Greg Kroah-Hartman
` (17 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, stable, Damien Le Moal,
Christoph Hellwig, Johannes Thumshirn, Hannes Reinecke,
Jens Axboe, Sasha Levin
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Damien Le Moal <dlemoal@kernel.org>
[ Upstream commit 748dc0b65ec2b4b7b3dbd7befcc4a54fdcac7988 ]
Partial completions of zone append request is not allowed but if a zone
append completion indicates a number of completed bytes different from
the original BIO size, only the BIO status is set to error. This leads
to bio_advance() not setting the BIO size to 0 and thus to not call
bio_endio() at the end of req_bio_endio().
Make sure a partially completed zone append is failed and completed
immediately by forcing the completed number of bytes (nbytes) to be
equal to the BIO size, thus ensuring that bio_endio() is called.
Fixes: 297db731847e ("block: fix req_bio_endio append error handling")
Cc: stable@kernel.vger.org
Signed-off-by: Damien Le Moal <dlemoal@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Link: https://lore.kernel.org/r/20240110092942.442334-1-dlemoal@kernel.org
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
block/blk-mq.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/block/blk-mq.c b/block/blk-mq.c
index c07e5eebcbd8..7ed6b9469f97 100644
--- a/block/blk-mq.c
+++ b/block/blk-mq.c
@@ -747,11 +747,16 @@ static void req_bio_endio(struct request *rq, struct bio *bio,
/*
* Partial zone append completions cannot be supported as the
* BIO fragments may end up not being written sequentially.
+ * For such case, force the completed nbytes to be equal to
+ * the BIO size so that bio_advance() sets the BIO remaining
+ * size to 0 and we end up calling bio_endio() before returning.
*/
- if (bio->bi_iter.bi_size != nbytes)
+ if (bio->bi_iter.bi_size != nbytes) {
bio->bi_status = BLK_STS_IOERR;
- else
+ nbytes = bio->bi_iter.bi_size;
+ } else {
bio->bi_iter.bi_sector = rq->__sector;
+ }
}
bio_advance(bio, nbytes);
--
2.43.0
^ permalink raw reply related [flat|nested] 211+ messages in thread
* [PATCH 6.1 184/197] netfilter: ipset: fix performance regression in swap operation
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (182 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 183/197] block: fix partial zone append completion handling in req_bio_endio() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 185/197] netfilter: ipset: Missing gc cancellations fixed Greg Kroah-Hartman
` (16 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Ale Crismani, David Wang,
Jozsef Kadlecsik, Pablo Neira Ayuso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jozsef Kadlecsik <kadlec@netfilter.org>
commit 97f7cf1cd80eeed3b7c808b7c12463295c751001 upstream.
The patch "netfilter: ipset: fix race condition between swap/destroy
and kernel side add/del/test", commit 28628fa9 fixes a race condition.
But the synchronize_rcu() added to the swap function unnecessarily slows
it down: it can safely be moved to destroy and use call_rcu() instead.
Eric Dumazet pointed out that simply calling the destroy functions as
rcu callback does not work: sets with timeout use garbage collectors
which need cancelling at destroy which can wait. Therefore the destroy
functions are split into two: cancelling garbage collectors safely at
executing the command received by netlink and moving the remaining
part only into the rcu callback.
Link: https://lore.kernel.org/lkml/C0829B10-EAA6-4809-874E-E1E9C05A8D84@automattic.com/
Fixes: 28628fa952fe ("netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test")
Reported-by: Ale Crismani <ale.crismani@automattic.com>
Reported-by: David Wang <00107082@163.com>
Tested-by: David Wang <00107082@163.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/netfilter/ipset/ip_set.h | 4 +++
net/netfilter/ipset/ip_set_bitmap_gen.h | 14 +++++++++---
net/netfilter/ipset/ip_set_core.c | 37 ++++++++++++++++++++++++--------
net/netfilter/ipset/ip_set_hash_gen.h | 15 ++++++++++--
net/netfilter/ipset/ip_set_list_set.c | 13 ++++++++---
5 files changed, 65 insertions(+), 18 deletions(-)
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -186,6 +186,8 @@ struct ip_set_type_variant {
/* Return true if "b" set is the same as "a"
* according to the create set parameters */
bool (*same_set)(const struct ip_set *a, const struct ip_set *b);
+ /* Cancel ongoing garbage collectors before destroying the set*/
+ void (*cancel_gc)(struct ip_set *set);
/* Region-locking is used */
bool region_lock;
};
@@ -242,6 +244,8 @@ extern void ip_set_type_unregister(struc
/* A generic IP set */
struct ip_set {
+ /* For call_cru in destroy */
+ struct rcu_head rcu;
/* The name of the set */
char name[IPSET_MAXNAMELEN];
/* Lock protecting the set data */
--- a/net/netfilter/ipset/ip_set_bitmap_gen.h
+++ b/net/netfilter/ipset/ip_set_bitmap_gen.h
@@ -28,6 +28,7 @@
#define mtype_del IPSET_TOKEN(MTYPE, _del)
#define mtype_list IPSET_TOKEN(MTYPE, _list)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype MTYPE
#define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id)))
@@ -57,9 +58,6 @@ mtype_destroy(struct ip_set *set)
{
struct mtype *map = set->data;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
if (set->dsize && set->extensions & IPSET_EXT_DESTROY)
mtype_ext_cleanup(set);
ip_set_free(map->members);
@@ -288,6 +286,15 @@ mtype_gc(struct timer_list *t)
add_timer(&map->gc);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct mtype *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ del_timer_sync(&map->gc);
+}
+
static const struct ip_set_type_variant mtype = {
.kadt = mtype_kadt,
.uadt = mtype_uadt,
@@ -301,6 +308,7 @@ static const struct ip_set_type_variant
.head = mtype_head,
.list = mtype_list,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
};
#endif /* __IP_SET_BITMAP_IP_GEN_H */
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1184,6 +1184,14 @@ ip_set_destroy_set(struct ip_set *set)
kfree(set);
}
+static void
+ip_set_destroy_set_rcu(struct rcu_head *head)
+{
+ struct ip_set *set = container_of(head, struct ip_set, rcu);
+
+ ip_set_destroy_set(set);
+}
+
static int ip_set_destroy(struct sk_buff *skb, const struct nfnl_info *info,
const struct nlattr * const attr[])
{
@@ -1195,8 +1203,6 @@ static int ip_set_destroy(struct sk_buff
if (unlikely(protocol_min_failed(attr)))
return -IPSET_ERR_PROTOCOL;
- /* Must wait for flush to be really finished in list:set */
- rcu_barrier();
/* Commands are serialized and references are
* protected by the ip_set_ref_lock.
@@ -1208,8 +1214,10 @@ static int ip_set_destroy(struct sk_buff
* counter, so if it's already zero, we can proceed
* without holding the lock.
*/
- read_lock_bh(&ip_set_ref_lock);
if (!attr[IPSET_ATTR_SETNAME]) {
+ /* Must wait for flush to be really finished in list:set */
+ rcu_barrier();
+ read_lock_bh(&ip_set_ref_lock);
for (i = 0; i < inst->ip_set_max; i++) {
s = ip_set(inst, i);
if (s && (s->ref || s->ref_netlink)) {
@@ -1223,6 +1231,8 @@ static int ip_set_destroy(struct sk_buff
s = ip_set(inst, i);
if (s) {
ip_set(inst, i) = NULL;
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
ip_set_destroy_set(s);
}
}
@@ -1230,6 +1240,9 @@ static int ip_set_destroy(struct sk_buff
inst->is_destroyed = false;
} else {
u32 flags = flag_exist(info->nlh);
+ u16 features = 0;
+
+ read_lock_bh(&ip_set_ref_lock);
s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
&i);
if (!s) {
@@ -1240,10 +1253,16 @@ static int ip_set_destroy(struct sk_buff
ret = -IPSET_ERR_BUSY;
goto out;
}
+ features = s->type->features;
ip_set(inst, i) = NULL;
read_unlock_bh(&ip_set_ref_lock);
-
- ip_set_destroy_set(s);
+ if (features & IPSET_TYPE_NAME) {
+ /* Must wait for flush to be really finished */
+ rcu_barrier();
+ }
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
+ call_rcu(&s->rcu, ip_set_destroy_set_rcu);
}
return 0;
out:
@@ -1396,9 +1415,6 @@ static int ip_set_swap(struct sk_buff *s
ip_set(inst, to_id) = from;
write_unlock_bh(&ip_set_ref_lock);
- /* Make sure all readers of the old set pointers are completed. */
- synchronize_rcu();
-
return 0;
}
@@ -2411,8 +2427,11 @@ ip_set_fini(void)
{
nf_unregister_sockopt(&so_set);
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
-
unregister_pernet_subsys(&ip_set_net_ops);
+
+ /* Wait for call_rcu() in destroy */
+ rcu_barrier();
+
pr_debug("these are the famous last words\n");
}
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -210,6 +210,7 @@ htable_size(u8 hbits)
#undef mtype_gc_do
#undef mtype_gc
#undef mtype_gc_init
+#undef mtype_cancel_gc
#undef mtype_variant
#undef mtype_data_match
@@ -254,6 +255,7 @@ htable_size(u8 hbits)
#define mtype_gc_do IPSET_TOKEN(MTYPE, _gc_do)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype_variant IPSET_TOKEN(MTYPE, _variant)
#define mtype_data_match IPSET_TOKEN(MTYPE, _data_match)
@@ -437,9 +439,6 @@ mtype_destroy(struct ip_set *set)
struct htype *h = set->data;
struct list_head *l, *lt;
- if (SET_WITH_TIMEOUT(set))
- cancel_delayed_work_sync(&h->gc.dwork);
-
mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);
list_for_each_safe(l, lt, &h->ad) {
list_del(l);
@@ -586,6 +585,15 @@ mtype_gc_init(struct htable_gc *gc)
queue_delayed_work(system_power_efficient_wq, &gc->dwork, HZ);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct htype *h = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ cancel_delayed_work_sync(&h->gc.dwork);
+}
+
static int
mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
struct ip_set_ext *mext, u32 flags);
@@ -1416,6 +1424,7 @@ static const struct ip_set_type_variant
.uref = mtype_uref,
.resize = mtype_resize,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
.region_lock = true,
};
--- a/net/netfilter/ipset/ip_set_list_set.c
+++ b/net/netfilter/ipset/ip_set_list_set.c
@@ -426,9 +426,6 @@ list_set_destroy(struct ip_set *set)
struct list_set *map = set->data;
struct set_elem *e, *n;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
list_for_each_entry_safe(e, n, &map->members, list) {
list_del(&e->list);
ip_set_put_byindex(map->net, e->id);
@@ -545,6 +542,15 @@ list_set_same_set(const struct ip_set *a
a->extensions == b->extensions;
}
+static void
+list_set_cancel_gc(struct ip_set *set)
+{
+ struct list_set *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ del_timer_sync(&map->gc);
+}
+
static const struct ip_set_type_variant set_variant = {
.kadt = list_set_kadt,
.uadt = list_set_uadt,
@@ -558,6 +564,7 @@ static const struct ip_set_type_variant
.head = list_set_head,
.list = list_set_list,
.same_set = list_set_same_set,
+ .cancel_gc = list_set_cancel_gc,
};
static void
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 185/197] netfilter: ipset: Missing gc cancellations fixed
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (183 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 184/197] netfilter: ipset: fix performance regression in swap operation Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 186/197] parisc: Fix random data corruption from exception handler Greg Kroah-Hartman
` (15 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, syzbot+52bbc0ad036f6f0d4a25,
Brad Spengler,
Стас Ничипорович,
Jozsef Kadlecsik, Pablo Neira Ayuso
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jozsef Kadlecsik <kadlec@netfilter.org>
commit 27c5a095e2518975e20a10102908ae8231699879 upstream.
The patch fdb8e12cc2cc ("netfilter: ipset: fix performance regression
in swap operation") missed to add the calls to gc cancellations
at the error path of create operations and at module unload. Also,
because the half of the destroy operations now executed by a
function registered by call_rcu(), neither NFNL_SUBSYS_IPSET mutex
or rcu read lock is held and therefore the checking of them results
false warnings.
Fixes: 97f7cf1cd80e ("netfilter: ipset: fix performance regression in swap operation")
Reported-by: syzbot+52bbc0ad036f6f0d4a25@syzkaller.appspotmail.com
Reported-by: Brad Spengler <spender@grsecurity.net>
Reported-by: Стас Ничипорович <stasn77@gmail.com>
Tested-by: Brad Spengler <spender@grsecurity.net>
Tested-by: Стас Ничипорович <stasn77@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/ipset/ip_set_core.c | 2 ++
net/netfilter/ipset/ip_set_hash_gen.h | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1156,6 +1156,7 @@ static int ip_set_create(struct sk_buff
return ret;
cleanup:
+ set->variant->cancel_gc(set);
set->variant->destroy(set);
put_out:
module_put(set->type->me);
@@ -2380,6 +2381,7 @@ ip_set_net_exit(struct net *net)
set = ip_set(inst, i);
if (set) {
ip_set(inst, i) = NULL;
+ set->variant->cancel_gc(set);
ip_set_destroy_set(set);
}
}
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -419,7 +419,7 @@ mtype_ahash_destroy(struct ip_set *set,
u32 i;
for (i = 0; i < jhash_size(t->htable_bits); i++) {
- n = __ipset_dereference(hbucket(t, i));
+ n = (__force struct hbucket *)hbucket(t, i);
if (!n)
continue;
if (set->extensions & IPSET_EXT_DESTROY && ext_destroy)
@@ -439,7 +439,7 @@ mtype_destroy(struct ip_set *set)
struct htype *h = set->data;
struct list_head *l, *lt;
- mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);
+ mtype_ahash_destroy(set, (__force struct htable *)h->table, true);
list_for_each_safe(l, lt, &h->ad) {
list_del(l);
kfree(l);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 186/197] parisc: Fix random data corruption from exception handler
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (184 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 185/197] netfilter: ipset: Missing gc cancellations fixed Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 187/197] nfsd: fix RELEASE_LOCKOWNER Greg Kroah-Hartman
` (14 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, Helge Deller
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Helge Deller <deller@gmx.de>
commit 8b1d72395635af45410b66cc4c4ab37a12c4a831 upstream.
The current exception handler implementation, which assists when accessing
user space memory, may exhibit random data corruption if the compiler decides
to use a different register than the specified register %r29 (defined in
ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another
register, the fault handler will nevertheless store -EFAULT into %r29 and thus
trash whatever this register is used for.
Looking at the assembly I found that this happens sometimes in emulate_ldd().
To solve the issue, the easiest solution would be if it somehow is
possible to tell the fault handler which register is used to hold the error
code. Using %0 or %1 in the inline assembly is not posssible as it will show
up as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not
convert to an integer.
This patch takes another, better and more flexible approach:
We extend the __ex_table (which is out of the execution path) by one 32-word.
In this word we tell the compiler to insert the assembler instruction
"or %r0,%r0,%reg", where %reg references the register which the compiler
choosed for the error return code.
In case of an access failure, the fault handler finds the __ex_table entry and
can examine the opcode. The used register is encoded in the lowest 5 bits, and
the fault handler can then store -EFAULT into this register.
Since we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT
config option any longer.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: <stable@vger.kernel.org> # v6.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
---
arch/parisc/Kconfig | 1
arch/parisc/include/asm/assembly.h | 1
arch/parisc/include/asm/extable.h | 64 ++++++++++++++++++++++++++++++++
arch/parisc/include/asm/special_insns.h | 6 ++-
arch/parisc/include/asm/uaccess.h | 48 +++---------------------
arch/parisc/kernel/unaligned.c | 44 +++++++++++-----------
arch/parisc/mm/fault.c | 11 ++++-
7 files changed, 106 insertions(+), 69 deletions(-)
--- a/arch/parisc/Kconfig
+++ b/arch/parisc/Kconfig
@@ -24,7 +24,6 @@ config PARISC
select RTC_DRV_GENERIC
select INIT_ALL_POSSIBLE
select BUG
- select BUILDTIME_TABLE_SORT
select HAVE_PCI
select HAVE_PERF_EVENTS
select HAVE_KERNEL_BZIP2
--- a/arch/parisc/include/asm/assembly.h
+++ b/arch/parisc/include/asm/assembly.h
@@ -576,6 +576,7 @@
.section __ex_table,"aw" ! \
.align 4 ! \
.word (fault_addr - .), (except_addr - .) ! \
+ or %r0,%r0,%r0 ! \
.previous
--- /dev/null
+++ b/arch/parisc/include/asm/extable.h
@@ -0,0 +1,64 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef __PARISC_EXTABLE_H
+#define __PARISC_EXTABLE_H
+
+#include <asm/ptrace.h>
+#include <linux/compiler.h>
+
+/*
+ * The exception table consists of three addresses:
+ *
+ * - A relative address to the instruction that is allowed to fault.
+ * - A relative address at which the program should continue (fixup routine)
+ * - An asm statement which specifies which CPU register will
+ * receive -EFAULT when an exception happens if the lowest bit in
+ * the fixup address is set.
+ *
+ * Note: The register specified in the err_opcode instruction will be
+ * modified at runtime if a fault happens. Register %r0 will be ignored.
+ *
+ * Since relative addresses are used, 32bit values are sufficient even on
+ * 64bit kernel.
+ */
+
+struct pt_regs;
+int fixup_exception(struct pt_regs *regs);
+
+#define ARCH_HAS_RELATIVE_EXTABLE
+struct exception_table_entry {
+ int insn; /* relative address of insn that is allowed to fault. */
+ int fixup; /* relative address of fixup routine */
+ int err_opcode; /* sample opcode with register which holds error code */
+};
+
+#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr, opcode )\
+ ".section __ex_table,\"aw\"\n" \
+ ".align 4\n" \
+ ".word (" #fault_addr " - .), (" #except_addr " - .)\n" \
+ opcode "\n" \
+ ".previous\n"
+
+/*
+ * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry
+ * (with lowest bit set) for which the fault handler in fixup_exception() will
+ * load -EFAULT on fault into the register specified by the err_opcode instruction,
+ * and zeroes the target register in case of a read fault in get_user().
+ */
+#define ASM_EXCEPTIONTABLE_VAR(__err_var) \
+ int __err_var = 0
+#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr, register )\
+ ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1, "or %%r0,%%r0," register)
+
+static inline void swap_ex_entry_fixup(struct exception_table_entry *a,
+ struct exception_table_entry *b,
+ struct exception_table_entry tmp,
+ int delta)
+{
+ a->fixup = b->fixup + delta;
+ b->fixup = tmp.fixup - delta;
+ a->err_opcode = b->err_opcode;
+ b->err_opcode = tmp.err_opcode;
+}
+#define swap_ex_entry_fixup swap_ex_entry_fixup
+
+#endif
--- a/arch/parisc/include/asm/special_insns.h
+++ b/arch/parisc/include/asm/special_insns.h
@@ -8,7 +8,8 @@
"copy %%r0,%0\n" \
"8:\tlpa %%r0(%1),%0\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \
+ "or %%r0,%%r0,%%r0") \
: "=&r" (pa) \
: "r" (va) \
: "memory" \
@@ -22,7 +23,8 @@
"copy %%r0,%0\n" \
"8:\tlpa %%r0(%%sr3,%1),%0\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY(8b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY(8b, 9b, \
+ "or %%r0,%%r0,%%r0") \
: "=&r" (pa) \
: "r" (va) \
: "memory" \
--- a/arch/parisc/include/asm/uaccess.h
+++ b/arch/parisc/include/asm/uaccess.h
@@ -7,6 +7,7 @@
*/
#include <asm/page.h>
#include <asm/cache.h>
+#include <asm/extable.h>
#include <linux/bug.h>
#include <linux/string.h>
@@ -26,37 +27,6 @@
#define STD_USER(sr, x, ptr) __put_user_asm(sr, "std", x, ptr)
#endif
-/*
- * The exception table contains two values: the first is the relative offset to
- * the address of the instruction that is allowed to fault, and the second is
- * the relative offset to the address of the fixup routine. Since relative
- * addresses are used, 32bit values are sufficient even on 64bit kernel.
- */
-
-#define ARCH_HAS_RELATIVE_EXTABLE
-struct exception_table_entry {
- int insn; /* relative address of insn that is allowed to fault. */
- int fixup; /* relative address of fixup routine */
-};
-
-#define ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr )\
- ".section __ex_table,\"aw\"\n" \
- ".align 4\n" \
- ".word (" #fault_addr " - .), (" #except_addr " - .)\n\t" \
- ".previous\n"
-
-/*
- * ASM_EXCEPTIONTABLE_ENTRY_EFAULT() creates a special exception table entry
- * (with lowest bit set) for which the fault handler in fixup_exception() will
- * load -EFAULT into %r29 for a read or write fault, and zeroes the target
- * register in case of a read fault in get_user().
- */
-#define ASM_EXCEPTIONTABLE_REG 29
-#define ASM_EXCEPTIONTABLE_VAR(__variable) \
- register long __variable __asm__ ("r29") = 0
-#define ASM_EXCEPTIONTABLE_ENTRY_EFAULT( fault_addr, except_addr )\
- ASM_EXCEPTIONTABLE_ENTRY( fault_addr, except_addr + 1)
-
#define __get_user_internal(sr, val, ptr) \
({ \
ASM_EXCEPTIONTABLE_VAR(__gu_err); \
@@ -83,7 +53,7 @@ struct exception_table_entry {
\
__asm__("1: " ldx " 0(%%sr%2,%3),%0\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \
: "=r"(__gu_val), "+r"(__gu_err) \
: "i"(sr), "r"(ptr)); \
\
@@ -115,8 +85,8 @@ struct exception_table_entry {
"1: ldw 0(%%sr%2,%3),%0\n" \
"2: ldw 4(%%sr%2,%3),%R0\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%1") \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%1") \
: "=&r"(__gu_tmp.l), "+r"(__gu_err) \
: "i"(sr), "r"(ptr)); \
\
@@ -174,7 +144,7 @@ struct exception_table_entry {
__asm__ __volatile__ ( \
"1: " stx " %1,0(%%sr%2,%3)\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \
: "+r"(__pu_err) \
: "r"(x), "i"(sr), "r"(ptr))
@@ -186,15 +156,14 @@ struct exception_table_entry {
"1: stw %1,0(%%sr%2,%3)\n" \
"2: stw %R1,4(%%sr%2,%3)\n" \
"9:\n" \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b) \
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b) \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 9b, "%0") \
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 9b, "%0") \
: "+r"(__pu_err) \
: "r"(__val), "i"(sr), "r"(ptr)); \
} while (0)
#endif /* !defined(CONFIG_64BIT) */
-
/*
* Complex access routines -- external declarations
*/
@@ -216,7 +185,4 @@ unsigned long __must_check raw_copy_from
#define INLINE_COPY_TO_USER
#define INLINE_COPY_FROM_USER
-struct pt_regs;
-int fixup_exception(struct pt_regs *regs);
-
#endif /* __PARISC_UACCESS_H */
--- a/arch/parisc/kernel/unaligned.c
+++ b/arch/parisc/kernel/unaligned.c
@@ -118,8 +118,8 @@ static int emulate_ldh(struct pt_regs *r
"2: ldbs 1(%%sr1,%3), %0\n"
" depw %2, 23, 24, %0\n"
"3: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1")
: "+r" (val), "+r" (ret), "=&r" (temp1)
: "r" (saddr), "r" (regs->isr) );
@@ -150,8 +150,8 @@ static int emulate_ldw(struct pt_regs *r
" mtctl %2,11\n"
" vshd %0,%3,%0\n"
"3: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1")
: "+r" (val), "+r" (ret), "=&r" (temp1), "=&r" (temp2)
: "r" (saddr), "r" (regs->isr) );
@@ -187,8 +187,8 @@ static int emulate_ldd(struct pt_regs *r
" mtsar %%r19\n"
" shrpd %0,%%r20,%%sar,%0\n"
"3: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%1")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%1")
: "=r" (val), "+r" (ret)
: "0" (val), "r" (saddr), "r" (regs->isr)
: "r19", "r20" );
@@ -207,9 +207,9 @@ static int emulate_ldd(struct pt_regs *r
" vshd %0,%R0,%0\n"
" vshd %R0,%4,%R0\n"
"4: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 4b, "%1")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 4b, "%1")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 4b, "%1")
: "+r" (val), "+r" (ret), "+r" (saddr), "=&r" (shift), "=&r" (temp1)
: "r" (regs->isr) );
}
@@ -242,8 +242,8 @@ static int emulate_sth(struct pt_regs *r
"1: stb %1, 0(%%sr1, %3)\n"
"2: stb %2, 1(%%sr1, %3)\n"
"3: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0")
: "+r" (ret), "=&r" (temp1)
: "r" (val), "r" (regs->ior), "r" (regs->isr) );
@@ -283,8 +283,8 @@ static int emulate_stw(struct pt_regs *r
" stw %%r20,0(%%sr1,%2)\n"
" stw %%r21,4(%%sr1,%2)\n"
"3: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 3b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 3b, "%0")
: "+r" (ret)
: "r" (val), "r" (regs->ior), "r" (regs->isr)
: "r19", "r20", "r21", "r22", "r1" );
@@ -327,10 +327,10 @@ static int emulate_std(struct pt_regs *r
"3: std %%r20,0(%%sr1,%2)\n"
"4: std %%r21,8(%%sr1,%2)\n"
"5: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 5b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 5b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 5b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 5b, "%0")
: "+r" (ret)
: "r" (val), "r" (regs->ior), "r" (regs->isr)
: "r19", "r20", "r21", "r22", "r1" );
@@ -356,11 +356,11 @@ static int emulate_std(struct pt_regs *r
"4: stw %%r1,4(%%sr1,%3)\n"
"5: stw %2,8(%%sr1,%3)\n"
"6: \n"
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b)
- ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b)
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(1b, 6b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(2b, 6b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(3b, 6b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(4b, 6b, "%0")
+ ASM_EXCEPTIONTABLE_ENTRY_EFAULT(5b, 6b, "%0")
: "+r" (ret)
: "r" (valh), "r" (vall), "r" (regs->ior), "r" (regs->isr)
: "r19", "r20", "r21", "r1" );
--- a/arch/parisc/mm/fault.c
+++ b/arch/parisc/mm/fault.c
@@ -150,11 +150,16 @@ int fixup_exception(struct pt_regs *regs
* Fix up get_user() and put_user().
* ASM_EXCEPTIONTABLE_ENTRY_EFAULT() sets the least-significant
* bit in the relative address of the fixup routine to indicate
- * that gr[ASM_EXCEPTIONTABLE_REG] should be loaded with
- * -EFAULT to report a userspace access error.
+ * that the register encoded in the "or %r0,%r0,register"
+ * opcode should be loaded with -EFAULT to report a userspace
+ * access error.
*/
if (fix->fixup & 1) {
- regs->gr[ASM_EXCEPTIONTABLE_REG] = -EFAULT;
+ int fault_error_reg = fix->err_opcode & 0x1f;
+ if (!WARN_ON(!fault_error_reg))
+ regs->gr[fault_error_reg] = -EFAULT;
+ pr_debug("Unalignment fixup of register %d at %pS\n",
+ fault_error_reg, (void*)regs->iaoq[0]);
/* zero target register for get_user() */
if (parisc_acctyp(0, regs->iir) == VM_READ) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 187/197] nfsd: fix RELEASE_LOCKOWNER
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (185 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 186/197] parisc: Fix random data corruption from exception handler Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 188/197] nfsd: dont take fi_lock in nfsd_break_deleg_cb() Greg Kroah-Hartman
` (13 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, NeilBrown, Jeff Layton, Chuck Lever
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.de>
[ Upstream commit edcf9725150e42beeca42d085149f4c88fa97afd ]
The test on so_count in nfsd4_release_lockowner() is nonsense and
harmful. Revert to using check_for_locks(), changing that to not sleep.
First: harmful.
As is documented in the kdoc comment for nfsd4_release_lockowner(), the
test on so_count can transiently return a false positive resulting in a
return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is
clearly a protocol violation and with the Linux NFS client it can cause
incorrect behaviour.
If RELEASE_LOCKOWNER is sent while some other thread is still
processing a LOCK request which failed because, at the time that request
was received, the given owner held a conflicting lock, then the nfsd
thread processing that LOCK request can hold a reference (conflock) to
the lock owner that causes nfsd4_release_lockowner() to return an
incorrect error.
The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it
never sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so
it knows that the error is impossible. It assumes the lock owner was in
fact released so it feels free to use the same lock owner identifier in
some later locking request.
When it does reuse a lock owner identifier for which a previous RELEASE
failed, it will naturally use a lock_seqid of zero. However the server,
which didn't release the lock owner, will expect a larger lock_seqid and
so will respond with NFS4ERR_BAD_SEQID.
So clearly it is harmful to allow a false positive, which testing
so_count allows.
The test is nonsense because ... well... it doesn't mean anything.
so_count is the sum of three different counts.
1/ the set of states listed on so_stateids
2/ the set of active vfs locks owned by any of those states
3/ various transient counts such as for conflicting locks.
When it is tested against '2' it is clear that one of these is the
transient reference obtained by find_lockowner_str_locked(). It is not
clear what the other one is expected to be.
In practice, the count is often 2 because there is precisely one state
on so_stateids. If there were more, this would fail.
In my testing I see two circumstances when RELEASE_LOCKOWNER is called.
In one case, CLOSE is called before RELEASE_LOCKOWNER. That results in
all the lock states being removed, and so the lockowner being discarded
(it is removed when there are no more references which usually happens
when the lock state is discarded). When nfsd4_release_lockowner() finds
that the lock owner doesn't exist, it returns success.
The other case shows an so_count of '2' and precisely one state listed
in so_stateid. It appears that the Linux client uses a separate lock
owner for each file resulting in one lock state per lock owner, so this
test on '2' is safe. For another client it might not be safe.
So this patch changes check_for_locks() to use the (newish)
find_any_file_locked() so that it doesn't take a reference on the
nfs4_file and so never calls nfsd_file_put(), and so never sleeps. With
this check is it safe to restore the use of check_for_locks() rather
than testing so_count against the mysterious '2'.
Fixes: ce3c4ad7f4ce ("NFSD: Fix possible sleep during nfsd4_release_lockowner()")
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Cc: stable@vger.kernel.org # v6.2+
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4state.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -7736,14 +7736,16 @@ check_for_locks(struct nfs4_file *fp, st
{
struct file_lock *fl;
int status = false;
- struct nfsd_file *nf = find_any_file(fp);
+ struct nfsd_file *nf;
struct inode *inode;
struct file_lock_context *flctx;
+ spin_lock(&fp->fi_lock);
+ nf = find_any_file_locked(fp);
if (!nf) {
/* Any valid lock stateid should have some sort of access */
WARN_ON_ONCE(1);
- return status;
+ goto out;
}
inode = locks_inode(nf->nf_file);
@@ -7759,7 +7761,8 @@ check_for_locks(struct nfs4_file *fp, st
}
spin_unlock(&flctx->flc_lock);
}
- nfsd_file_put(nf);
+out:
+ spin_unlock(&fp->fi_lock);
return status;
}
@@ -7769,10 +7772,8 @@ check_for_locks(struct nfs4_file *fp, st
* @cstate: NFSv4 COMPOUND state
* @u: RELEASE_LOCKOWNER arguments
*
- * The lockowner's so_count is bumped when a lock record is added
- * or when copying a conflicting lock. The latter case is brief,
- * but can lead to fleeting false positives when looking for
- * locks-in-use.
+ * Check if theree are any locks still held and if not - free the lockowner
+ * and any lock state that is owned.
*
* Return values:
* %nfs_ok: lockowner released or not found
@@ -7808,10 +7809,13 @@ nfsd4_release_lockowner(struct svc_rqst
spin_unlock(&clp->cl_lock);
return nfs_ok;
}
- if (atomic_read(&lo->lo_owner.so_count) != 2) {
- spin_unlock(&clp->cl_lock);
- nfs4_put_stateowner(&lo->lo_owner);
- return nfserr_locks_held;
+
+ list_for_each_entry(stp, &lo->lo_owner.so_stateids, st_perstateowner) {
+ if (check_for_locks(stp->st_stid.sc_file, lo)) {
+ spin_unlock(&clp->cl_lock);
+ nfs4_put_stateowner(&lo->lo_owner);
+ return nfserr_locks_held;
+ }
}
unhash_lockowner_locked(lo);
while (!list_empty(&lo->lo_owner.so_stateids)) {
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 188/197] nfsd: dont take fi_lock in nfsd_break_deleg_cb()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (186 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 187/197] nfsd: fix RELEASE_LOCKOWNER Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 189/197] hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Greg Kroah-Hartman
` (12 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable; +Cc: Greg Kroah-Hartman, patches, NeilBrown, Jeff Layton, Chuck Lever
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: NeilBrown <neilb@suse.de>
[ Upstream commit 5ea9a7c5fe4149f165f0e3b624fe08df02b6c301 ]
A recent change to check_for_locks() changed it to take ->flc_lock while
holding ->fi_lock. This creates a lock inversion (reported by lockdep)
because there is a case where ->fi_lock is taken while holding
->flc_lock.
->flc_lock is held across ->fl_lmops callbacks, and
nfsd_break_deleg_cb() is one of those and does take ->fi_lock. However
it doesn't need to.
Prior to v4.17-rc1~110^2~22 ("nfsd: create a separate lease for each
delegation") nfsd_break_deleg_cb() would walk the ->fi_delegations list
and so needed the lock. Since then it doesn't walk the list and doesn't
need the lock.
Two actions are performed under the lock. One is to call
nfsd_break_one_deleg which calls nfsd4_run_cb(). These doesn't act on
the nfs4_file at all, so don't need the lock.
The other is to set ->fi_had_conflict which is in the nfs4_file.
This field is only ever set here (except when initialised to false)
so there is no possible problem will multiple threads racing when
setting it.
The field is tested twice in nfs4_set_delegation(). The first test does
not hold a lock and is documented as an opportunistic optimisation, so
it doesn't impose any need to hold ->fi_lock while setting
->fi_had_conflict.
The second test in nfs4_set_delegation() *is* make under ->fi_lock, so
removing the locking when ->fi_had_conflict is set could make a change.
The change could only be interesting if ->fi_had_conflict tested as
false even though nfsd_break_one_deleg() ran before ->fi_lock was
unlocked. i.e. while hash_delegation_locked() was running.
As hash_delegation_lock() doesn't interact in any way with nfs4_run_cb()
there can be no importance to this interaction.
So this patch removes the locking from nfsd_break_one_deleg() and moves
the final test on ->fi_had_conflict out of the locked region to make it
clear that locking isn't important to the test. It is still tested
*after* vfs_setlease() has succeeded. This might be significant and as
vfs_setlease() takes ->flc_lock, and nfsd_break_one_deleg() is called
under ->flc_lock this "after" is a true ordering provided by a spinlock.
Fixes: edcf9725150e ("nfsd: fix RELEASE_LOCKOWNER")
Signed-off-by: NeilBrown <neilb@suse.de>
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/nfsd/nfs4state.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
--- a/fs/nfsd/nfs4state.c
+++ b/fs/nfsd/nfs4state.c
@@ -4908,10 +4908,8 @@ nfsd_break_deleg_cb(struct file_lock *fl
*/
fl->fl_break_time = 0;
- spin_lock(&fp->fi_lock);
fp->fi_had_conflict = true;
nfsd_break_one_deleg(dp);
- spin_unlock(&fp->fi_lock);
return false;
}
@@ -5499,12 +5497,13 @@ nfs4_set_delegation(struct nfsd4_open *o
if (status)
goto out_unlock;
+ status = -EAGAIN;
+ if (fp->fi_had_conflict)
+ goto out_unlock;
+
spin_lock(&state_lock);
spin_lock(&fp->fi_lock);
- if (fp->fi_had_conflict)
- status = -EAGAIN;
- else
- status = hash_delegation_locked(dp, fp);
+ status = hash_delegation_locked(dp, fp);
spin_unlock(&fp->fi_lock);
spin_unlock(&state_lock);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 189/197] hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (187 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 188/197] nfsd: dont take fi_lock in nfsd_break_deleg_cb() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 190/197] RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned Greg Kroah-Hartman
` (11 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Davidlohr Bueso, Thomas Gleixner,
Felix Moessbauer
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Davidlohr Bueso <dave@stgolabs.net>
commit 0c52310f260014d95c1310364379772cb74cf82d upstream.
While in theory the timer can be triggered before expires + delta, for the
cases of RT tasks they really have no business giving any lenience for
extra slack time, so override any passed value by the user and always use
zero for schedule_hrtimeout_range() calls. Furthermore, this is similar to
what the nanosleep(2) family already does with current->timer_slack_ns.
Signed-off-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lore.kernel.org/r/20230123173206.6764-3-dave@stgolabs.net
Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/time/hrtimer.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
--- a/kernel/time/hrtimer.c
+++ b/kernel/time/hrtimer.c
@@ -2266,7 +2266,7 @@ void __init hrtimers_init(void)
/**
* schedule_hrtimeout_range_clock - sleep until timeout
* @expires: timeout value (ktime_t)
- * @delta: slack in expires timeout (ktime_t)
+ * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks
* @mode: timer mode
* @clock_id: timer clock to be used
*/
@@ -2293,6 +2293,13 @@ schedule_hrtimeout_range_clock(ktime_t *
return -EINTR;
}
+ /*
+ * Override any slack passed by the user if under
+ * rt contraints.
+ */
+ if (rt_task(current))
+ delta = 0;
+
hrtimer_init_sleeper_on_stack(&t, clock_id, mode);
hrtimer_set_expires_range_ns(&t.timer, *expires, delta);
hrtimer_sleeper_start_expires(&t, mode);
@@ -2312,7 +2319,7 @@ EXPORT_SYMBOL_GPL(schedule_hrtimeout_ran
/**
* schedule_hrtimeout_range - sleep until timeout
* @expires: timeout value (ktime_t)
- * @delta: slack in expires timeout (ktime_t)
+ * @delta: slack in expires timeout (ktime_t) for SCHED_OTHER tasks
* @mode: timer mode
*
* Make the current task sleep until the given expiry time has
@@ -2320,7 +2327,8 @@ EXPORT_SYMBOL_GPL(schedule_hrtimeout_ran
* the current task state has been set (see set_current_state()).
*
* The @delta argument gives the kernel the freedom to schedule the
- * actual wakeup to a time that is both power and performance friendly.
+ * actual wakeup to a time that is both power and performance friendly
+ * for regular (non RT/DL) tasks.
* The kernel give the normal best effort behavior for "@expires+@delta",
* but may decide to fire the timer earlier, but no earlier than @expires.
*
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 190/197] RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (188 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 189/197] hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 191/197] smb: client: fix potential OOBs in smb2_parse_contexts() Greg Kroah-Hartman
` (10 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Mike Marciniszyn, Shiraz Saleem,
Jason Gunthorpe
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Mike Marciniszyn <mike.marciniszyn@intel.com>
commit 0a5ec366de7e94192669ba08de6ed336607fd282 upstream.
The SQ is shared for between kernel and used by storing the kernel page
pointer and passing that to a kmap_atomic().
This then requires that the alignment is PAGE_SIZE aligned.
Fix by adding an iWarp specific alignment check.
Fixes: e965ef0e7b2c ("RDMA/irdma: Split QP handler into irdma_reg_user_mr_type_qp")
Link: https://lore.kernel.org/r/20231129202143.1434-3-shiraz.saleem@intel.com
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/irdma/verbs.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/drivers/infiniband/hw/irdma/verbs.c
+++ b/drivers/infiniband/hw/irdma/verbs.c
@@ -2845,6 +2845,13 @@ static struct ib_mr *irdma_reg_user_mr(s
switch (req.reg_type) {
case IRDMA_MEMREG_TYPE_QP:
+ /* iWarp: Catch page not starting on OS page boundary */
+ if (!rdma_protocol_roce(&iwdev->ibdev, 1) &&
+ ib_umem_offset(iwmr->region)) {
+ err = -EINVAL;
+ goto error;
+ }
+
total = req.sq_pages + req.rq_pages + shadow_pgcnt;
if (total > iwmr->page_cnt) {
err = -EINVAL;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 191/197] smb: client: fix potential OOBs in smb2_parse_contexts()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (189 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 190/197] RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 192/197] smb: client: fix parsing of SMB3.1.1 POSIX create context Greg Kroah-Hartman
` (9 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Robert Morris,
Paulo Alcantara (SUSE), Steve French, Guruswamy Basavaiah
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
commit af1689a9b7701d9907dfc84d2a4b57c4bc907144 upstream.
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
Reported-by: Robert Morris <rtm@csail.mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
[Guru: Modified the patch to be applicable to the cached_dir.c file.]
Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/cached_dir.c | 8 ++-
fs/smb/client/smb2pdu.c | 91 +++++++++++++++++++++++++++------------------
fs/smb/client/smb2proto.h | 12 +++--
3 files changed, 67 insertions(+), 44 deletions(-)
--- a/fs/smb/client/cached_dir.c
+++ b/fs/smb/client/cached_dir.c
@@ -268,10 +268,12 @@ int open_cached_dir(unsigned int xid, st
if (o_rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
goto oshr_free;
- smb2_parse_contexts(server, o_rsp,
+ rc = smb2_parse_contexts(server, rsp_iov,
&oparms.fid->epoch,
- oparms.fid->lease_key, &oplock,
- NULL, NULL);
+ oparms.fid->lease_key,
+ &oplock, NULL, NULL);
+ if (rc)
+ goto oshr_free;
if (!(oplock & SMB2_LEASE_READ_CACHING_HE))
goto oshr_free;
qi_rsp = (struct smb2_query_info_rsp *)rsp_iov[1].iov_base;
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2145,17 +2145,18 @@ parse_posix_ctxt(struct create_context *
posix->nlink, posix->mode, posix->reparse_tag);
}
-void
-smb2_parse_contexts(struct TCP_Server_Info *server,
- struct smb2_create_rsp *rsp,
- unsigned int *epoch, char *lease_key, __u8 *oplock,
- struct smb2_file_all_info *buf,
- struct create_posix_rsp *posix)
+int smb2_parse_contexts(struct TCP_Server_Info *server,
+ struct kvec *rsp_iov,
+ unsigned int *epoch,
+ char *lease_key, __u8 *oplock,
+ struct smb2_file_all_info *buf,
+ struct create_posix_rsp *posix)
{
- char *data_offset;
+ struct smb2_create_rsp *rsp = rsp_iov->iov_base;
struct create_context *cc;
- unsigned int next;
- unsigned int remaining;
+ size_t rem, off, len;
+ size_t doff, dlen;
+ size_t noff, nlen;
char *name;
static const char smb3_create_tag_posix[] = {
0x93, 0xAD, 0x25, 0x50, 0x9C,
@@ -2164,45 +2165,63 @@ smb2_parse_contexts(struct TCP_Server_In
};
*oplock = 0;
- data_offset = (char *)rsp + le32_to_cpu(rsp->CreateContextsOffset);
- remaining = le32_to_cpu(rsp->CreateContextsLength);
- cc = (struct create_context *)data_offset;
+
+ off = le32_to_cpu(rsp->CreateContextsOffset);
+ rem = le32_to_cpu(rsp->CreateContextsLength);
+ if (check_add_overflow(off, rem, &len) || len > rsp_iov->iov_len)
+ return -EINVAL;
+ cc = (struct create_context *)((u8 *)rsp + off);
/* Initialize inode number to 0 in case no valid data in qfid context */
if (buf)
buf->IndexNumber = 0;
- while (remaining >= sizeof(struct create_context)) {
- name = le16_to_cpu(cc->NameOffset) + (char *)cc;
- if (le16_to_cpu(cc->NameLength) == 4 &&
- strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4) == 0)
- *oplock = server->ops->parse_lease_buf(cc, epoch,
- lease_key);
- else if (buf && (le16_to_cpu(cc->NameLength) == 4) &&
- strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4) == 0)
- parse_query_id_ctxt(cc, buf);
- else if ((le16_to_cpu(cc->NameLength) == 16)) {
- if (posix &&
- memcmp(name, smb3_create_tag_posix, 16) == 0)
+ while (rem >= sizeof(*cc)) {
+ doff = le16_to_cpu(cc->DataOffset);
+ dlen = le32_to_cpu(cc->DataLength);
+ if (check_add_overflow(doff, dlen, &len) || len > rem)
+ return -EINVAL;
+
+ noff = le16_to_cpu(cc->NameOffset);
+ nlen = le16_to_cpu(cc->NameLength);
+ if (noff + nlen >= doff)
+ return -EINVAL;
+
+ name = (char *)cc + noff;
+ switch (nlen) {
+ case 4:
+ if (!strncmp(name, SMB2_CREATE_REQUEST_LEASE, 4)) {
+ *oplock = server->ops->parse_lease_buf(cc, epoch,
+ lease_key);
+ } else if (buf &&
+ !strncmp(name, SMB2_CREATE_QUERY_ON_DISK_ID, 4)) {
+ parse_query_id_ctxt(cc, buf);
+ }
+ break;
+ case 16:
+ if (posix && !memcmp(name, smb3_create_tag_posix, 16))
parse_posix_ctxt(cc, buf, posix);
+ break;
+ default:
+ cifs_dbg(FYI, "%s: unhandled context (nlen=%zu dlen=%zu)\n",
+ __func__, nlen, dlen);
+ if (IS_ENABLED(CONFIG_CIFS_DEBUG2))
+ cifs_dump_mem("context data: ", cc, dlen);
+ break;
}
- /* else {
- cifs_dbg(FYI, "Context not matched with len %d\n",
- le16_to_cpu(cc->NameLength));
- cifs_dump_mem("Cctxt name: ", name, 4);
- } */
- next = le32_to_cpu(cc->Next);
- if (!next)
+ off = le32_to_cpu(cc->Next);
+ if (!off)
break;
- remaining -= next;
- cc = (struct create_context *)((char *)cc + next);
+ if (check_sub_overflow(rem, off, &rem))
+ return -EINVAL;
+ cc = (struct create_context *)((u8 *)cc + off);
}
if (rsp->OplockLevel != SMB2_OPLOCK_LEVEL_LEASE)
*oplock = rsp->OplockLevel;
- return;
+ return 0;
}
static int
@@ -3082,8 +3101,8 @@ SMB2_open(const unsigned int xid, struct
}
- smb2_parse_contexts(server, rsp, &oparms->fid->epoch,
- oparms->fid->lease_key, oplock, buf, posix);
+ rc = smb2_parse_contexts(server, &rsp_iov, &oparms->fid->epoch,
+ oparms->fid->lease_key, oplock, buf, posix);
creat_exit:
SMB2_open_free(&rqst);
free_rsp_buf(resp_buftype, rsp);
--- a/fs/smb/client/smb2proto.h
+++ b/fs/smb/client/smb2proto.h
@@ -249,11 +249,13 @@ extern int smb3_validate_negotiate(const
extern enum securityEnum smb2_select_sectype(struct TCP_Server_Info *,
enum securityEnum);
-extern void smb2_parse_contexts(struct TCP_Server_Info *server,
- struct smb2_create_rsp *rsp,
- unsigned int *epoch, char *lease_key,
- __u8 *oplock, struct smb2_file_all_info *buf,
- struct create_posix_rsp *posix);
+int smb2_parse_contexts(struct TCP_Server_Info *server,
+ struct kvec *rsp_iov,
+ unsigned int *epoch,
+ char *lease_key, __u8 *oplock,
+ struct smb2_file_all_info *buf,
+ struct create_posix_rsp *posix);
+
extern int smb3_encryption_required(const struct cifs_tcon *tcon);
extern int smb2_validate_iov(unsigned int offset, unsigned int buffer_length,
struct kvec *iov, unsigned int min_buf_size);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 192/197] smb: client: fix parsing of SMB3.1.1 POSIX create context
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (190 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 191/197] smb: client: fix potential OOBs in smb2_parse_contexts() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 193/197] net: prevent mss overflow in skb_segment() Greg Kroah-Hartman
` (8 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Paulo Alcantara, Steve French,
Guruswamy Basavaiah
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Paulo Alcantara <pc@manguebit.com>
commit 76025cc2285d9ede3d717fe4305d66f8be2d9346 upstream.
The data offset for the SMB3.1.1 POSIX create context will always be
8-byte aligned so having the check 'noff + nlen >= doff' in
smb2_parse_contexts() is wrong as it will lead to -EINVAL because noff
+ nlen == doff.
Fix the sanity check to correctly handle aligned create context data.
Fixes: af1689a9b770 ("smb: client: fix potential OOBs in smb2_parse_contexts()")
Signed-off-by: Paulo Alcantara <pc@manguebit.com>
Signed-off-by: Steve French <stfrench@microsoft.com>
Signed-off-by: Guruswamy Basavaiah <guruswamy.basavaiah@broadcom.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/smb/client/smb2pdu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/smb/client/smb2pdu.c
+++ b/fs/smb/client/smb2pdu.c
@@ -2184,7 +2184,7 @@ int smb2_parse_contexts(struct TCP_Serve
noff = le16_to_cpu(cc->NameOffset);
nlen = le16_to_cpu(cc->NameLength);
- if (noff + nlen >= doff)
+ if (noff + nlen > doff)
return -EINVAL;
name = (char *)cc + noff;
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 193/197] net: prevent mss overflow in skb_segment()
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (191 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 192/197] smb: client: fix parsing of SMB3.1.1 POSIX create context Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 194/197] bpf: Add struct for bin_args arg in bpf_bprintf_prepare Greg Kroah-Hartman
` (7 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Eric Dumazet,
Marcelo Ricardo Leitner, Willem de Bruijn, Jakub Kicinski
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
commit 23d05d563b7e7b0314e65c8e882bc27eac2da8e7 upstream.
Once again syzbot is able to crash the kernel in skb_segment() [1]
GSO_BY_FRAGS is a forbidden value, but unfortunately the following
computation in skb_segment() can reach it quite easily :
mss = mss * partial_segs;
65535 = 3 * 5 * 17 * 257, so many initial values of mss can lead to
a bad final result.
Make sure to limit segmentation so that the new mss value is smaller
than GSO_BY_FRAGS.
[1]
general protection fault, probably for non-canonical address 0xdffffc000000000e: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]
CPU: 1 PID: 5079 Comm: syz-executor993 Not tainted 6.7.0-rc4-syzkaller-00141-g1ae4cd3cbdd0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0
R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046
FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
udp6_ufo_fragment+0xa0e/0xd00 net/ipv6/udp_offload.c:109
ipv6_gso_segment+0x534/0x17e0 net/ipv6/ip6_offload.c:120
skb_mac_gso_segment+0x290/0x610 net/core/gso.c:53
__skb_gso_segment+0x339/0x710 net/core/gso.c:124
skb_gso_segment include/net/gso.h:83 [inline]
validate_xmit_skb+0x36c/0xeb0 net/core/dev.c:3626
__dev_queue_xmit+0x6f3/0x3d60 net/core/dev.c:4338
dev_queue_xmit include/linux/netdevice.h:3134 [inline]
packet_xmit+0x257/0x380 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3087 [inline]
packet_sendmsg+0x24c6/0x5220 net/packet/af_packet.c:3119
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0xd5/0x180 net/socket.c:745
__sys_sendto+0x255/0x340 net/socket.c:2190
__do_sys_sendto net/socket.c:2202 [inline]
__se_sys_sendto net/socket.c:2198 [inline]
__x64_sys_sendto+0xe0/0x1b0 net/socket.c:2198
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7f8692032aa9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 d1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fff8d685418 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f8692032aa9
RDX: 0000000000010048 RSI: 00000000200000c0 RDI: 0000000000000003
RBP: 00000000000f4240 R08: 0000000020000540 R09: 0000000000000014
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff8d685480
R13: 0000000000000001 R14: 00007fff8d685480 R15: 0000000000000003
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:skb_segment+0x181d/0x3f30 net/core/skbuff.c:4551
Code: 83 e3 02 e9 fb ed ff ff e8 90 68 1c f9 48 8b 84 24 f8 00 00 00 48 8d 78 70 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 8a 21 00 00 48 8b 84 24 f8 00
RSP: 0018:ffffc900043473d0 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000010046 RCX: ffffffff886b1597
RDX: 000000000000000e RSI: ffffffff886b2520 RDI: 0000000000000070
RBP: ffffc90004347578 R08: 0000000000000005 R09: 000000000000ffff
R10: 000000000000ffff R11: 0000000000000002 R12: ffff888063202ac0
R13: 0000000000010000 R14: 000000000000ffff R15: 0000000000000046
FS: 0000555556e7e380(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020010000 CR3: 0000000027ee2000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Fixes: 3953c46c3ac7 ("sk_buff: allow segmenting based on frag sizes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Link: https://lore.kernel.org/r/20231212164621.4131800-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/core/skbuff.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -4213,8 +4213,9 @@ struct sk_buff *skb_segment(struct sk_bu
/* GSO partial only requires that we trim off any excess that
* doesn't fit into an MSS sized block, so take care of that
* now.
+ * Cap len to not accidentally hit GSO_BY_FRAGS.
*/
- partial_segs = len / mss;
+ partial_segs = min(len, GSO_BY_FRAGS - 1U) / mss;
if (partial_segs > 1)
mss *= partial_segs;
else
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 194/197] bpf: Add struct for bin_args arg in bpf_bprintf_prepare
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (192 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 193/197] net: prevent mss overflow in skb_segment() Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 195/197] bpf: Do cleanup in bpf_bprintf_cleanup only when needed Greg Kroah-Hartman
` (6 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Olsa, Daniel Borkmann,
Yonghong Song, Thadeu Lima de Souza Cascardo
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
commit 78aa1cc9404399a15d2a1205329c6a06236f5378 upstream.
Adding struct bpf_bprintf_data to hold bin_args argument for
bpf_bprintf_prepare function.
We will add another return argument to bpf_bprintf_prepare and
pass the struct to bpf_bprintf_cleanup for proper cleanup in
following changes.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221215214430.1336195-2-jolsa@kernel.org
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bpf.h | 7 ++++++-
kernel/bpf/helpers.c | 24 +++++++++++++-----------
kernel/bpf/verifier.c | 3 ++-
kernel/trace/bpf_trace.c | 34 ++++++++++++++++++++--------------
4 files changed, 41 insertions(+), 27 deletions(-)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2740,8 +2740,13 @@ bool btf_id_set_contains(const struct bt
#define MAX_BPRINTF_VARARGS 12
+struct bpf_bprintf_data {
+ u32 *bin_args;
+ bool get_bin_args;
+};
+
int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args,
- u32 **bin_buf, u32 num_args);
+ u32 num_args, struct bpf_bprintf_data *data);
void bpf_bprintf_cleanup(void);
/* the implementation of the opaque uapi struct bpf_dynptr */
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -795,16 +795,16 @@ void bpf_bprintf_cleanup(void)
* Returns a negative value if fmt is an invalid format string or 0 otherwise.
*
* This can be used in two ways:
- * - Format string verification only: when bin_args is NULL
+ * - Format string verification only: when data->get_bin_args is false
* - Arguments preparation: in addition to the above verification, it writes in
- * bin_args a binary representation of arguments usable by bstr_printf where
- * pointers from BPF have been sanitized.
+ * data->bin_args a binary representation of arguments usable by bstr_printf
+ * where pointers from BPF have been sanitized.
*
* In argument preparation mode, if 0 is returned, safe temporary buffers are
* allocated and bpf_bprintf_cleanup should be called to free them after use.
*/
int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args,
- u32 **bin_args, u32 num_args)
+ u32 num_args, struct bpf_bprintf_data *data)
{
char *unsafe_ptr = NULL, *tmp_buf = NULL, *tmp_buf_end, *fmt_end;
size_t sizeof_cur_arg, sizeof_cur_ip;
@@ -817,12 +817,12 @@ int bpf_bprintf_prepare(char *fmt, u32 f
return -EINVAL;
fmt_size = fmt_end - fmt;
- if (bin_args) {
+ if (data->get_bin_args) {
if (num_args && try_get_fmt_tmp_buf(&tmp_buf))
return -EBUSY;
tmp_buf_end = tmp_buf + MAX_BPRINTF_BUF_LEN;
- *bin_args = (u32 *)tmp_buf;
+ data->bin_args = (u32 *)tmp_buf;
}
for (i = 0; i < fmt_size; i++) {
@@ -1023,24 +1023,26 @@ out:
}
BPF_CALL_5(bpf_snprintf, char *, str, u32, str_size, char *, fmt,
- const void *, data, u32, data_len)
+ const void *, args, u32, data_len)
{
+ struct bpf_bprintf_data data = {
+ .get_bin_args = true,
+ };
int err, num_args;
- u32 *bin_args;
if (data_len % 8 || data_len > MAX_BPRINTF_VARARGS * 8 ||
- (data_len && !data))
+ (data_len && !args))
return -EINVAL;
num_args = data_len / 8;
/* ARG_PTR_TO_CONST_STR guarantees that fmt is zero-terminated so we
* can safely give an unbounded size.
*/
- err = bpf_bprintf_prepare(fmt, UINT_MAX, data, &bin_args, num_args);
+ err = bpf_bprintf_prepare(fmt, UINT_MAX, args, num_args, &data);
if (err < 0)
return err;
- err = bstr_printf(str, str_size, fmt, bin_args);
+ err = bstr_printf(str, str_size, fmt, data.bin_args);
bpf_bprintf_cleanup();
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -7448,6 +7448,7 @@ static int check_bpf_snprintf_call(struc
struct bpf_reg_state *fmt_reg = ®s[BPF_REG_3];
struct bpf_reg_state *data_len_reg = ®s[BPF_REG_5];
struct bpf_map *fmt_map = fmt_reg->map_ptr;
+ struct bpf_bprintf_data data = {};
int err, fmt_map_off, num_args;
u64 fmt_addr;
char *fmt;
@@ -7472,7 +7473,7 @@ static int check_bpf_snprintf_call(struc
/* We are also guaranteed that fmt+fmt_map_off is NULL terminated, we
* can focus on validating the format specifiers.
*/
- err = bpf_bprintf_prepare(fmt, UINT_MAX, NULL, NULL, num_args);
+ err = bpf_bprintf_prepare(fmt, UINT_MAX, NULL, num_args, &data);
if (err < 0)
verbose(env, "Invalid format string\n");
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -377,18 +377,20 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
u64, arg2, u64, arg3)
{
u64 args[MAX_TRACE_PRINTK_VARARGS] = { arg1, arg2, arg3 };
- u32 *bin_args;
+ struct bpf_bprintf_data data = {
+ .get_bin_args = true,
+ };
static char buf[BPF_TRACE_PRINTK_SIZE];
unsigned long flags;
int ret;
- ret = bpf_bprintf_prepare(fmt, fmt_size, args, &bin_args,
- MAX_TRACE_PRINTK_VARARGS);
+ ret = bpf_bprintf_prepare(fmt, fmt_size, args,
+ MAX_TRACE_PRINTK_VARARGS, &data);
if (ret < 0)
return ret;
raw_spin_lock_irqsave(&trace_printk_lock, flags);
- ret = bstr_printf(buf, sizeof(buf), fmt, bin_args);
+ ret = bstr_printf(buf, sizeof(buf), fmt, data.bin_args);
trace_bpf_trace_printk(buf);
raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
@@ -426,25 +428,27 @@ const struct bpf_func_proto *bpf_get_tra
return &bpf_trace_printk_proto;
}
-BPF_CALL_4(bpf_trace_vprintk, char *, fmt, u32, fmt_size, const void *, data,
+BPF_CALL_4(bpf_trace_vprintk, char *, fmt, u32, fmt_size, const void *, args,
u32, data_len)
{
+ struct bpf_bprintf_data data = {
+ .get_bin_args = true,
+ };
static char buf[BPF_TRACE_PRINTK_SIZE];
unsigned long flags;
int ret, num_args;
- u32 *bin_args;
if (data_len & 7 || data_len > MAX_BPRINTF_VARARGS * 8 ||
- (data_len && !data))
+ (data_len && !args))
return -EINVAL;
num_args = data_len / 8;
- ret = bpf_bprintf_prepare(fmt, fmt_size, data, &bin_args, num_args);
+ ret = bpf_bprintf_prepare(fmt, fmt_size, args, num_args, &data);
if (ret < 0)
return ret;
raw_spin_lock_irqsave(&trace_printk_lock, flags);
- ret = bstr_printf(buf, sizeof(buf), fmt, bin_args);
+ ret = bstr_printf(buf, sizeof(buf), fmt, data.bin_args);
trace_bpf_trace_printk(buf);
raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
@@ -471,21 +475,23 @@ const struct bpf_func_proto *bpf_get_tra
}
BPF_CALL_5(bpf_seq_printf, struct seq_file *, m, char *, fmt, u32, fmt_size,
- const void *, data, u32, data_len)
+ const void *, args, u32, data_len)
{
+ struct bpf_bprintf_data data = {
+ .get_bin_args = true,
+ };
int err, num_args;
- u32 *bin_args;
if (data_len & 7 || data_len > MAX_BPRINTF_VARARGS * 8 ||
- (data_len && !data))
+ (data_len && !args))
return -EINVAL;
num_args = data_len / 8;
- err = bpf_bprintf_prepare(fmt, fmt_size, data, &bin_args, num_args);
+ err = bpf_bprintf_prepare(fmt, fmt_size, args, num_args, &data);
if (err < 0)
return err;
- seq_bprintf(m, fmt, bin_args);
+ seq_bprintf(m, fmt, data.bin_args);
bpf_bprintf_cleanup();
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 195/197] bpf: Do cleanup in bpf_bprintf_cleanup only when needed
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (193 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 194/197] bpf: Add struct for bin_args arg in bpf_bprintf_prepare Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 196/197] bpf: Remove trace_printk_lock Greg Kroah-Hartman
` (5 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Jiri Olsa, Daniel Borkmann,
Yonghong Song, Thadeu Lima de Souza Cascardo
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
commit f19a4050455aad847fb93f18dc1fe502eb60f989 upstream.
Currently we always cleanup/decrement bpf_bprintf_nest_level variable
in bpf_bprintf_cleanup if it's > 0.
There's possible scenario where this could cause a problem, when
bpf_bprintf_prepare does not get bin_args buffer (because num_args is 0)
and following bpf_bprintf_cleanup call decrements bpf_bprintf_nest_level
variable, like:
in task context:
bpf_bprintf_prepare(num_args != 0) increments 'bpf_bprintf_nest_level = 1'
-> first irq :
bpf_bprintf_prepare(num_args == 0)
bpf_bprintf_cleanup decrements 'bpf_bprintf_nest_level = 0'
-> second irq:
bpf_bprintf_prepare(num_args != 0) bpf_bprintf_nest_level = 1
gets same buffer as task context above
Adding check to bpf_bprintf_cleanup and doing the real cleanup only if we
got bin_args data in the first place.
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221215214430.1336195-3-jolsa@kernel.org
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bpf.h | 2 +-
kernel/bpf/helpers.c | 16 +++++++++-------
kernel/trace/bpf_trace.c | 6 +++---
3 files changed, 13 insertions(+), 11 deletions(-)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2747,7 +2747,7 @@ struct bpf_bprintf_data {
int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args,
u32 num_args, struct bpf_bprintf_data *data);
-void bpf_bprintf_cleanup(void);
+void bpf_bprintf_cleanup(struct bpf_bprintf_data *data);
/* the implementation of the opaque uapi struct bpf_dynptr */
struct bpf_dynptr_kern {
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -781,12 +781,14 @@ static int try_get_fmt_tmp_buf(char **tm
return 0;
}
-void bpf_bprintf_cleanup(void)
+void bpf_bprintf_cleanup(struct bpf_bprintf_data *data)
{
- if (this_cpu_read(bpf_bprintf_nest_level)) {
- this_cpu_dec(bpf_bprintf_nest_level);
- preempt_enable();
- }
+ if (!data->bin_args)
+ return;
+ if (WARN_ON_ONCE(this_cpu_read(bpf_bprintf_nest_level) == 0))
+ return;
+ this_cpu_dec(bpf_bprintf_nest_level);
+ preempt_enable();
}
/*
@@ -1018,7 +1020,7 @@ nocopy_fmt:
err = 0;
out:
if (err)
- bpf_bprintf_cleanup();
+ bpf_bprintf_cleanup(data);
return err;
}
@@ -1044,7 +1046,7 @@ BPF_CALL_5(bpf_snprintf, char *, str, u3
err = bstr_printf(str, str_size, fmt, data.bin_args);
- bpf_bprintf_cleanup();
+ bpf_bprintf_cleanup(&data);
return err + 1;
}
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -395,7 +395,7 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
trace_bpf_trace_printk(buf);
raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
- bpf_bprintf_cleanup();
+ bpf_bprintf_cleanup(&data);
return ret;
}
@@ -453,7 +453,7 @@ BPF_CALL_4(bpf_trace_vprintk, char *, fm
trace_bpf_trace_printk(buf);
raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
- bpf_bprintf_cleanup();
+ bpf_bprintf_cleanup(&data);
return ret;
}
@@ -493,7 +493,7 @@ BPF_CALL_5(bpf_seq_printf, struct seq_fi
seq_bprintf(m, fmt, data.bin_args);
- bpf_bprintf_cleanup();
+ bpf_bprintf_cleanup(&data);
return seq_has_overflowed(m) ? -EOVERFLOW : 0;
}
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 196/197] bpf: Remove trace_printk_lock
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (194 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 195/197] bpf: Do cleanup in bpf_bprintf_cleanup only when needed Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 197/197] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Greg Kroah-Hartman
` (4 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Hao Sun, Andrii Nakryiko, Jiri Olsa,
Daniel Borkmann, Yonghong Song, Thadeu Lima de Souza Cascardo
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiri Olsa <jolsa@kernel.org>
commit e2bb9e01d589f7fa82573aedd2765ff9b277816a upstream.
Both bpf_trace_printk and bpf_trace_vprintk helpers use static buffer guarded
with trace_printk_lock spin lock.
The spin lock contention causes issues with bpf programs attached to
contention_begin tracepoint [1][2].
Andrii suggested we could get rid of the contention by using trylock, but we
could actually get rid of the spinlock completely by using percpu buffers the
same way as for bin_args in bpf_bprintf_prepare function.
Adding new return 'buf' argument to struct bpf_bprintf_data and making
bpf_bprintf_prepare to return also the buffer for printk helpers.
[1] https://lore.kernel.org/bpf/CACkBjsakT_yWxnSWr4r-0TpPvbKm9-OBmVUhJb7hV3hY8fdCkw@mail.gmail.com/
[2] https://lore.kernel.org/bpf/CACkBjsaCsTovQHFfkqJKto6S4Z8d02ud1D7MPESrHa1cVNNTrw@mail.gmail.com/
Reported-by: Hao Sun <sunhao.th@gmail.com>
Suggested-by: Andrii Nakryiko <andrii@kernel.org>
Signed-off-by: Jiri Olsa <jolsa@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Yonghong Song <yhs@fb.com>
Link: https://lore.kernel.org/bpf/20221215214430.1336195-4-jolsa@kernel.org
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/linux/bpf.h | 3 +++
kernel/bpf/helpers.c | 31 +++++++++++++++++++------------
kernel/trace/bpf_trace.c | 20 ++++++--------------
3 files changed, 28 insertions(+), 26 deletions(-)
--- a/include/linux/bpf.h
+++ b/include/linux/bpf.h
@@ -2739,10 +2739,13 @@ struct btf_id_set;
bool btf_id_set_contains(const struct btf_id_set *set, u32 id);
#define MAX_BPRINTF_VARARGS 12
+#define MAX_BPRINTF_BUF 1024
struct bpf_bprintf_data {
u32 *bin_args;
+ char *buf;
bool get_bin_args;
+ bool get_buf;
};
int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args,
--- a/kernel/bpf/helpers.c
+++ b/kernel/bpf/helpers.c
@@ -753,19 +753,20 @@ static int bpf_trace_copy_string(char *b
/* Per-cpu temp buffers used by printf-like helpers to store the bprintf binary
* arguments representation.
*/
-#define MAX_BPRINTF_BUF_LEN 512
+#define MAX_BPRINTF_BIN_ARGS 512
/* Support executing three nested bprintf helper calls on a given CPU */
#define MAX_BPRINTF_NEST_LEVEL 3
struct bpf_bprintf_buffers {
- char tmp_bufs[MAX_BPRINTF_NEST_LEVEL][MAX_BPRINTF_BUF_LEN];
+ char bin_args[MAX_BPRINTF_BIN_ARGS];
+ char buf[MAX_BPRINTF_BUF];
};
-static DEFINE_PER_CPU(struct bpf_bprintf_buffers, bpf_bprintf_bufs);
+
+static DEFINE_PER_CPU(struct bpf_bprintf_buffers[MAX_BPRINTF_NEST_LEVEL], bpf_bprintf_bufs);
static DEFINE_PER_CPU(int, bpf_bprintf_nest_level);
-static int try_get_fmt_tmp_buf(char **tmp_buf)
+static int try_get_buffers(struct bpf_bprintf_buffers **bufs)
{
- struct bpf_bprintf_buffers *bufs;
int nest_level;
preempt_disable();
@@ -775,15 +776,14 @@ static int try_get_fmt_tmp_buf(char **tm
preempt_enable();
return -EBUSY;
}
- bufs = this_cpu_ptr(&bpf_bprintf_bufs);
- *tmp_buf = bufs->tmp_bufs[nest_level - 1];
+ *bufs = this_cpu_ptr(&bpf_bprintf_bufs[nest_level - 1]);
return 0;
}
void bpf_bprintf_cleanup(struct bpf_bprintf_data *data)
{
- if (!data->bin_args)
+ if (!data->bin_args && !data->buf)
return;
if (WARN_ON_ONCE(this_cpu_read(bpf_bprintf_nest_level) == 0))
return;
@@ -808,7 +808,9 @@ void bpf_bprintf_cleanup(struct bpf_bpri
int bpf_bprintf_prepare(char *fmt, u32 fmt_size, const u64 *raw_args,
u32 num_args, struct bpf_bprintf_data *data)
{
+ bool get_buffers = (data->get_bin_args && num_args) || data->get_buf;
char *unsafe_ptr = NULL, *tmp_buf = NULL, *tmp_buf_end, *fmt_end;
+ struct bpf_bprintf_buffers *buffers = NULL;
size_t sizeof_cur_arg, sizeof_cur_ip;
int err, i, num_spec = 0;
u64 cur_arg;
@@ -819,14 +821,19 @@ int bpf_bprintf_prepare(char *fmt, u32 f
return -EINVAL;
fmt_size = fmt_end - fmt;
- if (data->get_bin_args) {
- if (num_args && try_get_fmt_tmp_buf(&tmp_buf))
- return -EBUSY;
+ if (get_buffers && try_get_buffers(&buffers))
+ return -EBUSY;
- tmp_buf_end = tmp_buf + MAX_BPRINTF_BUF_LEN;
+ if (data->get_bin_args) {
+ if (num_args)
+ tmp_buf = buffers->bin_args;
+ tmp_buf_end = tmp_buf + MAX_BPRINTF_BIN_ARGS;
data->bin_args = (u32 *)tmp_buf;
}
+ if (data->get_buf)
+ data->buf = buffers->buf;
+
for (i = 0; i < fmt_size; i++) {
if ((!isprint(fmt[i]) && !isspace(fmt[i])) || !isascii(fmt[i])) {
err = -EINVAL;
--- a/kernel/trace/bpf_trace.c
+++ b/kernel/trace/bpf_trace.c
@@ -368,8 +368,6 @@ static const struct bpf_func_proto *bpf_
return &bpf_probe_write_user_proto;
}
-static DEFINE_RAW_SPINLOCK(trace_printk_lock);
-
#define MAX_TRACE_PRINTK_VARARGS 3
#define BPF_TRACE_PRINTK_SIZE 1024
@@ -379,9 +377,8 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
u64 args[MAX_TRACE_PRINTK_VARARGS] = { arg1, arg2, arg3 };
struct bpf_bprintf_data data = {
.get_bin_args = true,
+ .get_buf = true,
};
- static char buf[BPF_TRACE_PRINTK_SIZE];
- unsigned long flags;
int ret;
ret = bpf_bprintf_prepare(fmt, fmt_size, args,
@@ -389,11 +386,9 @@ BPF_CALL_5(bpf_trace_printk, char *, fmt
if (ret < 0)
return ret;
- raw_spin_lock_irqsave(&trace_printk_lock, flags);
- ret = bstr_printf(buf, sizeof(buf), fmt, data.bin_args);
+ ret = bstr_printf(data.buf, MAX_BPRINTF_BUF, fmt, data.bin_args);
- trace_bpf_trace_printk(buf);
- raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
+ trace_bpf_trace_printk(data.buf);
bpf_bprintf_cleanup(&data);
@@ -433,9 +428,8 @@ BPF_CALL_4(bpf_trace_vprintk, char *, fm
{
struct bpf_bprintf_data data = {
.get_bin_args = true,
+ .get_buf = true,
};
- static char buf[BPF_TRACE_PRINTK_SIZE];
- unsigned long flags;
int ret, num_args;
if (data_len & 7 || data_len > MAX_BPRINTF_VARARGS * 8 ||
@@ -447,11 +441,9 @@ BPF_CALL_4(bpf_trace_vprintk, char *, fm
if (ret < 0)
return ret;
- raw_spin_lock_irqsave(&trace_printk_lock, flags);
- ret = bstr_printf(buf, sizeof(buf), fmt, data.bin_args);
+ ret = bstr_printf(data.buf, MAX_BPRINTF_BUF, fmt, data.bin_args);
- trace_bpf_trace_printk(buf);
- raw_spin_unlock_irqrestore(&trace_printk_lock, flags);
+ trace_bpf_trace_printk(data.buf);
bpf_bprintf_cleanup(&data);
^ permalink raw reply [flat|nested] 211+ messages in thread
* [PATCH 6.1 197/197] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (195 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 196/197] bpf: Remove trace_printk_lock Greg Kroah-Hartman
@ 2024-02-20 20:52 ` Greg Kroah-Hartman
2024-02-21 0:18 ` [PATCH 6.1 000/197] 6.1.79-rc1 review SeongJae Park
` (3 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-20 20:52 UTC (permalink / raw)
To: stable
Cc: Greg Kroah-Hartman, patches, Lokesh Gidra, Andrea Arcangeli,
Mike Rapoport, Axel Rasmussen, Brian Geffon, David Hildenbrand,
Jann Horn, Kalesh Singh, Matthew Wilcox (Oracle),
Nicolas Geoffray, Peter Xu, Suren Baghdasaryan, Andrew Morton
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lokesh Gidra <lokeshgidra@google.com>
commit 67695f18d55924b2013534ef3bdc363bc9e14605 upstream.
In mfill_atomic_hugetlb(), mmap_changing isn't being checked
again if we drop mmap_lock and reacquire it. When the lock is not held,
mmap_changing could have been incremented. This is also inconsistent
with the behavior in mfill_atomic().
Link: https://lkml.kernel.org/r/20240117223729.1444522-1-lokeshgidra@google.com
Fixes: df2cc96e77011 ("userfaultfd: prevent non-cooperative events vs mcopy_atomic races")
Signed-off-by: Lokesh Gidra <lokeshgidra@google.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Axel Rasmussen <axelrasmussen@google.com>
Cc: Brian Geffon <bgeffon@google.com>
Cc: David Hildenbrand <david@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Kalesh Singh <kaleshsingh@google.com>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: Nicolas Geoffray <ngeoffray@google.com>
Cc: Peter Xu <peterx@redhat.com>
Cc: Suren Baghdasaryan <surenb@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Mike Rapoport (IBM) <rppt@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/userfaultfd.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
--- a/mm/userfaultfd.c
+++ b/mm/userfaultfd.c
@@ -327,6 +327,7 @@ static __always_inline ssize_t __mcopy_a
unsigned long dst_start,
unsigned long src_start,
unsigned long len,
+ atomic_t *mmap_changing,
enum mcopy_atomic_mode mode,
bool wp_copy)
{
@@ -445,6 +446,15 @@ retry:
goto out;
}
mmap_read_lock(dst_mm);
+ /*
+ * If memory mappings are changing because of non-cooperative
+ * operation (e.g. mremap) running in parallel, bail out and
+ * request the user to retry later
+ */
+ if (mmap_changing && atomic_read(mmap_changing)) {
+ err = -EAGAIN;
+ break;
+ }
dst_vma = NULL;
goto retry;
@@ -480,6 +490,7 @@ extern ssize_t __mcopy_atomic_hugetlb(st
unsigned long dst_start,
unsigned long src_start,
unsigned long len,
+ atomic_t *mmap_changing,
enum mcopy_atomic_mode mode,
bool wp_copy);
#endif /* CONFIG_HUGETLB_PAGE */
@@ -601,8 +612,8 @@ retry:
*/
if (is_vm_hugetlb_page(dst_vma))
return __mcopy_atomic_hugetlb(dst_mm, dst_vma, dst_start,
- src_start, len, mcopy_mode,
- wp_copy);
+ src_start, len, mmap_changing,
+ mcopy_mode, wp_copy);
if (!vma_is_anonymous(dst_vma) && !vma_is_shmem(dst_vma))
goto out_unlock;
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages
2024-02-20 20:49 ` [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages Greg Kroah-Hartman
@ 2024-02-20 21:05 ` Matthew Wilcox
2024-02-21 7:00 ` Greg Kroah-Hartman
0 siblings, 1 reply; 211+ messages in thread
From: Matthew Wilcox @ 2024-02-20 21:05 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable, patches, Jan Kara, Guo Xuenan, Andrew Morton
On Tue, Feb 20, 2024 at 09:49:55PM +0100, Greg Kroah-Hartman wrote:
> 6.1-stable review patch. If anyone has any objections, please let me know.
Maybe hold off on this one?
kernel test robot noticed a -21.4% regression of vm-scalability.throughput on:
commit: ab4443fe3ca6298663a55c4a70efc6c3ce913ca6 ("readahead: avoid multiple marked readahead pages")
https://lore.kernel.org/linux-fsdevel/202402201642.c8d6bbc3-oliver.sang@intel.com/
Not a definite no just yet; nobody's dug into it, but some caution
seems warranted.
> ------------------
>
> From: Jan Kara <jack@suse.cz>
>
> commit ab4443fe3ca6298663a55c4a70efc6c3ce913ca6 upstream.
>
> ra_alloc_folio() marks a page that should trigger next round of async
> readahead. However it rounds up computed index to the order of page being
> allocated. This can however lead to multiple consecutive pages being
> marked with readahead flag. Consider situation with index == 1, mark ==
> 1, order == 0. We insert order 0 page at index 1 and mark it. Then we
> bump order to 1, index to 2, mark (still == 1) is rounded up to 2 so page
> at index 2 is marked as well. Then we bump order to 2, index is
> incremented to 4, mark gets rounded to 4 so page at index 4 is marked as
> well. The fact that multiple pages get marked within a single readahead
> window confuses the readahead logic and results in readahead window being
> trimmed back to 1. This situation is triggered in particular when maximum
> readahead window size is not a power of two (in the observed case it was
> 768 KB) and as a result sequential read throughput suffers.
>
> Fix the problem by rounding 'mark' down instead of up. Because the index
> is naturally aligned to 'order', we are guaranteed 'rounded mark' == index
> iff 'mark' is within the page we are allocating at 'index' and thus
> exactly one page is marked with readahead flag as required by the
> readahead code and sequential read performance is restored.
>
> This effectively reverts part of commit b9ff43dd2743 ("mm/readahead: Fix
> readahead with large folios"). The commit changed the rounding with the
> rationale:
>
> "... we were setting the readahead flag on the folio which contains the
> last byte read from the block. This is wrong because we will trigger
> readahead at the end of the read without waiting to see if a subsequent
> read is going to use the pages we just read."
>
> Although this is true, the fact is this was always the case with read
> sizes not aligned to folio boundaries and large folios in the page cache
> just make the situation more obvious (and frequent). Also for sequential
> read workloads it is better to trigger the readahead earlier rather than
> later. It is true that the difference in the rounding and thus earlier
> triggering of the readahead can result in reading more for semi-random
> workloads. However workloads really suffering from this seem to be rare.
> In particular I have verified that the workload described in commit
> b9ff43dd2743 ("mm/readahead: Fix readahead with large folios") of reading
> random 100k blocks from a file like:
>
> [reader]
> bs=100k
> rw=randread
> numjobs=1
> size=64g
> runtime=60s
>
> is not impacted by the rounding change and achieves ~70MB/s in both cases.
>
> [jack@suse.cz: fix one more place where mark rounding was done as well]
> Link: https://lkml.kernel.org/r/20240123153254.5206-1-jack@suse.cz
> Link: https://lkml.kernel.org/r/20240104085839.21029-1-jack@suse.cz
> Fixes: b9ff43dd2743 ("mm/readahead: Fix readahead with large folios")
> Signed-off-by: Jan Kara <jack@suse.cz>
> Cc: Matthew Wilcox <willy@infradead.org>
> Cc: Guo Xuenan <guoxuenan@huawei.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
> ---
> mm/readahead.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> --- a/mm/readahead.c
> +++ b/mm/readahead.c
> @@ -483,7 +483,7 @@ static inline int ra_alloc_folio(struct
>
> if (!folio)
> return -ENOMEM;
> - mark = round_up(mark, 1UL << order);
> + mark = round_down(mark, 1UL << order);
> if (index == mark)
> folio_set_readahead(folio);
> err = filemap_add_folio(ractl->mapping, folio, index, gfp);
> @@ -591,7 +591,7 @@ static void ondemand_readahead(struct re
> * It's the expected callback index, assume sequential access.
> * Ramp up sizes, and push forward the readahead window.
> */
> - expected = round_up(ra->start + ra->size - ra->async_size,
> + expected = round_down(ra->start + ra->size - ra->async_size,
> 1UL << order);
> if (index == expected || index == (ra->start + ra->size)) {
> ra->start += ra->size;
>
>
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (196 preceding siblings ...)
2024-02-20 20:52 ` [PATCH 6.1 197/197] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Greg Kroah-Hartman
@ 2024-02-21 0:18 ` SeongJae Park
2024-02-21 1:04 ` Daniel Díaz
` (2 subsequent siblings)
200 siblings, 0 replies; 211+ messages in thread
From: SeongJae Park @ 2024-02-21 0:18 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: stable, patches, linux-kernel, torvalds, akpm, linux, shuah,
patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, damon,
SeongJae Park
Hello,
On Tue, 20 Feb 2024 21:49:19 +0100 Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> This is the start of the stable review cycle for the 6.1.79 release.
> There are 197 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
This rc kernel passes DAMON functionality test[1] on my test machine.
Attaching the test results summary below. Please note that I retrieved the
kernel from linux-stable-rc tree[2].
Tested-by: SeongJae Park <sj@kernel.org>
[1] https://github.com/awslabs/damon-tests/tree/next/corr
[2] cc64836e147d ("Linux 6.1.79-rc1")
Thanks,
SJ
[...]
---
ok 1 selftests: damon: debugfs_attrs.sh
ok 2 selftests: damon: debugfs_schemes.sh
ok 3 selftests: damon: debugfs_target_ids.sh
ok 4 selftests: damon: debugfs_empty_targets.sh
ok 5 selftests: damon: debugfs_huge_count_read_write.sh
ok 6 selftests: damon: debugfs_duplicate_context_creation.sh
ok 7 selftests: damon: sysfs.sh
ok 1 selftests: damon-tests: kunit.sh
ok 2 selftests: damon-tests: huge_count_read_write.sh
ok 3 selftests: damon-tests: buffer_overflow.sh
ok 4 selftests: damon-tests: rm_contexts.sh
ok 5 selftests: damon-tests: record_null_deref.sh
ok 6 selftests: damon-tests: dbgfs_target_ids_read_before_terminate_race.sh
ok 7 selftests: damon-tests: dbgfs_target_ids_pid_leak.sh
ok 8 selftests: damon-tests: damo_tests.sh
ok 9 selftests: damon-tests: masim-record.sh
ok 10 selftests: damon-tests: build_i386.sh
ok 11 selftests: damon-tests: build_arm64.sh
ok 12 selftests: damon-tests: build_m68k.sh
ok 13 selftests: damon-tests: build_i386_idle_flag.sh
ok 14 selftests: damon-tests: build_i386_highpte.sh
ok 15 selftests: damon-tests: build_nomemcg.sh
[33m
[92mPASS [39m
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (197 preceding siblings ...)
2024-02-21 0:18 ` [PATCH 6.1 000/197] 6.1.79-rc1 review SeongJae Park
@ 2024-02-21 1:04 ` Daniel Díaz
2024-02-21 1:40 ` Daniel Díaz
2024-02-21 12:02 ` Jon Hunter
2024-02-21 15:39 ` Shuah Khan
200 siblings, 1 reply; 211+ messages in thread
From: Daniel Díaz @ 2024-02-21 1:04 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml
Hello!
On 20/02/24 2:49 p. m., Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.79 release.
> There are 197 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
We see a regression with PowerPC:
-----8<-----
/builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S: Assembler messages:
/builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:124: Error: unrecognized opcode: `sym_func_start_local(setup_g2_le_hid2)'
/builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:131: Error: unrecognized opcode: `sym_func_end(setup_g2_le_hid2)'
make[4]: *** [/builds/linux/scripts/Makefile.build:382: arch/powerpc/kernel/cpu_setup_6xx.o] Error 1
----->8-----
This is seen only on PowerPC with GCC 8, GCC 13, Clang 17, Clang nightly, on:
* allnoconfig
* tinyconfig
* mpc83xx_defconfig
* ppc6xx_defconfig
(at least)
Reproducer:
tuxmake \
--runtime podman \
--target-arch powerpc \
--toolchain gcc-8 \
--kconfig tinyconfig
Reported-by: Linux Kernel Functional Testing <lkft@linaro.org>
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-21 1:04 ` Daniel Díaz
@ 2024-02-21 1:40 ` Daniel Díaz
2024-02-21 8:16 ` Matthias Schiffer
0 siblings, 1 reply; 211+ messages in thread
From: Daniel Díaz @ 2024-02-21 1:40 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, matthias.schiffer
Hello!
On 20/02/24 7:04 p. m., Daniel Díaz wrote:
> On 20/02/24 2:49 p. m., Greg Kroah-Hartman wrote:
>> This is the start of the stable review cycle for the 6.1.79 release.
>> There are 197 patches in this series, all will be posted as a response
>> to this one. If anyone has any issues with these being applied, please
>> let me know.
>>
>> Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
>> Anything received after that time might be too late.
>>
>> The whole patch series can be found in one patch at:
>> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
>> or in the git tree and branch at:
>> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
>> and the diffstat can be found below.
>>
>> thanks,
>>
>> greg k-h
>
> We see a regression with PowerPC:
>
> -----8<-----
> /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S: Assembler messages:
> /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:124: Error: unrecognized opcode: `sym_func_start_local(setup_g2_le_hid2)'
> /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:131: Error: unrecognized opcode: `sym_func_end(setup_g2_le_hid2)'
> make[4]: *** [/builds/linux/scripts/Makefile.build:382: arch/powerpc/kernel/cpu_setup_6xx.o] Error 1
> ----->8-----
>
> This is seen only on PowerPC with GCC 8, GCC 13, Clang 17, Clang nightly, on:
> * allnoconfig
> * tinyconfig
> * mpc83xx_defconfig
> * ppc6xx_defconfig
> (at least)
>
> Reproducer:
>
> tuxmake \
> --runtime podman \
> --target-arch powerpc \
> --toolchain gcc-8 \
> --kconfig tinyconfig
>
Bisection points to:
commit a65d7a833f486d0c162fdc854d2d5dd2e66ddd95
Author: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
Date: Wed Jan 24 11:38:38 2024 +0100
powerpc/6xx: set High BAT Enable flag on G2_LE cores
[ Upstream commit a038a3ff8c6582404834852c043dadc73a5b68b4 ]
Reverting that commit makes the build pass again.
Greetings!
Daniel Díaz
daniel.diaz@linaro.org
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages
2024-02-20 21:05 ` Matthew Wilcox
@ 2024-02-21 7:00 ` Greg Kroah-Hartman
0 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-21 7:00 UTC (permalink / raw)
To: Matthew Wilcox; +Cc: stable, patches, Jan Kara, Guo Xuenan, Andrew Morton
On Tue, Feb 20, 2024 at 09:05:53PM +0000, Matthew Wilcox wrote:
> On Tue, Feb 20, 2024 at 09:49:55PM +0100, Greg Kroah-Hartman wrote:
> > 6.1-stable review patch. If anyone has any objections, please let me know.
>
> Maybe hold off on this one?
>
> kernel test robot noticed a -21.4% regression of vm-scalability.throughput on:
> commit: ab4443fe3ca6298663a55c4a70efc6c3ce913ca6 ("readahead: avoid multiple marked readahead pages")
>
> https://lore.kernel.org/linux-fsdevel/202402201642.c8d6bbc3-oliver.sang@intel.com/
>
> Not a definite no just yet; nobody's dug into it, but some caution
> seems warranted.
Thanks for the warning, I've dropped it from all stable queues now. If
you all figure it out, let us know and we can add it back in.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset
2024-02-20 20:52 ` [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset Greg Kroah-Hartman
@ 2024-02-21 8:03 ` Francesco Dolcini
2024-02-21 8:12 ` Greg Kroah-Hartman
0 siblings, 1 reply; 211+ messages in thread
From: Francesco Dolcini @ 2024-02-21 8:03 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable, patches, Lukas Wunner, Kalle Valo, Sasha Levin
On Tue, Feb 20, 2024 at 09:52:13PM +0100, Greg Kroah-Hartman wrote:
> 6.1-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Lukas Wunner <lukas@wunner.de>
>
> [ Upstream commit bba047f15851c8b053221f1b276eb7682d59f755 ]
>
> The Marvell SD8978 (aka NXP IW416) uses identical registers as SD8987,
> so reuse the existing mwifiex_reg_sd8987 definition.
>
> Note that mwifiex_reg_sd8977 and mwifiex_reg_sd8997 are likewise
> identical, save for the fw_dump_ctrl register: They define it as 0xf0
> whereas mwifiex_reg_sd8987 defines it as 0xf9. I've verified that
> 0xf9 is the correct value on SD8978. NXP's out-of-tree driver uses
> 0xf9 for all of them, so there's a chance that 0xf0 is not correct
> in the mwifiex_reg_sd8977 and mwifiex_reg_sd8997 definitions. I cannot
> test that for lack of hardware, hence am leaving it as is.
>
> NXP has only released a firmware which runs Bluetooth over UART.
> Perhaps Bluetooth over SDIO is unsupported by this chipset.
> Consequently, only an "sdiouart" firmware image is referenced, not an
> alternative "sdsd" image.
>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> Signed-off-by: Kalle Valo <kvalo@kernel.org>
> Link: https://lore.kernel.org/r/536b4f17a72ca460ad1b07045757043fb0778988.1674827105.git.lukas@wunner.de
> Stable-dep-of: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
I would drop this and 1c5d463c0770.
Thanks,
Francesco
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset
2024-02-21 8:03 ` Francesco Dolcini
@ 2024-02-21 8:12 ` Greg Kroah-Hartman
2024-02-21 8:39 ` Francesco Dolcini
0 siblings, 1 reply; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-21 8:12 UTC (permalink / raw)
To: Francesco Dolcini; +Cc: stable, patches, Lukas Wunner, Kalle Valo, Sasha Levin
On Wed, Feb 21, 2024 at 09:03:53AM +0100, Francesco Dolcini wrote:
> On Tue, Feb 20, 2024 at 09:52:13PM +0100, Greg Kroah-Hartman wrote:
> > 6.1-stable review patch. If anyone has any objections, please let me know.
> >
> > ------------------
> >
> > From: Lukas Wunner <lukas@wunner.de>
> >
> > [ Upstream commit bba047f15851c8b053221f1b276eb7682d59f755 ]
> >
> > The Marvell SD8978 (aka NXP IW416) uses identical registers as SD8987,
> > so reuse the existing mwifiex_reg_sd8987 definition.
> >
> > Note that mwifiex_reg_sd8977 and mwifiex_reg_sd8997 are likewise
> > identical, save for the fw_dump_ctrl register: They define it as 0xf0
> > whereas mwifiex_reg_sd8987 defines it as 0xf9. I've verified that
> > 0xf9 is the correct value on SD8978. NXP's out-of-tree driver uses
> > 0xf9 for all of them, so there's a chance that 0xf0 is not correct
> > in the mwifiex_reg_sd8977 and mwifiex_reg_sd8997 definitions. I cannot
> > test that for lack of hardware, hence am leaving it as is.
> >
> > NXP has only released a firmware which runs Bluetooth over UART.
> > Perhaps Bluetooth over SDIO is unsupported by this chipset.
> > Consequently, only an "sdiouart" firmware image is referenced, not an
> > alternative "sdsd" image.
> >
> > Signed-off-by: Lukas Wunner <lukas@wunner.de>
> > Signed-off-by: Kalle Valo <kvalo@kernel.org>
> > Link: https://lore.kernel.org/r/536b4f17a72ca460ad1b07045757043fb0778988.1674827105.git.lukas@wunner.de
> > Stable-dep-of: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
>
> I would drop this and 1c5d463c0770.
Why? Commit 1c5d463c0770 was explicitly tagged for stable inclusion,
what changed?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-21 1:40 ` Daniel Díaz
@ 2024-02-21 8:16 ` Matthias Schiffer
2024-02-21 12:37 ` Greg Kroah-Hartman
0 siblings, 1 reply; 211+ messages in thread
From: Matthias Schiffer @ 2024-02-21 8:16 UTC (permalink / raw)
To: Daniel Díaz, Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, Christophe Leroy, Michael Ellerman
On Tue, 2024-02-20 at 19:40 -0600, Daniel Díaz wrote:
> ********************
> Achtung externe E-Mail: Öffnen Sie Anhänge und Links nur, wenn Sie wissen, dass diese aus einer sicheren Quelle stammen und sicher sind. Leiten Sie die E-Mail im Zweifelsfall zur Prüfung an den IT-Helpdesk weiter.
> Attention external email: Open attachments and links only if you know that they are from a secure source and are safe. In doubt forward the email to the IT-Helpdesk to check it.
> ********************
>
> Hello!
>
> On 20/02/24 7:04 p. m., Daniel Díaz wrote:
> > On 20/02/24 2:49 p. m., Greg Kroah-Hartman wrote:
> > > This is the start of the stable review cycle for the 6.1.79 release.
> > > There are 197 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > We see a regression with PowerPC:
> >
> > -----8<-----
> > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S: Assembler messages:
> > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:124: Error: unrecognized opcode: `sym_func_start_local(setup_g2_le_hid2)'
> > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:131: Error: unrecognized opcode: `sym_func_end(setup_g2_le_hid2)'
> > make[4]: *** [/builds/linux/scripts/Makefile.build:382: arch/powerpc/kernel/cpu_setup_6xx.o] Error 1
> > ----->8-----
> >
> > This is seen only on PowerPC with GCC 8, GCC 13, Clang 17, Clang nightly, on:
> > * allnoconfig
> > * tinyconfig
> > * mpc83xx_defconfig
> > * ppc6xx_defconfig
> > (at least)
> >
> > Reproducer:
> >
> > tuxmake \
> > --runtime podman \
> > --target-arch powerpc \
> > --toolchain gcc-8 \
> > --kconfig tinyconfig
> >
>
> Bisection points to:
>
> commit a65d7a833f486d0c162fdc854d2d5dd2e66ddd95
> Author: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> Date: Wed Jan 24 11:38:38 2024 +0100
>
> powerpc/6xx: set High BAT Enable flag on G2_LE cores
>
> [ Upstream commit a038a3ff8c6582404834852c043dadc73a5b68b4 ]
>
>
> Reverting that commit makes the build pass again.
It seems that backporting the mentioned commit verbatim would also require
2da37761671b5bdedbe04e6469cfa57cd6b6ae45 ("powerpc/32: Fix objtool unannotated intra-function call
warnings") to make SYM_FUNC_START_LOCAL/SYM_FUNC_END available. Please drop this patch from 6.1 and
older for now.
Adding Christophe and Michael to cc. Is backporting the additional patch an option (and if so, for
which kernel versions?), or should I send a new patch that does not use
SYM_FUNC_START_LOCAL/SYM_FUNC_END for stable?
Thanks,
Matthias
>
> Greetings!
>
> Daniel Díaz
> daniel.diaz@linaro.org
>
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset
2024-02-21 8:12 ` Greg Kroah-Hartman
@ 2024-02-21 8:39 ` Francesco Dolcini
2024-02-21 10:33 ` Greg Kroah-Hartman
0 siblings, 1 reply; 211+ messages in thread
From: Francesco Dolcini @ 2024-02-21 8:39 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Francesco Dolcini, stable, patches, Lukas Wunner, Kalle Valo,
Sasha Levin
On Wed, Feb 21, 2024 at 09:12:23AM +0100, Greg Kroah-Hartman wrote:
> On Wed, Feb 21, 2024 at 09:03:53AM +0100, Francesco Dolcini wrote:
> > On Tue, Feb 20, 2024 at 09:52:13PM +0100, Greg Kroah-Hartman wrote:
> > > 6.1-stable review patch. If anyone has any objections, please let me know.
> > >
> > > ------------------
> > >
> > > From: Lukas Wunner <lukas@wunner.de>
> > >
> > > [ Upstream commit bba047f15851c8b053221f1b276eb7682d59f755 ]
> > >
> > > The Marvell SD8978 (aka NXP IW416) uses identical registers as SD8987,
> > > so reuse the existing mwifiex_reg_sd8987 definition.
> > >
> > > Note that mwifiex_reg_sd8977 and mwifiex_reg_sd8997 are likewise
> > > identical, save for the fw_dump_ctrl register: They define it as 0xf0
> > > whereas mwifiex_reg_sd8987 defines it as 0xf9. I've verified that
> > > 0xf9 is the correct value on SD8978. NXP's out-of-tree driver uses
> > > 0xf9 for all of them, so there's a chance that 0xf0 is not correct
> > > in the mwifiex_reg_sd8977 and mwifiex_reg_sd8997 definitions. I cannot
> > > test that for lack of hardware, hence am leaving it as is.
> > >
> > > NXP has only released a firmware which runs Bluetooth over UART.
> > > Perhaps Bluetooth over SDIO is unsupported by this chipset.
> > > Consequently, only an "sdiouart" firmware image is referenced, not an
> > > alternative "sdsd" image.
> > >
> > > Signed-off-by: Lukas Wunner <lukas@wunner.de>
> > > Signed-off-by: Kalle Valo <kvalo@kernel.org>
> > > Link: https://lore.kernel.org/r/536b4f17a72ca460ad1b07045757043fb0778988.1674827105.git.lukas@wunner.de
> > > Stable-dep-of: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
> >
> > I would drop this and 1c5d463c0770.
>
> Why? Commit 1c5d463c0770 was explicitly tagged for stable inclusion,
> what changed?
1c5d463c0770 is a fix for bba047f15851c8b053221f1b276eb7682d59f755.
So there is no bug, unless bba047f15851c8b053221f1b276eb7682d59f755 is
there.
The mistake that we did at that time is that it should have been
Cc: stable@vger.kernel.org
Fixes: bba047f15851 ("wifi: mwifiex: Support SD8978 chipset")
Sorry about that.
Francesco
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset
2024-02-21 8:39 ` Francesco Dolcini
@ 2024-02-21 10:33 ` Greg Kroah-Hartman
0 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-21 10:33 UTC (permalink / raw)
To: Francesco Dolcini; +Cc: stable, patches, Lukas Wunner, Kalle Valo, Sasha Levin
On Wed, Feb 21, 2024 at 09:39:04AM +0100, Francesco Dolcini wrote:
> On Wed, Feb 21, 2024 at 09:12:23AM +0100, Greg Kroah-Hartman wrote:
> > On Wed, Feb 21, 2024 at 09:03:53AM +0100, Francesco Dolcini wrote:
> > > On Tue, Feb 20, 2024 at 09:52:13PM +0100, Greg Kroah-Hartman wrote:
> > > > 6.1-stable review patch. If anyone has any objections, please let me know.
> > > >
> > > > ------------------
> > > >
> > > > From: Lukas Wunner <lukas@wunner.de>
> > > >
> > > > [ Upstream commit bba047f15851c8b053221f1b276eb7682d59f755 ]
> > > >
> > > > The Marvell SD8978 (aka NXP IW416) uses identical registers as SD8987,
> > > > so reuse the existing mwifiex_reg_sd8987 definition.
> > > >
> > > > Note that mwifiex_reg_sd8977 and mwifiex_reg_sd8997 are likewise
> > > > identical, save for the fw_dump_ctrl register: They define it as 0xf0
> > > > whereas mwifiex_reg_sd8987 defines it as 0xf9. I've verified that
> > > > 0xf9 is the correct value on SD8978. NXP's out-of-tree driver uses
> > > > 0xf9 for all of them, so there's a chance that 0xf0 is not correct
> > > > in the mwifiex_reg_sd8977 and mwifiex_reg_sd8997 definitions. I cannot
> > > > test that for lack of hardware, hence am leaving it as is.
> > > >
> > > > NXP has only released a firmware which runs Bluetooth over UART.
> > > > Perhaps Bluetooth over SDIO is unsupported by this chipset.
> > > > Consequently, only an "sdiouart" firmware image is referenced, not an
> > > > alternative "sdsd" image.
> > > >
> > > > Signed-off-by: Lukas Wunner <lukas@wunner.de>
> > > > Signed-off-by: Kalle Valo <kvalo@kernel.org>
> > > > Link: https://lore.kernel.org/r/536b4f17a72ca460ad1b07045757043fb0778988.1674827105.git.lukas@wunner.de
> > > > Stable-dep-of: 1c5d463c0770 ("wifi: mwifiex: add extra delay for firmware ready")
> > >
> > > I would drop this and 1c5d463c0770.
> >
> > Why? Commit 1c5d463c0770 was explicitly tagged for stable inclusion,
> > what changed?
>
> 1c5d463c0770 is a fix for bba047f15851c8b053221f1b276eb7682d59f755.
>
> So there is no bug, unless bba047f15851c8b053221f1b276eb7682d59f755 is
> there.
It is.
> The mistake that we did at that time is that it should have been
>
> Cc: stable@vger.kernel.org
> Fixes: bba047f15851 ("wifi: mwifiex: Support SD8978 chipset")
Great, that commit is currently in:
6.3 queue-5.10 queue-5.15 queue-6.1
so all is good.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (198 preceding siblings ...)
2024-02-21 1:04 ` Daniel Díaz
@ 2024-02-21 12:02 ` Jon Hunter
2024-02-21 15:39 ` Shuah Khan
200 siblings, 0 replies; 211+ messages in thread
From: Jon Hunter @ 2024-02-21 12:02 UTC (permalink / raw)
To: Greg Kroah-Hartman
Cc: Greg Kroah-Hartman, patches, linux-kernel, torvalds, akpm, linux,
shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml, linux-tegra,
stable
On Tue, 20 Feb 2024 21:49:19 +0100, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.79 release.
> There are 197 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
All tests passing for Tegra ...
Test results for stable-v6.1:
10 builds: 10 pass, 0 fail
26 boots: 26 pass, 0 fail
116 tests: 116 pass, 0 fail
Linux version: 6.1.79-rc1-gcc64836e147d
Boards tested: tegra124-jetson-tk1, tegra186-p2771-0000,
tegra194-p2972-0000, tegra194-p3509-0000+p3668-0000,
tegra20-ventana, tegra210-p2371-2180,
tegra210-p3450-0000, tegra30-cardhu-a04
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Jon
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-21 8:16 ` Matthias Schiffer
@ 2024-02-21 12:37 ` Greg Kroah-Hartman
0 siblings, 0 replies; 211+ messages in thread
From: Greg Kroah-Hartman @ 2024-02-21 12:37 UTC (permalink / raw)
To: Matthias Schiffer
Cc: Daniel Díaz, stable, patches, linux-kernel, torvalds, akpm,
linux, shuah, patches, lkft-triage, pavel, jonathanh, f.fainelli,
sudipm.mukherjee, srw, rwarsow, conor, allen.lkml,
Christophe Leroy, Michael Ellerman
On Wed, Feb 21, 2024 at 09:16:32AM +0100, Matthias Schiffer wrote:
> On Tue, 2024-02-20 at 19:40 -0600, Daniel Díaz wrote:
> > ********************
> > Achtung externe E-Mail: Öffnen Sie Anhänge und Links nur, wenn Sie wissen, dass diese aus einer sicheren Quelle stammen und sicher sind. Leiten Sie die E-Mail im Zweifelsfall zur Prüfung an den IT-Helpdesk weiter.
> > Attention external email: Open attachments and links only if you know that they are from a secure source and are safe. In doubt forward the email to the IT-Helpdesk to check it.
> > ********************
> >
> > Hello!
> >
> > On 20/02/24 7:04 p. m., Daniel Díaz wrote:
> > > On 20/02/24 2:49 p. m., Greg Kroah-Hartman wrote:
> > > > This is the start of the stable review cycle for the 6.1.79 release.
> > > > There are 197 patches in this series, all will be posted as a response
> > > > to this one. If anyone has any issues with these being applied, please
> > > > let me know.
> > > >
> > > > Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> > > > Anything received after that time might be too late.
> > > >
> > > > The whole patch series can be found in one patch at:
> > > > https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> > > > or in the git tree and branch at:
> > > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> > > > and the diffstat can be found below.
> > > >
> > > > thanks,
> > > >
> > > > greg k-h
> > >
> > > We see a regression with PowerPC:
> > >
> > > -----8<-----
> > > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S: Assembler messages:
> > > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:124: Error: unrecognized opcode: `sym_func_start_local(setup_g2_le_hid2)'
> > > /builds/linux/arch/powerpc/kernel/cpu_setup_6xx.S:131: Error: unrecognized opcode: `sym_func_end(setup_g2_le_hid2)'
> > > make[4]: *** [/builds/linux/scripts/Makefile.build:382: arch/powerpc/kernel/cpu_setup_6xx.o] Error 1
> > > ----->8-----
> > >
> > > This is seen only on PowerPC with GCC 8, GCC 13, Clang 17, Clang nightly, on:
> > > * allnoconfig
> > > * tinyconfig
> > > * mpc83xx_defconfig
> > > * ppc6xx_defconfig
> > > (at least)
> > >
> > > Reproducer:
> > >
> > > tuxmake \
> > > --runtime podman \
> > > --target-arch powerpc \
> > > --toolchain gcc-8 \
> > > --kconfig tinyconfig
> > >
> >
> > Bisection points to:
> >
> > commit a65d7a833f486d0c162fdc854d2d5dd2e66ddd95
> > Author: Matthias Schiffer <matthias.schiffer@ew.tq-group.com>
> > Date: Wed Jan 24 11:38:38 2024 +0100
> >
> > powerpc/6xx: set High BAT Enable flag on G2_LE cores
> >
> > [ Upstream commit a038a3ff8c6582404834852c043dadc73a5b68b4 ]
> >
> >
> > Reverting that commit makes the build pass again.
>
> It seems that backporting the mentioned commit verbatim would also require
> 2da37761671b5bdedbe04e6469cfa57cd6b6ae45 ("powerpc/32: Fix objtool unannotated intra-function call
> warnings") to make SYM_FUNC_START_LOCAL/SYM_FUNC_END available. Please drop this patch from 6.1 and
> older for now.
Now dropped, thanks!
greg k-h
^ permalink raw reply [flat|nested] 211+ messages in thread
* Re: [PATCH 6.1 000/197] 6.1.79-rc1 review
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
` (199 preceding siblings ...)
2024-02-21 12:02 ` Jon Hunter
@ 2024-02-21 15:39 ` Shuah Khan
200 siblings, 0 replies; 211+ messages in thread
From: Shuah Khan @ 2024-02-21 15:39 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Cc: patches, linux-kernel, torvalds, akpm, linux, shuah, patches,
lkft-triage, pavel, jonathanh, f.fainelli, sudipm.mukherjee, srw,
rwarsow, conor, allen.lkml, Shuah Khan
On 2/20/24 13:49, Greg Kroah-Hartman wrote:
> This is the start of the stable review cycle for the 6.1.79 release.
> There are 197 patches in this series, all will be posted as a response
> to this one. If anyone has any issues with these being applied, please
> let me know.
>
> Responses should be made by Thu, 22 Feb 2024 20:48:08 +0000.
> Anything received after that time might be too late.
>
> The whole patch series can be found in one patch at:
> https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.79-rc1.gz
> or in the git tree and branch at:
> git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y
> and the diffstat can be found below.
>
> thanks,
>
> greg k-h
>
Compiled and booted on my test system. No dmesg regressions.
Tested-by: Shuah Khan <skhan@linuxfoundation.org>
thanks,
-- Shuah
^ permalink raw reply [flat|nested] 211+ messages in thread
end of thread, other threads:[~2024-02-21 15:39 UTC | newest]
Thread overview: 211+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-20 20:49 [PATCH 6.1 000/197] 6.1.79-rc1 review Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 001/197] work around gcc bugs with asm goto with outputs Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 002/197] update workarounds for gcc "asm goto" issue Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 003/197] btrfs: add and use helper to check if block group is used Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 004/197] btrfs: do not delete unused block group if it may be used soon Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 005/197] btrfs: forbid creating subvol qgroups Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 006/197] btrfs: do not ASSERT() if the newly created subvolume already got read Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 007/197] btrfs: forbid deleting live subvol qgroup Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 008/197] btrfs: send: return EOPNOTSUPP on unknown flags Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 009/197] btrfs: dont reserve space for checksums when writing to nocow files Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 010/197] btrfs: reject encoded write if inode has nodatasum flag set Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 011/197] btrfs: dont drop extent_map for free space inode on write error Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 012/197] driver core: Fix device_link_flag_is_sync_state_only() Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 013/197] of: unittest: Fix compile in the non-dynamic case Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 014/197] KVM: selftests: Clear dirty ring states between two modes in dirty_log_test Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 015/197] KVM: selftests: Fix a semaphore imbalance in the dirty ring logging test Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 016/197] wifi: iwlwifi: Fix some error codes Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 017/197] wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 018/197] of: property: Improve finding the supplier of a remote-endpoint property Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 019/197] net: openvswitch: limit the number of recursions from action sets Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 020/197] lan966x: Fix crash when adding interface under a lag Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 021/197] tls/sw: Use splice_eof() to flush Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 022/197] tls: extract context alloc/initialization out of tls_set_sw_offload Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 023/197] net: tls: factor out tls_*crypt_async_wait() Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 024/197] tls: fix race between async notify and socket close Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 025/197] net: tls: fix use-after-free with partial reads and async decrypt Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 026/197] net: tls: fix returned read length with " Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 027/197] spi: ppc4xx: Drop write-only variable Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 028/197] ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 029/197] net: sysfs: Fix /sys/class/net/<iface> path for statistics Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 030/197] nouveau/svm: fix kvcalloc() argument order Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 031/197] MIPS: Add memory clobber to csum_ipv6_magic() inline assembler Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 032/197] i40e: Do not allow untrusted VF to remove administratively set MAC Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 033/197] i40e: Fix waiting for queues of all VSIs to be disabled Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 034/197] scs: add CONFIG_MMU dependency for vfree_atomic() Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 035/197] tracing/trigger: Fix to return error if failed to alloc snapshot Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 036/197] readahead: avoid multiple marked readahead pages Greg Kroah-Hartman
2024-02-20 21:05 ` Matthew Wilcox
2024-02-21 7:00 ` Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 037/197] mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 038/197] scsi: storvsc: Fix ring buffer size calculation Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 039/197] dm-crypt, dm-verity: disable tasklets Greg Kroah-Hartman
2024-02-20 20:49 ` [PATCH 6.1 040/197] ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 041/197] parisc: Prevent hung tasks when printing inventory on serial console Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 042/197] ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 043/197] ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 044/197] HID: i2c-hid-of: fix NULL-deref on failed power up Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 045/197] HID: wacom: generic: Avoid reporting a serial of 0 to userspace Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 046/197] HID: wacom: Do not register input devices until after hid_hw_start Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 047/197] iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 048/197] usb: ucsi: Add missing ppm_lock Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 049/197] usb: ulpi: Fix debugfs directory leak Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 050/197] usb: ucsi_acpi: Fix command completion handling Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 051/197] USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 052/197] usb: f_mass_storage: forbid async queue when shutdown happen Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 053/197] usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 054/197] interconnect: qcom: sc8180x: Mark CO0 BCM keepalive Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 055/197] media: ir_toy: fix a memleak in irtoy_tx Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 056/197] driver core: fw_devlink: Improve detection of overlapping cycles Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 057/197] powerpc/6xx: set High BAT Enable flag on G2_LE cores Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 058/197] powerpc/kasan: Fix addr error caused by page alignment Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 059/197] cifs: fix underflow in parse_server_interfaces() Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 060/197] i2c: qcom-geni: Correct I2C TRE sequence Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 061/197] irqchip/loongson-eiointc: Use correct struct type in eiointc_domain_alloc() Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 062/197] powerpc/kasan: Limit KASAN thread size increase to 32KB Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 063/197] i2c: pasemi: split driver into two separate modules Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 064/197] i2c: i801: Fix block process call transactions Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 065/197] modpost: trim leading spaces when processing source files list Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 066/197] mptcp: get rid of msk->subflow Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 067/197] mptcp: fix data re-injection from stale subflow Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 068/197] selftests: mptcp: add missing kconfig for NF Filter Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 069/197] selftests: mptcp: add missing kconfig for NF Filter in v6 Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 070/197] selftests: mptcp: add missing kconfig for NF Mangle Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 071/197] selftests: mptcp: increase timeout to 30 min Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 072/197] mptcp: drop the push_pending field Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 073/197] mptcp: check addrs list in userspace_pm_get_local_id Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 074/197] media: Revert "media: rkisp1: Drop IRQF_SHARED" Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 075/197] scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 076/197] Revert "drm/amd: flush any delayed gfxoff on suspend entry" Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 077/197] drm/virtio: Set segment size for virtio_gpu device Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 078/197] lsm: fix the logic in security_inode_getsecctx() Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 079/197] firewire: core: correct documentation of fw_csr_string() kernel API Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 080/197] ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 081/197] kbuild: Fix changing ELF file type for output of gen_btf for big endian Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 082/197] nfc: nci: free rx_data_reassembly skb on NCI device cleanup Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 083/197] net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 084/197] net: stmmac: do not clear TBS enable bit on link up/down Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 085/197] xen-netback: properly sync TX responses Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 086/197] modpost: propagate W=1 build option to modpost Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 087/197] modpost: Dont let "driver"s reference .exit.* Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 088/197] linux/init: remove __memexit* annotations Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 089/197] modpost: Include .text.* in TEXT_SECTIONS Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 090/197] um: Fix adding -no-pie for clang Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 091/197] modpost: Add .ltext and .ltext.* to TEXT_SECTIONS Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 092/197] ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 093/197] ASoC: codecs: wcd938x: handle deferred probe Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 094/197] ALSA: hda/cs8409: Suppress vmaster control for Dolphin models Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 095/197] ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 096/197] binder: signal epoll threads of self-work Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 097/197] misc: fastrpc: Mark all sessions as invalid in cb_remove Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 098/197] ext4: fix double-free of blocks due to wrong extents moved_len Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 099/197] ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() Greg Kroah-Hartman
2024-02-20 20:50 ` [PATCH 6.1 100/197] tracing: Fix wasted memory in saved_cmdlines logic Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 101/197] staging: iio: ad5933: fix type mismatch regression Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 102/197] iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 103/197] iio: core: fix memleak in iio_device_register_sysfs Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 104/197] iio: commom: st_sensors: ensure proper DMA alignment Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 105/197] iio: accel: bma400: Fix a compilation problem Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 106/197] iio: adc: ad_sigma_delta: ensure proper DMA alignment Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 107/197] iio: imu: adis: " Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 108/197] iio: imu: bno055: serdev requires REGMAP Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 109/197] media: rc: bpf attach/detach requires write permission Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 110/197] ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 111/197] xfrm: Remove inner/outer modes from output path Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 112/197] xfrm: Remove inner/outer modes from input path Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 113/197] drm/msm: Wire up tlb ops Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 114/197] drm/prime: Support page array >= 4GB Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 115/197] drm/amd/display: Increase frame-larger-than for all display_mode_vba files Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 116/197] drm/amd/display: Preserve original aspect ratio in create stream Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 117/197] hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 118/197] ring-buffer: Clean ring_buffer_poll_wait() error return Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 119/197] nfp: flower: fix hardware offload for the transfer layer port Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 120/197] serial: max310x: set default value when reading clock ready bit Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 121/197] serial: max310x: improve crystal stable clock detection Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 122/197] serial: max310x: fail probe if clock crystal is unstable Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 123/197] serial: max310x: prevent infinite while() loop in port startup Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 124/197] powerpc/64: Set task pt_regs->link to the LR value on scv entry Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 125/197] powerpc/cputable: Add missing PPC_FEATURE_BOOKE on PPC64 Book-E Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 126/197] powerpc/pseries: fix accuracy of stolen time Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 127/197] x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 128/197] x86/fpu: Stop relying on userspace for info to fault in xsave buffer Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 129/197] KVM: x86/pmu: Fix type length error when reading pmu->fixed_ctr_ctrl Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 130/197] x86/mm/ident_map: Use gbpages only where full GB page should be mapped Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 131/197] io_uring/net: fix multishot accept overflow handling Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 132/197] mmc: slot-gpio: Allow non-sleeping GPIO ro Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 133/197] ALSA: hda/realtek: fix mute/micmute LED For HP mt645 Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 134/197] ALSA: hda/conexant: Add quirk for SWS JS201D Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 135/197] nilfs2: fix data corruption in dsync block recovery for small block sizes Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 136/197] nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 137/197] crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 138/197] nfp: use correct macro for LengthSelect in BAR config Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 139/197] nfp: flower: prevent re-adding mac index for bonded port Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 140/197] wifi: cfg80211: fix wiphy delayed work queueing Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 141/197] wifi: mac80211: reload info pointer in ieee80211_tx_dequeue() Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 142/197] irqchip/irq-brcmstb-l2: Add write memory barrier before exit Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 143/197] irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 144/197] zonefs: Improve error handling Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 145/197] mmc: sdhci-pci-o2micro: Fix a warm reboot issue that disk cant be detected by BIOS Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 146/197] ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 147/197] tools/rtla: Remove unused sched_getattr() function Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 148/197] tools/rtla: Replace setting prio with nice for SCHED_OTHER Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 149/197] tools/rtla: Exit with EXIT_SUCCESS when help is invoked Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 150/197] tools/rtla: Fix uninitialized bucket/data->bucket_size warning Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 151/197] tools/rtla: Fix Makefile compiler options for clang Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 152/197] fs: relax mount_setattr() permission checks Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 153/197] net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 154/197] s390/qeth: Fix potential loss of L3-IP@ in case of network issues Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 155/197] net: ethernet: ti: cpsw_new: enable mac_managed_pm to fix mdio Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 156/197] hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 157/197] ceph: prevent use-after-free in encode_cap_msg() Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 158/197] fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 159/197] mm: hugetlb pages should not be reserved by shmat() if SHM_NORESERVE Greg Kroah-Hartman
2024-02-20 20:51 ` [PATCH 6.1 160/197] of: property: fix typo in io-channels Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 161/197] can: netlink: Fix TDCO calculation using the old data bittiming Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 162/197] can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 163/197] can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 164/197] pmdomain: core: Move the unused cleanup to a _sync initcall Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 165/197] fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 166/197] tracing: Inform kmemleak of saved_cmdlines allocation Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 167/197] xfrm: Use xfrm_state selector for BEET input Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 168/197] xfrm: Silence warnings triggerable by bad packets Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 169/197] tls: fix NULL deref on tls_sw_splice_eof() with empty record Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 170/197] selftests/mm: ksm_tests should only MADV_HUGEPAGE valid memory Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 171/197] selftests/mm: Update va_high_addr_switch.sh to check CPU for la57 flag Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 172/197] md: bypass block throttle for superblock update Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 173/197] ARM: dts: imx6q-apalis: add can power-up delay on ixora board Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 174/197] wifi: mwifiex: Support SD8978 chipset Greg Kroah-Hartman
2024-02-21 8:03 ` Francesco Dolcini
2024-02-21 8:12 ` Greg Kroah-Hartman
2024-02-21 8:39 ` Francesco Dolcini
2024-02-21 10:33 ` Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 175/197] wifi: mwifiex: add extra delay for firmware ready Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 176/197] bus: moxtet: Add spi device table Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 177/197] arm64: dts: qcom: msm8916: Enable blsp_dma by default Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 178/197] arm64: dts: qcom: msm8916: Make blsp_dma controlled-remotely Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 179/197] arm64: dts: qcom: sdm845: fix USB SS wakeup Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 180/197] arm64: dts: qcom: sm8150: " Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 181/197] wifi: mwifiex: fix uninitialized firmware_stat Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 182/197] crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 183/197] block: fix partial zone append completion handling in req_bio_endio() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 184/197] netfilter: ipset: fix performance regression in swap operation Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 185/197] netfilter: ipset: Missing gc cancellations fixed Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 186/197] parisc: Fix random data corruption from exception handler Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 187/197] nfsd: fix RELEASE_LOCKOWNER Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 188/197] nfsd: dont take fi_lock in nfsd_break_deleg_cb() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 189/197] hrtimer: Ignore slack time for RT tasks in schedule_hrtimeout_range() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 190/197] RDMA/irdma: Ensure iWarp QP queue memory is OS paged aligned Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 191/197] smb: client: fix potential OOBs in smb2_parse_contexts() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 192/197] smb: client: fix parsing of SMB3.1.1 POSIX create context Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 193/197] net: prevent mss overflow in skb_segment() Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 194/197] bpf: Add struct for bin_args arg in bpf_bprintf_prepare Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 195/197] bpf: Do cleanup in bpf_bprintf_cleanup only when needed Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 196/197] bpf: Remove trace_printk_lock Greg Kroah-Hartman
2024-02-20 20:52 ` [PATCH 6.1 197/197] userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb Greg Kroah-Hartman
2024-02-21 0:18 ` [PATCH 6.1 000/197] 6.1.79-rc1 review SeongJae Park
2024-02-21 1:04 ` Daniel Díaz
2024-02-21 1:40 ` Daniel Díaz
2024-02-21 8:16 ` Matthias Schiffer
2024-02-21 12:37 ` Greg Kroah-Hartman
2024-02-21 12:02 ` Jon Hunter
2024-02-21 15:39 ` Shuah Khan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).